Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirect virus


  • This topic is locked This topic is locked
14 replies to this topic

#1 mechatech

mechatech

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:29 PM

Posted 26 December 2010 - 06:35 PM

I think I may have the google redirect virus. I have tired a couple of things but no success. Rather than poke at it anymore I'll start fresh here.

The setup.
Window Vista 64 bit. I use Firefox exclusively but I have IE 8 installed as well. All the latest patches and updates are in. I use AVG 2011 Free, Spybot Search & Destroy with Teatimer, Malwarebytes, Secunia PSI. I use this machine primarily for personal gaming and game modding, email and surfing. Banking is done on a different uninfected machine that is rarely used (most of the time off or on standby) They do share the same router.

The problem.
Browser works fine except for Google searches. After getting a list of search results I select a link and occasionally get redirected to oddball search engine sites and product sites. At the same time I find that I can not use the back button to take me back to the search results page, its just gone. A previous page to that, if there was one, will remain untouched.

Temporary fixes.
Running Malwarebytes quick scan show nothing. Running Spybot gives win32.autorun.temp which I then remove. I am not redirected any more but I do occasionally lose my search results page as described above. Then the problem returns. I reset my router and ran Spybot again and find that win32.autorun.temp has returned. I remove it again.

Current situation.
The redirect has returned and Spybot shows nothing.
TDSSKiller 2.4.12.0 gives a suspicious and locked object - C:\Windows\system32\Drivers\sptd.sys. It finds no infection.


I usually reformat and reinstall my OS about once a year, and I'm actually overdue. I have one hard drive divided into four partitions. C for the OS and programs, the other three for games and data. If I reformat C only and reinstall my OS will this kill any malware and rootkits? Or do I have to wipe the entire drive?

Which brings me to here. A reformat is like using a sledgehammer to swat a fly. It's something I would like to avoid if everything else works.


I have backed up what I could and transferred remaining data to the other three partitions.


Here are the needed logs from DDS.


DDS (Ver_10-12-12.02) - NTFS_AMD64
Run by Owner at 19:50:33.11 on Sun 12/26/2010
Internet Explorer: 8.0.6001.18999 BrowserJavaVersion: 1.6.0_22
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.6133.3994 [GMT -3.5:30]

AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: IObit Security 360 *Disabled/Outdated* {FAE2835A-B90A-9E7A-85DA-82DBDA7C1E3A}

============== Running Processes ===============

C:\PROGRA~2\AVG\AVG10\avgchsva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\ASUS\Six Engine\SixEngine.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.00\AsSysCtrlService.exe
C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
C:\Windows\SysWOW64\IoctlSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Secunia\PSI\PSIA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
C:\Program Files (x86)\AVG\AVG10\avgemca.exe
C:\Windows\RAVCpl64.exe
C:\Windows\SysWOW64\UMonit.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe
C:\Windows\System32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\ASUS\TurboV\TurboV.exe
C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
C:\Program Files (x86)\AVG\AVG10\avgtray.exe
C:\Windows\SysWOW64\CtHelper.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files (x86)\Secunia\PSI\sua.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\PROGRA~2\AVG\AVG10\avgrsa.exe
C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
C:\Windows\explorer.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Owner\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.ca/
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
uRun: [SmartRAM] "C:\Program Files (x86)\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe" /m
uRun: [DevmapEnum] rundll32.exe "C:\Users\Owner\AppData\Local\usbapisvc\DevmapEnum.dll",nsobjPlay wincfgplugin
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [TurboV] "C:\Program Files\ASUS\TurboV\TurboV.exe"
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
mRun: [CTHelper] CTHELPER.EXE
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\APCUPS~1.LNK - C:\Program Files (x86)\APC\APC PowerChute Personal Edition\Display.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
LSP: C:\Program Files (x86)\IObit\Advanced SystemCare 3\SPICtrl.dll
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?40116.7944560185
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15112/CTPID.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun-x64: [RtHDVCpl] RAVCpl64.exe
mRun-x64: [Skytel] Skytel.exe
mRun-x64: [UMonit] C:\Windows\SysWOW64\UMonit.exe
mRun-x64: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\8g3rwf9q.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox\components\avgssff.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - C:\Program Files (x86)\AVG\AVG10\Firefox
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Web Developer: {c45c406e-ab73-11d8-be73-000a95be3b12} - %profile%\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}

============= SERVICES / DRIVERS ===============

R0 AVGIDSEH;AVGIDSEH;C:\Windows\System32\drivers\AVGIDSEH.sys [2010-9-13 27216]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2010-9-7 30288]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2010-9-7 305232]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2010-9-7 41040]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2010-11-9 382032]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-10-26 203776]
R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.00\AsSysCtrlService.exe [2008-8-15 86016]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2010-11-10 6127184]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2010-10-22 265400]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-12-21 1153368]
R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2010-12-21 987704]
R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2010-12-21 399416]
R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2010-10-27 8012288]
R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2010-10-26 287232]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdLH6.sys [2010-9-24 115216]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\AVGIDSDriver.sys [2010-8-19 133712]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\System32\drivers\AVGIDSFilter.sys [2010-8-19 35920]
R3 COMMONFX.SYS;COMMONFX.SYS;C:\Windows\System32\drivers\COMMONFX.sys [2010-3-18 158808]
R3 CTAUDFX.SYS;CTAUDFX.SYS;C:\Windows\System32\drivers\CTAUDFX.sys [2010-3-18 706648]
R3 CTSBLFX.SYS;CTSBLFX.SYS;C:\Windows\System32\drivers\CTSBLFX.sys [2010-3-18 681048]
R3 PSI;PSI;C:\Windows\System32\drivers\psi_mf.sys [2010-9-1 17976]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2010-9-28 517448]
S3 COMMONFX;COMMONFX;C:\Windows\System32\drivers\COMMONFX.sys [2010-3-18 158808]
S3 CTAUDFX;CTAUDFX;C:\Windows\System32\drivers\CTAUDFX.sys [2010-3-18 706648]
S3 CTERFXFX.SYS;CTERFXFX.SYS;C:\Windows\System32\drivers\CTERFXFX.sys [2010-3-18 141912]
S3 CTERFXFX;CTERFXFX;C:\Windows\System32\drivers\CTERFXFX.sys [2010-3-18 141912]
S3 CTSBLFX;CTSBLFX;C:\Windows\System32\drivers\CTSBLFX.sys [2010-3-18 681048]
S3 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
S3 MEMSWEEP2;MEMSWEEP2;C:\Windows\System32\BBE1.tmp [2010-12-16 6144]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 RivaTuner64;RivaTuner64;C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [2009-8-22 19952]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-9-17 89920]

=============== File Associations ===============

JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*

=============== Created Last 30 ================

2010-12-26 00:15:58 709456 ----a-w- C:\Windows\isRS-000.tmp
2010-12-24 18:35:22 -------- d-----w- C:\Program Files (x86)\ESET
2010-12-22 16:03:33 -------- d-----w- C:\Users\Owner\AppData\Local\Secunia PSI
2010-12-22 16:03:29 -------- d-----w- C:\Program Files (x86)\Secunia
2010-12-16 16:35:55 6144 ------w- C:\Windows\System32\BBE1.tmp
2010-12-16 16:33:43 6144 ------w- C:\Windows\System32\B7DA.tmp
2010-12-16 16:33:30 -------- d-----w- C:\Program Files (x86)\Sophos
2010-12-15 16:35:23 2409784 ----a-w- C:\Program Files\Windows Mail\OESpamFilter.dat
2010-12-15 16:35:23 2409784 ----a-w- C:\Program Files (x86)\Windows Mail\OESpamFilter.dat
2010-12-15 16:35:04 96256 ----a-w- C:\Windows\System32\fontsub.dll
2010-12-15 16:35:04 72704 ----a-w- C:\Windows\SysWow64\fontsub.dll
2010-12-15 16:35:04 48128 ----a-w- C:\Windows\System32\atmlib.dll
2010-12-15 16:35:04 367104 ----a-w- C:\Windows\System32\atmfd.dll
2010-12-15 16:35:04 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2010-12-15 16:35:04 292352 ----a-w- C:\Windows\SysWow64\atmfd.dll
2010-12-14 01:35:03 -------- d-----w- C:\Program Files (x86)\Oblivion Face Exchange Lite
2010-12-10 23:40:04 -------- d-----w- C:\Users\Owner\AppData\Roaming\Mumble
2010-12-10 23:39:48 -------- d-----w- C:\Program Files (x86)\Mumble
2010-12-10 17:21:50 -------- d-----w- C:\Program Files (x86)\KeePassPortable
2010-12-09 17:09:25 -------- d-----w- C:\Users\Owner\AppData\Roaming\LockHunter
2010-12-09 17:08:49 -------- d-----w- C:\Program Files\LockHunter
2010-12-08 04:19:56 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2010-12-08 04:19:56 472808 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2010-12-08 03:11:41 -------- d-----w- C:\Temp
2010-12-08 00:33:07 -------- d-----w- C:\Program Files (x86)\Safer Networking
2010-12-07 22:25:00 12800 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
2010-12-07 21:28:29 16384 ----a-w- C:\Windows\SysWow64\lgfwunis.exe
2010-12-07 21:28:29 115016 ----a-w- C:\Windows\SysWow64\MSINET.OCX
2010-12-07 21:28:29 102912 ----a-w- C:\Windows\SysWow64\Vb6stkit.dll
2010-12-07 21:28:29 102160 ----a-w- C:\Windows\SysWow64\VB6KO.DLL
2010-12-07 21:28:29 -------- d-----w- C:\Program Files (x86)\lg_fwupdate
2010-12-07 18:32:24 -------- d--h--w- C:\$AVG
2010-12-07 05:24:48 9670496 ----a-w- C:\Program Files (x86)\Alcohol120_trial_2.0.1.2033.exe
2010-12-07 03:15:31 -------- d-----w- C:\_OTM
2010-12-06 20:14:20 388096 ----a-r- C:\Users\Owner\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-12-06 20:14:20 -------- d-----w- C:\Program Files (x86)\Trend Micro
2010-12-02 20:51:16 -------- d-----w- C:\Users\Owner\AppData\Local\usbapisvc

==================== Find3M ====================

2010-12-20 21:38:40 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2010-12-08 03:51:05 521448 ----a-w- C:\Windows\System32\deployJava1.dll
2010-11-10 01:50:56 382032 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
2010-11-06 11:18:48 500224 ----a-w- C:\Windows\System32\wmicmiplugin.dll
2010-11-06 11:18:27 655872 ----a-w- C:\Windows\System32\taskschd.dll
2010-11-06 11:18:27 410112 ----a-w- C:\Windows\System32\taskcomp.dll
2010-11-06 11:18:13 855040 ----a-w- C:\Windows\System32\schedsvc.dll
2010-11-04 23:58:17 267776 ----a-w- C:\Windows\System32\taskeng.exe
2010-11-04 18:55:38 352768 ----a-w- C:\Windows\SysWow64\taskschd.dll
2010-11-04 18:55:38 270336 ----a-w- C:\Windows\SysWow64\taskcomp.dll
2010-11-04 16:34:06 171520 ----a-w- C:\Windows\SysWow64\taskeng.exe
2010-11-02 06:27:41 1147904 ----a-w- C:\Windows\System32\wininet.dll
2010-11-02 06:24:01 56832 ----a-w- C:\Windows\System32\licmgr10.dll
2010-11-02 06:23:47 1538560 ----a-w- C:\Windows\System32\inetcpl.cpl
2010-11-02 06:23:35 77312 ----a-w- C:\Windows\System32\iesetup.dll
2010-11-02 06:23:35 132096 ----a-w- C:\Windows\System32\iesysprep.dll
2010-11-02 06:01:54 916480 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-11-02 05:57:41 43520 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-11-02 05:57:27 1469440 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2010-11-02 05:57:11 71680 ----a-w- C:\Windows\SysWow64\iesetup.dll
2010-11-02 05:57:11 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2010-11-02 05:25:33 479232 ----a-w- C:\Windows\System32\html.iec
2010-11-02 05:01:31 385024 ----a-w- C:\Windows\SysWow64\html.iec
2010-11-02 04:45:37 162816 ----a-w- C:\Windows\System32\ieUnatt.exe
2010-11-02 04:44:24 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-11-02 04:26:10 133632 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2010-11-02 04:24:44 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2010-10-28 13:56:57 2048 ----a-w- C:\Windows\System32\tzres.dll
2010-10-28 13:20:12 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2010-10-27 04:00:14 8012288 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2010-10-27 03:25:36 21422592 ----a-w- C:\Windows\System32\atio6axx.dll
2010-10-27 03:08:16 16281600 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2010-10-27 02:55:30 143360 ----a-w- C:\Windows\System32\atiapfxx.exe
2010-10-27 02:55:22 547328 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2010-10-27 02:54:22 645120 ----a-w- C:\Windows\System32\aticfx64.dll
2010-10-27 02:52:18 450560 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2010-10-27 02:52:12 478208 ----a-w- C:\Windows\System32\atieclxx.exe
2010-10-27 02:51:36 203776 ----a-w- C:\Windows\System32\atiesrxx.exe
2010-10-27 02:50:28 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2010-10-27 02:50:14 423424 ----a-w- C:\Windows\System32\atipdl64.dll
2010-10-27 02:50:08 356352 ----a-w- C:\Windows\SysWow64\atipdlxx.dll
2010-10-27 02:49:56 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll
2010-10-27 02:49:52 16384 ----a-w- C:\Windows\System32\atimuixx.dll
2010-10-27 02:49:48 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2010-10-27 02:49:44 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2010-10-27 02:46:56 4020736 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2010-10-27 02:38:02 4744704 ----a-w- C:\Windows\System32\atidxx64.dll
2010-10-27 02:35:28 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2010-10-27 02:35:26 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2010-10-27 02:35:18 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2010-10-27 02:35:16 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2010-10-27 02:35:06 6815744 ----a-w- C:\Windows\System32\aticaldd64.dll
2010-10-27 02:33:50 5441536 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2010-10-27 02:28:20 4094464 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2010-10-27 02:22:02 5218304 ----a-w- C:\Windows\System32\atiumd64.dll
2010-10-27 02:14:58 58880 ----a-w- C:\Windows\System32\coinst.dll
2010-10-27 02:14:56 349184 ----a-w- C:\Windows\System32\atiadlxx.dll
2010-10-27 02:14:50 249856 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2010-10-27 02:14:42 14848 ----a-w- C:\Windows\System32\atig6pxx.dll
2010-10-27 02:14:40 12800 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2010-10-27 02:14:40 12800 ----a-w- C:\Windows\System32\atiglpxx.dll
2010-10-27 02:14:36 31744 ----a-w- C:\Windows\System32\atig6txx.dll
2010-10-27 02:14:30 27136 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2010-10-27 02:14:22 287232 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2010-10-27 02:13:42 39936 ----a-w- C:\Windows\System32\atiuxp64.dll
2010-10-27 02:13:34 30720 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2010-10-27 02:13:28 37888 ----a-w- C:\Windows\System32\atiu9p64.dll
2010-10-27 02:13:22 28672 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2010-10-27 02:13:04 26112 ----a-w- C:\Windows\System32\atitmp64.dll
2010-10-27 02:12:54 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2010-10-27 01:57:02 3221504 ----a-w- C:\Windows\System32\atiumd6a.dll
2010-10-27 01:50:08 3460096 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2010-10-27 01:37:16 53760 ----a-w- C:\Windows\System32\atimpc64.dll
2010-10-27 01:37:16 53760 ----a-w- C:\Windows\System32\amdpcom64.dll
2010-10-27 01:37:12 52736 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2010-10-27 01:37:12 52736 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2010-10-18 15:35:48 87552 ----a-w- C:\Windows\System32\consent.exe
2010-10-18 15:25:36 2753536 ----a-w- C:\Windows\System32\win32k.sys
2010-10-05 13:43:52 466520 ----a-w- C:\Windows\System32\wrap_oal.dll
2010-10-05 13:43:52 445016 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2010-10-05 13:43:52 123480 ----a-w- C:\Windows\System32\OpenAL32.dll
2010-10-05 13:43:52 109144 ----a-w- C:\Windows\SysWow64\OpenAL32.dll

============= FINISH: 19:51:02.52 ===============

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


UPDATE: I have attached the DDS and GMER results for my second machine. It uses XP HOME SP3, fully updated, and AVG 2011 Free, Spybot S&D and Malwarebytes. Spybot and Malwarebytes show no problems. Google works fine so far and surfing in general is faster. attach 2 and ark 2 are for this machine.


DDS (Ver_10-12-12.02) - NTFSx86
Run by Owner at 15:49:54.10 on Mon 12/27/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.313 [GMT -3.5:30]

AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\PeerBlock\peerblock.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
svchost.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.ca/
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll
TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
uRun: [PeerBlock] c:\program files\peerblock\peerblock.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10k_Plugin.exe -update plugin
mRun: [SoundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe
mRun: [SoundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /tray
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1285701187375
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1285703446343
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\t36kje0a.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - prefs.js: keyword.URL - hxxp://ca.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_ca&p=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\avg\avg10\Firefox

============= SERVICES / DRIVERS ===============

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 251728]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 299984]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2010-11-23 6128208]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 26192]
R3 pbfilter;pbfilter;c:\program files\peerblock\pbfilter.sys [2010-10-21 19056]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2010-9-28 517448]

=============== Created Last 30 ================

2010-12-27 18:46:26 709456 ----a-w- c:\windows\isRS-000.tmp
2010-12-21 15:05:49 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2010-12-21 15:05:36 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2010-12-08 16:04:16 -------- d-----w- c:\windows\pss
2010-12-08 15:55:15 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-12-08 15:55:15 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-12-08 15:52:58 -------- d-----w- c:\docume~1\owner\applic~1\Malwarebytes
2010-12-08 15:52:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-08 15:52:53 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-12-08 15:52:50 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-08 15:52:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

==================== Find3M ====================

2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-06 00:26:58 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26:58 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26:58 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25:54 385024 ----a-w- c:\windows\system32\html.iec
2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys
2010-09-29 22:23:33 0 ----a-w- c:\windows\ativpsrm.bin
2010-09-28 19:28:34 65536 ----a-w- c:\windows\system32\a3d.dll

============= FINISH: 15:50:53.93 ===============

Attached Files


Edited by mechatech, 27 December 2010 - 02:43 PM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:59 PM

Posted 01 January 2011 - 11:11 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.


We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.


In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply


information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 mechatech

mechatech
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:29 PM

Posted 02 January 2011 - 04:57 PM

Happy Holidays to you and yours. :santa:

I have one question before I start. If I reformat and reinstall Windows on partition C: , leaving the other three alone. Will that kill a virus, malware, rootkit etc.?


On to business - :busy:

Attached DDS logs for two machines. PC 1 had Alcohol installed but that was removed before running the first batch of logs. I have used defogger on both anyway. Turned off S&D teatimer on both.

PC 1 Vista os: is redirecting often when using Google and sometimes with Yahoo. Sites are b00kmarks, usearch, infected sites and ads. For a while it would interfere with file downloads, forcing me to re-download. Seems to have stopped for now.
PC 2 XPhome os: appears to be fine. I don't use it much but so far have no redirects.


PC 1

DDS (Ver_10-12-12.02) - NTFS_AMD64
Run by Owner at 18:06:02.69 on Sun 01/02/2011
Internet Explorer: 8.0.6001.18999 BrowserJavaVersion: 1.6.0_22
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.6133.4673 [GMT -3.5:30]

AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: IObit Security 360 *Disabled/Outdated* {FAE2835A-B90A-9E7A-85DA-82DBDA7C1E3A}

============== Running Processes ===============

C:\PROGRA~2\AVG\AVG10\avgchsva.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\ASUS\Six Engine\SixEngine.exe
C:\Windows\system32\taskeng.exe
C:\Windows\RAVCpl64.exe
C:\Windows\SysWOW64\UMonit.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe
C:\Windows\System32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
C:\Program Files\ASUS\TurboV\TurboV.exe
C:\Program Files (x86)\AVG\AVG10\avgtray.exe
C:\Windows\SysWOW64\CtHelper.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\svchost.exe -k apphost
C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.00\AsSysCtrlService.exe
C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe
C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
C:\Windows\SysWOW64\IoctlSvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Secunia\PSI\PSIA.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files (x86)\AVG\AVG10\avgnsa.exe
C:\Program Files (x86)\AVG\AVG10\avgemca.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Secunia\PSI\sua.exe
C:\PROGRA~2\AVG\AVG10\avgrsa.exe
C:\Program Files (x86)\AVG\AVG10\avgcsrva.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Owner\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.ca/
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
uRun: [SmartRAM] "C:\Program Files (x86)\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe" /m
uRun: [DevmapEnum] rundll32.exe "C:\Users\Owner\AppData\Local\usbapisvc\DevmapEnum.dll",nsobjPlay wincfgplugin
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [TurboV] "C:\Program Files\ASUS\TurboV\TurboV.exe"
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe
mRun: [CTHelper] CTHELPER.EXE
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\APCUPS~1.LNK - C:\Program Files (x86)\APC\APC PowerChute Personal Edition\Display.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
LSP: C:\Program Files (x86)\IObit\Advanced SystemCare 3\SPICtrl.dll
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?40116.7944560185
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15112/CTPID.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG10\Toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
mRun-x64: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun-x64: [RtHDVCpl] RAVCpl64.exe
mRun-x64: [Skytel] Skytel.exe
mRun-x64: [UMonit] C:\Windows\SysWOW64\UMonit.exe
mRun-x64: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\8g3rwf9q.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - component: C:\Program Files (x86)\AVG\AVG10\Firefox\components\avgssff.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - C:\Program Files (x86)\AVG\AVG10\Firefox
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Web Developer: {c45c406e-ab73-11d8-be73-000a95be3b12} - %profile%\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}

============= SERVICES / DRIVERS ===============

R0 AVGIDSEH;AVGIDSEH;C:\Windows\System32\drivers\AVGIDSEH.sys [2010-9-13 27216]
R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2010-9-7 30288]
R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2010-12-8 308304]
R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2010-9-7 41040]
R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2010-11-12 382032]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-10-26 203776]
R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.00\AsSysCtrlService.exe [2008-8-15 86016]
R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2010-11-23 6128208]
R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [2010-10-22 265400]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-12-21 1153368]
R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2010-12-21 987704]
R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2010-12-21 399416]
R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2010-10-27 8012288]
R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2010-10-26 287232]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdLH6.sys [2010-9-24 115216]
R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\AVGIDSDriver.sys [2010-8-19 133712]
R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\System32\drivers\AVGIDSFilter.sys [2010-8-19 35920]
R3 COMMONFX.SYS;COMMONFX.SYS;C:\Windows\System32\drivers\COMMONFX.sys [2010-3-18 158808]
R3 CTAUDFX.SYS;CTAUDFX.SYS;C:\Windows\System32\drivers\CTAUDFX.sys [2010-3-18 706648]
R3 CTSBLFX.SYS;CTSBLFX.SYS;C:\Windows\System32\drivers\CTSBLFX.sys [2010-3-18 681048]
R3 PSI;PSI;C:\Windows\System32\drivers\psi_mf.sys [2010-9-1 17976]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [2010-9-28 517448]
S3 COMMONFX;COMMONFX;C:\Windows\System32\drivers\COMMONFX.sys [2010-3-18 158808]
S3 CTAUDFX;CTAUDFX;C:\Windows\System32\drivers\CTAUDFX.sys [2010-3-18 706648]
S3 CTERFXFX.SYS;CTERFXFX.SYS;C:\Windows\System32\drivers\CTERFXFX.sys [2010-3-18 141912]
S3 CTERFXFX;CTERFXFX;C:\Windows\System32\drivers\CTERFXFX.sys [2010-3-18 141912]
S3 CTSBLFX;CTSBLFX;C:\Windows\System32\drivers\CTSBLFX.sys [2010-3-18 681048]
S3 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 27648]
S3 MEMSWEEP2;MEMSWEEP2;C:\Windows\System32\BBE1.tmp [2010-12-16 6144]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 RivaTuner64;RivaTuner64;C:\Program Files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [2009-8-22 19952]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-9-17 89920]

=============== File Associations ===============

JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*

=============== Created Last 30 ================

2011-01-02 19:31:32 -------- d-----w- C:\Program Files (x86)\RADVideo
2010-12-24 18:35:22 -------- d-----w- C:\Program Files (x86)\ESET
2010-12-22 16:03:33 -------- d-----w- C:\Users\Owner\AppData\Local\Secunia PSI
2010-12-22 16:03:29 -------- d-----w- C:\Program Files (x86)\Secunia
2010-12-16 16:35:55 6144 ------w- C:\Windows\System32\BBE1.tmp
2010-12-16 16:33:43 6144 ------w- C:\Windows\System32\B7DA.tmp
2010-12-16 16:33:30 -------- d-----w- C:\Program Files (x86)\Sophos
2010-12-15 16:35:23 2409784 ----a-w- C:\Program Files\Windows Mail\OESpamFilter.dat
2010-12-15 16:35:23 2409784 ----a-w- C:\Program Files (x86)\Windows Mail\OESpamFilter.dat
2010-12-15 16:35:04 96256 ----a-w- C:\Windows\System32\fontsub.dll
2010-12-15 16:35:04 72704 ----a-w- C:\Windows\SysWow64\fontsub.dll
2010-12-15 16:35:04 48128 ----a-w- C:\Windows\System32\atmlib.dll
2010-12-15 16:35:04 367104 ----a-w- C:\Windows\System32\atmfd.dll
2010-12-15 16:35:04 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2010-12-15 16:35:04 292352 ----a-w- C:\Windows\SysWow64\atmfd.dll
2010-12-14 01:35:03 -------- d-----w- C:\Program Files (x86)\Oblivion Face Exchange Lite
2010-12-10 23:40:04 -------- d-----w- C:\Users\Owner\AppData\Roaming\Mumble
2010-12-10 23:39:48 -------- d-----w- C:\Program Files (x86)\Mumble
2010-12-10 17:21:50 -------- d-----w- C:\Program Files (x86)\KeePassPortable
2010-12-09 17:09:25 -------- d-----w- C:\Users\Owner\AppData\Roaming\LockHunter
2010-12-09 17:08:49 -------- d-----w- C:\Program Files\LockHunter
2010-12-08 07:42:36 308304 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
2010-12-08 04:19:56 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2010-12-08 04:19:56 472808 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2010-12-08 03:11:41 -------- d-----w- C:\Temp
2010-12-08 00:33:07 -------- d-----w- C:\Program Files (x86)\Safer Networking
2010-12-07 22:25:00 12800 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
2010-12-07 21:28:29 16384 ----a-w- C:\Windows\SysWow64\lgfwunis.exe
2010-12-07 21:28:29 115016 ----a-w- C:\Windows\SysWow64\MSINET.OCX
2010-12-07 21:28:29 102912 ----a-w- C:\Windows\SysWow64\Vb6stkit.dll
2010-12-07 21:28:29 102160 ----a-w- C:\Windows\SysWow64\VB6KO.DLL
2010-12-07 21:28:29 -------- d-----w- C:\Program Files (x86)\lg_fwupdate
2010-12-07 18:32:24 -------- d--h--w- C:\$AVG
2010-12-07 05:24:48 9670496 ----a-w- C:\Program Files (x86)\Alcohol120_trial_2.0.1.2033.exe
2010-12-07 03:15:31 -------- d-----w- C:\_OTM
2010-12-06 20:14:20 388096 ----a-r- C:\Users\Owner\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-12-06 20:14:20 -------- d-----w- C:\Program Files (x86)\Trend Micro

==================== Find3M ====================

2010-12-20 21:38:40 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2010-12-08 03:51:05 521448 ----a-w- C:\Windows\System32\deployJava1.dll
2010-12-07 05:25:33 503352 ----a-w- C:\Windows\System32\drivers\sptd.sys
2010-11-12 16:49:38 382032 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
2010-11-06 11:18:48 500224 ----a-w- C:\Windows\System32\wmicmiplugin.dll
2010-11-06 11:18:27 655872 ----a-w- C:\Windows\System32\taskschd.dll
2010-11-06 11:18:27 410112 ----a-w- C:\Windows\System32\taskcomp.dll
2010-11-06 11:18:13 855040 ----a-w- C:\Windows\System32\schedsvc.dll
2010-11-04 23:58:17 267776 ----a-w- C:\Windows\System32\taskeng.exe
2010-11-04 18:55:38 352768 ----a-w- C:\Windows\SysWow64\taskschd.dll
2010-11-04 18:55:38 270336 ----a-w- C:\Windows\SysWow64\taskcomp.dll
2010-11-04 16:34:06 171520 ----a-w- C:\Windows\SysWow64\taskeng.exe
2010-11-02 06:27:41 1147904 ----a-w- C:\Windows\System32\wininet.dll
2010-11-02 06:24:01 56832 ----a-w- C:\Windows\System32\licmgr10.dll
2010-11-02 06:23:47 1538560 ----a-w- C:\Windows\System32\inetcpl.cpl
2010-11-02 06:23:35 77312 ----a-w- C:\Windows\System32\iesetup.dll
2010-11-02 06:23:35 132096 ----a-w- C:\Windows\System32\iesysprep.dll
2010-11-02 06:01:54 916480 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-11-02 05:57:41 43520 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-11-02 05:57:27 1469440 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2010-11-02 05:57:11 71680 ----a-w- C:\Windows\SysWow64\iesetup.dll
2010-11-02 05:57:11 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2010-11-02 05:25:33 479232 ----a-w- C:\Windows\System32\html.iec
2010-11-02 05:01:31 385024 ----a-w- C:\Windows\SysWow64\html.iec
2010-11-02 04:45:37 162816 ----a-w- C:\Windows\System32\ieUnatt.exe
2010-11-02 04:44:24 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-11-02 04:26:10 133632 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2010-11-02 04:24:44 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2010-10-28 13:56:57 2048 ----a-w- C:\Windows\System32\tzres.dll
2010-10-28 13:20:12 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2010-10-27 04:00:14 8012288 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2010-10-27 03:25:36 21422592 ----a-w- C:\Windows\System32\atio6axx.dll
2010-10-27 03:08:16 16281600 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2010-10-27 02:55:30 143360 ----a-w- C:\Windows\System32\atiapfxx.exe
2010-10-27 02:55:22 547328 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2010-10-27 02:54:22 645120 ----a-w- C:\Windows\System32\aticfx64.dll
2010-10-27 02:52:18 450560 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2010-10-27 02:52:12 478208 ----a-w- C:\Windows\System32\atieclxx.exe
2010-10-27 02:51:36 203776 ----a-w- C:\Windows\System32\atiesrxx.exe
2010-10-27 02:50:28 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2010-10-27 02:50:14 423424 ----a-w- C:\Windows\System32\atipdl64.dll
2010-10-27 02:50:08 356352 ----a-w- C:\Windows\SysWow64\atipdlxx.dll
2010-10-27 02:49:56 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll
2010-10-27 02:49:52 16384 ----a-w- C:\Windows\System32\atimuixx.dll
2010-10-27 02:49:48 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2010-10-27 02:49:44 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2010-10-27 02:46:56 4020736 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2010-10-27 02:38:02 4744704 ----a-w- C:\Windows\System32\atidxx64.dll
2010-10-27 02:35:28 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2010-10-27 02:35:26 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2010-10-27 02:35:18 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2010-10-27 02:35:16 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2010-10-27 02:35:06 6815744 ----a-w- C:\Windows\System32\aticaldd64.dll
2010-10-27 02:33:50 5441536 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2010-10-27 02:28:20 4094464 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2010-10-27 02:22:02 5218304 ----a-w- C:\Windows\System32\atiumd64.dll
2010-10-27 02:14:58 58880 ----a-w- C:\Windows\System32\coinst.dll
2010-10-27 02:14:56 349184 ----a-w- C:\Windows\System32\atiadlxx.dll
2010-10-27 02:14:50 249856 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2010-10-27 02:14:42 14848 ----a-w- C:\Windows\System32\atig6pxx.dll
2010-10-27 02:14:40 12800 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2010-10-27 02:14:40 12800 ----a-w- C:\Windows\System32\atiglpxx.dll
2010-10-27 02:14:36 31744 ----a-w- C:\Windows\System32\atig6txx.dll
2010-10-27 02:14:30 27136 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2010-10-27 02:14:22 287232 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2010-10-27 02:13:42 39936 ----a-w- C:\Windows\System32\atiuxp64.dll
2010-10-27 02:13:34 30720 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2010-10-27 02:13:28 37888 ----a-w- C:\Windows\System32\atiu9p64.dll
2010-10-27 02:13:22 28672 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2010-10-27 02:13:04 26112 ----a-w- C:\Windows\System32\atitmp64.dll
2010-10-27 02:12:54 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2010-10-27 01:57:02 3221504 ----a-w- C:\Windows\System32\atiumd6a.dll
2010-10-27 01:50:08 3460096 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2010-10-27 01:37:16 53760 ----a-w- C:\Windows\System32\atimpc64.dll
2010-10-27 01:37:16 53760 ----a-w- C:\Windows\System32\amdpcom64.dll
2010-10-27 01:37:12 52736 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2010-10-27 01:37:12 52736 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2010-10-18 15:35:48 87552 ----a-w- C:\Windows\System32\consent.exe
2010-10-18 15:25:36 2753536 ----a-w- C:\Windows\System32\win32k.sys
2010-10-05 13:43:52 466520 ----a-w- C:\Windows\System32\wrap_oal.dll
2010-10-05 13:43:52 445016 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2010-10-05 13:43:52 123480 ----a-w- C:\Windows\System32\OpenAL32.dll
2010-10-05 13:43:52 109144 ----a-w- C:\Windows\SysWow64\OpenAL32.dll

============= FINISH: 18:06:32.20 ===============




UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 7/9/2009 10:18:41 PM
System Uptime: 1/2/2011 5:19:38 PM (1 hours ago)

Motherboard: ASUSTeK Computer INC. | | P6T
Processor: Intel® Core™ i7 CPU 920 @ 2.67GHz | LGA1366 | 2667/133mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 233 GiB total, 174.121 GiB free.
D: is FIXED (NTFS) - 233 GiB total, 46.793 GiB free.
E: is FIXED (NTFS) - 233 GiB total, 1.127 GiB free.
F: is FIXED (NTFS) - 233 GiB total, 13.722 GiB free.
G: is CDROM ()
H: is Removable
I: is Removable
J: is Removable
K: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4d36e96c-e325-11ce-bfc1-08002be10318}
Description: Realtek High Definition Audio
Device ID: HDAUDIO\FUNC_01&VEN_10EC&DEV_0888&SUBSYS_10438357&REV_1001\4&5E4D696&0&0001
Manufacturer: Realtek
Name: Realtek High Definition Audio
PNP Device ID: HDAUDIO\FUNC_01&VEN_10EC&DEV_0888&SUBSYS_10438357&REV_1001\4&5E4D696&0&0001
Service: IntcAzAudAddService

Class GUID:
Description: PCI Input Device
Device ID: PCI\VEN_1102&DEV_7003&SUBSYS_00401102&REV_04\4&1B359D48&0&09F0
Manufacturer:
Name: PCI Input Device
PNP Device ID: PCI\VEN_1102&DEV_7003&SUBSYS_00401102&REV_04\4&1B359D48&0&09F0
Service:

==== System Restore Points ===================

RP599: 12/28/2010 11:17:18 PM - Scheduled Checkpoint
RP600: 12/29/2010 4:56:20 PM - Scheduled Checkpoint
RP601: 12/31/2010 3:26:25 PM - Scheduled Checkpoint
RP602: 1/1/2011 3:01:24 PM - Scheduled Checkpoint
RP603: 1/2/2011 3:23:17 PM - Scheduled Checkpoint

==== Installed Programs ======================

Adobe Flash Player 10 Plugin
Adobe Reader 9.4.1
Advanced SystemCare 3
APC PowerChute Personal Edition
Blender (remove only)
Blender NIF Scripts (remove only)
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
ccc-core-static
CCC Help English
Cool & Quiet
EPU-6 Engine
ESET Online Scanner v3
everything
ExplorerView 1.0.3
Express Gate
FaceGen Exchange v0.3b
FaceGen Exchange v0.5b
Fallout 3
Fallout 3 - The Garden of Eden Creation Kit
Fallout 3 - Unofficial Fallout 3 Patch
Fallout Mod Manager 0.12.3
Fallout Mod Manager 0.13.20
Fallout New Vegas
FOOK2 Public Beta
FOOK2 Public Beta Patch
Game Booster
Genesys USB Mass Storage Device
Grand Theft Auto Vice City
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
IObit Security 360
Ivellon 1.5 English
Java Auto Updater
Java™ 6 Update 22
LG ODD Auto Firmware Update
Malwarebytes' Anti-Malware
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
mIRC
Mozilla Firefox (3.6.13)
Mozilla Thunderbird (3.1.7)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Mumble and Murmur
Nero 7 Essentials
neroxml
NifSkope (remove only)
NVIDIA PhysX
Oblivion
Oblivion - Construction Set
Oblivion - Horse Armor Pack
Oblivion - Mehrunes Razor
Oblivion - Orrery
Oblivion - Spell Tomes
Oblivion - The Fighter's Stronghold
Oblivion - Thieves Den
Oblivion - Vile Lair
Oblivion - Wizard's Tower
Oblivion Face Exchange Lite
Oblivion mod manager 1.1.12
OpenAL
OpenOffice.org 3.2
PowerISO
Python 2.5 comtypes-0.5.2
Python 2.5 PIL-1.1.6
Python 2.5 psyco-1.6
Python 2.5 pywin32-212
Python 2.5.2
Python 2.6.4
RAD Video Tools
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
RegAlyzer
RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition
save2pc Light 4.03
Secunia PSI (2.0.0.1003)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
SFVManager
Smart Defrag
Software Informer 1.0 BETA
Sophos Anti-Rootkit 1.5.4
Spybot - Search & Destroy
SuperNZB v3.2.1
TurboV
Unofficial Oblivion Patch v3.2.0
Unofficial Official Mods Patch v15
Unofficial Shivering Isles Patch v1.4.0
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Vista Codec Package
Visual C++ 8.0 Runtime Setup Package (x64)
Visual Studio 2008 x64 Redistributables
Vuze
Winamp
Winamp Detector Plug-in
WinRAR archiver
Word Reader 5.1
wxPython 2.8.7.1 (ansi) for Python 2.5

==== Event Viewer Messages From Past Week ========

12/28/2010 4:54:25 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.
1/2/2011 5:20:35 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: i8042prt
1/2/2011 5:19:55 PM, Error: volmgr [46] - Crash dump initialization failed!
1/1/2011 5:51:46 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer OWNER-PC2 that believes that it is the master browser for the domain on transport NetBT_Tcpip_{AA256FEE-796D-4A34-8146-DE9E0EB41047}. The master browser is stopping or an election is being forced.

==== End Of File ===========================



++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++



PC 2


DDS (Ver_10-12-12.02) - NTFSx86
Run by Owner at 18:14:16.53 on Sun 01/02/2011
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.544 [GMT -3.5:30]

AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\PeerBlock\peerblock.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
svchost.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Documents and Settings\Owner\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.ca/
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
uURLSearchHooks: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll
TB: Vuze Remote Toolbar: {ba14329e-9550-4989-b3f2-9732e92d17cc} - c:\program files\vuze_remote\tbVuze.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
uRun: [PeerBlock] c:\program files\peerblock\peerblock.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe
mRun: [SoundMAX] "c:\program files\analog devices\soundmax\Smax4.exe" /tray
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1285701187375
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1285703446343
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Notify: AtiExtEvent - Ati2evxx.dll
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\t36kje0a.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - prefs.js: keyword.URL - hxxp://ca.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_ca&p=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\avg\avg10\Firefox

============= SERVICES / DRIVERS ===============

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 251728]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 299984]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2010-11-23 6128208]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 26192]
R3 pbfilter;pbfilter;c:\program files\peerblock\pbfilter.sys [2010-10-21 19056]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2010-9-28 517448]

=============== Created Last 30 ================

2010-12-21 15:05:49 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2010-12-21 15:05:36 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2010-12-08 16:04:16 -------- d-----w- c:\windows\pss
2010-12-08 15:55:15 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-12-08 15:55:15 -------- d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-12-08 15:52:58 -------- d-----w- c:\docume~1\owner\applic~1\Malwarebytes
2010-12-08 15:52:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-08 15:52:53 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-12-08 15:52:50 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-08 15:52:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

==================== Find3M ====================

2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-06 00:26:58 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26:58 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26:58 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25:54 385024 ----a-w- c:\windows\system32\html.iec
2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys

============= FINISH: 18:14:53.84 ===============



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-12-12.02)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 9/28/2010 4:25:37 PM
System Uptime: 1/2/2011 6:00:11 PM (0 hours ago)

Motherboard: ASUSTeK Computer Inc. | | P4P800SE
Processor: Intel® Pentium® 4 CPU 3.00GHz | CPU 1 | 2998/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 16 GiB total, 7.39 GiB free.
D: is FIXED (NTFS) - 67 GiB total, 66.931 GiB free.
E: is FIXED (NTFS) - 66 GiB total, 52.285 GiB free.
F: is FIXED (NTFS) - 75 GiB total, 59.596 GiB free.
G: is FIXED (NTFS) - 74 GiB total, 29.932 GiB free.
H: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {36FC9E60-C465-11CF-8056-444553540000}
Description: Intel® 82801EB USB Universal Host Controller - 24D2
Device ID: PCI\VEN_8086&DEV_24D2&SUBSYS_80A61043&REV_02\3&267A616A&0&E8
Manufacturer: Intel
Name: Intel® 82801EB USB Universal Host Controller - 24D2
PNP Device ID: PCI\VEN_8086&DEV_24D2&SUBSYS_80A61043&REV_02\3&267A616A&0&E8
Service: usbuhci

Class GUID: {36FC9E60-C465-11CF-8056-444553540000}
Description: Intel® 82801EB USB Universal Host Controller - 24D4
Device ID: PCI\VEN_8086&DEV_24D4&SUBSYS_80A61043&REV_02\3&267A616A&0&E9
Manufacturer: Intel
Name: Intel® 82801EB USB Universal Host Controller - 24D4
PNP Device ID: PCI\VEN_8086&DEV_24D4&SUBSYS_80A61043&REV_02\3&267A616A&0&E9
Service: usbuhci

Class GUID: {36FC9E60-C465-11CF-8056-444553540000}
Description: Intel® 82801EB USB Universal Host Controller - 24D7
Device ID: PCI\VEN_8086&DEV_24D7&SUBSYS_80A61043&REV_02\3&267A616A&0&EA
Manufacturer: Intel
Name: Intel® 82801EB USB Universal Host Controller - 24D7
PNP Device ID: PCI\VEN_8086&DEV_24D7&SUBSYS_80A61043&REV_02\3&267A616A&0&EA
Service: usbuhci

Class GUID: {36FC9E60-C465-11CF-8056-444553540000}
Description: Intel® 82801EB USB Universal Host Controller - 24DE
Device ID: PCI\VEN_8086&DEV_24DE&SUBSYS_80A61043&REV_02\3&267A616A&0&EB
Manufacturer: Intel
Name: Intel® 82801EB USB Universal Host Controller - 24DE
PNP Device ID: PCI\VEN_8086&DEV_24DE&SUBSYS_80A61043&REV_02\3&267A616A&0&EB
Service:

==== System Restore Points ===================

RP16: 10/20/2010 8:28:13 PM - Software Distribution Service 3.0
RP17: 10/21/2010 8:39:50 PM - System Checkpoint
RP18: 10/23/2010 12:52:17 PM - System Checkpoint
RP19: 11/28/2010 11:55:46 PM - Software Distribution Service 3.0
RP20: 11/30/2010 12:04:31 AM - System Checkpoint
RP21: 12/1/2010 11:21:31 AM - System Checkpoint
RP22: 12/2/2010 12:09:32 PM - System Checkpoint
RP23: 12/3/2010 1:09:32 PM - System Checkpoint
RP24: 12/4/2010 2:09:32 PM - System Checkpoint
RP25: 12/5/2010 3:08:32 PM - System Checkpoint
RP26: 12/6/2010 4:08:27 PM - System Checkpoint
RP27: 12/8/2010 12:50:22 PM - System Checkpoint
RP28: 12/13/2010 11:56:58 AM - System Checkpoint
RP29: 12/16/2010 12:13:46 PM - System Checkpoint
RP30: 12/21/2010 11:40:49 AM - Software Distribution Service 3.0
RP31: 12/29/2010 12:03:56 PM - System Checkpoint
RP32: 1/1/2011 6:05:37 PM - System Checkpoint

==== Installed Programs ======================

Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
ATI - Software Uninstall Utility
ATI Display Driver
AVG 2011
Conduit Engine
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB952287)
Malwarebytes' Anti-Malware
Marvell Miniport Driver
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox (3.6.13)
PeerBlock 1.1 (r518)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB2416400)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2183461)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SoundMAX
Spybot - Search & Destroy
Update for Windows Internet Explorer 8 (KB2362765)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Vuze
Vuze Remote Toolbar
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Resource Kit Tools
Windows XP Service Pack 3

==== Event Viewer Messages From Past Week ========

1/2/2011 5:59:13 PM, error: Service Control Manager [7034] - The Ati HotKey Poller service terminated unexpectedly. It has done this 1 time(s).
1/1/2011 5:47:50 PM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.VC80.CRT. Reference error message: The referenced assembly is not installed on your system. .
1/1/2011 5:47:50 PM, error: SideBySide [59] - Generate Activation Context failed for C:\Program Files\Vuze\plugins\azitunes\jacob-1.14.3-x86.dll. Reference error message: The operation completed successfully. .
1/1/2011 5:47:50 PM, error: SideBySide [32] - Dependent Assembly Microsoft.VC80.CRT could not be found and Last Error was The referenced assembly is not installed on your system.

==== End Of File ===========================

Edited by mechatech, 02 January 2011 - 05:07 PM.


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:59 PM

Posted 02 January 2011 - 05:15 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 mechatech

mechatech
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:29 PM

Posted 04 January 2011 - 11:38 AM

Ran Combofix on both machines.

PC 1 Vista 64 bit

I disabled AVG, Combofix would not run as it detected AVG. I tried to uninstall AVG via control panel and a process called avgwd (AVG watchdog) could not be shut down, preventing me from uninstalling. Tried to uninstall as administrator, no good. Turned of UAC, rebooted and finally uninstalled AVG.
I ran Combofix and got a message that PEV.cfxxe stopped working and will be shut down. After canceling the usual Windows search for a solution, Combofix continued to run and produced a log then shut off normally.
I then reinstalled AVG and rebooted. Windows defender ran on restart and found nothing.
Searched a bit, shut down for the evening and searched again today. The redirects appear to be gone.

LOG 1

ComboFix 11-01-02.04 - Owner 01/03/2011 13:17:22.1.8 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.6133.4703 [GMT -3.5:30]
Running from: c:\users\Owner\Desktop\ComboFix.exe
SP: IObit Security 360 *Disabled/Outdated* {FAE2835A-B90A-9E7A-85DA-82DBDA7C1E3A}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Owner\AppData\Local\usbapisvc\DevmapEnum.dll
F:\install.exe

.
((((((((((((((((((((((((( Files Created from 2010-12-03 to 2011-01-03 )))))))))))))))))))))))))))))))
.

2011-01-03 16:51 . 2011-01-03 16:51 -------- d-----w- c:\users\Owner\AppData\Local\temp
2011-01-03 16:51 . 2011-01-03 16:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-03 16:45 . 2011-01-03 16:45 -------- d-----w- C:\32788R22FWJFW
2011-01-02 19:31 . 2011-01-02 19:31 -------- d-----w- c:\program files (x86)\RADVideo
2010-12-24 18:35 . 2010-12-24 18:35 -------- d-----w- c:\program files (x86)\ESET
2010-12-22 16:03 . 2010-12-22 16:03 -------- d-----w- c:\users\Owner\AppData\Local\Secunia PSI
2010-12-22 16:03 . 2010-12-22 16:03 -------- d-----w- c:\program files (x86)\Secunia
2010-12-16 16:33 . 2010-12-16 16:33 -------- d-----w- c:\program files (x86)\Sophos
2010-12-15 16:35 . 2010-11-03 10:53 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2010-12-15 16:35 . 2010-11-03 10:51 2409784 ----a-w- c:\program files (x86)\Windows Mail\OESpamFilter.dat
2010-12-15 16:35 . 2010-10-28 15:44 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2010-12-15 16:35 . 2010-10-28 13:27 292352 ----a-w- c:\windows\SysWow64\atmfd.dll
2010-12-15 16:35 . 2010-06-16 15:30 72704 ----a-w- c:\windows\SysWow64\fontsub.dll
2010-12-14 01:35 . 2010-12-14 01:35 -------- d-----w- c:\program files (x86)\Oblivion Face Exchange Lite
2010-12-11 16:11 . 2010-12-11 16:11 -------- d-----w- c:\programdata\CyberLink
2010-12-11 16:11 . 2010-12-11 16:11 -------- d-----w- c:\users\Owner\AppData\Roaming\CyberLink
2010-12-11 16:11 . 2010-12-11 16:11 -------- d-----w- c:\users\Public\CyberLink
2010-12-10 23:40 . 2010-12-11 01:56 -------- d-----w- c:\users\Owner\AppData\Roaming\Mumble
2010-12-10 23:39 . 2010-12-10 23:39 -------- d-----w- c:\program files (x86)\Mumble
2010-12-10 17:21 . 2010-12-10 17:22 -------- d-----w- c:\program files (x86)\KeePassPortable
2010-12-09 17:09 . 2010-12-09 17:09 -------- d-----w- c:\users\Owner\AppData\Roaming\LockHunter
2010-12-09 17:08 . 2010-12-09 17:08 -------- d-----w- c:\program files\LockHunter
2010-12-08 04:20 . 2010-12-08 04:20 -------- d-----w- c:\program files (x86)\Common Files\Java
2010-12-08 04:19 . 2010-12-08 04:19 472808 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2010-12-08 04:19 . 2010-12-08 04:19 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2010-12-08 03:51 . 2010-12-08 03:51 -------- d-----w- c:\program files\Java
2010-12-08 03:11 . 2010-12-08 03:14 -------- d-----w- C:\Temp
2010-12-08 00:33 . 2010-12-08 00:33 -------- d-----w- c:\program files (x86)\Safer Networking
2010-12-07 22:25 . 2010-12-07 22:25 12800 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\npwachk.dll
2010-12-07 21:32 . 2010-12-07 21:32 -------- d-----w- c:\users\Owner\AppData\Roaming\Ahead
2010-12-07 21:28 . 2010-12-10 16:37 -------- d-----w- c:\program files (x86)\lg_fwupdate
2010-12-07 21:28 . 2010-12-08 03:12 16384 ----a-w- c:\windows\SysWow64\lgfwunis.exe
2010-12-07 21:28 . 1998-07-22 03:30 102912 ----a-w- c:\windows\SysWow64\Vb6stkit.dll
2010-12-07 21:28 . 1998-07-22 03:30 102160 ----a-w- c:\windows\SysWow64\VB6KO.DLL
2010-12-07 21:28 . 1998-06-24 03:30 115016 ----a-w- c:\windows\SysWow64\MSINET.OCX
2010-12-07 21:24 . 2010-12-07 21:24 -------- d-----w- c:\programdata\Ahead
2010-12-07 05:24 . 2010-12-07 05:24 9670496 ----a-w- c:\program files (x86)\Alcohol120_trial_2.0.1.2033.exe
2010-12-07 04:28 . 2010-12-07 04:28 -------- d-----w- c:\program files (x86)\Windows Live Safety Center
2010-12-07 03:15 . 2010-12-07 03:15 -------- d-----w- C:\_OTM
2010-12-06 20:14 . 2010-12-06 20:14 388096 ----a-r- c:\users\Owner\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-12-06 20:14 . 2010-12-06 20:14 -------- d-----w- c:\program files (x86)\Trend Micro

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-20 21:39 . 2010-09-27 16:34 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2010-11-19 16:33 . 2010-11-19 16:33 1841456 ----a-w- c:\users\Owner\AppData\Roaming\Microsoft\Windows\Templates\DefragSetup.exe
2010-11-19 16:33 . 2010-11-19 16:32 10031560 ----a-w- c:\users\Owner\AppData\Roaming\Microsoft\Windows\Templates\IS360Setup.exe
2010-11-19 16:32 . 2010-11-19 16:31 8496536 ----a-w- c:\users\Owner\AppData\Roaming\Microsoft\Windows\Templates\ASCSetup.exe
2010-10-27 03:08 . 2010-10-27 03:08 16281600 ----a-w- c:\windows\SysWow64\atioglxx.dll
2010-10-27 02:55 . 2010-10-27 02:55 547328 ----a-w- c:\windows\SysWow64\aticfx32.dll
2010-10-27 02:50 . 2010-10-27 02:50 356352 ----a-w- c:\windows\SysWow64\atipdlxx.dll
2010-10-27 02:49 . 2010-10-27 02:49 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll
2010-10-27 02:49 . 2010-10-27 02:49 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2010-10-27 02:46 . 2010-10-27 02:46 4020736 ----a-w- c:\windows\SysWow64\atidxx32.dll
2010-10-27 02:35 . 2010-10-27 02:35 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2010-10-27 02:35 . 2010-10-27 02:35 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2010-10-27 02:33 . 2010-10-27 02:33 5441536 ----a-w- c:\windows\SysWow64\aticaldd.dll
2010-10-27 02:28 . 2010-10-27 02:28 4094464 ----a-w- c:\windows\SysWow64\atiumdag.dll
2010-10-27 02:14 . 2010-10-27 02:14 249856 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2010-10-27 02:14 . 2010-10-27 02:14 12800 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2010-10-27 02:14 . 2010-10-27 02:14 27136 ----a-w- c:\windows\SysWow64\atigktxx.dll
2010-10-27 02:13 . 2010-10-27 02:13 30720 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2010-10-27 02:13 . 2010-10-27 02:13 28672 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2010-10-27 01:50 . 2010-10-27 01:50 3460096 ----a-w- c:\windows\SysWow64\atiumdva.dll
2010-10-27 01:37 . 2010-10-27 01:37 52736 ----a-w- c:\windows\SysWow64\atimpc32.dll
2010-10-27 01:37 . 2010-10-27 01:37 52736 ----a-w- c:\windows\SysWow64\amdpcom32.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"TurboV"="c:\program files\ASUS\TurboV\TurboV.exe" [2008-10-22 4040192]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-10-27 98304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http:" [X]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
APC UPS Status.lnk - c:\program files (x86)\APC\APC PowerChute Personal Edition\Display.exe [2009-7-13 267520]
Secunia PSI Tray.lnk - c:\program files (x86)\Secunia\PSI\psi_tray.exe [2010-12-21 291896]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"AsioThk32Reg"=REGSVR32.EXE /S CTASIO.DLL

R2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.00\AsSysCtrlService.exe [2008-08-15 86016]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 COMMONFX;COMMONFX;c:\windows\system32\drivers\COMMONFX.SYS [2010-03-18 158808]
R3 CTAUDFX;CTAUDFX;c:\windows\system32\drivers\CTAUDFX.SYS [2010-03-18 706648]
R3 CTERFXFX.SYS;CTERFXFX.SYS;c:\windows\System32\drivers\CTERFXFX.SYS [2010-03-18 141912]
R3 CTERFXFX;CTERFXFX;c:\windows\system32\drivers\CTERFXFX.SYS [2010-03-18 141912]
R3 CTSBLFX;CTSBLFX;c:\windows\system32\drivers\CTSBLFX.SYS [2010-03-18 681048]
R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\BBE1.tmp [2010-05-26 6144]
R3 RivaTuner64;RivaTuner64;c:\program files (x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [2010-11-19 19952]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-12-07 503352]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-10-27 203776]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2010-12-21 987704]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2010-12-21 399416]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-10-27 8012288]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-10-27 287232]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdLH6.sys [2010-09-24 115216]
S3 COMMONFX.SYS;COMMONFX.SYS;c:\windows\System32\drivers\COMMONFX.SYS [2010-03-18 158808]
S3 CTAUDFX.SYS;CTAUDFX.SYS;c:\windows\System32\drivers\CTAUDFX.SYS [2010-03-18 706648]
S3 CTSBLFX.SYS;CTSBLFX.SYS;c:\windows\System32\drivers\CTSBLFX.SYS [2010-03-18 681048]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 17976]


[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Contents of the 'Scheduled Tasks' folder

2011-01-03 c:\windows\Tasks\SmartDefrag.job
- c:\program files (x86)\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2009-12-14 21:38]

2010-12-08 c:\windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job
- c:\program files (x86)\Spybot - Search & Destroy\SpybotSD.exe [2010-12-21 19:01]
.

--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="%ProgramFiles%\Windows Defender\MSASCui.exe -hide" [X]
"RtHDVCpl"="RAVCpl64.exe" [2008-07-03 6430208]
"Skytel"="Skytel.exe" [2008-06-25 1826816]
"UMonit"="c:\windows\SysWOW64\UMonit.exe" [2007-06-18 200704]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-27 855608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.ca/
mLocal Page = c:\windows\SysWOW64\blank.htm
LSP: c:\program files (x86)\IObit\Advanced SystemCare 3\SPICtrl.dll
FF - ProfilePath - c:\users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\8g3rwf9q.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Web Developer: {c45c406e-ab73-11d8-be73-000a95be3b12} - %profile%\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Wow6432Node-HKCU-Run-DevmapEnum - c:\users\Owner\AppData\Local\usbapisvc\DevmapEnum.dll
Wow6432Node-HKLM-Run-CTxfiHlp - CTXFIHLP.EXE
Wow6432Node-HKLM-Run-CTHelper - CTHELPER.EXE
Wow6432Node-HKLM-Run-SunJavaUpdateSched - c:\program files (x86)\Java\jre6\bin\jusched.exe
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
AddRemove-Unofficial Oblivion Patch_is1 - f:\oblivion tes\Unofficial Oblivion Patch\unins000.exe
AddRemove-Unofficial Official Mods Patch_is1 - f:\oblivion tes\Unofficial Official Mods Patch\unins000.exe
AddRemove-Unofficial Shivering Isles Patch_is1 - f:\oblivion tes\Unofficial Shivering Isles Patch\unins000.exe



[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\BBE1.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2241822682-3893120719-2187648724-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:2d,d0,63,49,2e,94,29,20,2e,90,ff,9f,f3,ab,9a,bf,ae,a5,97,1d,89,70,4b,
88,b3,3e,2a,8d,e2,ab,35,44,c4,ba,30,73,20,58,c7,a6,48,1f,a3,6d,3e,90,34,03,\
"??"=hex:69,6f,5c,46,6a,89,f9,ee,2d,48,e0,10,87,42,1e,12

[HKEY_USERS\S-1-5-21-2241822682-3893120719-2187648724-1000\Software\SecuROM\License information*]
"datasecu"=hex:42,b5,c5,c0,7f,7f,22,31,b1,cb,21,e5,15,42,da,32,8d,bc,56,2e,ac,
36,41,54,c2,56,7d,f2,67,66,32,c8,1f,9e,3c,a1,35,5f,3b,9c,4f,fd,4a,1e,ff,a4,\
"rkeysecu"=hex:19,c4,50,36,50,4c,68,16,7b,b0,d1,60,4e,60,86,31

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
Completion time: 2011-01-03 13:31:29
ComboFix-quarantined-files.txt 2011-01-03 17:01

Pre-Run: 184,874,303,488 bytes free
Post-Run: 184,616,034,304 bytes free

- - End Of File - - B39AF6C5CE15152E966DC8C7AE7E7A85



++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

PC 2 XP Home SP3

I first uninstalled AVG. Ran Combofix and it asked to install recovery console. I said yes, it produced a log then shut off.
I then reinstalled AVG, searched a bit and all looks fine.

LOG 2

ComboFix 11-01-03.01 - Owner 01/03/2011 14:08:42.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.731 [GMT -3.5:30]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2010-12-03 to 2011-01-03 )))))))))))))))))))))))))))))))
.

2010-12-21 15:05 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2010-12-21 15:05 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2010-12-08 15:55 . 2010-12-08 16:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-12-08 15:55 . 2010-12-08 15:58 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-12-08 15:52 . 2010-12-08 15:52 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2010-12-08 15:52 . 2010-12-20 21:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-08 15:52 . 2010-12-08 15:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-12-08 15:52 . 2010-12-27 18:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-08 15:52 . 2010-12-20 21:38 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-18 18:12 . 2010-09-28 18:51 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-06 00:26 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2004-08-04 12:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:13 . 2004-08-04 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25 . 2004-08-04 12:00 1853312 ----a-w- c:\windows\system32\win32k.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\tbVuze.dll" [2010-09-12 3863136]

[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-09-12 17:32 3863136 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ba14329e-9550-4989-b3f2-9732e92d17cc}]
2010-09-12 17:32 3863136 ----a-w- c:\program files\Vuze_Remote\tbVuze.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ba14329e-9550-4989-b3f2-9732e92d17cc}"= "c:\program files\Vuze_Remote\tbVuze.dll" [2010-09-12 3863136]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-09-12 3863136]

[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{BA14329E-9550-4989-B3F2-9732E92D17CC}"= "c:\program files\Vuze_Remote\tbVuze.dll" [2010-09-12 3863136]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-09-12 3863136]

[HKEY_CLASSES_ROOT\clsid\{ba14329e-9550-4989-b3f2-9732e92d17cc}]

[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-04-01 1368064]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"445:UDP"= 445:UDP:network

.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.ca/
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\t36kje0a.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
FF - prefs.js: keyword.URL - hxxp://ca.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_ca&p=
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-03 14:11
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(644)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3108)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
Completion time: 2011-01-03 14:12:41
ComboFix-quarantined-files.txt 2011-01-03 17:42

Pre-Run: 8,137,682,944 bytes free
Post-Run: 8,133,804,032 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 94CFBE5E7B917CE13F873DAE63F1CFD9


Should I reset my modem?

Edited by mechatech, 04 January 2011 - 11:39 AM.


#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:59 PM

Posted 04 January 2011 - 12:55 PM

Hello

Should I reset my modem?
lets check it first but most likely that is what we will do


we are going to check the router

Create and Run Batch File
Open Notepad and copy/paste the entire contents of the codebox below, into Notepad:
@echo off
>Log1.txt (
ipconfig /all
nslookup google.com
nslookup yahoo.com
ping -n 2 google.com
ping -n 2 yahoo.com
route print
)
start Log1.txt
del %0
Save this as router.bat Choose to Save type as - All Files and where to save - Desktop - then close the Notepad file.

It should look like this: Posted Image <--XP
Double-click on router.bat to run it. it will open notepad when done please post back the results
gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 mechatech

mechatech
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:29 PM

Posted 04 January 2011 - 02:35 PM

Logs from both machines


PC 1 Vista 64


Windows IP Configuration

Host Name . . . . . . . . . . . . : Owner-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : no-domain-set.aliant

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : no-domain-set.aliant
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : 00-26-18-0A-F9-09
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::9489:827:7f49:eaa8%10(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.2.10(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Tuesday, January 04, 2011 12:19:59 PM
Lease Expires . . . . . . . . . . : Friday, January 07, 2011 3:58:23 PM
Default Gateway . . . . . . . . . : 192.168.2.1
DHCP Server . . . . . . . . . . . : 192.168.2.1
DHCPv6 IAID . . . . . . . . . . . : 167781912
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-11-E8-E1-89-00-26-18-0A-F9-09
DNS Servers . . . . . . . . . . . : 192.168.2.1
192.168.2.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : no-domain-set.aliant
Description . . . . . . . . . . . : isatap.no-domain-set.aliant
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:2c22:2bb5:3f57:fdf5(Preferred)
Link-local IPv6 Address . . . . . : fe80::2c22:2bb5:3f57:fdf5%11(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: UnKnown
Address: 192.168.2.1

Name: google.com
Addresses: 72.14.204.104
72.14.204.147
72.14.204.99
72.14.204.103

Server: UnKnown
Address: 192.168.2.1

Name: yahoo.com
Addresses: 67.195.160.76
69.147.125.65
72.30.2.43
98.137.149.56
209.191.122.70



Pinging google.com [72.14.204.103] with 32 bytes of data:

Reply from 72.14.204.103: bytes=32 time=49ms TTL=56

Reply from 72.14.204.103: bytes=32 time=48ms TTL=56



Ping statistics for 72.14.204.103:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 48ms, Maximum = 49ms, Average = 48ms



Pinging yahoo.com [209.191.122.70] with 32 bytes of data:

Reply from 209.191.122.70: bytes=32 time=95ms TTL=51

Reply from 209.191.122.70: bytes=32 time=85ms TTL=51



Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 85ms, Maximum = 95ms, Average = 90ms

===========================================================================
Interface List
10 ...00 26 18 0a f9 09 ...... Realtek PCIe GBE Family Controller
1 ........................... Software Loopback Interface 1
12 ...00 00 00 00 00 00 00 e0 isatap.no-domain-set.aliant
11 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.2.1 192.168.2.10 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.2.0 255.255.255.0 On-link 192.168.2.10 276
192.168.2.10 255.255.255.255 On-link 192.168.2.10 276
192.168.2.255 255.255.255.255 On-link 192.168.2.10 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.2.10 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.2.10 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
11 18 ::/0 On-link
1 306 ::1/128 On-link
11 18 2001::/32 On-link
11 266 2001:0:4137:9e76:2c22:2bb5:3f57:fdf5/128
On-link
10 276 fe80::/64 On-link
11 266 fe80::/64 On-link
11 266 fe80::2c22:2bb5:3f57:fdf5/128
On-link
10 276 fe80::9489:827:7f49:eaa8/128
On-link
1 306 ff00::/8 On-link
11 266 ff00::/8 On-link
10 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None




+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

PC 2 XP Home



Windows IP Configuration



Host Name . . . . . . . . . . . . : owner-pc2

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : no-domain-set.aliant



Ethernet adapter Local Area Connection 2:



Connection-specific DNS Suffix . : no-domain-set.aliant

Description . . . . . . . . . . . : Marvell Yukon 88E8001/8003/8010 PCI Gigabit Ethernet Controller

Physical Address. . . . . . . . . : 00-11-2F-6A-3F-5B

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.2.11

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.2.1

DHCP Server . . . . . . . . . . . : 192.168.2.1

DNS Servers . . . . . . . . . . . : 192.168.2.1

192.168.2.1

Lease Obtained. . . . . . . . . . : Tuesday, January 04, 2011 3:57:14 PM

Lease Expires . . . . . . . . . . : Friday, January 07, 2011 3:57:14 PM

Server: UnKnown
Address: 192.168.2.1

Name: google.com
Addresses: 72.14.204.104, 72.14.204.99, 72.14.204.147, 72.14.204.103

Server: UnKnown
Address: 192.168.2.1

Name: yahoo.com
Addresses: 69.147.125.65, 72.30.2.43, 98.137.149.56, 209.191.122.70
67.195.160.76



Pinging google.com [72.14.204.99] with 32 bytes of data:



Reply from 72.14.204.99: bytes=32 time=47ms TTL=56

Reply from 72.14.204.99: bytes=32 time=50ms TTL=56



Ping statistics for 72.14.204.99:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 47ms, Maximum = 50ms, Average = 48ms



Pinging yahoo.com [209.191.122.70] with 32 bytes of data:



Reply from 209.191.122.70: bytes=32 time=106ms TTL=52

Reply from 209.191.122.70: bytes=32 time=109ms TTL=51



Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 106ms, Maximum = 109ms, Average = 107ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 11 2f 6a 3f 5b ...... Marvell Yukon 88E8001/8003/8010 PCI Gigabit Ethernet Controller - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.2.1 192.168.2.11 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
192.168.2.0 255.255.255.0 192.168.2.11 192.168.2.11 20
192.168.2.11 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.2.255 255.255.255.255 192.168.2.11 192.168.2.11 20
224.0.0.0 240.0.0.0 192.168.2.11 192.168.2.11 20
255.255.255.255 255.255.255.255 192.168.2.11 192.168.2.11 1
Default Gateway: 192.168.2.1
===========================================================================
Persistent Routes:
None

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:59 PM

Posted 04 January 2011 - 02:49 PM

Hello

I want to make sure of something - the redirects have stopped?


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 mechatech

mechatech
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:29 PM

Posted 04 January 2011 - 03:30 PM

Yes so far no redirects. Wikipedia was hard to get to from Google. Now I can get to it every time.

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:59 PM

Posted 04 January 2011 - 06:25 PM

Hello

ok run this on both computers

Clear your Java Cache

  • click on Start-> Control Panel (Classic View)-> Java (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
      Applications and Applets
      Trace and Log Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.


TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :

  • Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Eset Online Scanner

**Note** You will need to use Internet explorer for this scan

Go Eset web page to run an online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • click on the ESET Online Scanner button
  • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
  • When asked, allow the activex control to install
    • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options
    Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
Copy and paste that log as a reply to this topic


"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • Log From ESET Online Scanner
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 mechatech

mechatech
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:29 PM

Posted 06 January 2011 - 12:19 PM

Hello,

Started ESET scans on both machines. A power outage interrupted me and I had to shut down. Restarted from scratch about 12 hours later.


PC 1 Vista 64

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5464

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18999

1/5/2011 11:37:17 PM
mbam-log-2011-01-05 (23-37-17).txt

Scan type: Quick scan
Objects scanned: 154367
Time elapsed: 1 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


This one was troublesome. After the ESET scan the log showed this.

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK



I suspected UAC was to blame. Deactivated it and ran it again. Took almost 6 hours, again.

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
esets_scanner_update returned -1 esets_gle=53251
esets_scanner_update returned -1 esets_gle=53251
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6419
# api_version=3.0.2
# EOSSerial=5083bc2fdcb5c94586d0341190ebaad4
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-01-06 10:15:21
# local_time=2011-01-06 06:45:21 (-03-30, Newfoundland Standard Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1032 16777213 100 86 0 37372256 0 0
# compatibility_mode=5892 16776574 100 56 0 130905818 0 0
# compatibility_mode=8192 67108863 100 0 176990 176990 0 0
# scanned=61
# found=1
# cleaned=0
# scan_time=9
C:\Qoobox\Quarantine\C\Users\Owner\AppData\Local\usbapisvc\DevmapEnum.dll.vir a variant of Win32/Sefnit.AO trojan (unable to clean) 00000000000000000000000000000000 I
esets_scanner_update returned -1 esets_gle=53251
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6419
# api_version=3.0.2
# EOSSerial=5083bc2fdcb5c94586d0341190ebaad4
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-01-06 04:04:25
# local_time=2011-01-06 12:34:25 (-03-30, Newfoundland Standard Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=1032 16777213 100 86 0 37374213 0 0
# compatibility_mode=5892 16776574 100 56 0 130907775 0 0
# compatibility_mode=8192 67108863 100 0 178947 178947 0 0
# scanned=437876
# found=16
# cleaned=0
# scan_time=18996
C:\Qoobox\Quarantine\C\Users\Owner\AppData\Local\usbapisvc\DevmapEnum.dll.vir a variant of Win32/Sefnit.AO trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Owner\Documents\mechas docs\CheatEngine55.exe multiple threats (unable to clean) 00000000000000000000000000000000 I
D:\game extras\bloodrayne extras\blood rayne\BR2\extras\asx-br2\asx-br2.exe probably a variant of Win32/Spy.Agent.DILUHWK trojan (unable to clean) 00000000000000000000000000000000 I
D:\game extras\nolf\NoOneLivesForEverTrainer\No One Lives Forever (v1.0) +01 Trainer\No One Lives Forever (v1.0) +01 Trainer.exe Win32/Keylogger.HotKeysHook.A virus (unable to clean) 00000000000000000000000000000000 I
D:\game extras\Rockstar Games\Grand Theft Auto Vice City\+extras\programs\Mod installer 4.1\116_gta_mod_installer_4.1\scripter.exe probably a variant of Win32/Spy.Agent.LGADJOP trojan (unable to clean) 00000000000000000000000000000000 I
D:\game extras\Rockstar Games\GTA San Andreas\Grand.Theft.Auto.San.Andreas.PLUS.27.TRAINER.REPACK-PiZZADOX.rar a variant of Win32/GameHack.O application (unable to clean) 00000000000000000000000000000000 I
D:\game extras\Rockstar Games\GTA San Andreas\SASpeedo.zip probably a variant of Win32/Adware.Vapsup.IHKBXKE application (unable to clean) 00000000000000000000000000000000 I
D:\game extras\Rockstar Games\GTAIII\GTA 3 extras\Ins-Gta3Trn.zip Win32/Keylogger.HotKeysHook.A virus (unable to clean) 00000000000000000000000000000000 I
D:\game extras\stalker extras\brew-scsv1.5.04.rar a variant of Win32/GameHack.O application (unable to clean) 00000000000000000000000000000000 I
D:\game extras\stalker extras\THQ\STALKER-Trainer-V4\STALKER-Trainer-V4.exe probably a variant of Win32/Agent.BKAQQFU trojan (unable to clean) 00000000000000000000000000000000 I
D:\game extras\TR extras\dead Tomb Raider - Anniversary\tra_trn.exe probably a variant of Win32/Agent.HUJPOBO trojan (unable to clean) 00000000000000000000000000000000 I
D:\game extras\TR extras\dead Tomb Raider - Legend\TRL\TRLFly.exe probably a variant of Win32/Agent.LJWHCAN trojan (unable to clean) 00000000000000000000000000000000 I
D:\game extras\TR extras\Tomb Raider - Legend\tools\tpe\t.p.e. 2.03b.exe a variant of Win32/Tool.TPE.A application (unable to clean) 00000000000000000000000000000000 I
D:\game extras\TR extras\TRA + extras\tra1_trn\tra_trn.exe probably a variant of Win32/Agent.HUJPOBO trojan (unable to clean) 00000000000000000000000000000000 I
D:\other stuff\00 DO NOT DELETE DRIVERS & PROGS & FILES\EvID4226Patch212-en\EvID4226Patch.exe Win32/Tool.EvID4226 application (unable to clean) 00000000000000000000000000000000 I
D:\PROGS\Unlocker1.9.0-x64.exe Win32/Adware.ADON application (unable to clean) 00000000000000000000000000000000 I

The first one in QooBox I don't recognize. The others are game trainers. I have used them all in the past and never had issue with any. EvID4226 is a fix for increasing download speeds. Many are years old and none have been used in over two years. Both machines are less than a year and half old. Unlocker is a program that allows files that won't allow deletion to be deleted. I got it off CNET and installed it on PC 1 about three weeks ago.

Based on my activity over the past month I suspect my infection came from a pop up ad, or a remote possibility of an infected zip file from TESnexus.com, a popular game modding site. This site is extremely popular and heavily monitored which leads me to believe the uploader is unaware that their upload is infected. The only other suspect is Unlocker, but user reviews do not write of any virus or rootkit activity.



++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

PC 2 XP Home

No Java installed.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5464

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

1/5/2011 11:58:31 PM
mbam-log-2011-01-05 (23-58-31).txt

Scan type: Quick scan
Objects scanned: 121332
Time elapsed: 1 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6419
# api_version=3.0.2
# EOSSerial=89771e2ee7db56438cf7329064d86c8a
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-01-06 04:41:45
# local_time=2011-01-06 01:11:45 (-03-30, Newfoundland Standard Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1032 16777173 100 94 0 37348035 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=26104
# found=0
# cleaned=0
# scan_time=4216


No more redirects. Both machines behave fine.

After this I am considering removing AVG and installing Microsoft Security Essentials.

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:59 PM

Posted 06 January 2011 - 12:37 PM

Hello

After this I am considering removing AVG and installing Microsoft Security Essentials.

AVG is not the same as it once was so switching to MSE might be a good idea

if you know what all the filwes are then I will leave them alone

The C:\Qoobox\Quarantine\ is from me and will be removed now



Very well done!! This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


The following procedure will implement some cleanup procedures. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.

Any programs and logs that are left over you can just be deleted from the desktop. TFC is a free temp file cleaner that is very easy to use, I would keep this and use before you do any scans or when you want to free up some space.

:DeFogger:

  • To re-enable your Emulation drivers, double click DeFogger to run the tool.
  • The application window will appear
  • Click the Re-enable button to re-enable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK
Your Emulation drivers are now re-enabled.


:Uninstall ComboFix:

  • turn off all active protection software
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Posted Image


:remove tools:

Please download OTCleanIt and save it to desktop. This tool will remove all the tools we used to clean your pc.
  • Double-click OTCleanIt.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
  • If asked to restart the computer, please do so
Note: If you receive a warning from your firewall or other security programs regarding OTCleanIt attempting to contact the internet, please allow it to do so.


:clear system restore points:

This is a good time to clear your existing system restore points and establish a new clean restore point:
  • Go to Start > All Programs > Accessories > System Tools > System Restore
  • Select Create a restore point, and Ok it.
  • Next, go to Start > Run and type in cleanmgr
  • choose your root drive (normally C:)
  • after it calculates how much space you will save it will open up a new window
  • Select the More options tab at the top of the window
  • Choose the option to clean up system restore and OK it.
  • go back to the disk clean up tab
  • put a checkmark in all - except compress old files (leave this unchecked)
  • click Ok then click yes
This will remove all restore points except the new one you just created and clean unneeded files


:Make your Internet Explorer more secure:

  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialise and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
    Next press the Apply button and then the OK to exit the Internet Properties page.


:Make Firefox more secure:

please visit this page to explain how to make Firefox more secure - How to Secure Firefox


Make sure your applications have all of their updates

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector


:Turn On Automatic Updates:

Turn On Automatic Updates
1. Click Start, click Run, type sysdm.cpl, and then press ENTER.
2. Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them

If you click this setting, click to select the day and time for scheduled updates to occur. You can schedule Automatic Updates for any time of day. Remember, your computer must be on at the scheduled time for updates to be installed. After you set this option, Windows recognizes when you are online and uses your Internet connection to find updates on the Windows Update Web site or on the Microsoft Update Web site that apply to your computer. Updates are downloaded automatically in the background, and you are not notified or interrupted during this process. An icon appears in the notification area of your taskbar when the updates are being downloaded. You can point to the icon to view the download status. To pause or to resume the download, right-click the icon, and then click Pause or Resume. When the download is completed, another message appears in the notification area so that you can review the updates that are scheduled for installation. If you choose not to install at that time, Windows starts the installation on your set schedule.

or visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

:antispyware programs:

I would reccomend the download and installation of some or all of the following programs (all free), and the updating of them regularly:

  • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • Spyware Blaster - By altering your registry, this program stops harmful sites from installing things like ActiveX Controls on your machines.
  • Malwarebytes' Anti-Malware Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
    totally free but for real-time protection you will have to pay a small one-time fee. We used this to help clean your computer and recomend keeping it and using often.

Here is some great reading about how to be safer online:

PC Safety and Security - What Do I Need? from my friends at Tech Support Forum
and
COMPUTER SECURITY - a short guide to staying safer online from my friends at Malware Removal

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

I Will Keep This Open For About Three Days, If Anything Comes Up - Just Come Back And Let Me Know, after that time you will have to send me a PM

My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->Posted Image<-- Don't worry every little bit helps.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 mechatech

mechatech
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:06:29 PM

Posted 07 January 2011 - 05:31 PM

No more redirects. Followed all instructions above. Added all three anti malware programs and secured Firefox. I found that remote assistance was turned on and turned that off. Strange thing is I thought I had already turned it off when I first got this machine (PC 1) a year and half ago.

Anyway a big thank you and happy new year! :thumbsup:

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:59 PM

Posted 07 January 2011 - 05:34 PM

You are most welcome and a happy new year to you to



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:05:59 PM

Posted 09 January 2011 - 11:45 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users