Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google search links redirects somewher else


  • This topic is locked This topic is locked
11 replies to this topic

#1 Glo-Mus

Glo-Mus

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:07 PM

Posted 15 January 2011 - 06:54 PM

Hello again !
My problem is; When i make a search on Google, and click on links, redirects to unrelated web sites...
Sometimes works normal...I use only Firefox...

I have; Windows / Vista Home / Firefox...
When i was trying to do GMER Scan, windows shut down 2 times; first it said "PFN list Corrupt",
Second time it said "Dell wireless WLAN card Wireless Network Controller stopped working and was closed ".
Then, i turned OFF Virus Guard and Wireless...
And scan was completed...
Thank you in advance !!!


DDS (Ver_10-12-12.02) - NTFSx86
Run by Gloria at 17:27:28.53 on Sat 01/15/2011
Internet Explorer: 7.0.6001.18000
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2037.1119 [GMT -5:00]

AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\aestsrv.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\STacSV.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\WLTRAY.EXE
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\DivX\DivX Plus Web Player\DDMService.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Windows\system32\wuauclt.exe
C:\Windows\System32\notepad.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Gloria\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [MJMYACT] rundll32 "c:\users\gloria\appdata\roaming\msrle32E.dll",seahq
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [EEventManager] c:\program files\epson\creativity suite\event manager\EEventManager.exe
mRun: [DivX Download Manager] "c:\program files\divx\divx plus web player\DDmService.exe" start
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\users\gloria\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Notify: igfxcui - igfxdev.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\gloria\appdata\roaming\mozilla\firefox\profiles\xysi31j1.default\
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\divx\divx plus web player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\divx\divx plus web player\firefox\wpa
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - Ext: FoxTab: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a} - %profile%\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}

============= SERVICES / DRIVERS ===============

R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2010-12-12 73728]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2010-12-14 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2010-12-14 267944]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-12-14 61960]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2010-12-12 111104]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-12-25 136176]

=============== Created Last 30 ================

2011-01-12 17:34:39 -------- d-----w- c:\users\gloria\appdata\roaming\OpenOffice.org
2011-01-12 17:29:06 -------- d-----w- c:\program files\JRE
2011-01-12 17:28:35 -------- d-----w- c:\program files\OpenOffice.org 3
2011-01-12 17:27:32 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2011-01-08 21:14:33 -------- d-----w- c:\program files\Veetle
2010-12-30 07:57:07 -------- d-----w- c:\users\gloria\appdata\roaming\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1
2010-12-29 03:27:05 -------- d-----w- c:\windows\system32\EventProviders
2010-12-29 03:25:30 6273872 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{3f2408cf-9a04-4ffb-8bba-671538170993}\mpengine.dll
2010-12-29 01:40:02 -------- d-----w- c:\users\gloria\appdata\roaming\IObit
2010-12-28 06:00:19 2048 ----a-w- c:\windows\system32\winrsmgr.dll
2010-12-28 06:00:00 40448 ----a-w- c:\windows\system32\winrs.exe
2010-12-28 06:00:00 20480 ----a-w- c:\windows\system32\winrshost.exe
2010-12-28 06:00:00 12800 ----a-w- c:\windows\system32\wsmprovhost.exe
2010-12-27 09:22:45 231936 ----a-w- c:\windows\system32\msshsq.dll
2010-12-27 05:45:36 -------- d-----w- c:\program files\common files\DivX Shared
2010-12-26 02:22:22 -------- d-----w- c:\program files\VideoLAN
2010-12-22 08:16:00 34816 ----a-w- c:\windows\system32\msscb.dll
2010-12-22 08:16:00 18904 ----a-w- c:\windows\system32\StructuredQuerySchemaTrivial.bin
2010-12-22 08:16:00 11776 ----a-w- c:\windows\system32\msshooks.dll
2010-12-22 08:16:00 106605 ----a-w- c:\windows\system32\StructuredQuerySchema.bin
2010-12-22 08:11:47 80896 ----a-w- c:\windows\system32\MSNP.ax
2010-12-22 08:11:47 177664 ----a-w- c:\windows\system32\mpg2splt.ax
2010-12-22 08:11:44 293376 ----a-w- c:\windows\system32\psisdecd.dll
2010-12-22 08:11:43 428544 ----a-w- c:\windows\system32\EncDec.dll
2010-12-22 08:11:43 217088 ----a-w- c:\windows\system32\psisrndr.ax
2010-12-22 08:04:15 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-12-22 08:04:15 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-12-22 08:04:15 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-12-22 08:04:15 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-12-22 08:04:15 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-12-21 09:41:57 10926592 ----a-w- c:\program files\movie maker\MOVIEMK.dll
2010-12-21 09:35:02 738816 ----a-w- c:\windows\system32\inetcomm.dll
2010-12-21 09:34:31 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2010-12-21 09:25:22 531968 ----a-w- c:\windows\system32\comctl32.dll
2010-12-21 07:34:50 -------- d-----w- C:\PerfLogs
2010-12-21 00:16:19 126464 --sha-r- c:\users\gloria\appdata\roaming\msrle32E.dll
2010-12-20 14:15:46 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-12-18 14:53:59 1792512 ----a-w- c:\windows\system32\mmc.exe
2010-12-18 14:52:59 383488 ----a-w- c:\windows\system32\WinSATAPI.dll
2010-12-18 14:51:59 5709824 ----a-w- c:\program files\common files\microsoft shared\ink\mshwfra.dll
2010-12-18 14:50:59 47104 ----a-w- c:\windows\system32\drivers\lltdio.sys
2010-12-17 23:27:04 -------- d-----w- c:\users\gloria\appdata\roaming\Local
2010-12-17 23:26:03 -------- d-----w- c:\program files\common files\PX Storage Engine
2010-12-17 23:22:57 -------- d-----w- c:\program files\DivX
2010-12-17 23:22:01 -------- d-----w- c:\progra~2\DivX
2010-12-17 13:20:09 -------- d-----w- c:\users\gloria\appdata\local\Microsoft Games

==================== Find3M ====================

2010-12-21 06:32:55 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2010-12-21 06:32:46 82432 ----a-w- c:\windows\system32\axaltocm.dll
2010-12-14 05:34:24 378368 ----a-w- c:\windows\system32\winhttp.dll
2010-12-14 05:33:06 269312 ----a-w- c:\windows\system32\es.dll
2010-12-14 05:13:19 190464 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-12-14 05:12:08 40960 ----a-w- c:\windows\apppatch\apihex86.dll
2010-12-14 05:12:08 24064 ----a-w- c:\windows\system32\amxread.dll
2010-12-14 05:12:08 13824 ----a-w- c:\windows\system32\apilogen.dll
2010-12-14 05:11:14 712704 ----a-w- c:\windows\system32\WindowsCodecs.dll
2010-12-14 05:11:14 425472 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2010-12-14 05:11:13 347136 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2010-12-14 05:09:50 443392 ----a-w- c:\windows\system32\win32spl.dll
2010-12-14 05:09:50 37888 ----a-w- c:\windows\system32\printcom.dll
2010-12-14 05:08:37 14848 ----a-w- c:\windows\system32\wshrm.dll
2010-12-14 05:07:39 43520 ----a-w- c:\windows\system32\msdxm.tlb
2010-12-14 05:07:39 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2010-12-14 05:07:39 18432 ----a-w- c:\windows\system32\amcompat.tlb
2010-12-14 05:07:08 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-12-14 05:07:08 329216 ----a-w- c:\windows\system32\msdrm.dll
2010-12-14 05:07:08 151040 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-12-14 05:07:07 523776 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-12-14 05:07:07 511488 ----a-w- c:\windows\system32\RMActivate.exe
2010-12-14 05:07:07 472576 ----a-w- c:\windows\system32\secproc_isv.dll
2010-12-14 05:07:07 472064 ----a-w- c:\windows\system32\secproc.dll
2010-12-14 05:07:07 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-12-14 05:07:07 151040 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-12-14 04:59:46 97800 ----a-w- c:\windows\system32\infocardapi.dll
2010-12-14 04:59:46 622080 ----a-w- c:\windows\system32\icardagt.exe
2010-12-14 04:59:46 11264 ----a-w- c:\windows\system32\icardres.dll
2010-12-14 04:59:45 37384 ----a-w- c:\windows\system32\infocardcpl.cpl
2010-12-14 04:59:42 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2010-12-14 04:59:41 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2010-12-14 03:55:07 23552 ----a-w- c:\windows\system32\lpk.dll
2010-12-14 03:55:07 10240 ----a-w- c:\windows\system32\dciman32.dll
2010-12-14 03:52:51 72704 ----a-w- c:\windows\system32\admparse.dll
2010-12-14 03:52:44 48128 ----a-w- c:\windows\system32\mshtmler.dll
2010-12-14 03:50:58 28672 ----a-w- c:\windows\system32\FwRemoteSvr.dll
2010-12-14 03:50:57 61440 ----a-w- c:\windows\system32\winipsec.dll
2010-12-14 03:50:57 361984 ----a-w- c:\windows\system32\IPSECSVC.DLL
2010-12-14 03:50:57 272896 ----a-w- c:\windows\system32\polstore.dll
2010-12-14 03:47:35 94720 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2010-12-14 03:47:35 241152 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2010-12-14 03:47:35 160768 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2010-12-14 03:44:59 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2010-12-14 03:44:59 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2010-12-14 03:44:59 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2010-12-14 03:44:59 19968 ----a-w- c:\windows\system32\ARP.EXE
2010-12-14 03:44:59 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2010-12-14 03:44:59 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2010-12-14 03:44:59 104960 ----a-w- c:\windows\system32\netiohlp.dll
2010-12-14 03:44:59 10240 ----a-w- c:\windows\system32\finger.exe
2010-12-14 03:41:27 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2010-12-14 03:41:26 68096 ----a-w- c:\windows\system32\wlanhlp.dll
2010-12-14 03:41:26 64512 ----a-w- c:\windows\system32\wlanapi.dll
2010-12-14 03:41:26 513024 ----a-w- c:\windows\system32\wlansvc.dll
2010-12-14 03:41:26 302592 ----a-w- c:\windows\system32\wlansec.dll
2010-12-14 03:41:26 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2010-12-14 03:41:26 15181 ----a-w- c:\windows\system32\gatherWirelessInfo.vbs
2010-12-14 03:40:19 2048 ----a-w- c:\windows\system32\msxml3r.dll
2010-12-14 03:40:18 2048 ----a-w- c:\windows\system32\msxml6r.dll
2010-12-14 03:40:18 1399296 ----a-w- c:\windows\system32\msxml6.dll
2010-12-14 03:39:09 213504 ----a-w- c:\windows\system32\msv1_0.dll
2010-12-14 03:36:07 98816 ----a-w- c:\windows\system32\mfps.dll
2010-12-14 03:36:07 53248 ----a-w- c:\windows\system32\rrinstaller.exe
2010-12-14 03:36:07 2868224 ----a-w- c:\windows\system32\mf.dll
2010-12-14 03:36:07 2048 ----a-w- c:\windows\system32\mferror.dll
2010-12-14 03:36:06 24576 ----a-w- c:\windows\system32\mfpmp.exe
2010-12-14 03:31:08 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-12-14 03:30:03 71680 ----a-w- c:\windows\system32\atl.dll
2010-12-14 03:28:12 296960 ----a-w- c:\windows\system32\gdi32.dll
2010-12-14 03:24:16 562176 ----a-w- c:\windows\system32\msdtcprx.dll
2010-12-14 03:24:16 38912 ----a-w- c:\windows\system32\xolehlp.dll
2010-12-14 03:23:19 160256 ----a-w- c:\windows\system32\wkssvc.dll
2010-12-14 03:22:17 53248 ----a-w- c:\windows\system32\tsgqec.dll
2010-12-14 03:22:17 2066432 ----a-w- c:\windows\system32\mstscax.dll
2010-12-14 03:22:17 136192 ----a-w- c:\windows\system32\aaclient.dll
2010-12-14 03:21:18 303616 ----a-w- c:\windows\system32\wmpeffects.dll
2010-12-14 03:18:35 714240 ----a-w- c:\windows\system32\timedate.cpl
2010-12-14 03:12:05 69632 ----a-w- c:\windows\system32\Mpeg2Data.ax
2010-12-14 03:12:05 57856 ----a-w- c:\windows\system32\MSDvbNP.ax
2010-12-14 03:08:03 636928 ----a-w- c:\windows\system32\localspl.dll
2010-12-14 03:03:29 2927104 ----a-w- c:\windows\explorer.exe
2010-12-14 03:01:45 9728 ----a-w- c:\windows\system32\lsass.exe
2010-12-14 03:01:45 72704 ----a-w- c:\windows\system32\secur32.dll
2010-12-14 03:01:45 499712 ----a-w- c:\windows\system32\kerberos.dll
2010-12-14 03:01:45 175104 ----a-w- c:\windows\system32\wdigest.dll
2010-12-14 03:01:45 1256448 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-14 02:57:59 4495360 ----a-w- c:\windows\system32\NlsData001d.dll
2010-12-14 02:57:58 9847296 ----a-w- c:\windows\system32\NlsData000a.dll
2010-12-14 02:57:58 2643456 ----a-w- c:\windows\system32\NlsData000c.dll
2010-12-14 02:57:58 2342912 ----a-w- c:\windows\system32\NlsData000d.dll
2010-12-14 02:57:58 1965056 ----a-w- c:\windows\system32\NlsData000f.dll
2010-12-14 02:57:57 801280 ----a-w- c:\windows\system32\NaturalLanguage6.dll
2010-12-14 02:57:57 4495360 ----a-w- c:\windows\system32\NlsData0416.dll
2010-12-14 02:57:57 4495360 ----a-w- c:\windows\system32\NlsData0414.dll
2010-12-14 02:57:56 6917120 ----a-w- c:\windows\system32\NlsLexicons0c1a.dll
2010-12-14 02:57:56 4495360 ----a-w- c:\windows\system32\NlsData0816.dll
2010-12-14 02:57:56 1965056 ----a-w- c:\windows\system32\NlsData081a.dll
2010-12-14 02:57:55 1965056 ----a-w- c:\windows\system32\NlsData0c1a.dll
2010-12-14 02:54:08 6656 ----a-w- c:\windows\system32\kbd106n.dll

============= FINISH: 17:28:25.52 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:09:07 AM

Posted 18 January 2011 - 09:46 AM

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from HERE or HERE and save it to your Desktop.

During the download, rename Combofix to Combo-Fix as follows:

Posted Image

Posted Image


It is important you rename Combofix during the download, but not after.

**NOTE: If you are using Firefox, make sure that your download settings are as follows:
  • Tools->Options->Main tab
  • Set to "Always ask me where to Save the files".


After that, double-click and run Combo-Fix. Let it finish its job and post the log here

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 Glo-Mus

Glo-Mus
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:07 PM

Posted 18 January 2011 - 06:35 PM

Hello and Thank you fenzodahl512 !
Before i run ComboFix, i couldn't turn Off "Windows Defender"...
When i click on Defender, it didn't Open..Stayed open less than a second...
Thank you for your help.
Here is my Combo-Fix log :

ComboFix 11-01-17.05 - Gloria 01/18/2011 17:39:03.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2037.817 [GMT -5:00]
Running from: c:\users\Gloria\Desktop\Combo-Fix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\DelUS.bat
C:\Thumbs.db
c:\users\Gloria\AppData\Roaming\Local
c:\users\Gloria\AppData\Roaming\Local\Temp\DDM\Settings\0.ddi
c:\users\Gloria\AppData\Roaming\Local\Temp\DDM\Settings\1.ddi
c:\users\Gloria\AppData\Roaming\Local\Temp\DDM\Settings\2.ddi
c:\users\Gloria\AppData\Roaming\Local\Temp\DDM\Settings\3.ddi
c:\users\Gloria\AppData\Roaming\Local\Temp\DDM\Settings\4.ddi
c:\users\Gloria\AppData\Roaming\Local\Temp\DDM\Settings\6.ddi
c:\users\Gloria\AppData\Roaming\Local\Temp\DDM\Settings\7.ddi
c:\users\Gloria\AppData\Roaming\Local\Temp\DDM\Settings\frakhhnzrect.avi.ddr
c:\users\Gloria\AppData\Roaming\Local\Temp\DDM\Settings\Inception_Trailer_592.divx.ddr
c:\users\Gloria\AppData\Roaming\Local\Temp\DDM\Settings\kiiiqhcxwlmr.avi.ddr
c:\users\Gloria\AppData\Roaming\Local\Temp\DDM\Settings\oxtqnqqoshuy.avi.ddr
c:\users\Gloria\AppData\Roaming\Local\Temp\DDM\Settings\pvggpuntcrin.avi.ddr
c:\users\Gloria\AppData\Roaming\Local\Temp\DDM\Settings\settings.ddi
c:\users\Gloria\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\frakhhnzrect.avi.ddp
c:\users\Gloria\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Inception_Trailer_592.divx
c:\users\Gloria\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\kiiiqhcxwlmr.avi.ddp
c:\users\Gloria\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\oxtqnqqoshuy.avi
c:\users\Gloria\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\pvggpuntcrin.avi.ddp
c:\users\Gloria\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\vhfwtfbgieiv.avi(2).ddp
c:\users\Gloria\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\vhfwtfbgieiv.avi.ddp
c:\users\Gloria\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\xopoamuykgtg.avi
c:\users\Gloria\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\zhmschmxmmaq.avi.ddp
c:\users\Gloria\AppData\Roaming\Local\Temp\DDM\Settings\xopoamuykgtg.avi.ddr
c:\users\Gloria\AppData\Roaming\Local\Temp\DDM\Settings\zhmschmxmmaq.avi.ddr

.
((((((((((((((((((((((((( Files Created from 2010-12-18 to 2011-01-18 )))))))))))))))))))))))))))))))
.

2011-01-18 22:47 . 2011-01-18 22:51 -------- d-----w- c:\users\Gloria\AppData\Local\temp
2011-01-18 22:47 . 2011-01-18 22:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-18 22:35 . 2011-01-18 22:36 -------- d-----w- C:\32788R22FWJFW
2011-01-12 17:34 . 2011-01-12 17:34 -------- d-----w- c:\users\Gloria\AppData\Roaming\OpenOffice.org
2011-01-12 17:29 . 2011-01-12 17:29 -------- d-----w- c:\program files\JRE
2011-01-12 17:28 . 2011-01-12 17:29 -------- d-----w- c:\program files\OpenOffice.org 3
2011-01-08 21:14 . 2011-01-08 21:14 -------- d-----w- c:\program files\Veetle
2010-12-30 07:57 . 2010-12-30 07:57 -------- d-----w- c:\users\Gloria\AppData\Roaming\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1
2010-12-30 07:52 . 2010-12-30 07:52 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-12-29 03:27 . 2010-12-29 03:27 -------- d-----w- c:\windows\system32\EventProviders
2010-12-29 03:25 . 2010-11-16 17:01 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3F2408CF-9A04-4FFB-8BBA-671538170993}\mpengine.dll
2010-12-29 01:40 . 2010-12-29 01:40 -------- d-----w- c:\users\Gloria\AppData\Roaming\IObit
2010-12-28 06:00 . 2009-10-09 21:56 2048 ----a-w- c:\windows\system32\winrsmgr.dll
2010-12-28 06:00 . 2009-10-09 21:56 12800 ----a-w- c:\windows\system32\wsmprovhost.exe
2010-12-28 06:00 . 2009-10-09 21:56 20480 ----a-w- c:\windows\system32\winrshost.exe
2010-12-28 06:00 . 2009-10-09 21:56 40448 ----a-w- c:\windows\system32\winrs.exe
2010-12-28 02:23 . 2010-12-28 02:23 -------- d-----w- c:\users\Gloria\AppData\Local\Mozilla
2010-12-27 09:22 . 2010-09-20 09:25 231936 ----a-w- c:\windows\system32\msshsq.dll
2010-12-27 05:45 . 2010-12-31 05:20 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-12-26 02:22 . 2010-12-26 02:22 -------- d-----w- c:\program files\VideoLAN
2010-12-25 21:32 . 2010-12-25 21:33 -------- d-----w- c:\program files\Google
2010-12-24 05:11 . 2010-12-24 05:11 -------- d-----w- c:\users\Gloria\AppData\Roaming\CyberLink
2010-12-23 00:40 . 2010-12-23 00:40 -------- d-----w- c:\programdata\WindowsSearch
2010-12-22 08:16 . 2008-05-27 05:17 34816 ----a-w- c:\windows\system32\msscb.dll
2010-12-22 08:16 . 2008-05-27 05:17 11776 ----a-w- c:\windows\system32\msshooks.dll
2010-12-22 08:16 . 2008-05-27 04:59 18904 ----a-w- c:\windows\system32\StructuredQuerySchemaTrivial.bin
2010-12-22 08:16 . 2008-05-27 04:59 106605 ----a-w- c:\windows\system32\StructuredQuerySchema.bin
2010-12-22 08:11 . 2010-04-14 17:46 80896 ----a-w- c:\windows\system32\MSNP.ax
2010-12-22 08:11 . 2010-04-14 17:45 177664 ----a-w- c:\windows\system32\mpg2splt.ax
2010-12-22 08:11 . 2010-04-14 17:47 293376 ----a-w- c:\windows\system32\psisdecd.dll
2010-12-22 08:11 . 2010-04-14 17:47 217088 ----a-w- c:\windows\system32\psisrndr.ax
2010-12-22 08:11 . 2010-04-14 17:46 428544 ----a-w- c:\windows\system32\EncDec.dll
2010-12-22 08:04 . 2009-11-08 15:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-12-22 08:04 . 2009-11-08 15:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-12-22 08:04 . 2009-11-08 15:55 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-12-22 08:04 . 2009-11-08 15:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-12-22 08:04 . 2009-11-08 15:55 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-12-21 09:41 . 2010-06-17 17:15 10926592 ----a-w- c:\program files\Movie Maker\MOVIEMK.dll
2010-12-21 09:35 . 2010-05-27 19:16 738816 ----a-w- c:\windows\system32\inetcomm.dll
2010-12-21 09:34 . 2010-11-03 10:51 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2010-12-21 09:25 . 2010-08-31 15:40 531968 ----a-w- c:\windows\system32\comctl32.dll
2010-12-21 07:34 . 2010-12-21 07:34 -------- d-----w- C:\PerfLogs
2010-12-21 03:41 . 2010-12-21 03:41 -------- d-----w- c:\windows\system32\Macromed
2010-12-21 00:16 . 2010-12-21 00:16 126464 --sha-r- c:\users\Gloria\AppData\Roaming\msrle32E.dll
2010-12-20 14:16 . 2010-12-20 14:16 -------- d-----w- c:\program files\Common Files\Java
2010-12-20 14:15 . 2010-12-20 14:15 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-12-20 14:14 . 2011-01-12 17:26 -------- d-----w- c:\program files\Java

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-21 06:32 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2010-12-21 06:32 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
2010-12-20 14:18 . 2010-12-14 14:07 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-12-14 05:34 . 2010-12-14 05:34 378368 ----a-w- c:\windows\system32\winhttp.dll
2010-12-14 05:33 . 2010-12-14 05:33 269312 ----a-w- c:\windows\system32\es.dll
2010-12-14 05:32 . 2010-12-14 05:32 36864 ----a-w- c:\windows\system32\drivers\en-US\http.sys.mui
2010-12-14 05:14 . 2010-12-14 05:14 551424 ----a-w- c:\windows\system32\rpcss.dll
2010-12-14 05:14 . 2010-12-14 05:14 666624 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2010-12-14 05:14 . 2010-12-14 05:14 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2010-12-14 05:14 . 2010-12-14 05:14 615424 ----a-w- c:\windows\system32\wbem\fastprox.dll
2010-12-14 05:14 . 2010-12-14 05:14 54784 ----a-w- c:\windows\system32\iasads.dll
2010-12-14 05:14 . 2010-12-14 05:14 499200 ----a-w- c:\windows\system32\wbem\WmiPrvSD.dll
2010-12-14 05:14 . 2010-12-14 05:14 247296 ----a-w- c:\windows\system32\wbem\WmiPrvSE.exe
2010-12-14 05:14 . 2010-12-14 05:14 129024 ----a-w- c:\windows\system32\wbem\WmiDcPrv.dll
2010-12-14 05:14 . 2010-12-14 05:14 98304 ----a-w- c:\windows\system32\iasrecst.dll
2010-12-14 05:14 . 2010-12-14 05:14 44032 ----a-w- c:\windows\system32\iasdatastore.dll
2010-12-14 05:14 . 2010-12-14 05:14 183296 ----a-w- c:\windows\system32\sdohlp.dll
2010-12-14 05:14 . 2010-12-14 05:14 17408 ----a-w- c:\windows\system32\iashost.exe
2010-12-14 05:14 . 2010-12-14 05:14 62464 ----a-w- c:\windows\system32\l3codeca.acm
2010-12-14 05:14 . 2010-12-14 05:14 220672 ----a-w- c:\windows\system32\l3codecp.acm
2010-12-14 05:13 . 2010-12-14 05:13 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-12-14 05:13 . 2010-12-14 05:13 190464 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-12-14 05:13 . 2010-12-14 05:13 15360 ----a-w- c:\windows\system32\drivers\TUNMP.SYS
2010-12-14 05:12 . 2010-12-14 05:12 40960 ----a-w- c:\windows\apppatch\apihex86.dll
2010-12-14 05:12 . 2010-12-14 05:12 24064 ----a-w- c:\windows\system32\amxread.dll
2010-12-14 05:12 . 2010-12-14 05:12 13824 ----a-w- c:\windows\system32\apilogen.dll
2010-12-14 05:11 . 2010-12-14 05:11 712704 ----a-w- c:\windows\system32\WindowsCodecs.dll
2010-12-14 05:11 . 2010-12-14 05:11 425472 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2010-12-14 05:11 . 2010-12-14 05:11 347136 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2010-12-14 05:09 . 2010-12-14 05:09 443392 ----a-w- c:\windows\system32\win32spl.dll
2010-12-14 05:09 . 2010-12-14 05:09 37888 ----a-w- c:\windows\system32\printcom.dll
2010-12-14 05:08 . 2010-12-14 05:08 14848 ----a-w- c:\windows\system32\wshrm.dll
2010-12-14 05:08 . 2010-12-14 05:08 113664 ----a-w- c:\windows\system32\drivers\rmcast.sys
2010-12-14 05:07 . 2010-12-14 05:07 43520 ----a-w- c:\windows\system32\msdxm.tlb
2010-12-14 05:07 . 2010-12-14 05:07 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2010-12-14 05:07 . 2010-12-14 05:07 18432 ----a-w- c:\windows\system32\amcompat.tlb
2010-12-14 05:07 . 2010-12-14 05:07 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-12-14 05:07 . 2010-12-14 05:07 329216 ----a-w- c:\windows\system32\msdrm.dll
2010-12-14 05:07 . 2010-12-14 05:07 151040 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-12-14 05:07 . 2010-12-14 05:07 523776 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-12-14 05:07 . 2010-12-14 05:07 511488 ----a-w- c:\windows\system32\RMActivate.exe
2010-12-14 05:07 . 2010-12-14 05:07 472576 ----a-w- c:\windows\system32\secproc_isv.dll
2010-12-14 05:07 . 2010-12-14 05:07 472064 ----a-w- c:\windows\system32\secproc.dll
2010-12-14 05:07 . 2010-12-14 05:07 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-12-14 05:07 . 2010-12-14 05:07 151040 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-12-14 04:59 . 2010-12-14 04:59 97800 ----a-w- c:\windows\system32\infocardapi.dll
2010-12-14 04:59 . 2010-12-14 04:59 622080 ----a-w- c:\windows\system32\icardagt.exe
2010-12-14 04:59 . 2010-12-14 04:59 11264 ----a-w- c:\windows\system32\icardres.dll
2010-12-14 04:59 . 2010-12-14 04:59 37384 ----a-w- c:\windows\system32\infocardcpl.cpl
2010-12-14 04:59 . 2010-12-14 04:59 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2010-12-14 04:59 . 2010-12-14 04:59 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2010-12-14 03:55 . 2010-12-14 03:55 23552 ----a-w- c:\windows\system32\lpk.dll
2010-12-14 03:55 . 2010-12-14 03:55 10240 ----a-w- c:\windows\system32\dciman32.dll
2010-12-14 03:52 . 2010-12-14 03:52 72704 ----a-w- c:\windows\system32\admparse.dll
2010-12-14 03:52 . 2010-12-14 03:52 48128 ----a-w- c:\windows\system32\mshtmler.dll
2010-12-14 03:50 . 2010-12-14 03:50 28672 ----a-w- c:\windows\system32\FwRemoteSvr.dll
2010-12-14 03:50 . 2010-12-14 03:50 61440 ----a-w- c:\windows\system32\winipsec.dll
2010-12-14 03:50 . 2010-12-14 03:50 361984 ----a-w- c:\windows\system32\IPSECSVC.DLL
2010-12-14 03:50 . 2010-12-14 03:50 272896 ----a-w- c:\windows\system32\polstore.dll
2010-12-14 03:47 . 2010-12-14 03:47 94720 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2010-12-14 03:47 . 2010-12-14 03:47 241152 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2010-12-14 03:47 . 2010-12-14 03:47 160768 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2010-12-14 03:44 . 2010-12-14 03:44 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2010-12-14 03:44 . 2010-12-14 03:44 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2010-12-14 03:44 . 2010-12-14 03:44 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2010-12-14 03:44 . 2010-12-14 03:44 19968 ----a-w- c:\windows\system32\ARP.EXE
2010-12-14 03:44 . 2010-12-14 03:44 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2010-12-14 03:44 . 2010-12-14 03:44 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2010-12-14 03:44 . 2010-12-14 03:44 104960 ----a-w- c:\windows\system32\netiohlp.dll
2010-12-14 03:44 . 2010-12-14 03:44 10240 ----a-w- c:\windows\system32\finger.exe
2010-12-14 03:41 . 2010-12-14 03:41 127488 ----a-w- c:\windows\system32\L2SecHC.dll
2010-12-14 03:41 . 2010-12-14 03:41 68096 ----a-w- c:\windows\system32\wlanhlp.dll
2010-12-14 03:41 . 2010-12-14 03:41 64512 ----a-w- c:\windows\system32\wlanapi.dll
2010-12-14 03:41 . 2010-12-14 03:41 513024 ----a-w- c:\windows\system32\wlansvc.dll
2010-12-14 03:41 . 2010-12-14 03:41 302592 ----a-w- c:\windows\system32\wlansec.dll
2010-12-14 03:41 . 2010-12-14 03:41 293376 ----a-w- c:\windows\system32\wlanmsm.dll
2010-12-14 03:41 . 2010-12-14 03:41 15181 ----a-w- c:\windows\system32\gatherWirelessInfo.vbs
2010-12-14 03:40 . 2010-12-14 03:40 2048 ----a-w- c:\windows\system32\msxml3r.dll
2010-12-14 03:40 . 2010-12-14 03:40 2048 ----a-w- c:\windows\system32\msxml6r.dll
2010-12-14 03:40 . 2010-12-14 03:40 1399296 ----a-w- c:\windows\system32\msxml6.dll
2010-12-14 03:39 . 2010-12-14 03:39 213504 ----a-w- c:\windows\system32\msv1_0.dll
2010-12-14 03:38 . 2010-12-14 03:38 78848 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-12-14 03:38 . 2010-12-14 03:38 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-12-14 03:38 . 2010-12-14 03:38 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-12-14 03:36 . 2010-12-14 03:36 98816 ----a-w- c:\windows\system32\mfps.dll
2010-12-14 03:36 . 2010-12-14 03:36 53248 ----a-w- c:\windows\system32\rrinstaller.exe
2010-12-14 03:36 . 2010-12-14 03:36 2868224 ----a-w- c:\windows\system32\mf.dll
2010-12-14 03:36 . 2010-12-14 03:36 2048 ----a-w- c:\windows\system32\mferror.dll
2010-12-14 03:36 . 2010-12-14 03:36 24576 ----a-w- c:\windows\system32\mfpmp.exe
2010-12-14 03:31 . 2010-12-14 03:31 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-12-14 03:30 . 2010-12-14 03:30 71680 ----a-w- c:\windows\system32\atl.dll
2010-12-14 03:28 . 2010-12-14 03:28 296960 ----a-w- c:\windows\system32\gdi32.dll
2010-12-14 03:24 . 2010-12-14 03:24 562176 ----a-w- c:\windows\system32\msdtcprx.dll
2010-12-14 03:24 . 2010-12-14 03:24 38912 ----a-w- c:\windows\system32\xolehlp.dll
2010-12-14 03:23 . 2010-12-14 03:23 160256 ----a-w- c:\windows\system32\wkssvc.dll
2010-12-14 03:22 . 2010-12-14 03:22 53248 ----a-w- c:\windows\system32\tsgqec.dll
2010-12-14 03:22 . 2010-12-14 03:22 2066432 ----a-w- c:\windows\system32\mstscax.dll
2010-12-14 03:22 . 2010-12-14 03:22 136192 ----a-w- c:\windows\system32\aaclient.dll
2010-12-14 03:21 . 2010-12-14 03:21 303616 ----a-w- c:\windows\system32\wmpeffects.dll
2010-12-14 03:18 . 2010-12-14 03:18 714240 ----a-w- c:\windows\system32\timedate.cpl
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"MJMYACT"="c:\users\Gloria\AppData\Roaming\msrle32E.dll" [2010-12-21 126464]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-12-08 3444736]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-13 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-13 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-13 133656]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-30 281768]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2004-11-03 32768]
"DivX Download Manager"="c:\program files\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-12-09 1226608]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]

c:\users\Gloria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-12-13 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-12-15 136176]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2007-09-20 73728]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-11-30 135336]
S3 IntcHdmiAddService;Intel® High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2007-03-26 111104]

.
Contents of the 'Scheduled Tasks' folder

2011-01-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-25 00:58]

2011-01-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-25 00:58]

2011-01-18 c:\windows\Tasks\User_Feed_Synchronization-{1BF4282A-1DF1-4D28-9F3C-530CCBCCC42C}.job
- c:\windows\system32\msfeedssync.exe [2010-12-18 07:33]
.
.
------- Supplementary Scan -------
.
FF - ProfilePath - c:\users\Gloria\AppData\Roaming\Mozilla\Firefox\Profiles\xysi31j1.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\DivX\DivX Plus Web Player\firefox\wpa
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - Ext: FoxTab: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a} - %profile%\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-EEventManager - c:\program files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
HKLM-Run-SigmatelSysTrayApp - %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe



**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\System32\WLTRYSVC.EXE
c:\windows\System32\bcmwltry.exe
c:\windows\system32\WLANExt.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\STacSV.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe
c:\windows\System32\rundll32.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2011-01-18 17:57:52 - machine was rebooted
ComboFix-quarantined-files.txt 2011-01-18 22:57

Pre-Run: 9,786,425,344 bytes free
Post-Run: 11,120,418,816 bytes free

- - End Of File - - 4396568F1FF69B61467576510D36245D

#4 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:09:07 AM

Posted 18 January 2011 - 09:33 PM

One question..

Do you use any remote control program or log on remotely to this computer?

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#5 Glo-Mus

Glo-Mus
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:07 PM

Posted 18 January 2011 - 11:07 PM

No we don't use any remote control program or anything else..Why ?

#6 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:09:07 AM

Posted 18 January 2011 - 11:32 PM

Erm.. maybe I was over-alert with something..


Please download Malwarebytes' Anti-Malware from HERE or HERE

Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.


How's the computer now? :)

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#7 Glo-Mus

Glo-Mus
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:07 PM

Posted 19 January 2011 - 01:58 AM

Hello fenzodahl512 ! :thumbsup:
Here is MBAM Full Scan Results:


Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 5551

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

1/19/2011 1:40:03 AM
mbam-log-2011-01-19 (01-40-03).txt

Scan type: Full scan (C:\|D:\|E:\|)
Objects scanned: 287297
Time elapsed: 1 hour(s), 27 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\H3O8CABBPI (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\JP595IR86O (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\NtWqIVLZEWZU (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MJMYACT (Trojan.Agent) -> Value: MJMYACT -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\Gloria\AppData\Roaming\msrle32E.dll (Trojan.Agent) -> Quarantined and deleted successfully.

#8 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:09:07 AM

Posted 19 January 2011 - 04:53 AM

Looks good, how's the computer now.. Still got the redirected issues? :)

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#9 Glo-Mus

Glo-Mus
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:07 PM

Posted 19 January 2011 - 01:24 PM

Hi fenzodahl512 ! :thumbup2:
Looks good !
I hope i will not experience same issues again !
MBAM did good cleaning !
Can i ENABLE CD emulation now ?

You didn't sleep all night ? Or you are not in US ?
Take care of yourself please, WE NEED YOU !!! And your teammates !
You do good job !
I don't know how can i thank you enough !!! :clapping:

Best wishes for 2011 !

#10 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:09:07 AM

Posted 19 January 2011 - 06:34 PM

Can i ENABLE CD emulation now ?


Yes, please do.. I'm in Malaysia., and right now is 7.35am in the morning.. :)

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#11 Glo-Mus

Glo-Mus
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:08:07 PM

Posted 19 January 2011 - 06:43 PM

I did...
6:39 PM here in North Carolina...
Still i would say "Good Morning !" to you...

Again, Thank you very much for your help !

Have a GREAT GREAT day !

*I will click that Link !*** :whistle:

#12 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:09:07 AM

Posted 19 January 2011 - 06:57 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users