Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I'm infected with the "savetubevideo" virus, please help!


  • This topic is locked This topic is locked
48 replies to this topic

#1 Atomisk

Atomisk

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:10:39 PM

Posted 01 February 2011 - 10:12 AM

Hello, i have recently noticed that most pages i go to shortly redirect to some hxxp://www.landing.savetubevideo.com/ page, and it does it almost instantly for some, and never for others, please help!(i cannot turn on my firewall, due to the way my network's set up.) (edit, forgot logs. ) (Oddly enough, my GMER copy won't let me check/uncheck anything other than services,registry and files.)



DDS (Ver_10-12-12.02) - NTFS_AMD64 NETWORK
Run by Connor at 10:26:01.25 on Tue 02/01/2011
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4094.2929 [GMT -5:00]

AV: Microsoft Security Essentials *Enabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}
AV: avast! Antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: Microsoft Security Essentials *Enabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}
SP: avast! Antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Connor\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.bing.com/?pc=ZUGO&form=ZGAPHP
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files

(x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files

(x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - C:\Program Files (x86)\Search

Toolbar\SearchToolbar.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program

Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: eSnipsBHO Class: {b530a9a4-1722-4d16-aad6-aa85e3ad2ade} - C:\Program Files (x86)\Logia

\eSnipsDownloader\eSnipsBHO.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com

\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files

(x86)\Java\jre6\bin\jp2ssv.dll
TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - C:\Program Files (x86)\Search

Toolbar\SearchToolbar.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com

\GenericAskToolbar.dll
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
uRun: [igndlm.exe] C:\Program Files (x86)\Download Manager\DLM.exe /windowsstart
uRun: [Google Update] "C:\Users\Connor\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
uRun: [SsAAD.exe] C:\PROGRA~2\Sony\SONICS~1\SsAAD.exe
uRun: [Steam] "C:\Games\Steam\steam.exe" -silent
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Razer Mamba Driver] C:\Program Files (x86)\Razer\Mamba\RazerTray.exe
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader

\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
mRun: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
StartupFolder: C:\Users\Connor\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup

\GAMERA~1.LNK - C:\Users\Connor\AppData\Roaming\GameRanger\GameRanger\GameRanger.exe
StartupFolder: C:\Users\Connor\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup

\MorphVOX.lnk - C:\Program Files (x86)\Screaming Bee\MorphVOX ProZ\MorphVOX.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NOSTRO~1.LNK - C:\Windows

\Installer\{548C7B77-8B04-427E-ACD0-

D0E6E6E59BCF}\NewShortcut2_548C7B778B04427EACD0D0E6E6E59BCF.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program

Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} -

hxxps://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.31.0.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22

-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22

-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22

-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} -

hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files

(x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype

\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live

\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program

Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
TB-X64: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
mRun-x64: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
mRun-x64: [SaiVolume] C:\Program Files\Saitek\CyborgKeyboard\SaiVolume.exe

================= FIREFOX ===================

FF - ProfilePath - C:\Users\Connor\AppData\Roaming\Mozilla\Firefox\Profiles\6h39eefz.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?

client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://www.veerboo.com/results.php?q=
FF - component: C:\Program Files (x86)\Logia\eSnipsDownloader\ext\components\eSnipsXPCOM.dll
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-

7303C7397BD1}\components\SkypeFfComponent.dll
FF - component: C:\Users\Connor\AppData\Roaming\Mozilla\Firefox\Profiles\6h39eefz.default

\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll
FF - plugin: C:\Program Files (x86)\BYOND\bin\npbyond.dll
FF - plugin: C:\Program Files (x86)\Download Manager\npfpdlm.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npUMediaPlayer5.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Win7codecs\rm\browser\plugins\nppl3260.dll
FF - plugin: C:\Program Files (x86)\Win7codecs\rm\browser\plugins\nprpjplug.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\id Software\QuakeLive\npquakezero.dll
FF - plugin: C:\Users\Connor\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Users\Connor\AppData\Roaming\Mozilla\Firefox\Profiles\6h39eefz.default

\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
FF - plugin: C:\Users\Connor\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Connor\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla

Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - C:\Program Files

(x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla

Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla

Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Add to Search Bar: add-to-searchbox@maltekraus.de - %profile%\extensions\add-to-

searchbox@maltekraus.de
FF - Ext: Battlefield Heroes Updater: battlefieldheroespatcher@ea.com - %profile%\extensions

\battlefieldheroespatcher@ea.com
FF - Ext: Xmarks: foxmarks@kei.com - %profile%\extensions\foxmarks@kei.com
FF - Ext: LastPass: support@lastpass.com - %profile%\extensions\support@lastpass.com
FF - Ext: Flashblock: {3d7eb24f-2740-49df-8937-200b1cc08f8a} - %profile%\extensions\{3d7eb24f-

2740-49df-8937-200b1cc08f8a}
FF - Ext: Gmail Notifier: {44d0a1b4-9c90-4f86-ac92-8680b5d6549e} - %profile%\extensions

\{44d0a1b4-9c90-4f86-ac92-8680b5d6549e}
FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-

595d-460b-a920-fcc0f8843232}
FF - Ext: Easy Youtube Video Downloader: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} - %profile%

\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-

f2ed-450b-b12d-ee082ba24781}
FF - Ext: FoxTab: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a} - %profile%\extensions\{ef4e370e-d9f0-

4e00-b93e-a4f274cfdd5a}
FF - Ext: FoxLingo: {ef62e1ce-d2a4-4cdd-b7ec-92b120366b66} - %profile%\extensions\{ef62e1ce-d2a4

-4cdd-b7ec-92b120366b66}
FF - Ext: Shaved Bieber: shaved-bieber@gleuch.com - %profile%\extensions\shaved-bieber@gleuch.com
FF - Ext: eSnips Downloader Extension: esnipsxpi@logia.esnips - C:\Program Files (x86)\Logia

\eSnipsDownloader\ext
FF - Ext: Search Results Optimizator: search@helper - C:\Users\Connor\AppData\Roaming\Mozilla

\Firefox\Profiles\6h39eefz.default\extensions\SearchHelper

============= SERVICES / DRIVERS ===============

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi

\hamachi-2.exe [2010-12-6 2101640]
R3 bcgame;Nostromo HID Device Minidriver;C:\Windows\System32\drivers\bcgame.sys [2010-10-23

35328]
R3 rt61x64;Linksys Wireless-G PCI Adapter Driver;C:\Windows\System32\drivers\WMP54Gv41x64.sys

[2007-3-12 362496]
R3 SaiK0728;SaiK0728;C:\Windows\System32\drivers\SaiK0728.sys [2008-1-21 129024]
S1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2011-1-19 273488]
S1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2009-

12-2 173984]
S1 TsVp;TsVp;C:\Windows\System32\drivers\tsvp.sys [2010-6-10 32872]
S2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2011-1-19 20560]
S2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2011-1-19 62032]
S2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-1

-19 40384]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows

\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows

\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA

Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-16 369256]
S2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe

[2011-1-10 2228008]
S3 CV2K1;CommView Network Monitor;C:\Windows\System32\drivers\cv2k1.sys [2010-4-1 21608]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\System32\drivers\MpNWMon.sys

[2009-12-2 40832]
S3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;C:\Windows\System32\drivers

\netr28x.sys [2009-6-10 620544]
S3 netr7364;RT73 USB Wireless LAN Card Driver for Vista;C:\Windows\System32\drivers\netr7364.sys

[2009-6-10 707072]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\System32\drivers\nvhda64v.sys

[2011-1-10 155752]
S3 PsSdk41;PsSdk41;C:\Windows\System32\drivers\pssdk41.sys [2010-12-18 51776]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-6-10 187392]
S3 ScreamBAudioSvc;ScreamBee Audio;C:\Windows\System32\drivers\ScreamingBAudio64.sys [2010-7-1

38992]
S3 TsVlb;TsVlb;C:\Windows\System32\drivers\tsvlb.sys [2009-10-17 22120]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-4-19 50688]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe

[2010-5-23 1255736]

=============== Created Last 30 ================

2011-02-01 14:26:16 -------- d-----w- C:\Users\Connor\AppData\Local\ManyCam
2011-02-01 14:26:06 -------- d-----w- C:\Users\Connor\AppData\Roaming\ManyCam
2011-02-01 14:25:45 -------- d-----w- C:\Program Files (x86)\Ask.com
2011-02-01 14:25:03 -------- d-----w- C:\Program Files (x86)\ManyCam
2011-02-01 14:19:21 7844688 ----a-w- C:\PROGRA~3\Microsoft\Microsoft Antimalware

\Definition Updates\{D4C4AD93-1D63-4622-83FB-41D6CFDF5E0D}\mpengine.dll
2011-01-31 21:25:42 -------- d-----w- C:\Program Files\Bulk Rename Utility
2011-01-30 19:35:20 -------- d-----w- C:\Program Files\Saitek
2011-01-30 03:55:28 -------- d-----w- C:\Windows

\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP
2011-01-30 01:17:27 -------- d-----w- C:\Users\Connor\AppData\Local

\HotheadGames
2011-01-29 20:07:12 -------- d-----w- C:\Daft Punk COMPLETE Discography
2011-01-29 15:44:34 -------- d-----w- C:\Unreal_226_Gold
2011-01-27 15:30:26 -------- d-----w- C:\Aliens vs Predator 2 + Primal Hunt

[PC-Game]
2011-01-21 14:40:04 -------- d-----w- C:\[AnimeGrowth.com] Full Metal Alchemist

- Winry
2011-01-21 01:22:15 -------- d-----w- C:\Program Files (x86)\Eltima Software
2011-01-21 01:08:31 -------- d-----w- C:\[AnimeGrowth.com] Final Fantasy - Tifa
2011-01-20 23:24:18 -------- d-----w- C:\Omniusstuff
2011-01-20 23:10:41 6656 ----a-r- C:\Users\Connor\AppData\Roaming\Microsoft

\Installer\{A44721BB-80BE-45A0-8679-F71E94400CAC}\IconA44721BB.exe
2011-01-20 23:10:41 5632 ----a-r- C:\Users\Connor\AppData\Roaming\Microsoft

\Installer\{A44721BB-80BE-45A0-8679-F71E94400CAC}\IconA44721BB1.exe
2011-01-20 23:10:40 -------- d-----w- C:\Program Files (x86)\UTCacheCleaner3
2011-01-19 22:17:18 62032 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2011-01-19 22:17:00 38848 ----a-w- C:\Windows\avastSS.scr
2011-01-19 22:16:55 -------- d-----w- C:\PROGRA~3\Alwil Software
2011-01-19 01:28:53 -------- d-----w- C:\UMODS
2011-01-19 01:28:45 -------- d-----w- C:\UMOS
2011-01-19 01:00:02 -------- d-----w- C:\Users\Connor\AppData\Roaming

\Malwarebytes
2011-01-19 00:59:56 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-01-19 00:59:56 -------- d-----w- C:\PROGRA~3\Malwarebytes
2011-01-19 00:59:53 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-01-19 00:59:52 -------- d-----w- C:\Program Files (x86)\Malwarebytes'

Anti-Malware
2011-01-19 00:47:05 -------- d-----w- C:\Program Files (x86)\ESET
2011-01-18 14:16:54 89360 ----a-w- C:\Windows\SysWow64\VB5DB.DLL
2011-01-18 14:11:57 5632 ----a-w- C:\Program Files (x86)\Common Files

\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe
2011-01-18 04:08:32 757760 ----a-w- C:\Program Files (x86)\Common Files

\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll
2011-01-18 04:08:32 69715 ----a-w- C:\Program Files (x86)\Common Files

\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll
2011-01-18 04:08:32 65024 ----a-w- C:\Program Files (x86)\Common Files

\InstallShield\Professional\RunTime\11\50\Intel32\ISBEW64.exe
2011-01-18 04:08:32 274432 ----a-w- C:\Program Files (x86)\Common Files

\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll
2011-01-18 04:08:32 204800 ----a-w- C:\Program Files (x86)\Common Files

\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll
2011-01-18 04:08:31 331908 ----a-w- C:\Program Files (x86)\Common Files

\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll
2011-01-18 04:08:31 200836 ----a-w- C:\Program Files (x86)\Common Files

\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll
2011-01-16 16:45:14 -------- d-----w- C:\rslightninggun-v11
2011-01-16 16:11:58 -------- d-----w- C:\Users\Connor\AppData\Roaming

\.minecraft
2011-01-14 21:38:15 -------- d-----w- C:\Users\Connor\AppData\Roaming\SLumpEd
2011-01-11 21:10:23 -------- d-----w- C:\Windows\en
2011-01-11 21:08:01 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live

\.cache\a132e1de1cbb1d306\DSETUP.dll
2011-01-11 21:08:01 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live

\.cache\a132e1de1cbb1d306\DXSETUP.exe
2011-01-11 21:08:01 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live

\.cache\a132e1de1cbb1d306\dsetup32.dll
2011-01-11 21:08:00 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live

\.cache\9fd1ed231cbb1d305\DSETUP.dll
2011-01-11 21:08:00 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live

\.cache\9fd1ed231cbb1d305\DXSETUP.exe
2011-01-11 21:08:00 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live

\.cache\9fd1ed231cbb1d305\dsetup32.dll
2011-01-11 21:07:40 -------- d-----w- C:\Users\Connor\AppData\Local\Windows

Live
2011-01-11 21:07:22 257024 ----a-w- C:\Windows\System32\mfreadwrite.dll
2011-01-11 21:07:22 206848 ----a-w- C:\Windows\System32\mfps.dll
2011-01-11 21:07:22 196608 ----a-w- C:\Windows\SysWow64\mfreadwrite.dll
2011-01-11 21:07:22 1888256 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2011-01-11 21:07:22 1619456 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2011-01-11 21:07:21 4068864 ----a-w- C:\Windows\System32\mf.dll
2011-01-11 21:07:21 3181568 ----a-w- C:\Windows\SysWow64\mf.dll
2011-01-11 21:04:39 720896 ----a-w- C:\Windows\System32\odbc32.dll
2011-01-11 21:04:39 573440 ----a-w- C:\Windows\SysWow64\odbc32.dll
2011-01-11 21:04:39 495616 ----a-w- C:\Program Files\Common Files\System\ado

\msadox.dll
2011-01-11 21:04:39 466944 ----a-w- C:\Program Files\Common Files\System\ado

\msadomd.dll
2011-01-11 21:04:39 258048 ----a-w- C:\Program Files\Common Files\System\msadc

\msadco.dll
2011-01-11 21:04:39 1425408 ----a-w- C:\Program Files\Common Files\System\ado

\msado15.dll
2011-01-11 21:04:38 987136 ----a-w- C:\Program Files (x86)\Common Files\System\ado

\msado15.dll
2011-01-11 21:04:38 372736 ----a-w- C:\Program Files (x86)\Common Files\System\ado

\msadox.dll
2011-01-11 21:04:38 352256 ----a-w- C:\Program Files (x86)\Common Files\System\ado

\msadomd.dll
2011-01-11 21:04:38 208896 ----a-w- C:\Program Files (x86)\Common Files\System\msadc

\msadco.dll
2011-01-11 20:31:52 -------- d-----w- C:\Users\Connor\AppData\Roaming\sc68
2011-01-11 20:30:27 -------- d-----w- C:\Vectorman
2011-01-11 02:22:28 -------- d-----w- C:\Program Files (x86)\TeamViewer
2011-01-10 19:17:05 -------- d-----w- C:\PROGRA~3\NVIDIA Corporation
2011-01-10 18:39:12 -------- d-----w- C:\Program Files

(x86)\SystemRequirementsLab
2011-01-10 18:19:21 -------- d-----w- C:\UnrealTournament
2011-01-10 18:19:07 -------- d-----w- C:\Users\Connor\AppData\Local\TSVNCache
2011-01-10 15:26:39 -------- d-----w- C:\Users\Connor\AppData\Roaming

\TortoiseSVN
2011-01-10 14:55:52 -------- d-----w- C:\Program Files\TortoiseSVN
2011-01-10 14:55:52 -------- d-----w- C:\Program Files\Common Files

\TortoiseOverlays
2011-01-09 02:18:07 -------- d-----w- C:\More Subtle Amputator Colors
2011-01-07 02:17:44 -------- d-----w- C:\Users\Connor\AppData\Roaming\Bioshock2
2011-01-06 15:10:39 -------- d-----w- C:\myradio
2011-01-05 18:48:44 -------- d-----w- C:\PTM

==================== Find3M ====================

2011-01-01 04:05:59 466456 ----a-w- C:\Windows\System32\wrap_oal.dll
2011-01-01 04:05:59 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2011-01-01 04:05:59 122904 ----a-w- C:\Windows\System32\OpenAL32.dll
2011-01-01 04:05:59 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2010-12-18 21:17:24 51776 ----a-w- C:\Windows\System32\drivers\pssdk41.sys
2010-12-17 02:11:41 286720 ----a-w- C:\Windows\iun507.exe
2010-12-03 23:36:27 249856 ------w- C:\Windows\Setup1.exe
2010-12-03 23:36:26 73216 ----a-w- C:\Windows\ST6UNST.EXE
2010-11-28 01:34:23 21840 ----atw- C:\Windows\SysWow64\SIntfNT.dll
2010-11-28 01:34:23 17212 ----atw- C:\Windows\SysWow64\SIntf32.dll
2010-11-28 01:34:23 12067 ----atw- C:\Windows\SysWow64\SIntf16.dll
2010-11-28 01:11:17 2829 ----a-w- C:\Windows\DIIUnin.pif
2010-11-28 01:11:16 94208 ----a-w- C:\Windows\DIIUnin.exe
2010-11-18 17:05:41 1594547 ----a-w- C:\Windows\WANEUninstaller.exe
2010-11-18 00:09:50 2892216 ----a-w- C:\desc14sw.exe
2010-11-04 06:35:53 1194496 ----a-w- C:\Windows\System32\wininet.dll
2010-11-04 06:31:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2010-11-04 05:52:17 978944 ----a-w- C:\Windows\SysWow64\wininet.dll
2010-11-04 05:48:36 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2010-11-04 05:16:14 482816 ----a-w- C:\Windows\System32\html.iec
2010-11-04 04:41:26 386048 ----a-w- C:\Windows\SysWow64\html.iec
2010-11-04 04:35:37 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2010-11-04 04:08:54 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2010-08-31 23:20:46 83456 ----a-w- C:\Program Files (x86)\register.exe
2010-08-31 23:20:46 339968 ----a-w- C:\Program Files (x86)\register.dat
2010-08-31 23:20:46 212992 ----a-w- C:\Program Files (x86)\wolapi.dll
2010-08-31 23:20:46 142336 ----a-w- C:\Program Files (x86)\patchw32.dll

============= FINISH: 10:27:28.83 ===============

VERY sorry for bumping, forgot to add the attach.txt.

EDIT: Posts merged ~BP

Attached Files


Edited by Orange Blossom, 01 February 2011 - 05:29 PM.
Deactivate link. ~ OB


BC AdBot (Login to Remove)

 


#2 rigacci

rigacci

    Fiorentino


  • Members
  • 2,604 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:39 PM

Posted 05 February 2011 - 07:47 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


Thanks.

DR

#3 Atomisk

Atomisk
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:10:39 PM

Posted 05 February 2011 - 09:18 AM

DDS (Ver_10-12-12.02) - NTFS_AMD64
Run by Connor at 9:12:02.19 on Sat 02/05/2011
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4094.1897 [GMT -5:00]

AV: Microsoft Security Essentials *Enabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}
AV: avast! Antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: Microsoft Security Essentials *Enabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}
SP: avast! Antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\SysWOW64\PnkBstrB.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Saitek\CyborgKeyboard\SaiVolume.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files (x86)\Download Manager\DLM.exe
C:\Users\Connor\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\Sony\SonicStage\SSAAD.exe
C:\Program Files (x86)\TeamViewer\Version6\TeamViewer.exe
C:\Program Files (x86)\Belkin\Nostromo\nost_LM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Razer\Mamba\RazerTray.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\TeamViewer\Version6\tv_w32.exe
C:\Program Files (x86)\TeamViewer\Version6\tv_x64.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\DllHost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Skype\Toolbars\Shared\SkypeNames2.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Users\Connor\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
C:\Users\Connor\Downloads\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.bing.com/?pc=ZUGO&form=ZGAPHP
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: eSnipsBHO Class: {b530a9a4-1722-4d16-aad6-aa85e3ad2ade} - C:\Program Files (x86)\Logia\eSnipsDownloader\eSnipsBHO.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
uRun: [igndlm.exe] C:\Program Files (x86)\Download Manager\DLM.exe /windowsstart
uRun: [Google Update] "C:\Users\Connor\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"
uRun: [SsAAD.exe] C:\PROGRA~2\Sony\SONICS~1\SsAAD.exe
uRun: [Steam] "C:\Games\Steam\steam.exe" -silent
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Razer Mamba Driver] C:\Program Files (x86)\Razer\Mamba\RazerTray.exe
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
mRun: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
StartupFolder: C:\Users\Connor\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\GAMERA~1.LNK - C:\Users\Connor\AppData\Roaming\GameRanger\GameRanger\GameRanger.exe
StartupFolder: C:\Users\Connor\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MorphVOX.lnk - C:\Program Files (x86)\Screaming Bee\MorphVOX ProZ\MorphVOX.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\NOSTRO~1.LNK - C:\Windows\Installer\{548C7B77-8B04-427E-ACD0-D0E6E6E59BCF}\NewShortcut2_548C7B778B04427EACD0D0E6E6E59BCF.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.31.0.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
TB-X64: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
mRun-x64: [SaiVolume] C:\Program Files\Saitek\CyborgKeyboard\SaiVolume.exe

================= FIREFOX ===================

FF - ProfilePath - C:\Users\Connor\AppData\Roaming\Mozilla\Firefox\Profiles\6h39eefz.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://www.veerboo.com/results.php?q=
FF - component: C:\Program Files (x86)\Logia\eSnipsDownloader\ext\components\eSnipsXPCOM.dll
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - component: C:\Users\Connor\AppData\Roaming\Mozilla\Firefox\Profiles\6h39eefz.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll
FF - plugin: C:\Program Files (x86)\BYOND\bin\npbyond.dll
FF - plugin: C:\Program Files (x86)\Download Manager\npfpdlm.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npUMediaPlayer5.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Win7codecs\rm\browser\plugins\nppl3260.dll
FF - plugin: C:\Program Files (x86)\Win7codecs\rm\browser\plugins\nprpjplug.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\id Software\QuakeLive\npquakezero.dll
FF - plugin: C:\Users\Connor\AppData\Local\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: C:\Users\Connor\AppData\Roaming\Mozilla\Firefox\Profiles\6h39eefz.default\extensions\battlefieldheroespatcher@ea.com\platform\WINNT_x86-msvc\plugins\npBFHUpdater.dll
FF - plugin: C:\Users\Connor\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Connor\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Add to Search Bar: add-to-searchbox@maltekraus.de - %profile%\extensions\add-to-searchbox@maltekraus.de
FF - Ext: Battlefield Heroes Updater: battlefieldheroespatcher@ea.com - %profile%\extensions\battlefieldheroespatcher@ea.com
FF - Ext: Xmarks: foxmarks@kei.com - %profile%\extensions\foxmarks@kei.com
FF - Ext: LastPass: support@lastpass.com - %profile%\extensions\support@lastpass.com
FF - Ext: Flashblock: {3d7eb24f-2740-49df-8937-200b1cc08f8a} - %profile%\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
FF - Ext: Gmail Notifier: {44d0a1b4-9c90-4f86-ac92-8680b5d6549e} - %profile%\extensions\{44d0a1b4-9c90-4f86-ac92-8680b5d6549e}
FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
FF - Ext: Easy Youtube Video Downloader: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} - %profile%\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: FoxTab: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a} - %profile%\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
FF - Ext: FoxLingo: {ef62e1ce-d2a4-4cdd-b7ec-92b120366b66} - %profile%\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}
FF - Ext: Shaved Bieber: shaved-bieber@gleuch.com - %profile%\extensions\shaved-bieber@gleuch.com
FF - Ext: eSnips Downloader Extension: esnipsxpi@logia.esnips - C:\Program Files (x86)\Logia\eSnipsDownloader\ext
FF - Ext: Search Results Optimizator: search@helper - C:\Users\Connor\AppData\Roaming\Mozilla\Firefox\Profiles\6h39eefz.default\extensions\SearchHelper

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2011-1-19 273488]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2009-12-2 173984]
R1 TsVp;TsVp;C:\Windows\System32\drivers\tsvp.sys [2010-6-10 32872]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2011-1-19 20560]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2011-1-19 62032]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-1-19 40384]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2010-12-6 2101640]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-16 369256]
R2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-1-10 2228008]
R3 bcgame;Nostromo HID Device Minidriver;C:\Windows\System32\drivers\bcgame.sys [2010-10-23 35328]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\System32\drivers\nvhda64v.sys [2011-1-10 155752]
R3 rt61x64;Linksys Wireless-G PCI Adapter Driver;C:\Windows\System32\drivers\WMP54Gv41x64.sys [2007-3-12 362496]
R3 SaiK0728;SaiK0728;C:\Windows\System32\drivers\SaiK0728.sys [2008-1-21 129024]
R3 ScreamBAudioSvc;ScreamBee Audio;C:\Windows\System32\drivers\ScreamingBAudio64.sys [2010-7-1 38992]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 CV2K1;CommView Network Monitor;C:\Windows\System32\drivers\cv2k1.sys [2010-4-1 21608]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\System32\drivers\MpNWMon.sys [2009-12-2 40832]
S3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;C:\Windows\System32\drivers\netr28x.sys [2009-6-10 620544]
S3 netr7364;RT73 USB Wireless LAN Card Driver for Vista;C:\Windows\System32\drivers\netr7364.sys [2009-6-10 707072]
S3 PsSdk41;PsSdk41;C:\Windows\System32\drivers\pssdk41.sys [2010-12-18 51776]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-6-10 187392]
S3 TsVlb;TsVlb;C:\Windows\System32\drivers\tsvlb.sys [2009-10-17 22120]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-4-19 50688]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-5-23 1255736]

=============== Created Last 30 ================

2011-02-04 15:53:01 -------- d-----w- C:\golddeagle
2011-02-04 15:19:07 7844688 ----a-w- C:\PROGRA~3\Microsoft\Microsoft Antimalware\Definition Updates\{B2EFE9FC-3A7C-4B5A-A129-B340712AC0E9}\mpengine.dll
2011-02-03 21:26:07 -------- d-----w- C:\Vuvuzelagroove
2011-02-03 00:45:25 -------- d-----w- C:\bf2_buggy
2011-02-02 20:34:23 -------- d-----w- C:\Black hole
2011-02-02 15:51:55 -------- d-----w- C:\Gods_Little_Finger_V2
2011-02-02 14:46:30 -------- d-----w- C:\QuantumStorageDevice
2011-02-02 14:45:52 -------- d---a-w- C:\TimeGrenade
2011-02-01 22:52:29 -------- d-----w- C:\svntest
2011-02-01 19:22:41 -------- d-----w- C:\Drunken_combine_disabler
2011-02-01 14:26:16 -------- d-----w- C:\Users\Connor\AppData\Local\ManyCam
2011-02-01 14:26:06 -------- d-----w- C:\Users\Connor\AppData\Roaming\ManyCam
2011-02-01 14:25:45 -------- d-----w- C:\Program Files (x86)\Ask.com
2011-02-01 14:25:03 -------- d-----w- C:\Program Files (x86)\ManyCam
2011-01-31 21:25:42 -------- d-----w- C:\Program Files\Bulk Rename Utility
2011-01-30 19:35:20 -------- d-----w- C:\Program Files\Saitek
2011-01-30 03:55:28 -------- d-----w- C:\Windows\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP
2011-01-30 01:17:27 -------- d-----w- C:\Users\Connor\AppData\Local\HotheadGames
2011-01-29 20:07:12 -------- d-----w- C:\Daft Punk COMPLETE Discography
2011-01-29 15:44:34 -------- d-----w- C:\Unreal_226_Gold
2011-01-27 15:30:26 -------- d-----w- C:\Aliens vs Predator 2 + Primal Hunt [PC-Game]
2011-01-21 14:40:04 -------- d-----w- C:\[AnimeGrowth.com] Full Metal Alchemist - Winry
2011-01-21 01:22:15 -------- d-----w- C:\Program Files (x86)\Eltima Software
2011-01-21 01:08:31 -------- d-----w- C:\[AnimeGrowth.com] Final Fantasy - Tifa
2011-01-20 23:24:18 -------- d-----w- C:\Omniusstuff
2011-01-20 23:10:41 6656 ----a-r- C:\Users\Connor\AppData\Roaming\Microsoft\Installer\{A44721BB-80BE-45A0-8679-F71E94400CAC}\IconA44721BB.exe
2011-01-20 23:10:41 5632 ----a-r- C:\Users\Connor\AppData\Roaming\Microsoft\Installer\{A44721BB-80BE-45A0-8679-F71E94400CAC}\IconA44721BB1.exe
2011-01-20 23:10:40 -------- d-----w- C:\Program Files (x86)\UTCacheCleaner3
2011-01-19 22:17:18 62032 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2011-01-19 22:17:00 38848 ----a-w- C:\Windows\avastSS.scr
2011-01-19 22:16:55 -------- d-----w- C:\PROGRA~3\Alwil Software
2011-01-19 01:28:53 -------- d-----w- C:\UMODS
2011-01-19 01:28:45 -------- d-----w- C:\UMOS
2011-01-19 01:00:02 -------- d-----w- C:\Users\Connor\AppData\Roaming\Malwarebytes
2011-01-19 00:59:56 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-01-19 00:59:56 -------- d-----w- C:\PROGRA~3\Malwarebytes
2011-01-19 00:59:53 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-01-19 00:59:52 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-01-19 00:47:05 -------- d-----w- C:\Program Files (x86)\ESET
2011-01-18 14:16:54 89360 ----a-w- C:\Windows\SysWow64\VB5DB.DLL
2011-01-18 14:11:57 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe
2011-01-18 04:08:32 757760 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll
2011-01-18 04:08:32 69715 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll
2011-01-18 04:08:32 65024 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ISBEW64.exe
2011-01-18 04:08:32 274432 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll
2011-01-18 04:08:32 204800 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll
2011-01-18 04:08:31 331908 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll
2011-01-18 04:08:31 200836 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll
2011-01-16 16:45:14 -------- d-----w- C:\rslightninggun-v11
2011-01-16 16:11:58 -------- d-----w- C:\Users\Connor\AppData\Roaming\.minecraft
2011-01-14 21:38:15 -------- d-----w- C:\Users\Connor\AppData\Roaming\SLumpEd
2011-01-11 21:10:23 -------- d-----w- C:\Windows\en
2011-01-11 21:08:01 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\a132e1de1cbb1d306\DSETUP.dll
2011-01-11 21:08:01 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\a132e1de1cbb1d306\DXSETUP.exe
2011-01-11 21:08:01 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\a132e1de1cbb1d306\dsetup32.dll
2011-01-11 21:08:00 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\9fd1ed231cbb1d305\DSETUP.dll
2011-01-11 21:08:00 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\9fd1ed231cbb1d305\DXSETUP.exe
2011-01-11 21:08:00 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\9fd1ed231cbb1d305\dsetup32.dll
2011-01-11 21:07:40 -------- d-----w- C:\Users\Connor\AppData\Local\Windows Live
2011-01-11 21:07:22 257024 ----a-w- C:\Windows\System32\mfreadwrite.dll
2011-01-11 21:07:22 206848 ----a-w- C:\Windows\System32\mfps.dll
2011-01-11 21:07:22 196608 ----a-w- C:\Windows\SysWow64\mfreadwrite.dll
2011-01-11 21:07:22 1888256 ----a-w- C:\Windows\System32\WMVDECOD.DLL
2011-01-11 21:07:22 1619456 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL
2011-01-11 21:07:21 4068864 ----a-w- C:\Windows\System32\mf.dll
2011-01-11 21:07:21 3181568 ----a-w- C:\Windows\SysWow64\mf.dll
2011-01-11 21:04:39 720896 ----a-w- C:\Windows\System32\odbc32.dll
2011-01-11 21:04:39 573440 ----a-w- C:\Windows\SysWow64\odbc32.dll
2011-01-11 21:04:39 495616 ----a-w- C:\Program Files\Common Files\System\ado\msadox.dll
2011-01-11 21:04:39 466944 ----a-w- C:\Program Files\Common Files\System\ado\msadomd.dll
2011-01-11 21:04:39 258048 ----a-w- C:\Program Files\Common Files\System\msadc\msadco.dll
2011-01-11 21:04:39 1425408 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll
2011-01-11 21:04:38 987136 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll
2011-01-11 21:04:38 372736 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadox.dll
2011-01-11 21:04:38 352256 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadomd.dll
2011-01-11 21:04:38 208896 ----a-w- C:\Program Files (x86)\Common Files\System\msadc\msadco.dll
2011-01-11 20:31:52 -------- d-----w- C:\Users\Connor\AppData\Roaming\sc68
2011-01-11 20:30:27 -------- d-----w- C:\Vectorman
2011-01-11 02:22:28 -------- d-----w- C:\Program Files (x86)\TeamViewer
2011-01-10 19:17:05 -------- d-----w- C:\PROGRA~3\NVIDIA Corporation
2011-01-10 18:39:12 -------- d-----w- C:\Program Files (x86)\SystemRequirementsLab
2011-01-10 18:19:21 -------- d-----w- C:\UnrealTournament
2011-01-10 18:19:07 -------- d-----w- C:\Users\Connor\AppData\Local\TSVNCache
2011-01-10 15:26:39 -------- d-----w- C:\Users\Connor\AppData\Roaming\TortoiseSVN
2011-01-10 14:55:52 -------- d-----w- C:\Program Files\TortoiseSVN
2011-01-10 14:55:52 -------- d-----w- C:\Program Files\Common Files\TortoiseOverlays
2011-01-09 02:18:07 -------- d-----w- C:\More Subtle Amputator Colors
2011-01-07 02:17:44 -------- d-----w- C:\Users\Connor\AppData\Roaming\Bioshock2
2011-01-06 15:10:39 -------- d-----w- C:\myradio

==================== Find3M ====================

2011-01-01 04:05:59 466456 ----a-w- C:\Windows\System32\wrap_oal.dll
2011-01-01 04:05:59 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2011-01-01 04:05:59 122904 ----a-w- C:\Windows\System32\OpenAL32.dll
2011-01-01 04:05:59 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2010-12-18 21:17:24 51776 ----a-w- C:\Windows\System32\drivers\pssdk41.sys
2010-12-17 02:11:41 286720 ----a-w- C:\Windows\iun507.exe
2010-12-03 23:36:27 249856 ------w- C:\Windows\Setup1.exe
2010-12-03 23:36:26 73216 ----a-w- C:\Windows\ST6UNST.EXE
2010-11-28 01:34:23 21840 ----atw- C:\Windows\SysWow64\SIntfNT.dll
2010-11-28 01:34:23 17212 ----atw- C:\Windows\SysWow64\SIntf32.dll
2010-11-28 01:34:23 12067 ----atw- C:\Windows\SysWow64\SIntf16.dll
2010-11-28 01:11:17 2829 ----a-w- C:\Windows\DIIUnin.pif
2010-11-28 01:11:16 94208 ----a-w- C:\Windows\DIIUnin.exe
2010-11-18 17:05:41 1594547 ----a-w- C:\Windows\WANEUninstaller.exe
2010-11-18 00:09:50 2892216 ----a-w- C:\desc14sw.exe
2010-08-31 23:20:46 83456 ----a-w- C:\Program Files (x86)\register.exe
2010-08-31 23:20:46 339968 ----a-w- C:\Program Files (x86)\register.dat
2010-08-31 23:20:46 212992 ----a-w- C:\Program Files (x86)\wolapi.dll
2010-08-31 23:20:46 142336 ----a-w- C:\Program Files (x86)\patchw32.dll

============= FINISH: 9:12:45.24 ===============
A good brief description would be, it's a search hijacker, and it randomly sends me to this page: landing.savetubevideo.com mostly when i search.
As stated earlier, i can not check ANYTHING in my gmer copy, and i got it from here. all the boxes aside from services,registry, and files are greyed out.
I also believe i possibly got this from my old ipod touch i haven't used for at least a year, when i connected it the other day.

Edited by Atomisk, 05 February 2011 - 09:22 AM.


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:39 PM

Posted 06 February 2011 - 03:07 AM

Hello

My name is gringo and I will be Helping you from this point forward

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes unless I tell you so.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.

If you have not done so please Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

Here is the first thing I would like you to do.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Atomisk

Atomisk
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:10:39 PM

Posted 06 February 2011 - 09:43 AM

ComboFix 11-02-05.01 - Connor 02/06/2011 9:23.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.4094.2033 [GMT -5:00]
Running from: c:\users\Connor\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
AV: Microsoft Security Essentials *Disabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Microsoft Security Essentials *Disabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Install.exe
c:\program files (x86)\Search Toolbar
c:\program files (x86)\Search Toolbar\icon.ico
c:\program files (x86)\Search Toolbar\SearchToolbar.dll
c:\program files (x86)\Search Toolbar\SearchToolbarUninstall.exe
c:\program files (x86)\Search Toolbar\SearchToolbarUpdater.exe
c:\users\Connor\Documents\SYS

.
((((((((((((((((((((((((( Files Created from 2011-01-06 to 2011-02-06 )))))))))))))))))))))))))))))))
.

2011-02-06 14:31 . 2011-02-06 14:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-02-05 17:50 . 2011-02-05 17:50 -------- d-----w- C:\Player possessor
2011-02-05 15:20 . 2011-02-05 20:11 -------- d-----w- C:\The Jackle
2011-02-05 14:49 . 2011-01-13 10:20 7844688 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2296E0E3-29AD-4EDF-A8E7-90115707DC38}\mpengine.dll
2011-02-04 15:53 . 2011-02-04 15:53 -------- d-----w- C:\golddeagle
2011-02-03 21:26 . 2011-02-03 21:26 -------- d-----w- C:\Vuvuzelagroove
2011-02-03 00:45 . 2011-02-03 00:45 -------- d-----w- C:\bf2_buggy
2011-02-02 20:34 . 2011-02-02 20:34 -------- d-----w- C:\Black hole
2011-02-02 15:51 . 2008-08-07 22:07 -------- d-----w- C:\Gods_Little_Finger_V2
2011-02-02 14:46 . 2008-07-25 00:26 -------- d-----w- C:\QuantumStorageDevice
2011-02-02 14:45 . 2009-02-28 22:55 -------- d---a-w- C:\TimeGrenade
2011-02-01 22:52 . 2011-02-01 22:52 -------- d-----w- C:\svntest
2011-02-01 19:22 . 2011-02-01 19:24 -------- d-----w- C:\Drunken_combine_disabler
2011-02-01 14:26 . 2011-02-01 15:34 -------- d-----w- c:\users\Connor\AppData\Local\ManyCam
2011-02-01 14:26 . 2011-02-01 14:26 -------- d-----w- c:\users\Connor\AppData\Roaming\ManyCam
2011-02-01 14:25 . 2011-02-01 14:25 -------- d-----w- c:\program files (x86)\Ask.com
2011-02-01 14:25 . 2011-02-01 14:26 -------- d-----w- c:\program files (x86)\ManyCam
2011-01-31 21:25 . 2011-01-31 21:25 -------- d-----w- c:\program files\Bulk Rename Utility
2011-01-30 19:35 . 2011-01-30 19:35 -------- d-----w- c:\program files\Saitek
2011-01-30 03:55 . 2011-01-30 03:55 -------- d-----w- c:\windows\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP
2011-01-30 01:17 . 2011-01-31 23:25 -------- d-----w- c:\users\Connor\AppData\Local\HotheadGames
2011-01-29 20:07 . 2011-01-31 16:27 -------- d-----w- C:\Daft Punk COMPLETE Discography
2011-01-29 15:44 . 2011-01-29 15:45 -------- d-----w- C:\Unreal_226_Gold
2011-01-27 15:30 . 2011-01-28 00:12 -------- d-----w- C:\Aliens vs Predator 2 + Primal Hunt [PC-Game]
2011-01-21 14:40 . 2011-01-21 14:40 -------- d-----w- C:\[AnimeGrowth.com] Full Metal Alchemist - Winry
2011-01-21 01:22 . 2011-01-21 01:22 -------- d-----w- c:\users\Connor\AppData\Roaming\Eltima Software
2011-01-21 01:22 . 2011-01-21 01:22 -------- d-----w- c:\program files (x86)\Eltima Software
2011-01-21 01:08 . 2011-01-21 01:08 -------- d-----w- C:\[AnimeGrowth.com] Final Fantasy - Tifa
2011-01-20 23:24 . 2011-01-20 23:27 -------- d-----w- C:\Omniusstuff
2011-01-20 23:10 . 2011-01-20 23:10 6656 ----a-r- c:\users\Connor\AppData\Roaming\Microsoft\Installer\{A44721BB-80BE-45A0-8679-F71E94400CAC}\IconA44721BB.exe
2011-01-20 23:10 . 2011-01-20 23:10 5632 ----a-r- c:\users\Connor\AppData\Roaming\Microsoft\Installer\{A44721BB-80BE-45A0-8679-F71E94400CAC}\IconA44721BB1.exe
2011-01-20 23:10 . 2011-01-20 23:10 -------- d-----w- c:\program files (x86)\UTCacheCleaner3
2011-01-19 22:17 . 2011-01-13 08:41 273488 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-01-19 22:17 . 2011-01-13 08:37 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-01-19 22:17 . 2011-01-13 08:37 29264 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-01-19 22:17 . 2011-01-13 08:40 51792 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-01-19 22:17 . 2011-01-13 08:47 237168 ----a-w- c:\windows\system32\aswBoot.exe
2011-01-19 22:17 . 2011-01-13 08:37 62032 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-01-19 22:17 . 2011-01-13 08:47 38848 ----a-w- c:\windows\avastSS.scr
2011-01-19 22:16 . 2011-01-13 08:47 188216 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-01-19 22:16 . 2011-01-19 22:16 -------- d-----w- c:\programdata\Alwil Software
2011-01-19 22:16 . 2011-01-19 22:16 -------- d-----w- c:\program files\Alwil Software
2011-01-19 01:28 . 2011-01-19 01:47 -------- d-----w- C:\UMODS
2011-01-19 01:28 . 2011-01-19 01:28 -------- d-----w- C:\UMOS
2011-01-19 01:00 . 2011-01-19 01:00 -------- d-----w- c:\users\Connor\AppData\Roaming\Malwarebytes
2011-01-19 00:59 . 2011-01-19 00:59 -------- d-----w- c:\programdata\Malwarebytes
2011-01-19 00:59 . 2010-12-20 23:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-01-19 00:59 . 2010-12-20 23:08 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-01-19 00:59 . 2011-01-19 00:59 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-01-19 00:47 . 2011-01-19 00:47 -------- d-----w- c:\program files (x86)\ESET
2011-01-18 14:16 . 2005-11-14 03:40 89360 ----a-w- c:\windows\SysWow64\VB5DB.DLL
2011-01-18 14:11 . 2005-11-14 04:19 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\DotNetInstaller.exe
2011-01-18 04:08 . 2006-02-07 20:45 757760 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iKernel.dll
2011-01-18 04:08 . 2006-02-07 20:44 65024 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ISBEW64.exe
2011-01-18 04:08 . 2006-02-07 20:40 204800 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iuser.dll
2011-01-18 04:08 . 2006-02-07 20:40 69715 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\ctor.dll
2011-01-18 04:08 . 2006-02-07 20:40 274432 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iscript.dll
2011-01-18 04:08 . 2011-01-18 04:08 331908 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\setup.dll
2011-01-18 04:08 . 2011-01-18 04:08 200836 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\50\Intel32\iGdi.dll
2011-01-16 16:45 . 2011-01-16 16:45 -------- d-----w- C:\rslightninggun-v11
2011-01-16 16:11 . 2011-01-16 16:29 -------- d-----w- c:\users\Connor\AppData\Roaming\.minecraft
2011-01-14 21:38 . 2011-01-14 21:38 -------- d-----w- c:\users\Connor\AppData\Roaming\SLumpEd
2011-01-11 21:10 . 2011-01-11 21:10 -------- d-----w- c:\windows\en
2011-01-11 21:08 . 2011-01-11 21:08 525656 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\a132e1de1cbb1d306\DXSETUP.exe
2011-01-11 21:08 . 2011-01-11 21:08 94040 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\a132e1de1cbb1d306\DSETUP.dll
2011-01-11 21:08 . 2011-01-11 21:08 1691480 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\a132e1de1cbb1d306\dsetup32.dll
2011-01-11 21:08 . 2011-01-11 21:08 94040 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\9fd1ed231cbb1d305\DSETUP.dll
2011-01-11 21:08 . 2011-01-11 21:08 525656 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\9fd1ed231cbb1d305\DXSETUP.exe
2011-01-11 21:08 . 2011-01-11 21:08 1691480 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\9fd1ed231cbb1d305\dsetup32.dll
2011-01-11 21:07 . 2011-01-18 19:54 -------- d-----w- c:\users\Connor\AppData\Local\Windows Live
2011-01-11 21:07 . 2010-05-23 10:15 1619456 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2011-01-11 21:07 . 2010-05-23 10:11 196608 ----a-w- c:\windows\SysWow64\mfreadwrite.dll
2011-01-11 21:07 . 2010-05-23 08:37 1888256 ----a-w- c:\windows\system32\WMVDECOD.DLL
2011-01-11 21:07 . 2010-05-23 08:35 257024 ----a-w- c:\windows\system32\mfreadwrite.dll
2011-01-11 21:07 . 2010-05-23 08:35 206848 ----a-w- c:\windows\system32\mfps.dll
2011-01-11 21:07 . 2010-05-23 10:11 3181568 ----a-w- c:\windows\SysWow64\mf.dll
2011-01-11 21:07 . 2010-05-23 08:35 4068864 ----a-w- c:\windows\system32\mf.dll
2011-01-11 21:04 . 2010-10-16 05:17 720896 ----a-w- c:\windows\system32\odbc32.dll
2011-01-11 21:04 . 2010-10-16 05:16 495616 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2011-01-11 21:04 . 2010-10-16 05:16 466944 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2011-01-11 21:04 . 2010-10-16 05:16 1425408 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2011-01-11 21:04 . 2010-10-16 05:16 258048 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2011-01-11 21:04 . 2010-10-16 04:34 573440 ----a-w- c:\windows\SysWow64\odbc32.dll
2011-01-11 21:04 . 2010-10-16 04:33 372736 ----a-w- c:\program files (x86)\Common Files\System\ado\msadox.dll
2011-01-11 21:04 . 2010-10-16 04:33 352256 ----a-w- c:\program files (x86)\Common Files\System\ado\msadomd.dll
2011-01-11 21:04 . 2010-10-16 04:33 987136 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll
2011-01-11 21:04 . 2010-10-16 04:33 208896 ----a-w- c:\program files (x86)\Common Files\System\msadc\msadco.dll
2011-01-11 20:31 . 2011-01-11 20:34 -------- d-----w- c:\users\Connor\AppData\Roaming\sc68
2011-01-11 20:30 . 2006-11-14 20:58 -------- d-----w- C:\Vectorman
2011-01-11 02:22 . 2011-01-11 02:22 -------- d-----w- c:\program files (x86)\TeamViewer
2011-01-10 19:17 . 2011-01-10 19:17 -------- d-----w- c:\programdata\NVIDIA Corporation
2011-01-10 18:39 . 2011-01-10 18:40 -------- d-----w- c:\program files (x86)\SystemRequirementsLab
2011-01-10 18:39 . 2011-01-10 18:39 -------- d-----w- c:\users\Connor\AppData\Roaming\SystemRequirementsLab
2011-01-10 18:19 . 2011-01-10 18:19 -------- d-----w- C:\UnrealTournament
2011-01-10 18:19 . 2011-02-06 00:28 -------- d-----w- c:\users\Connor\AppData\Local\TSVNCache
2011-01-10 15:26 . 2011-01-10 15:26 -------- d-----w- c:\users\Connor\AppData\Roaming\TortoiseSVN
2011-01-10 14:55 . 2011-01-10 14:55 -------- d-----w- c:\program files\TortoiseSVN
2011-01-10 14:55 . 2011-01-10 14:55 -------- d-----w- c:\program files\Common Files\TortoiseOverlays
2011-01-09 02:18 . 2011-01-09 03:35 -------- d-----w- C:\More Subtle Amputator Colors

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-02 20:36 . 2011-02-02 20:34 4163 ----a-w- C:\black_hole.zip
2011-02-02 15:51 . 2011-02-02 15:52 569780 ----a-w- C:\gods_little_finger_v2.zip
2011-02-02 03:16 . 2011-02-02 03:07 16545450 ----a-w- C:\combine_mech(2).zip
2011-02-01 23:04 . 2011-02-01 23:03 311928 ----a-w- C:\nuke_pack_4.zip
2011-01-13 10:20 . 2010-05-23 21:41 7844688 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-01-11 21:08 . 2009-08-18 16:24 17816 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-01-01 04:05 . 2010-06-12 00:29 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2011-01-01 04:05 . 2010-06-12 00:29 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2011-01-01 04:05 . 2010-06-12 00:29 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2011-01-01 04:05 . 2010-06-12 00:29 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2010-12-18 21:17 . 2010-12-18 21:17 51776 ----a-w- c:\windows\system32\drivers\pssdk41.sys
2010-12-18 21:10 . 2010-12-18 21:10 2469888 ----a-r- c:\users\Connor\AppData\Roaming\Microsoft\Installer\{2773B836-AC66-4178-A414-C5A0F9F5D805}\kaiEngine.exe
2010-12-17 02:11 . 2010-12-17 02:11 286720 ----a-w- c:\windows\iun507.exe
2010-12-03 23:36 . 2010-12-03 23:36 249856 ------w- c:\windows\Setup1.exe
2010-12-03 23:36 . 2010-12-03 23:36 73216 ----a-w- c:\windows\ST6UNST.EXE
2010-11-28 01:34 . 2010-11-28 01:30 21840 ----atw- c:\windows\SysWow64\SIntfNT.dll
2010-11-28 01:34 . 2010-11-28 01:30 17212 ----atw- c:\windows\SysWow64\SIntf32.dll
2010-11-28 01:34 . 2010-11-28 01:30 12067 ----atw- c:\windows\SysWow64\SIntf16.dll
2010-11-28 01:11 . 2010-11-28 01:11 2829 ----a-w- c:\windows\DIIUnin.pif
2010-11-28 01:11 . 2010-11-28 01:11 94208 ----a-w- c:\windows\DIIUnin.exe
2010-11-18 17:05 . 2010-11-18 17:05 1594547 ----a-w- c:\windows\WANEUninstaller.exe
2010-11-18 00:09 . 2010-11-18 00:09 2892216 ----a-w- C:\desc14sw.exe
2010-11-15 02:06 . 2010-11-15 02:06 8702 ----a-w- C:\drunkenmaster.zip
2010-11-15 01:56 . 2010-11-15 01:56 96845 ----a-w- C:\tacticularity_nuke.zip
2010-08-31 23:20 . 2010-08-31 23:20 83456 ----a-w- c:\program files (x86)\register.exe
2010-08-31 23:20 . 2010-08-31 23:20 339968 ----a-w- c:\program files (x86)\register.dat
2010-08-31 23:20 . 2010-08-31 23:20 142336 ----a-w- c:\program files (x86)\patchw32.dll
2010-08-31 23:20 . 2010-08-31 23:20 212992 ----a-w- c:\program files (x86)\wolapi.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-01-20 22:59 1487240 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2011-01-20 1487240]

[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2010-05-13 26192168]
"igndlm.exe"="c:\program files (x86)\Download Manager\DLM.exe" [2009-10-27 1103216]
"Google Update"="c:\users\Connor\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-08-26 136176]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2011-01-17 395640]
"SsAAD.exe"="c:\progra~2\Sony\SONICS~1\SsAAD.exe" [2006-11-02 472632]
"Steam"="c:\games\Steam\steam.exe" [2010-12-21 1242448]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"AlcoholAutomount"="c:\program files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2009-11-15 33120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-03-18 421888]
"Razer Mamba Driver"="c:\program files (x86)\Razer\Mamba\RazerTray.exe" [2009-10-30 3278664]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2010-06-15 141624]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2010-12-06 1910152]

c:\users\Connor\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
GameRanger.lnk - c:\users\Connor\AppData\Roaming\GameRanger\GameRanger\GameRanger.exe [2010-11-23 1257184]
MorphVOX.lnk - c:\program files (x86)\Screaming Bee\MorphVOX ProZ\MorphVOX.exe [N/A]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Nostromo Loadout Manager.lnk - c:\windows\Installer\{548C7B77-8B04-427E-ACD0-D0E6E6E59BCF}\NewShortcut2_548C7B778B04427EACD0D0E6E6E59BCF.exe [2010-10-23 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /p \??\E:\0autocheck autochk *

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2010-12-06 2101640]
R3 CV2K1;CommView Network Monitor;c:\windows\system32\DRIVERS\cv2k1.sys [2010-04-01 21608]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-26 40832]
R3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28x.sys [2009-06-10 620544]
R3 netr7364;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr7364.sys [2009-06-10 707072]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35344]
R3 PsSdk41;PsSdk41;c:\windows\system32\Drivers\pssdk41.sys [2010-12-18 51776]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
R3 TsVlb;TsVlb;c:\windows\system32\DRIVERS\tsvlb.sys [2010-04-21 22120]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2010-04-20 50688]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-21 1255736]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-05-24 834544]
S1 aswSP;aswSP; [x]
S1 TsVp;TsVp;c:\windows\system32\DRIVERS\tsvp.sys [2010-06-15 32872]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2011-01-13 62032]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-16 369256]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2010-12-07 2228008]
S3 bcgame;Nostromo HID Device Minidriver;c:\windows\system32\drivers\bcgame.sys [2007-08-14 35328]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2010-09-07 155752]
S3 rt61x64;Linksys Wireless-G PCI Adapter Driver;c:\windows\system32\DRIVERS\WMP54Gv41x64.sys [2007-03-12 362496]
S3 SaiK0728;SaiK0728;c:\windows\system32\DRIVERS\SaiK0728.sys [2008-01-21 129024]
S3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys [2010-07-01 38992]

.
Contents of the 'Scheduled Tasks' folder

2010-10-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2472834592-1909951792-2996553088-1000Core.job
- c:\users\Connor\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-26 01:54]

2010-10-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2472834592-1909951792-2996553088-1000UA.job
- c:\users\Connor\AppData\Local\Google\Update\GoogleUpdate.exe [2010-08-26 01:54]
.

--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 13:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-09-15 1448568]
"SaiVolume"="c:\program files\Saitek\CyborgKeyboard\SaiVolume.exe" [2008-01-18 186880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.bing.com/?pc=ZUGO&form=ZGAPHP
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
FF - ProfilePath - c:\users\Connor\AppData\Roaming\Mozilla\Firefox\Profiles\6h39eefz.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://www.veerboo.com/results.php?q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Add to Search Bar: add-to-searchbox@maltekraus.de - %profile%\extensions\add-to-searchbox@maltekraus.de
FF - Ext: Battlefield Heroes Updater: battlefieldheroespatcher@ea.com - %profile%\extensions\battlefieldheroespatcher@ea.com
FF - Ext: Xmarks: foxmarks@kei.com - %profile%\extensions\foxmarks@kei.com
FF - Ext: LastPass: support@lastpass.com - %profile%\extensions\support@lastpass.com
FF - Ext: Flashblock: {3d7eb24f-2740-49df-8937-200b1cc08f8a} - %profile%\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
FF - Ext: Gmail Notifier: {44d0a1b4-9c90-4f86-ac92-8680b5d6549e} - %profile%\extensions\{44d0a1b4-9c90-4f86-ac92-8680b5d6549e}
FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
FF - Ext: Easy Youtube Video Downloader: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b} - %profile%\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: FoxTab: {ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a} - %profile%\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}
FF - Ext: FoxLingo: {ef62e1ce-d2a4-4cdd-b7ec-92b120366b66} - %profile%\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}
FF - Ext: Shaved Bieber: shaved-bieber@gleuch.com - %profile%\extensions\shaved-bieber@gleuch.com
FF - Ext: eSnips Downloader Extension: esnipsxpi@logia.esnips - c:\program files (x86)\Logia\eSnipsDownloader\ext
FF - Ext: Search Results Optimizator: search@helper - c:\users\Connor\AppData\Roaming\Mozilla\Firefox\Profiles\6h39eefz.default\extensions\SearchHelper
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-Duke Nukem 3D HRP - c:\games\Duke Nukem 3D\duke3d\uninst.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_heroes.exe
AddRemove-Search Toolbar - c:\program files (x86)\Search Toolbar\SearchToolbarUninstall.exe


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,95,57,5e,ed,28,4a,00,4f,90,ec,40,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,95,57,5e,ed,28,4a,00,4f,90,ec,40,\

[HKEY_USERS\S-1-5-21-2472834592-1909951792-2996553088-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:29,2d,56,49,dd,d2,f0,e7,f0,9b,5b,29,76,4c,04,61,70,33,9e,aa,6f,49,06,
d8,bf,db,78,3e,7a,d4,69,af,24,61,20,fa,39,07,46,9a,bd,ec,52,ce,25,61,9b,c8,\
"??"=hex:69,6f,5c,46,6a,89,f9,ee,2d,48,e0,10,87,42,1e,12

[HKEY_USERS\S-1-5-21-2472834592-1909951792-2996553088-1000\Software\SecuROM\License information*]
"datasecu"=hex:17,8c,00,43,a2,59,2c,55,46,21,31,29,bd,42,4a,3c,8b,86,75,b7,ca,
15,71,bf,c9,c3,80,6a,cd,f7,29,58,b3,53,0e,30,f0,c5,b8,a1,79,a1,3c,3c,ab,ee,\
"rkeysecu"=hex:8e,ed,4d,a5,62,4d,d7,48,fd,30,4f,bf,37,e1,62,57

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-02-06 09:35:00
ComboFix-quarantined-files.txt 2011-02-06 14:34

Pre-Run: 522,522,951,680 bytes free
Post-Run: 532,225,036,288 bytes free

- - End Of File - - DF01C4679B90C3A538A62DF6CB9257C4
the virus i have hijacks my searches and stuff, one site that seems to trigger it is www.encyclopediadramatica.com (warning, NSFW, and very offensive.)
my computer is still experiencing this, combofix didn't remove the right things, all it removed was a toolbar.

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:39 PM

Posted 06 February 2011 - 12:49 PM

Hello

Does this only happen on ONE web page?

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Atomisk

Atomisk
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:10:39 PM

Posted 06 February 2011 - 01:32 PM

No, it happens on EVERY site, give or take, but any instance of encyclopediadramatica instantly seems to trigger it, as to where it usually seems to activate on random
Also, already ran TDSSkiller yesterday, haven't downloaded/ran anything since.
it only found a false positive, it was a driver for my disc mounting program.

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:39 PM

Posted 06 February 2011 - 01:52 PM

Hello


:multiple Anti Virus programs:

It looks like you are operating your computer with multiple Anti Virus programs running in memory at once:

AV: avast! Antivirus
AV: Microsoft Security Essentials


Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.

Please remove one of them.





Create and Run Batch File
Open Notepad and copy/paste the entire contents of the codebox below, into Notepad:
@echo off
>Log1.txt (
ipconfig /all
nslookup google.com
nslookup yahoo.com
ping -n 2 google.com
ping -n 2 yahoo.com
route print
)
start Log1.txt
del %0
Save this as router.bat Choose to Save type as - All Files and where to save - Desktop - then close the Notepad file.

It should look like this: Posted Image <--XP
Double-click on router.bat to run it. it will open notepad when done please post back the results
gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 Atomisk

Atomisk
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:10:39 PM

Posted 06 February 2011 - 06:50 PM

Windows IP Configuration

Host Name . . . . . . . . . . . . : connor
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Linksys Wireless-G PCI Adapter
Physical Address. . . . . . . . . : 00-25-9C-A0-D8-C4
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::f133:3259:82f9:f3be%12(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.42.145(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Sunday, February 06, 2011 5:06:45 PM
Lease Expires . . . . . . . . . . : Monday, February 07, 2011 5:06:44 PM
Default Gateway . . . . . . . . . : 192.168.42.1
DHCP Server . . . . . . . . . . . : 192.168.42.1
DHCPv6 IAID . . . . . . . . . . . : 301999516
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-87-34-85-00-24-1D-C4-15-E2
DNS Servers . . . . . . . . . . . : 192.168.42.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Hamachi:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Hamachi Network Interface
Physical Address. . . . . . . . . : 00-23-C3-4E-EF-E9
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 5.78.239.233(Preferred)
Subnet Mask . . . . . . . . . . . : 255.0.0.0
Lease Obtained. . . . . . . . . . : Sunday, February 06, 2011 5:06:41 PM
Lease Expires . . . . . . . . . . : Monday, February 06, 2012 5:08:48 PM
Default Gateway . . . . . . . . . : 5.0.0.1
DHCP Server . . . . . . . . . . . : 5.0.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{90C8E616-2887-4DB6-9AB9-9CDD918A5BA9}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:246f:3dd:47f0:c13(Preferred)
Link-local IPv6 Address . . . . . : fe80::246f:3dd:47f0:c13%13(Preferred)
Default Gateway . . . . . . . . . :
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.{DAD8B4EC-4D63-4903-A06E-292BABE491B4}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter 6TO4 Adapter:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2002:54e:efe9::54e:efe9(Preferred)
Default Gateway . . . . . . . . . : 2002:c058:6301::c058:6301
NetBIOS over Tcpip. . . . . . . . : Disabled
DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 192.168.42.1

Name: google.com
Addresses: 72.14.204.103
72.14.204.147
72.14.204.104
72.14.204.99

Server: kids
Address: 192.168.42.1

Name: yahoo.com
Addresses: 67.195.160.76
209.191.122.70
98.137.149.56
72.30.2.43
69.147.125.65


Pinging google.com [72.14.204.99] with 32 bytes of data:
Request timed out.
Reply from 72.14.204.99: bytes=32 time=58ms TTL=47

Ping statistics for 72.14.204.99:
Packets: Sent = 2, Received = 1, Lost = 1 (50% loss),
Approximate round trip times in milli-seconds:
Minimum = 58ms, Maximum = 58ms, Average = 58ms

Pinging yahoo.com [209.191.122.70] with 32 bytes of data:
Reply from 209.191.122.70: bytes=32 time=101ms TTL=49
Reply from 209.191.122.70: bytes=32 time=93ms TTL=49

Ping statistics for 209.191.122.70:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 93ms, Maximum = 101ms, Average = 97ms
===========================================================================
Interface List
12...00 25 9c a0 d8 c4 ......Linksys Wireless-G PCI Adapter
15...00 23 c3 4e ef e9 ......Hamachi Network Interface
1...........................Software Loopback Interface 1
18...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
17...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
16...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 5.0.0.1 5.78.239.233 9256
0.0.0.0 0.0.0.0 192.168.42.1 192.168.42.145 25
5.0.0.0 255.0.0.0 On-link 5.78.239.233 9256
5.78.239.233 255.255.255.255 On-link 5.78.239.233 9256
5.255.255.255 255.255.255.255 On-link 5.78.239.233 9256
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.42.0 255.255.255.0 On-link 192.168.42.145 281
192.168.42.145 255.255.255.255 On-link 192.168.42.145 281
192.168.42.255 255.255.255.255 On-link 192.168.42.145 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 5.78.239.233 9256
224.0.0.0 240.0.0.0 On-link 192.168.42.145 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 5.78.239.233 9256
255.255.255.255 255.255.255.255 On-link 192.168.42.145 281
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
0.0.0.0 0.0.0.0 5.0.0.1 Default
===========================================================================

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
16 1110 ::/0 2002:c058:6301::c058:6301
1 306 ::1/128 On-link
13 58 2001::/32 On-link
13 306 2001:0:4137:9e76:246f:3dd:47f0:c13/128
On-link
16 1010 2002::/16 On-link
16 266 2002:54e:efe9::54e:efe9/128
On-link
12 281 fe80::/64 On-link
13 306 fe80::/64 On-link
13 306 fe80::246f:3dd:47f0:c13/128
On-link
12 281 fe80::f133:3259:82f9:f3be/128
On-link
1 306 ff00::/8 On-link
13 306 ff00::/8 On-link
12 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:39 PM

Posted 06 February 2011 - 08:33 PM

Hello

please do the following and let me know if the redirects stop



Resetting Router

Letís try to reset the router to its default configuration.
  • This can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router.
  • Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds).
  • If you donít know the router's default password, you can look it up. Here
  • You also need to reconfigure any security settings you had in place prior to the reset.
  • You may also need to consult with your Internet service provider to find out which DNS servers your network should be using or you can use OpenDNS
Note: After resetting your router, it is important to set a non-default password, and if possible, username, on the router. This will assist in eliminating the possibility of the router being hijacked again.

flush the DNS:

Now lets flush the DNS on the computer:

  • click on Start
  • select run
  • enter cmd and hit enter
  • a black window will open.
  • please enter the following text into that window and hit enter:


    ipconfig /flushdns

Now lets check the router again

Create and Run Batch File
Open Notepad and copy/paste the entire contents of the codebox below, into Notepad:
@echo off
>Log1.txt (
ipconfig /all
nslookup google.com
nslookup yahoo.com
ping -n 2 google.com
ping -n 2 yahoo.com
route print
)
start Log1.txt
del %0
Save this as router.bat Choose to Save type as - All Files and where to save - Desktop - then close the Notepad file.

It should look like this: Posted Image <--XP
Double-click on router.bat to run it. it will open notepad when done please post back the results

gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 Atomisk

Atomisk
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:10:39 PM

Posted 06 February 2011 - 09:51 PM

It has nothing to do with my router, there are other computers on my network, and i'm the only one experiencing this.
I also tried all this before i even posted here.

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:39 PM

Posted 06 February 2011 - 10:01 PM

Hello

been doing some checking and does this only happen in firefox or does it also happen in IE


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 Atomisk

Atomisk
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:10:39 PM

Posted 07 February 2011 - 09:24 AM

It happens with both browsers, although it seems to trigger more on firefox then the 2 hours i forced myself to use IE (ugh)
the virus seems to trigger at random, as there are some times i've been able to search something without being redirected.

#14 Atomisk

Atomisk
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:10:39 PM

Posted 09 February 2011 - 10:23 AM

bump for gringo to reply since it's been 48+ hours.

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:11:39 PM

Posted 09 February 2011 - 11:05 AM

SystemLook:

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1
Download Mirror #2

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
:folderfind
*Youtube*
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users