Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google analytics and Epoclick pop-ups!


  • This topic is locked This topic is locked
1 reply to this topic

#1 lmroney

lmroney

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:06:11 PM

Posted 03 March 2011 - 02:35 PM

I recently was given a laptop with Windows 7 reinstalled and with no other exsisting data saved on the computer. Since the first online usage, I was redirected to Google redirect websites and epoclick. When viewing the Control Panel restore, I saw that it was just the Windows 7 install pack, so I am not sure if this virus is new or was never properly cleared before the reinstall. The computer itself seems to be running properly but does have the IE occasionally freeze up. I have run rkill and MalwareBytes with no listed problems. Please help!


DDS (Ver_10-12-12.02) - NTFSx86
Run by Lisa at 13:16:46.23 on Thu 03/03/2011
Internet Explorer: 8.0.7601.17514
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2038.951 [GMT -5:00]

AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k bthsvcs
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\OEM02Mon.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10n_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Lisa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UZPLUAVP\dds[1].scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = *.local
BHO: KeyScramblerBHO Class: {2b9f5787-88a5-4945-90e7-c4b18563bc5e} - c:\program files\keyscrambler\KeyScramblerIE.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - {B745F984-EF2E-40D6-A9AC-D8CED7230E61} - c:\program files\keyscrambler\KeyScramblerIE.dll
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: igfxcui - igfxdev.dll

============= SERVICES / DRIVERS ===============

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
R1 MpKsl67e9036f;MpKsl67e9036f;c:\programdata\microsoft\microsoft antimalware\definition updates\{fb86469a-837a-4e5b-9cb0-1719352ae2dd}\MpKsl67e9036f.sys [2011-3-3 28752]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-3-2 135336]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-3-2 267944]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-3-2 61960]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-4-14 45736]
R3 KeyScrambler;KeyScrambler;c:\windows\system32\drivers\keyscrambler.sys [2011-3-2 114952]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-10-24 43392]
R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 54144]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2010-11-11 206360]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-3-1 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-3-1 1343400]

=============== Created Last 30 ================

2011-03-03 17:00:36 118784 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2011-03-03 17:00:36 1071088 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2011-03-03 17:00:24 -------- d-----w- c:\program files\SpywareBlaster
2011-03-03 16:31:14 28752 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{fb86469a-837a-4e5b-9cb0-1719352ae2dd}\MpKsl67e9036f.sys
2011-03-03 14:48:12 -------- d-----w- c:\users\lisa\appdata\local\Apple Computer
2011-03-03 14:48:04 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2011-03-03 14:48:04 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2011-03-03 14:47:22 -------- d-----w- c:\program files\iPod
2011-03-03 14:47:20 -------- d-----w- c:\program files\iTunes
2011-03-03 14:47:20 -------- d-----w- c:\progra~2\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2011-03-03 14:46:34 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2011-03-03 14:46:34 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2011-03-03 14:46:34 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2011-03-03 14:46:34 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2011-03-03 14:46:34 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2011-03-03 14:46:34 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2011-03-03 14:46:34 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2011-03-03 14:45:54 -------- d-----w- c:\users\lisa\appdata\local\Apple
2011-03-03 14:45:23 -------- d-----w- c:\program files\Bonjour
2011-03-03 04:58:11 -------- d-----w- c:\users\lisa\appdata\roaming\Malwarebytes
2011-03-03 04:58:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-03-03 04:58:05 -------- d-----w- c:\progra~2\Malwarebytes
2011-03-03 04:58:01 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-03-03 04:58:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-03-03 04:41:34 114952 ----a-w- c:\windows\system32\drivers\keyscrambler.sys
2011-03-03 04:41:32 -------- d-----w- c:\program files\KeyScrambler
2011-03-03 04:36:32 -------- d-----w- c:\users\lisa\appdata\roaming\Avira
2011-03-03 04:34:24 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-03-03 04:34:22 -------- d-----w- c:\program files\Avira
2011-03-03 04:34:22 -------- d-----w- c:\progra~2\Avira
2011-03-03 02:49:18 -------- d-----w- c:\users\lisa\appdata\local\Diagnostics
2011-03-01 22:04:17 -------- d-----w- c:\windows\Panther
2011-03-01 22:03:31 -------- d-----w- c:\windows\system32\oem
2011-03-01 20:31:41 5890896 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2011-03-01 20:31:32 5943120 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{fb86469a-837a-4e5b-9cb0-1719352ae2dd}\mpengine.dll
2011-03-01 20:27:00 439632 ------w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{483be348-0a6a-49e9-a84e-c786dd853120}\gapaengine.dll
2011-03-01 20:25:06 -------- d-----w- c:\program files\Microsoft Security Client
2011-03-01 20:20:00 -------- d-sh--w- c:\windows\Installer
2011-03-01 20:10:51 -------- d-----w- c:\windows\system32\Wat
2011-03-01 19:55:38 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-03-01 19:55:37 70656 ----a-w- c:\windows\system32\fontsub.dll
2011-03-01 19:55:37 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-03-01 19:55:37 294400 ----a-w- c:\windows\system32\atmfd.dll
2011-03-01 19:55:36 542208 ----a-w- c:\windows\system32\kerberos.dll
2011-03-01 19:55:35 870912 ----a-w- c:\windows\system32\XpsPrint.dll
2011-03-01 19:55:35 288256 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-03-01 19:55:34 428032 ----a-w- c:\windows\system32\vbscript.dll
2011-03-01 19:55:33 2330624 ----a-w- c:\windows\system32\win32k.sys
2011-03-01 19:54:39 219008 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2011-03-01 19:47:55 -------- d-----w- c:\windows\system32\SPReview
2011-03-01 19:32:43 5943120 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{8992af61-3b13-44fb-abb1-37df2de65e7b}\mpengine.dll
2011-03-01 19:32:42 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-03-01 19:24:32 -------- d-----w- c:\windows\system32\EventProviders
2011-03-01 19:18:34 -------- d-----w- c:\windows\system32\wbem\Performance
2011-03-01 19:14:37 398336 ----a-w- c:\windows\system32\TVWizudlg.exe
2011-03-01 19:14:37 140288 ----a-w- c:\windows\system32\igfxtvcx.dll
2011-03-01 19:14:37 -------- d-----w- c:\windows\system32\Lang
2011-03-01 19:13:23 1002008 ----a-w- c:\windows\system32\igxpun.exe
2011-03-01 19:13:23 -------- d-----w- c:\windows\system32\x64

==================== Find3M ====================

2011-03-01 19:43:29 152576 ----a-w- c:\windows\system32\msclmd.dll

============= FINISH: 13:17:40.57 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:11 AM

Posted 03 March 2011 - 05:05 PM

You have another topic here: http://www.bleepingcomputer.com/forums/topic382792.html

As such I will close this one.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users