Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

redirects, popups, can't log onto google this computer


  • This topic is locked This topic is locked
5 replies to this topic

#1 kurly49

kurly49

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:41 PM

Posted 06 March 2011 - 10:58 AM

trying to do gmer locks computer up.

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Fonda at 8:13:29.23 on Sun 03/06/2011
Internet Explorer: 8.0.6001.19019
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.1023.327 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Microsoft Money\System\Money Express.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Users\Fonda\AppData\Roaming\Google\Google Talk\googletalk.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\Spotmau WinCares 2007\FolderProtectService.exe
C:\Program Files\Spotmau WinCares 2007\FolderProtect.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\wuauclt.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Fonda\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uSearch Bar = Preserve
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.6209.1142\swg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [MoneyAgent] "c:\program files\microsoft money\system\Money Express.exe"
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Google Update] "c:\users\fonda\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [googletalk] c:\users\fonda\appdata\roaming\google\google talk\googletalk.exe /autostart
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\eventr~1.lnk - c:\program files\the print shop 23\Remind.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
Trusted Zone: google.com\www
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 165264]
R1 MpKsl0e8d77d7;MpKsl0e8d77d7;c:\programdata\microsoft\microsoft antimalware\definition updates\{034aebe9-827b-49e2-9f50-2889982cbf06}\MpKsl0e8d77d7.sys [2011-3-6 28752]
R2 FolderProtectService;FolderProtectService;c:\program files\spotmau wincares 2007\FolderProtectService.exe [2010-12-27 16384]
R3 FolderProtectDriver;FolderProtectDriver;c:\program files\spotmau wincares 2007\FolderProtectDriver.sys [2010-12-27 11264]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-3-25 43392]
R3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2006-11-2 987648]
R3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2006-11-2 251904]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-11-25 136176]
.
=============== Created Last 30 ================
.
2011-03-06 14:13:43 28752 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{034aebe9-827b-49e2-9f50-2889982cbf06}\MpKsl0e8d77d7.sys
2011-03-04 17:14:05 -------- d-----r- c:\users\fonda\appdata\roaming\Brother
2011-03-04 13:47:24 5943120 ----a-w- c:\progra~2\microsoft\microsoft antimalware\definition updates\{034aebe9-827b-49e2-9f50-2889982cbf06}\mpengine.dll
2011-02-22 02:40:13 -------- d-----w- c:\windows\system32\EventProviders
2011-02-19 19:14:28 420352 ----a-w- c:\windows\system32\vbscript.dll
2011-02-18 23:42:55 7680 ----a-w- c:\program files\internet explorer\iecompat.dll
2011-02-18 23:14:44 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-02-18 23:14:43 49472 ----a-w- c:\windows\system32\netfxperf.dll
2011-02-18 23:14:43 297808 ----a-w- c:\windows\system32\mscoree.dll
2011-02-18 23:14:43 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2011-02-18 23:14:43 1130824 ----a-w- c:\windows\system32\dfshim.dll
2011-02-18 21:31:13 1616384 ----a-w- c:\program files\windows mail\msoe.dll
2011-02-18 21:31:11 81920 ----a-w- c:\windows\system32\iccvid.dll
2011-02-18 21:31:07 72192 ----a-w- c:\windows\system32\drivers\pacer.sys
2011-02-18 21:31:07 15360 ----a-w- c:\windows\system32\pacerprf.dll
2011-02-18 21:31:04 67072 ----a-w- c:\windows\system32\asycfilt.dll
2011-02-18 21:31:01 339968 ----a-w- c:\program files\windows nt\accessories\wordpad.exe
2011-02-18 21:31:01 1315840 ----a-w- c:\windows\system32\ole32.dll
2011-02-18 21:30:59 126464 ----a-w- c:\windows\system32\spoolsv.exe
2011-02-18 21:30:57 157184 ----a-w- c:\windows\system32\t2embed.dll
2011-02-18 21:30:55 1169408 ----a-w- c:\windows\system32\sdclt.exe
2011-02-18 21:30:53 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2011-02-18 21:30:50 10926592 ----a-w- c:\program files\movie maker\MOVIEMK.dll
2011-02-18 21:30:49 150016 ----a-w- c:\program files\movie maker\MOVIEMK.exe
2011-02-18 21:30:47 954752 ----a-w- c:\windows\system32\mfc40.dll
2011-02-18 21:30:46 954288 ----a-w- c:\windows\system32\mfc40u.dll
2011-02-18 21:30:23 36352 ----a-w- c:\windows\system32\rtutils.dll
2011-02-18 21:30:21 248832 ----a-w- c:\windows\system32\msshsq.dll
2011-02-18 21:30:19 866816 ----a-w- c:\windows\system32\wmpmde.dll
2011-02-18 21:29:12 1314816 ----a-w- c:\windows\system32\quartz.dll
2011-02-18 21:29:01 603648 ----a-w- c:\windows\system32\schedsvc.dll
2011-02-18 21:29:01 357376 ----a-w- c:\windows\system32\taskschd.dll
2011-02-18 21:29:00 345088 ----a-w- c:\windows\system32\wmicmiplugin.dll
2011-02-18 21:29:00 270336 ----a-w- c:\windows\system32\taskcomp.dll
2011-02-18 21:29:00 171520 ----a-w- c:\windows\system32\taskeng.exe
2011-02-18 21:19:19 81920 ----a-w- c:\windows\system32\consent.exe
2011-02-18 21:19:16 1257472 ----a-w- c:\windows\system32\msxml3.dll
2011-02-18 21:17:59 898952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-02-18 21:13:13 738816 ----a-w- c:\windows\system32\inetcomm.dll
2011-02-18 21:05:37 531968 ----a-w- c:\windows\system32\comctl32.dll
2011-02-18 17:00:35 -------- d-----w- c:\users\fonda\appdata\local\ElevatedDiagnostics
2011-02-18 16:56:23 -------- d-----w- c:\program files\Microsoft ATS
2011-02-18 15:38:47 -------- d-----w- C:\PerfLogs
2011-02-06 20:58:48 -------- d-----w- c:\program files\Web Publish
2011-02-06 20:58:43 3715072 ----a-w- c:\windows\system32\cdintf300.dll
2011-02-06 20:54:30 -------- d-----w- c:\program files\common files\Broderbund
2011-02-06 20:54:03 -------- d-----w- c:\program files\The Print Shop 23
2011-02-06 20:47:44 -------- d-----w- c:\windows\system32\URTTEMP
.
==================== Find3M ====================
.
2011-02-18 03:24:37 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2011-02-18 03:24:28 82432 ----a-w- c:\windows\system32\axaltocm.dll
2011-01-08 07:50:00 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-01-08 05:57:10 292352 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:25:17 2038784 ----a-w- c:\windows\system32\win32k.sys
2010-12-28 14:57:35 409600 ----a-w- c:\windows\system32\odbc32.dll
2010-12-18 06:27:04 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-18 06:22:41 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-18 06:22:27 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-12-18 06:22:11 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-12-18 06:22:11 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-12-18 05:25:26 385024 ----a-w- c:\windows\system32\html.iec
2010-12-18 04:48:39 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-12-18 04:47:11 1638912 ----a-w- c:\windows\system32\mshtml.tlb
.
============= FINISH: 8:13:45.46 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft® Windows Vista™ Home Basic
Boot Device: \Device\HarddiskVolume3
Install Date: 11/24/2010 10:40:44 PM
System Uptime: 3/6/2011 7:13:15 AM (1 hours ago)
.
Motherboard: Dell Inc. | | 0RY206
Processor: AMD Athlon™ 64 X2 Dual Core Processor 4000+ | Socket AM2 | 2000/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 223 GiB total, 82.61 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 5.974 GiB free.
E: is CDROM ()
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Tun Miniport Adapter
Device ID: ROOT\*TUNMP\0001
Manufacturer: Microsoft
Name: Teredo Tunneling Pseudo-Interface
PNP Device ID: ROOT\*TUNMP\0001
Service: tunmp
.
Class GUID:
Description: BT Mini-Receiver
Device ID: USB\VID_413C&PID_8130\001C26DCA4E9
Manufacturer:
Name: BT Mini-Receiver
PNP Device ID: USB\VID_413C&PID_8130\001C26DCA4E9
Service:
.
==== System Restore Points ===================
.
RP148: 2/21/2011 7:45:07 PM - Windows Vista™ Service Pack 2
RP149: 2/22/2011 3:27:37 PM - Windows Update
RP150: 2/22/2011 8:07:36 PM - Installed Microsoft Visual C++ 2005 Redistributable
RP151: 2/22/2011 9:34:07 PM - Windows Update
RP152: 2/23/2011 10:01:36 AM - Scheduled Checkpoint
RP153: 2/23/2011 2:31:19 PM - Windows Update
RP154: 2/24/2011 9:58:13 AM - Windows Update
RP155: 2/25/2011 9:02:48 AM - Scheduled Checkpoint
RP156: 2/25/2011 4:04:26 PM - Windows Update
RP157: 2/26/2011 11:49:32 AM - Scheduled Checkpoint
RP158: 2/26/2011 12:01:38 PM - Windows Update
RP159: 2/27/2011 9:41:22 AM - Scheduled Checkpoint
RP160: 2/27/2011 11:34:06 AM - Windows Update
RP161: 2/28/2011 1:05:40 PM - Windows Update
RP162: 3/1/2011 8:00:49 AM - Scheduled Checkpoint
RP163: 3/2/2011 9:30:48 AM - Scheduled Checkpoint
RP164: 3/3/2011 9:16:33 AM - Scheduled Checkpoint
RP165: 3/4/2011 6:46:11 AM - Windows Update
RP166: 3/5/2011 9:42:00 AM - Scheduled Checkpoint
RP167: 3/5/2011 5:43:11 PM - Windows Backup
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Reader X (10.0.1)
AnswerWorks 5.0 English Runtime
Brother MFL-Pro Suite
Google Talk (remove only)
Google Talk Plugin
Google Toolbar for Firefox
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 3.5 SP1
Microsoft Antimalware
Microsoft Money 2001
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Web Publishing Wizard 1.52
Microsoft Works
Microsoft Works and Money 2001 Setup Launcher
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
PowerDVD
Quicken 2011
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Spotmau WinCare 2007
The Print Shop 23
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Works Suite OS Pack
.
==== Event Viewer Messages From Past Week ========
.
3/5/2011 1:54:56 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.99.581.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6603.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
3/4/2011 1:31:17 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.99.581.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6603.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
3/3/2011 8:06:53 AM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.0.4 for the Network Card with network address 001AA04F68B4 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
3/2/2011 8:35:16 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.99.265.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6603.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
3/2/2011 6:12:40 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.2.2 for the Network Card with network address 001AA04F68B4 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
3/2/2011 5:40:48 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.2.2 for the Network Card with network address 001AA04F68B4 has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
3/2/2011 5:38:27 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.0.4 for the Network Card with network address 001AA04F68B4 has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
3/2/2011 5:37:59 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.2.11 for the Network Card with network address 001AA04F68B4 has been denied by the DHCP server 192.168.0.1 (The DHCP Server sent a DHCPNACK message).
3/2/2011 5:16:43 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.2.11 for the Network Card with network address 001AA04F68B4 has been denied by the DHCP server 192.168.2.1 (The DHCP Server sent a DHCPNACK message).
3/2/2011 12:22:25 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.99.265.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6603.0 Error code: 0x8024402c Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
2/27/2011 9:06:08 AM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
.
==== End Of File ===========================

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:41 PM

Posted 06 March 2011 - 11:39 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 kurly49

kurly49
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:41 PM

Posted 06 March 2011 - 01:18 PM

Ran combofix with no problem. The computer will not let any google accounts log onto it still.

ComboFix 11-03-05.02 - Fonda 03/06/2011 10:03:54.1.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6001.1.1252.1.1033.18.1023.427 [GMT -7:00]
Running from: c:\users\Fonda\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Fonda\AppData\Local\Temp\D7C9.tmp
.
.
((((((((((((((((((((((((( Files Created from 2011-02-06 to 2011-03-06 )))))))))))))))))))))))))))))))
.
.
2011-03-04 17:14 . 2011-03-04 17:14 -------- d-----r- c:\users\Fonda\AppData\Roaming\Brother
2011-03-04 13:47 . 2011-02-11 06:54 5943120 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{034AEBE9-827B-49E2-9F50-2889982CBF06}\mpengine.dll
2011-03-03 01:42 . 2011-03-03 01:42 -------- d-----w- c:\program files\Microsoft Silverlight
2011-02-23 03:02 . 2011-02-23 03:02 -------- d-----w- c:\users\Fonda\AppData\Roaming\Leadertech
2011-02-22 02:40 . 2011-02-22 02:40 -------- d-----w- c:\windows\system32\EventProviders
2011-02-19 19:14 . 2010-03-05 14:01 420352 ----a-w- c:\windows\system32\vbscript.dll
2011-02-18 23:42 . 2010-10-19 04:27 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2011-02-18 23:14 . 2009-11-08 17:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-02-18 23:14 . 2009-11-08 17:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
2011-02-18 23:14 . 2009-11-08 17:55 297808 ----a-w- c:\windows\system32\mscoree.dll
2011-02-18 23:14 . 2009-11-08 17:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2011-02-18 23:14 . 2009-11-08 17:55 1130824 ----a-w- c:\windows\system32\dfshim.dll
2011-02-18 21:31 . 2010-01-29 16:22 1616384 ----a-w- c:\program files\Windows Mail\msoe.dll
2011-02-18 21:31 . 2010-05-27 19:16 81920 ----a-w- c:\windows\system32\iccvid.dll
2011-02-18 21:31 . 2008-04-05 03:34 15360 ----a-w- c:\windows\system32\pacerprf.dll
2011-02-18 21:31 . 2008-04-05 01:21 72192 ----a-w- c:\windows\system32\drivers\pacer.sys
2011-02-18 21:31 . 2010-04-05 16:07 67072 ----a-w- c:\windows\system32\asycfilt.dll
2011-02-18 21:31 . 2010-06-28 16:15 1315840 ----a-w- c:\windows\system32\ole32.dll
2011-02-18 21:31 . 2010-06-28 14:31 339968 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe
2011-02-18 21:30 . 2010-08-17 13:32 126464 ----a-w- c:\windows\system32\spoolsv.exe
2011-02-18 21:30 . 2010-08-26 16:07 157184 ----a-w- c:\windows\system32\t2embed.dll
2011-02-18 21:30 . 2010-12-14 15:49 1169408 ----a-w- c:\windows\system32\sdclt.exe
2011-02-18 21:30 . 2010-04-05 16:08 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2011-02-18 21:30 . 2010-06-17 17:15 10926592 ----a-w- c:\program files\Movie Maker\MOVIEMK.dll
2011-02-18 21:30 . 2010-06-17 15:49 150016 ----a-w- c:\program files\Movie Maker\MOVIEMK.exe
2011-02-18 21:30 . 2010-08-31 15:41 954752 ----a-w- c:\windows\system32\mfc40.dll
2011-02-18 21:30 . 2010-08-31 15:41 954288 ----a-w- c:\windows\system32\mfc40u.dll
2011-02-18 21:30 . 2010-06-18 16:43 36352 ----a-w- c:\windows\system32\rtutils.dll
2011-02-18 21:30 . 2010-05-04 18:39 248832 ----a-w- c:\windows\system32\msshsq.dll
2011-02-18 21:30 . 2010-08-20 15:21 866816 ----a-w- c:\windows\system32\wmpmde.dll
2011-02-18 21:29 . 2010-04-16 16:10 1314816 ----a-w- c:\windows\system32\quartz.dll
2011-02-18 21:29 . 2010-11-06 11:10 357376 ----a-w- c:\windows\system32\taskschd.dll
2011-02-18 21:29 . 2010-11-06 11:09 603648 ----a-w- c:\windows\system32\schedsvc.dll
2011-02-18 21:29 . 2010-11-06 11:10 345088 ----a-w- c:\windows\system32\wmicmiplugin.dll
2011-02-18 21:29 . 2010-11-06 11:10 270336 ----a-w- c:\windows\system32\taskcomp.dll
2011-02-18 21:29 . 2010-11-05 00:53 171520 ----a-w- c:\windows\system32\taskeng.exe
2011-02-18 21:19 . 2010-10-18 14:01 81920 ----a-w- c:\windows\system32\consent.exe
2011-02-18 21:19 . 2010-06-11 15:30 1257472 ----a-w- c:\windows\system32\msxml3.dll
2011-02-18 21:17 . 2010-06-16 15:59 898952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-02-18 21:13 . 2010-05-27 19:16 738816 ----a-w- c:\windows\system32\inetcomm.dll
2011-02-18 21:05 . 2010-08-31 15:40 531968 ----a-w- c:\windows\system32\comctl32.dll
2011-02-18 17:00 . 2011-02-18 17:00 -------- d-----w- c:\users\Fonda\AppData\Local\ElevatedDiagnostics
2011-02-18 16:56 . 2011-02-18 16:59 -------- d-----w- c:\program files\Microsoft ATS
2011-02-18 15:38 . 2011-02-18 15:38 -------- d-----w- C:\PerfLogs
2011-02-06 20:58 . 2011-02-06 20:58 -------- d-----w- c:\program files\Web Publish
2011-02-06 20:58 . 2008-05-15 21:19 3715072 ----a-w- c:\windows\system32\cdintf300.dll
2011-02-06 20:54 . 2011-02-06 20:55 -------- d-----w- c:\program files\Common Files\Broderbund
2011-02-06 20:54 . 2011-02-06 20:57 -------- d-----w- c:\program files\The Print Shop 23
2011-02-06 20:47 . 2011-02-06 20:47 -------- d-----w- c:\windows\system32\URTTEMP
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-18 03:24 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2011-02-18 03:24 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
2011-02-11 06:54 . 2010-11-26 22:18 5943120 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-01-13 09:41 . 2011-02-01 19:11 5890896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\FolderProtect0]
@="{D7BC78F3-3624-455C-8C4B-9C77C3BFEE4E}"
[HKEY_CLASSES_ROOT\CLSID\{D7BC78F3-3624-455C-8C4B-9C77C3BFEE4E}]
2006-12-22 23:30 57344 ----a-w- c:\program files\Spotmau WinCares 2007\FolderProtectShellExtension.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\FolderProtect1]
@="{8A814C29-D3CD-4F9E-9770-DF8704503ACA}"
[HKEY_CLASSES_ROOT\CLSID\{8A814C29-D3CD-4F9E-9770-DF8704503ACA}]
2006-12-22 23:30 57344 ----a-w- c:\program files\Spotmau WinCares 2007\FolderProtectShellExtension.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"MoneyAgent"="c:\program files\Microsoft Money\System\Money Express.exe" [2000-07-19 176183]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-11-25 39408]
"Google Update"="c:\users\Fonda\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-11-25 136176]
"googletalk"="c:\users\Fonda\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2007-09-17 124200]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-11-25 622592]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-07-19 65536]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Event Reminder.lnk - c:\program files\The Print Shop 23\Remind.exe [2008-7-16 344064]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-11-25 136176]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-25 43392]
S2 FolderProtectService;FolderProtectService;c:\program files\Spotmau WinCares 2007\FolderProtectService.exe [2006-12-22 16384]
S3 FolderProtectDriver;FolderProtectDriver;c:\program files\Spotmau WinCares 2007\FolderProtectDriver.sys [2006-12-12 11264]
S3 VST_DPV;VST_DPV;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2006-11-02 987648]
S3 VSTHWBS2;VSTHWBS2;c:\windows\system32\DRIVERS\VSTBS23.SYS [2006-11-02 251904]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-25 19:24]
.
2011-03-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-25 19:24]
.
2011-03-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2058696923-310149077-4167644183-1000Core.job
- c:\users\Fonda\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-26 19:24]
.
2011-03-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2058696923-310149077-4167644183-1000UA.job
- c:\users\Fonda\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-26 19:24]
.
2011-03-05 c:\windows\Tasks\User_Feed_Synchronization-{CEA19440-E378-4596-BD06-2B9950F9566E}.job
- c:\windows\system32\msfeedssync.exe [2011-02-18 04:47]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
Trusted Zone: google.com\www
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-06 10:11
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3996)
c:\program files\Spotmau WinCares 2007\FolderProtectShellExtension.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\program files\Spotmau WinCares 2007\FolderProtect.exe
c:\windows\system32\WUDFHost.exe
.
**************************************************************************
.
Completion time: 2011-03-06 10:15:07 - machine was rebooted
ComboFix-quarantined-files.txt 2011-03-06 17:15
.
Pre-Run: 87,953,641,472 bytes free
Post-Run: 87,837,442,048 bytes free
.
- - End Of File - - D95E55791B71CB4E314CD88B73C19C37

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:41 PM

Posted 07 March 2011 - 06:44 PM

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 kurly49

kurly49
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:41 PM

Posted 09 March 2011 - 05:24 PM

Gringo, I am going to have to drop working on this computer for the time being. Some things have come up and don't have the time to do it. Sorry and thanks for your help.

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:41 PM

Posted 09 March 2011 - 05:39 PM

Ok I will close it for now then and if you have the time later just give me a pm and I will reopen it for you



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users