Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HiJackThis log - Google Analytics and Fake XP Scanner browser redirect


  • This topic is locked This topic is locked
25 replies to this topic

#1 mexigonzo

mexigonzo

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:USA
  • Local time:08:14 PM

Posted 18 May 2011 - 08:55 PM

Ok I had posted a topic in another forum -Am I Infected- but was instructed to download HiJackThis and save my log to this forum. So here's my initial post:

I'm having an issue related to my internet browser. I use IE9 and anytime I try to do a search for something, it is always redirected to some random site. Sometimes that site is redirected again to yet another random site. As it's redirecting, I notice it will flash something like google-analytics or drvrt (or something very similar). This also happens whenever I type in a specific address. Sometimes it takes 2 or 3 tries before I can even view a site. This has also occured when I'm on a site and have been on a site for awhile - all of a sudden my browser will just redirect itself to another site. Occasionally it will pop up a box (like a security msg) saying that my computer may be at risk. When I try to exit out of that, it opens up a page that looks like XP Control Panel and proceeds to start "scanning". I always close my browser when this happens so another box opens up asking if I'm sure I want to leave the page. I noticed that all of this started happening after I moved so I wasn't for sure if the network I am using now has anything to do with it or not. But I'm not for sure since my boyfriend dosen't seem to be experiencing the same problems on his computer.

I have Avast Virus Protection (paid version) and Malwarebytes (not totally familiar with how to use it yet) and I've scanned my computer hundreds of times and it never finds anything. I even installed something I used to use on my old computer called Bazooka Scanner. It's the only scanner that I've used that has detected something, but someone pointed out Bazooka was made to be used for XP and I have Windows 7 so it may not be accurate. I have searched everywhere, tried many different things and the problem still persists. Can somebody please help me figure out what's going on and help me put a stop to it? Also what can I do to help prevent this from happening in the future? I'm afraid it's going to damage my system which is barely a year old.

And here is my scan log. Any help would be greatly appreciated! =)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:25:54 PM, on 5/18/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Adobe\Elements 9 Organizer\ElementsOrganizerSyncAgent.exe
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Windows Live\Companion\companionuser.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10p_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - (no file)
O2 - BHO: Wishpot Button - {9E40F4A8-6896-4b67-91F5-F6F287ECB5D9} - C:\Program Files (x86)\Wishpot\ietb.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {9D425283-D487-4337-BAB6-AB8354A81457} - (no file)
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O3 - Toolbar: Wishpot Button - {7DAAFFD0-5A88-447d-96C6-E6CA06AF0758} - C:\Program Files (x86)\Wishpot\ietb.dll
O4 - HKLM\..\Run: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
O4 - HKLM\..\Run: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
O4 - HKLM\..\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
O4 - HKLM\..\RunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
O4 - HKLM\..\RunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [PhotoshopElements8SyncAgent] C:\Program Files (x86)\Adobe\Elements 9 Organizer\ElementsOrganizerSyncAgent.exe
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10p_ActiveX.exe -update activex
O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')
O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (file missing)
O9 - Extra 'Tools' menuitem: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (file missing)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {3D3B42C2-11BF-4732-A304-A01384B70D68} (UploadListView Class) - https://picasaweb.google.com/s/v/71.27/uploader2.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://simcity.ea.com/update/EARTPX.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} (MaxisSimCity4PatcherX Control) - http://simcity.ea.com/update/MaxisSimCity4PatcherX.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Active File Monitor V9 (AdobeActiveFileMonitor9.0) - Adobe Systems Incorporated - C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Firewall - AVAST Software - C:\Program Files\Alwil Software\Avast5\afwServ.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Seagate Service (FreeAgentGoNext Service) - Seagate Technology LLC - C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe
O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MediaMall Server - MediaMall Technologies, Inc. - C:\Program Files (x86)\MediaMall\MediaMallServer.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SupportSoft Sprocket Service (DellComms) (sprtsvc_DellComms) - Unknown owner - C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe (file missing)
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Zune Wireless Configuration Service (ZuneWlanCfgSvc) - Unknown owner - c:\Windows\system32\ZuneWlanCfgSvc.exe (file missing)

--
End of file - 13957 bytes

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:14 AM

Posted 21 May 2011 - 10:11 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.


We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.


In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply





Scan With RKUnHooker

  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


"just click on Cancel, then Accept".


information and logs:

  • In your next post I need the following

  • .logs from DDS
  • log from RKUnHooker
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:14 AM

Posted 24 May 2011 - 01:14 PM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:14 AM

Posted 28 May 2011 - 05:05 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:14 AM

Posted 03 June 2011 - 11:37 PM

I have reopened the topic for you - please send reports when ready


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 mexigonzo

mexigonzo
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:USA
  • Local time:08:14 PM

Posted 04 June 2011 - 12:37 AM

Thank you so much for reopening my topic! Again, very sorry I didn't reply sooner.

I didn't have any problems with DeFogger. That part went fine. I did run into some issues with DDS, even though I disabled the script blocker of Avast. I think Avast is still interferring with DDS. It kept trying to run the program in Sandbox (a red line appeared around box which means it is running the program in Sandbox). Finally the third time the red line disappeared, but it wouldn't allow me to save the logs to desktop. I tried multiple times. I was able to download and save RKUnhooker to desktop; however everytime I tried to run the program, this error msg appeared: Sorry, but unhandled exception has occured. Program will be terminated. Exception code: 0xC0000005 Instruction address: 0x00402EAA Attempt to read at address: 0xFFFFFFFF Error log generated, please report to developers. Here are my DDS logs:

.
DDS (Ver_2011-06-03.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24
Run by Mexicans at 22:10:55 on 2011-06-03
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4056.1676 [GMT -7:00]
.
AV: avast! Internet Security *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Internet Security *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: avast! Internet Security *Enabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
.
============== Running Processes ===============
.
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
svchost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
svchost.exe
svchost.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
svchost.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Adobe\Elements 9 Organizer\ElementsOrganizerSyncAgent.exe
C:\Program Files (x86)\BatteryCare\BatteryCare.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files (x86)\SmartPCTools\Registry Repair Wizard\RCHelper.exe
C:\Program Files\Dell\DellDock\DellDock.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVH.EXE
C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe
C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
svchost.exe
C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
Q:\140062.enu\Office14\ONENOTEM.EXE
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
svchost.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Zune\Zune.exe
c:\Program Files\Zune\ZuneEnc.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.AutoUpdate.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10q_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Windows Live\Companion\companionuser.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.google.com/
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
uRun: [PhotoshopElements8SyncAgent] C:\Program Files (x86)\Adobe\Elements 9 Organizer\ElementsOrganizerSyncAgent.exe
uRun: [BatteryCare] C:\Program Files (x86)\BatteryCare\BatteryCare.exe
uRun: [Registry Repair Wizard Scheduler] "C:\Program Files (x86)\SmartPCTools\Registry Repair Wizard\RCHelper.exe" /startup
mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [DellSupportCenter] "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe
StartupFolder: C:\Users\Mexicans\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files\Dell\DellDock\DellDock.exe
StartupFolder: C:\Users\Mexicans\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVH.EXE
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{91F87321-A9F3-43BD-A3A1-165B811CBF8F} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{91F87321-A9F3-43BD-A3A1-165B811CBF8F}\030313331433140373535313 : DhcpNameServer = 192.168.254.254 192.168.254.254
TCP: Interfaces\{91F87321-A9F3-43BD-A3A1-165B811CBF8F}\05F656473723031303 : DhcpNameServer = 192.168.254.254 192.168.254.254
TCP: Interfaces\{91F87321-A9F3-43BD-A3A1-165B811CBF8F}\C416155796E64716 : DhcpNameServer = 4.2.2.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll
Notify: igfxcui - igfxdev.dll
mASetup: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
mASetup: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
mASetup: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
mASetup: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [Apoint] C:\Program Files\DellTPad\Apoint.exe
mRun-x64: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
mRun-x64: [IgfxTray] C:\Windows\system32\igfxtray.exe
mRun-x64: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
mRun-x64: [Persistence] C:\Windows\system32\igfxpers.exe
mRun-x64: [Broadcom Wireless Manager UI] C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe
mRun-x64: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
mRun-x64: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
mRunOnce-x64: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
mRunOnce-x64: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Mexicans\AppData\Roaming\Mozilla\Firefox\Profiles\xi1f2msv.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Mexicans\AppData\Local\HuluDesktop\instances\0.9.14.1\nphdplg.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Skype extension: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: avast! WebRep: wrc@avast.com - C:\Program Files\Alwil Software\Avast5\WebRep\FF
.
---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.brc -
.
============= SERVICES / DRIVERS ===============
.
R0 aswNdis;avast! Firewall NDIS Filter Service;C:\Windows\system32\DRIVERS\aswNdis.sys --> C:\Windows\system32\DRIVERS\aswNdis.sys [?]
R0 aswNdis2;avast! Firewall Core Firewall Service;C:\Windows\system32\drivers\aswNdis2.sys --> C:\Windows\system32\drivers\aswNdis2.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 aswFW;avast! TDI Firewall driver;C:\Windows\system32\drivers\aswFW.sys --> C:\Windows\system32\drivers\aswFW.sys [?]
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-9-6 169408]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-5-16 42184]
R2 avast! Firewall;avast! Firewall;C:\Program Files\Alwil Software\Avast5\afwServ.exe [2011-5-16 121000]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2010-2-28 821664]
R2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2009-6-9 155648]
R2 FreeAgentGoNext Service;Seagate Service;C:\Program Files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-12-18 189736]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-5-29 13336]
R2 MediaMall Server;MediaMall Server;C:\Program Files (x86)\MediaMall\MediaMallServer.exe [2011-5-5 4407152]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-4-24 483688]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-3-31 705856]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
R3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
R3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
R3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
R3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-4-24 209768]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 sprtsvc_DellComms;SupportSoft Sprocket Service (DellComms);"C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe" /service /P DellComms --> C:\Program Files (x86)\Dell\DellComms\bin\sprtsvc.exe [?]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-22 1493352]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;C:\Program Files\Zune\WMZuneComm.exe [2010-9-24 306416]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2011-06-04 02:13:25 8718160 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5488E09B-6CBD-4774-B5F0-B7E200E0F942}\mpengine.dll
2011-05-31 07:30:34 -------- d-----w- C:\Users\Mexicans\AppData\Roaming\com.picaboo.Picaboo.A382D4714709B456C4E0088DFC1F7243AF9EBF75.1
2011-05-31 07:30:30 -------- d-----w- C:\Program Files (x86)\Picaboo X
2011-05-31 03:09:35 -------- d-----w- C:\Users\Mexicans\AppData\Local\Microsoft Help
2011-05-30 00:06:31 438808 ----a-w- C:\Windows\System32\drivers\iaStor.sys
2011-05-25 23:22:44 -------- d-----w- C:\Program Files\Dell Support Center
2011-05-24 20:40:29 27520 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2011-05-24 20:24:52 142336 ----a-w- C:\Windows\System32\poqexec.exe
2011-05-24 20:24:52 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
2011-05-23 07:08:14 -------- d-----w- C:\Users\Mexicans\AppData\Local\mypaint
2011-05-23 07:08:02 -------- d-----w- C:\Program Files (x86)\MyPaint
2011-05-23 06:42:34 -------- d-----w- C:\Windows\$regcmp$
2011-05-23 06:37:48 -------- d-----w- C:\Users\Mexicans\AppData\Roaming\SmartPCTools
2011-05-23 06:37:28 -------- d-----w- C:\Program Files (x86)\SmartPCTools
2011-05-23 06:25:20 -------- d-----w- C:\Users\Mexicans\AppData\Roaming\BatteryCare
2011-05-23 06:25:17 -------- d-----w- C:\Program Files (x86)\BatteryCare
2011-05-23 06:14:11 -------- d-----w- C:\Users\Mexicans\AppData\Roaming\aignes
2011-05-23 06:12:04 -------- d-----w- C:\Program Files (x86)\AM-DeadLink
2011-05-23 06:02:07 -------- d-----w- C:\Users\Mexicans\AppData\Roaming\GlarySoft
2011-05-23 06:02:06 -------- d-----w- C:\Program Files (x86)\Absolute Uninstaller
2011-05-23 05:48:39 -------- d-----w- C:\Program Files\iTunes
2011-05-23 05:48:39 -------- d-----w- C:\Program Files\iPod
2011-05-23 05:46:35 -------- d-----w- C:\Program Files\Bonjour
2011-05-23 05:46:35 -------- d-----w- C:\Program Files (x86)\Bonjour
2011-05-22 04:34:42 -------- d-----w- C:\Users\Mexicans\AppData\Local\{41A2D231-0E87-4B7D-8DB9-A275A984DA5A}
2011-05-22 04:33:04 -------- d-----w- C:\Users\Mexicans\AppData\Local\{9AC8F15E-3823-4AD2-A8DC-550BB81DDEBD}
2011-05-21 23:36:42 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-05-21 05:13:55 -------- d-----w- C:\Users\Mexicans\AppData\Local\{B9F0A7A6-D091-4ABB-BB58-4F375D6B0FA8}
2011-05-21 04:43:03 -------- d-----w- C:\ProgramData\VirtualizedApplications
2011-05-21 02:15:10 -------- d-----w- C:\Users\Mexicans\AppData\Local\SoftGrid Client
2011-05-21 02:15:09 -------- d-----w- C:\Users\Mexicans\AppData\Roaming\SoftGrid Client
2011-05-21 02:14:01 -------- d-----w- C:\Program Files (x86)\Microsoft Application Virtualization Client
2011-05-21 02:13:04 -------- d-----w- C:\Users\Mexicans\AppData\Roaming\TP
2011-05-19 05:26:51 -------- d-----w- C:\Users\Mexicans\AppData\Local\{69FCC6BB-686E-40C4-9E8C-F9D0FC7823C7}
2011-05-19 01:03:19 388096 ----a-r- C:\Users\Mexicans\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-05-19 01:03:19 -------- d-----w- C:\Program Files (x86)\Trend Micro
2011-05-17 07:11:09 -------- d-----w- C:\Program Files (x86)\VideoLAN
2011-05-11 21:39:02 5562240 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-05-11 21:39:00 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2011-05-11 21:38:59 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2011-05-11 21:38:57 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2011-05-11 21:38:56 98816 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2011-05-11 21:38:56 7936 ----a-w- C:\Windows\System32\drivers\usbd.sys
2011-05-11 21:38:56 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2011-05-11 21:38:56 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2011-05-11 21:38:56 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2011-05-11 07:38:01 -------- d-----w- C:\Program Files (x86)\MediaMall
2011-05-11 07:38:01 -------- d-----w- C:\Program Files (x86)\Common Files\ffdshowEx
2011-05-11 07:36:57 -------- d-----w- C:\ProgramData\MediaMall
2011-05-11 07:35:58 -------- d-----w- C:\Windows\Downloaded Installations
.
==================== Find3M ====================
.
2011-05-10 12:10:59 40112 ----a-w- C:\Windows\avastSS.scr
2011-05-10 12:04:52 127832 ----a-w- C:\Windows\System32\drivers\aswFW.sys
2011-05-10 12:04:08 600920 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2011-05-10 12:03:36 253784 ----a-w- C:\Windows\System32\drivers\aswNdis2.sys
2011-05-10 11:59:48 64344 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2011-04-13 22:40:10 4284416 ----a-w- C:\Windows\SysWow64\GPhotos.scr
2011-04-06 23:26:58 96544 ----a-w- C:\Windows\System32\dnssd.dll
2011-04-06 23:26:58 69408 ----a-w- C:\Windows\System32\jdns_sd.dll
2011-04-06 23:26:58 237856 ----a-w- C:\Windows\System32\dnssdX.dll
2011-04-06 23:26:58 119584 ----a-w- C:\Windows\System32\dns-sd.exe
2011-04-06 23:20:16 91424 ----a-w- C:\Windows\SysWow64\dnssd.dll
2011-04-06 23:20:16 75040 ----a-w- C:\Windows\SysWow64\jdns_sd.dll
2011-04-06 23:20:16 197920 ----a-w- C:\Windows\SysWow64\dnssdX.dll
2011-04-06 23:20:16 107808 ----a-w- C:\Windows\SysWow64\dns-sd.exe
2011-03-12 12:08:49 1465344 ----a-w- C:\Windows\System32\XpsPrint.dll
2011-03-12 11:23:45 870912 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2011-03-11 06:41:37 189824 ----a-w- C:\Windows\System32\drivers\storport.sys
2011-03-11 06:41:34 166272 ----a-w- C:\Windows\System32\drivers\nvstor.sys
2011-03-11 06:41:34 1659776 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2011-03-11 06:41:34 148352 ----a-w- C:\Windows\System32\drivers\nvraid.sys
2011-03-11 06:41:26 410496 ----a-w- C:\Windows\System32\drivers\iaStorV.sys
2011-03-11 06:41:12 27008 ----a-w- C:\Windows\System32\drivers\amdxata.sys
2011-03-11 06:41:12 107904 ----a-w- C:\Windows\System32\drivers\amdsata.sys
2011-03-11 06:34:51 1359872 ----a-w- C:\Windows\System32\mfc42u.dll
2011-03-11 06:34:50 1395712 ----a-w- C:\Windows\System32\mfc42.dll
2011-03-11 06:33:29 2565632 ----a-w- C:\Windows\System32\esent.dll
2011-03-11 06:30:28 96768 ----a-w- C:\Windows\System32\fsutil.exe
2011-03-11 05:33:59 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll
2011-03-11 05:33:59 1137664 ----a-w- C:\Windows\SysWow64\mfc42.dll
2011-03-11 05:33:09 1699328 ----a-w- C:\Windows\SysWow64\esent.dll
2011-03-11 05:31:07 74240 ----a-w- C:\Windows\SysWow64\fsutil.exe
2011-03-08 06:29:32 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2011-03-08 05:28:29 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll
.
============= FINISH: 22:14:07.00 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-03.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 4/23/2010 2:07:08 PM
System Uptime: 6/3/2011 2:49:56 AM (20 hours ago)
.
Motherboard: Dell Inc. | | 0G848F
Processor: Pentium® Dual-Core CPU T4400 @ 2.20GHz | Microprocessor | 2200/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 451 GiB total, 341.668 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP225: 5/22/2011 3:00:27 AM - Windows Update
RP226: 5/25/2011 4:22:08 PM - Installed Dell Support Center
RP227: 5/26/2011 6:35:46 AM - Windows Update
RP228: 5/31/2011 7:26:16 PM - Windows Update
.
==== Installed Programs ======================
.
Absolute Uninstaller 2.8.0.636
Adobe AIR
Adobe Community Help
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop Elements 9
Adobe Photoshop.com Inspiration Browser
Adobe Premiere Elements 9
Adobe Reader 9.4.4
Advanced Audio FX Engine
AM-DeadLink 4.4
Apple Application Support
Apple Software Update
avast! Internet Security
BatteryCare 0.9.8.10
Bazooka Scanner
BlackBerry App World Browser Plugin
BlackBerry Desktop Software 6.0
BlackBerry Device Software Updater
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Compatibility Pack for the 2007 Office system
D3DX10
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell DataSafe Online
Dell Dock
Dell Driver Download Manager
Dell Getting Started Guide
Dell Webcam Central
Elements 9 Organizer
Elements STI Installer
Feedback Tool
GoToAssist 8.0.0.514
HiJackThis
Hulu Desktop
Insert Code for Windows Live Writer
Intel® Control Center
Intel® Rapid Storage Technology
Java Auto Updater
Java™ 6 Update 16
Java™ 6 Update 24
Junk Mail filter update
Kobo
Live! Cam Avatar Creator
Malwarebytes' Anti-Malware
Mesh Runtime
Messenger Companion
Microsoft Office Click-to-Run 2010
Microsoft Office Home and Business 2010 - English
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Works
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_CRT_x86
Mozilla Firefox (3.6.13)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
muvee Reveal Seagate Edition
MyPaint 0.9.1
Now Playing Plugin for Windows Live Writer
Pandora
Picaboo X
Picasa 3
Picasa Plugin for Windows Live Writer
PlayOn
Polaroid Picture v1.7
PowerDVD DX
QuickTime
Registry Repair Wizard
Roxio Burn
Safari
Seagate Manager Installer
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
SimCity 4 Deluxe
SimCity™ Societies
SimCity™ Societies Destinations
Skype Toolbars
Skype™ 5.3
SmartSound Quicktracks for Premiere Elements 9.0
SPORE™ Creature Creator Trial Edition
The Sims Carnival SnapCity
VLC media player 1.1.9
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Writerous
Yahoo! Messenger
.
==== Event Viewer Messages From Past Week ========
.
6/2/2011 12:34:41 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
6/1/2011 10:40:08 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR2.
.
==== End Of File ===========================

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:14 AM

Posted 04 June 2011 - 01:12 AM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 mexigonzo

mexigonzo
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:USA
  • Local time:08:14 PM

Posted 04 June 2011 - 09:09 PM

I intalled and ran ComboFix like you asked. I disabled Avast and Windows Defender before I did; however, I noticed at the top of the ComboFix log it said Window Defender was enabled. Not sure if that messed up the scan or not. The scan took awhile to complete (1hr, 38 min), during which time Avast tried twice to come back online (I only selected disable for 1 hr since the scan said it typically takes 10 min or so to complete). The only other problem I ran into was when ComboFix was trying to save the log. A message popped up saying: Error saving file c:\combofix\hiv\software! Continue with next file? [RegSaveKey Ex: 1314 - A required privelege is not held by the client] This afternoon I checked the browser to see if I had any more pop ups. For awhile I didn't have any, but then it started up again. It seemed a little less frequent at first. Here is my ComboFix log:

ComboFix 11-06-04.02 - Mexicans 06/03/2011 23:47:41.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.4056.1846 [GMT -7:00]
Running from: c:\users\Mexicans\Desktop\ComboFix.exe
AV: avast! Internet Security *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
SP: avast! Internet Security *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\programdata\PCDr\5830\Downloads\4546f2bc-b9d9-4667-abe7-b0bacc90279e.dll
c:\programdata\PCDr\5830\Downloads\6820b110-e483-4f1e-9b48-438f7916f078.dll
c:\programdata\PCDr\5830\Downloads\7dbfef1a-6148-4748-a1b3-71627763a45a.dll
c:\programdata\PCDr\5830\Downloads\bf647bd7-dfb5-4746-a6b4-b7c2fdbbf3b1.dll
c:\windows\system32\jusched.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-05-04 to 2011-06-04 )))))))))))))))))))))))))))))))
.
.
2011-06-04 07:53 . 2011-06-04 07:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-04 06:45 . 2011-06-04 06:45 -------- d-----w- C:\32788R22FWJFW
2011-06-04 06:03 . 2011-06-04 06:03 -------- d-----w- c:\program files (x86)\Poladroid
2011-06-04 05:16 . 2011-06-04 06:00 35712 ----a-w- c:\windows\SysWow64\drivers\BlackBox.sys
2011-06-04 02:13 . 2011-05-09 22:00 8718160 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5488E09B-6CBD-4774-B5F0-B7E200E0F942}\mpengine.dll
2011-05-31 07:30 . 2011-05-31 07:30 -------- d-----w- c:\users\Mexicans\AppData\Roaming\com.picaboo.Picaboo.A382D4714709B456C4E0088DFC1F7243AF9EBF75.1
2011-05-31 07:30 . 2011-05-31 07:30 -------- d-----w- c:\program files (x86)\Picaboo X
2011-05-31 03:09 . 2011-05-31 03:09 -------- d-----w- c:\programdata\Microsoft Help
2011-05-31 03:09 . 2011-05-31 03:09 -------- d-----w- c:\users\Mexicans\AppData\Local\Microsoft Help
2011-05-30 00:06 . 2010-11-06 06:45 438808 ----a-w- c:\windows\system32\drivers\iaStor.sys
2011-05-25 23:22 . 2011-05-25 23:23 -------- d-----w- c:\program files\Dell Support Center
2011-05-24 20:40 . 2011-04-22 22:15 27520 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-05-24 20:24 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2011-05-24 20:24 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2011-05-23 07:08 . 2011-05-23 07:27 -------- d-----w- c:\users\Mexicans\AppData\Local\mypaint
2011-05-23 07:08 . 2011-05-23 07:08 -------- d-----w- c:\program files (x86)\MyPaint
2011-05-23 06:42 . 2011-05-23 06:44 -------- d-----w- c:\windows\$regcmp$
2011-05-23 06:37 . 2011-05-23 06:37 -------- d-----w- c:\users\Mexicans\AppData\Roaming\SmartPCTools
2011-05-23 06:37 . 2011-05-23 06:37 -------- d-----w- c:\program files (x86)\SmartPCTools
2011-05-23 06:25 . 2011-05-23 06:25 -------- d-----w- c:\users\Mexicans\AppData\Roaming\BatteryCare
2011-05-23 06:25 . 2011-05-23 06:25 -------- d-----w- c:\program files (x86)\BatteryCare
2011-05-23 06:14 . 2011-05-23 06:14 -------- d-----w- c:\users\Mexicans\AppData\Roaming\aignes
2011-05-23 06:12 . 2011-05-23 06:12 -------- d-----w- c:\program files (x86)\AM-DeadLink
2011-05-23 06:02 . 2011-05-23 06:06 -------- d-----w- c:\users\Mexicans\AppData\Roaming\GlarySoft
2011-05-23 06:02 . 2011-05-23 06:02 -------- d-----w- c:\program files (x86)\Absolute Uninstaller
2011-05-23 05:51 . 2011-05-23 05:51 -------- d-----w- c:\program files (x86)\Safari
2011-05-23 05:48 . 2011-05-23 05:49 -------- d-----w- c:\program files\iTunes
2011-05-23 05:48 . 2011-05-23 05:48 -------- d-----w- c:\program files\iPod
2011-05-23 05:46 . 2011-05-23 05:46 -------- d-----w- c:\program files\Bonjour
2011-05-23 05:46 . 2011-05-23 05:46 -------- d-----w- c:\program files (x86)\Bonjour
2011-05-22 04:34 . 2011-05-22 04:34 -------- d-----w- c:\users\Mexicans\AppData\Local\{41A2D231-0E87-4B7D-8DB9-A275A984DA5A}
2011-05-22 04:33 . 2011-05-22 04:33 -------- d-----w- c:\users\Mexicans\AppData\Local\{9AC8F15E-3823-4AD2-A8DC-550BB81DDEBD}
2011-05-21 23:36 . 2011-05-21 23:36 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-05-21 05:13 . 2011-05-21 05:14 -------- d-----w- c:\users\Mexicans\AppData\Local\{B9F0A7A6-D091-4ABB-BB58-4F375D6B0FA8}
2011-05-21 04:43 . 2011-05-21 04:43 -------- d-----w- c:\programdata\VirtualizedApplications
2011-05-21 02:20 . 2011-05-21 02:20 -------- d-----r- C:\MSOCache
2011-05-21 02:15 . 2011-05-21 02:15 -------- d-----w- c:\users\Mexicans\AppData\Local\SoftGrid Client
2011-05-21 02:15 . 2011-05-31 02:18 -------- d-----w- c:\users\Mexicans\AppData\Roaming\SoftGrid Client
2011-05-21 02:14 . 2011-05-22 10:01 -------- d-----w- c:\program files (x86)\Microsoft Application Virtualization Client
2011-05-21 02:13 . 2011-05-21 02:15 -------- d-----w- c:\users\Mexicans\AppData\Roaming\TP
2011-05-19 05:26 . 2011-05-19 05:27 -------- d-----w- c:\users\Mexicans\AppData\Local\{69FCC6BB-686E-40C4-9E8C-F9D0FC7823C7}
2011-05-19 01:03 . 2011-05-19 01:03 388096 ----a-r- c:\users\Mexicans\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-05-19 01:03 . 2011-05-19 01:03 -------- d-----w- c:\program files (x86)\Trend Micro
2011-05-17 07:11 . 2011-05-17 07:20 -------- d-----w- c:\users\Mexicans\AppData\Roaming\vlc
2011-05-17 07:11 . 2011-05-17 07:11 -------- d-----w- c:\program files (x86)\VideoLAN
2011-05-11 21:39 . 2011-04-09 07:02 5562240 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-05-11 21:39 . 2011-04-09 06:02 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2011-05-11 21:38 . 2011-04-09 06:02 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2011-05-11 21:38 . 2011-03-25 03:29 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys
2011-05-11 21:38 . 2011-03-25 03:29 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2011-05-11 21:38 . 2011-03-25 03:29 98816 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-05-11 21:38 . 2011-03-25 03:29 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2011-05-11 21:38 . 2011-03-25 03:29 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2011-05-11 21:38 . 2011-03-25 03:28 7936 ----a-w- c:\windows\system32\drivers\usbd.sys
2011-05-11 07:38 . 2011-05-11 07:38 -------- d-----w- c:\program files (x86)\MediaMall
2011-05-11 07:38 . 2011-05-11 07:38 -------- d-----w- c:\program files (x86)\Common Files\ffdshowEx
2011-05-11 07:36 . 2011-06-01 05:00 -------- d-----w- c:\programdata\MediaMall
2011-05-11 07:35 . 2011-05-11 07:35 -------- d-----w- c:\windows\Downloaded Installations
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-10 12:10 . 2010-12-16 20:01 40112 ----a-w- c:\windows\avastSS.scr
2011-05-10 12:10 . 2010-04-24 22:18 199304 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-05-10 12:10 . 2011-03-05 01:25 253888 ----a-w- c:\windows\system32\aswBoot.exe
2011-05-10 12:04 . 2010-12-16 20:03 127832 ----a-w- c:\windows\system32\drivers\aswFW.sys
2011-05-10 12:04 . 2010-12-16 20:03 600920 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-05-10 12:04 . 2010-04-24 22:18 287576 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-05-10 12:03 . 2010-12-16 20:03 253784 ----a-w- c:\windows\system32\drivers\aswNdis2.sys
2011-05-10 12:02 . 2010-04-24 22:18 53592 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-05-10 11:59 . 2010-04-24 22:18 31064 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-05-10 11:59 . 2010-04-24 22:18 64344 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-05-10 11:59 . 2010-04-24 22:18 22360 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-04-23 04:54 . 2011-04-23 04:54 53248 ----a-r- c:\users\Mexicans\AppData\Roaming\Microsoft\Installer\{B0A92733-C870-415C-A494-DF72C2C58402}\ARPPRODUCTICON.exe
2011-04-13 22:40 . 2011-04-13 22:40 4284416 ----a-w- c:\windows\SysWow64\GPhotos.scr
2011-04-06 23:26 . 2011-04-06 23:26 96544 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 23:26 . 2011-04-06 23:26 69408 ----a-w- c:\windows\system32\jdns_sd.dll
2011-04-06 23:26 . 2011-04-06 23:26 237856 ----a-w- c:\windows\system32\dnssdX.dll
2011-04-06 23:26 . 2011-04-06 23:26 119584 ----a-w- c:\windows\system32\dns-sd.exe
2011-04-06 23:20 . 2011-04-06 23:20 91424 ----a-w- c:\windows\SysWow64\dnssd.dll
2011-04-06 23:20 . 2011-04-06 23:20 75040 ----a-w- c:\windows\SysWow64\jdns_sd.dll
2011-04-06 23:20 . 2011-04-06 23:20 197920 ----a-w- c:\windows\SysWow64\dnssdX.dll
2011-04-06 23:20 . 2011-04-06 23:20 107808 ----a-w- c:\windows\SysWow64\dns-sd.exe
2011-04-06 18:47 . 2011-04-06 18:47 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-04-06 18:47 . 2011-04-06 18:47 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-04-06 18:47 . 2011-04-06 18:47 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-04-06 18:47 . 2011-04-06 18:47 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-04-06 18:47 . 2011-04-06 18:47 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-04-06 18:47 . 2011-04-06 18:47 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-04-06 18:47 . 2011-04-06 18:47 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-04-06 18:47 . 2011-04-06 18:47 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-04-06 18:47 . 2011-04-06 18:47 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-04-06 18:47 . 2011-04-06 18:47 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-04-06 18:47 . 2011-04-06 18:47 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-04-06 18:47 . 2011-04-06 18:47 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-04-06 18:47 . 2011-04-06 18:47 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-04-06 18:47 . 2011-04-06 18:47 448512 ----a-w- c:\windows\system32\html.iec
2011-04-06 18:47 . 2011-04-06 18:47 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-04-06 18:47 . 2011-04-06 18:47 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-04-06 18:47 . 2011-04-06 18:47 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-04-06 18:47 . 2011-04-06 18:47 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-06 18:47 . 2011-04-06 18:47 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-04-06 18:47 . 2011-04-06 18:47 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-04-06 18:47 . 2011-04-06 18:47 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-04-06 18:47 . 2011-04-06 18:47 2303488 ----a-w- c:\windows\system32\jscript9.dll
2011-04-06 18:47 . 2011-04-06 18:47 222208 ----a-w- c:\windows\system32\msls31.dll
2011-04-06 18:47 . 2011-04-06 18:47 1797632 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-04-06 18:47 . 2011-04-06 18:47 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-04-06 18:47 . 2011-04-06 18:47 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-04-06 18:47 . 2011-04-06 18:47 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-04-06 18:47 . 2011-04-06 18:47 160256 ----a-w- c:\windows\system32\wextract.exe
2011-04-06 18:47 . 2011-04-06 18:47 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-04-06 18:47 . 2011-04-06 18:47 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-04-06 18:47 . 2011-04-06 18:47 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-06 18:47 . 2011-04-06 18:47 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-04-06 18:47 . 2011-04-06 18:47 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-04-06 18:47 . 2011-04-06 18:47 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-04-06 18:47 . 2011-04-06 18:47 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-04-06 18:47 . 2011-04-06 18:47 12288 ----a-w- c:\windows\system32\mshta.exe
2011-04-06 18:47 . 2011-04-06 18:47 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-04-06 18:47 . 2011-04-06 18:47 114176 ----a-w- c:\windows\system32\admparse.dll
2011-04-06 18:47 . 2011-04-06 18:47 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-04-06 18:47 . 2011-04-06 18:47 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-04-06 18:47 . 2011-04-06 18:47 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-04-06 18:47 . 2011-04-06 18:47 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-03-12 12:08 . 2011-04-26 20:42 1465344 ----a-w- c:\windows\system32\XpsPrint.dll
2011-03-12 11:23 . 2011-04-26 20:42 870912 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2011-03-11 06:41 . 2011-04-26 20:41 189824 ----a-w- c:\windows\system32\drivers\storport.sys
2011-03-11 06:41 . 2011-04-26 20:41 166272 ----a-w- c:\windows\system32\drivers\nvstor.sys
2011-03-11 06:41 . 2011-04-26 20:41 1659776 ----a-w- c:\windows\system32\drivers\ntfs.sys
2011-03-11 06:41 . 2011-04-26 20:41 148352 ----a-w- c:\windows\system32\drivers\nvraid.sys
2011-03-11 06:41 . 2011-04-26 20:41 410496 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2011-03-11 06:41 . 2011-04-26 20:41 27008 ----a-w- c:\windows\system32\drivers\amdxata.sys
2011-03-11 06:41 . 2011-04-26 20:41 107904 ----a-w- c:\windows\system32\drivers\amdsata.sys
2011-03-11 06:34 . 2011-04-15 04:25 1359872 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-11 06:34 . 2011-04-15 04:25 1395712 ----a-w- c:\windows\system32\mfc42.dll
2011-03-11 06:33 . 2011-04-26 20:41 2565632 ----a-w- c:\windows\system32\esent.dll
2011-03-11 06:30 . 2011-04-26 20:41 96768 ----a-w- c:\windows\system32\fsutil.exe
2011-03-11 05:33 . 2011-04-15 04:25 1164288 ----a-w- c:\windows\SysWow64\mfc42u.dll
2011-03-11 05:33 . 2011-04-15 04:25 1137664 ----a-w- c:\windows\SysWow64\mfc42.dll
2011-03-11 05:33 . 2011-04-26 20:41 1699328 ----a-w- c:\windows\SysWow64\esent.dll
2011-03-11 05:31 . 2011-04-26 20:41 74240 ----a-w- c:\windows\SysWow64\fsutil.exe
2011-03-09 11:00 . 2010-06-24 17:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-03-08 06:29 . 2011-04-15 04:25 976896 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-08 05:28 . 2011-04-15 04:25 741376 ----a-w- c:\windows\SysWow64\inetcomm.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-04-19 15146376]
"PhotoshopElements8SyncAgent"="c:\program files (x86)\Adobe\Elements 9 Organizer\ElementsOrganizerSyncAgent.exe" [2010-09-06 1945536]
"BatteryCare"="c:\program files (x86)\BatteryCare\BatteryCare.exe" [2011-05-13 704512]
"Registry Repair Wizard Scheduler"="c:\program files (x86)\SmartPCTools\Registry Repair Wizard\RCHelper.exe" [2011-04-26 1540480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2010-02-09 1807680]
"PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-12-29 140520]
"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744]
"Desktop Disc Tool"="c:\program files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe" [2009-12-16 498160]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"RIMBBLaunchAgent.exe"="c:\program files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-02-18 79192]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-04-27 421160]
"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-11-06 283160]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2010-09-25 560128]
"Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe" [2011-01-13 165184]
.
c:\users\Mexicans\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVH.EXE [2010-2-28 3207072]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-12-15 1324384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 avast! Firewall;avast! Firewall;c:\program files\Alwil Software\Avast5\afwServ.exe [2011-05-10 121000]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 sprtsvc_DellComms;SupportSoft Sprocket Service (DellComms);c:\program files (x86)\Dell\DellComms\bin\sprtsvc.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2010-09-24 306416]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [x]
S0 aswNdis2;avast! Firewall Core Firewall Service; [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 aswFW;avast! TDI Firewall driver; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-09-06 169408]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2009-06-09 155648]
S2 FreeAgentGoNext Service;Seagate Service;c:\program files (x86)\Seagate\SeagateManager\Sync\FreeAgentService.exe [2009-12-18 189736]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-11-06 13336]
S2 MediaMall Server;MediaMall Server;c:\program files (x86)\MediaMall\MediaMallServer.exe [2011-05-27 4407152]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2010-04-24 483688]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-01-13 705856]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2010-04-24 209768]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-26 c:\windows\Tasks\PCDoctorBackgroundMonitorTask.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-05-16 22:16]
.
2011-06-04 c:\windows\Tasks\SystemToolsDailyTest.job
- c:\program files\Dell Support Center\uaclauncher.exe [2011-05-16 22:16]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-05-10 12:10 134384 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-01-23 305664]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-06-29 444416]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-06-30 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-06-30 385560]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-06-30 365080]
"Broadcom Wireless Manager UI"="c:\program files\Dell\Dell Wireless WLAN Card\WLTRAY.exe" [2009-07-17 4968960]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-07-29 497648]
"QuickSet"="c:\program files\Dell\QuickSet\QuickSet.exe" [2010-06-09 3216544]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Mexicans\AppData\Roaming\Mozilla\Firefox\Profiles\xi1f2msv.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Skype extension: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: avast! WebRep: wrc@avast.com - c:\program files\Alwil Software\Avast5\WebRep\FF
FF - user.js: general.useragent.extra.brc -
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
Wow6432Node-HKLM-Run-DellSupportCenter - c:\program files (x86)\Dell Support Center\bin\sprtcmd.exe
SafeBoot-mcmscsvc
SafeBoot-MCODS
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
Completion time: 2011-06-04 01:38:27
ComboFix-quarantined-files.txt 2011-06-04 08:38
.
Pre-Run: 366,651,412,480 bytes free
Post-Run: 370,066,698,240 bytes free
.
- - End Of File - - 0CECDDF99B837A094C4A42AA2FB0C1AF

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:14 AM

Posted 04 June 2011 - 09:17 PM

I want you to run this tool for me next.

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 mexigonzo

mexigonzo
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:USA
  • Local time:08:14 PM

Posted 04 June 2011 - 11:17 PM

I installed and ran TDSSKiller but nothing was found. I'm still experiencing pop ups and redirects.

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:14 AM

Posted 04 June 2011 - 11:20 PM

we are going to check the router

Create and Run Batch File
Open Notepad and copy/paste the entire contents of the codebox below, into Notepad:
@echo off
>Log1.txt (
ipconfig /all
nslookup google.com
nslookup yahoo.com
ping -n 2 google.com
ping -n 2 yahoo.com
route print
)
start Log1.txt
del %0
Save this as router.bat Choose to Save type as - All Files and where to save - Desktop - then close the Notepad file.

It should look like this: Posted Image <--XP
Double-click on router.bat to run it. it will open notepad when done please post back the results
gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 mexigonzo

mexigonzo
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:USA
  • Local time:08:14 PM

Posted 04 June 2011 - 11:25 PM

Here are the results:

Windows IP Configuration

Host Name . . . . . . . . . . . . : Mexicans-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Dell Wireless 1397 WLAN Mini-Card
Physical Address. . . . . . . . . : F0-7B-CB-41-C7-56
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::fc05:8156:4883:de6a%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.4(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Saturday, June 04, 2011 9:08:07 PM
Lease Expires . . . . . . . . . . : Sunday, June 05, 2011 9:08:10 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 233864139
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-45-87-9D-A4-BA-DB-B2-13-22
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Marvell Yukon 88E8040 PCI-E Fast Ethernet Controller
Physical Address. . . . . . . . . : A4-BA-DB-B2-13-22
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{91F87321-A9F3-43BD-A3A1-165B811CBF8F}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{EA94258F-4CDE-4D3E-9305-9DB2792CC0CF}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fd:10c8:23e2:3f57:fefb(Preferred)
Link-local IPv6 Address . . . . . : fe80::10c8:23e2:3f57:fefb%21(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: UnKnown
Address: 192.168.1.1

Name: google.com
Addresses: 74.125.115.147
74.125.115.105
74.125.115.106
74.125.115.99
74.125.115.104
74.125.115.103

Server: UnKnown
Address: 192.168.1.1

Name: yahoo.com
Addresses: 98.137.149.56
209.191.122.70
72.30.2.43
69.147.125.65
67.195.160.76


Pinging google.com [74.125.93.103] with 32 bytes of data:
Reply from 74.125.93.103: bytes=32 time=107ms TTL=49
Reply from 74.125.93.103: bytes=32 time=110ms TTL=49

Ping statistics for 74.125.93.103:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 107ms, Maximum = 110ms, Average = 108ms

Pinging yahoo.com [69.147.125.65] with 32 bytes of data:
Reply from 69.147.125.65: bytes=32 time=104ms TTL=48
Reply from 69.147.125.65: bytes=32 time=107ms TTL=48

Ping statistics for 69.147.125.65:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 104ms, Maximum = 107ms, Average = 105ms
===========================================================================
Interface List
11...f0 7b cb 41 c7 56 ......Dell Wireless 1397 WLAN Mini-Card
10...a4 ba db b2 13 22 ......Marvell Yukon 88E8040 PCI-E Fast Ethernet Controller
1...........................Software Loopback Interface 1
20...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
22...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
21...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.4 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.4 281
192.168.1.4 255.255.255.255 On-link 192.168.1.4 281
192.168.1.255 255.255.255.255 On-link 192.168.1.4 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.4 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.4 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
21 58 ::/0 On-link
1 306 ::1/128 On-link
21 58 2001::/32 On-link
21 306 2001:0:5ef5:79fd:10c8:23e2:3f57:fefb/128
On-link
11 281 fe80::/64 On-link
21 306 fe80::/64 On-link
21 306 fe80::10c8:23e2:3f57:fefb/128
On-link
11 281 fe80::fc05:8156:4883:de6a/128
On-link
1 306 ff00::/8 On-link
21 306 ff00::/8 On-link
11 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:14 AM

Posted 05 June 2011 - 12:17 AM

Hello

let me know how things are after this step



Resetting Router

Let’s try to reset the router to its default configuration.
  • This can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router.
  • Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds).
  • If you don’t know the router's default password, you can look it up. Here
  • You also need to reconfigure any security settings you had in place prior to the reset.
  • You may also need to consult with your Internet service provider to find out which DNS servers your network should be using or you can use OpenDNS
Note: After resetting your router, it is important to set a non-default password, and if possible, username, on the router. This will assist in eliminating the possibility of the router being hijacked again.

flush the DNS:

Now lets flush the DNS on the computer:

  • click on Start
  • select run
  • enter cmd and hit enter
  • a black window will open.
  • please enter the following text into that window and hit enter:


    ipconfig /flushdns

Now lets check the router again

Create and Run Batch File
Open Notepad and copy/paste the entire contents of the codebox below, into Notepad:
@echo off
>Log1.txt (
ipconfig /all
nslookup google.com
nslookup yahoo.com
ping -n 2 google.com
ping -n 2 yahoo.com
route print
)
start Log1.txt
del %0
Save this as router.bat Choose to Save type as - All Files and where to save - Desktop - then close the Notepad file.

It should look like this: Posted Image <--XP
Double-click on router.bat to run it. it will open notepad when done please post back the results

gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 mexigonzo

mexigonzo
  • Topic Starter

  • Members
  • 45 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:USA
  • Local time:08:14 PM

Posted 05 June 2011 - 01:09 AM

Ok I reset the router. Afterwards I was able to open 5 tabs without any popups or redirects. Here are the results:


Windows IP Configuration

Host Name . . . . . . . . . . . . : Mexicans-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Dell Wireless 1397 WLAN Mini-Card
Physical Address. . . . . . . . . : F0-7B-CB-41-C7-56
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::fc05:8156:4883:de6a%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.2(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Saturday, June 04, 2011 10:39:23 PM
Lease Expires . . . . . . . . . . : Sunday, June 05, 2011 11:00:27 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 233864139
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-45-87-9D-A4-BA-DB-B2-13-22
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Marvell Yukon 88E8040 PCI-E Fast Ethernet Controller
Physical Address. . . . . . . . . : A4-BA-DB-B2-13-22
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{91F87321-A9F3-43BD-A3A1-165B811CBF8F}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{EA94258F-4CDE-4D3E-9305-9DB2792CC0CF}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:869:2b45:9d08:a76c(Preferred)
Link-local IPv6 Address . . . . . : fe80::869:2b45:9d08:a76c%21(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: UnKnown
Address: 192.168.1.1

Name: google.com
Addresses: 74.125.224.84
74.125.224.80
74.125.224.83
74.125.224.81
74.125.224.82

Server: UnKnown
Address: 192.168.1.1

Name: yahoo.com
Addresses: 69.147.125.65
72.30.2.43
98.137.149.56
209.191.122.70
67.195.160.76


Pinging google.com [74.125.224.147] with 32 bytes of data:
Reply from 74.125.224.147: bytes=32 time=36ms TTL=50
Reply from 74.125.224.147: bytes=32 time=38ms TTL=50

Ping statistics for 74.125.224.147:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 36ms, Maximum = 38ms, Average = 37ms

Pinging yahoo.com [98.137.149.56] with 32 bytes of data:
Reply from 98.137.149.56: bytes=32 time=56ms TTL=50
Reply from 98.137.149.56: bytes=32 time=57ms TTL=50

Ping statistics for 98.137.149.56:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 56ms, Maximum = 57ms, Average = 56ms
===========================================================================
Interface List
11...f0 7b cb 41 c7 56 ......Dell Wireless 1397 WLAN Mini-Card
10...a4 ba db b2 13 22 ......Marvell Yukon 88E8040 PCI-E Fast Ethernet Controller
1...........................Software Loopback Interface 1
20...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
22...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
21...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.2 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.2 281
192.168.1.2 255.255.255.255 On-link 192.168.1.2 281
192.168.1.255 255.255.255.255 On-link 192.168.1.2 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.2 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.2 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
21 58 ::/0 On-link
1 306 ::1/128 On-link
21 58 2001::/32 On-link
21 306 2001:0:4137:9e76:869:2b45:9d08:a76c/128
On-link
11 281 fe80::/64 On-link
21 306 fe80::/64 On-link
21 306 fe80::869:2b45:9d08:a76c/128
On-link
11 281 fe80::fc05:8156:4883:de6a/128
On-link
1 306 ff00::/8 On-link
21 306 ff00::/8 On-link
11 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:12:14 AM

Posted 05 June 2011 - 02:59 AM

Hello

:P2P Warning!:

IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

Please note that as long as you are using any form of Peer-to-Peer networking and downloading files from non-documented sources, you can expect infestations of malware to occur
Once upon a time, P2P file sharing was fairly safe. That is no longer true. P2P programs form a direct conduit on to your computer, their security measures are easily circumvented and malware writers are increasingly exploiting them to spread their wares on to your computer. Further to that, if your P2P program is not configured correctly, your computer may be sharing more files than you realise. There have been cases where people's passwords, address books and other personal, private, and financial details have been exposed to a file sharing network by a badly configured program.

Please read these short reports on the dangers of peer-2-peer programs and file sharing.

FBI Cyber Education Letter
File sharing infects 500,000 computers
USAToday
infoworld


These logs are looking alot better. But we still have some work to do.

Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..

uninstall some programs

1. click on start
2. then go to settings
3. after that you need control panel
4. look for the icon add/remove programs
click on the following programs

Adobe Reader 9.4.4
Java™ 6 Update 16


and click on remove

Update Adobe Reader

Recently there have been vunerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

If you don't like Adobe Reader (53 MB), you can download Foxit PDF Reader(7 MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

Note: When installing FoxitReader, be carefull not to install anything to do with AskBar.
[/list]
Clear your Java Cache

  • click on Start-> Control Panel (Classic View)-> Java (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
      Applications and Applets
      Trace and Log Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.

TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :

  • I would like you to rerun MBAM
  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
  • If you accidently close it, the log file is saved here and will be named like this:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis

  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

"information and logs"

  • In your next post I need the following

  • Log From MBAM
  • report from Hijackthis
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users