Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirecting and other problems


  • This topic is locked This topic is locked
26 replies to this topic

#1 qwertyo

qwertyo

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:45 PM

Posted 07 June 2011 - 10:04 PM

Recently I had gotten a Windows Registry Virus, I got rid of the virus but I'm still having problems. When I use Google, sites that I click on will be redirected to advertisements and junk. Another problem I am having is that my computer will play advertisements but it is only the sound and no video.

.
DDS (Ver_2011-06-03.01) - NTFSx86
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_22
Run by Owner at 20:24:27 on 2011-06-07
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1454 [GMT -6:00]
.
FW: AVG Firewall *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
C:\Program Files\Intel\WiFi\bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\Program Files\Zune\ZuneBusEnum.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Owner\My Documents\Downloads\Defogger.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com/?pc=Z039&form=ZGAPHP
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
uURLSearchHooks: H - No File
BHO: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [IntelZeroConfig] "c:\program files\intel\wifi\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\common files\intel\wirelesscommon\iFrmewrk.exe" /tf Intel Wireless Tray
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{3B924846-EBD2-4D00-B74F-5BF03ED7E4D9} : DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
Notify: TPSvc - TPSvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 nwprovau
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\871cszun.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.youtube.com/
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4dee6caf&v=7.005.030.004&i=23&tp=ab&iy=&ychte=us&lng=en-US&q=
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
.
============= SERVICES / DRIVERS ===============
.
R3 NETwLx32; Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;c:\windows\system32\drivers\NETwLx32.sys [2011-6-6 6609920]
S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys --> c:\windows\system32\drivers\is3srv.sys [?]
S0 szkg5;szkg5;c:\windows\system32\drivers\szkg.sys --> c:\windows\system32\drivers\szkg.sys [?]
S0 szkgfs;szkgfs;c:\windows\system32\drivers\szkgfs.sys --> c:\windows\system32\drivers\szkgfs.sys [?]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\zune\WMZuneComm.exe [2010-11-11 268528]
.
=============== Created Last 30 ================
.
2011-06-08 00:44:29 -------- d-----w- c:\program files\ESET
2011-06-08 00:33:54 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-08 00:33:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-06 23:02:35 -------- d-----w- c:\program files\AVAST Software
2011-06-06 23:02:35 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
2011-06-06 22:52:49 -------- d-----w- c:\windows\system32\drivers\AVG
2011-06-06 19:23:55 -------- d-----w- C:\.jpg
2011-06-06 17:30:34 -------- d-----w- c:\documents and settings\owner\application data\Intel
2011-06-06 17:30:04 675840 ----a-w- c:\windows\system32\NETwLc32.dll
2011-06-06 17:30:04 6609920 ----a-w- c:\windows\system32\drivers\NETwLx32.sys
2011-06-06 17:30:04 2756608 ----a-w- c:\windows\system32\NETwLr32.dll
2011-06-06 17:29:24 -------- d-----w- c:\program files\common files\Intel
2011-06-06 17:21:14 -------- d-----w- c:\program files\SystemRequirementsLab
2011-06-06 03:31:51 -------- d-----w- c:\program files\CONEXANT
2011-06-06 02:26:10 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-06-05 23:18:37 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-06-05 23:18:37 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2011-06-05 21:18:14 -------- d-----w- c:\documents and settings\owner\application data\Malwarebytes
2011-06-05 21:18:10 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-06-05 19:28:54 -------- d-----w- c:\documents and settings\all users\application data\STOPzilla!
2011-06-05 18:44:57 -------- d-----w- c:\program files\GridinSoft Trojan Killer
2011-05-30 16:30:34 -------- d-----w- C:\.jagex_cache_32
2011-05-26 20:16:30 -------- d-----w- c:\documents and settings\owner\local settings\application data\uTorrentBar
2011-05-26 15:39:47 -------- d-----w- c:\documents and settings\owner\local settings\application data\Temp
2011-05-26 15:38:48 -------- d-----w- c:\documents and settings\owner\application data\uTorrent
2011-05-26 03:05:16 -------- d-----w- c:\program files\Download Manager
2011-05-26 02:26:02 -------- d-----w- c:\documents and settings\owner\local settings\application data\Electronic Arts
2011-05-26 02:25:43 -------- d-----w- c:\documents and settings\all users\application data\Electronic Arts
2011-05-25 15:12:45 221184 ----a-w- c:\windows\system32\wmpns.dll
2011-05-24 00:56:00 -------- d-----w- c:\documents and settings\owner\local settings\application data\Adobe
2011-05-23 14:45:40 -------- d-----w- c:\program files\common files\Steam
2011-05-23 06:04:40 -------- d-----w- c:\windows\system32\pt-PT
2011-05-23 06:04:40 -------- d-----w- c:\windows\system32\pt-BR
2011-05-23 06:04:40 -------- d-----w- c:\windows\system32\nl-NL
2011-05-23 06:04:40 -------- d-----w- c:\windows\system32\it-IT
2011-05-23 06:04:40 -------- d-----w- c:\windows\system32\fr-FR
2011-05-23 06:04:40 -------- d-----w- c:\windows\system32\es-ES
2011-05-23 06:04:40 -------- d-----w- c:\windows\system32\de-DE
2011-05-23 05:36:54 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
2011-05-23 05:36:39 -------- d-----w- c:\windows\.jagex_cache_32
2011-05-23 05:36:01 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-05-23 05:36:01 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-23 05:35:10 62976 -c----w- c:\windows\system32\dllcache\cdrom.sys
2011-05-23 05:35:10 465920 -c----w- c:\windows\system32\dllcache\imapi2fs.dll
2011-05-23 05:35:10 465920 ------w- c:\windows\system32\imapi2fs.dll
2011-05-23 05:35:10 317952 -c----w- c:\windows\system32\dllcache\imapi2.dll
2011-05-23 05:35:10 317952 ------w- c:\windows\system32\imapi2.dll
2011-05-23 05:34:07 -------- d-----w- c:\windows\system32\LogFiles
2011-05-23 05:21:47 512000 -c----w- c:\windows\system32\dllcache\jscript.dll
2011-05-23 05:09:40 -------- d-----w- c:\windows\system32\en
2011-05-23 05:09:40 -------- d-----w- c:\windows\system32\bits
2011-05-23 04:49:24 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
2011-05-23 04:49:11 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2011-05-23 04:49:11 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2011-05-23 04:49:11 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2011-05-23 04:49:11 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2011-05-23 04:49:11 575488 ------w- c:\windows\system32\xpsshhdr.dll
2011-05-23 04:49:11 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2011-05-23 04:49:11 1676288 ------w- c:\windows\system32\xpssvcs.dll
2011-05-23 04:49:11 117760 ------w- c:\windows\system32\prntvpt.dll
2011-05-23 04:49:11 -------- d-----w- C:\396dd31385c453172c17
2011-05-22 03:18:40 -------- d-----w- c:\windows\system32\appmgmt
2011-05-22 03:16:58 5888 ------w- c:\windows\system32\drivers\smbali.sys
2011-05-22 03:15:51 9728 ------w- c:\windows\system32\rwnh.dll
2011-05-22 03:14:59 63663 ------w- c:\windows\system32\drivers\ati1rvxx.sys
2011-05-22 03:05:37 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-22 02:39:50 6272 ----a-w- c:\windows\system32\drivers\splitter.sys
2011-05-22 02:39:48 83072 ----a-w- c:\windows\system32\drivers\wdmaud.sys
2011-05-22 02:39:46 52864 ----a-w- c:\windows\system32\drivers\dmusic.sys
2011-05-22 02:39:33 56576 ----a-w- c:\windows\system32\drivers\swmidi.sys
2011-05-22 02:39:31 142592 ----a-w- c:\windows\system32\drivers\aec.sys
2011-05-22 02:39:29 172416 ----a-w- c:\windows\system32\drivers\kmixer.sys
2011-05-22 02:39:28 2944 ----a-w- c:\windows\system32\drivers\drmkaud.sys
2011-05-22 02:39:25 60800 ----a-w- c:\windows\system32\drivers\sysaudio.sys
2011-05-22 02:39:22 7552 ----a-w- c:\windows\system32\drivers\mskssrv.sys
2011-05-22 02:39:20 4992 ----a-w- c:\windows\system32\drivers\mspqm.sys
2011-05-22 02:39:07 5376 ----a-w- c:\windows\system32\drivers\mspclock.sys
2011-05-22 02:38:41 4952064 ----a-w- c:\windows\system32\stacgui.cpl
2011-05-22 02:38:41 405504 ----a-w- c:\windows\stsystra.exe
2011-05-22 02:38:41 1601536 ----a-w- c:\windows\system32\stlang.dll
2011-05-22 02:38:40 60160 ----a-w- c:\windows\system32\drivers\drmk.sys
2011-05-22 02:38:40 4096 ----a-w- c:\windows\system32\ksuser.dll
2011-05-22 02:38:26 129536 ----a-w- c:\windows\system32\ksproxy.ax
2011-05-22 02:20:19 -------- d-----w- C:\a5d5614232bed00e7d8cf56a5757
2011-05-22 02:19:55 1222840 ----a-w- c:\windows\system32\drivers\sthda.sys
2011-05-22 02:19:54 270336 ----a-w- c:\windows\system32\stacapi.dll
2011-05-22 02:19:53 146944 ----a-w- c:\windows\system32\st325602.dll
2011-05-22 02:19:46 -------- d-----w- c:\program files\SigmaTel
2011-05-22 02:19:31 733184 ----a-w- c:\program files\common files\installshield\professional\runtime\10\01\intel32\iKernel.dll
2011-05-22 02:19:31 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\10\01\intel32\ctor.dll
2011-05-22 02:19:31 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\10\01\intel32\DotNetInstaller.exe
2011-05-22 02:19:31 266240 ----a-w- c:\program files\common files\installshield\professional\runtime\10\01\intel32\iscript.dll
2011-05-22 02:19:31 172032 ----a-w- c:\program files\common files\installshield\professional\runtime\10\01\intel32\iuser.dll
2011-05-22 02:19:29 180356 ----a-w- c:\program files\common files\installshield\professional\runtime\10\01\intel32\iGdi.dll
2011-05-22 02:19:22 303104 ----a-w- c:\program files\common files\installshield\professional\runtime\10\01\intel32\setup.dll
2011-05-22 02:14:21 -------- d-s---w- c:\documents and settings\owner\UserData
2011-05-22 02:11:09 21504 ----a-w- c:\windows\system32\hidserv.dll
2011-05-22 02:11:04 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2011-05-22 02:11:04 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2011-05-22 02:11:02 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2011-05-22 02:10:50 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2011-05-22 02:10:46 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-05-22 02:08:18 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-05-22 02:08:18 -------- d-----w- c:\windows\system32\wbem\Repository
2011-05-22 02:08:09 -------- d-----w- c:\windows\system32\KB905474
2011-05-22 02:08:09 -------- d-----w- C:\954e0f99156c37d3ef68a3e932f1
2011-05-22 01:43:05 -------- d-----w- c:\windows\system32\NtmsData
2011-05-22 01:35:16 -------- d-----w- c:\documents and settings\owner\application data\ElevatedDiagnostics
2011-05-22 01:25:04 -------- d-----w- C:\14d4e8dcf8524219b28b97b115
2011-05-22 01:00:23 -------- d-----w- C:\fc2afa36e4443b6fed57d66be4
2011-05-22 00:27:22 -------- d-----w- C:\A3SOUND
2011-05-22 00:18:21 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2011-05-22 00:16:38 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2011-05-22 00:13:07 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2011-05-22 00:03:27 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2011-05-21 20:21:29 -------- d-----w- c:\windows\system32\drivers\umdf\pt-BR
2011-05-21 20:21:26 -------- d-----w- c:\windows\system32\drivers\umdf\pt-PT
2011-05-21 20:21:24 -------- d-----w- c:\windows\system32\drivers\umdf\nl-NL
2011-05-21 20:21:22 -------- d-----w- c:\windows\system32\drivers\umdf\it-IT
2011-05-21 20:21:19 -------- d-----w- c:\windows\system32\drivers\umdf\de-DE
2011-05-21 20:21:18 -------- d-----w- c:\windows\system32\drivers\umdf\fr-FR
2011-05-21 20:21:17 -------- d-----w- c:\windows\system32\drivers\umdf\es-ES
2011-05-21 20:20:06 -------- d-----w- c:\windows\system32\drivers\umdf\en-US
2011-05-21 19:52:39 -------- d-----w- c:\windows\system32\scripting
2011-05-21 19:52:39 -------- d-----w- c:\windows\l2schemas
2011-05-21 19:45:59 -------- d-----w- c:\windows\network diagnostic
2011-05-21 18:55:57 -------- d-----w- c:\documents and settings\owner\local settings\application data\Mozilla
2011-05-21 18:55:50 -------- d-----w- c:\program files\Mozilla Firefox(2)
2011-05-11 07:06:12 21504 ----a-w- c:\windows\system32\hidserv(3).dll
2011-05-10 07:51:32 -------- d-----w- c:\documents and settings\owner\application data\MSNInstaller
.
==================== Find3M ====================
.
.
============= FINISH: 20:25:21.92 ===============

Attached Files


Edited by qwertyo, 07 June 2011 - 10:06 PM.


BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:01:45 AM

Posted 09 June 2011 - 07:18 PM

Hi,

Please do the following:

Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 qwertyo

qwertyo
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:45 PM

Posted 09 June 2011 - 08:10 PM

Here is the log from ComboFix

ComboFix 11-06-09.04 - Owner 06/09/2011 18:58:20.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1662 [GMT -6:00]
Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
* Created a new restore point
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\explorer(2).exe
c:\windows\system32\linkinfo(2).dll
c:\windows\system32\usp10(3).dll
.
Infected copy of c:\windows\system32\drivers\volsnap.sys was found and disinfected
Restored copy from - Kitty had a snack :P
.
((((((((((((((((((((((((( Files Created from 2011-05-10 to 2011-06-10 )))))))))))))))))))))))))))))))
.
.
2011-06-08 00:44 . 2011-06-08 00:44 -------- d-----w- c:\program files\ESET
2011-06-08 00:33 . 2011-05-29 15:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-08 00:33 . 2011-06-08 00:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-07 23:36 . 2008-04-14 00:12 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2011-06-06 23:02 . 2011-06-06 23:02 -------- d-----w- c:\program files\AVAST Software
2011-06-06 23:02 . 2011-06-06 23:02 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2011-06-06 22:52 . 2011-06-07 22:47 -------- d-----w- c:\windows\system32\drivers\AVG
2011-06-06 19:23 . 2011-06-06 19:24 -------- d-----w- C:\.jpg
2011-06-06 17:30 . 2011-06-06 17:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Intel
2011-06-06 17:30 . 2011-06-06 17:30 -------- d-----w- c:\documents and settings\Default User\Application Data\Intel
2011-06-06 17:30 . 2011-06-06 17:30 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Intel
2011-06-06 17:30 . 2011-06-06 17:30 -------- d-----w- c:\documents and settings\LocalService\Application Data\Intel
2011-06-06 17:30 . 2011-06-06 17:30 -------- d-----w- c:\documents and settings\Owner\Application Data\Intel
2011-06-06 17:30 . 2010-10-07 10:11 6609920 ----a-w- c:\windows\system32\drivers\NETwLx32.sys
2011-06-06 17:30 . 2010-02-24 22:39 675840 ----a-w- c:\windows\system32\NETwLc32.dll
2011-06-06 17:30 . 2010-02-24 22:37 2756608 ----a-w- c:\windows\system32\NETwLr32.dll
2011-06-06 17:29 . 2011-06-06 17:29 -------- d-----w- c:\program files\Common Files\Intel
2011-06-06 17:21 . 2011-06-06 17:21 -------- d-----w- c:\program files\SystemRequirementsLab
2011-06-06 17:21 . 2011-06-06 17:21 -------- d-----w- c:\documents and settings\Owner\Application Data\SystemRequirementsLab
2011-06-06 03:31 . 2011-06-06 03:31 -------- d-----w- c:\program files\CONEXANT
2011-06-05 23:18 . 2011-06-06 17:08 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-06-05 23:18 . 2011-06-06 06:24 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2011-06-05 21:18 . 2011-06-05 21:18 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2011-06-05 21:18 . 2011-06-05 21:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-06-05 19:28 . 2011-06-05 21:10 -------- d-----w- c:\documents and settings\All Users\Application Data\STOPzilla!
2011-06-05 18:44 . 2011-06-06 03:31 -------- d-----w- c:\program files\GridinSoft Trojan Killer
2011-06-05 17:28 . 2011-06-05 18:42 -------- d-----w- c:\documents and settings\Administrator
2011-05-30 16:30 . 2011-05-30 16:30 -------- d-----w- C:\.jagex_cache_32
2011-05-26 20:16 . 2011-05-26 20:16 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\uTorrentBar
2011-05-26 15:39 . 2011-06-06 23:12 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Temp
2011-05-26 15:38 . 2011-05-26 20:16 -------- d-----w- c:\documents and settings\Owner\Application Data\uTorrent
2011-05-26 03:05 . 2011-05-26 03:07 -------- d-----w- c:\program files\Download Manager
2011-05-26 02:26 . 2011-05-26 02:40 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Electronic Arts
2011-05-26 02:25 . 2011-05-26 02:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts
2011-05-26 02:25 . 2011-05-26 02:40 -------- d-----w- c:\program files\Electronic Arts
2011-05-25 15:12 . 2008-04-14 00:12 221184 ----a-w- c:\windows\system32\wmpns.dll
2011-05-24 00:56 . 2011-05-24 00:56 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Adobe
2011-05-24 00:55 . 2011-05-24 00:55 -------- d-----w- c:\program files\Common Files\Adobe
2011-05-23 14:45 . 2011-05-23 14:45 -------- d-----w- c:\program files\Common Files\Steam
2011-05-23 06:04 . 2011-05-23 06:04 -------- d-----w- c:\windows\system32\pt-PT
2011-05-23 06:04 . 2011-05-23 06:04 -------- d-----w- c:\windows\system32\pt-BR
2011-05-23 06:04 . 2011-05-23 06:04 -------- d-----w- c:\windows\system32\nl-NL
2011-05-23 06:04 . 2011-05-23 06:04 -------- d-----w- c:\windows\system32\it-IT
2011-05-23 06:04 . 2011-05-23 06:04 -------- d-----w- c:\windows\system32\fr-FR
2011-05-23 06:04 . 2011-05-23 06:04 -------- d-----w- c:\windows\system32\es-ES
2011-05-23 06:04 . 2011-05-23 06:04 -------- d-----w- c:\windows\system32\de-DE
2011-05-23 05:36 . 2008-11-08 00:55 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
2011-05-23 05:36 . 2011-05-23 05:36 -------- d-----w- c:\windows\.jagex_cache_32
2011-05-23 05:36 . 2011-05-23 05:36 -------- d-----w- c:\windows\Sun
2011-05-23 05:36 . 2011-05-23 05:35 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-05-23 05:36 . 2011-05-23 05:35 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-23 05:35 . 2011-05-23 05:35 -------- d-----w- c:\program files\Java
2011-05-23 05:35 . 2008-05-02 13:25 465920 -c----w- c:\windows\system32\dllcache\imapi2fs.dll
2011-05-23 05:35 . 2008-05-02 13:25 465920 ------w- c:\windows\system32\imapi2fs.dll
2011-05-23 05:35 . 2008-05-02 13:25 317952 -c----w- c:\windows\system32\dllcache\imapi2.dll
2011-05-23 05:35 . 2008-05-02 13:25 317952 ------w- c:\windows\system32\imapi2.dll
2011-05-23 05:35 . 2008-05-02 10:49 62976 -c----w- c:\windows\system32\dllcache\cdrom.sys
2011-05-23 05:34 . 2011-05-23 05:34 -------- d-----w- c:\windows\system32\LogFiles
2011-05-23 05:21 . 2011-03-04 06:45 512000 -c----w- c:\windows\system32\dllcache\jscript.dll
2011-05-23 05:09 . 2011-05-23 05:09 -------- d-----w- c:\windows\system32\en
2011-05-23 05:09 . 2011-05-23 05:09 -------- d-----w- c:\windows\system32\bits
2011-05-23 04:49 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2011-05-23 04:49 . 2011-05-23 04:49 -------- d-----w- C:\396dd31385c453172c17
2011-05-23 04:49 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2011-05-23 04:49 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2011-05-23 04:49 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2011-05-23 04:49 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2011-05-23 04:49 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2011-05-23 04:49 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2011-05-23 04:49 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2011-05-23 04:49 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2011-05-22 03:16 . 2008-04-13 18:36 5888 ------w- c:\windows\system32\drivers\smbali.sys
2011-05-22 03:15 . 2008-04-14 00:12 10752 ------w- c:\windows\system32\smtpapi.dll
2011-05-22 03:14 . 2008-04-14 00:11 377984 ------w- c:\windows\system32\ati2dvaa.dll
2011-05-22 03:05 . 2011-05-22 03:05 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-22 02:39 . 2008-04-13 18:45 6272 ----a-w- c:\windows\system32\drivers\splitter.sys
2011-05-22 02:39 . 2008-04-13 19:17 83072 ----a-w- c:\windows\system32\drivers\wdmaud.sys
2011-05-22 02:39 . 2008-04-13 18:45 52864 ----a-w- c:\windows\system32\drivers\dmusic.sys
2011-05-22 02:39 . 2008-04-13 18:45 56576 ----a-w- c:\windows\system32\drivers\swmidi.sys
2011-05-22 02:39 . 2008-04-13 16:39 142592 ----a-w- c:\windows\system32\drivers\aec.sys
2011-05-22 02:39 . 2008-04-13 18:45 172416 ----a-w- c:\windows\system32\drivers\kmixer.sys
2011-05-22 02:39 . 2008-04-13 18:45 2944 ----a-w- c:\windows\system32\drivers\drmkaud.sys
2011-05-22 02:39 . 2008-04-13 19:15 60800 ----a-w- c:\windows\system32\drivers\sysaudio.sys
2011-05-22 02:39 . 2008-04-13 18:39 7552 ----a-w- c:\windows\system32\drivers\mskssrv.sys
2011-05-22 02:39 . 2008-04-13 18:39 4992 ----a-w- c:\windows\system32\drivers\mspqm.sys
2011-05-22 02:39 . 2008-04-13 18:39 5376 ----a-w- c:\windows\system32\drivers\mspclock.sys
2011-05-22 02:38 . 2007-05-10 16:23 4952064 ----a-w- c:\windows\system32\stacgui.cpl
2011-05-22 02:38 . 2007-05-10 16:22 405504 ----a-w- c:\windows\stsystra.exe
2011-05-22 02:38 . 2007-04-10 23:02 1601536 ----a-w- c:\windows\system32\stlang.dll
2011-05-22 02:38 . 2008-04-14 00:11 4096 ----a-w- c:\windows\system32\ksuser.dll
2011-05-22 02:38 . 2008-04-13 18:45 60160 ----a-w- c:\windows\system32\drivers\drmk.sys
2011-05-22 02:38 . 2008-04-14 00:12 129536 ----a-w- c:\windows\system32\ksproxy.ax
2011-05-22 02:20 . 2011-05-22 02:22 -------- d-----w- C:\a5d5614232bed00e7d8cf56a5757
2011-05-22 02:19 . 2007-05-10 16:24 1222840 ----a-w- c:\windows\system32\drivers\sthda.sys
2011-05-22 02:19 . 2007-05-10 16:23 270336 ----a-w- c:\windows\system32\stacapi.dll
2011-05-22 02:19 . 2007-08-21 15:58 146944 ----a-w- c:\windows\system32\st325602.dll
2011-05-22 02:19 . 2011-05-22 02:19 -------- d-----w- c:\program files\SigmaTel
2011-05-22 02:19 . 2011-05-22 02:19 -------- d-----w- c:\program files\InstallShield Installation Information
2011-05-22 02:19 . 2004-07-16 06:20 733184 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iKernel.dll
2011-05-22 02:19 . 2004-07-16 06:20 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\ctor.dll
2011-05-22 02:19 . 2004-07-16 06:19 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iscript.dll
2011-05-22 02:19 . 2004-07-16 06:18 172032 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iuser.dll
2011-05-22 02:19 . 2004-07-16 06:18 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\DotNetInstaller.exe
2011-05-22 02:19 . 2011-05-22 02:19 180356 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\iGdi.dll
2011-05-22 02:19 . 2011-05-22 02:19 303104 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\01\Intel32\setup.dll
2011-05-22 02:14 . 2011-06-06 05:49 -------- d-s---w- c:\documents and settings\Owner\UserData
2011-05-22 02:11 . 2008-04-14 00:11 21504 ----a-w- c:\windows\system32\hidserv.dll
2011-05-22 02:11 . 2001-08-17 19:48 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2011-05-22 02:11 . 2001-08-17 19:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2011-05-22 02:11 . 2008-04-13 18:39 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2011-05-22 02:10 . 2008-04-13 18:45 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2011-05-22 02:10 . 2008-04-13 18:45 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-05-22 02:08 . 2011-05-22 02:08 -------- d-----w- c:\windows\system32\wbem\Repository
2011-05-22 02:08 . 2011-05-22 02:08 -------- d-----w- C:\954e0f99156c37d3ef68a3e932f1
2011-05-22 02:08 . 2011-05-22 02:08 -------- d-----w- c:\windows\system32\KB905474
2011-05-22 01:43 . 2011-05-22 01:43 -------- d-----w- c:\windows\system32\NtmsData
2011-05-22 01:35 . 2011-05-22 01:35 -------- d-----w- c:\documents and settings\Owner\Application Data\ElevatedDiagnostics
2011-05-22 01:25 . 2011-05-22 01:49 -------- d-----w- C:\14d4e8dcf8524219b28b97b115
2011-05-22 01:00 . 2011-05-22 01:51 -------- d-----w- C:\fc2afa36e4443b6fed57d66be4
2011-05-22 00:27 . 2011-05-22 01:52 -------- d-----w- C:\A3SOUND
2011-05-22 00:18 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2011-05-22 00:16 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2011-05-22 00:13 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2011-05-22 00:03 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2011-05-21 20:20 . 2011-06-06 19:31 -------- d-----w- c:\program files\Zune
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-14 16:26 . 2011-06-06 02:26 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-17 8495104]
"IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2011-01-12 1400832]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-01-12 1210640]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-11-11 159472]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
"AllowInboundTimestampRequest"= 1 (0x1)
"AllowInboundMaskRequest"= 1 (0x1)
"AllowInboundRouterRequest"= 1 (0x1)
"AllowOutboundDestinationUnreachable"= 1 (0x1)
"AllowOutboundSourceQuench"= 1 (0x1)
"AllowOutboundParameterProblem"= 1 (0x1)
"AllowOutboundTimeExceeded"= 1 (0x1)
"AllowRedirect"= 1 (0x1)
"AllowOutboundPacketTooBig"= 1 (0x1)
.
R3 NETwLx32; Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;c:\windows\system32\drivers\NETwLx32.sys [6/6/2011 11:30 AM 6609920]
S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys --> c:\windows\system32\drivers\is3srv.sys [?]
S0 szkg5;szkg5;c:\windows\system32\DRIVERS\szkg.sys --> c:\windows\system32\DRIVERS\szkg.sys [?]
S0 szkgfs;szkgfs;c:\windows\system32\drivers\szkgfs.sys --> c:\windows\system32\drivers\szkgfs.sys [?]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [12/18/2009 11:58 AM 11336]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [11/11/2010 1:57 PM 268528]
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bing.com/?pc=Z039&form=ZGAPHP
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\871cszun.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.youtube.com/
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4dee6caf&v=7.005.030.004&i=23&tp=ab&iy=&ychte=us&lng=en-US&q=
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
Notify-TPSvc - TPSvc.dll
SafeBoot-WudfPf
SafeBoot-WudfRd
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-09 19:04
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3772)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\program files\Intel\WiFi\bin\S24EvMon.exe
c:\program files\Intel\WiFi\bin\WLKeeper.exe
c:\windows\System32\SCardSvr.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Zune\ZuneBusEnum.exe
.
**************************************************************************
.
Completion time: 2011-06-09 19:07:44 - machine was rebooted
ComboFix-quarantined-files.txt 2011-06-10 01:07
.
Pre-Run: 43,534,737,408 bytes free
Post-Run: 43,688,656,896 bytes free
.
- - End Of File - - 0AC388D925248E88BAAA41A76C725951

#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:01:45 AM

Posted 09 June 2011 - 08:29 PM

Hi,

Please do the following


  • Please open your MalwareBytes AntiMalware Program
  • Click the Update Tab and search for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected. <-- very important
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



NEXT


Go here to run an online scanner from ESET.
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activeX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • When the scan completes, press the LIST OF THREATS FOUND button
  • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
  • Include the contents of this report in your next reply.
  • Press the BACK button.
  • Press Finish

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 qwertyo

qwertyo
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:45 PM

Posted 09 June 2011 - 09:12 PM

When I try to install ESET I get a message that reads: "Can not get update. Is proxy configured?" and I can't go further, but I do have a log from Malwarebytes.

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6822

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

6/9/2011 7:56:09 PM
mbam-log-2011-06-09 (19-56-09).txt

Scan type: Quick scan
Objects scanned: 150209
Time elapsed: 2 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#6 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:01:45 AM

Posted 09 June 2011 - 09:25 PM

him, please flush all your cookies and temp files and try it again:

Download Flush Flash Cookies by Bobbi Flekman.
Select the Windows version and save flushflash.exe to your Desktop.
Double-click flushflash.exe to run it.
Select Everything but Site settings.
Click Make it so!.
When the "Killed off all Flash cookies" window opens, click OK.
Close Flush Flash Cookies.

clear all other cookies


Delete all currently saved cookies from your computer.

In Internet Explorer,
click Tools > Internet Options and then click the Delete Cookies button on the General tab.

In Firefox,
click Tools > Clear Recent History > Set Time range to clear to Everything
Click on the arrow next to Details to expand the list of history items.
Select Cookies and make sure that other items you want to keep are not selected.
Click Clear Now to clear the cookies and close the Clear Recent History window

NEXT

Please download TFC to your desktop
  • Close any open windows.
  • Double click the TFC icon to run the program
  • TFC will close all open programs itself in order to run,
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted.
  • The program should not take long to finish it's job
  • Once its finished it should reboot your machine, if not, manually reboot to ensure a complete clean

NEXT

Reset your Hosts file back to default

Use the 'fix-It" button on this microsoft site;

http://support.microsoft.com/kb/972034

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#7 qwertyo

qwertyo
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:45 PM

Posted 09 June 2011 - 09:31 PM

I still could not get ESET to work and received the same message. I am unsure if just the top steps are used to get ESET to work or all of the steps that were listed

Edited by qwertyo, 09 June 2011 - 09:34 PM.


#8 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:01:45 AM

Posted 09 June 2011 - 09:42 PM

yes,

work through all the steps

if it still wont work, try this other scanner:

  • Go to http://support.f-secure.com/enu/home/ols.shtml
  • Scroll to the bottom of the page and click the Start scanning button. A window will pop up.
  • Allow the Active X control to be installed on your computer, then click the Accept button
  • Click Full System Scan and allow the components to download and the scan to complete.
  • If malware is found, uncheck Submit samples to F-Secure then select Automatic cleaning
  • When cleaning has finished, click Show report (this will open an Internet Explorer window containing the report)
  • Highlight and Copy (CTRL + C) the complete report, and Paste (CTRL + V) in a new reply to this post

Notes:
  • You must have administrator rights to run this scan
  • This scan can take a while, so please be patient

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#9 qwertyo

qwertyo
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:45 PM

Posted 09 June 2011 - 10:49 PM

Here is the report from F-Secure

Scanning Report
Thursday, June 9, 2011 21:16:41 - 21:46:12
Computer name:
Scanning type: Scan system for malware, spyware and rootkits
Target: C:\


--------------------------------------------------------------------------------

10 malware found
TrackingCookie.2o7 (spyware)
System (Disinfected)
TrackingCookie.Advertising (spyware)
System (Disinfected)
TrackingCookie.Atdmt (spyware)
System (Disinfected)
TrackingCookie.Doubleclick (spyware)
System (Disinfected)
TrackingCookie.Revsci (spyware)
System (Disinfected)
TrackingCookie.Adbrite (spyware)
System (Disinfected)
TrackingCookie.Statcounter (spyware)
System (Disinfected)
TrackingCookie.Yieldmanager (spyware)
System (Disinfected)
TrackingCookie.Imrworldwide (spyware)
System (Disinfected)
Trojan.Generic.5578451 (virus)
C:\SYSTEM VOLUME INFORMATION\_RESTORE{9F22100F-6BD0-4C24-8095-D4D45A6A7214}\RP129\A0070272.SYS (Renamed)

--------------------------------------------------------------------------------

Statistics
Scanned:
Files: 31980
System: 2979
Not scanned: 7
Actions:
Disinfected: 9
Renamed: 1
Deleted: 0
Not cleaned: 0
Submitted: 0
Files not scanned:
C:\PAGEFILE.SYS
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\WINDOWS\SYSTEM32\CONFIG\SAM
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\HSPERFDATA_OWNER\2308

--------------------------------------------------------------------------------

Options
Scanning engines:
Scanning options:
Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML XXX ANI AVB BAT CMD JOB LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
Use advanced heuristics

#10 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:01:45 AM

Posted 10 June 2011 - 04:56 AM

Hi

Please do the following:

Posted Image Your Java is out of date.
Java™ 6 Update 22 can be updated from the Java control panel Start > Control Panel (Classic View) > Java (looks like a coffee cup) > Update Tab > Update Now.
An update should begin; > follow the prompts.


Clear Java cache

Go into the Control Panel and double-click the Java Icon. (looks like a coffee cup) If you do not see the icon, look to your left and click 'Switch to Classic View'.
  • On the General tab, under Temporary Internet Files, click the Settings button.
  • Next, click on the Delete Files button
  • There are two options in the window to clear the cache - Leave BOTH Checked
    • Applications and Applets
      Trace and Log Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.


NEXT


Please post a fresh DDS Log and advise how the computer is running now and if there are any outstanding issues

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#11 qwertyo

qwertyo
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:45 PM

Posted 10 June 2011 - 01:26 PM

I did not see an Update Tab when I went to Java

#12 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:01:45 AM

Posted 10 June 2011 - 01:48 PM

Try Javara

Please download JavaRa to your desktop and unzip it to its own folder.
  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions
  • Accept any prompts.
  • Open JavaRa.exe again and select Search For Updates.
  • Select Update Using Oracle Java's Website then click Search and click on the Open Webpage button.
  • Scroll down to the Java SE Runtime Environment (JRE) option.
  • Download and install the latest Java Runtime Environment (JRE) version for your computer.(version 6, update 25)

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#13 qwertyo

qwertyo
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:45 PM

Posted 10 June 2011 - 02:18 PM

Here is the DDS log. So far Google has not redirected and I have not heard any advertisements without a video. The only other problem I have had is my Zune driver has not worked since I fixed the Windows Registry Virus.

.
DDS (Ver_2011-06-03.01) - NTFSx86
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_26
Run by Owner at 13:08:42 on 2011-06-10
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1518 [GMT -6:00]
.
FW: AVG Firewall *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
C:\Program Files\Intel\WiFi\bin\WLKeeper.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\Program Files\Zune\ZuneBusEnum.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com/?pc=Z039&form=ZGAPHP
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [IntelZeroConfig] "c:\program files\intel\wifi\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\common files\intel\wirelesscommon\iFrmewrk.exe" /tf Intel Wireless Tray
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{3B924846-EBD2-4D00-B74F-5BF03ED7E4D9} : DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\871cszun.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.youtube.com/
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4dee6caf&v=7.005.030.004&i=23&tp=ab&iy=&ychte=us&lng=en-US&q=
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
.
============= SERVICES / DRIVERS ===============
.
R3 NETwLx32; Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows XP 32 Bit;c:\windows\system32\drivers\NETwLx32.sys [2011-6-6 6609920]
S0 is3srv;is3srv;c:\windows\system32\drivers\is3srv.sys --> c:\windows\system32\drivers\is3srv.sys [?]
S0 szkg5;szkg5;c:\windows\system32\drivers\szkg.sys --> c:\windows\system32\drivers\szkg.sys [?]
S0 szkgfs;szkgfs;c:\windows\system32\drivers\szkgfs.sys --> c:\windows\system32\drivers\szkgfs.sys [?]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]
S3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\zune\WMZuneComm.exe [2010-11-11 268528]
.
=============== Created Last 30 ================
.
2011-06-10 03:16:41 -------- d-----w- c:\documents and settings\owner\application data\f-secure
2011-06-10 03:16:22 -------- d-----w- c:\documents and settings\all users\application data\F-Secure
2011-06-10 02:04:02 -------- d-----w- c:\program files\ESET
2011-06-10 00:56:02 518144 ----a-w- c:\windows\SWREG.exe
2011-06-10 00:56:02 256512 ----a-w- c:\windows\PEV.exe
2011-06-10 00:56:02 208896 ----a-w- c:\windows\MBR.exe
2011-06-10 00:56:01 98816 ----a-w- c:\windows\sed.exe
2011-06-08 00:33:54 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-08 00:33:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-06 23:02:35 -------- d-----w- c:\program files\AVAST Software
2011-06-06 23:02:35 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
2011-06-06 22:52:49 -------- d-----w- c:\windows\system32\drivers\AVG
2011-06-06 19:23:55 -------- d-----w- C:\.jpg
2011-06-06 17:30:34 -------- d-----w- c:\documents and settings\owner\application data\Intel
2011-06-06 17:30:04 675840 ----a-w- c:\windows\system32\NETwLc32.dll
2011-06-06 17:30:04 6609920 ----a-w- c:\windows\system32\drivers\NETwLx32.sys
2011-06-06 17:30:04 2756608 ----a-w- c:\windows\system32\NETwLr32.dll
2011-06-06 17:29:24 -------- d-----w- c:\program files\common files\Intel
2011-06-06 17:21:14 -------- d-----w- c:\program files\SystemRequirementsLab
2011-06-06 03:31:51 -------- d-----w- c:\program files\CONEXANT
2011-06-06 02:26:10 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-06-05 23:18:37 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-06-05 23:18:37 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2011-06-05 21:18:14 -------- d-----w- c:\documents and settings\owner\application data\Malwarebytes
2011-06-05 21:18:10 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-06-05 19:28:54 -------- d-----w- c:\documents and settings\all users\application data\STOPzilla!
2011-06-05 18:44:57 -------- d-----w- c:\program files\GridinSoft Trojan Killer
2011-05-30 16:30:34 -------- d-----w- C:\.jagex_cache_32
2011-05-26 20:16:30 -------- d-----w- c:\documents and settings\owner\local settings\application data\uTorrentBar
2011-05-26 15:39:47 -------- d-----w- c:\documents and settings\owner\local settings\application data\Temp
2011-05-26 15:38:48 -------- d-----w- c:\documents and settings\owner\application data\uTorrent
2011-05-26 03:05:16 -------- d-----w- c:\program files\Download Manager
2011-05-26 02:26:02 -------- d-----w- c:\documents and settings\owner\local settings\application data\Electronic Arts
2011-05-26 02:25:43 -------- d-----w- c:\documents and settings\all users\application data\Electronic Arts
2011-05-25 15:12:45 221184 ----a-w- c:\windows\system32\wmpns.dll
2011-05-24 00:56:00 -------- d-----w- c:\documents and settings\owner\local settings\application data\Adobe
2011-05-23 14:45:40 -------- d-----w- c:\program files\common files\Steam
2011-05-23 06:04:40 -------- d-----w- c:\windows\system32\pt-PT
2011-05-23 06:04:40 -------- d-----w- c:\windows\system32\pt-BR
2011-05-23 06:04:40 -------- d-----w- c:\windows\system32\nl-NL
2011-05-23 06:04:40 -------- d-----w- c:\windows\system32\it-IT
2011-05-23 06:04:40 -------- d-----w- c:\windows\system32\fr-FR
2011-05-23 06:04:40 -------- d-----w- c:\windows\system32\es-ES
2011-05-23 06:04:40 -------- d-----w- c:\windows\system32\de-DE
2011-05-23 05:36:54 16928 ------w- c:\windows\system32\spmsgXP_2k3.dll
2011-05-23 05:36:39 -------- d-----w- c:\windows\.jagex_cache_32
2011-05-23 05:36:01 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-05-23 05:36:01 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-05-23 05:35:10 62976 -c----w- c:\windows\system32\dllcache\cdrom.sys
2011-05-23 05:35:10 465920 -c----w- c:\windows\system32\dllcache\imapi2fs.dll
2011-05-23 05:35:10 465920 ------w- c:\windows\system32\imapi2fs.dll
2011-05-23 05:35:10 317952 -c----w- c:\windows\system32\dllcache\imapi2.dll
2011-05-23 05:35:10 317952 ------w- c:\windows\system32\imapi2.dll
2011-05-23 05:34:07 -------- d-----w- c:\windows\system32\LogFiles
2011-05-23 05:21:47 512000 -c----w- c:\windows\system32\dllcache\jscript.dll
2011-05-23 05:09:40 -------- d-----w- c:\windows\system32\en
2011-05-23 05:09:40 -------- d-----w- c:\windows\system32\bits
2011-05-23 04:49:24 89088 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
2011-05-23 04:49:11 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2011-05-23 04:49:11 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2011-05-23 04:49:11 597504 ------w- c:\windows\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2011-05-23 04:49:11 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2011-05-23 04:49:11 575488 ------w- c:\windows\system32\xpsshhdr.dll
2011-05-23 04:49:11 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2011-05-23 04:49:11 1676288 ------w- c:\windows\system32\xpssvcs.dll
2011-05-23 04:49:11 117760 ------w- c:\windows\system32\prntvpt.dll
2011-05-23 04:49:11 -------- d-----w- C:\396dd31385c453172c17
2011-05-22 03:18:40 -------- d-----w- c:\windows\system32\appmgmt
2011-05-22 03:16:58 5888 ------w- c:\windows\system32\drivers\smbali.sys
2011-05-22 03:15:51 9728 ------w- c:\windows\system32\rwnh.dll
2011-05-22 03:14:59 63663 ------w- c:\windows\system32\drivers\ati1rvxx.sys
2011-05-22 03:05:37 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-22 02:39:50 6272 ----a-w- c:\windows\system32\drivers\splitter.sys
2011-05-22 02:39:48 83072 ----a-w- c:\windows\system32\drivers\wdmaud.sys
2011-05-22 02:39:46 52864 ----a-w- c:\windows\system32\drivers\dmusic.sys
2011-05-22 02:39:33 56576 ----a-w- c:\windows\system32\drivers\swmidi.sys
2011-05-22 02:39:31 142592 ----a-w- c:\windows\system32\drivers\aec.sys
2011-05-22 02:39:29 172416 ----a-w- c:\windows\system32\drivers\kmixer.sys
2011-05-22 02:39:28 2944 ----a-w- c:\windows\system32\drivers\drmkaud.sys
2011-05-22 02:39:25 60800 ----a-w- c:\windows\system32\drivers\sysaudio.sys
2011-05-22 02:39:22 7552 ----a-w- c:\windows\system32\drivers\mskssrv.sys
2011-05-22 02:39:20 4992 ----a-w- c:\windows\system32\drivers\mspqm.sys
2011-05-22 02:39:07 5376 ----a-w- c:\windows\system32\drivers\mspclock.sys
2011-05-22 02:38:41 4952064 ----a-w- c:\windows\system32\stacgui.cpl
2011-05-22 02:38:41 405504 ----a-w- c:\windows\stsystra.exe
2011-05-22 02:38:41 1601536 ----a-w- c:\windows\system32\stlang.dll
2011-05-22 02:38:40 60160 ----a-w- c:\windows\system32\drivers\drmk.sys
2011-05-22 02:38:40 4096 ----a-w- c:\windows\system32\ksuser.dll
2011-05-22 02:38:26 129536 ----a-w- c:\windows\system32\ksproxy.ax
2011-05-22 02:20:19 -------- d-----w- C:\a5d5614232bed00e7d8cf56a5757
2011-05-22 02:19:55 1222840 ----a-w- c:\windows\system32\drivers\sthda.sys
2011-05-22 02:19:54 270336 ----a-w- c:\windows\system32\stacapi.dll
2011-05-22 02:19:53 146944 ----a-w- c:\windows\system32\st325602.dll
2011-05-22 02:19:46 -------- d-----w- c:\program files\SigmaTel
2011-05-22 02:19:31 733184 ----a-w- c:\program files\common files\installshield\professional\runtime\10\01\intel32\iKernel.dll
2011-05-22 02:19:31 69715 ----a-w- c:\program files\common files\installshield\professional\runtime\10\01\intel32\ctor.dll
2011-05-22 02:19:31 5632 ----a-w- c:\program files\common files\installshield\professional\runtime\10\01\intel32\DotNetInstaller.exe
2011-05-22 02:19:31 266240 ----a-w- c:\program files\common files\installshield\professional\runtime\10\01\intel32\iscript.dll
2011-05-22 02:19:31 172032 ----a-w- c:\program files\common files\installshield\professional\runtime\10\01\intel32\iuser.dll
2011-05-22 02:19:29 180356 ----a-w- c:\program files\common files\installshield\professional\runtime\10\01\intel32\iGdi.dll
2011-05-22 02:19:22 303104 ----a-w- c:\program files\common files\installshield\professional\runtime\10\01\intel32\setup.dll
2011-05-22 02:14:21 -------- d-s---w- c:\documents and settings\owner\UserData
2011-05-22 02:11:09 21504 ----a-w- c:\windows\system32\hidserv.dll
2011-05-22 02:11:04 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2011-05-22 02:11:04 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2011-05-22 02:11:02 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2011-05-22 02:10:50 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2011-05-22 02:10:46 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-05-22 02:08:18 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-05-22 02:08:18 -------- d-----w- c:\windows\system32\wbem\Repository
2011-05-22 02:08:09 -------- d-----w- c:\windows\system32\KB905474
2011-05-22 02:08:09 -------- d-----w- C:\954e0f99156c37d3ef68a3e932f1
2011-05-22 01:43:05 -------- d-----w- c:\windows\system32\NtmsData
2011-05-22 01:35:16 -------- d-----w- c:\documents and settings\owner\application data\ElevatedDiagnostics
2011-05-22 01:25:04 -------- d-----w- C:\14d4e8dcf8524219b28b97b115
2011-05-22 01:00:23 -------- d-----w- C:\fc2afa36e4443b6fed57d66be4
2011-05-22 00:27:22 -------- d-----w- C:\A3SOUND
2011-05-22 00:18:21 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2011-05-22 00:16:38 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2011-05-22 00:13:07 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2011-05-22 00:03:27 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2011-05-21 20:21:29 -------- d-----w- c:\windows\system32\drivers\umdf\pt-BR
2011-05-21 20:21:26 -------- d-----w- c:\windows\system32\drivers\umdf\pt-PT
2011-05-21 20:21:24 -------- d-----w- c:\windows\system32\drivers\umdf\nl-NL
2011-05-21 20:21:22 -------- d-----w- c:\windows\system32\drivers\umdf\it-IT
2011-05-21 20:21:19 -------- d-----w- c:\windows\system32\drivers\umdf\de-DE
2011-05-21 20:21:18 -------- d-----w- c:\windows\system32\drivers\umdf\fr-FR
2011-05-21 20:21:17 -------- d-----w- c:\windows\system32\drivers\umdf\es-ES
2011-05-21 20:20:06 -------- d-----w- c:\windows\system32\drivers\umdf\en-US
2011-05-21 19:52:39 -------- d-----w- c:\windows\system32\scripting
2011-05-21 19:52:39 -------- d-----w- c:\windows\l2schemas
2011-05-21 19:45:59 -------- d-----w- c:\windows\network diagnostic
2011-05-21 18:55:57 -------- d-----w- c:\documents and settings\owner\local settings\application data\Mozilla
2011-05-21 18:55:50 -------- d-----w- c:\program files\Mozilla Firefox(2)
.
==================== Find3M ====================
.
.
============= FINISH: 13:09:40.50 ===============

#14 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:01:45 AM

Posted 10 June 2011 - 02:22 PM

Hi

Try the "FixIt" button here

http://support.microsoft.com/kb/953933

Let me know if that resolves the issue with Zune

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#15 qwertyo

qwertyo
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:10:45 PM

Posted 10 June 2011 - 03:22 PM

When I try to run FixIt I get an error message that reads: "Fix it troubleshooting cannot continue because an error occurred" "this troubleshooter does not apply to this computer."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users