Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google links redirect


  • This topic is locked This topic is locked
2 replies to this topic

#1 zayber

zayber

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:06 AM

Posted 23 July 2011 - 05:01 PM

Whenever I try to click a link in Google after doing a search I get redirected to other sites that have nothing to do with what I am opening. I can still click the cached link without any redirection. I have tried to find TDSS files like other sites said to that I have searched, but I cannot find any. When this first started happening my touchpad started to act up, so I tried getting a new driver and it would not let me install it. It kept saying my internet security would not let me download files from the internet. I can now install the driver, but the redirection won't go away. I have tried using free AVG 9.0 system scan, Advanced Systemcare4 deep clean, and free Malwarebytes' anti-malware full scan along with something from Kaspersky that is said to find and delete TDSS.

Sorry if I post something wrong, this is my first time posting here :P

This is my DDS log

.
DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_26
Run by Paul at 17:47:33 on 2011-07-23
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.4026.399 [GMT -4:00]
.
AV: AVG Anti-Virus Free *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Program Files (x86)\AVG\AVG9\avgchsva.exe
C:\Program Files (x86)\AVG\AVG9\avgrsa.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrva.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\taskeng.exe
C:\Windows\system32\rundll32.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe
C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe
C:\Program Files (x86)\AVG\AVG9\avgfws9.exe
C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe
C:\Program Files (x86)\Giraffic\GirafficWatchdog.exe
C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe
C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\AVG\AVG9\avgemc.exe
C:\Program Files (x86)\AVG\AVG9\avgcsrvx.exe
C:\Program Files (x86)\AVG\AVG9\avgnsa.exe
C:\Program Files (x86)\Giraffic\Giraffic.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Gateway\Gateway Power Management\ePowerTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\AVG\AVG9\avgtray.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Gateway\Gateway Power Management\ePowerEvent.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Users\Paul\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Paul\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Paul\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Paul\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\RunDll32.exe
C:\Users\Paul\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com/?pc=Z003&form=ZGAPHP
mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=nv78&r=273611094515l03f4z1h5a4722v295
uInternet Settings,ProxyOverride = local
mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: SMTTB2009 Class: {fcbccb87-9224-4b8d-b117-f56d924beb18} - C:\Program Files (x86)\Hyperionics DB Toolbar\tbcore3.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [Advanced SystemCare 4] "C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe"
uRun: [VeohPlugin] "C:\Program Files (x86)\Veoh Networks\VeohWebPlayer\veohwebplayer.exe"
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [Camera Assistant Software] "C:\Program Files (x86)\Video Web Camera\traybar.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 24.247.15.53 66.189.0.100 24.178.162.3
TCP: Interfaces\{00BC4D36-12D6-4016-8BC0-DB5C01069066} : DhcpNameServer = 24.247.15.53 66.189.0.100 24.178.162.3
TCP: Interfaces\{00BC4D36-12D6-4016-8BC0-DB5C01069066}\4656661657C647 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{00BC4D36-12D6-4016-8BC0-DB5C01069066}\B6A607371303 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{00BC4D36-12D6-4016-8BC0-DB5C01069066}\F4273686162746 : DhcpNameServer = 24.247.15.53 66.189.0.100 24.178.162.3
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
BHO-X64: Conduit Engine - No File
BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll
BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: AVG Security Toolbar BHO: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll
BHO-X64: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
BHO-X64: uTorrentBar - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO-X64: SMTTB2009 Class: {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files (x86)\Hyperionics DB Toolbar\tbcore3.dll
BHO-X64: SMTTB2009 - No File
TB-X64: AVG Security Toolbar: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files (x86)\AVG\AVG9\Toolbar\IEToolbar.dll
TB-X64: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
TB-X64: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun-x64: [Camera Assistant Software] "C:\Program Files (x86)\Video Web Camera\traybar.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [AVG9_TRAY] C:\PROGRA~2\AVG\AVG9\avgtray.exe
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [TkBellExe] "c:\program files (x86)\real\realplayer\Update\realsched.exe" -osboot
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\kltgjd5s.default\
FF - prefs.js: browser.search.defaulturl - www.google.com
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: keyword.URL - hxxp://www.google.co.in/search?btnG=Google+Search&q=
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSErHrw7a;AVG9IDSErHr;C:\Windows\system32\Drivers\AVGIDSwa.sys --> C:\Windows\system32\Drivers\AVGIDSwa.sys [?]
R0 AvgRkx64;avgrkx64.sys;C:\Windows\system32\Drivers\avgrkx64.sys --> C:\Windows\system32\Drivers\avgrkx64.sys [?]
R1 Avgfwfd;AVG network filter service;C:\Windows\system32\DRIVERS\avgfwd6a.sys --> C:\Windows\system32\DRIVERS\avgfwd6a.sys [?]
R1 AvgLdx64;AVG AVI Loader Driver x64;C:\Windows\system32\Drivers\avgldx64.sys --> C:\Windows\system32\Drivers\avgldx64.sys [?]
R1 AvgMfx64;AVG On-access Scanner Minifilter Driver x64;C:\Windows\system32\Drivers\avgmfx64.sys --> C:\Windows\system32\Drivers\avgmfx64.sys [?]
R1 AvgTdiA;AVG Network Redirector x64;C:\Windows\system32\Drivers\avgtdia.sys --> C:\Windows\system32\Drivers\avgtdia.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdvancedSystemCareService;Advanced SystemCare Service;C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe [2011-6-30 353168]
R2 avg9emc;AVG E-mail Scanner;C:\Program Files (x86)\AVG\AVG9\avgemc.exe [2010-7-15 921952]
R2 avg9wd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe [2010-7-15 308136]
R2 avgfws9;AVG Firewall;C:\Program Files (x86)\AVG\AVG9\avgfws9.exe [2010-7-15 2331544]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe [2009-8-28 844320]
R2 Giraffic;Giraffic Video Accelerator;C:\Program Files (x86)\Giraffic\GirafficWatchdog.exe --service --> C:\Program Files (x86)\Giraffic\GirafficWatchdog.exe --service [?]
R2 Greg_Service;GRegService;C:\Program Files (x86)\Gateway\Registration\GregHSRW.exe [2009-6-4 1150496]
R2 HsfXAudioService;HsfXAudioService;C:\Windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2009-8-20 62720]
R2 ScrybeUpdater;Scrybe Updater;C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe [2011-5-27 1300264]
R2 Updater Service;Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2009-8-28 240160]
R3 AVGIDSDriverw7a;AVG9IDSDriver;C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN764\AVGIDSDriver.sys [2010-2-7 132688]
R3 AVGIDSFilterw7a;AVG9IDSFilter;C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN764\AVGIDSFilter.sys [2010-2-7 35920]
R3 CAXHWAZL;CAXHWAZL;C:\Windows\system32\DRIVERS\CAXHWAZL.sys --> C:\Windows\system32\DRIVERS\CAXHWAZL.sys [?]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]
S2 AVGIDSAgent;AVG9IDSAgent;C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [2010-7-15 5897808]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-2-7 135664]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;C:\Program Files (x86)\AVG\AVG9\Toolbar\ToolbarBroker.exe [2010-10-28 947528]
S3 ETD;ELAN PS/2 Port Input Device;C:\Windows\system32\DRIVERS\ETD.sys --> C:\Windows\system32\DRIVERS\ETD.sys [?]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 netr28ux;Linksys USB Wireless LAN Card Driver for Vista;C:\Windows\system32\DRIVERS\netr28ux.sys --> C:\Windows\system32\DRIVERS\netr28ux.sys [?]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2011-07-23 21:31:08 -------- d-sh--w- C:\$RECYCLE.BIN
2011-07-23 19:27:18 23112 ----a-w- C:\Windows\System32\drivers\hitmanpro35.sys
2011-07-23 19:27:18 -------- d-----w- C:\Program Files\Hitman Pro 3.5
2011-07-23 19:26:39 -------- d-----w- C:\ProgramData\Hitman Pro
2011-07-23 17:57:58 98816 ----a-w- C:\Windows\sed.exe
2011-07-23 17:57:58 518144 ----a-w- C:\Windows\SWREG.exe
2011-07-23 17:57:58 256000 ----a-w- C:\Windows\PEV.exe
2011-07-23 17:57:58 208896 ----a-w- C:\Windows\MBR.exe
2011-07-23 17:01:43 388096 ----a-r- C:\Users\Paul\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-07-23 17:01:42 -------- d-----w- C:\Program Files (x86)\Trend Micro
2011-07-23 00:18:55 -------- d-----w- C:\Program Files\Synaptics
2011-07-22 23:16:21 -------- d-----w- C:\Program Files\Elantech
2011-07-22 22:44:54 1490656 ----a-w- C:\Windows\System32\WdfCoInstaller01007.dll
2011-07-22 22:31:46 -------- d-----w- C:\Users\Paul\AppData\Roaming\IrfanView
2011-07-22 22:31:46 -------- d-----w- C:\Program Files (x86)\IrfanView
2011-07-22 22:10:44 4649472 ----a-w- C:\Windows\System32\ETDUI.cpl
2011-07-22 22:10:43 114688 ----a-w- C:\Windows\System32\drivers\ETD.sys
2011-07-22 21:50:39 1721576 ----a-w- C:\Windows\System32\WdfCoInstaller01009.dll
2011-07-22 21:50:34 107816 ----a-w- C:\Windows\SysWow64\SynTPCOM.dll
2011-07-22 21:50:33 205608 ----a-w- C:\Windows\System32\SynTPAPI.dll
2011-07-22 21:50:33 147752 ----a-w- C:\Windows\System32\SynTPCo4.dll
2011-07-22 21:50:32 292400 ----a-w- C:\Windows\System32\drivers\SynTP.sys
2011-07-22 21:50:29 206120 ----a-w- C:\Windows\SysWow64\SynCtrl.dll
2011-07-22 21:50:28 263464 ----a-w- C:\Windows\System32\SynCtrl.dll
2011-07-22 21:50:28 169256 ----a-w- C:\Windows\SysWow64\SynCOM.dll
2011-07-22 21:50:27 396072 ----a-w- C:\Windows\System32\SynCOM.dll
2011-07-22 19:55:38 -------- d-----w- C:\ProgramData\Synaptics
2011-07-22 19:55:38 -------- d-----w- C:\Program Files (x86)\Synaptics
2011-07-21 19:34:34 64512 --sha-r- C:\Windows\SysWow64\dpnhpastc.dll
2011-07-21 14:20:41 -------- d-----w- C:\Users\Paul\AppData\Roaming\Solveig Multimedia
2011-07-21 13:43:29 -------- d-----w- C:\Program Files (x86)\Bandicam
2011-07-21 13:20:19 -------- d-----w- C:\Users\Paul\AppData\Roaming\BANDISOFT
2011-07-21 13:19:41 -------- d-----w- C:\Program Files (x86)\BandiMPEG1
2011-07-21 03:15:30 -------- d-----w- C:\Program Files (x86)\CamStudio
2011-07-20 19:03:48 -------- d-----w- C:\Users\Paul\AppData\Local\WMTools Downloaded Files
2011-07-20 18:59:49 -------- d-----w- C:\Program Files (x86)\Movie Maker 2.6
2011-07-20 18:39:17 -------- d-----w- C:\Users\Paul\AppData\Local\{B55C0925-8930-4B8B-8C19-4D2FC449356B}
2011-07-20 18:39:16 -------- d-----w- C:\Users\Paul\AppData\Local\{30398FCE-DF96-4B17-9E64-0B28743BC4EB}
2011-07-20 15:51:44 -------- d-----w- C:\ProgramData\Giraffic
2011-07-20 15:51:44 -------- d-----w- C:\Program Files (x86)\Giraffic
2011-07-20 15:51:26 -------- d-----w- C:\Program Files (x86)\Veoh Networks
2011-07-13 11:35:59 3134464 ----a-w- C:\Windows\System32\win32k.sys
2011-07-13 11:34:35 2048 ----a-w- C:\Windows\SysWow64\user.exe
2011-07-12 23:20:49 175616 ----a-w- C:\Windows\SysWow64\unrar.dll
2011-07-12 23:20:48 644608 ----a-w- C:\Windows\SysWow64\xvidcore.dll
2011-07-12 23:20:48 243200 ----a-w- C:\Windows\SysWow64\xvidvfw.dll
2011-07-12 23:20:48 237568 ----a-w- C:\Windows\SysWow64\yv12vfw.dll
2011-07-12 23:20:48 232448 ----a-w- C:\Windows\SysWow64\mp3fhg.acm
2011-07-12 23:20:48 151552 ----a-w- C:\Windows\SysWow64\ac3acm.acm
2011-07-12 23:20:43 -------- d-----w- C:\Program Files (x86)\K-Lite Codec Pack
2011-07-12 22:16:26 -------- d-----w- C:\Program Files (x86)\LD-Anime
2011-07-07 15:42:07 -------- d-----w- C:\Program Files (x86)\Hyperionics DB Toolbar
2011-07-07 15:41:36 -------- d-----w- C:\Program Files (x86)\HyperCam 2
2011-07-01 04:05:15 14336 ----a-w- C:\Windows\System32\drivers\sffp_sd.sys
2011-06-30 19:19:25 -------- d-----w- C:\ProgramData\IObit
2011-06-30 19:18:25 -------- d-----w- C:\Users\Paul\AppData\Roaming\IObit
2011-06-30 19:18:21 -------- d-----w- C:\Program Files (x86)\IObit
.
==================== Find3M ====================
.
2011-07-06 23:52:42 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-06 23:52:42 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-06-18 22:41:39 499712 ----a-w- C:\Windows\SysWow64\msvcp71.dll
2011-06-18 22:41:39 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2011-06-16 08:00:00 73216 ----a-w- C:\Windows\SysWow64\ff_vfw.dll
2011-06-02 06:45:22 362496 ----a-w- C:\Windows\System32\wow64win.dll
2011-06-02 06:45:22 243200 ----a-w- C:\Windows\System32\wow64.dll
2011-06-02 06:45:22 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2011-06-02 06:44:54 214528 ----a-w- C:\Windows\System32\winsrv.dll
2011-06-02 06:42:37 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2011-06-02 06:39:54 422400 ----a-w- C:\Windows\System32\KernelBase.dll
2011-06-02 06:35:56 338944 ----a-w- C:\Windows\System32\conhost.exe
2011-06-02 05:59:44 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2011-06-02 05:56:28 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2011-06-02 05:56:06 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2011-06-02 05:54:51 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2011-06-02 05:54:50 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2011-06-02 03:51:00 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2011-06-02 03:45:49 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-06-02 03:45:49 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-06-02 03:45:49 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-06-02 03:45:49 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-05-31 06:39:50 58368 ----a-w- C:\Windows\SysWow64\bdmpegv.dll
2011-05-31 06:39:48 62464 ----a-w- C:\Windows\System32\bdmpegv64.dll
2011-05-31 06:38:18 15360 ----a-w- C:\Windows\SysWow64\bdmjpeg.dll
2011-05-31 06:38:14 17920 ----a-w- C:\Windows\System32\bdmjpeg64.dll
2011-05-31 06:38:10 58368 ----a-w- C:\Windows\SysWow64\bdmpega.acm
2011-05-31 06:38:08 62976 ----a-w- C:\Windows\System32\bdmpega64.acm
2011-05-30 00:31:22 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-05-29 21:23:08 317520 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
2011-05-28 03:25:16 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-05-28 03:00:02 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-05-24 11:21:59 404992 ----a-w- C:\Windows\System32\umpnpmgr.dll
2011-05-24 10:34:20 64512 ----a-w- C:\Windows\SysWow64\devobj.dll
2011-05-24 10:34:20 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll
2011-05-24 10:34:00 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll
2011-05-24 10:32:46 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe
2011-05-17 18:51:08 18240 ----a-w- C:\Windows\System32\roboot64.exe
2011-05-04 08:52:22 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-05-04 05:30:38 2326016 ----a-w- C:\Windows\System32\tquery.dll
2011-05-04 05:28:07 779264 ----a-w- C:\Windows\System32\mssvp.dll
2011-05-04 05:28:07 2228224 ----a-w- C:\Windows\System32\mssrch.dll
2011-05-04 05:28:06 75264 ----a-w- C:\Windows\System32\msscntrs.dll
2011-05-04 05:28:06 491520 ----a-w- C:\Windows\System32\mssph.dll
2011-05-04 05:28:06 288256 ----a-w- C:\Windows\System32\mssphtb.dll
2011-05-04 05:24:09 593408 ----a-w- C:\Windows\System32\SearchIndexer.exe
2011-05-04 05:24:09 249856 ----a-w- C:\Windows\System32\SearchProtocolHost.exe
2011-05-04 05:24:09 113664 ----a-w- C:\Windows\System32\SearchFilterHost.exe
2011-05-04 04:53:10 1553920 ----a-w- C:\Windows\SysWow64\tquery.dll
2011-05-04 04:52:59 666624 ----a-w- C:\Windows\SysWow64\mssvp.dll
2011-05-04 04:52:59 59392 ----a-w- C:\Windows\SysWow64\msscntrs.dll
2011-05-04 04:52:59 337408 ----a-w- C:\Windows\SysWow64\mssph.dll
2011-05-04 04:52:59 197120 ----a-w- C:\Windows\SysWow64\mssphtb.dll
2011-05-04 04:52:59 1401856 ----a-w- C:\Windows\SysWow64\mssrch.dll
2011-05-04 04:52:12 86528 ----a-w- C:\Windows\SysWow64\SearchFilterHost.exe
2011-05-04 04:52:12 428032 ----a-w- C:\Windows\SysWow64\SearchIndexer.exe
2011-05-04 04:52:12 164352 ----a-w- C:\Windows\SysWow64\SearchProtocolHost.exe
2011-05-04 02:51:08 287744 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-05-04 02:51:08 157696 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2011-05-04 02:51:05 126464 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2011-05-03 05:21:22 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2011-05-03 04:50:29 740864 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2011-04-29 03:13:10 461312 ----a-w- C:\Windows\System32\drivers\srv.sys
2011-04-29 03:12:54 399872 ----a-w- C:\Windows\System32\drivers\srv2.sys
2011-04-29 03:12:37 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2011-04-27 02:57:40 102400 ----a-w- C:\Windows\System32\drivers\dfsc.sys
2011-04-25 05:32:22 1896832 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-04-25 02:44:02 499712 ----a-w- C:\Windows\System32\drivers\afd.sys
.
============= FINISH: 17:48:38.87 ===============

Attached Files

  • Attached File  FRST.txt   71.27KB   2 downloads


BC AdBot (Login to Remove)

 


#2 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:12:06 PM

Posted 02 August 2011 - 02:48 PM

Hi zayber, and welcome to Bleeping Computer.

Any reason to attach/give the FRST logfile??..

Please do the following:

Firstly,
Note: if you do have Malwarebytes' Anti-Malware already installed, just update the databases and run a quick scan...
Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Secondly,
Download OTL.exe by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe.
  • In the "Custom Scans/Fixes" window (under the light green bar) paste the following in bold:

    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

  • Click Run Scan and let the program run uninterrupted.
  • When the scan completes, it will open two Notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Post both logs in this thread.
  • You may need to use two posts to get it all.

c18903e63196580f.gif
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver


#3 snemelk

snemelk

    inżynier


  • Malware Response Team
  • 1,468 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Poland
  • Local time:12:06 PM

Posted 12 August 2011 - 03:54 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
c18903e63196580f.gif
snemelk.hekko.pl - my site with a few computer security tips...
Silesia - that's where I live!

"If I had some duct tape, I could fix that." - MacGyver





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users