Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

GOOGLE REDIRECT MALWARE


  • This topic is locked This topic is locked
29 replies to this topic

#1 ANONIMUS

ANONIMUS

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:01:26 PM

Posted 14 August 2011 - 07:29 AM

HI, I've got myself a google redirect problem thingy, i've already did the following scans seen in this link:

http://www.bleepingcomputer.com/forums/topic413707.html/page__gopid__2371288#entry2371288

but google still redirects.

i'm using windows 7 ultimate, and it redirects on firefox

i'm a com. noob, and i need help. thnx.

Pasting in GMER log from topic in AII. ~ OB


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-08-12 16:11:24
Windows 6.1.7600
Running: cco9p9fl.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0c6076bf50df
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 2
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files (x86)\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x24 0x71 0xFE 0x6C ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x81 0x8C 0xEF 0x40 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x93 0xC7 0x90 0x16 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x3E 0x1E 0xC1 0xB5 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x5D 0x9C 0x4D 0xF8 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x30 0xD8 0x94 0xFB ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0c6076bf50df (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0 C:\Program Files (x86)\Alcohol Soft\Alcohol 120\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x24 0x71 0xFE 0x6C ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew 0x81 0x8C 0xEF 0x40 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew 0x93 0xC7 0x90 0x16 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x3E 0x1E 0xC1 0xB5 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x5D 0x9C 0x4D 0xF8 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x30 0xD8 0x94 0xFB ...

---- EOF - GMER 1.0.15 ----

Edited by Orange Blossom, 14 August 2011 - 02:58 PM.


BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,493 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:02:26 PM

Posted 14 August 2011 - 11:21 AM

Hello. Please go here....
Preparation Guide ,do steps 6 & 7.

Create a DDS log and post it in this topic,thanks.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 ANONIMUS

ANONIMUS
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:01:26 PM

Posted 15 August 2011 - 08:23 PM

.
DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_26
Run by PETER at 8:20:38 on 2011-08-16
Microsoft Windows 7 Ultimate 6.1.7600.0.874.66.1033.18.4087.2348 [GMT 7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
C:\Windows\system32\taskhost.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Microsoft Security Client\msseces.exe
D:\RocketDock\RocketDock\RocketDock.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Steam\steam.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\GIZMO2\GIZMO.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Users\PETER\AppData\Local\GIZMO2\Data\deck\basic\basic.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files (x86)\Hotspot Shield\bin\openvpntray.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\PETER\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\PETER\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\PETER\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\PETER\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\PETER\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\PETER\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.mydtzone.com/startpage
uInternet Settings,ProxyOverride = local
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [RocketDock] "D:\RocketDock\RocketDock\RocketDock.exe"
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [GIZMO2] "C:\Program Files (x86)\GIZMO2\GIZMO.exe" -BootProcess
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{0721AE94-FDC6-47C5-964D-6A1C7C3E50A6} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{189B531A-5F61-473E-B22C-EBE62C6EEED9} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{189B531A-5F61-473E-B22C-EBE62C6EEED9}\044525555475946494 : DhcpNameServer = 10.42.254.26 10.42.254.10
TCP: Interfaces\{189B531A-5F61-473E-B22C-EBE62C6EEED9}\072716371646 : DhcpNameServer = 192.168.1.1 192.168.0.1 205.171.3.25
TCP: Interfaces\{189B531A-5F61-473E-B22C-EBE62C6EEED9}\16E64697E6564777F627B6 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{189B531A-5F61-473E-B22C-EBE62C6EEED9}\3716E676475616E6 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{189B531A-5F61-473E-B22C-EBE62C6EEED9}\759647A756C6D223E64635F6574786 : DhcpNameServer = 192.168.2.5 164.116.160.4 164.116.160.5
TCP: Interfaces\{189B531A-5F61-473E-B22C-EBE62C6EEED9}\C696E6B6379737 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{609A4F2E-3AFB-47B2-8AFA-41841F1625F2} : NameServer = 10.79.32.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ProgramData\Skype\Plugins\Plugins\C897D734DD7744E5BA342991851FDE91\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [GIZMO2] "C:\Program Files (x86)\GIZMO2\GIZMO.exe" -BootProcess
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\PETER\AppData\Roaming\Mozilla\Firefox\Profiles\rw6y6iyk.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.mydtzone.com/startpage|http://home.alot.com/?src_id=11511&client_id=d3ae98682d18882b8165b4ac&camp_id=1954&install_time=2010-11-04T19:59:25Z&tb_version=2.4.4000%28F%29
FF - prefs.js: keyword.URL - hxxp://search.alot.com/web?&src_id=11511&client_id=d3ae98682d18882b8165b4ac&camp_id=1954&install_time=2010-11-04T19:59:25Z&tb_version=2.4.4000%28F%29&pr=auto&q=
FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\PETER\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: C:\Users\PETER\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\PETER\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 PStrip64;PStrip64;C:\Windows\system32\drivers\pstrip64.sys --> C:\Windows\system32\drivers\pstrip64.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-13 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-7-19 139648]
R2 hshld;Hotspot Shield Service;C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe [2011-7-2 298824]
R2 HssWd;Hotspot Shield Monitoring Service;C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -product HSS --> C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -product HSS [?]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-8-11 366640]
R2 StarWindServiceAE;StarWind AE Service;C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2009-12-24 370688]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\system32\drivers\LVUSBS64.sys --> C:\Windows\system32\drivers\LVUSBS64.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-19 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-19 138576]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\Windows\system32\DRIVERS\AcpiVpc.sys --> C:\Windows\system32\DRIVERS\AcpiVpc.sys [?]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-1 183560]
S3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;C:\Program Files (x86)\BitComet\tools\BitCometService.exe -service --> C:\Program Files (x86)\BitComet\tools\BitCometService.exe -service [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-08-16 01:13:20 -------- d-----w- C:\Users\PETER\AppData\Local\{DC405C4B-C9AA-4985-B9DA-0A63D31F6C6E}
2011-08-16 01:13:06 -------- d-----w- C:\Users\PETER\AppData\Local\{88893831-77D0-4015-9C19-D9A2DD6007D3}
2011-08-16 01:08:06 -------- d-----w- C:\Users\PETER\AppData\Local\{ADA42DA1-27ED-468C-95DE-481FC9D750DF}
2011-08-16 01:07:53 -------- d-----w- C:\Users\PETER\AppData\Local\{FCE09F1C-CD59-4E3B-9FC9-71A2754A4784}
2011-08-15 00:33:56 8578896 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{78FCF69A-7A96-46E1-9015-8D0DA9DBA3AD}\mpengine.dll
2011-08-14 03:02:13 -------- d-----w- C:\Users\PETER\AppData\Local\{DC7644C2-4020-478E-BE46-3DEA2BC78B0E}
2011-08-14 03:02:00 -------- d-----w- C:\Users\PETER\AppData\Local\{FB122637-126B-4A0B-98AD-4AFF6BC0CCA4}
2011-08-13 16:17:28 -------- d-----w- C:\Users\PETER\AppData\Local\{06296C01-8DDB-4C24-9210-91FCFAAA3CBE}
2011-08-13 16:17:13 -------- d-----w- C:\Users\PETER\AppData\Local\{C803A73E-3172-4663-AD84-97B951A3707F}
2011-08-13 10:17:34 -------- d-----w- C:\Users\PETER\AppData\Local\{5C1EBDAA-6F89-416C-8506-63B6273E5D3C}
2011-08-13 10:17:21 -------- d-----w- C:\Users\PETER\AppData\Local\{17F80B79-5F57-4CA5-A58A-3332C902BF6E}
2011-08-13 02:14:05 -------- d-----w- C:\Users\PETER\AppData\Local\{C233B809-DF46-4129-B756-E06384D1A0AF}
2011-08-13 00:09:47 -------- d-----w- C:\Users\PETER\AppData\Local\{F17DE370-A6CE-49B7-9D1C-F89C1FC83D07}
2011-08-12 13:56:04 -------- d-----w- C:\Windows\usgwmt
2011-08-12 13:09:10 -------- d-----w- C:\Users\PETER\AppData\Local\{D8C196B5-A463-4FB5-8F5E-13BF94F9866E}
2011-08-12 07:30:41 -------- d-----w- C:\Users\PETER\AppData\Local\{707B0519-39AE-4C0E-97D6-663E9E4D8A32}
2011-08-12 07:30:29 -------- d-----w- C:\Users\PETER\AppData\Local\{B4AA3D3B-1CDA-4974-BA55-EB2326D79412}
2011-08-12 07:27:17 -------- d-----w- C:\Users\PETER\AppData\Local\{8401873C-152C-477A-B437-CEE39044E909}
2011-08-12 07:27:05 -------- d-----w- C:\Users\PETER\AppData\Local\{4F94852B-87D8-467C-A508-1008F7FCD2B3}
2011-08-12 04:42:00 601424 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E5C96789-E597-4988-B24E-4141F80D228B}\gapaengine.dll
2011-08-12 04:18:15 -------- d-----w- C:\Users\PETER\AppData\Local\{C98EE2F1-4A9D-489E-9EC1-37414AF61215}
2011-08-11 16:26:50 -------- d-----w- C:\Users\PETER\AppData\Roaming\SUPERAntiSpyware.com
2011-08-11 16:26:32 -------- d-----w- C:\ProgramData\!SASCORE
2011-08-11 16:26:29 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2011-08-11 16:26:29 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2011-08-11 16:19:41 -------- d-----w- C:\Users\PETER\AppData\Local\{DCBF41EF-F394-45C9-8B4E-A580208DE755}
2011-08-11 16:19:27 -------- d-----w- C:\Users\PETER\AppData\Local\{E89EA3A1-E5CF-4195-AFD3-8DCEBF65FC67}
2011-08-11 14:40:37 -------- d-----w- C:\Users\PETER\AppData\Roaming\Malwarebytes
2011-08-11 14:40:30 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-08-11 14:40:29 -------- d-----w- C:\ProgramData\Malwarebytes
2011-08-11 14:40:26 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-08-11 14:40:25 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-08-11 07:40:54 338432 ----a-w- C:\Windows\System32\conhost.exe
2011-08-11 00:39:41 -------- d-----w- C:\Users\PETER\AppData\Local\{CDA63862-F77F-4387-A87E-047FBEE106CB}
2011-08-11 00:39:28 -------- d-----w- C:\Users\PETER\AppData\Local\{6EDFE174-3539-4739-A855-C44FB2FC0615}
2011-08-11 00:39:01 -------- d-sh--w- C:\$RECYCLE.BIN
2011-08-10 07:37:42 98816 ----a-w- C:\Windows\sed.exe
2011-08-10 07:37:42 518144 ----a-w- C:\Windows\SWREG.exe
2011-08-10 07:37:42 256000 ----a-w- C:\Windows\PEV.exe
2011-08-10 07:37:42 208896 ----a-w- C:\Windows\MBR.exe
2011-08-10 07:20:09 -------- d-----w- C:\Users\PETER\AppData\Local\{3D33642F-C40D-4024-9D91-59949D52237E}
2011-08-10 07:19:57 -------- d-----w- C:\Users\PETER\AppData\Local\{5A5AE471-3285-494E-9B5D-5F41E1113400}
2011-08-10 07:10:51 55384 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys
2011-08-09 16:14:01 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2011-08-09 16:13:31 8578896 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
2011-08-09 00:22:47 -------- d-----w- C:\Users\PETER\AppData\Local\{365EC468-9432-46DE-9A83-A283F1B4C741}
2011-08-09 00:22:27 -------- d-----w- C:\Users\PETER\AppData\Local\{1F7BD95E-CBB7-4FE9-9AB9-D238F777ABCD}
2011-08-08 13:29:59 -------- d-----w- C:\Users\PETER\AppData\Local\{2A803003-2C58-40A6-87B0-C9FEED203D01}
2011-08-08 01:29:50 -------- d-----w- C:\Users\PETER\AppData\Local\{EE5F521B-BBA8-4205-B9D7-B13C4456B523}
2011-08-06 11:53:50 -------- d-----w- C:\Users\PETER\AppData\Local\{634E5F59-5A25-47EB-9B5B-3758CC060D91}
2011-08-06 11:53:38 -------- d-----w- C:\Users\PETER\AppData\Local\{1BC3456F-F84B-4ACE-B452-E1DBB1823148}
2011-08-06 01:54:09 -------- d-----w- C:\Users\PETER\AppData\Local\{37B9F7F9-20E0-4E84-AEA8-9FF202DD7410}
2011-08-06 00:38:18 -------- d-----w- C:\Users\PETER\AppData\Local\{D22126E1-37EF-4098-A289-6EFC2DF0D08D}
2011-08-05 16:31:42 -------- d-----w- C:\Users\PETER\AppData\Local\{7E80E838-5B33-4742-A568-6E8BF6D9DC63}
2011-08-05 05:19:08 -------- d-----w- C:\Windows\C5C1C0F0D62F4DBF81D4D7EF397C228B.TMP
2011-08-05 00:25:33 -------- d-----w- C:\Users\PETER\AppData\Local\{0DA7CB36-9538-4527-B8C9-56B4E1B09792}
2011-08-04 12:49:27 -------- d-----w- C:\Users\PETER\AppData\Local\{E2F3385A-213B-48A6-9B95-72B612402207}
2011-08-04 02:42:14 -------- d-----w- C:\Users\PETER\AppData\Local\{59C1A52D-D603-4790-BDA4-6E45D130F88E}
2011-08-02 14:03:25 -------- d-----w- C:\ProgramData\Solidshield
2011-08-02 14:02:59 1896960 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\{90dc8595-6143-2214-17bc-aff9604b03ab}\components\47615809.dll
2011-08-02 01:08:53 -------- d-----w- C:\Users\PETER\AppData\Local\{C2A24C30-F839-4682-A294-20CEFB994D91}
2011-07-31 00:13:46 -------- d-----w- C:\Users\PETER\AppData\Local\{4B06A77E-BF10-46C7-B938-9B3C9CA9D261}
2011-07-30 12:34:21 -------- d-----w- C:\Users\PETER\AppData\Local\{C8186B9E-100C-405E-B55B-AF21CBBCC7A8}
2011-07-30 01:40:05 -------- d-----w- C:\Users\PETER\AppData\Local\{30FDDE31-7786-415D-A0C1-DA44CE33C546}
2011-07-29 00:46:49 -------- d-----w- C:\Users\PETER\AppData\Local\{008B8B6B-D79B-4D96-9749-6292A25C99B4}
2011-07-28 02:34:33 -------- d-----w- C:\Users\PETER\AppData\Local\{483993F9-5236-4E5A-A206-9845E0126C5B}
2011-07-27 14:34:07 -------- d-----w- C:\Users\PETER\AppData\Local\{6B28B3C6-4F3A-459D-87CE-6EA5E780AE9B}
2011-07-27 03:27:30 -------- d-----w- C:\Users\PETER\AppData\Local\{F1DDC4FE-89FF-41AF-94C4-1F3ABB64FBEE}
2011-07-25 14:24:07 -------- d-----w- C:\Users\PETER\AppData\Local\{F897F915-4A36-440F-B9BE-E3C12EA5A1E4}
2011-07-25 01:18:46 -------- d-----w- C:\Users\PETER\AppData\Local\{1639E943-9E25-43B6-B811-FA7F033BDF6C}
2011-07-24 10:43:19 29288 ----a-w- C:\Windows\System32\nvhdap64.dll
2011-07-24 10:43:19 255592 ----a-w- C:\Windows\System32\nvcohda6.dll
2011-07-24 10:43:19 131688 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys
2011-07-24 10:43:11 930272 ----a-w- C:\Windows\System32\dpinst.exe
2011-07-24 10:43:04 260712 ----a-w- C:\Windows\System32\nvcod1922.dll
2011-07-24 10:43:04 260712 ----a-w- C:\Windows\System32\nvcod.dll
2011-07-24 10:38:43 -------- d-----w- C:\Program Files (x86)\SystemRequirementsLab
2011-07-24 00:41:07 -------- d-----w- C:\Users\PETER\AppData\Local\{77E8DF86-1145-4621-9DA5-3D1971928952}
2011-07-23 01:41:06 -------- d-----w- C:\Users\PETER\AppData\Local\{51F735F2-8B1F-4987-8CD6-0D946BA4B5C1}
2011-07-22 08:09:04 -------- d-----w- C:\Users\PETER\AppData\Local\{F915A969-C7EE-4EE7-AE00-4FED3BBDCA9D}
2011-07-21 00:51:39 -------- d-----w- C:\Users\PETER\AppData\Local\{981966C7-AA94-4538-BAA8-A1D9D8E65E4B}
2011-07-20 00:47:18 -------- d-----w- C:\Users\PETER\AppData\Local\{A2D6D6CD-8866-4BE3-A2A8-152FC45DAB8C}
2011-07-19 12:40:36 -------- d-----w- C:\Users\PETER\AppData\Local\{8A3887EC-D902-450B-9CC0-62491955CCEE}
2011-07-19 00:40:11 -------- d-----w- C:\Users\PETER\AppData\Local\{CCEC1E92-1697-475D-A49D-F51A63E2D02C}
2011-07-18 01:07:48 -------- d-----w- C:\Users\PETER\AppData\Local\{BEAD166E-C51A-4AB0-B1F7-BD39B291F9C0}
2011-07-17 04:09:32 -------- d-----w- C:\Users\PETER\AppData\Roaming\AnvSoft
2011-07-17 04:09:17 -------- d-----w- C:\Program Files (x86)\AnvSoft
2011-07-17 03:43:45 -------- d-----w- C:\Users\PETER\AppData\Roaming\youjizz
2011-07-17 03:43:45 -------- d-----w- C:\Users\PETER\AppData\Roaming\Obsidium
2011-07-17 03:43:34 -------- d-----w- C:\Program Files (x86)\YouJee
2011-07-17 03:32:35 -------- d-----w- C:\Users\PETER\AppData\Local\Thinstall
.
==================== Find3M ====================
.
2011-07-22 05:35:08 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-07-22 04:56:17 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-07-16 05:26:54 362496 ----a-w- C:\Windows\System32\wow64win.dll
2011-07-16 05:26:53 243200 ----a-w- C:\Windows\System32\wow64.dll
2011-07-16 05:26:53 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2011-07-16 05:26:18 214528 ----a-w- C:\Windows\System32\winsrv.dll
2011-07-16 05:24:09 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2011-07-16 05:21:32 422400 ----a-w- C:\Windows\System32\KernelBase.dll
2011-07-16 04:36:09 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2011-07-16 04:32:14 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2011-07-16 04:31:50 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2011-07-16 04:30:29 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2011-07-16 04:30:27 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2011-07-16 02:26:12 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2011-07-16 02:26:11 2048 ----a-w- C:\Windows\SysWow64\user.exe
2011-07-16 02:21:47 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:21:47 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:21:47 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:21:47 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-07-09 02:44:55 287744 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-06-23 05:29:39 5507968 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-06-23 04:38:05 3957120 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2011-06-23 04:38:04 3902336 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2011-06-21 06:27:14 1896832 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-06-21 06:20:48 1197056 ----a-w- C:\Windows\System32\wininet.dll
2011-06-21 06:20:06 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2011-06-21 05:36:36 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-06-21 05:35:05 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2011-06-21 05:05:13 482816 ----a-w- C:\Windows\System32\html.iec
2011-06-21 04:26:02 386048 ----a-w- C:\Windows\SysWow64\html.iec
2011-06-15 09:58:31 212992 ----a-w- C:\Windows\System32\odbctrac.dll
2011-06-15 09:58:31 163840 ----a-w- C:\Windows\System32\odbccp32.dll
2011-06-15 09:58:31 106496 ----a-w- C:\Windows\System32\odbccu32.dll
2011-06-15 09:58:31 106496 ----a-w- C:\Windows\System32\odbccr32.dll
2011-06-15 09:04:46 86016 ----a-w- C:\Windows\SysWow64\odbccu32.dll
2011-06-15 09:04:46 81920 ----a-w- C:\Windows\SysWow64\odbccr32.dll
2011-06-15 09:04:46 319488 ----a-w- C:\Windows\SysWow64\odbcjt32.dll
2011-06-15 09:04:46 163840 ----a-w- C:\Windows\SysWow64\odbctrac.dll
2011-06-15 09:04:46 122880 ----a-w- C:\Windows\SysWow64\odbccp32.dll
2011-06-11 02:56:44 3134464 ----a-w- C:\Windows\System32\win32k.sys
2011-05-24 23:40:12 56832 ----a-w- C:\Windows\System32\drivers\HssDrv.sys
2011-05-24 11:21:59 404992 ----a-w- C:\Windows\System32\umpnpmgr.dll
2011-05-24 10:34:20 64512 ----a-w- C:\Windows\SysWow64\devobj.dll
2011-05-24 10:34:20 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll
2011-05-24 10:34:00 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll
2011-05-24 10:32:46 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe
2011-05-19 02:53:41 466456 ----a-w- C:\Windows\System32\wrap_oal.dll
2011-05-19 02:53:40 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2011-05-19 02:53:40 122904 ----a-w- C:\Windows\System32\OpenAL32.dll
2011-05-19 02:53:40 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
.
============= FINISH: 8:22:03.10 ===============

#4 ANONIMUS

ANONIMUS
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:01:26 PM

Posted 17 August 2011 - 01:01 AM

I am now also recieving some norton security scan pop-up on my desktop asking me to scan, but i ended the process through task manager, does this have to do with the malware?

#5 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,320 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:09:26 PM

Posted 19 August 2011 - 04:22 AM

Hello ,
And :welcome: to the Bleeping Computer Malware Removal Forum
. My name is Elise and I'll be glad to help you with your computer problems.


I will be working on your malware issues, this may or may not solve other issues you may have with your machine.

Please note that whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
  • The cleaning process is not instant. Logs can take some time to research, so please be patient with me. I know that you need your computer working as quickly as possible, and I will work hard to help see that happen.
  • Please reply using the Add/Reply button in the lower right hand corner of your screen. Do not start a new topic.
  • The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Unfortunately, if I do not hear back from you within 5 days, I will be forced to close your topic. If you still need help after I have closed your topic, send me or a moderator a personal message with the address of the thread or feel free to create a new one.
You may want to keep the link to this topic in your favorites. Alternatively, you can click the button at the top bar of this topic and Track this Topic, where you can choose email notifications. The topics you are tracking are shown here.
-----------------------------------------------------------

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
If you have already posted a log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

-------------------------------------------------------------
In the meantime please, do NOT install any new programs or update anything unless told to do so while we are fixing your problem

If you still need help, please include the following in your next reply
  • A detailed description of your problems
  • A new DDS log (don't forget attach.txt)

Thanks and again sorry for the delay.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#6 ANONIMUS

ANONIMUS
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:01:26 PM

Posted 20 August 2011 - 12:41 PM

Hi, i do not know much about my problem, but i believe it to be some kind of malware, that redirects google links, and that's it. i believe you know what it is, thnx

DDS LOG:


.
DDS (Ver_2011-06-23.01) - NTFSAMD64
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_26
Run by PETER at 0:26:12 on 2011-08-21
Microsoft Windows 7 Ultimate 6.1.7600.0.874.66.1033.18.4087.1802 [GMT 7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
D:\RocketDock\RocketDock\RocketDock.exe
C:\Program Files (x86)\Steam\steam.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Hotspot Shield\bin\openvpntray.exe
C:\Users\PETER\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\PETER\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\PETER\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\PETER\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\PETER\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\PETER\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\PETER\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\PETER\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\PETER\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.mydtzone.com/startpage
uInternet Settings,ProxyOverride = local
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [RocketDock] "D:\RocketDock\RocketDock\RocketDock.exe"
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [GIZMO2] "C:\Program Files (x86)\GIZMO2\GIZMO.exe" -BootProcess
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{0721AE94-FDC6-47C5-964D-6A1C7C3E50A6} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{189B531A-5F61-473E-B22C-EBE62C6EEED9} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{189B531A-5F61-473E-B22C-EBE62C6EEED9}\044525555475946494 : DhcpNameServer = 10.42.254.26 10.42.254.10
TCP: Interfaces\{189B531A-5F61-473E-B22C-EBE62C6EEED9}\072716371646 : DhcpNameServer = 192.168.1.1 192.168.0.1 205.171.3.25
TCP: Interfaces\{189B531A-5F61-473E-B22C-EBE62C6EEED9}\16E64697E6564777F627B6 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{189B531A-5F61-473E-B22C-EBE62C6EEED9}\3716E676475616E6 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{189B531A-5F61-473E-B22C-EBE62C6EEED9}\759647A756C6D223E64635F6574786 : DhcpNameServer = 192.168.2.5 164.116.160.4 164.116.160.5
TCP: Interfaces\{189B531A-5F61-473E-B22C-EBE62C6EEED9}\C696E6B6379737 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{609A4F2E-3AFB-47B2-8AFA-41841F1625F2} : NameServer = 10.76.120.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ProgramData\Skype\Plugins\Plugins\C897D734DD7744E5BA342991851FDE91\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [GIZMO2] "C:\Program Files (x86)\GIZMO2\GIZMO.exe" -BootProcess
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\PETER\AppData\Roaming\Mozilla\Firefox\Profiles\rw6y6iyk.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.mydtzone.com/startpage|http://home.alot.com/?src_id=11511&client_id=d3ae98682d18882b8165b4ac&camp_id=1954&install_time=2010-11-04T19:59:25Z&tb_version=2.4.4000%28F%29
FF - prefs.js: keyword.URL - hxxp://search.alot.com/web?&src_id=11511&client_id=d3ae98682d18882b8165b4ac&camp_id=1954&install_time=2010-11-04T19:59:25Z&tb_version=2.4.4000%28F%29&pr=auto&q=
FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\PETER\AppData\Local\Google\Update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: C:\Users\PETER\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\PETER\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R1 PStrip64;PStrip64;C:\Windows\system32\drivers\pstrip64.sys --> C:\Windows\system32\drivers\pstrip64.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-13 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-7-19 140672]
R2 hshld;Hotspot Shield Service;C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe [2011-7-2 298824]
R2 HssWd;Hotspot Shield Monitoring Service;C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -product HSS --> C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -product HSS [?]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-8-11 366640]
R2 StarWindServiceAE;StarWind AE Service;C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2009-12-24 370688]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?]
R3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\system32\drivers\LVUSBS64.sys --> C:\Windows\system32\drivers\LVUSBS64.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-19 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-19 138576]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\Windows\system32\DRIVERS\AcpiVpc.sys --> C:\Windows\system32\DRIVERS\AcpiVpc.sys [?]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-1 183560]
S3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;C:\Program Files (x86)\BitComet\tools\BitCometService.exe -service --> C:\Program Files (x86)\BitComet\tools\BitCometService.exe -service [?]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-08-20 15:10:20 8862544 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{C9B0A300-AD6B-44F1-BD8F-86DFCAAC05A1}\mpengine.dll
2011-08-20 15:01:49 -------- d-----w- C:\Users\PETER\AppData\Local\{1F3EF554-A455-413E-B98A-38DE9BCFEC15}
2011-08-20 00:37:49 -------- d-----w- C:\Users\PETER\AppData\Local\{FE905F4E-3BDB-41E4-8EFD-60C2DC5640A8}
2011-08-20 00:37:36 -------- d-----w- C:\Users\PETER\AppData\Local\{E0B7B06B-6CE0-42B5-B671-B1D993ED6D09}
2011-08-19 13:45:26 -------- d-----w- C:\Users\PETER\AppData\Local\{2A1EA5E1-EDE9-44FC-84AA-994C4894A127}
2011-08-19 13:45:11 -------- d-----w- C:\Users\PETER\AppData\Local\{B3C6DE1C-0711-496B-8BC3-5EC562F6DD5A}
2011-08-18 04:46:30 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-08-18 00:18:20 -------- d-----w- C:\Windows\System32\drivers\NSSx64\0305010.006
2011-08-18 00:18:20 -------- d-----w- C:\Windows\System32\drivers\NSSx64
2011-08-18 00:18:16 -------- d-----w- C:\Program Files (x86)\NortonInstaller
2011-08-18 00:16:41 -------- d-----w- C:\Users\PETER\AppData\Local\{B862C80E-5DE2-4364-9CF8-44501B874C48}
2011-08-18 00:16:28 -------- d-----w- C:\Users\PETER\AppData\Local\{632C5D96-F391-4563-9D54-C19D3FB43129}
2011-08-18 00:13:54 -------- d-----w- C:\Users\PETER\AppData\Local\{6B8D95DF-21DF-44FE-98D9-4B210BFA9321}
2011-08-18 00:13:42 -------- d-----w- C:\Users\PETER\AppData\Local\{E332FD6B-014D-4645-ACD8-ABEFA0EAA514}
2011-08-17 13:05:54 -------- d-----w- C:\Users\PETER\AppData\Local\{D34F62C4-D3C1-4FCB-AE01-D71498CEFF36}
2011-08-17 13:05:41 -------- d-----w- C:\Users\PETER\AppData\Local\{315EADBB-302B-4DBC-A326-6E297BBC3A1D}
2011-08-17 05:55:20 -------- d-----w- C:\ProgramData\Symantec
2011-08-17 05:55:14 -------- d-----w- C:\ProgramData\Norton
2011-08-17 05:55:12 -------- d-----w- C:\ProgramData\NortonInstaller
2011-08-17 03:54:53 -------- d-----w- C:\Windows\SysWow64\Adobe
2011-08-17 02:50:28 -------- d-----w- C:\Users\PETER\AppData\Local\{2A935ACE-A0AF-4E85-8470-E58CFAA5892B}
2011-08-17 02:50:16 -------- d-----w- C:\Users\PETER\AppData\Local\{BC000BCA-3834-4311-A199-A631645FEBA2}
2011-08-17 01:57:54 -------- d-----w- C:\Users\PETER\AppData\Local\{CFAE0F52-631D-4FE8-99C6-44DD4761195E}
2011-08-17 01:02:11 -------- d-----w- C:\Users\PETER\AppData\Local\Opera
2011-08-17 00:33:35 -------- d-----w- C:\Users\PETER\AppData\Local\{CEAECF4D-1487-4D51-BF6E-A0FEB0A52D61}
2011-08-17 00:33:23 -------- d-----w- C:\Users\PETER\AppData\Local\{46F5F5CE-D83A-40FF-A92A-DF7B56AD4E56}
2011-08-16 02:22:34 -------- d-----w- C:\Users\PETER\AppData\Local\{B2184931-F12E-4669-844C-DAD0EA72B096}
2011-08-16 02:22:18 -------- d-----w- C:\Users\PETER\AppData\Local\{1E1937A8-1403-45A7-8258-3746FBB2B9E7}
2011-08-16 01:13:20 -------- d-----w- C:\Users\PETER\AppData\Local\{DC405C4B-C9AA-4985-B9DA-0A63D31F6C6E}
2011-08-16 01:13:06 -------- d-----w- C:\Users\PETER\AppData\Local\{88893831-77D0-4015-9C19-D9A2DD6007D3}
2011-08-16 01:08:06 -------- d-----w- C:\Users\PETER\AppData\Local\{ADA42DA1-27ED-468C-95DE-481FC9D750DF}
2011-08-16 01:07:53 -------- d-----w- C:\Users\PETER\AppData\Local\{FCE09F1C-CD59-4E3B-9FC9-71A2754A4784}
2011-08-14 03:02:13 -------- d-----w- C:\Users\PETER\AppData\Local\{DC7644C2-4020-478E-BE46-3DEA2BC78B0E}
2011-08-14 03:02:00 -------- d-----w- C:\Users\PETER\AppData\Local\{FB122637-126B-4A0B-98AD-4AFF6BC0CCA4}
2011-08-13 16:17:28 -------- d-----w- C:\Users\PETER\AppData\Local\{06296C01-8DDB-4C24-9210-91FCFAAA3CBE}
2011-08-13 16:17:13 -------- d-----w- C:\Users\PETER\AppData\Local\{C803A73E-3172-4663-AD84-97B951A3707F}
2011-08-13 10:17:34 -------- d-----w- C:\Users\PETER\AppData\Local\{5C1EBDAA-6F89-416C-8506-63B6273E5D3C}
2011-08-13 10:17:21 -------- d-----w- C:\Users\PETER\AppData\Local\{17F80B79-5F57-4CA5-A58A-3332C902BF6E}
2011-08-13 02:14:05 -------- d-----w- C:\Users\PETER\AppData\Local\{C233B809-DF46-4129-B756-E06384D1A0AF}
2011-08-13 00:09:47 -------- d-----w- C:\Users\PETER\AppData\Local\{F17DE370-A6CE-49B7-9D1C-F89C1FC83D07}
2011-08-12 13:56:04 -------- d-----w- C:\Windows\usgwmt
2011-08-12 13:09:10 -------- d-----w- C:\Users\PETER\AppData\Local\{D8C196B5-A463-4FB5-8F5E-13BF94F9866E}
2011-08-12 07:30:41 -------- d-----w- C:\Users\PETER\AppData\Local\{707B0519-39AE-4C0E-97D6-663E9E4D8A32}
2011-08-12 07:30:29 -------- d-----w- C:\Users\PETER\AppData\Local\{B4AA3D3B-1CDA-4974-BA55-EB2326D79412}
2011-08-12 07:27:17 -------- d-----w- C:\Users\PETER\AppData\Local\{8401873C-152C-477A-B437-CEE39044E909}
2011-08-12 07:27:05 -------- d-----w- C:\Users\PETER\AppData\Local\{4F94852B-87D8-467C-A508-1008F7FCD2B3}
2011-08-12 04:42:00 601424 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E5C96789-E597-4988-B24E-4141F80D228B}\gapaengine.dll
2011-08-12 04:18:15 -------- d-----w- C:\Users\PETER\AppData\Local\{C98EE2F1-4A9D-489E-9EC1-37414AF61215}
2011-08-11 16:26:50 -------- d-----w- C:\Users\PETER\AppData\Roaming\SUPERAntiSpyware.com
2011-08-11 16:26:32 -------- d-----w- C:\ProgramData\!SASCORE
2011-08-11 16:26:29 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2011-08-11 16:26:29 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2011-08-11 16:19:41 -------- d-----w- C:\Users\PETER\AppData\Local\{DCBF41EF-F394-45C9-8B4E-A580208DE755}
2011-08-11 16:19:27 -------- d-----w- C:\Users\PETER\AppData\Local\{E89EA3A1-E5CF-4195-AFD3-8DCEBF65FC67}
2011-08-11 14:40:37 -------- d-----w- C:\Users\PETER\AppData\Roaming\Malwarebytes
2011-08-11 14:40:30 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-08-11 14:40:29 -------- d-----w- C:\ProgramData\Malwarebytes
2011-08-11 14:40:26 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-08-11 14:40:25 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-08-11 07:40:54 338432 ----a-w- C:\Windows\System32\conhost.exe
2011-08-11 00:39:41 -------- d-----w- C:\Users\PETER\AppData\Local\{CDA63862-F77F-4387-A87E-047FBEE106CB}
2011-08-11 00:39:28 -------- d-----w- C:\Users\PETER\AppData\Local\{6EDFE174-3539-4739-A855-C44FB2FC0615}
2011-08-11 00:39:01 -------- d-sh--w- C:\$RECYCLE.BIN
2011-08-10 07:37:42 98816 ----a-w- C:\Windows\sed.exe
2011-08-10 07:37:42 518144 ----a-w- C:\Windows\SWREG.exe
2011-08-10 07:37:42 256000 ----a-w- C:\Windows\PEV.exe
2011-08-10 07:37:42 208896 ----a-w- C:\Windows\MBR.exe
2011-08-10 07:20:09 -------- d-----w- C:\Users\PETER\AppData\Local\{3D33642F-C40D-4024-9D91-59949D52237E}
2011-08-10 07:19:57 -------- d-----w- C:\Users\PETER\AppData\Local\{5A5AE471-3285-494E-9B5D-5F41E1113400}
2011-08-10 07:10:51 55384 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys
2011-08-09 16:14:01 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2011-08-09 16:13:31 8578896 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll
2011-08-09 00:22:47 -------- d-----w- C:\Users\PETER\AppData\Local\{365EC468-9432-46DE-9A83-A283F1B4C741}
2011-08-09 00:22:27 -------- d-----w- C:\Users\PETER\AppData\Local\{1F7BD95E-CBB7-4FE9-9AB9-D238F777ABCD}
2011-08-08 13:29:59 -------- d-----w- C:\Users\PETER\AppData\Local\{2A803003-2C58-40A6-87B0-C9FEED203D01}
2011-08-08 01:29:50 -------- d-----w- C:\Users\PETER\AppData\Local\{EE5F521B-BBA8-4205-B9D7-B13C4456B523}
2011-08-06 11:53:50 -------- d-----w- C:\Users\PETER\AppData\Local\{634E5F59-5A25-47EB-9B5B-3758CC060D91}
2011-08-06 11:53:38 -------- d-----w- C:\Users\PETER\AppData\Local\{1BC3456F-F84B-4ACE-B452-E1DBB1823148}
2011-08-06 01:54:09 -------- d-----w- C:\Users\PETER\AppData\Local\{37B9F7F9-20E0-4E84-AEA8-9FF202DD7410}
2011-08-06 00:38:18 -------- d-----w- C:\Users\PETER\AppData\Local\{D22126E1-37EF-4098-A289-6EFC2DF0D08D}
2011-08-05 16:31:42 -------- d-----w- C:\Users\PETER\AppData\Local\{7E80E838-5B33-4742-A568-6E8BF6D9DC63}
2011-08-05 05:19:08 -------- d-----w- C:\Windows\C5C1C0F0D62F4DBF81D4D7EF397C228B.TMP
2011-08-05 00:25:33 -------- d-----w- C:\Users\PETER\AppData\Local\{0DA7CB36-9538-4527-B8C9-56B4E1B09792}
2011-08-04 12:49:27 -------- d-----w- C:\Users\PETER\AppData\Local\{E2F3385A-213B-48A6-9B95-72B612402207}
2011-08-04 02:42:14 -------- d-----w- C:\Users\PETER\AppData\Local\{59C1A52D-D603-4790-BDA4-6E45D130F88E}
2011-08-02 14:03:25 -------- d-----w- C:\ProgramData\Solidshield
2011-08-02 14:02:59 1896960 ----a-w- C:\Program Files (x86)\Mozilla Firefox\extensions\{90dc8595-6143-2214-17bc-aff9604b03ab}\components\47615809.dll
2011-08-02 01:08:53 -------- d-----w- C:\Users\PETER\AppData\Local\{C2A24C30-F839-4682-A294-20CEFB994D91}
2011-07-31 00:13:46 -------- d-----w- C:\Users\PETER\AppData\Local\{4B06A77E-BF10-46C7-B938-9B3C9CA9D261}
2011-07-30 12:34:21 -------- d-----w- C:\Users\PETER\AppData\Local\{C8186B9E-100C-405E-B55B-AF21CBBCC7A8}
2011-07-30 01:40:05 -------- d-----w- C:\Users\PETER\AppData\Local\{30FDDE31-7786-415D-A0C1-DA44CE33C546}
2011-07-29 00:46:49 -------- d-----w- C:\Users\PETER\AppData\Local\{008B8B6B-D79B-4D96-9749-6292A25C99B4}
2011-07-28 02:34:33 -------- d-----w- C:\Users\PETER\AppData\Local\{483993F9-5236-4E5A-A206-9845E0126C5B}
2011-07-27 14:34:07 -------- d-----w- C:\Users\PETER\AppData\Local\{6B28B3C6-4F3A-459D-87CE-6EA5E780AE9B}
2011-07-27 03:27:30 -------- d-----w- C:\Users\PETER\AppData\Local\{F1DDC4FE-89FF-41AF-94C4-1F3ABB64FBEE}
2011-07-25 14:24:07 -------- d-----w- C:\Users\PETER\AppData\Local\{F897F915-4A36-440F-B9BE-E3C12EA5A1E4}
2011-07-25 01:18:46 -------- d-----w- C:\Users\PETER\AppData\Local\{1639E943-9E25-43B6-B811-FA7F033BDF6C}
2011-07-24 10:43:19 29288 ----a-w- C:\Windows\System32\nvhdap64.dll
2011-07-24 10:43:19 255592 ----a-w- C:\Windows\System32\nvcohda6.dll
2011-07-24 10:43:19 131688 ----a-w- C:\Windows\System32\drivers\nvhda64v.sys
2011-07-24 10:43:11 930272 ----a-w- C:\Windows\System32\dpinst.exe
2011-07-24 10:43:04 260712 ----a-w- C:\Windows\System32\nvcod1922.dll
2011-07-24 10:43:04 260712 ----a-w- C:\Windows\System32\nvcod.dll
2011-07-24 10:38:43 -------- d-----w- C:\Program Files (x86)\SystemRequirementsLab
2011-07-24 00:41:07 -------- d-----w- C:\Users\PETER\AppData\Local\{77E8DF86-1145-4621-9DA5-3D1971928952}
2011-07-23 01:41:06 -------- d-----w- C:\Users\PETER\AppData\Local\{51F735F2-8B1F-4987-8CD6-0D946BA4B5C1}
2011-07-22 08:09:04 -------- d-----w- C:\Users\PETER\AppData\Local\{F915A969-C7EE-4EE7-AE00-4FED3BBDCA9D}
.
==================== Find3M ====================
.
2011-07-22 05:35:08 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-07-22 04:56:17 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-07-16 05:26:54 362496 ----a-w- C:\Windows\System32\wow64win.dll
2011-07-16 05:26:53 243200 ----a-w- C:\Windows\System32\wow64.dll
2011-07-16 05:26:53 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2011-07-16 05:26:18 214528 ----a-w- C:\Windows\System32\winsrv.dll
2011-07-16 05:24:09 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2011-07-16 05:21:32 422400 ----a-w- C:\Windows\System32\KernelBase.dll
2011-07-16 04:36:09 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2011-07-16 04:32:14 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2011-07-16 04:31:50 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2011-07-16 04:30:29 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2011-07-16 04:30:27 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2011-07-16 02:26:12 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2011-07-16 02:26:11 2048 ----a-w- C:\Windows\SysWow64\user.exe
2011-07-16 02:21:47 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:21:47 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:21:47 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:21:47 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-07-09 02:44:55 287744 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-06-23 05:29:39 5507968 ----a-w- C:\Windows\System32\ntoskrnl.exe
2011-06-23 04:38:05 3957120 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2011-06-23 04:38:04 3902336 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2011-06-21 06:27:14 1896832 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-06-21 06:20:48 1197056 ----a-w- C:\Windows\System32\wininet.dll
2011-06-21 06:20:06 57856 ----a-w- C:\Windows\System32\licmgr10.dll
2011-06-21 05:36:36 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-06-21 05:35:05 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
2011-06-21 05:05:13 482816 ----a-w- C:\Windows\System32\html.iec
2011-06-21 04:26:02 386048 ----a-w- C:\Windows\SysWow64\html.iec
2011-06-15 09:58:31 212992 ----a-w- C:\Windows\System32\odbctrac.dll
2011-06-15 09:58:31 163840 ----a-w- C:\Windows\System32\odbccp32.dll
2011-06-15 09:58:31 106496 ----a-w- C:\Windows\System32\odbccu32.dll
2011-06-15 09:58:31 106496 ----a-w- C:\Windows\System32\odbccr32.dll
2011-06-15 09:04:46 86016 ----a-w- C:\Windows\SysWow64\odbccu32.dll
2011-06-15 09:04:46 81920 ----a-w- C:\Windows\SysWow64\odbccr32.dll
2011-06-15 09:04:46 319488 ----a-w- C:\Windows\SysWow64\odbcjt32.dll
2011-06-15 09:04:46 163840 ----a-w- C:\Windows\SysWow64\odbctrac.dll
2011-06-15 09:04:46 122880 ----a-w- C:\Windows\SysWow64\odbccp32.dll
2011-06-11 02:56:44 3134464 ----a-w- C:\Windows\System32\win32k.sys
2011-05-24 23:40:12 56832 ----a-w- C:\Windows\System32\drivers\HssDrv.sys
2011-05-24 11:21:59 404992 ----a-w- C:\Windows\System32\umpnpmgr.dll
2011-05-24 10:34:20 64512 ----a-w- C:\Windows\SysWow64\devobj.dll
2011-05-24 10:34:20 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll
2011-05-24 10:34:00 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll
2011-05-24 10:32:46 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe
.
============= FINISH: 0:27:48.49 ===============


DOWNLOAD .TXT : http://www.4shared.com/file/-bufXUzH/DDS_LOG.htm


thnx.

#7 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,320 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:09:26 PM

Posted 20 August 2011 - 12:49 PM

Hi there, first lets run a rootkit scan.

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#8 ANONIMUS

ANONIMUS
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:01:26 PM

Posted 21 August 2011 - 09:06 AM

Hi, elise025, Rootkit, did not find anything. thnx.

#9 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,320 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:09:26 PM

Posted 21 August 2011 - 09:51 AM

Hi again,

COMBOFIX
---------------
Please download ComboFix from one of these locations:
Bleepingcomputer
ForoSpyware
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe and follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, or if you are running Vista, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\Combofix.txt in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#10 ANONIMUS

ANONIMUS
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:01:26 PM

Posted 22 August 2011 - 08:37 AM

Attached File  Combofix LOG.txt   305.15KB   3 downloads

Hi, the log was too long and i couldn't post it so please download the .txt attachment. thnx
oh, and it didn't ask me to install the recovery console either.

#11 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,320 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:09:26 PM

Posted 22 August 2011 - 10:04 AM

Hi again,
Are you still experiencing redirects at this point?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#12 ANONIMUS

ANONIMUS
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:01:26 PM

Posted 22 August 2011 - 11:39 AM

yes

#13 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,320 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:09:26 PM

Posted 22 August 2011 - 02:12 PM

Hi, if you connect through a router, please reset it. You can typically do this by pressing the reset button for approx 10 seconds with the router powered off. When done, let me know if the redirects are gone.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#14 ANONIMUS

ANONIMUS
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:01:26 PM

Posted 22 August 2011 - 07:06 PM

i'm using a wireless router...

Edited by ANONIMUS, 22 August 2011 - 09:39 PM.


#15 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,320 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:09:26 PM

Posted 23 August 2011 - 05:39 AM

That doesn't matter, you can just reset it. If you are not sure how to do it, look in the user manual, or let me know what model/number it is, so I can look it up.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users