Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Constant Google Redirect on wireless internet


  • This topic is locked This topic is locked
22 replies to this topic

#1 Niceneasy92

Niceneasy92

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:33 AM

Posted 12 September 2011 - 05:17 PM

I think I'm doing this right, I followed the preparation guide. Every time I'm over here at my house, I constantly get redirected to either a page saying "can't display fast-answers.com" or "cannot display googlesearch3.com" or something like that. Or it trys to take me to some shopping website, things like that. I never have that problem whenever I go to my mom's house and use the internet there, or my friends house, just here, so I figure it's a problem with the router somehow because there isn't a password on it and I live in a crowded neighborhood. And it always does it to my girlfriends computer too. It's my mother inlaw's and she refused to put a password on it. I run malware bytes often and it never finds anything I figured I would ask for help with this here just in case it actually is my computer. Here's my log DDS log and attach file. I would love some help with this when you can, I know you people probably get hit with these kinds of things alot.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by William at 17:50:45 on 2011-09-12
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3894.2535 [GMT -4:00]
.
AV: Panda Cloud Antivirus *Enabled/Updated* {86971480-9989-6750-B122-681A86518D59}
SP: Panda Cloud Antivirus *Enabled/Updated* {3DF6F564-BFB3-68DE-8B92-5368FDD6C7E4}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\SysWOW64\svchost.exe -k Akamai
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\Microsoft LifeCam\MSCamS64.exe
C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe
C:\windows\SysWOW64\PnkBstrA.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe
C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Western Digital\WD SmartWare\WDFME.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Google\Update\1.3.21.69\GoogleCrashHandler.exe
C:\windows\system32\sppsvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\vVX1000.exe
C:\Program Files (x86)\Internet Download Manager\IDMan.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUNMain.exe
C:\windows\system32\taskeng.exe
C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe
C:\Program Files\Logitech\SetPoint II\SetPointII.exe
C:\Windows\system32\PrintIsolationHost.exe
C:\Program Files\Western Digital\WD SmartWare\WDDMStatus.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://start.toshiba.com/g/
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = <local>
mWinlogon: Userinit=userinit.exe
BHO: IDM integration (IDMIEHlprObj Class): {0055c089-8582-441b-a0bf-17b458c2a3a8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
uRun: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
uRun: [Raptr] C:\PROGRA~2\Raptr\raptrstub.exe --startup
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [PSUNMain] "C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" /Traybar
mRun: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SETPOI~1.LNK - C:\Program Files (x86)\Logitech\SetPoint II\SetPointII.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WDQUIC~1.LNK - C:\Program Files (x86)\Western Digital\WD SmartWare\WDDMStatus.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {9BEF3FB8-E5E0-4494-BC59-7BAC1C9AD503}\lang0419
IE: {E3CB497B-E230-4445-8B34-13476822F867}\lang0419
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {9BEF3FB8-E5E0-4494-BC59-7BAC1C9AD503} - {DC8DD02C-C44B-47EE-8558-F1C17307A79A} - C:\PROGRA~2\COMMON~1\TIDYFA~1\AddToFav.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
IE: {E3CB497B-E230-4445-8B34-13476822F867} - {5AAF9669-C519-4AFF-BB6D-CCEE38D21C90} - C:\PROGRA~2\COMMON~1\TIDYFA~1\OpenFav.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
TCP: DhcpNameServer = 213.109.64.146 213.109.77.21 1.1.1.1
TCP: Interfaces\{FB26ED76-224A-4713-A2C7-A59AC9D3DCB4} : DhcpNameServer = 213.109.64.146 213.109.77.21 1.1.1.1
TCP: Interfaces\{FB26ED76-224A-4713-A2C7-A59AC9D3DCB4}\35D434 : DhcpNameServer = 192.168.2.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
IFEO: pcdiag.exe - "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
IFEO: smoothview.exe - "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
IFEO: tacsprop.exe - "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
IFEO: tfcconf.exe - "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
IFEO: tfcrst.exe - "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
BHO-X64: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
BHO-X64: IDM Helper - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
mRun-x64: [PSUNMain] "C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" /Traybar
mRun-x64: [TWebCamera REG_SZ "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun ]
mRun-x64: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
IE-X64: {9BEF3FB8-E5E0-4494-BC59-7BAC1C9AD503}\lang0419
IE-X64: {E3CB497B-E230-4445-8B34-13476822F867}\lang0419
IFEO-X64: pcdiag.exe - "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
IFEO-X64: smoothview.exe - "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
IFEO-X64: tacsprop.exe - "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
IFEO-X64: tfcconf.exe - "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
IFEO-X64: tfcrst.exe - "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
.
Note: multiple IFEO entries found. Please refer to Attach.txt
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\William\AppData\Roaming\Mozilla\Firefox\Profiles\wxzojnl2.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Sony\Media Go\npmediago.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
============= SERVICES / DRIVERS ===============
.
R1 PSINKNC;PSINKNC;C:\windows\system32\DRIVERS\psinknc.sys --> C:\windows\system32\DRIVERS\psinknc.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 Akamai;Akamai NetSession Interface;C:\windows\System32\svchost.exe -k Akamai [2009-7-13 20992]
R2 IDMWFP;IDMWFP;C:\windows\system32\DRIVERS\idmwfp.sys --> C:\windows\system32\DRIVERS\idmwfp.sys [?]
R2 NanoServiceMain;Panda Cloud Antivirus Service;C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe [2011-4-28 140608]
R2 PSINAflt;PSINAflt;C:\windows\system32\DRIVERS\PSINAflt.sys --> C:\windows\system32\DRIVERS\PSINAflt.sys [?]
R2 PSINFile;PSINFile;C:\windows\system32\DRIVERS\PSINFile.sys --> C:\windows\system32\DRIVERS\PSINFile.sys [?]
R2 PSINProc;PSINProc;C:\windows\system32\DRIVERS\PSINProc.sys --> C:\windows\system32\DRIVERS\PSINProc.sys [?]
R2 PSINProt;PSINProt;C:\windows\system32\DRIVERS\PSINProt.sys --> C:\windows\system32\DRIVERS\PSINProt.sys [?]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-9-11 1153368]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2011-9-1 2027840]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\system32\DRIVERS\TVALZFL.sys --> C:\windows\system32\DRIVERS\TVALZFL.sys [?]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-8-26 2320920]
R2 WDDMService;WDDMService;C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe [2011-8-1 317328]
R2 WDFMEService;WDFMEService;C:\Program Files\Western Digital\WD SmartWare\WDFME.exe [2011-8-1 1978256]
R2 WDRulesService;WDRulesService;C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe [2011-8-1 1338256]
R3 HECIx64;Intel® Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\windows\system32\DRIVERS\Impcd.sys --> C:\windows\system32\DRIVERS\Impcd.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\system32\DRIVERS\L1C62x64.sys --> C:\windows\system32\DRIVERS\L1C62x64.sys [?]
R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?]
R3 QIOMem;Generic IO & Memory Access;C:\windows\system32\DRIVERS\QIOMem.sys --> C:\windows\system32\DRIVERS\QIOMem.sys [?]
R3 rtl8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\system32\DRIVERS\rtl8192Ce.sys --> C:\windows\system32\DRIVERS\rtl8192Ce.sys [?]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [2011-6-6 11856]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-15 136176]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-15 136176]
S3 npggsvc;nProtect GameGuard Service;C:\windows\system32\GameMon.des -service --> C:\windows\system32\GameMon.des -service [?]
S3 Revoflt;Revoflt;C:\windows\system32\DRIVERS\revoflt.sys --> C:\windows\system32\DRIVERS\revoflt.sys [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\windows\system32\DRIVERS\VSTAZL6.SYS --> C:\windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\windows\system32\DRIVERS\VSTDPV6.SYS --> C:\windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\windows\system32\DRIVERS\wdcsam64.sys --> C:\windows\system32\DRIVERS\wdcsam64.sys [?]
S4 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-8-26 51512]
S4 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2010-2-23 835952]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2011-09-12 02:50:51 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2011-09-12 02:50:51 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2011-09-11 20:13:54 -------- d-----w- C:\Program Files (x86)\PakkISO
2011-09-10 17:52:49 -------- d-----w- C:\Users\William\AppData\Roaming\Firestorm
2011-09-10 17:52:49 -------- d-----w- C:\Users\William\AppData\Local\Firestorm
2011-09-10 17:45:36 -------- d-----w- C:\Users\William\AppData\Local\SingularityViewer
2011-09-10 16:41:28 -------- d-----w- C:\Program Files (x86)\Firestorm-Beta-Mesh
2011-09-09 16:44:15 -------- d-----w- C:\Program Files\Microsoft LifeCam
2011-09-09 16:44:15 -------- d-----w- C:\Program Files (x86)\Microsoft LifeCam
2011-09-09 14:03:27 8862544 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{866D14F6-D461-44B5-BBE7-6EBD8C8397A6}\mpengine.dll
2011-09-08 18:07:35 34624 ----a-w- C:\windows\System32\TURegOpt.exe
2011-09-08 18:07:34 36160 ----a-w- C:\windows\System32\uxtuneup.dll
2011-09-08 18:07:34 29504 ----a-w- C:\windows\SysWow64\uxtuneup.dll
2011-09-08 18:07:34 25920 ----a-w- C:\windows\System32\authuitu.dll
2011-09-08 18:07:33 21312 ----a-w- C:\windows\SysWow64\authuitu.dll
2011-09-08 18:07:25 -------- d-----w- C:\Users\William\AppData\Roaming\TuneUp Software
2011-09-08 18:07:18 -------- d-----w- C:\Program Files (x86)\TuneUp Utilities 2011
2011-09-08 18:06:43 -------- d-----w- C:\ProgramData\TuneUp Software
2011-09-08 18:06:37 -------- d-sh--w- C:\ProgramData\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
2011-09-08 14:24:32 143984 ----a-w- C:\windows\System32\drivers\idmwfp.sys
2011-09-08 01:36:31 -------- d-----w- C:\Users\William\AppData\Local\PhoenixViewer
2011-09-08 01:36:06 -------- d-----w- C:\Users\William\AppData\Local\SecondLife
2011-09-06 20:54:22 -------- d-----w- C:\Program Files\Western Digital
2011-09-06 20:49:24 -------- d-----w- C:\Users\William\AppData\Local\Western_Digital
2011-09-06 18:18:25 -------- d-----w- C:\ProgramData\Western Digital
2011-09-06 18:16:48 -------- d-----w- C:\Users\William\AppData\Local\Western Digital
2011-09-06 15:20:34 101376 ----a-w- C:\windows\System32\Spool\prtprocs\x64\HPZPPWN7.DLL
2011-09-03 22:33:29 -------- d-----w- C:\Users\William\AppData\Roaming\Tidy Favorites Converter
2011-09-03 22:33:17 -------- d-----w- C:\Program Files (x86)\Common Files\Tidy Favorites
2011-09-03 22:33:13 -------- d-----w- C:\Program Files (x86)\Tidy Favorites Converter
2011-09-01 03:41:51 -------- d-----w- C:\Program Files (x86)\danny_kay1710
2011-09-01 03:02:24 -------- d-----w- C:\Program Files (x86)\Alarm Clock
2011-08-31 06:16:27 8862544 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-08-28 13:44:24 -------- d-----w- C:\Users\William\AppData\Roaming\uTorrent
2011-08-28 13:44:24 -------- d-----w- C:\Users\William\AppData\Local\uTorrent
2011-08-28 12:22:41 -------- d-----w- C:\Users\William\AppData\Local\Microsoft Games
2011-08-27 12:01:40 -------- d-----w- C:\Users\William\AppData\Roaming\NPLUTO Corporation
2011-08-27 12:01:37 4111224 ----a-w- C:\windows\SysWow64\GameMon.des
2011-08-27 12:01:19 5174 ----a-w- C:\windows\SysWow64\nppt9x.vxd
2011-08-27 12:01:19 4682 ----a-w- C:\windows\SysWow64\npptNT2.sys
2011-08-27 12:01:15 -------- d-----w- C:\Program Files\Common Files\INCA Shared
2011-08-27 11:47:47 -------- d-----w- C:\Users\William\AppData\Roaming\Need for Speed World
2011-08-27 10:14:24 -------- d-----w- C:\Users\William\AppData\Local\ElevatedDiagnostics
2011-08-27 09:33:26 281200 ----a-w- C:\windows\SysWow64\PnkBstrB.xtr
2011-08-27 09:33:23 -------- d-----w- C:\Users\William\AppData\Local\PunkBuster
2011-08-27 09:28:13 -------- d-----w- C:\ProgramData\Nexon
2011-08-27 09:25:10 281200 ----a-w- C:\windows\SysWow64\PnkBstrB.exe
2011-08-27 09:25:10 281200 ----a-w- C:\windows\SysWow64\PnkBstrB.ex0
2011-08-27 09:25:03 75136 ----a-w- C:\windows\SysWow64\PnkBstrA.exe
2011-08-27 09:20:13 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation
2011-08-27 09:19:36 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2011-08-27 08:27:00 466456 ----a-w- C:\windows\System32\wrap_oal.dll
2011-08-27 08:27:00 444952 ----a-w- C:\windows\SysWow64\wrap_oal.dll
2011-08-27 08:27:00 122904 ----a-w- C:\windows\System32\OpenAL32.dll
2011-08-27 08:27:00 109080 ----a-w- C:\windows\SysWow64\OpenAL32.dll
2011-08-27 08:27:00 -------- d-----w- C:\Program Files (x86)\OpenAL
2011-08-27 08:07:42 -------- d-----w- C:\Program Files (x86)\BandiMPEG1
2011-08-27 08:02:10 -------- d-----w- C:\Nexon
2011-08-27 08:00:08 -------- d-----w- C:\ProgramData\NexonUS
2011-08-27 07:52:02 -------- d-----w- C:\Down
2011-08-27 07:50:58 -------- d-----w- C:\Windyzone
2011-08-27 06:38:48 -------- d-----w- C:\Program Files (x86)\Perfectworld Entertainment
2011-08-27 05:43:19 -------- d-----w- C:\Users\William\AppData\Local\Electronic_Arts_Inc
2011-08-27 05:41:17 -------- d-----w- C:\Program Files (x86)\Common Files\Akamai
2011-08-27 05:41:10 -------- d-----w- C:\ProgramData\Electronic Arts
2011-08-27 05:37:27 -------- d-----w- C:\GamesCampus
2011-08-27 05:34:11 -------- d-----w- C:\Users\William\AppData\Roaming\Raptr
2011-08-27 05:34:11 -------- d-----w- C:\Program Files (x86)\Raptr
2011-08-27 05:30:14 -------- d-----w- C:\Program Files (x86)\WizMouse
2011-08-27 05:28:50 -------- d-----w- C:\Users\William\AppData\Local\Sony
2011-08-27 05:28:29 -------- d-----w- C:\Users\William\Podcasts
2011-08-27 05:28:02 -------- d-----w- C:\Program Files (x86)\Common Files\Sony Shared
2011-08-27 05:27:14 -------- d-----w- C:\ProgramData\Sony Corporation
2011-08-27 05:27:14 -------- d-----w- C:\Program Files (x86)\Sony
2011-08-27 05:27:05 404640 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-08-27 05:26:58 -------- d-----w- C:\Program Files (x86)\VideoLAN
2011-08-27 05:25:53 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2011-08-27 05:25:53 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2011-08-27 05:25:53 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2011-08-27 05:25:53 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2011-08-27 05:25:53 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2011-08-27 05:25:52 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2011-08-27 05:25:52 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2011-08-27 05:24:30 -------- d-----w- C:\Users\William\AppData\Local\Apple
2011-08-27 05:17:08 -------- d-----r- C:\Program Files (x86)\Skype
2011-08-27 05:12:20 -------- d-----w- C:\Program Files (x86)\Sony Media Go Install
2011-08-27 05:12:09 -------- d-----w- C:\Program Files (x86)\Pokemon World Online
2011-08-27 05:02:48 -------- d-----w- C:\Users\William\AppData\Local\GamersFirst LIVE!
2011-08-27 05:02:42 -------- d-----w- C:\Users\William\AppData\Local\PMB Files
2011-08-27 05:02:41 -------- d-----w- C:\ProgramData\PMB Files
2011-08-27 05:02:34 -------- d-----w- C:\Program Files (x86)\Pando Networks
2011-08-27 05:02:20 -------- d-----w- C:\Program Files (x86)\GamersFirst
2011-08-27 04:39:30 -------- d-----w- C:\Users\William\AppData\Roaming\VBA-M
2011-08-27 04:04:59 78680 ----a-w- C:\windows\System32\XAPOFX1_4.dll
2011-08-27 04:03:07 -------- d-----w- C:\windows\SysWow64\directx
2011-08-27 03:39:54 -------- d-----w- C:\Users\William\AppData\Local\Adobe
2011-08-27 03:36:45 -------- d-----w- C:\Users\William\AppData\Local\LogiShrd
2011-08-27 03:34:52 -------- d-----w- C:\Users\William\AppData\Local\Downloaded Installations
2011-08-27 02:20:12 -------- d-----w- C:\Users\William\AppData\Local\CrashDumps
2011-08-27 01:56:18 -------- d-----w- C:\Users\William\AppData\Roaming\.minecraft
2011-08-27 01:54:01 388096 ----a-r- C:\Users\William\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-08-27 01:54:01 -------- d-----w- C:\Program Files (x86)\Trend Micro
2011-08-27 01:52:08 -------- d-----w- C:\Users\William\AppData\Roaming\Malwarebytes
2011-08-27 01:52:04 41272 ----a-w- C:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-08-27 01:52:04 -------- d-----w- C:\ProgramData\Malwarebytes
2011-08-27 01:52:00 25912 ----a-w- C:\windows\System32\drivers\mbam.sys
2011-08-27 01:52:00 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-08-27 01:45:41 526392 ----a-w- C:\windows\System32\drivers\sptd.sys
2011-08-27 01:45:23 -------- d-----w- C:\Program Files (x86)\DAEMON Tools Lite
2011-08-27 01:44:36 -------- d-----w- C:\Users\William\AppData\Roaming\DAEMON Tools Lite
2011-08-27 01:44:34 -------- d-----w- C:\ProgramData\DAEMON Tools Lite
2011-08-27 01:00:27 -------- d-----w- C:\Users\William\AppData\Local\Toshiba Corporation
2011-08-27 00:11:41 -------- d-----w- C:\Users\William\AppData\Local\VS Revo Group
2011-08-27 00:11:39 31800 ----a-w- C:\windows\System32\drivers\revoflt.sys
2011-08-27 00:11:37 -------- d-----w- C:\Program Files\VS Revo Group
2011-08-26 23:33:17 270720 ------w- C:\windows\System32\MpSigStub.exe
2011-08-26 23:25:27 -------- d-----w- C:\Users\William\AppData\Roaming\IDM
2011-08-26 23:25:26 -------- d-----w- C:\Users\William\AppData\Roaming\DMCache
2011-08-26 23:24:54 -------- d-----w- C:\Program Files (x86)\Internet Download Manager
2011-08-26 23:22:25 -------- d-----w- C:\Program Files (x86)\BitTorrent
2011-08-26 23:21:37 -------- d-----w- C:\Users\William\AppData\Roaming\BitTorrent
2011-08-26 23:18:38 -------- d-----w- C:\Users\William\AppData\Roaming\Panda Security
2011-08-26 23:17:14 -------- d-----w- C:\ProgramData\Panda Security
2011-08-26 23:17:14 -------- d-----w- C:\Program Files (x86)\Panda Security
2011-08-26 23:16:53 -------- d-----w- C:\temp
2011-08-26 18:09:49 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
2011-08-26 17:39:40 -------- d-----w- C:\Users\William\AppData\Local\WindowsUpdate
2011-08-26 16:59:00 -------- d-----w- C:\windows\System32\SPReview
2011-08-26 16:58:49 -------- d-----w- C:\windows\System32\EventProviders
2011-08-26 16:52:11 48976 ----a-w- C:\windows\System32\netfxperf.dll
2011-08-26 16:52:11 1942856 ----a-w- C:\windows\System32\dfshim.dll
2011-08-26 16:52:02 1130824 ----a-w- C:\windows\SysWow64\dfshim.dll
2011-08-26 16:50:59 1328128 ----a-w- C:\windows\SysWow64\quartz.dll
2011-08-26 16:49:59 90112 ----a-w- C:\windows\System32\nci.dll
2011-08-26 16:48:59 96768 ----a-w- C:\windows\SysWow64\sspicli.dll
2011-08-26 16:47:06 -------- d-----w- C:\Users\William\AppData\Roaming\Dropbox
2011-08-26 16:45:06 472808 ----a-w- C:\windows\SysWow64\deployJava1.dll
2011-08-26 16:44:36 529408 ----a-w- C:\windows\System32\wbemcomn.dll
2011-08-26 16:44:36 244736 ----a-w- C:\Program Files\Windows Portable Devices\sqmapi.dll
2011-08-26 16:44:01 244736 ----a-w- C:\windows\System32\sqmapi.dll
2011-08-26 16:33:07 -------- d-----w- C:\Users\William\AppData\Local\Google
2011-08-26 16:13:06 -------- d-----w- C:\windows\SysWow64\Wat
2011-08-26 16:13:06 -------- d-----w- C:\windows\System32\Wat
2011-08-26 15:54:12 -------- d-----w- C:\Users\William\AppData\Local\Best Buy pc app
2011-08-26 15:49:36 -------- d-----w- C:\Users\William\AppData\Local\TOSHIBA_Corporation
2011-08-26 15:49:17 -------- d-----w- C:\windows\pss
2011-08-26 15:46:56 870912 ----a-w- C:\windows\SysWow64\XpsPrint.dll
2011-08-26 15:44:47 5561216 ----a-w- C:\windows\System32\ntoskrnl.exe
2011-08-26 15:44:45 3967872 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2011-08-26 15:44:45 3912576 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2011-08-26 15:36:59 -------- d-----w- C:\Users\William\AppData\Local\Toshiba
2011-08-26 15:36:47 -------- d-----w- C:\Users\William\AppData\Local\Apps
2011-08-26 15:36:44 -------- d-----w- C:\Users\William\AppData\Local\Deployment
2011-08-26 15:35:42 -------- d-----w- C:\Users\William\AppData\Local\VirtualStore
2011-08-26 15:35:18 13 --sh--r- C:\windows\System32\drivers\fbd.sys
2011-08-26 15:34:42 -------- d-----w- C:\Users\William\AppData\Roaming\WinBatch
2011-08-26 15:22:35 -------- d--h--w- C:\windows\msdownld.tmp
2011-08-26 15:21:49 -------- d-----w- C:\ProgramData\Norton
2011-08-26 15:21:33 -------- d-----w- C:\ProgramData\NortonInstaller
2011-08-26 15:12:51 35008 ----a-w- C:\windows\System32\drivers\PGEffect.sys
2011-08-26 15:09:15 24576 ----a-w- C:\windows\SysWow64\TSCI.dll
2011-08-26 15:09:15 24576 ----a-w- C:\windows\SysWow64\THCI.dll
2011-08-26 15:07:50 -------- d-----w- C:\Program Files (x86)\Realtek WLAN Driver
2011-08-26 15:07:42 -------- d-----w- C:\Program Files (x86)\Cisco
2011-08-26 15:06:36 -------- d-----w- C:\windows\SysWow64\Atheros_L1e
2011-08-26 15:06:21 -------- d-----w- C:\Program Files\Synaptics
2011-08-26 15:06:05 8038944 ----a-w- C:\windows\System32\RTSUSTORicon.dll
2011-08-26 15:05:58 8038944 ----a-w- C:\windows\SysWow64\RtsUStoricon.dll
2011-08-26 15:05:58 422432 ----a-w- C:\windows\System32\RtsUStor.dll
2011-08-26 15:05:58 239136 ----a-w- C:\windows\System32\drivers\RtsUStor.sys
2011-08-26 15:05:58 -------- d-----w- C:\Program Files (x86)\Realtek
2011-08-26 15:03:51 -------- d-----w- C:\Program Files\CONEXANT
2011-08-26 15:01:39 540696 ----a-w- C:\windows\System32\drivers\iaStor.sys
2011-08-26 14:58:42 -------- d-----w- C:\Intel
2011-08-26 14:58:12 -------- d-----w- C:\Program Files (x86)\Common Files\postureAgent
.
==================== Find3M ====================
.
2011-08-26 17:14:22 152576 ----a-w- C:\windows\SysWow64\msclmd.dll
2011-08-26 17:14:21 175616 ----a-w- C:\windows\System32\msclmd.dll
2011-08-01 11:23:26 160520 ----a-w- C:\windows\System32\drivers\PSINAflt.sys
2011-07-16 05:41:50 362496 ----a-w- C:\windows\System32\wow64win.dll
2011-07-16 05:41:49 243200 ----a-w- C:\windows\System32\wow64.dll
2011-07-16 05:41:49 13312 ----a-w- C:\windows\System32\wow64cpu.dll
2011-07-16 05:39:10 16384 ----a-w- C:\windows\System32\ntvdm64.dll
2011-07-16 05:37:12 421888 ----a-w- C:\windows\System32\KernelBase.dll
2011-07-16 04:29:19 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll
2011-07-16 04:26:00 44032 ----a-w- C:\windows\apppatch\acwow64.dll
2011-07-16 04:25:37 25600 ----a-w- C:\windows\SysWow64\setup16.exe
2011-07-16 04:24:23 5120 ----a-w- C:\windows\SysWow64\wow32.dll
2011-07-16 04:24:22 272384 ----a-w- C:\windows\SysWow64\KernelBase.dll
2011-07-16 02:21:44 7680 ----a-w- C:\windows\SysWow64\instnm.exe
2011-07-16 02:21:41 2048 ----a-w- C:\windows\SysWow64\user.exe
2011-07-16 02:17:19 6144 ---ha-w- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:17:19 4608 ---ha-w- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:17:19 3584 ---ha-w- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:17:19 3072 ---ha-w- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-07-09 05:26:20 2048 ----a-w- C:\windows\System32\tzres.dll
2011-07-09 04:29:46 2048 ----a-w- C:\windows\SysWow64\tzres.dll
2011-07-09 02:46:28 288768 ----a-w- C:\windows\System32\drivers\mrxsmb10.sys
2011-06-24 05:34:53 214528 ----a-w- C:\windows\System32\winsrv.dll
2011-06-24 05:25:49 338432 ----a-w- C:\windows\System32\conhost.exe
2011-06-21 06:34:00 1923968 ----a-w- C:\windows\System32\drivers\tcpip.sys
2011-06-15 10:02:23 212992 ----a-w- C:\windows\System32\odbctrac.dll
2011-06-15 10:02:23 163840 ----a-w- C:\windows\System32\odbccp32.dll
2011-06-15 10:02:23 106496 ----a-w- C:\windows\System32\odbccu32.dll
2011-06-15 10:02:23 106496 ----a-w- C:\windows\System32\odbccr32.dll
2011-06-15 08:55:19 86016 ----a-w- C:\windows\SysWow64\odbccu32.dll
2011-06-15 08:55:19 81920 ----a-w- C:\windows\SysWow64\odbccr32.dll
2011-06-15 08:55:19 319488 ----a-w- C:\windows\SysWow64\odbcjt32.dll
2011-06-15 08:55:19 163840 ----a-w- C:\windows\SysWow64\odbctrac.dll
2011-06-15 08:55:19 122880 ----a-w- C:\windows\SysWow64\odbccp32.dll
.
============= FINISH: 17:51:51.25 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:33 AM

Posted 18 September 2011 - 05:02 PM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

  • Do not run any other tool untill instructed to do so!
  • Please Do not Attach logs or put in code boxes.
  • Tell me about any problems that have occurred during the fix.
  • Tell me of any other symptoms you may be having as these can help also.
  • Do not run anything while running a fix.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Click on the Watch Topic Button and select Immediate Notification and click on proceed, this will help you to get notified faster when I have replied and make the cleaning process faster.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.

Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 Niceneasy92

Niceneasy92
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:33 AM

Posted 18 September 2011 - 07:29 PM

Alright, I really appreciate the help. Here's the log from the DDS.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by William at 20:23:33 on 2011-09-18
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3894.2679 [GMT -4:00]
.
AV: Panda Cloud Antivirus *Disabled/Updated* {86971480-9989-6750-B122-681A86518D59}
SP: Panda Cloud Antivirus *Disabled/Updated* {3DF6F564-BFB3-68DE-8B92-5368FDD6C7E4}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ZoneAlarm Firewall *Disabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}
.
============== Running Processes ===============
.
C:\windows\system32\wininit.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\SysWOW64\svchost.exe -k Akamai
C:\windows\system32\taskhost.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\Microsoft LifeCam\MSCamS64.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe
C:\windows\SysWOW64\PnkBstrA.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe
C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe
C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\vVX1000.exe
C:\Program Files\Western Digital\WD SmartWare\WDDMStatus.exe
C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUNMain.exe
C:\Program Files\Western Digital\WD SmartWare\WDFME.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Google\Update\1.3.21.69\GoogleCrashHandler.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\windows\System32\svchost.exe -k secsvcs
C:\windows\system32\svchost.exe -k SDRSVC
C:\windows\system32\NOTEPAD.EXE
C:\windows\SysWOW64\cmd.exe
C:\windows\system32\conhost.exe
C:\windows\SysWOW64\cscript.exe
C:\windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://start.toshiba.com/g/
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = <local>
uURLSearchHooks: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files (x86)\ZoneAlarm_Security\prxtbZone.dll
mURLSearchHooks: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files (x86)\ZoneAlarm_Security\prxtbZone.dll
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: ZoneAlarm Security Engine Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files (x86)\ZoneAlarm_Security\prxtbZone.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files (x86)\ZoneAlarm_Security\prxtbZone.dll
TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll
TB: ZoneAlarm Security Engine: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [PSUNMain] "C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" /Traybar
mRun: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
mRun: [ZoneAlarm Client] "C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SETPOI~1.LNK - C:\Program Files (x86)\Logitech\SetPoint II\SetPointII.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WDQUIC~1.LNK - C:\Program Files (x86)\Western Digital\WD SmartWare\WDDMStatus.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {9BEF3FB8-E5E0-4494-BC59-7BAC1C9AD503}\lang0419
IE: {E3CB497B-E230-4445-8B34-13476822F867}\lang0419
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {9BEF3FB8-E5E0-4494-BC59-7BAC1C9AD503} - {DC8DD02C-C44B-47EE-8558-F1C17307A79A} - C:\PROGRA~2\COMMON~1\TIDYFA~1\AddToFav.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
IE: {E3CB497B-E230-4445-8B34-13476822F867} - {5AAF9669-C519-4AFF-BB6D-CCEE38D21C90} - C:\PROGRA~2\COMMON~1\TIDYFA~1\OpenFav.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
TCP: DhcpNameServer = 213.109.64.146 213.109.77.21 1.1.1.1
TCP: Interfaces\{FB26ED76-224A-4713-A2C7-A59AC9D3DCB4} : DhcpNameServer = 213.109.64.146 213.109.77.21 1.1.1.1
TCP: Interfaces\{FB26ED76-224A-4713-A2C7-A59AC9D3DCB4}\35D434 : DhcpNameServer = 192.168.2.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
IFEO: pcdiag.exe - "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
IFEO: smoothview.exe - "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
IFEO: tacsprop.exe - "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
IFEO: tfcconf.exe - "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
IFEO: tfcrst.exe - "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Conduit Engine : {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll
BHO-X64: Conduit Engine - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO-X64: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
BHO-X64: ZoneAlarm Security Engine Registrar - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files (x86)\ZoneAlarm_Security\prxtbZone.dll
BHO-X64: ZoneAlarm Security - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files (x86)\ZoneAlarm_Security\prxtbZone.dll
TB-X64: Conduit Engine : {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll
TB-X64: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
TB-X64: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
mRun-x64: [PSUNMain] "C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" /Traybar
mRun-x64: [TWebCamera REG_SZ "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun ]
mRun-x64: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
mRun-x64: [ZoneAlarm Client] "C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe"
IE-X64: {9BEF3FB8-E5E0-4494-BC59-7BAC1C9AD503}\lang0419
IE-X64: {E3CB497B-E230-4445-8B34-13476822F867}\lang0419
IFEO-X64: pcdiag.exe - "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
IFEO-X64: smoothview.exe - "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
IFEO-X64: tacsprop.exe - "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
IFEO-X64: tfcconf.exe - "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
IFEO-X64: tfcrst.exe - "C:\Program Files (x86)\TuneUp Utilities 2011\TUAutoReactivator64.exe"
.
Note: multiple IFEO entries found. Please refer to Attach.txt
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\William\AppData\Roaming\Mozilla\Firefox\Profiles\wxzojnl2.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Sony\Media Go\npmediago.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Users\William\AppData\Local\Google\Update\1.3.21.67\npGoogleUpdate3.dll
FF - plugin: C:\Users\William\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\William\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
============= SERVICES / DRIVERS ===============
.
R1 PSINKNC;PSINKNC;C:\windows\system32\DRIVERS\psinknc.sys --> C:\windows\system32\DRIVERS\psinknc.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
R2 Akamai;Akamai NetSession Interface;C:\windows\System32\svchost.exe -k Akamai [2009-7-13 20992]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [2011-2-15 33528]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe [2011-2-15 822264]
R2 NanoServiceMain;Panda Cloud Antivirus Service;C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe [2011-4-28 140608]
R2 PSINAflt;PSINAflt;C:\windows\system32\DRIVERS\PSINAflt.sys --> C:\windows\system32\DRIVERS\PSINAflt.sys [?]
R2 PSINFile;PSINFile;C:\windows\system32\DRIVERS\PSINFile.sys --> C:\windows\system32\DRIVERS\PSINFile.sys [?]
R2 PSINProc;PSINProc;C:\windows\system32\DRIVERS\PSINProc.sys --> C:\windows\system32\DRIVERS\PSINProc.sys [?]
R2 PSINProt;PSINProt;C:\windows\system32\DRIVERS\PSINProt.sys --> C:\windows\system32\DRIVERS\PSINProt.sys [?]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-9-11 1153368]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2011-9-1 2027840]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\system32\DRIVERS\TVALZFL.sys --> C:\windows\system32\DRIVERS\TVALZFL.sys [?]
R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-8-26 2320920]
R2 WDDMService;WDDMService;C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe [2011-8-1 317328]
R2 WDFMEService;WDFMEService;C:\Program Files\Western Digital\WD SmartWare\WDFME.exe [2011-8-1 1978256]
R2 WDRulesService;WDRulesService;C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe [2011-8-1 1338256]
R3 HECIx64;Intel® Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys --> C:\windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\windows\system32\DRIVERS\Impcd.sys --> C:\windows\system32\DRIVERS\Impcd.sys [?]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\windows\system32\DRIVERS\L1C62x64.sys --> C:\windows\system32\DRIVERS\L1C62x64.sys [?]
R3 PGEffect;Pangu effect driver;C:\windows\system32\DRIVERS\pgeffect.sys --> C:\windows\system32\DRIVERS\pgeffect.sys [?]
R3 QIOMem;Generic IO & Memory Access;C:\windows\system32\DRIVERS\QIOMem.sys --> C:\windows\system32\DRIVERS\QIOMem.sys [?]
R3 rtl8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\system32\DRIVERS\rtl8192Ce.sys --> C:\windows\system32\DRIVERS\rtl8192Ce.sys [?]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [2011-6-6 11856]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-15 136176]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-15 136176]
S3 npggsvc;nProtect GameGuard Service;C:\windows\system32\GameMon.des -service --> C:\windows\system32\GameMon.des -service [?]
S3 Revoflt;Revoflt;C:\windows\system32\DRIVERS\revoflt.sys --> C:\windows\system32\DRIVERS\revoflt.sys [?]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?]
S3 SrvHsfHDA;SrvHsfHDA;C:\windows\system32\DRIVERS\VSTAZL6.SYS --> C:\windows\system32\DRIVERS\VSTAZL6.SYS [?]
S3 SrvHsfV92;SrvHsfV92;C:\windows\system32\DRIVERS\VSTDPV6.SYS --> C:\windows\system32\DRIVERS\VSTDPV6.SYS [?]
S3 SrvHsfWinac;SrvHsfWinac;C:\windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\windows\system32\DRIVERS\VSTCNXT6.SYS [?]
S3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys --> C:\windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\windows\system32\DRIVERS\wdcsam64.sys --> C:\windows\system32\DRIVERS\wdcsam64.sys [?]
S4 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2011-8-26 51512]
S4 TPCHSrv;TPCH Service;C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2010-2-23 835952]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2011-09-17 22:47:05 -------- d-----w- C:\Program Files (x86)\Aurora
2011-09-17 04:16:41 -------- d-----w- C:\Users\William\AppData\Roaming\CheckPoint
2011-09-17 04:16:17 -------- d-----w- C:\Program Files (x86)\Conduit
2011-09-17 04:16:15 0 ----a-w- C:\windows\SysWow64\ConduitEngine.tmp
2011-09-17 04:16:15 -------- d-----w- C:\Program Files (x86)\ConduitEngine
2011-09-17 04:16:14 -------- d-----w- C:\Users\William\AppData\Local\Conduit
2011-09-17 04:16:13 -------- d-----w- C:\Program Files (x86)\ZoneAlarm_Security
2011-09-17 04:16:06 -------- d-----w- C:\Program Files\CheckPoint
2011-09-17 04:15:43 1238528 ----a-w- C:\windows\SysWow64\zpeng25.dll
2011-09-17 04:15:42 -------- d-----w- C:\windows\SysWow64\ZoneLabs
2011-09-17 04:15:39 458840 ----a-w- C:\windows\System32\drivers\~GLH0023.TMP
2011-09-17 04:15:33 458840 ------w- C:\windows\System32\drivers\vsdatant.sys
2011-09-17 04:15:33 -------- d-----w- C:\Program Files (x86)\Zone Labs
2011-09-17 04:14:48 -------- d-----w- C:\windows\Internet Logs
2011-09-17 04:14:48 -------- d-----w- C:\ProgramData\CheckPoint
2011-09-16 16:10:04 8862544 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F9435FD1-5E76-4D6C-A17B-D05D53CAF604}\mpengine.dll
2011-09-14 18:50:21 -------- d-----w- C:\Program Files (x86)\IMG to ISO
2011-09-14 06:50:03 -------- d-----w- C:\Users\William\AppData\Local\Opera
2011-09-12 02:50:51 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2011-09-12 02:50:51 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2011-09-11 20:13:54 -------- d-----w- C:\Program Files (x86)\PakkISO
2011-09-10 17:52:49 -------- d-----w- C:\Users\William\AppData\Roaming\Firestorm
2011-09-10 17:52:49 -------- d-----w- C:\Users\William\AppData\Local\Firestorm
2011-09-10 17:45:36 -------- d-----w- C:\Users\William\AppData\Local\SingularityViewer
2011-09-10 16:41:28 -------- d-----w- C:\Program Files (x86)\Firestorm-Beta-Mesh
2011-09-09 16:44:15 -------- d-----w- C:\Program Files\Microsoft LifeCam
2011-09-09 16:44:15 -------- d-----w- C:\Program Files (x86)\Microsoft LifeCam
2011-09-08 18:07:35 34624 ----a-w- C:\windows\System32\TURegOpt.exe
2011-09-08 18:07:34 36160 ----a-w- C:\windows\System32\uxtuneup.dll
2011-09-08 18:07:34 29504 ----a-w- C:\windows\SysWow64\uxtuneup.dll
2011-09-08 18:07:34 25920 ----a-w- C:\windows\System32\authuitu.dll
2011-09-08 18:07:33 21312 ----a-w- C:\windows\SysWow64\authuitu.dll
2011-09-08 18:07:25 -------- d-----w- C:\Users\William\AppData\Roaming\TuneUp Software
2011-09-08 18:07:18 -------- d-----w- C:\Program Files (x86)\TuneUp Utilities 2011
2011-09-08 18:06:43 -------- d-----w- C:\ProgramData\TuneUp Software
2011-09-08 18:06:37 -------- d-sh--w- C:\ProgramData\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
2011-09-08 01:36:31 -------- d-----w- C:\Users\William\AppData\Local\PhoenixViewer
2011-09-08 01:36:06 -------- d-----w- C:\Users\William\AppData\Local\SecondLife
2011-09-06 20:54:22 -------- d-----w- C:\Program Files\Western Digital
2011-09-06 20:49:24 -------- d-----w- C:\Users\William\AppData\Local\Western_Digital
2011-09-06 18:18:25 -------- d-----w- C:\ProgramData\Western Digital
2011-09-06 18:16:48 -------- d-----w- C:\Users\William\AppData\Local\Western Digital
2011-09-06 15:20:34 101376 ----a-w- C:\windows\System32\Spool\prtprocs\x64\HPZPPWN7.DLL
2011-09-03 22:33:29 -------- d-----w- C:\Users\William\AppData\Roaming\Tidy Favorites Converter
2011-09-03 22:33:17 -------- d-----w- C:\Program Files (x86)\Common Files\Tidy Favorites
2011-09-03 22:33:13 -------- d-----w- C:\Program Files (x86)\Tidy Favorites Converter
2011-09-01 03:41:51 -------- d-----w- C:\Program Files (x86)\danny_kay1710
2011-09-01 03:02:24 -------- d-----w- C:\Program Files (x86)\Alarm Clock
2011-08-31 06:16:27 8862544 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2011-08-28 13:44:24 -------- d-----w- C:\Users\William\AppData\Roaming\uTorrent
2011-08-28 13:44:24 -------- d-----w- C:\Users\William\AppData\Local\uTorrent
2011-08-28 12:22:41 -------- d-----w- C:\Users\William\AppData\Local\Microsoft Games
2011-08-27 12:01:40 -------- d-----w- C:\Users\William\AppData\Roaming\NPLUTO Corporation
2011-08-27 12:01:37 4111224 ----a-w- C:\windows\SysWow64\GameMon.des
2011-08-27 12:01:19 5174 ----a-w- C:\windows\SysWow64\nppt9x.vxd
2011-08-27 12:01:19 4682 ----a-w- C:\windows\SysWow64\npptNT2.sys
2011-08-27 12:01:15 -------- d-----w- C:\Program Files\Common Files\INCA Shared
2011-08-27 11:47:47 -------- d-----w- C:\Users\William\AppData\Roaming\Need for Speed World
2011-08-27 10:14:24 -------- d-----w- C:\Users\William\AppData\Local\ElevatedDiagnostics
2011-08-27 09:33:26 281656 ----a-w- C:\windows\SysWow64\PnkBstrB.xtr
2011-08-27 09:33:23 -------- d-----w- C:\Users\William\AppData\Local\PunkBuster
2011-08-27 09:28:13 -------- d-----w- C:\ProgramData\Nexon
2011-08-27 09:25:10 281656 ----a-w- C:\windows\SysWow64\PnkBstrB.exe
2011-08-27 09:25:10 281200 ----a-w- C:\windows\SysWow64\PnkBstrB.ex0
2011-08-27 09:25:03 75136 ----a-w- C:\windows\SysWow64\PnkBstrA.exe
2011-08-27 09:20:13 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation
2011-08-27 09:19:36 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2011-08-27 08:27:00 466456 ----a-w- C:\windows\System32\wrap_oal.dll
2011-08-27 08:27:00 444952 ----a-w- C:\windows\SysWow64\wrap_oal.dll
2011-08-27 08:27:00 122904 ----a-w- C:\windows\System32\OpenAL32.dll
2011-08-27 08:27:00 109080 ----a-w- C:\windows\SysWow64\OpenAL32.dll
2011-08-27 08:27:00 -------- d-----w- C:\Program Files (x86)\OpenAL
2011-08-27 08:07:42 -------- d-----w- C:\Program Files (x86)\BandiMPEG1
2011-08-27 08:02:10 -------- d-----w- C:\Nexon
2011-08-27 08:00:08 -------- d-----w- C:\ProgramData\NexonUS
2011-08-27 07:52:02 -------- d-----w- C:\Down
2011-08-27 07:50:58 -------- d-----w- C:\Windyzone
2011-08-27 06:38:48 -------- d-----w- C:\Program Files (x86)\Perfectworld Entertainment
2011-08-27 05:43:19 -------- d-----w- C:\Users\William\AppData\Local\Electronic_Arts_Inc
2011-08-27 05:41:17 -------- d-----w- C:\Program Files (x86)\Common Files\Akamai
2011-08-27 05:41:10 -------- d-----w- C:\ProgramData\Electronic Arts
2011-08-27 05:37:27 -------- d-----w- C:\GamesCampus
2011-08-27 05:30:14 -------- d-----w- C:\Program Files (x86)\WizMouse
2011-08-27 05:28:50 -------- d-----w- C:\Users\William\AppData\Local\Sony
2011-08-27 05:28:29 -------- d-----w- C:\Users\William\Podcasts
2011-08-27 05:28:02 -------- d-----w- C:\Program Files (x86)\Common Files\Sony Shared
2011-08-27 05:27:14 -------- d-----w- C:\ProgramData\Sony Corporation
2011-08-27 05:27:14 -------- d-----w- C:\Program Files (x86)\Sony
2011-08-27 05:27:05 404640 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-08-27 05:26:58 -------- d-----w- C:\Program Files (x86)\VideoLAN
2011-08-27 05:25:53 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2011-08-27 05:25:53 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2011-08-27 05:25:53 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2011-08-27 05:25:53 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2011-08-27 05:25:53 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2011-08-27 05:25:52 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2011-08-27 05:25:52 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2011-08-27 05:24:30 -------- d-----w- C:\Users\William\AppData\Local\Apple
2011-08-27 05:17:08 -------- d-----r- C:\Program Files (x86)\Skype
2011-08-27 05:12:20 -------- d-----w- C:\Program Files (x86)\Sony Media Go Install
2011-08-27 05:02:34 -------- d-----w- C:\Program Files (x86)\Pando Networks
2011-08-27 05:02:20 -------- d-----w- C:\Program Files (x86)\GamersFirst
2011-08-27 04:39:30 -------- d-----w- C:\Users\William\AppData\Roaming\VBA-M
2011-08-27 04:04:59 78680 ----a-w- C:\windows\System32\XAPOFX1_4.dll
2011-08-27 04:03:07 -------- d-----w- C:\windows\SysWow64\directx
2011-08-27 03:39:54 -------- d-----w- C:\Users\William\AppData\Local\Adobe
2011-08-27 03:36:45 -------- d-----w- C:\Users\William\AppData\Local\LogiShrd
2011-08-27 03:34:52 -------- d-----w- C:\Users\William\AppData\Local\Downloaded Installations
2011-08-27 02:20:12 -------- d-----w- C:\Users\William\AppData\Local\CrashDumps
2011-08-27 01:56:18 -------- d-----w- C:\Users\William\AppData\Roaming\.minecraft
2011-08-27 01:54:01 388096 ----a-r- C:\Users\William\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-08-27 01:54:01 -------- d-----w- C:\Program Files (x86)\Trend Micro
2011-08-27 01:52:08 -------- d-----w- C:\Users\William\AppData\Roaming\Malwarebytes
2011-08-27 01:52:04 41272 ----a-w- C:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-08-27 01:52:04 -------- d-----w- C:\ProgramData\Malwarebytes
2011-08-27 01:52:00 25912 ----a-w- C:\windows\System32\drivers\mbam.sys
2011-08-27 01:52:00 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-08-27 01:45:41 526392 ----a-w- C:\windows\System32\drivers\sptd.sys
2011-08-27 01:45:23 -------- d-----w- C:\Program Files (x86)\DAEMON Tools Lite
2011-08-27 01:44:36 -------- d-----w- C:\Users\William\AppData\Roaming\DAEMON Tools Lite
2011-08-27 01:44:34 -------- d-----w- C:\ProgramData\DAEMON Tools Lite
2011-08-27 01:00:27 -------- d-----w- C:\Users\William\AppData\Local\Toshiba Corporation
2011-08-27 00:11:41 -------- d-----w- C:\Users\William\AppData\Local\VS Revo Group
2011-08-27 00:11:39 31800 ----a-w- C:\windows\System32\drivers\revoflt.sys
2011-08-27 00:11:37 -------- d-----w- C:\Program Files\VS Revo Group
2011-08-26 23:33:17 270720 ------w- C:\windows\System32\MpSigStub.exe
2011-08-26 23:25:26 -------- d-----w- C:\Users\William\AppData\Roaming\DMCache
2011-08-26 23:22:25 -------- d-----w- C:\Program Files (x86)\BitTorrent
2011-08-26 23:21:37 -------- d-----w- C:\Users\William\AppData\Roaming\BitTorrent
2011-08-26 23:18:38 -------- d-----w- C:\Users\William\AppData\Roaming\Panda Security
2011-08-26 23:17:14 -------- d-----w- C:\ProgramData\Panda Security
2011-08-26 23:17:14 -------- d-----w- C:\Program Files (x86)\Panda Security
2011-08-26 23:16:53 -------- d-----w- C:\temp
2011-08-26 18:09:49 -------- d-----w- C:\Program Files (x86)\Common Files\Symantec Shared
2011-08-26 17:39:40 -------- d-----w- C:\Users\William\AppData\Local\WindowsUpdate
2011-08-26 16:59:00 -------- d-----w- C:\windows\System32\SPReview
2011-08-26 16:58:49 -------- d-----w- C:\windows\System32\EventProviders
2011-08-26 16:52:11 48976 ----a-w- C:\windows\System32\netfxperf.dll
2011-08-26 16:52:11 1942856 ----a-w- C:\windows\System32\dfshim.dll
2011-08-26 16:52:02 1130824 ----a-w- C:\windows\SysWow64\dfshim.dll
2011-08-26 16:50:59 1328128 ----a-w- C:\windows\SysWow64\quartz.dll
2011-08-26 16:49:59 90112 ----a-w- C:\windows\System32\nci.dll
2011-08-26 16:48:59 96768 ----a-w- C:\windows\SysWow64\sspicli.dll
2011-08-26 16:47:06 -------- d-----w- C:\Users\William\AppData\Roaming\Dropbox
2011-08-26 16:45:06 472808 ----a-w- C:\windows\SysWow64\deployJava1.dll
2011-08-26 16:44:36 529408 ----a-w- C:\windows\System32\wbemcomn.dll
2011-08-26 16:44:36 244736 ----a-w- C:\Program Files\Windows Portable Devices\sqmapi.dll
2011-08-26 16:44:01 244736 ----a-w- C:\windows\System32\sqmapi.dll
2011-08-26 16:33:07 -------- d-----w- C:\Users\William\AppData\Local\Google
2011-08-26 16:13:06 -------- d-----w- C:\windows\SysWow64\Wat
2011-08-26 16:13:06 -------- d-----w- C:\windows\System32\Wat
2011-08-26 15:54:12 -------- d-----w- C:\Users\William\AppData\Local\Best Buy pc app
2011-08-26 15:49:36 -------- d-----w- C:\Users\William\AppData\Local\TOSHIBA_Corporation
2011-08-26 15:49:17 -------- d-----w- C:\windows\pss
2011-08-26 15:46:56 870912 ----a-w- C:\windows\SysWow64\XpsPrint.dll
2011-08-26 15:44:47 5561216 ----a-w- C:\windows\System32\ntoskrnl.exe
2011-08-26 15:44:45 3967872 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe
2011-08-26 15:44:45 3912576 ----a-w- C:\windows\SysWow64\ntoskrnl.exe
2011-08-26 15:36:59 -------- d-----w- C:\Users\William\AppData\Local\Toshiba
2011-08-26 15:36:47 -------- d-----w- C:\Users\William\AppData\Local\Apps
2011-08-26 15:36:44 -------- d-----w- C:\Users\William\AppData\Local\Deployment
2011-08-26 15:35:42 -------- d-----w- C:\Users\William\AppData\Local\VirtualStore
2011-08-26 15:35:18 13 --sh--r- C:\windows\System32\drivers\fbd.sys
2011-08-26 15:34:42 -------- d-----w- C:\Users\William\AppData\Roaming\WinBatch
2011-08-26 15:22:35 -------- d--h--w- C:\windows\msdownld.tmp
2011-08-26 15:21:49 -------- d-----w- C:\ProgramData\Norton
2011-08-26 15:21:33 -------- d-----w- C:\ProgramData\NortonInstaller
2011-08-26 15:12:51 35008 ----a-w- C:\windows\System32\drivers\PGEffect.sys
2011-08-26 15:09:15 24576 ----a-w- C:\windows\SysWow64\TSCI.dll
2011-08-26 15:09:15 24576 ----a-w- C:\windows\SysWow64\THCI.dll
2011-08-26 15:07:50 -------- d-----w- C:\Program Files (x86)\Realtek WLAN Driver
2011-08-26 15:07:42 -------- d-----w- C:\Program Files (x86)\Cisco
2011-08-26 15:06:36 -------- d-----w- C:\windows\SysWow64\Atheros_L1e
2011-08-26 15:06:21 -------- d-----w- C:\Program Files\Synaptics
2011-08-26 15:06:05 8038944 ----a-w- C:\windows\System32\RTSUSTORicon.dll
2011-08-26 15:05:58 8038944 ----a-w- C:\windows\SysWow64\RtsUStoricon.dll
2011-08-26 15:05:58 422432 ----a-w- C:\windows\System32\RtsUStor.dll
2011-08-26 15:05:58 239136 ----a-w- C:\windows\System32\drivers\RtsUStor.sys
2011-08-26 15:05:58 -------- d-----w- C:\Program Files (x86)\Realtek
2011-08-26 15:03:51 -------- d-----w- C:\Program Files\CONEXANT
2011-08-26 15:01:39 540696 ----a-w- C:\windows\System32\drivers\iaStor.sys
2011-08-26 14:58:42 -------- d-----w- C:\Intel
2011-08-26 14:58:12 -------- d-----w- C:\Program Files (x86)\Common Files\postureAgent
.
==================== Find3M ====================
.
2011-08-26 17:14:22 152576 ----a-w- C:\windows\SysWow64\msclmd.dll
2011-08-26 17:14:21 175616 ----a-w- C:\windows\System32\msclmd.dll
2011-08-01 11:23:26 160520 ----a-w- C:\windows\System32\drivers\PSINAflt.sys
2011-07-16 05:41:50 362496 ----a-w- C:\windows\System32\wow64win.dll
2011-07-16 05:41:49 243200 ----a-w- C:\windows\System32\wow64.dll
2011-07-16 05:41:49 13312 ----a-w- C:\windows\System32\wow64cpu.dll
2011-07-16 05:39:10 16384 ----a-w- C:\windows\System32\ntvdm64.dll
2011-07-16 05:37:12 421888 ----a-w- C:\windows\System32\KernelBase.dll
2011-07-16 04:29:19 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll
2011-07-16 04:26:00 44032 ----a-w- C:\windows\apppatch\acwow64.dll
2011-07-16 04:25:37 25600 ----a-w- C:\windows\SysWow64\setup16.exe
2011-07-16 04:24:23 5120 ----a-w- C:\windows\SysWow64\wow32.dll
2011-07-16 04:24:22 272384 ----a-w- C:\windows\SysWow64\KernelBase.dll
2011-07-16 02:21:44 7680 ----a-w- C:\windows\SysWow64\instnm.exe
2011-07-16 02:21:41 2048 ----a-w- C:\windows\SysWow64\user.exe
2011-07-16 02:17:19 6144 ---ha-w- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-07-16 02:17:19 4608 ---ha-w- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-16 02:17:19 3584 ---ha-w- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-16 02:17:19 3072 ---ha-w- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-07-09 05:26:20 2048 ----a-w- C:\windows\System32\tzres.dll
2011-07-09 04:29:46 2048 ----a-w- C:\windows\SysWow64\tzres.dll
2011-07-09 02:46:28 288768 ----a-w- C:\windows\System32\drivers\mrxsmb10.sys
2011-06-24 05:34:53 214528 ----a-w- C:\windows\System32\winsrv.dll
2011-06-24 05:25:49 338432 ----a-w- C:\windows\System32\conhost.exe
2011-06-21 06:34:00 1923968 ----a-w- C:\windows\System32\drivers\tcpip.sys
.
============= FINISH: 20:24:22.54 ===============

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:33 AM

Posted 18 September 2011 - 09:51 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 Niceneasy92

Niceneasy92
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:33 AM

Posted 18 September 2011 - 11:17 PM

Well, I didn't have any sort of problems running the combofix program, but when I tried to browse the internet, it still redirected me. I really think that the problem is with the router, not the computer, considering everyone else's computer using the router does the same thing. If it is the router, what can I do about it? Here's my log from combo fix though.
ComboFix 11-09-18.03 - William 09/18/2011 23:51:51.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3894.2574 [GMT -4:00]
Running from: c:\users\William\Downloads\ComboFix.exe
AV: Panda Cloud Antivirus *Disabled/Updated* {86971480-9989-6750-B122-681A86518D59}
FW: ZoneAlarm Firewall *Disabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}
SP: Panda Cloud Antivirus *Disabled/Updated* {3DF6F564-BFB3-68DE-8B92-5368FDD6C7E4}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\Thumbs.db
c:\windows\SysWow64\mfc100deu.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-08-19 to 2011-09-19 )))))))))))))))))))))))))))))))
.
.
2011-09-19 03:57 . 2011-09-19 03:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-09-17 22:47 . 2011-09-18 19:08 -------- d-----w- c:\program files (x86)\Aurora
2011-09-17 04:16 . 2011-09-17 04:16 -------- d-----w- c:\program files (x86)\Conduit
2011-09-17 04:16 . 2011-09-17 04:16 0 ----a-w- c:\windows\SysWow64\ConduitEngine.tmp
2011-09-17 04:16 . 2011-09-17 04:16 -------- d-----w- c:\program files (x86)\ZoneAlarm_Security
2011-09-17 04:16 . 2011-09-17 04:16 -------- d-----w- c:\program files\CheckPoint
2011-09-17 04:15 . 2011-03-18 05:24 104448 ----a-w- c:\windows\SysWow64\zlcommdb.dll
2011-09-17 04:15 . 2011-03-18 05:24 69120 ----a-w- c:\windows\SysWow64\zlcomm.dll
2011-09-17 04:15 . 2011-03-18 05:24 1238528 ----a-w- c:\windows\SysWow64\zpeng25.dll
2011-09-17 04:15 . 2011-09-17 04:16 -------- d-----w- c:\windows\SysWow64\ZoneLabs
2011-09-17 04:15 . 2010-05-15 20:30 458840 ----a-w- c:\windows\system32\drivers\~GLH0023.TMP
2011-09-17 04:15 . 2011-09-17 04:15 -------- d-----w- c:\program files (x86)\Zone Labs
2011-09-17 04:15 . 2010-05-15 20:30 458840 ------w- c:\windows\system32\drivers\vsdatant.sys
2011-09-17 04:14 . 2011-09-19 03:59 -------- d-----w- c:\windows\Internet Logs
2011-09-17 04:14 . 2011-09-17 04:14 -------- d-----w- c:\programdata\CheckPoint
2011-09-16 16:10 . 2011-08-16 15:48 8862544 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F9435FD1-5E76-4D6C-A17B-D05D53CAF604}\mpengine.dll
2011-09-14 18:50 . 2011-09-14 18:50 -------- d-----w- c:\program files (x86)\IMG to ISO
2011-09-14 06:49 . 2011-09-14 18:45 -------- d-----w- c:\program files (x86)\Opera
2011-09-12 02:50 . 2011-09-12 03:18 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-09-12 02:50 . 2011-09-12 02:53 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2011-09-11 20:13 . 2011-09-11 20:13 -------- d-----w- c:\program files (x86)\PakkISO
2011-09-10 16:41 . 2011-09-10 16:42 -------- d-----w- c:\program files (x86)\Firestorm-Beta-Mesh
2011-09-09 16:44 . 2011-09-09 16:45 -------- d-----w- c:\program files (x86)\Microsoft LifeCam
2011-09-09 16:44 . 2011-09-09 16:44 -------- d-----w- c:\program files\Microsoft LifeCam
2011-09-08 18:07 . 2011-09-01 11:29 34624 ----a-w- c:\windows\system32\TURegOpt.exe
2011-09-08 18:07 . 2011-09-01 11:19 25920 ----a-w- c:\windows\system32\authuitu.dll
2011-09-08 18:07 . 2011-09-01 11:19 36160 ----a-w- c:\windows\system32\uxtuneup.dll
2011-09-08 18:07 . 2011-09-01 11:18 29504 ----a-w- c:\windows\SysWow64\uxtuneup.dll
2011-09-08 18:07 . 2011-09-01 11:19 21312 ----a-w- c:\windows\SysWow64\authuitu.dll
2011-09-08 18:07 . 2011-09-08 18:08 -------- d-----w- c:\program files (x86)\TuneUp Utilities 2011
2011-09-08 18:06 . 2011-09-08 18:07 -------- d-----w- c:\programdata\TuneUp Software
2011-09-08 18:06 . 2011-09-08 18:06 -------- d-sh--w- c:\programdata\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
2011-09-06 20:54 . 2011-09-06 20:54 -------- d-----w- c:\users\Default\AppData\Local\Western Digital
2011-09-06 20:54 . 2011-09-06 20:54 -------- d-----w- c:\program files\Western Digital
2011-09-06 18:18 . 2011-09-06 20:54 -------- d-----w- c:\programdata\Western Digital
2011-09-06 15:20 . 2009-07-14 01:41 101376 ----a-w- c:\windows\system32\Spool\prtprocs\x64\HPZPPWN7.DLL
2011-09-03 22:33 . 2011-09-03 22:33 -------- d-----w- c:\program files (x86)\Common Files\Tidy Favorites
2011-09-03 22:33 . 2011-09-03 22:33 -------- d-----w- c:\program files (x86)\Tidy Favorites Converter
2011-09-01 03:41 . 2011-09-01 03:41 -------- d-----w- c:\program files (x86)\danny_kay1710
2011-09-01 03:02 . 2011-09-01 03:02 -------- d-----w- c:\program files (x86)\Alarm Clock
2011-08-28 10:10 . 2011-08-28 10:10 -------- d-----w- c:\windows\Sun
2011-08-27 12:01 . 2011-04-25 20:59 4111224 ----a-w- c:\windows\SysWow64\GameMon.des
2011-08-27 12:01 . 2005-01-03 06:43 4682 ----a-w- c:\windows\SysWow64\npptNT2.sys
2011-08-27 12:01 . 2003-07-19 15:17 5174 ----a-w- c:\windows\SysWow64\nppt9x.vxd
2011-08-27 12:01 . 2011-08-27 12:01 -------- d-----w- c:\program files\Common Files\INCA Shared
2011-08-27 09:33 . 2011-09-13 01:22 281656 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2011-08-27 09:28 . 2011-08-27 09:28 -------- d-----w- c:\programdata\Nexon
2011-08-27 09:25 . 2011-09-13 01:22 281656 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-08-27 09:25 . 2011-09-13 01:17 281200 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2011-08-27 09:25 . 2011-08-27 09:25 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2011-08-27 09:20 . 2011-08-27 09:20 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
2011-08-27 09:19 . 2011-08-27 09:19 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2011-08-27 08:27 . 2011-08-27 08:27 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2011-08-27 08:27 . 2011-08-27 08:27 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2011-08-27 08:27 . 2011-08-27 08:27 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2011-08-27 08:27 . 2011-08-27 08:27 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2011-08-27 08:27 . 2011-08-27 08:27 -------- d-----w- c:\program files (x86)\OpenAL
2011-08-27 08:07 . 2011-08-27 08:07 -------- d-----w- c:\program files (x86)\BandiMPEG1
2011-08-27 08:02 . 2011-08-27 09:14 -------- d-----w- C:\Nexon
2011-08-27 07:52 . 2011-08-27 07:52 -------- d-----w- C:\Down
2011-08-27 07:50 . 2011-09-11 03:03 -------- d-----w- C:\Windyzone
2011-08-27 06:38 . 2011-08-27 06:38 -------- d-----w- c:\program files (x86)\Perfectworld Entertainment
2011-08-27 05:41 . 2011-09-19 03:59 -------- d-----w- c:\program files (x86)\Common Files\Akamai
2011-08-27 05:41 . 2011-08-27 05:41 -------- d-----w- c:\programdata\Electronic Arts
2011-08-27 05:41 . 2011-08-27 05:41 -------- d-----w- c:\program files (x86)\Electronic Arts
2011-08-27 05:37 . 2011-08-27 12:22 -------- d-----w- C:\GamesCampus
2011-08-27 05:30 . 2011-08-27 05:30 -------- d-----w- c:\program files (x86)\WizMouse
2011-08-27 05:28 . 2011-08-27 06:57 -------- d-----w- c:\program files (x86)\Common Files\Sony Shared
2011-08-27 05:27 . 2011-08-27 06:57 -------- d-----w- c:\programdata\Sony Corporation
2011-08-27 05:27 . 2011-08-27 05:27 -------- d-----w- c:\program files (x86)\Sony
2011-08-27 05:27 . 2011-09-17 22:10 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-08-27 05:26 . 2011-08-27 05:26 -------- d-----w- c:\program files (x86)\VideoLAN
2011-08-27 05:25 . 2011-08-27 05:25 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2011-08-27 05:25 . 2011-08-27 05:25 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2011-08-27 05:25 . 2011-08-27 05:25 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2011-08-27 05:25 . 2011-08-27 05:25 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2011-08-27 05:25 . 2011-08-27 05:25 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2011-08-27 05:25 . 2011-08-27 05:25 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2011-08-27 05:25 . 2011-08-27 05:25 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2011-08-27 05:25 . 2011-08-27 05:25 -------- d-----w- c:\program files (x86)\QuickTime
2011-08-27 05:25 . 2011-08-27 05:25 -------- d-----w- c:\programdata\Apple Computer
2011-08-27 05:24 . 2011-08-27 05:24 -------- d-----w- c:\program files (x86)\Common Files\Apple
2011-08-27 05:24 . 2011-08-27 05:24 -------- d-----w- c:\program files (x86)\Apple Software Update
2011-08-27 05:24 . 2011-08-27 05:24 -------- d-----w- c:\programdata\Apple
2011-08-27 05:17 . 2011-08-27 05:17 -------- d-----r- c:\program files (x86)\Skype
2011-08-27 05:17 . 2011-08-27 05:17 -------- d-----w- c:\programdata\Skype
2011-08-27 05:12 . 2011-08-27 05:27 -------- d-----w- c:\program files (x86)\Sony Media Go Install
2011-08-27 05:02 . 2011-08-27 05:02 -------- d-----w- c:\program files (x86)\Pando Networks
2011-08-27 05:02 . 2011-09-13 01:29 -------- d-----w- c:\program files (x86)\GamersFirst
2011-08-27 04:04 . 2010-02-04 17:01 78680 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2011-08-27 03:42 . 2011-08-27 03:42 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2011-08-27 03:35 . 2011-08-27 03:36 -------- d-----w- c:\program files (x86)\Common Files\LogiShrd
2011-08-27 03:35 . 2011-08-27 03:35 -------- d-----w- c:\program files\Logitech
2011-08-27 03:35 . 2011-08-27 03:35 -------- d-----w- c:\program files\Common Files\Logishrd
2011-08-27 03:34 . 2011-08-27 03:35 -------- d-----w- c:\programdata\LogiShrd
2011-08-27 01:54 . 2011-08-27 01:54 -------- d-----w- c:\program files (x86)\Trend Micro
2011-08-27 01:52 . 2011-08-27 01:52 -------- d-----w- c:\programdata\Malwarebytes
2011-08-27 01:52 . 2011-07-07 02:52 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-08-27 01:52 . 2011-08-27 01:52 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-08-27 01:52 . 2011-07-07 02:52 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-27 01:45 . 2011-08-27 01:45 526392 ----a-w- c:\windows\system32\drivers\sptd.sys
2011-08-27 01:45 . 2011-08-27 01:45 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite
2011-08-27 01:44 . 2011-08-27 01:44 -------- d-----w- c:\programdata\DAEMON Tools Lite
2011-08-27 01:43 . 2011-08-27 01:43 -------- d-----w- c:\program files\7-Zip
2011-08-27 00:11 . 2009-12-30 18:21 31800 ----a-w- c:\windows\system32\drivers\revoflt.sys
2011-08-27 00:11 . 2011-08-27 00:11 -------- d-----w- c:\program files\VS Revo Group
2011-08-26 23:33 . 2011-05-25 02:14 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-08-26 23:22 . 2011-08-26 23:22 -------- d-----w- c:\program files (x86)\BitTorrent
2011-08-26 23:17 . 2011-08-27 04:56 -------- d-----w- c:\program files (x86)\Panda Security
2011-08-26 23:17 . 2011-08-26 23:17 -------- d-----w- c:\programdata\Panda Security
2011-08-26 23:16 . 2011-08-26 23:17 -------- d-----w- C:\temp
2011-08-26 18:09 . 2011-08-26 23:12 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
2011-08-26 17:48 . 2011-08-26 17:48 -------- d-----w- c:\program files (x86)\Microsoft.NET
2011-08-26 16:59 . 2011-08-26 16:59 -------- d-----w- c:\windows\system32\SPReview
2011-08-26 16:58 . 2011-08-26 16:58 -------- d-----w- c:\windows\system32\EventProviders
2011-08-26 16:52 . 2010-11-05 01:57 48976 ----a-w- c:\windows\system32\netfxperf.dll
2011-08-26 16:52 . 2010-11-05 01:57 1942856 ----a-w- c:\windows\system32\dfshim.dll
2011-08-26 16:52 . 2010-11-05 01:58 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
2011-08-26 16:50 . 2010-11-20 12:20 1328128 ----a-w- c:\windows\SysWow64\quartz.dll
2011-08-26 16:49 . 2010-11-20 13:44 1077248 ----a-w- c:\windows\system32\Narrator.exe
2011-08-26 16:48 . 2010-11-20 13:27 681472 ----a-w- c:\windows\system32\WUDFx.dll
2011-08-26 16:45 . 2011-08-26 16:45 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-08-26 16:45 . 2011-07-19 12:05 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-08-26 16:44 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll
2011-08-26 16:44 . 2010-11-20 13:27 244736 ----a-w- c:\program files\Windows Portable Devices\sqmapi.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-26 17:14 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-08-26 17:14 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-08-26 15:34 . 2010-06-24 18:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-08-01 11:23 . 2011-08-01 11:23 160520 ----a-w- c:\windows\system32\drivers\PSINAflt.sys
2011-07-16 04:26 . 2011-08-26 15:47 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{91da5e8a-3318-4f8c-b67e-5964de3ab546}"= "c:\program files (x86)\ZoneAlarm_Security\prxtbZone.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-03-28 16:22 176936 ----a-w- c:\program files (x86)\ConduitEngine\prxConduitEngin.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
2011-03-28 16:22 176936 ----a-w- c:\program files (x86)\ZoneAlarm_Security\prxtbZone.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{91da5e8a-3318-4f8c-b67e-5964de3ab546}"= "c:\program files (x86)\ZoneAlarm_Security\prxtbZone.dll" [2011-03-28 176936]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\prxConduitEngin.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\William\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\William\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\William\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PSUNMain"="c:\program files (x86)\Panda Security\Panda Cloud Antivirus\PSUNMain.exe" [2011-04-28 439616]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-02-24 2454840]
"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]
"ZoneAlarm Client"="c:\program files (x86)\Zone Labs\ZoneAlarm\zlclient.exe" [2011-03-18 1043968]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
SetPointII.lnk - c:\program files\Logitech\SetPoint II\SetPointII.exe [2009-7-21 815104]
WD Quick View.lnk - c:\program files\Western Digital\WD SmartWare\WDDMStatus.exe [2011-8-1 4221840]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-15 136176]
R3 dump_wmimmc;dump_wmimmc;c:\gamescampus\DriftCity\GameGuard\dump_wmimmc.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-15 136176]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [x]
R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
R4 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2009-10-06 51512]
R4 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-02-24 835952]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S1 PSINKNC;PSINKNC;c:\windows\system32\DRIVERS\psinknc.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2011-02-15 33528]
S2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2011-02-15 822264]
S2 NanoServiceMain;Panda Cloud Antivirus Service;c:\program files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe [2011-04-28 140608]
S2 PSINAflt;PSINAflt;c:\windows\system32\DRIVERS\PSINAflt.sys [x]
S2 PSINFile;PSINFile;c:\windows\system32\DRIVERS\PSINFile.sys [x]
S2 PSINProc;PSINProc;c:\windows\system32\DRIVERS\PSINProc.sys [x]
S2 PSINProt;PSINProt;c:\windows\system32\DRIVERS\PSINProt.sys [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2011-09-01 2027840]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-03-18 2320920]
S2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WDDMService.exe [2011-08-01 317328]
S2 WDFMEService;WDFMEService;c:\program files\Western Digital\WD SmartWare\WDFME.exe [2011-08-01 1978256]
S2 WDRulesService;WDRulesService;c:\program files\Western Digital\WD SmartWare\WDRulesEngine.exe [2011-08-01 1338256]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [x]
S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys [x]
S3 rtl8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [2011-06-06 11856]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai REG_MULTI_SZ Akamai
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-15 04:04]
.
2011-09-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-15 04:04]
.
2011-09-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2112161315-261013276-3056878637-1001Core.job
- c:\users\William\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-18 19:09]
.
2011-09-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2112161315-261013276-3056878637-1001UA.job
- c:\users\William\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-18 19:09]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\William\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\William\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\William\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\William\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-10 161304]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-10 415256]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-04-28 307768]
"HSON"="c:\program files\TOSHIBA\TBS\HSON.exe" [2009-03-09 52600]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2010-05-10 915320]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576]
"VX1000"="c:\windows\vVX1000.exe" [2010-05-20 762736]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2011-02-15 1123320]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {{9BEF3FB8-E5E0-4494-BC59-7BAC1C9AD503}\lang0419
IE: {{E3CB497B-E230-4445-8B34-13476822F867}\lang0419
IE: {{9BEF3FB8-E5E0-4494-BC59-7BAC1C9AD503} - {DC8DD02C-C44B-47EE-8558-F1C17307A79A} - c:\progra~2\COMMON~1\TIDYFA~1\AddToFav.dll
IE: {{E3CB497B-E230-4445-8B34-13476822F867} - {5AAF9669-C519-4AFF-BB6D-CCEE38D21C90} - c:\progra~2\COMMON~1\TIDYFA~1\OpenFav.dll
TCP: DhcpNameServer = 213.109.64.146 213.109.77.21 1.1.1.1
FF - ProfilePath - c:\users\William\AppData\Roaming\Mozilla\Firefox\Profiles\wxzojnl2.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Notify-igfxcui - (no file)
Toolbar-Locked - (no file)
HKLM-Run-(Default) - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="C:/Program Files (x86)/Common Files/Akamai/netsession_win_2da1ebd.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="C:/Program Files (x86)/Common Files/Akamai/netsession_win_2da1ebd.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2112161315-261013276-3056878637-1001_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):53,c6,e6,fc,00,32,29,24,6c,37,f0,18,0f,69,44,6c,d1,15,85,d1,e5,
1b,8a,d7,d2,1f,6f,ea,d9,d1,be,b5,2c,98,03,26,13,4e,6d,3e,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-2112161315-261013276-3056878637-1001_Classes\Wow6432Node\CLSID\{831aba64-99c4-49e4-910e-96ebee2869eb}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000100
"Therad"=dword:00000014
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Google\Update\1.3.21.69\GoogleCrashHandler.exe
c:\program files (x86)\Panda Security\Panda Cloud Antivirus\PSANToManager.exe
.
**************************************************************************
.
Completion time: 2011-09-19 00:04:14 - machine was rebooted
ComboFix-quarantined-files.txt 2011-09-19 04:04
.
Pre-Run: 144,250,445,824 bytes free
Post-Run: 145,264,304,128 bytes free
.
- - End Of File - - F40CE6A71B5132358DD2CABBD2924687

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:33 AM

Posted 18 September 2011 - 11:25 PM

we are going to check the router

Create and Run Batch File
Open Notepad and copy/paste the entire contents of the codebox below, into Notepad:
@echo off
>Log1.txt (
ipconfig /all
nslookup google.com
nslookup yahoo.com
ping -n 2 google.com
ping -n 2 yahoo.com
route print
)
start Log1.txt
del %0
Save this as router.bat Choose to Save type as - All Files and where to save - Desktop - then close the Notepad file.

It should look like this: Posted Image <--XP
Double-click on router.bat to run it. it will open notepad when done please post back the results

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 Niceneasy92

Niceneasy92
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:33 AM

Posted 18 September 2011 - 11:31 PM

Here's my results from the router log.


Windows IP Configuration

Host Name . . . . . . . . . . . . : William-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : woh.rr.com

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : woh.rr.com
Description . . . . . . . . . . . : Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC
Physical Address. . . . . . . . . : 1C-65-9D-B7-7B-8F
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::25e0:8ed:18af:470%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.102(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Sunday, September 18, 2011 11:58:51 PM
Lease Expires . . . . . . . . . . : Tuesday, September 20, 2011 12:27:25 AM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 303850909
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-E9-6E-E8-60-EB-69-A0-16-81
DNS Servers . . . . . . . . . . . : 213.109.64.146
213.109.77.21
1.1.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Atheros AR8152/8158 PCI-E Fast Ethernet Controller (NDIS 6.20)
Physical Address. . . . . . . . . : 60-EB-69-A0-16-81
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter 6TO4 Adapter:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft 6to4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 9:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fb:ccc:2a6a:ba78:46a5(Preferred)
Link-local IPv6 Address . . . . . : fe80::ccc:2a6a:ba78:46a5%15(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter isatap.woh.rr.com:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : woh.rr.com
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: 213.109.64.146

Name: google.com
Addresses: 74.125.47.103
74.125.47.147
74.125.47.105
74.125.47.106
74.125.47.99
74.125.47.104

Server: UnKnown
Address: 213.109.64.146

Name: yahoo.com
Addresses: 67.195.160.76
72.30.2.43
69.147.125.65
209.191.122.70
98.137.149.56


Pinging google.com [74.125.45.103] with 32 bytes of data:
Reply from 74.125.45.103: bytes=32 time=52ms TTL=52
Reply from 74.125.45.103: bytes=32 time=42ms TTL=52

Ping statistics for 74.125.45.103:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 42ms, Maximum = 52ms, Average = 47ms

Pinging yahoo.com [209.191.122.70] with 32 bytes of data:
Reply from 209.191.122.70: bytes=32 time=57ms TTL=53
Reply from 209.191.122.70: bytes=32 time=48ms TTL=53

Ping statistics for 209.191.122.70:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 48ms, Maximum = 57ms, Average = 52ms
===========================================================================
Interface List
11...1c 65 9d b7 7b 8f ......Realtek RTL8188CE Wireless LAN 802.11n PCI-E NIC
10...60 eb 69 a0 16 81 ......Atheros AR8152/8158 PCI-E Fast Ethernet Controller (NDIS 6.20)
1...........................Software Loopback Interface 1
14...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
15...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
18...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.102 26
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.102 281
192.168.1.102 255.255.255.255 On-link 192.168.1.102 281
192.168.1.255 255.255.255.255 On-link 192.168.1.102 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.102 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.102 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
15 58 ::/0 On-link
1 306 ::1/128 On-link
15 58 2001::/32 On-link
15 306 2001:0:5ef5:79fb:ccc:2a6a:ba78:46a5/128
On-link
11 281 fe80::/64 On-link
15 306 fe80::/64 On-link
15 306 fe80::ccc:2a6a:ba78:46a5/128
On-link
11 281 fe80::25e0:8ed:18af:470/128
On-link
1 306 ff00::/8 On-link
15 306 ff00::/8 On-link
11 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:33 AM

Posted 18 September 2011 - 11:34 PM

Hello

Yes it looks like the DNS settings on the router have been changed.

After you have run these steps - you need to let me know how the computer is doing

Resetting Router


  • This can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router.
  • Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds).
  • If you donít know the router's default password, you can look it up. Here
  • You also need to reconfigure any security settings you had in place prior to the reset.
  • You may also need to consult with your Internet service provider to find out which DNS servers your network should be using or you can use OpenDNS
Note: After resetting your router, it is important to set a non-default password, and if possible, username, on the router. This will assist in eliminating the possibility of the router being hijacked again.

flush the DNS:

Now lets flush the DNS on the computer:

  • click on Start
  • select run
  • enter cmd and hit enter
  • a black window will open.
  • please enter the following text into that window and hit enter:


    ipconfig /flushdns

Now lets check the router again

Create and Run Batch File
Open Notepad and copy/paste the entire contents of the codebox below, into Notepad:
@echo off
>Log1.txt (
ipconfig /all
nslookup google.com
nslookup yahoo.com
ping -n 2 google.com
ping -n 2 yahoo.com
route print
)
start Log1.txt
del %0
Save this as router.bat Choose to Save type as - All Files and where to save - Desktop - then close the Notepad file.

It should look like this: Posted Image <--XP
Double-click on router.bat to run it. it will open notepad when done please post back the results

gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:33 AM

Posted 18 September 2011 - 11:34 PM

Hello

Yes it looks like the DNS settings on the router have been changed.

After you have run these steps - you need to let me know how the computer is doing

Resetting Router


  • This can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router.
  • Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds).
  • If you donít know the router's default password, you can look it up. Here
  • You also need to reconfigure any security settings you had in place prior to the reset.
  • You may also need to consult with your Internet service provider to find out which DNS servers your network should be using or you can use OpenDNS
Note: After resetting your router, it is important to set a non-default password, and if possible, username, on the router. This will assist in eliminating the possibility of the router being hijacked again.

flush the DNS:

Now lets flush the DNS on the computer:

  • click on Start
  • select run
  • enter cmd and hit enter
  • a black window will open.
  • please enter the following text into that window and hit enter:


    ipconfig /flushdns

Now lets check the router again

Create and Run Batch File
Open Notepad and copy/paste the entire contents of the codebox below, into Notepad:
@echo off
>Log1.txt (
ipconfig /all
nslookup google.com
nslookup yahoo.com
ping -n 2 google.com
ping -n 2 yahoo.com
route print
)
start Log1.txt
del %0
Save this as router.bat Choose to Save type as - All Files and where to save - Desktop - then close the Notepad file.

It should look like this: Posted Image <--XP
Double-click on router.bat to run it. it will open notepad when done please post back the results

gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 Niceneasy92

Niceneasy92
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:33 AM

Posted 18 September 2011 - 11:49 PM

Thank you for the help, but where I'm at, it's almost 1 in the morning and I need to be getting to sleep, will we be able to continue this tomorrow?

#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:33 AM

Posted 18 September 2011 - 11:51 PM

YES OF COURSE



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 Niceneasy92

Niceneasy92
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:33 AM

Posted 18 September 2011 - 11:53 PM

Thank you very much for the help, I'll make sure to contact you again tomorrow.

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:33 AM

Posted 19 September 2011 - 12:12 AM

no problem
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:33 AM

Posted 22 September 2011 - 08:13 AM

Hello

48 Hour bump

It has been more than 48 hours since my last post.

  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 Niceneasy92

Niceneasy92
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:33 AM

Posted 22 September 2011 - 11:31 AM

Sorry I haven't gotten back to you, but yes, I followed your instructions and everything works just fine now! Thanks for all your help!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users