Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect (starsear.ch, infected through Vshare)


  • Please log in to reply
3 replies to this topic

#1 Thraklol

Thraklol

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:46 PM

Posted 19 September 2011 - 07:42 AM

Hey guys! Seen many a topic for this so far, thought I'd make my own. To save some time I have gathered the logs from all programmes recommended, please don't hesitate to request anything else! I got this virus through downloading the Vshare plugin so I could watch some football live yesterday, I was skeptical but went ahead anyway, as far as I can see it has affected both FF and Chrome, I had a look at IE and it seemed OK, but it's an out of date version and I never use it. Anyway, here are the logs :



Security check:

Results of screen317's Security Check version 0.99.7
Windows Vista (UAC is enabled)
Out of date service pack!!
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
McAfee Security Scan Plus
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Java™ 6 Update 20
Java™ 6 Update 26
Out of date Java installed!
Adobe Flash Player 10.3.181.14
Adobe Reader 9.4.4
Out of date Adobe Reader installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Windows Defender MSMpEng.exe
Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
AVG avgwdsvc.exe
AVG avgtray.exe
Microsoft Security Essentials msseces.exe
Microsoft Security Client Antimalware MsMpEng.exe
Microsoft Security Client Antimalware NisSrv.exe
``````````End of Log````````````

minitoolbox

MiniToolBox by Farbar
Ran by Dre (administrator) on 19-09-2011 at 10:32:06
Windows ™ Vista Home Premium Service Pack 2 (X64)

***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

========================= FF Proxy Settings: ==============================

========================= Hosts content: =================================

::1 localhost

127.0.0.1 localhost

========================= IP Configuration: ================================

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
add route prefix=0.0.0.0/0 interface="Hamachi" nexthop=5.0.0.1
set interface interface="Hamachi" forwarding=disabled advertise=disabled metric=9000 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Dre-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : home

Ethernet adapter Local Area Connection* 15:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Anchorfree HSS Adapter
Physical Address. . . . . . . . . : 00-FF-2A-D0-93-3A
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : home
Description . . . . . . . . . . . : NVIDIA nForce 10/100/1000 Mbps Networking Controller
Physical Address. . . . . . . . . : 00-22-15-FF-16-17
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::b927:d6b1:fc9e:ed25%10(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.65(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : 19 September 2011 08:37:25
Lease Expires . . . . . . . . . . : 20 September 2011 09:19:43
Default Gateway . . . . . . . . . : 192.168.1.254
DHCP Server . . . . . . . . . . . : 192.168.1.254
DHCPv6 IAID . . . . . . . . . . . : 218112533
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-3C-08-D7-00-22-15-FF-16-17
DNS Servers . . . . . . . . . . . : 192.168.1.254
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Hamachi:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Hamachi Network Interface
Physical Address. . . . . . . . . : 7A-79-05-F6-CC-37
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2620:9b::5f6:cc37(Preferred)
Link-local IPv6 Address . . . . . : fe80::1954:bdbd:c9e7:d958%18(Preferred)
IPv4 Address. . . . . . . . . . . : 5.246.204.55(Preferred)
Subnet Mask . . . . . . . . . . . : 255.0.0.0
Lease Obtained. . . . . . . . . . : 19 September 2011 08:37:32
Lease Expires . . . . . . . . . . : 18 September 2012 09:19:54
Default Gateway . . . . . . . . . : 5.0.0.1
DHCP Server . . . . . . . . . . . : 5.0.0.1
DHCPv6 IAID . . . . . . . . . . . : 427456837
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-3C-08-D7-00-22-15-FF-16-17
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.home
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fd:3054:347b:a971:d71f(Preferred)
Link-local IPv6 Address . . . . . : fe80::3054:347b:a971:d71f%11(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Tunnel adapter Local Area Connection* 17:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{A32F7A92-F8B7-475E-A1DF-54D642BB6926}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 19:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 20:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : home
Description . . . . . . . . . . . : isatap.home
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: BThomehub.home
Address: 192.168.1.254

Name: google.com
Addresses: 209.85.146.106
209.85.146.105
209.85.146.99
209.85.146.147
209.85.146.103
209.85.146.104

Pinging google.com [209.85.146.99] with 32 bytes of data: Reply from 209.85.146.99: bytes=32 time=41ms TTL=49 Reply from 209.85.146.99: bytes=32 time=41ms TTL=49 Ping statistics for 209.85.146.99: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 41ms, Maximum = 41ms, Average = 41ms Server: BThomehub.home
Address: 192.168.1.254

Name: yahoo.com
Addresses: 98.137.149.56
209.191.122.70
67.195.160.76
69.147.125.65
72.30.2.43

Pinging yahoo.com [209.191.122.70] with 32 bytes of data: Reply from 209.191.122.70: bytes=32 time=165ms TTL=46 Reply from 209.191.122.70: bytes=32 time=172ms TTL=46 Ping statistics for 209.191.122.70: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 165ms, Maximum = 172ms, Average = 168ms Pinging 127.0.0.1 with 32 bytes of data: Reply from 127.0.0.1: bytes=32 time=4ms TTL=128 Reply from 127.0.0.1: bytes=32 time=2ms TTL=128 Ping statistics for 127.0.0.1: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 2ms, Maximum = 4ms, Average = 3ms ===========================================================================
Interface List
16 ...00 ff 2a d0 93 3a ...... Anchorfree HSS Adapter
10 ...00 22 15 ff 16 17 ...... NVIDIA nForce 10/100/1000 Mbps Networking Controller
18 ...7a 79 05 f6 cc 37 ...... Hamachi Network Interface
1 ........................... Software Loopback Interface 1
20 ...00 00 00 00 00 00 00 e0 isatap.home
11 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
21 ...00 00 00 00 00 00 00 e0 isatap.{A32F7A92-F8B7-475E-A1DF-54D642BB6926}
23 ...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
22 ...00 00 00 00 00 00 00 e0 isatap.home
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.65 20
0.0.0.0 0.0.0.0 5.0.0.1 5.246.204.55 9256
5.0.0.0 255.0.0.0 On-link 5.246.204.55 9256
5.246.204.55 255.255.255.255 On-link 5.246.204.55 9256
5.255.255.255 255.255.255.255 On-link 5.246.204.55 9256
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.65 276
192.168.1.65 255.255.255.255 On-link 192.168.1.65 276
192.168.1.255 255.255.255.255 On-link 192.168.1.65 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.65 276
224.0.0.0 240.0.0.0 On-link 5.246.204.55 9256
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.65 276
255.255.255.255 255.255.255.255 On-link 5.246.204.55 9256
===========================================================================
Persistent Routes:
Network Address Netmask Gateway Address Metric
0.0.0.0 0.0.0.0 5.0.0.1 Default
===========================================================================

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
11 18 ::/0 On-link
1 306 ::1/128 On-link
11 18 2001::/32 On-link
11 266 2001:0:5ef5:79fd:3054:347b:a971:d71f/128
On-link
18 276 2620:9b::/64 On-link
18 276 2620:9b::/96 On-link
18 276 2620:9b::5f6:cc37/128 On-link
10 276 fe80::/64 On-link
18 276 fe80::/64 On-link
11 266 fe80::/64 On-link
18 276 fe80::1954:bdbd:c9e7:d958/128
On-link
11 266 fe80::3054:347b:a971:d71f/128
On-link
10 276 fe80::b927:d6b1:fc9e:ed25/128
On-link
1 306 ff00::/8 On-link
11 266 ff00::/8 On-link
10 276 ff00::/8 On-link
18 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
If Metric Network Destination Gateway
0 4294967295 2620:9b::/96 On-link
===========================================================================

========================= Event log errors: ===============================

Application errors:
==================
Error: (09/19/2011 03:38:08 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/18/2011 08:11:49 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/18/2011 08:08:06 PM) (Source: Bonjour Service) (User: )
Description: 384: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.)

Error: (09/18/2011 08:08:06 PM) (Source: Bonjour Service) (User: )
Description: 404: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.)

Error: (09/18/2011 08:08:06 PM) (Source: Bonjour Service) (User: )
Description: 412: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.)

Error: (09/18/2011 00:28:56 PM) (Source: Application Hang) (User: )
Description: The program LOLRecorder.exe version 1.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: c48
Start Time: 01cc75883a207730
Termination Time: 15

Error: (09/16/2011 00:19:12 PM) (Source: Application Hang) (User: )
Description: The program LolClient.exe version 2.0.2.12610 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 1860
Start Time: 01cc7461ea59dfb0
Termination Time: 170

Error: (09/15/2011 03:01:30 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/15/2011 02:59:03 PM) (Source: Bonjour Service) (User: )
Description: 380: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.)

Error: (09/15/2011 02:59:03 PM) (Source: Bonjour Service) (User: )
Description: 368: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.)


System errors:
=============
Error: (09/19/2011 08:37:56 AM) (Source: netbt) (User: )
Description: The name "WORKGROUP :1d" could not be registered on the interface with IP address 5.246.204.55.
The computer with the IP address 5.181.67.145 did not allow the name to be claimed by
this computer.

Error: (09/19/2011 03:37:00 AM) (Source: netbt) (User: )
Description: Initialization failed because the driver device could not be created.
Use the string "002215FF1617" to identify the interface for which initialization
failed. It represents the MAC address of the failed interface or the
Globally Unique Interface Identifier (GUID) if NetBT was unable to
map from GUID to MAC address. If neither the MAC address nor the GUID were
available, the string represents a cluster device name.

Error: (09/19/2011 03:37:00 AM) (Source: netbt) (User: )
Description: Initialization failed because the driver device could not be created.
Use the string "002215FF1617" to identify the interface for which initialization
failed. It represents the MAC address of the failed interface or the
Globally Unique Interface Identifier (GUID) if NetBT was unable to
map from GUID to MAC address. If neither the MAC address nor the GUID were
available, the string represents a cluster device name.

Error: (09/19/2011 03:11:52 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.111.2487.0

Update Source: %NT AUTHORITY59

Update Stage: 3.0.8402.00

Source Path: 3.0.8402.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (09/19/2011 03:11:52 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.111.2487.0

Update Source: %NT AUTHORITY59

Update Stage: 3.0.8402.00

Source Path: 3.0.8402.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (09/19/2011 03:11:52 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.111.2487.0

Update Source: %NT AUTHORITY59

Update Stage: 3.0.8402.00

Source Path: 3.0.8402.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (09/19/2011 03:00:20 AM) (Source: Service Control Manager) (User: )
Description: 30000Netman

Error: (09/18/2011 09:50:55 PM) (Source: bowser) (User: )
Description: The master browser has received a server announcement from the computer FREDSTERHP
that believes that it is the master browser for the domain on transport NetBT_Tcpip_{A32F7A92-F8B7-475E-A1DF-54D642BB6926}.
The master browser is stopping or an election is being forced.

Error: (09/18/2011 08:10:40 PM) (Source: netbt) (User: )
Description: Initialization failed because the driver device could not be created.
Use the string "002215FF1617" to identify the interface for which initialization
failed. It represents the MAC address of the failed interface or the
Globally Unique Interface Identifier (GUID) if NetBT was unable to
map from GUID to MAC address. If neither the MAC address nor the GUID were
available, the string represents a cluster device name.

Error: (09/18/2011 08:10:40 PM) (Source: netbt) (User: )
Description: Initialization failed because the driver device could not be created.
Use the string "002215FF1617" to identify the interface for which initialization
failed. It represents the MAC address of the failed interface or the
Globally Unique Interface Identifier (GUID) if NetBT was unable to
map from GUID to MAC address. If neither the MAC address nor the GUID were
available, the string represents a cluster device name.


Microsoft Office Sessions:
=========================
Error: (09/19/2011 03:38:08 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/18/2011 08:11:49 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/18/2011 08:08:06 PM) (Source: Bonjour Service)(User: )
Description: 384: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.)

Error: (09/18/2011 08:08:06 PM) (Source: Bonjour Service)(User: )
Description: 404: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.)

Error: (09/18/2011 08:08:06 PM) (Source: Bonjour Service)(User: )
Description: 412: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.)

Error: (09/18/2011 00:28:56 PM) (Source: Application Hang)(User: )
Description: LOLRecorder.exe1.0.0.0c4801cc75883a20773015

Error: (09/16/2011 00:19:12 PM) (Source: Application Hang)(User: )
Description: LolClient.exe2.0.2.12610186001cc7461ea59dfb0170

Error: (09/15/2011 03:01:30 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/15/2011 02:59:03 PM) (Source: Bonjour Service)(User: )
Description: 380: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.)

Error: (09/15/2011 02:59:03 PM) (Source: Bonjour Service)(User: )
Description: 368: ERROR: read_msg errno 10054 (An existing connection was forcibly closed by the remote host.)


=========================== Installed Programs ============================

Adobe AIR (Version: 2.5.0.16600)
Adobe Flash Player 10 Plugin (Version: 10.3.181.14)
Adobe Reader 9.4.4 (Version: 9.4.4)
Adobe Shockwave Player 11.5 (Version: 11.5.9.615)
Apple Application Support (Version: 2.0.1)
Apple Mobile Device Support (Version: 3.4.1.2)
Apple Software Update (Version: 2.1.3.127)
Ask Toolbar (Version: 1.8.0.0)
µTorrent (Version: 2.0.4)
AVG 2011 (Version: 10.0.1410)
AVG 2011 (Version: 10.0.1520)
Bonjour (Version: 3.0.0.2)
Counter-Strike: Source
D3DX10 (Version: 15.4.2368.0902)
DivX Setup (Version: 2.2.1.2)
Dragon Age II Demo
Fallout 3 - Game of the Year Edition
Fallout 3 (Version: 1.00.0000)
Google Chrome (Version: 14.0.835.163)
Google Earth (Version: 6.0.3.2197)
Google Update Helper (Version: 1.3.21.65)
Grand Theft Auto 2
Grand Theft Auto: San Andreas
Hotspot Shield 1.57 (Version: 1.57)
iTunes (Version: 10.4.0.80)
Java Auto Updater (Version: 2.0.5.1)
Java™ 6 Update 20 (Version: 6.0.200)
Java™ 6 Update 26 (Version: 6.0.260)
Junk Mail filter update (Version: 15.4.3502.0922)
Lead and Gold - Gangs of the Wild West
League of Legends (Version: 1.02.0000)
League of Legends (Version: 1.3)
Logitech GamePanel Software 3.05.151 (Version: 3.05.151)
LogMeIn Hamachi (Version: 2.1.0.122)
LOLReplay (Version: 0.6.9.18)
Malwarebytes' Anti-Malware version 1.51.2.1300 (Version: 1.51.2.1300)
McAfee Security Scan Plus (Version: 2.0.181.2)
Media Player Codec Pack 3.9.6
Mesh Runtime (Version: 15.4.5722.2)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Antimalware (Version: 3.0.8402.2)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Games for Windows - LIVE Redistributable (Version: 3.5.88.0)
Microsoft Games for Windows Marketplace (Version: 3.5.50.0)
Microsoft Security Client (Version: 2.1.1116.0)
Microsoft Security Essentials (Version: 2.1.1116.0)
Microsoft Silverlight (Version: 4.0.60531.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (Version: 9.0.30411)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft XNA Framework Redistributable 4.0 (Version: 4.0.20823.0)
MobileMe Control Panel (Version: 3.1.6.0)
Mozilla Firefox 6.0.2 (x86 en-GB) (Version: 6.0.2)
MSVCRT (Version: 15.4.2862.0708)
MSVCRT_amd64 (Version: 15.4.2862.0708)
NVIDIA Display Control Panel (Version: 6.14.12.5896)
NVIDIA Drivers (Version: 1.10.62.40)
NVIDIA ForceWare Network Access Manager (Version: 1.00.6776)
NVIDIA PhysX (Version: 9.10.0224)
OpenOffice.org 3.2 (Version: 3.2.9502)
Pando Media Booster (Version: 2.3.4.3)
QuickTime (Version: 7.70.80.34)
Realtek High Definition Audio Driver (Version: 6.0.1.5618)
SEGA Genesis & Mega Drive Classics
Segoe UI (Version: 15.4.2271.0615)
Skype Toolbars (Version: 5.3.7555)
Skype™ 5.3 (Version: 5.3.120)
SoulSeek 157 NS 13e
SoulSeek Client 156c
Spybot - Search & Destroy (Version: 1.6.2)
Steam (Version: 1.0.0.0)
Supreme Commander 2
System Requirements Lab
TeamSpeak 2 RC2 (Version: 2.0.32.60)
TeamSpeak 3 Client
Terraria
Torchlight
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0)
Visual Studio 2008 x64 Redistributables (Version: 10.0.0.2)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3538.0513)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3538.0513)
Windows Live Mail (Version: 15.4.3502.0922)
Windows Live Mesh (Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2)
Windows Live Messenger (Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)
Windows Live Writer (Version: 15.4.3502.0922)
Windows Live Writer Resources (Version: 15.4.3502.0922)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
WinRAR archiver

========================= Memory info: ===================================

Percentage of memory in use: 60%
Total physical RAM: 4093.55 MB
Available physical RAM: 1630.71 MB
Total Pagefile: 8399.65 MB
Available Pagefile: 5380.6 MB
Total Virtual: 4095.88 MB
Available Virtual: 4009.95 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:139.73 GB) (Free:13.63 GB) NTFS
2 Drive d: () (Fixed) (Total:465.76 GB) (Free:301.69 GB) NTFS

========================= Users: ========================================

User accounts for \\DRE-PC

Administrator Dre Guest


**** End of log ****


Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 7744

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

19/09/2011 10:38:40
mbam-log-2011-09-19 (10-38-40).txt

Scan type: Quick scan
Objects scanned: 178711
Time elapsed: 5 minute(s), 21 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-09-19 12:34:30
Windows 6.0.6002 Service Pack 2
Running: b29x2jvu.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\Programmes\Daemon Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x15 0xD7 0xDE 0x07 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x28 0xE0 0x64 0xD0 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xE6 0x8F 0xA1 0x35 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x21 0x99 0x84 0x82 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 D:\Programmes\Daemon Tools\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x15 0xD7 0xDE 0x07 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x28 0xE0 0x64 0xD0 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xE6 0x8F 0xA1 0x35 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x21 0x99 0x84 0x82 ...

---- EOF - GMER 1.0.15 ----


Once again, don't hestiate to ask for any more information. I am actually on a timeline, I am going away travelling for a few months early tomorrow, so any resolution today would be amazing.

BC AdBot (Login to Remove)

 


#2 ranget

ranget

  • Members
  • 250 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:46 PM

Posted 19 September 2011 - 08:29 AM

Hi until a BC Advisor or a staff member come here to aid you

you can run the fowllowing

1- superantispyware
2- Dr web cureit

:thumbup2:

A big thanks to Dider Stevens

sorry for not being around

 


#3 Thraklol

Thraklol
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:46 PM

Posted 19 September 2011 - 09:28 AM

Thanks for the reply, will give these a try now.

#4 Thraklol

Thraklol
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:06:46 PM

Posted 19 September 2011 - 10:52 AM

No joy with the first one, trying the second soon.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users