Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

search engine redirect & random IE start up


  • Please log in to reply
3 replies to this topic

#1 wordless chorus

wordless chorus

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:13 PM

Posted 07 November 2011 - 08:59 PM

Hello there. I have recently started to have problems with the search engine on any of the browsers I use. I usually use Firefox without a problem but now every time I click on a link, it'll redirect me to a link found by admirablesearchsystem.com. I have Malwarebytes installed and it does delete a backdoor agent but for some reason it still will redirect my searches after Malware deletes the trojan and reboots. Is it possible to get some assitance please? I am running Windows 7.



Here is my log.


Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8111

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

11/7/2011 6:00:20 PM
mbam-log-2011-11-07 (18-00-20).txt

Scan type: Quick scan
Objects scanned: 169120
Time elapsed: 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Backdoor.Agent) -> Value: Shell -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Edited by Budapest, 07 November 2011 - 10:07 PM.
Moved from Win7 ~Budapest


BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:12:13 PM

Posted 07 November 2011 - 10:22 PM

Welcome aboard Posted Image

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=============================================================================

Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size
Click Go and post the result.

=============================================================================

Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

=============================================================================

Please download GMER from one of the following locations and save it to your desktop:
  • Main Mirror
    This version will download a randomly named file (Recommended)
  • Zipped Mirror
    This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop.
  • Disconnect from the Internet and close all running programs.
  • Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.
  • Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked.
  • Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe.

    Posted Image
  • GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress)
  • If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
  • Now click the Scan button. If you see a rootkit warning window, click OK.
  • When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
  • Click the Copy button and paste the results into your next reply.
  • Exit GMER and be sure to re-enable your anti-virus, Firewall and any other security programs you had disabled.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 wordless chorus

wordless chorus
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:02:13 PM

Posted 08 November 2011 - 12:41 AM

thanks! here you go.


Results of screen317's Security Check version 0.99.24
Windows 7 x64 (UAC is enabled)
Internet Explorer 8 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware
Java™ 6 Update 26
Out of date Java installed!
````````````````````````````````
Process Check:
objlist.exe by Laurent

Symantec Norton Online Backup NOBuAgent.exe
``````````End of Log````````````

----------------------------------------------------------


MiniToolBox by Farbar
Ran by Ozzy (administrator) on 07-11-2011 at 21:09:05
Windows 7 Home Premium (X64)

***************************************************************************

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.
========================= Hosts content: =================================



========================= IP Configuration: ================================The following helper DLL cannot be loaded: WSHELPER.DLL.


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Ozzy-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : myhome.westell.com

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : myhome.westell.com
Description . . . . . . . . . . . : Atheros AR5B97 Wireless Network Adapter
Physical Address. . . . . . . . . : 1C-65-9D-3A-CF-FF
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::803b:5148:7001:9569%12(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.44(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Monday, November 07, 2011 9:04:22 PM
Lease Expires . . . . . . . . . . : Tuesday, November 08, 2011 9:04:23 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 387736989
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-14-27-49-D2-88-AE-1D-9C-4B-18
DNS Servers . . . . . . . . . . . : 192.168.1.1
192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : myhome.westell.com
Description . . . . . . . . . . . : Broadcom NetLink ™ Gigabit Ethernet
Physical Address. . . . . . . . . : 88-AE-1D-9C-4B-18
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.myhome.westell.com:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : myhome.westell.com
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:2008:c1b:3f57:fed3(Preferred)
Link-local IPv6 Address . . . . . : fe80::2008:c1b:3f57:fed3%13(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled

Pinging google.com [74.125.224.112] with 32 bytes of data:
Reply from 74.125.224.112: bytes=32 time=38ms TTL=55
Reply from 74.125.224.112: bytes=32 time=40ms TTL=55

Ping statistics for 74.125.224.112:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 38ms, Maximum = 40ms, Average = 39ms

Pinging yahoo.com [98.139.180.149] with 32 bytes of data:
Reply from 98.139.180.149: bytes=32 time=243ms TTL=48
Reply from 98.139.180.149: bytes=32 time=199ms TTL=48

Ping statistics for 98.139.180.149:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 199ms, Maximum = 243ms, Average = 221ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
12...1c 65 9d 3a cf ff ......Atheros AR5B97 Wireless Network Adapter
11...88 ae 1d 9c 4b 18 ......Broadcom NetLink ™ Gigabit Ethernet
1...........................Software Loopback Interface 1
14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.44 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.44 281
192.168.1.44 255.255.255.255 On-link 192.168.1.44 281
192.168.1.255 255.255.255.255 On-link 192.168.1.44 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.44 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.44 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
13 58 ::/0 On-link
1 306 ::1/128 On-link
13 58 2001::/32 On-link
13 306 2001:0:4137:9e76:2008:c1b:3f57:fed3/128
On-link
12 281 fe80::/64 On-link
13 306 fe80::/64 On-link
13 306 fe80::2008:c1b:3f57:fed3/128
On-link
12 281 fe80::803b:5148:7001:9569/128
On-link
1 306 ff00::/8 On-link
13 306 ff00::/8 On-link
12 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
Catalog5 02 mswsock.dll [File Not found] ()
Catalog5 03 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog9 01 mswsock.dll [File Not found] ()
Catalog9 02 mswsock.dll [File Not found] ()
Catalog9 03 mswsock.dll [File Not found] ()
Catalog9 04 mswsock.dll [File Not found] ()
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 mswsock.dll [File Not found] ()
Catalog9 07 mswsock.dll [File Not found] ()
Catalog9 08 mswsock.dll [File Not found] ()
Catalog9 09 mswsock.dll [File Not found] ()
Catalog9 10 mswsock.dll [File Not found] ()
x64-Catalog5 01 mswsock.dll [File Not found] ()
x64-Catalog5 02 mswsock.dll [File Not found] ()
x64-Catalog5 03 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog9 01 mswsock.dll [File Not found] ()
x64-Catalog9 02 mswsock.dll [File Not found] ()
x64-Catalog9 03 mswsock.dll [File Not found] ()
x64-Catalog9 04 mswsock.dll [File Not found] ()
x64-Catalog9 05 mswsock.dll [File Not found] ()
x64-Catalog9 06 mswsock.dll [File Not found] ()
x64-Catalog9 07 mswsock.dll [File Not found] ()
x64-Catalog9 08 mswsock.dll [File Not found] ()
x64-Catalog9 09 mswsock.dll [File Not found] ()
x64-Catalog9 10 mswsock.dll [File Not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (11/07/2011 06:06:56 PM) (Source: MsiInstaller) (User: Ozzy)Ozzy
Description: Product: Microsoft Fix it 50562 -- This Microsoft Fix it does not apply to your operating system or application version.

Error: (11/05/2011 08:16:12 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.

Error: (11/04/2011 08:40:03 PM) (Source: Application Error) (User: )
Description: Faulting application name: spoolsv.exe, version: 6.1.7600.16661, time stamp: 0x4c6f61fe
Faulting module name: msvcrt.dll, version: 7.0.7600.16385, time stamp: 0x4a5bdfbe
Exception code: 0x40000015
Fault offset: 0x000000000002aa8e
Faulting process id: 0x49c
Faulting application start time: 0xspoolsv.exe0
Faulting application path: spoolsv.exe1
Faulting module path: spoolsv.exe2
Report Id: spoolsv.exe3

Error: (10/31/2011 05:24:30 PM) (Source: ZuneDriver) (User: )
Description: Zune MTPZ USB Driver0x802a00060x1005

Error: (10/31/2011 05:23:40 PM) (Source: ZuneDriver) (User: )
Description: Zune MTPZ USB Driver0x802a00060x922c

Error: (10/31/2011 05:23:07 PM) (Source: ZuneDriver) (User: )
Description: Zune MTPZ USB Driver0x802a00060x922d

Error: (10/31/2011 05:22:33 PM) (Source: ZuneDriver) (User: )
Description: Zune MTPZ USB Driver0x802a00060x922b

Error: (10/24/2011 10:02:11 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.

Error: (10/24/2011 10:18:48 AM) (Source: Application Error) (User: )
Description: Faulting application name: Zune.exe, version: 4.8.2345.0, time stamp: 0x4e3c45e4
Faulting module name: ZuneDBApi.ni.dll, version: 4.8.2345.0, time stamp: 0x4e3c456b
Exception code: 0xc0000005
Fault offset: 0x0000000000255041
Faulting process id: 0xc44
Faulting application start time: 0xZune.exe0
Faulting application path: Zune.exe1
Faulting module path: Zune.exe2
Report Id: Zune.exe3

Error: (10/22/2011 08:09:28 PM) (Source: WPDMTPDriver) (User: )
Description: MTP WPD Driver0x800705b4


System errors:
=============
Error: (11/07/2011 09:04:20 PM) (Source: Service Control Manager) (User: )
Description: The Windows Firewall service depends on the Windows Firewall Authorization Driver service which failed to start because of the following error:
%%183

Error: (11/07/2011 09:04:20 PM) (Source: Service Control Manager) (User: )
Description: The Windows Firewall Authorization Driver service failed to start due to the following error:
%%183

Error: (11/07/2011 06:27:07 PM) (Source: Service Control Manager) (User: )
Description: The Windows Firewall service depends on the Windows Firewall Authorization Driver service which failed to start because of the following error:
%%183

Error: (11/07/2011 06:27:07 PM) (Source: Service Control Manager) (User: )
Description: The Windows Firewall Authorization Driver service failed to start due to the following error:
%%183

Error: (11/07/2011 06:24:05 PM) (Source: Service Control Manager) (User: )
Description: The Windows Firewall service depends on the Windows Firewall Authorization Driver service which failed to start because of the following error:
%%183

Error: (11/07/2011 06:24:05 PM) (Source: Service Control Manager) (User: )
Description: The Windows Firewall Authorization Driver service failed to start due to the following error:
%%183

Error: (11/07/2011 06:23:24 PM) (Source: Service Control Manager) (User: )
Description: The Windows Firewall service depends on the Windows Firewall Authorization Driver service which failed to start because of the following error:
%%183

Error: (11/07/2011 06:23:24 PM) (Source: Service Control Manager) (User: )
Description: The Windows Firewall Authorization Driver service failed to start due to the following error:
%%183

Error: (11/07/2011 06:21:20 PM) (Source: Service Control Manager) (User: )
Description: The Windows Firewall service depends on the Windows Firewall Authorization Driver service which failed to start because of the following error:
%%183

Error: (11/07/2011 06:21:20 PM) (Source: Service Control Manager) (User: )
Description: The Windows Firewall Authorization Driver service failed to start due to the following error:
%%183


Microsoft Office Sessions:
=========================
Error: (11/07/2011 06:06:56 PM) (Source: MsiInstaller)(User: Ozzy)Ozzy
Description: Product: Microsoft Fix it 50562 -- This Microsoft Fix it does not apply to your operating system or application version.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (11/05/2011 08:16:12 AM) (Source: SideBySide)(User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"c:\program files (x86)\windows live\photo gallery\MovieMaker.Exec:\program files (x86)\windows live\photo gallery\WLMFDS.DLL8

Error: (11/04/2011 08:40:03 PM) (Source: Application Error)(User: )
Description: spoolsv.exe6.1.7600.166614c6f61femsvcrt.dll7.0.7600.163854a5bdfbe40000015000000000002aa8e49c01cc9b73d5cf240cC:\Windows\System32\spoolsv.exeC:\Windows\system32\msvcrt.dll398ed567-0768-11e1-9faa-88ae1d9c4b18

Error: (10/31/2011 05:24:30 PM) (Source: ZuneDriver)(User: )
Description: Zune MTPZ USB Driver0x802a00060x1005

Error: (10/31/2011 05:23:40 PM) (Source: ZuneDriver)(User: )
Description: Zune MTPZ USB Driver0x802a00060x922c

Error: (10/31/2011 05:23:07 PM) (Source: ZuneDriver)(User: )
Description: Zune MTPZ USB Driver0x802a00060x922d

Error: (10/31/2011 05:22:33 PM) (Source: ZuneDriver)(User: )
Description: Zune MTPZ USB Driver0x802a00060x922b

Error: (10/24/2011 10:02:11 PM) (Source: SideBySide)(User: )
Description: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1"c:\program files (x86)\windows live\photo gallery\MovieMaker.Exec:\program files (x86)\windows live\photo gallery\WLMFDS.DLL8

Error: (10/24/2011 10:18:48 AM) (Source: Application Error)(User: )
Description: Zune.exe4.8.2345.04e3c45e4ZuneDBApi.ni.dll4.8.2345.04e3c456bc00000050000000000255041c4401cc927924b63810C:\Program Files\Zune\Zune.exeC:\Windows\assembly\NativeImages_v2.0.50727_64\ZuneDBApi\d57cb776f0968662ebbbf583699c2259\ZuneDBApi.ni.dll9d6a3c96-fe6c-11e0-94e3-88ae1d9c4b18

Error: (10/22/2011 08:09:28 PM) (Source: WPDMTPDriver)(User: )
Description: MTP WPD Driver0x800705b4


=========================== Installed Programs ============================

18 Wheels of Steel - American Long Haul (Version: 2.2.0.95)
Acer Backup Manager (Version: 2.0.0.68)
Acer Crystal Eye webcam (Version: 1.0.4.2)
Acer ePower Management (Version: 5.00.3005)
Acer eRecovery Management (Version: 4.05.3013)
Acer Games (Version: 1.0.1.3)
Acer Registration (Version: 1.03.3003)
Acer ScreenSaver (Version: 1.1.0707.2010)
Acer Updater (Version: 1.02.3001)
Acrobat.com (Version: 1.6.65)
Adobe AIR (Version: 2.6.0.19120)
Adobe Flash Player 11 ActiveX (Version: 11.0.1.152)
Adobe Flash Player 11 Plugin 64-bit (Version: 11.0.1.152)
Adobe Reader 9.1 MUI (Version: 9.1.0)
Agatha Christie - Death on the Nile (Version: 2.2.0.95)
Backup Manager Basic (Version: 2.0.0.68)
Barnes & Noble Desktop Reader (Version: 2.5.1.21)
Bejeweled 2 Deluxe (Version: 2.2.0.95)
Blackhawk Striker 2 (Version: 2.2.0.95)
Build-a-lot 2 (Version: 2.2.0.95)
Chuzzle Deluxe (Version: 2.2.0.95)
Command & Conquer Red Alert 2
CyberLink PowerDVD 9 (Version: 9.0.2829.50)
Diner Dash 2 Restaurant Rescue (Version: 2.2.0.95)
Dora's Carnival Adventure (Version: 2.2.0.95)
eBay Worldwide (Version: 2.1.0901)
eSobi v2 (Version: 2.0.4.000274)
FATE (Version: 2.2.0.95)
FaxRedist (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.1.2003.1856)
Google Update Helper (Version: 1.3.21.79)
HiJackThis (Version: 1.0.0)
HTC BMP USB Driver (Version: 1.0.5375)
HTC Driver Installer (Version: 3.0.0.008)
HTC Sync (Version: 3.0.5557)
Identity Card (Version: 1.00.3003)
Intel® Graphics Media Accelerator Driver (Version: 8.15.10.1892)
Intel® Rapid Storage Technology (Version: 9.6.2.1001)
Java Auto Updater (Version: 2.0.5.1)
Java™ 6 Update 26 (Version: 6.0.260)
Jewel Quest - Heritage (Version: 2.2.0.95)
Jewel Quest Solitaire 2 (Version: 2.2.0.95)
John Deere Drive Green (Version: 2.2.0.95)
Junk Mail filter update (Version: 14.0.8089.726)
Launch Manager (Version: 4.0.12)
Lexmark 5400 Series
Lexmark Toolbar
Malwarebytes' Anti-Malware version 1.51.2.1300 (Version: 1.51.2.1300)
McAfee SiteAdvisor (Version: 3.4.0.143)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Office 2010 (Version: 14.0.4763.1000)
Microsoft Silverlight (Version: 4.0.60831.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP3 Parser (KB973685) (Version: 4.30.2107.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
MyWinLocker (Version: 3.1.212.0)
MyWinLocker Suite (Version: 3.1.212.0)
Norton Online Backup (Version: 2.1.17869)
NTI Media Maker 9 (Version: 9.0.2.8928)
Penguins! (Version: 2.2.0.95)
Plants vs. Zombies (Version: 2.2.0.95)
Polar Bowler (Version: 2.2.0.95)
Polar Golfer (Version: 2.2.0.95)
Realtek High Definition Audio Driver (Version: 6.0.1.6151)
Realtek USB 2.0 Card Reader (Version: 6.1.7600.30121)
Shredder (Version: 2.0.8.3)
Skype™ 5.5 (Version: 5.5.113)
Synaptics Pointing Device Driver (Version: 14.0.19.0)
Times Reader (Version: 2.055)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update Installer for WildTangent Games App
Virtual Villagers 4 - The Tree of Life (Version: 2.2.0.95)
Welcome Center (Version: 1.02.3004)
WildTangent Games App (Acer Games) (Version: 4.0.5.32)
Windows Live Call (Version: 14.0.8064.0206)
Windows Live Communications Platform (Version: 14.0.8064.206)
Windows Live Essentials (Version: 14.0.8089.0726)
Windows Live Essentials (Version: 14.0.8089.726)
Windows Live Mail (Version: 14.0.8089.0726)
Windows Live Messenger (Version: 14.0.8089.0726)
Windows Live Movie Maker (Version: 14.0.8091.0730)
Windows Live Photo Gallery (Version: 14.0.8081.709)
Windows Live Sign-in Assistant (Version: 5.000.818.5)
Windows Live Sync (Version: 14.0.8089.726)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Live Writer (Version: 14.0.8089.0726)
Windows Mobile Device Updater Component (Version: 04.08.2345.00)
Zuma's Revenge (Version: 2.2.0.95)
Zune (Version: 04.08.2345.00)
Zune Language Pack (CHS) (Version: 04.08.2345.00)
Zune Language Pack (CHT) (Version: 04.08.2345.00)
Zune Language Pack (CSY) (Version: 04.08.2345.00)
Zune Language Pack (DAN) (Version: 04.08.2345.00)
Zune Language Pack (DEU) (Version: 04.08.2345.00)
Zune Language Pack (ELL) (Version: 04.08.2345.00)
Zune Language Pack (ESP) (Version: 04.08.2345.00)
Zune Language Pack (FIN) (Version: 04.08.2345.00)
Zune Language Pack (FRA) (Version: 04.08.2345.00)
Zune Language Pack (HUN) (Version: 04.08.2345.00)
Zune Language Pack (IND) (Version: 04.08.2345.00)
Zune Language Pack (ITA) (Version: 04.08.2345.00)
Zune Language Pack (JPN) (Version: 04.08.2345.00)
Zune Language Pack (KOR) (Version: 04.08.2345.00)
Zune Language Pack (MSL) (Version: 04.08.2345.00)
Zune Language Pack (NLD) (Version: 04.08.2345.00)
Zune Language Pack (NOR) (Version: 04.08.2345.00)
Zune Language Pack (PLK) (Version: 04.08.2345.00)
Zune Language Pack (PTB) (Version: 04.08.2345.00)
Zune Language Pack (PTG) (Version: 04.08.2345.00)
Zune Language Pack (RUS) (Version: 04.08.2345.00)
Zune Language Pack (SVE) (Version: 04.08.2345.00)

========================= Memory info: ===================================

Percentage of memory in use: 34%
Total physical RAM: 4025.97 MB
Available physical RAM: 2634.52 MB
Total Pagefile: 8050.09 MB
Available Pagefile: 6352.13 MB
Total Virtual: 4095.88 MB
Available Virtual: 3966.91 MB

========================= Partitions: =====================================

1 Drive c: (Acer) (Fixed) (Total:284.99 GB) (Free:197.04 GB) NTFS

========================= Users: ========================================

User accounts for \\OZZY-PC

Administrator Guest Ozzy


**** End of log ****

--------------------------

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8112

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

11/7/2011 9:14:16 PM
mbam-log-2011-11-07 (21-14-09).txt

Scan type: Quick scan
Objects scanned: 169540
Time elapsed: 1 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Backdoor.Agent) -> Value: Shell -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
------------------------------------------

gmer: nothing was found.

#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,707 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:12:13 PM

Posted 08 November 2011 - 04:21 PM

It looks like possible ZeroAccess rootkit.

With the information you have provided I believe you will need help from the malware removal team.
Please make sure that you read the information about getting started first.
Then start a new thread HERE and include or required logs.
Including a link to this thread will be helpful.

Good luck and be patient. Help is on the way!

My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users