Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

At Wit's End: Redirect, Popup, Random Sound


  • This topic is locked This topic is locked
2 replies to this topic

#1 nygator

nygator

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:09:21 PM

Posted 14 November 2011 - 09:18 PM

Hi, I've been dealing with popups, popup sounds(for lack of better word, random music, advertisement, news broadcasts, AUDIO ONLY), and constant redirects no matter which browser I use (Chrome, Firefox, IE). I have used the posted prelim methods for malware to no avail. Help is greatly appreciated. I apparently am running a 64 bit system and cannot use GMER. The following are my DDS results. Prior to this, 3 days ago, I let the computer run an update, woke up in the morning, and found it had many errors (referencing hard disk if I remember correctly) consecutively popping up. I also had my programs and applications disappear. I used system restore and had the computer running fine for a day. Looking at my processes and firewall, it seems like I have several instances of iexplore.exe running, with one constantly running without IE actually open, and it takes a good deal of CPU typically. This is all I can remember, hope it is helpful, thanks again!.


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by Sean at 20:29:37 on 2011-11-14
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3983.2234 [GMT -5:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: COMODO Defense+ *Enabled/Updated* {CE351521-78FA-2048-BB22-B68A4A5CA7EC}
FW: COMODO Firewall *Enabled* {4D6F75E0-14AF-2E9E-AACD-24CDCF08AA2A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Windows\system32\CxAudMsg64.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe
C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe
C:\Program Files\LENOVO\HOTKEY\MICMUTE.exe
C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe
C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Windows\SysWOW64\SAsrv.exe
C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files (x86)\Lenovo\System Update\SUService.exe
C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\taskhost.exe
C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\rundll32.exe
C:\Windows\Explorer.EXE
C:\PROGRA~1\Lenovo\Zoom\TPSCREX.EXE
C:\PROGRA~1\Lenovo\HOTKEY\TPONSCR.EXE
C:\PROGRA~1\Lenovo\HOTKEY\tpnumlkd.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\TpShocks.exe
C:\Program Files\CONEXANT\ForteConfig\fmapp.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Lenovo\Communications Utility\TpKnrres.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k NetworkService
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\COMODO\COMODO GeekBuddy\CLPS.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://lenovo.msn.com
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
mRun: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
mRun: [Lenovo Registration] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [COMODO] C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLA.exe
mRun: [CPA] C:\Program Files\COMODO\COMODO GeekBuddy\VALA.exe
StartupFolder: C:\Users\Sean\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: HideFastUserSwitching = 1 (0x1)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
Trusted Zone: ufl.edu\ssrb230a-vpn-asa5500-1-g10-1.ns
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://ctx36-vpn-asa5500-1-g10-1.ns.ufl.edu/CACHE/stc/1/binaries/vpnweb.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{55473AE0-C581-4A7C-ACA0-427E857E813D} : NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{88E73C83-67EC-4AE3-8FDA-6A30BDB9DD8A} : NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{88E73C83-67EC-4AE3-8FDA-6A30BDB9DD8A} : DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{88E73C83-67EC-4AE3-8FDA-6A30BDB9DD8A}\7596C62656274737 : DhcpNameServer = 192.168.1.254 192.168.1.254
TCP: Interfaces\{88E73C83-67EC-4AE3-8FDA-6A30BDB9DD8A}\8416D60747F6E6D2F416B637 : DhcpNameServer = 192.168.1.1 72.214.195.244 68.105.28.16
TCP: Interfaces\{88E73C83-67EC-4AE3-8FDA-6A30BDB9DD8A}\C696E6B6379737 : DhcpNameServer = 208.96.176.41 209.244.0.3 74.253.110.207
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs: C:\Windows\SysWOW64\guard32.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun-x64: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor
mRun-x64: [Lenovo Registration] C:\Program Files (x86)\Lenovo Registration\LenovoReg.exe /boot
mRun-x64: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun-x64: [COMODO] C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLA.exe
mRun-x64: [CPA] C:\Program Files\COMODO\COMODO GeekBuddy\VALA.exe
AppInit_DLLs-X64: C:\Windows\SysWOW64\guard32.dll
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 DzHDD64;DzHDD64;C:\Windows\system32\DRIVERS\DzHDD64.sys --> C:\Windows\system32\DRIVERS\DzHDD64.sys [?]
R0 TPDIGIMN;TPDIGIMN;C:\Windows\system32\DRIVERS\ApsHM64.sys --> C:\Windows\system32\DRIVERS\ApsHM64.sys [?]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;C:\Windows\system32\DRIVERS\cmdguard.sys --> C:\Windows\system32\DRIVERS\cmdguard.sys [?]
R1 cmdHlp;COMODO Internet Security Helper Driver;C:\Windows\system32\DRIVERS\cmdhlp.sys --> C:\Windows\system32\DRIVERS\cmdhlp.sys [?]
R1 lenovo.smi;Lenovo System Interface Driver;C:\Windows\system32\DRIVERS\smiifx64.sys --> C:\Windows\system32\DRIVERS\smiifx64.sys [?]
R1 PHCORE;PHCORE;C:\Program Files\Lenovo\RapidBoot\PHCORE64.sys [2010-12-3 31592]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 CLPSLS;COMODO livePCsupport Service;C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe [2011-5-25 161080]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
R2 CxAudMsg;Conexant Audio Message Service;C:\Windows\system32\CxAudMsg64.exe --> C:\Windows\system32\CxAudMsg64.exe [?]
R2 jhi_service;Intel® Identity Protection Technology Host Interface Service;C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe [2011-2-24 212944]
R2 LENOVO.CAMMUTE;Lenovo Camera Mute;C:\Program Files\Lenovo\Communications Utility\CamMute.exe [2011-8-24 40808]
R2 LENOVO.MICMUTE;Lenovo Microphone Mute;C:\Program Files\Lenovo\HOTKEY\micmute.exe [2010-12-29 45496]
R2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe [2011-8-24 59240]
R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;C:\Program Files\Lenovo\VIRTSCRL\lvvsst.exe [2010-12-29 93032]
R2 risdxc;risdxc;C:\Windows\system32\DRIVERS\risdxc64.sys --> C:\Windows\system32\DRIVERS\risdxc64.sys [?]
R2 SAService;Conexant SmartAudio service;C:\Windows\System32\SASrv.exe [2011-8-24 446592]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-11-13 1153368]
R2 TPHKLOAD;Lenovo Hotkey Client Loader;C:\Program Files\Lenovo\HOTKEY\tphkload.exe [2010-12-29 114024]
R2 TPHKSVC;On Screen Display;C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe [2010-12-29 64440]
R2 VIPAppService;VIPAppService;C:\Program Files (x86)\Symantec\VIP Access Client\VIPAppService.exe [2011-7-12 82544]
R2 vpnagent;Cisco AnyConnect VPN Agent;C:\Program Files (x86)\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2011-5-18 641464]
R3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;C:\Windows\system32\DRIVERS\e1c62x64.sys --> C:\Windows\system32\DRIVERS\e1c62x64.sys [?]
R3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
R3 Power Manager DBC Service;Power Manager DBC Service;C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.exe [2011-8-24 79208]
R3 TVTI2C;Lenovo SM bus driver;C:\Windows\system32\DRIVERS\Tvti2c.sys --> C:\Windows\system32\DRIVERS\Tvti2c.sys [?]
S2 HyperW7Svc;HyperW7 Service;C:\Program Files\Lenovo\RapidBoot\HyperW7Svc64.exe [2010-12-3 116072]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-11-13 366152]
S3 DozeSvc;Lenovo Doze Mode Service;C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE [2011-8-24 477032]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 pmxdrv;pmxdrv;\??\C:\Windows\system32\drivers\pmxdrv.sys --> C:\Windows\system32\drivers\pmxdrv.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2011-11-15 01:16:35 -------- d-----w- C:\ProgramData\Comodo
2011-11-15 01:16:32 -------- d-----w- C:\Program Files\COMODO
2011-11-15 01:16:31 1700352 ----a-w- C:\Windows\SysWow64\gdiplus.dll
2011-11-15 01:16:31 1060864 ----a-w- C:\Windows\SysWow64\mfc71.dll
2011-11-15 01:15:55 -------- d-----w- C:\ProgramData\Comodo Downloader
2011-11-15 01:08:24 -------- d-----w- C:\Program Files (x86)\ESET
2011-11-15 00:32:59 -------- d-sh--w- C:\$RECYCLE.BIN
2011-11-14 22:20:31 35712 ----a-w- C:\Windows\SysWow64\drivers\BlackBox.sys
2011-11-14 21:18:39 34560 ----a-w- C:\Windows\SysWow64\drivers\Normandy.sys
2011-11-14 18:48:35 -------- d-----w- C:\Program Files\CCleaner
2011-11-14 15:47:12 -------- d-----w- C:\Users\Sean\AppData\Roaming\IObit
2011-11-14 15:47:08 -------- d-----w- C:\Program Files (x86)\IObit
2011-11-13 17:03:39 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2011-11-13 17:03:39 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2011-11-13 14:43:07 98816 ----a-w- C:\Windows\sed.exe
2011-11-13 14:43:07 518144 ----a-w- C:\Windows\SWREG.exe
2011-11-13 14:43:07 256000 ----a-w- C:\Windows\PEV.exe
2011-11-13 14:43:07 208896 ----a-w- C:\Windows\MBR.exe
2011-11-13 14:32:26 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll
2011-11-13 14:32:25 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
2011-11-13 14:32:20 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-11-13 14:31:51 3144704 ----a-w- C:\Windows\System32\win32k.sys
2011-11-12 15:53:03 -------- d-----w- C:\Users\Sean\AppData\Local\Google
2011-11-12 15:51:02 -------- d-----w- C:\Users\Sean\AppData\Local\Apps
2011-11-12 15:51:00 -------- d-----w- C:\Users\Sean\AppData\Local\Deployment
2011-11-06 02:14:40 -------- d-----w- C:\Users\Sean\AppData\Local\Apple Computer
2011-11-06 02:12:22 -------- d-----w- C:\Program Files\iPod
2011-11-06 02:12:19 -------- d-----w- C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2011-11-06 02:12:19 -------- d-----w- C:\Program Files (x86)\iTunes
2011-11-06 02:10:54 -------- d-----w- C:\Users\Sean\AppData\Local\Apple
2011-11-06 02:09:32 -------- d-----w- C:\Program Files\Bonjour
2011-11-06 02:09:32 -------- d-----w- C:\Program Files (x86)\Bonjour
2011-11-04 01:09:49 -------- d-----w- C:\Users\Sean\AppData\Local\Akamai
2011-10-16 23:55:32 18139008 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSO.DLL
.
==================== Find3M ====================
.
2011-11-14 18:22:45 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-10-07 23:47:58 574216 ----a-w- C:\Windows\System32\drivers\cmdGuard.sys
2011-10-07 23:47:58 43248 ----a-w- C:\Windows\System32\drivers\cmdhlp.sys
2011-10-07 23:47:56 16528 ----a-w- C:\Windows\System32\drivers\cmderd.sys
2011-10-07 23:47:14 41200 ----a-w- C:\Windows\System32\cmdcsr.dll
2011-10-07 23:47:12 300200 ----a-w- C:\Windows\SysWow64\guard32.dll
2011-10-07 23:47:10 388280 ----a-w- C:\Windows\System32\guard64.dll
2011-09-02 18:55:24 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-09-02 18:47:34 99056 ----a-w- C:\Windows\System32\MfeOtlkAddin.dll
2011-09-02 18:47:33 74848 ----a-w- C:\Windows\SysWow64\MfeOtlkAddin.dll
2011-09-02 18:47:32 22816 ----a-w- C:\Windows\SysWow64\MFEOtlk.dll
2011-09-01 05:24:07 2309120 ----a-w- C:\Windows\System32\jscript9.dll
2011-09-01 05:17:57 1389056 ----a-w- C:\Windows\System32\wininet.dll
2011-09-01 05:12:04 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-09-01 02:35:59 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-09-01 02:28:15 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-09-01 02:22:54 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-08-27 05:37:49 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2011-08-27 05:37:48 331776 ----a-w- C:\Windows\System32\oleacc.dll
2011-08-27 04:26:27 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2011-08-27 04:26:27 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
2011-08-24 18:31:26 31152 ----a-w- C:\Windows\System32\drivers\pmxdrv.sys
2011-08-24 18:22:43 476160 ----a-w- C:\Windows\System32\XpsGdiConverter.dll
2011-08-24 18:22:43 288256 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll
2011-08-24 18:22:18 246784 ----a-w- C:\Windows\System32\input.dll
2011-08-24 18:22:18 202240 ----a-w- C:\Windows\SysWow64\input.dll
2011-08-24 18:21:44 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys
2011-08-24 18:21:33 30208 ----a-w- C:\Windows\System32\dnscacheugc.exe
2011-08-24 18:21:33 28672 ----a-w- C:\Windows\SysWow64\dnscacheugc.exe
2011-08-24 18:21:33 183296 ----a-w- C:\Windows\System32\dnsrslvr.dll
2011-08-24 18:21:02 70656 ----a-w- C:\Windows\SysWow64\fontsub.dll
2011-08-24 18:21:02 46080 ----a-w- C:\Windows\System32\atmlib.dll
2011-08-24 18:21:02 367616 ----a-w- C:\Windows\System32\atmfd.dll
2011-08-24 18:21:02 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2011-08-24 18:21:02 294912 ----a-w- C:\Windows\SysWow64\atmfd.dll
2011-08-24 18:21:02 100864 ----a-w- C:\Windows\System32\fontsub.dll
2011-08-24 18:20:41 1395712 ----a-w- C:\Windows\System32\mfc42.dll
2011-08-24 18:20:41 1359872 ----a-w- C:\Windows\System32\mfc42u.dll
2011-08-24 18:20:41 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll
2011-08-24 18:20:41 1137664 ----a-w- C:\Windows\SysWow64\mfc42.dll
2011-08-24 18:20:30 642944 ----a-w- C:\Windows\System32\winload.efi
2011-08-24 18:20:30 605552 ----a-w- C:\Windows\System32\winload.exe
2011-08-24 18:20:30 566208 ----a-w- C:\Windows\System32\winresume.efi
2011-08-24 18:20:30 518672 ----a-w- C:\Windows\System32\winresume.exe
2011-08-24 18:20:30 20352 ----a-w- C:\Windows\System32\kdusb.dll
2011-08-24 18:20:30 19328 ----a-w- C:\Windows\System32\kd1394.dll
2011-08-24 18:20:30 17792 ----a-w- C:\Windows\System32\kdcom.dll
2011-08-24 18:18:49 715776 ----a-w- C:\Windows\System32\kerberos.dll
2011-08-24 18:18:49 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll
2011-08-24 18:18:39 163840 ----a-w- C:\Windows\System32\umpo.dll
2011-08-24 18:16:11 1131 ----a-w- C:\Windows\MFGCLEAN.CMD
2011-08-17 05:26:46 613888 ----a-w- C:\Windows\System32\psisdecd.dll
2011-08-17 05:25:08 108032 ----a-w- C:\Windows\System32\psisrndr.ax
2011-08-17 04:24:12 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll
2011-08-17 04:19:27 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax
.
============= FINISH: 20:37:43.95 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:21 AM

Posted 19 November 2011 - 04:30 PM

H,

could you please run a scan with TDSSKiller:
  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop and make sure TDSSKiller.exe (the contents of the zipped file) is on the Desktop itself, not within a folder on the desktop.
  • Go to Start > Run (Or you can hold down your Windows key and press R) and copy and paste the following into the text field. (make sure you include the quote marks) Then press OK.

    "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt

  • If it says "Hidden service detected" DO NOT type anything in. Just press Enter on your keyboard to not do anything to the file.
  • When it is done, a log file should be created on your C: drive called "TDSSKiller.txt" please copy and paste the contents of that file here.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,784 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:21 AM

Posted 03 December 2011 - 09:29 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

animinionsmalltext.gif

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users