Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Clicked on link, homepage changed, google redirected, computer slow


  • Please log in to reply
10 replies to this topic

#1 Dborns

Dborns

  • Members
  • 201 posts
  • OFFLINE
  •  
  • Local time:10:33 AM

Posted 09 December 2011 - 10:26 PM

I clicked on a link on a news site, and instantly my computer slowed way down. I closed Firefox, and reopened and the homepage had changed, and a separate tab opened saying "Hellow". Anytime I tried to open anything, I got alot of "Not Responding", and it was very slow to open stuff. When I tried to use my google search box, it would be redirected to another site. Right now, my homepage is normal, but a third page/ tab opens to ad sites. I ran AVG and it found a Trojan that it removed, but nothing changed. I then tried to run MalwareBytes, and it ran slow and about every 10 seconds it would freeze up and show "Not Responding", then run for 10 seconds etc. I stopped it and downloaded SuperAntispyware and it is still running but has found 100 items-
Trojan.SDCard
Trojan.OpenGLSS
Trojan.MMLogon
Trojan.CDSC63R
Adware.TrackingCookie and
PUP.StartNow Toolbar 84 items

Its still running, but when its thru, what should I do? I read thru other threads, and I thought about running RKill, then SuperAnti and MalwareBytes again. Is that the right thing to do?

Thanks!

BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:33 AM

Posted 09 December 2011 - 11:37 PM

Ok, Lets look at a few more to see what it may be.


Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:
  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.
  • List Minidump Files
Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.




Please download TDSSKiller.zip and and extract it.
  • Run TDSSKiller.exe.
  • Click Start scan.
  • When it is finished the utility outputs a list of detected objects with description.
    The utility automatically selects an action (Cure or Delete) for malicious objects.
    The utility prompts the user to select an action to apply to suspicious objects (Skip, by default). Let the options as it is and click Continue
  • Let reboot if needed and tell me if the tool needed a reboot.
  • Click on Report and post the contents of the text file that will open.

    Note: By default, the utility outputs the log into system disk (it is usually the disk with installed operating system, C:\) root folder. The Log have a name like: TDSSKiller.Version_Date_Time_log.txt.



Lets try MBAm in Safe Mode..
Reboot into Safe Mode with Networking
How to start Windows 7 in Safe Mode

<<><<><><><><><><><><><><><><><><><><><><><>
Reboot into Safe Mode with Networking
How to enter safe mode(XP/Vista)
Using the F8 Method
Restart your computer.
When the machine first starts again it will generally list some equipment that is installed in your machine, amount of memory, hard drives installed etc. At this point you should gently tap the F8 key repeatedly until you are presented with a Windows XP Advanced Options menu.
Select the option for Safe Mode with Networking using the arrow keys.
Then press enter on your keyboard to boot into Safe Mode
.


Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.

Please ask any needed questions,post logs and Let us know how the PC is running now.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 Dborns

Dborns
  • Topic Starter

  • Members
  • 201 posts
  • OFFLINE
  •  
  • Local time:10:33 AM

Posted 10 December 2011 - 03:01 PM

Ok, here goes-

MiniToolBox by Farbar
Ran by DylanBorns (administrator) on 10-12-2011 at 13:49:03
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)

***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.100888290cs.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com

There are 10440 more lines starting with "127.0.0.1"

========================= IP Configuration: ================================

Intel® PRO/Wireless 3945ABG Network Connection = Wireless Network Connection (Connected)
Intel® PRO/100 VE Network Connection = Local Area Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global defaultcurhoplimit=128 icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : OurLaptop
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Broadcast
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : gateway.2wire.net

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel® PRO/100 VE Network Connection
Physical Address. . . . . . . . . : 00-16-36-BB-41-C2
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : gateway.2wire.net
Description . . . . . . . . . . . : Intel® PRO/Wireless 3945ABG Network Connection
Physical Address. . . . . . . . . : 00-19-D2-0C-93-7B
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
IPv4 Address. . . . . . . . . . . : 192.168.1.66(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Saturday, December 10, 2011 1:40:17 PM
Lease Expires . . . . . . . . . . : Sunday, December 11, 2011 1:40:16 PM
Default Gateway . . . . . . . . . : 192.168.1.254
DHCP Server . . . . . . . . . . . : 192.168.1.254
DNS Servers . . . . . . . . . . . : 192.168.1.254
NetBIOS over Tcpip. . . . . . . . : Enabled
Server: home
Address: 192.168.1.254

Name: google.com
Addresses: 74.125.227.49
74.125.227.50
74.125.227.52
74.125.227.48
74.125.227.51



Pinging google.com [74.125.227.18] with 32 bytes of data:

Reply from 74.125.227.18: bytes=32 time=36ms TTL=52

Reply from 74.125.227.18: bytes=32 time=33ms TTL=52



Ping statistics for 74.125.227.18:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 33ms, Maximum = 36ms, Average = 34ms

Server: home
Address: 192.168.1.254

Name: yahoo.com
Addresses: 72.30.2.43
98.137.149.56
98.139.180.149
209.191.122.70



Pinging yahoo.com [209.191.122.70] with 32 bytes of data:

Reply from 209.191.122.70: bytes=32 time=35ms TTL=53

Reply from 209.191.122.70: bytes=32 time=33ms TTL=53



Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 33ms, Maximum = 35ms, Average = 34ms

Server: home
Address: 192.168.1.254

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:

Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),



Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
13 ...00 16 36 bb 41 c2 ...... Intel® PRO/100 VE Network Connection
12 ...00 19 d2 0c 93 7b ...... Intel® PRO/Wireless 3945ABG Network Connection
1 ........................... Software Loopback Interface 1
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.66 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.66 281
192.168.1.66 255.255.255.255 On-link 192.168.1.66 281
192.168.1.255 255.255.255.255 On-link 192.168.1.66 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.66 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.66 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
1 306 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
Catalog5 02 C:\Windows\system32\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 C:\Windows\system32\wshbth.dll [34304] (Microsoft Corporation)
Catalog5 06 mswsock.dll [File Not found] ()
Catalog5 07 C:\Windows\System32\winrnr.dll [19968] (Microsoft Corporation)
Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 mswsock.dll [File Not found] ()
Catalog9 02 mswsock.dll [File Not found] ()
Catalog9 03 mswsock.dll [File Not found] ()
Catalog9 04 mswsock.dll [File Not found] ()
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 mswsock.dll [File Not found] ()
Catalog9 07 mswsock.dll [File Not found] ()
Catalog9 08 mswsock.dll [File Not found] ()
Catalog9 09 mswsock.dll [File Not found] ()
Catalog9 10 mswsock.dll [File Not found] ()
Catalog9 11 mswsock.dll [File Not found] ()
Catalog9 12 mswsock.dll [File Not found] ()
Catalog9 13 mswsock.dll [File Not found] ()
Catalog9 14 mswsock.dll [File Not found] ()
Catalog9 15 mswsock.dll [File Not found] ()
Catalog9 16 mswsock.dll [File Not found] ()
Catalog9 17 mswsock.dll [File Not found] ()
Catalog9 18 mswsock.dll [File Not found] ()
Catalog9 19 mswsock.dll [File Not found] ()
Catalog9 20 mswsock.dll [File Not found] ()
Catalog9 21 mswsock.dll [File Not found] ()

========================= Event log errors: ===============================

Application errors:
==================
Error: (12/10/2011 07:00:57 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 28122378

Error: (12/10/2011 07:00:57 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 28122378

Error: (12/10/2011 07:00:57 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/09/2011 07:40:59 PM) (Source: Application Error) (User: )
Description: Faulting application ping.exe, version 6.0.6001.18000, time stamp 0x47919130, faulting module SHLWAPI.dll, version 6.0.6002.18393, time stamp 0x4d39b5cc, exception code 0xc0000005, fault offset 0x0001e7bf,
process id 0x12b0, application start time 0xping.exe0.

Error: (12/09/2011 04:52:29 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\DYLANBORNS\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\KFJAKIOP.DEFAULT\CACHE\9> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (12/09/2011 04:52:29 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\DYLANBORNS\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\KFJAKIOP.DEFAULT\CACHE\9> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (12/09/2011 04:52:29 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\DYLANBORNS\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\KFJAKIOP.DEFAULT\CACHE\8> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (12/09/2011 04:52:29 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\DYLANBORNS\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\KFJAKIOP.DEFAULT\CACHE\8> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (12/09/2011 04:52:29 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\DYLANBORNS\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\KFJAKIOP.DEFAULT\CACHE\7> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (12/09/2011 04:52:29 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\USERS\DYLANBORNS\APPDATA\LOCAL\MOZILLA\FIREFOX\PROFILES\KFJAKIOP.DEFAULT\CACHE\7> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)


System errors:
=============
Error: (12/10/2011 01:36:25 PM) (Source: WMPNetworkSvc) (User: )
Description: WMPNetworkSvc0x80070424

Error: (12/10/2011 01:33:34 PM) (Source: Service Control Manager) (User: )
Description: Avgldx86
TfFsMon
TfSysMon

Error: (12/10/2011 01:33:23 PM) (Source: Print) (User: SYSTEM)
Description: The print spooler failed to share printer EPSON Stylus CX6000 Series with shared resource name EPSON Stylus CX6000 Series. Error 1753. The printer cannot be used by others on the network.

Error: (12/10/2011 01:33:22 PM) (Source: Service Control Manager) (User: )
Description: ThreatFire%%3

Error: (12/10/2011 01:33:22 PM) (Source: Service Control Manager) (User: )
Description: SPService%%1053

Error: (12/10/2011 01:33:22 PM) (Source: Service Control Manager) (User: )
Description: 30000SPService

Error: (12/10/2011 01:33:22 PM) (Source: Service Control Manager) (User: )
Description: SBSD Security Center Servicewscsvc

Error: (12/10/2011 01:33:22 PM) (Source: Service Control Manager) (User: )
Description: IPsec Policy AgentBFE

Error: (12/10/2011 01:33:22 PM) (Source: Service Control Manager) (User: )
Description: MCSTRM%%2

Error: (12/10/2011 01:33:22 PM) (Source: Service Control Manager) (User: )
Description: IKE and AuthIP IPsec Keying ModulesBFE


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

ActiveCheck component for HP Active Support Library (Version: 3.0.0.2)
Adobe Flash Player 10 ActiveX (Version: 10.2.159.1)
Adobe Flash Player 11 Plugin (Version: 11.1.102.55)
Adobe Reader 8.2.6 (Version: 8.2.6)
Adobe Reader 8.3.1 (Version: 8.3.1)
Androsa FileProtector (Version: 1.4.2)
Apple Application Support (Version: 2.1.5)
Apple Mobile Device Support (Version: 4.0.0.97)
Apple Software Update (Version: 2.1.3.127)
ArcSoft Panorama Maker 5 (Version: 5.0.1.25)
Ask Toolbar (Version: 1.13.1.0)
ASL_HS_Installer32 (Version: 1.0.9)
AVG 2012 (Version: 12.0.1873)
AVG 2012 (Version: 12.0.2102)
AVG 2012 (Version: 2012.0.1873)
AXIS Media Control Embedded
AXIS Media Control Embedded Installer (Version: 4.1.4)
BlackBerry Desktop Software 4.5 (Version: 4.5.0.15)
Bonjour (Version: 3.0.0.10)
Broadcom 802.11 Wireless LAN Adapter (Version: 4.170.25.17)
CCleaner (Version: 3.12)
CDBurnerXP (Version: 4.3.7.2316)
CDDRV_Installer (Version: 1.00.0000)
Compatibility Pack for the 2007 Office system (Version: 12.0.6425.1000)
Conexant HD Audio
Dave Ramsey's Financial Peace Financial Software (Version: 5.2)
DHTML Editing Component (Version: 6.02.0001)
DVD Shrink 3.2
DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.1.1.0
DVDFab 6.0.4.0 (28/07/2009)
EPSON Printer Software
ESET Online Scanner v3
File Uploader (Version: 1.2.5)
FrostWire 4.21.7 (Version: 4.21.7.0)
FrostWire 5.2.8 (Version: 5.2.8.0)
GIMP 2.6.10 (Version: 2.6.10)
Google Chrome (Version: 15.0.874.121)
Google Desktop (Version: 5.7.0806.10245)
Google Earth (Version: 4.3.7204.836)
Google Photos Screensaver (Version: 2.0.0)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.2.2308.2056)
Google Update Helper (Version: 1.3.21.79)
Google Updater (Version: 2.4.2432.1652)
HDAUDIO Soft Data Fax Modem with SmartCP
HP Active Support Library (Version: 3.1.9.1)
HP Active Support Library 32 bit components (Version: 2.1.0)
HP Connections (remove only)
HP Customer Experience Enhancements (Version: 1.00.0000)
HP Easy Setup - Core (Version: 1.00.0000)
HP Easy Setup - Frontend (Version: 5.00.0000)
HP Quick Launch Buttons 6.10 B9 (Version: 6.10 B9)
HP Total Care Advisor (Version: 1.0.94)
HP Update (Version: 4.000.012.001)
HP User Guide 0048 (Version: 1.02.0001)
HP Wireless Assistant (Version: 3.00 B2)
HPAsset component for HP Active Support Library (Version: 3.0.0.3)
HPNetworkAssistant (Version: 1.1.70)
Intel® Graphics Media Accelerator Driver
Intel® Network Connections Drivers
iTunes (Version: 10.5.1.42)
Java™ 6 Update 26 (Version: 6.0.260)
Java™ 6 Update 7 (Version: 1.6.0.70)
KhalInstallWrapper (Version: 4.60.122)
LightScribe 1.4.124.1 (Version: 1.4.124.1)
Logitech Desktop Messenger (Version: 2.52.18)
Logitech High Quality Video (Version: 12.10.1113)
Logitech SetPoint (Version: 4.00)
Logitech Webcam Software (Version: 12.10.1113)
Logitech Webcam Software Driver Package (Version: 12.10.1110)
Malwarebytes' Anti-Malware version 1.51.2.1300 (Version: 1.51.2.1300)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2572067)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft LifeCam (Version: 1.40.164.0)
Microsoft Money Plus (Version: 17)
Microsoft Money Shared Libraries (Version: 17.0.0.724)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (Version: 12.0.6425.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Silverlight (Version: 4.0.60831.0)
Microsoft Visual C Runtime (Version: 8.0.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Works (Version: 08.05.0818)
Mobile Broadband Generic Drivers (Version: 2.01.22.002.12)
Mozilla Firefox 8.0 (x86 en-US) (Version: 8.0)
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB941833) (Version: 4.20.9849.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
muvee autoProducer 5.0 (Version: 5.00.050)
My HP Games (Version: HPLAP0304)
Nero BurnLite 10 (Version: 10.0.10100.1.100)
Nero BurnLite 10 (Version: 10.0.10500)
Nero Control Center 10 (Version: 10.0.13100.3.1)
Nero ControlCenter 10 Help (CHM) (Version: 1.0.10700)
Nero Core Components 10 (Version: 2.0.15100.0.1)
Nero Update (Version: 1.0.0018)
Nikon Message Center (Version: 0.92.000)
Nikon Transfer (Version: 1.5.3)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
PhotoScape
Picture Control Utility (Version: 1.1.9)
PokerStars
QuickTime (Version: 7.71.80.42)
RingtoneJunkiez Desktop (Version: 1.0.0)
Roxio Creator Audio (Version: 3.3.0)
Roxio Creator Copy (Version: 3.3.0)
Roxio Creator Data (Version: 3.3.0)
Roxio Creator EasyArchive (Version: 3.3.0)
Roxio Creator Tools (Version: 3.3.0)
Roxio Express Labeler 3 (Version: 2.1.0)
Roxio MyDVD Basic v9 (Version: 9.0.114)
Roxio MyDVD DE (Version: 9.0.116)
SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6 (Version: 4.47)
ShadowExplorer 0.1
Sonic Activation Module (Version: 1.0)
Sony Picture Utility (Version: 3.0.00.11220)
StartNow Toolbar (Version: 2.4.0)
SUPERAntiSpyware (Version: 5.0.1136)
Synaptics Pointing Device Driver (Version: 11.0.7.0)
Turbo Lister 2 (Version: 2.00.0000)
TweakNow PowerPack 2011 SP2b (Version: 3.3.2)
Uninstall 1.0.0.1
VC 9.0 Runtime (Version: 1.0.0)
ViewNX (Version: 1.5.2)
Visual C++ CRT 8.0 (Version: 1.0.0.0)
VoiceOver Kit (Version: 1.40.128.0)
VZAccess Manager for RIM (Version: 6.9.0)
WD Diagnostics (Version: 1.09.0002)
What's Running 3.0 (Version: 3.0)
Windows Installer Clean Up (Version: 3.00.00.0000)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
Yahoo! Toolbar for Internet Explorer

========================= Memory info: ===================================

Percentage of memory in use: 65%
Total physical RAM: 1013.31 MB
Available physical RAM: 345.58 MB
Total Pagefile: 2290.95 MB
Available Pagefile: 1431.6 MB
Total Virtual: 2047.88 MB
Available Virtual: 1946.46 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:105.24 GB) (Free:39.26 GB) NTFS
2 Drive d: (HP_RECOVERY) (Fixed) (Total:6.55 GB) (Free:0.01 GB) NTFS
3 Drive e: () (Removable) (Total:1.87 GB) (Free:0.68 GB) FAT

========================= Users: ========================================

User accounts for \\OURLAPTOP

Administrator DylanBorns Guest
Lindsey Jo Borns

========================= Minidump Files ==================================

No minidump file found

**** End of log ****


I ran the Tdsskiller, and it showed no infections. For some reason I couldn't get it to "copy" so that I could paste the results here, but I know it said there were no infections. I'll reboot now and run MBAM in safe mode.
Thanks!

#4 Dborns

Dborns
  • Topic Starter

  • Members
  • 201 posts
  • OFFLINE
  •  
  • Local time:10:33 AM

Posted 10 December 2011 - 04:29 PM

I rebooted in safe mode and ran MalwaresBytes, and it found 3 infections. Here is the report-

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8348

Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 9.0.8112.16421

12/10/2011 3:18:16 PM
mbam-log-2011-12-10 (15-18-16).txt

Scan type: Full scan (C:\|)
Objects scanned: 354934
Time elapsed: 1 hour(s), 11 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{96AFBE69-C3B0-4b00-8578-D933D2896EE2} (TrojanProxy.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\sp (TrojanProxy.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SPService (TrojanProxy.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


I had also run another MalwareBytes scan this morning after running a SuperAntiSpyware scan, but BEFORE I ran the Minitoolbox, and run a scan in safe mode. It found 9 infections even after the SAS scan last night. Here it is-

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8345

Windows 6.0.6002 Service Pack 2
Internet Explorer 9.0.8112.16421

12/10/2011 1:28:08 PM
mbam-log-2011-12-10 (13-28-08).txt

Scan type: Full scan (C:\|)
Objects scanned: 357556
Time elapsed: 1 hour(s), 22 minute(s), 13 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 9
Registry Values Infected: 3
Registry Data Items Infected: 0
Folders Infected: 9
Files Infected: 32

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\Windows\System32\config\systemprofile\AppData\Roaming\Adobe\sp.DLL (TrojanProxy.Agent) -> Delete on reboot.

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{96AFBE69-C3B0-4b00-8578-D933D2896EE2} (TrojanProxy.Agent) -> Delete on reboot.
HKEY_CLASSES_ROOT\CLSID\{3fdba1ba-ae28-4045-9048-4ed2f3865629} (PUP.FCTPlugin) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3FDBA1BA-AE28-4045-9048-4ED2F3865629} (PUP.FCTPlugin) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3FDBA1BA-AE28-4045-9048-4ED2F3865629} (PUP.FCTPlugin) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\facetheme (PUP.FCTPlugin) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\sp (TrojanProxy.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\kincjchfokkeneeofpeefomkikfkiedl (PUP.FCTPlugin) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\sp (TrojanProxy.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SPService (TrojanProxy.Agent) -> Delete on reboot.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{96AFBE69-C3B0-4B00-8578-D933D2896EE2} (TrojanProxy.Agent) -> Value: {96AFBE69-C3B0-4B00-8578-D933D2896EE2} -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{96AFBE69-C3B0-4b00-8578-D933D2896EE2} (TrojanProxy.Agent) -> Value: {96AFBE69-C3B0-4b00-8578-D933D2896EE2} -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvc (TrojanProxy.Agent) -> Value: netsvc -> Delete on reboot.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
c:\program files\Object (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files\Object\chromeaddon (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files\Object\facetheme (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files\Object\facetheme\content (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files\Object\facetheme\defaults (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files\Object\facetheme\defaults\preferences (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files\Object\facetheme\locale (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files\Object\facetheme\locale\en-US (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files\Object\facetheme\skin (PUP.FCTPlugin) -> Quarantined and deleted successfully.

Files Infected:
c:\Windows\System32\config\systemprofile\AppData\Roaming\Adobe\sp.DLL (TrojanProxy.Agent) -> Delete on reboot.
c:\program files\Object\status.txt (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files\Object\bho_project.dll (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files\Object\chromeaddon.pem (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files\Object\config.ini (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files\Object\enable.txt (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files\Object\facetheme_uninstall.exe (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files\Object\status2.txt (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files\Object\chromeaddon\._included.js (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files\Object\chromeaddon\background.html (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files\Object\chromeaddon\included.js (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files\Object\chromeaddon\manifest.json (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files\Object\facetheme\build.sh (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files\Object\facetheme\chrome.manifest (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files\Object\facetheme\config_build.sh (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files\Object\facetheme\files (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files\Object\facetheme\install.rdf (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files\Object\facetheme\readme.txt (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files\Object\facetheme\content\.ds_store (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files\Object\facetheme\content\firefoxoverlay.xul (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files\Object\facetheme\content\installid.js (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files\Object\facetheme\content\overlay.js (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files\Object\facetheme\content\sudoku.js (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files\Object\facetheme\defaults\.ds_store (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files\Object\facetheme\defaults\preferences\.ds_store (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files\Object\facetheme\defaults\preferences\._sudoku.js (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files\Object\facetheme\defaults\preferences\sudoku.js (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files\Object\facetheme\locale\.ds_store (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files\Object\facetheme\locale\en-US\.ds_store (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files\Object\facetheme\locale\en-US\sudoku.dtd (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files\Object\facetheme\locale\en-US\sudoku.properties (PUP.FCTPlugin) -> Quarantined and deleted successfully.
c:\program files\Object\facetheme\skin\overlay.css (PUP.FCTPlugin) -> Quarantined and deleted successfully.

I will probably run another quick scan in avg, SAS, and MB's just to be sure. After giving you the above info, do you have any other suggestions.

Thanks!

#5 Dborns

Dborns
  • Topic Starter

  • Members
  • 201 posts
  • OFFLINE
  •  
  • Local time:10:33 AM

Posted 10 December 2011 - 05:35 PM

I just noticed another issue. I tried to open AVG to do a scan, and it showed that it was shut off and I can't get the virus protection to come back on. I tried to uninstall and reinstall it, and that won't work either.

#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:33 AM

Posted 10 December 2011 - 11:56 PM

Hello. The Proxy trojan is using your PC as a Zombie.

This threat is classified as a Trojan - Proxy. In the context of a proxy trojan, a proxy serves as an agent between the attacker and the Internet. By installing a proxy trojan on a user’s computer, the attacker is able to carry out actions through that user’s computer and thereby deflect attention to that user and away from the actual attacker. Often, a proxy trojan installs an email proxy which is then used to send large amounts of unsolicited email, i.e. spam, though the infected user’s Internet connection. Recipients tracking the email back to its origin will discover the IP address of the infected system used for the proxy, thereby concealing the identity of the attacker. This threat is detected by the Microsoft antivirus engine. Technical details are not currently available.

MSFT


Please remove the Toolbars you find in the Control Panel>> Add/Remove Programs. Should be 6.

Are you on a router? Are other machines on it,if so are they redirecting?

Do you use Firefox?

>>>>>
Please rerun MINI toolbox,only need these checked..

•List Winsock Entries

•List Installed Programs

•List Users, Partitions and Memory size.



Now update MBAM,, then disconnect from the web and Run MBAM.. Post a new log.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 Dborns

Dborns
  • Topic Starter

  • Members
  • 201 posts
  • OFFLINE
  •  
  • Local time:10:33 AM

Posted 11 December 2011 - 12:47 AM

I noticed tonight after replying that AVG is turned off and I can't turn it on. Also, I use Windows firewall and thats turned off and I'm unable to turn it on. The whole Windows Security Program is turned off and inaccessible to me. I turned off the WiFi on the laptop so it cant access the internet until I get further instructions.

Thanks for the help!

#8 Dborns

Dborns
  • Topic Starter

  • Members
  • 201 posts
  • OFFLINE
  •  
  • Local time:10:33 AM

Posted 11 December 2011 - 11:06 AM

Even in safe mode I can't get the Firewall back up. I can't access any security programs. Will post MiniToolBox and MBAM reports when it finishes.

#9 Dborns

Dborns
  • Topic Starter

  • Members
  • 201 posts
  • OFFLINE
  •  
  • Local time:10:33 AM

Posted 11 December 2011 - 05:03 PM

Here is MinitoolBox-
MiniToolBox by Farbar
Ran by DylanBorns (administrator) on 11-12-2011 at 08:46:17
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86)

***************************************************************************
========================= Winsock entries =====================================

Catalog5 01 mswsock.dll [File Not found] ()
Catalog5 02 C:\Windows\system32\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 C:\Windows\system32\wshbth.dll [34304] (Microsoft Corporation)
Catalog5 06 mswsock.dll [File Not found] ()
Catalog5 07 C:\Windows\System32\winrnr.dll [19968] (Microsoft Corporation)
Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 mswsock.dll [File Not found] ()
Catalog9 02 mswsock.dll [File Not found] ()
Catalog9 03 mswsock.dll [File Not found] ()
Catalog9 04 mswsock.dll [File Not found] ()
Catalog9 05 mswsock.dll [File Not found] ()
Catalog9 06 mswsock.dll [File Not found] ()
Catalog9 07 mswsock.dll [File Not found] ()
Catalog9 08 mswsock.dll [File Not found] ()
Catalog9 09 mswsock.dll [File Not found] ()
Catalog9 10 mswsock.dll [File Not found] ()
Catalog9 11 mswsock.dll [File Not found] ()
Catalog9 12 mswsock.dll [File Not found] ()
Catalog9 13 mswsock.dll [File Not found] ()
Catalog9 14 mswsock.dll [File Not found] ()
Catalog9 15 mswsock.dll [File Not found] ()
Catalog9 16 mswsock.dll [File Not found] ()
Catalog9 17 mswsock.dll [File Not found] ()
Catalog9 18 mswsock.dll [File Not found] ()
Catalog9 19 mswsock.dll [File Not found] ()
Catalog9 20 mswsock.dll [File Not found] ()
Catalog9 21 mswsock.dll [File Not found] ()

=========================== Installed Programs ============================

ActiveCheck component for HP Active Support Library (Version: 3.0.0.2)
Adobe Flash Player 10 ActiveX (Version: 10.2.159.1)
Adobe Flash Player 11 Plugin (Version: 11.1.102.55)
Adobe Reader 8.2.6 (Version: 8.2.6)
Adobe Reader 8.3.1 (Version: 8.3.1)
Androsa FileProtector (Version: 1.4.2)
Apple Application Support (Version: 2.1.5)
Apple Mobile Device Support (Version: 4.0.0.97)
Apple Software Update (Version: 2.1.3.127)
ArcSoft Panorama Maker 5 (Version: 5.0.1.25)
ASL_HS_Installer32 (Version: 1.0.9)
AVG 2012 (Version: 12.0.1873)
AVG 2012 (Version: 12.0.2102)
AVG 2012 (Version: 2012.0.1873)
Avira Free Antivirus (Version: 12.0.0.849)
AXIS Media Control Embedded
AXIS Media Control Embedded Installer (Version: 4.1.4)
BlackBerry Desktop Software 4.5 (Version: 4.5.0.15)
Bonjour (Version: 3.0.0.10)
Broadcom 802.11 Wireless LAN Adapter (Version: 4.170.25.17)
CCleaner (Version: 3.12)
CDBurnerXP (Version: 4.3.7.2316)
CDDRV_Installer (Version: 1.00.0000)
Compatibility Pack for the 2007 Office system (Version: 12.0.6425.1000)
Conexant HD Audio
Dave Ramsey's Financial Peace Financial Software (Version: 5.2)
DHTML Editing Component (Version: 6.02.0001)
DVD Shrink 3.2
DVDFab (Platinum/Gold/HD Decrypter) (Option: Mobile) 5.1.1.0
DVDFab 6.0.4.0 (28/07/2009)
EPSON Printer Software
ESET Online Scanner v3
File Uploader (Version: 1.2.5)
FrostWire 4.21.7 (Version: 4.21.7.0)
FrostWire 5.2.8 (Version: 5.2.8.0)
GIMP 2.6.10 (Version: 2.6.10)
Google Chrome (Version: 15.0.874.121)
Google Desktop (Version: 5.7.0806.10245)
Google Earth (Version: 4.3.7204.836)
Google Photos Screensaver (Version: 2.0.0)
Google Update Helper (Version: 1.3.21.79)
Google Updater (Version: 2.4.2432.1652)
HDAUDIO Soft Data Fax Modem with SmartCP
HP Active Support Library (Version: 3.1.9.1)
HP Active Support Library 32 bit components (Version: 2.1.0)
HP Connections (remove only)
HP Customer Experience Enhancements (Version: 1.00.0000)
HP Easy Setup - Core (Version: 1.00.0000)
HP Easy Setup - Frontend (Version: 5.00.0000)
HP Quick Launch Buttons 6.10 B9 (Version: 6.10 B9)
HP Total Care Advisor (Version: 1.0.94)
HP Update (Version: 4.000.012.001)
HP User Guide 0048 (Version: 1.02.0001)
HP Wireless Assistant (Version: 3.00 B2)
HPAsset component for HP Active Support Library (Version: 3.0.0.3)
HPNetworkAssistant (Version: 1.1.70)
Intel® Graphics Media Accelerator Driver
Intel® Network Connections Drivers
iTunes (Version: 10.5.1.42)
Java™ 6 Update 26 (Version: 6.0.260)
Java™ 6 Update 7 (Version: 1.6.0.70)
KhalInstallWrapper (Version: 4.60.122)
LightScribe 1.4.124.1 (Version: 1.4.124.1)
Logitech Desktop Messenger (Version: 2.52.18)
Logitech High Quality Video (Version: 12.10.1113)
Logitech SetPoint (Version: 4.00)
Logitech Webcam Software (Version: 12.10.1113)
Logitech Webcam Software Driver Package (Version: 12.10.1110)
Malwarebytes' Anti-Malware version 1.51.2.1300 (Version: 1.51.2.1300)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2572067)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft LifeCam (Version: 1.40.164.0)
Microsoft Money Plus (Version: 17)
Microsoft Money Shared Libraries (Version: 17.0.0.724)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (Version: 12.0.6425.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6425.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Silverlight (Version: 4.0.60831.0)
Microsoft Visual C Runtime (Version: 8.0.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Works (Version: 08.05.0818)
Mobile Broadband Generic Drivers (Version: 2.01.22.002.12)
Mozilla Firefox 8.0 (x86 en-US) (Version: 8.0)
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB941833) (Version: 4.20.9849.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
muvee autoProducer 5.0 (Version: 5.00.050)
My HP Games (Version: HPLAP0304)
Nero BurnLite 10 (Version: 10.0.10100.1.100)
Nero BurnLite 10 (Version: 10.0.10500)
Nero Control Center 10 (Version: 10.0.13100.3.1)
Nero ControlCenter 10 Help (CHM) (Version: 1.0.10700)
Nero Core Components 10 (Version: 2.0.15100.0.1)
Nero Update (Version: 1.0.0018)
Nikon Message Center (Version: 0.92.000)
Nikon Transfer (Version: 1.5.3)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
PhotoScape
Picture Control Utility (Version: 1.1.9)
PokerStars
QuickTime (Version: 7.71.80.42)
Roxio Creator Audio (Version: 3.3.0)
Roxio Creator Copy (Version: 3.3.0)
Roxio Creator Data (Version: 3.3.0)
Roxio Creator EasyArchive (Version: 3.3.0)
Roxio Creator Tools (Version: 3.3.0)
Roxio Express Labeler 3 (Version: 2.1.0)
Roxio MyDVD Basic v9 (Version: 9.0.114)
Roxio MyDVD DE (Version: 9.0.116)
SAMSUNG Mobile USB DRIVER(4.40.7.0) v1.6 (Version: 4.47)
ShadowExplorer 0.1
Sonic Activation Module (Version: 1.0)
Sony Picture Utility (Version: 3.0.00.11220)
SUPERAntiSpyware (Version: 5.0.1136)
Synaptics Pointing Device Driver (Version: 11.0.7.0)
Turbo Lister 2 (Version: 2.00.0000)
TweakNow PowerPack 2011 SP2b (Version: 3.3.2)
Uninstall 1.0.0.1
VC 9.0 Runtime (Version: 1.0.0)
ViewNX (Version: 1.5.2)
Visual C++ CRT 8.0 (Version: 1.0.0.0)
VoiceOver Kit (Version: 1.40.128.0)
VZAccess Manager for RIM (Version: 6.9.0)
WD Diagnostics (Version: 1.09.0002)
What's Running 3.0 (Version: 3.0)
Windows Installer Clean Up (Version: 3.00.00.0000)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)

========================= Memory info: ===================================

Percentage of memory in use: 72%
Total physical RAM: 1013.31 MB
Available physical RAM: 275.69 MB
Total Pagefile: 2292.95 MB
Available Pagefile: 1325.25 MB
Total Virtual: 2047.88 MB
Available Virtual: 1954.45 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:105.24 GB) (Free:38.81 GB) NTFS
2 Drive d: (HP_RECOVERY) (Fixed) (Total:6.55 GB) (Free:0.01 GB) NTFS
3 Drive e: () (Removable) (Total:1.87 GB) (Free:1.67 GB) FAT

========================= Users: ========================================

User accounts for \\OURLAPTOP

Administrator DylanBorns Guest
Lindsey Jo Borns


**** End of log ****

MBAM-
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8351

Windows 6.0.6002 Service Pack 2 (Safe Mode)
Internet Explorer 9.0.8112.16421

12/11/2011 10:41:04 AM
mbam-log-2011-12-11 (10-41-03).txt

Scan type: Full scan (C:\|)
Objects scanned: 355185
Time elapsed: 1 hour(s), 11 minute(s), 14 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


I've run SAS and MBAM both in regular mode and safe mode and they aren't finding anything but my computer seems very slow and I can't open any of my security features still. I went ahead and installed Avira AV, and Comodo firewall and they are running normal, but something still isn't right.

#10 Dborns

Dborns
  • Topic Starter

  • Members
  • 201 posts
  • OFFLINE
  •  
  • Local time:10:33 AM

Posted 11 December 2011 - 05:57 PM

I got Comodo installed and running. I notice that I can shut down all connections, but when I get on the internet, I have over 100 "outbound" connections called "TCP OUT" and different sources. So this thing is still infected; what should I do now?

#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,490 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:11:33 AM

Posted 11 December 2011 - 07:10 PM

Ok those 0's in that Mini log indicate a rootkit at work. We need to get over to the Removal forum.
Please go here....
Preparation Guide ,do steps 6 - 9.

Create a DDS log and post it in the new topic explained in step 9,which is here Virus, Trojan, Spyware, and

Malware Removal Logs
and not in this topic,thanks.
If Gmer won't run,skip it and move on.
Include a link back to this topic.

Let me know if that went well.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users