Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google hijack


  • This topic is locked This topic is locked
4 replies to this topic

#1 ESPplayer

ESPplayer

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:16 PM

Posted 17 January 2012 - 01:03 AM

Everytime I start google it gets redirected here https://www.google.com/?rlz=1V1IPYX I have ran everything from malware bytes to avast with no avail.

Here is my log

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.6001.18904 BrowserJavaVersion: 1.6.0_29
Run by mrflip21 at 19:04:15 on 2012-01-16
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.6142.4318 [GMT -8:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
C:\Program Files\ATKGFNEX\GFNEXSrv.exe
C:\Windows\system32\WLANExt.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\ASUS\NB Probe\SPM\spmgr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe
C:\Program Files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\WBVGAservice.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\ASUS\Direct Console\DCHelper.exe
C:\Program Files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\wbctlvga.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\MsgTranAgt64.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Windows\RAVCpl64.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe
C:\Program Files\WinZip\WZQKPICK32.EXE
C:\Windows\ehome\ehmsas.exe
C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\mrflip21\Downloads\Defogger.exe
C:\Windows\SysWOW64\conime.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/?rlz=1V1IPYX
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBitT.dll
uURLSearchHooks: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
mURLSearchHooks: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBitT.dll
mWinlogon: Userinit=userinit.exe,
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
BHO: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBitT.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBitT.dll
TB: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [PlayNC Launcher]
uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe
uRun: [InstallIQUpdater] "C:\Program Files (x86)\W3i\InstallIQUpdater\InstallIQUpdater.exe" /silent /autorun
mRun: [Microsoft Pinyin IME Migration] C:\PROGRA~2\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.EXE /INSTALL
mRun: [P2Go_Menu] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
dRunOnce: [adaware] reg.exe delete "HKCU\Software\AppDataLow\Software\adaware" /f
dRunOnce: [adaware_XP] reg.exe delete "HKCU\Software\adaware" /f
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WINZIP~1.LNK - C:\Program Files (x86)\WinZip\WZQKPICK32.EXE
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1 68.238.64.12
TCP: Interfaces\{6021ABB1-0FFC-414B-8776-20D2DF9E6221} : DhcpNameServer = 192.168.1.1 68.238.64.12
TCP: Interfaces\{94982FA9-A690-48A4-A321-14F97233474E} : DhcpNameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO-X64: 0x1 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
BHO-X64: Ad-Aware Security Toolbar - No File
BHO-X64: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBitT.dll
BHO-X64: BitTorrentBar - No File
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB-X64: BitTorrentBar Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files (x86)\BitTorrentBar\prxtbBitT.dll
TB-X64: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
mRun-x64: [Microsoft Pinyin IME Migration] C:\PROGRA~2\COMMON~1\MICROS~1\IME12\IMESC\IMSCMIG.EXE /INSTALL
mRun-x64: [P2Go_Menu] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun-x64: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
mRun-x64: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Ad-Aware Browsing Protection] "C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe"
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\mrflip21\AppData\Roaming\Mozilla\Firefox\Profiles\4lvb0jx0.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/?rlz=1V1IPYX
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=utf-8&rlz=1V2IPYX&q=
FF - component: C:\Program Files (x86)\ShopperReports3\bin\3.0.517.0\firefox\firefoxtoolbar\extensions\components\BRNstFF.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npclntax_ClickPotatoLiteSA.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - plugin: C:\Users\mrflip21\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys --> C:\Windows\system32\DRIVERS\Lbd.sys [?]
R0 lullaby;lullaby;C:\Windows\system32\DRIVERS\lullaby.sys --> C:\Windows\system32\DRIVERS\lullaby.sys [?]
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\system32\DRIVERS\dtsoftbus01.sys --> C:\Windows\system32\DRIVERS\dtsoftbus01.sys [?]
R1 EIO64;EIO Driver;C:\Windows\system32\DRIVERS\EIO64.sys --> C:\Windows\system32\DRIVERS\EIO64.sys [?]
R2 ASMMAP64;ASMMAP64;C:\Program Files\ATKGFNEX\ASMMAP64.sys [2008-12-3 14904]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-1-16 44768]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-12-23 2152152]
R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files (x86)\Viewpoint\Common\ViewpointService.exe [2009-7-3 24652]
R2 WBVGAservice;WB VGA Service;C:\Program Files (x86)\ASUS\Turbo Gear Enhanced VGA Driver\WBVGAservice.exe [2008-12-3 65536]
R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
R3 enecir;ENE CIR Receiver;C:\Windows\system32\DRIVERS\enecir.sys --> C:\Windows\system32\DRIVERS\enecir.sys [?]
R3 FontCache;Windows Font Cache Service;C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;C:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys [2012-1-16 17152]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 copperhd;Razer Copperhead Driver;C:\Windows\system32\drivers\copperhd.sys --> C:\Windows\system32\drivers\copperhd.sys [?]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2012.SP1\RpcAgentSrv.exe [2012-1-7 95896]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2009-8-18 89920]
.
=============== File Associations ===============
.
JSEFile=C:\Windows\SysWOW64\WScript.exe "%1" %*
.
=============== Created Last 30 ================
.
2012-01-16 21:30:25 16432 ----a-w- C:\Windows\System32\lsdelete.exe
2012-01-16 19:21:58 -------- d-----w- C:\Users\mrflip21\AppData\Roaming\Malwarebytes
2012-01-16 19:21:49 -------- d-----w- C:\ProgramData\Malwarebytes
2012-01-16 19:21:48 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-01-16 19:21:48 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-01-16 19:15:15 591192 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2012-01-16 19:15:14 66904 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2012-01-16 19:14:58 41184 ----a-w- C:\Windows\avastSS.scr
2012-01-16 19:14:48 -------- d-----w- C:\ProgramData\AVAST Software
2012-01-16 19:14:48 -------- d-----w- C:\Program Files\AVAST Software
2012-01-16 19:01:57 55384 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys
2012-01-16 19:00:13 -------- d-----w- C:\Users\mrflip21\AppData\Local\adaware
2012-01-16 19:00:12 -------- d-----w- C:\ProgramData\Ad-Aware Browsing Protection
2012-01-16 19:00:11 -------- d-----w- C:\Program Files (x86)\Toolbar Cleaner
2012-01-16 19:00:08 -------- d-----w- C:\Program Files (x86)\adawaretb
2012-01-16 19:00:05 69376 ----a-w- C:\Windows\System32\drivers\Lbd.sys
2012-01-16 19:00:02 -------- d-----w- C:\Program Files (x86)\Lavasoft
2012-01-12 00:19:25 20480 ----atw- C:\Users\mrflip21\AppData\Local\uninstall.tmp
2012-01-08 02:58:14 -------- d-----w- C:\Program Files\Core Temp
2012-01-08 02:58:12 -------- d-sh--w- C:\Windows\SysWow64\AI_RecycleBin
2012-01-08 02:58:11 -------- d-----w- C:\ProgramData\W3i
2012-01-08 02:58:11 -------- d-----w- C:\Program Files (x86)\W3i
2012-01-08 02:27:36 -------- d-----w- C:\Program Files\SiSoftware
2012-01-07 00:24:22 -------- d-----w- C:\Program Files (x86)\Cheat Engine 6.1
2012-01-04 20:12:35 -------- d-----w- C:\Windows\pss
2012-01-04 08:33:18 -------- d-----w- C:\Users\mrflip21\AppData\Local\Oblivion
2012-01-04 08:31:46 -------- d-----w- C:\Users\mrflip21\AppData\Roaming\OpenCandy
2012-01-04 08:31:36 279616 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys
2012-01-04 08:31:30 -------- d-----w- C:\Program Files (x86)\DAEMON Tools Lite
2012-01-04 07:52:03 -------- d-----w- C:\Users\mrflip21\AppData\Roaming\DAEMON Tools Lite
2012-01-04 07:52:01 -------- d-----w- C:\ProgramData\DAEMON Tools Lite
2012-01-04 07:49:10 69714 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
2012-01-04 07:49:10 63488 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ISBEW64.exe
2012-01-04 07:49:10 274432 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
2012-01-04 07:49:10 184320 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
2012-01-04 07:49:09 753664 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
2012-01-04 07:49:09 5632 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
2012-01-04 07:49:09 331908 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
2012-01-04 07:49:09 200836 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll
2012-01-04 06:50:21 -------- d-----w- C:\Program Files (x86)\Common Files\Steam
2012-01-03 01:55:35 175616 ----a-w- C:\Windows\SysWow64\unrar.dll
2012-01-03 01:55:34 232448 ----a-w- C:\Windows\SysWow64\mp3fhg.acm
2012-01-03 01:55:33 74752 ----a-w- C:\Windows\SysWow64\ff_vfw.dll
2012-01-03 01:55:33 650752 ----a-w- C:\Windows\SysWow64\xvidcore.dll
2012-01-03 01:55:33 243200 ----a-w- C:\Windows\SysWow64\xvidvfw.dll
2012-01-03 01:55:33 151552 ----a-w- C:\Windows\SysWow64\ac3acm.acm
2012-01-03 01:55:31 -------- d-----w- C:\Program Files (x86)\K-Lite Codec Pack
2012-01-02 08:01:17 -------- d-----w- C:\Program Files (x86)\SystemRequirementsLab
2012-01-02 08:00:59 476904 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
2012-01-02 08:00:59 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-01-01 10:33:01 -------- d-----w- C:\Program Files (x86)\Conduit
2012-01-01 10:33:00 -------- d-----w- C:\Users\mrflip21\AppData\Local\Conduit
2012-01-01 10:32:59 -------- d-----w- C:\Program Files (x86)\BitTorrentBar
2011-12-30 21:34:08 -------- Attached File  Attach.txt   13.47KB   0 downloads

BC AdBot (Login to Remove)

 


#2 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:10:16 PM

Posted 17 January 2012 - 08:48 PM

Hi

Please do the following:


Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • When asked if you want to download Avast's virus definitions please select Yes.
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.
  • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#3 ESPplayer

ESPplayer
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:16 PM

Posted 21 January 2012 - 06:13 PM

A quick note to add, google is my homepage, but when I click on the add tab button in firefox I get redirected to this link.

hxxp://search.yahoo.com/?fr=freeze&type=W3i_NA,132,3_6,Tab%20Search,20120101,6894,0,19,0

Here is my log and file..

aswMBR version 0.9.9.1297 Copyright© 2011 AVAST Software
Run date: 2012-01-21 14:13:42
-----------------------------
14:13:42.642 OS Version: Windows x64 6.0.6002 Service Pack 2
14:13:42.642 Number of processors: 2 586 0x1706
14:13:42.642 ComputerName: MRFLIP21-PC UserName: mrflip21
14:13:43.485 Initialize success
14:13:43.578 AVAST engine defs: 12012101
14:14:14.123 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
14:14:14.123 Disk 0 Vendor: ST932042 SD13 Size: 305245MB BusType: 3
14:14:14.123 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
14:14:14.123 Disk 1 Vendor: ST932042 SD13 Size: 305245MB BusType: 3
14:14:14.186 Disk 0 MBR read successfully
14:14:14.186 Disk 0 MBR scan
14:14:14.186 Disk 0 unknown MBR code
14:14:14.186 Disk 0 Partition 1 00 1C Hidd FAT32 LBA MSDOS5.0 10997 MB offset 63
14:14:14.186 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 152622 MB offset 22523904
14:14:14.201 Disk 0 Partition - 00 0F Extended LBA 141624 MB offset 335093760
14:14:14.217 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 141623 MB offset 335095808
14:14:14.217 Service scanning
14:14:15.636 Modules scanning
14:14:15.636 Disk 0 trace - called modules:
14:14:15.683 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
14:14:15.699 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8008375570]
14:14:15.699 3 CLASSPNP.SYS[fffffa6000fd3c33] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8006701050]
14:14:16.245 AVAST engine scan C:\Windows
14:14:18.179 AVAST engine scan C:\Windows\system32
14:15:40.170 AVAST engine scan C:\Windows\system32\drivers
14:15:50.728 AVAST engine scan C:\Users\mrflip21
14:27:16.401 AVAST engine scan C:\ProgramData
14:30:05.162 Scan finished successfully
14:42:16.325 Disk 0 MBR has been saved successfully to "C:\Users\mrflip21\Desktop\MBR.dat"
14:42:16.330 The log file has been saved successfully to "C:\Users\mrflip21\Desktop\aswMBR.txt"

Attached Files

  • Attached File  MBR.zip   567bytes   1 downloads

Edited by CatByte, 21 January 2012 - 06:16 PM.
munged link


#4 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:10:16 PM

Posted 21 January 2012 - 06:16 PM

Hi,

Please do the following

Refer to the ComboFix User's Guide

  • Download ComboFix from one of these locations:

    Link 1
    Link 2

    * IMPORTANT !!! Place ComboFix.exe on your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    You can get help on disabling your protection programs here
  • Double click on ComboFix.exe & follow the prompts.
  • Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
  • When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------
  • Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015


#5 CatByte

CatByte

    bleepin' tiger


  • Malware Response Team
  • 14,664 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Canada
  • Local time:10:16 PM

Posted 26 January 2012 - 08:22 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

Microsoft MVP - 2010, 2011, 2012, 2013, 2014, 2015





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users