Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser Hijack/ Redirect


  • This topic is locked This topic is locked
23 replies to this topic

#1 Cherrystik

Cherrystik

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:43 PM

Posted 28 February 2012 - 07:13 AM

as the title says im having problems with internet explorer. it keeps redirecting me to junk when i go on facebook or read my emails and stuff please help? its 64bit windows 7 home premium.

heres the dds log thingy.

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514
Run by Home at 12:08:25 on 2012-02-28
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3002.1404 [GMT 0:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Disabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Lavasoft Ad-Watch Live! *Disabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe
C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\system32\igfxext.exe
C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerEvent.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
uWindow Title = Windows Internet Explorer provided by MSN and Bing
mDefault_Page_URL = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0809&m=easynote_th36&r=27360611l235l0464z175f4652e448
mStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0809&m=easynote_th36&r=27360611l235l0464z175f4652e448
mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll
mWinlogon: Userinit=userinit.exe
BHO: Groove Folder Synchronization: {17d50821-278e-1646-4ab3-05897e9a2680} - C:\Windows\SysWOW64\msvcr100_clr04000.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll
BHO: Adobe PDF Link Helper: {481e7f28-7561-3b6d-3699-304b62a73e6d} - C:\Windows\SysWOW64\Nlsdll.dll
BHO: Groove GFS Browser Helper: {5ce15024-038a-1181-0836-120e16a50cc0} - C:\Windows\SysWow64\api-ms-win-core-nameddpipe-l1-1-0.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll
TB: Conduit Engine : {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{8A3C7E3C-BC1E-48B0-BB24-CC3B5C76B7C0} : DhcpNameServer = 192.168.1.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
mASetup: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache
BHO-X64: Groove Folder Synchronization: {17D50821-278E-1646-4AB3-05897E9A2680} - C:\Windows\SysWOW64\msvcr100_clr04000.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Conduit Engine : {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll
BHO-X64: Conduit Engine - No File
BHO-X64: Adobe PDF Link Helper: {481E7F28-7561-3B6D-3699-304B62A73E6D} - C:\Windows\SysWOW64\Nlsdll.dll
BHO-X64: Groove GFS Browser Helper: {5CE15024-038A-1181-0836-120E16A50CC0} - C:\Windows\SysWow64\api-ms-win-core-nameddpipe-l1-1-0.dll
BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO-X64: Search Helper - No File
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO-X64: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll
BHO-X64: uTorrentBar - No File
BHO-X64: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
TB-X64: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2322.0\npwinext.dll
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB-X64: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll
TB-X64: Conduit Engine : {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun-x64: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;C:\Windows\system32\DRIVERS\Lbd.sys --> C:\Windows\system32\DRIVERS\Lbd.sys [?]
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-2-20 44768]
R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2010-5-10 325200]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [2011-6-3 867360]
R2 GREGService;GREGService;C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe [2010-1-8 23584]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-5-10 13336]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-2-20 652360]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe [2010-3-8 250368]
R2 Updater Service;Updater Service;C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2010-5-10 243232]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\system32\DRIVERS\L1C62x64.sys --> C:\Windows\system32\DRIVERS\L1C62x64.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-6-8 135664]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2011-12-23 2152152]
S3 androidusb;ADB Interface Driver;C:\Windows\system32\Drivers\androidusb.sys --> C:\Windows\system32\Drivers\androidusb.sys [?]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-6-8 135664]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2010-5-10 225280]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S3 zghsmdm;ZTE General Handset USB Modem Proprietary;C:\Windows\system32\DRIVERS\zghsmdm.sys --> C:\Windows\system32\DRIVERS\zghsmdm.sys [?]
S4 PuranDefrag;PuranDefrag;"C:\Windows\system32\PuranDefragS.exe" --> C:\Windows\system32\PuranDefragS.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-02-28 11:51:34 16432 ----a-w- C:\Windows\System32\lsdelete.exe
2012-02-28 11:51:33 100 ---ha-w- C:\aaw7boot.cmd
2012-02-28 11:43:31 55384 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys
2012-02-28 11:40:21 69376 ----a-w- C:\Windows\System32\drivers\Lbd.sys
2012-02-28 11:40:10 -------- d-----w- C:\Program Files (x86)\Lavasoft
2012-02-28 09:13:35 8643640 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D02E003E-C227-44C2-9116-FC3A9DE84C1E}\mpengine.dll
2012-02-28 09:09:44 -------- d-----w- C:\Users\Home\AppData\Local\{B7BEB382-6CAF-4E09-BA17-614A75CB8423}
2012-02-28 09:09:31 -------- d-----w- C:\Users\Home\AppData\Local\{392CBF4F-3122-40B6-8FF6-2512F7E69CD0}
2012-02-27 11:07:35 -------- d-----w- C:\Users\Home\AppData\Local\{DE50DCE1-E9CD-48E9-9CCC-18B076D868EF}
2012-02-27 11:07:12 -------- d-----w- C:\Users\Home\AppData\Local\{C6EE58CA-8A73-4EB2-B222-ADDA515C9F2B}
2012-02-26 23:06:43 -------- d-----w- C:\Users\Home\AppData\Local\{3CEF6EAB-DB5C-409E-AD4C-3A6DCC69275C}
2012-02-26 23:06:30 -------- d-----w- C:\Users\Home\AppData\Local\{5CBB5598-1DF7-4638-9087-19D0B7841DF5}
2012-02-26 17:12:15 -------- d-----w- C:\Windows\SysWow64\1084
2012-02-26 11:05:29 -------- d-----w- C:\Users\Home\AppData\Local\{94D19571-D174-4921-94A0-61CDFA2C3976}
2012-02-26 11:05:16 -------- d-----w- C:\Users\Home\AppData\Local\{C9E56980-6FC1-44E5-A74E-8F071CC613F3}
2012-02-25 18:38:26 -------- d-----w- C:\Users\Home\AppData\Local\{DBB87B0D-966D-42CE-9228-E2647D0C614E}
2012-02-25 18:38:13 -------- d-----w- C:\Users\Home\AppData\Local\{DCDC899B-65F6-4DB8-9200-4F322C4DEC06}
2012-02-25 06:29:24 -------- d-----w- C:\Users\Home\AppData\Local\{FEDDF260-21F9-4716-AB7D-C93C80CB3F76}
2012-02-25 06:29:12 -------- d-----w- C:\Users\Home\AppData\Local\{3991CE91-B6B8-4D43-A7A6-3EF3EC8AAF3F}
2012-02-24 10:42:05 -------- d-----w- C:\Users\Home\AppData\Roaming\Alawar
2012-02-24 10:05:10 -------- d-----w- C:\Users\Home\AppData\Local\{2DF69946-4A33-402D-8BA7-0DDA11A7F3E8}
2012-02-24 10:04:47 -------- d-----w- C:\Users\Home\AppData\Local\{3557124D-F55F-45DD-8E86-C90BC47F3EEE}
2012-02-23 22:04:17 -------- d-----w- C:\Users\Home\AppData\Local\{54803177-6BB2-46BF-BB20-CDBF47E16262}
2012-02-23 22:04:03 -------- d-----w- C:\Users\Home\AppData\Local\{FE61C889-6B39-4312-BC61-1F5ED90932E0}
2012-02-23 09:40:18 -------- d-----w- C:\Users\Home\AppData\Local\{3AE0DC43-D781-4306-BF3B-897BFFA61D6C}
2012-02-23 09:39:54 -------- d-----w- C:\Users\Home\AppData\Local\{06632F20-BE18-41A7-991C-CDBFB924DB37}
2012-02-22 21:39:25 -------- d-----w- C:\Users\Home\AppData\Local\{64E65B26-3A59-4A7A-82F8-323454960140}
2012-02-22 21:39:11 -------- d-----w- C:\Users\Home\AppData\Local\{26571D68-11F9-4BE7-B7F0-66322F24B71E}
2012-02-22 09:24:07 -------- d-----w- C:\Users\Home\AppData\Local\{ECFFCCC1-21DA-4495-B778-C09B9B5107B1}
2012-02-22 09:23:54 -------- d-----w- C:\Users\Home\AppData\Local\{13C7A2BF-4B2B-41F2-B0CF-32FCBFEC615E}
2012-02-21 18:56:21 -------- d-----w- C:\Users\Home\AppData\Roaming\bigwig_media
2012-02-21 13:53:44 -------- d-----w- C:\Users\Home\AppData\Local\{B6F3D7AA-C6BD-4776-9D77-6F51F9B5248E}
2012-02-21 13:53:31 -------- d-----w- C:\Users\Home\AppData\Local\{8A63524B-A495-4F8F-8BF9-11873B7F6A41}
2012-02-21 01:44:27 -------- d-----w- C:\Users\Home\AppData\Local\{0A6F0D42-1451-4054-A198-3E42D9CDE881}
2012-02-21 01:44:15 -------- d-----w- C:\Users\Home\AppData\Local\{5A56FE88-D12A-44E1-82F0-E563CBDA634D}
2012-02-20 09:54:13 -------- d-----w- C:\Users\Home\AppData\Local\{9956462B-7DBE-4B48-814E-A7E2B83AD6C9}
2012-02-20 09:54:00 -------- d-----w- C:\Users\Home\AppData\Local\{F6878D24-C002-4045-BA53-63F38F07FAAA}
2012-02-19 21:46:49 -------- d-----w- C:\Users\Home\AppData\Roaming\Boomzap
2012-02-19 18:43:25 -------- d-----w- C:\Windows\SysWow64\2068
2012-02-19 18:43:08 3767504 ----a-w- C:\Windows\System32\d3dx9_26.dll
2012-02-19 18:43:08 2297552 ----a-w- C:\Windows\SysWow64\d3dx9_26.dll
2012-02-19 18:35:03 -------- d-----w- C:\Windows\SysWow64\directx
2012-02-19 18:34:57 -------- d-----w- C:\Windows\SysWow64\1037
2012-02-19 18:34:53 466456 ----a-w- C:\Windows\System32\wrap_oal.dll
2012-02-19 18:34:53 122904 ----a-w- C:\Windows\System32\OpenAL32.dll
2012-02-19 18:34:53 -------- d-----w- C:\Program Files (x86)\OpenAL
2012-02-19 18:34:52 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2012-02-19 18:34:52 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2012-02-19 18:34:40 -------- d-----w- C:\Windows\SysWow64\1047
2012-02-19 13:34:13 -------- d-----w- C:\Users\Home\AppData\Roaming\JoyBits
2012-02-19 11:07:39 -------- d-----w- C:\Users\Home\AppData\Local\{2A5CD121-14F0-461C-AA24-0EB95F0451A8}
2012-02-19 11:07:26 -------- d-----w- C:\Users\Home\AppData\Local\{8F524E50-8CDA-4970-8644-26C296884A82}
2012-02-18 15:33:52 -------- d-----w- C:\Users\Home\AppData\Roaming\tabagames
2012-02-18 10:07:00 -------- d-----w- C:\Users\Home\AppData\Local\{35DE565D-95A2-4B7B-A608-08706898F516}
2012-02-18 10:06:48 -------- d-----w- C:\Users\Home\AppData\Local\{1AFCD94D-FFF1-4C46-A328-C9779019FAF1}
2012-02-17 10:20:42 -------- d-----w- C:\Users\Home\AppData\Local\{338CDDC3-8FA6-473B-A619-3A18AAE75992}
2012-02-17 10:20:19 -------- d-----w- C:\Users\Home\AppData\Local\{E5D51A11-FF76-4A9E-8709-06C18AA75C5C}
2012-02-16 22:19:51 -------- d-----w- C:\Users\Home\AppData\Local\{127B2E71-3CBF-4026-AA78-FB2430D9BE1D}
2012-02-16 22:19:28 -------- d-----w- C:\Users\Home\AppData\Local\{C3C63178-02DD-43AE-A100-283A5FEEFEEF}
2012-02-16 10:18:53 -------- d-----w- C:\Users\Home\AppData\Local\{8500C447-5F8E-4C72-9488-A2F6BC98829A}
2012-02-16 10:18:40 -------- d-----w- C:\Users\Home\AppData\Local\{4919F112-E3F3-4F4D-B122-F4E1302591AA}
2012-02-15 21:53:59 -------- d-----w- C:\Users\Home\AppData\Local\{C2D49791-E6B1-45B1-A3AB-8544BEBFF3FF}
2012-02-15 21:53:36 -------- d-----w- C:\Users\Home\AppData\Local\{EB8E0A6B-305D-4C99-B743-36A357532FA6}
2012-02-15 09:47:25 -------- d-----w- C:\Users\Home\AppData\Local\{23D97CD7-EE98-4C8E-9DB5-F3B17468076D}
2012-02-15 09:47:02 -------- d-----w- C:\Users\Home\AppData\Local\{91778BD1-98F1-4119-8DBC-E82A48FCABC3}
2012-02-15 07:42:17 3145728 ----a-w- C:\Windows\System32\win32k.sys
2012-02-15 07:42:10 515584 ----a-w- C:\Windows\System32\timedate.cpl
2012-02-15 07:42:10 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl
2012-02-15 07:42:03 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2012-02-15 07:42:03 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2012-02-15 07:42:00 498688 ----a-w- C:\Windows\System32\drivers\afd.sys
2012-02-15 07:41:57 634880 ----a-w- C:\Windows\System32\msvcrt.dll
2012-02-15 07:41:56 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
2012-02-14 21:46:30 -------- d-----w- C:\Users\Home\AppData\Local\{BDC7CD60-88C9-4B45-B56A-C04E0BE71463}
2012-02-14 21:46:16 -------- d-----w- C:\Users\Home\AppData\Local\{CEF90B96-19D5-4BAE-BCAB-FF0F10A4C39B}
2012-02-14 09:32:20 -------- d-----w- C:\Users\Home\AppData\Local\{86165D21-CA52-4E96-A2F1-0D62FE5A807B}
2012-02-14 09:31:56 -------- d-----w- C:\Users\Home\AppData\Local\{C3951179-1AF5-4654-9045-108C227A95B4}
2012-02-13 21:28:39 -------- d-----w- C:\Users\Home\AppData\Local\{71D67964-78D8-4B1A-A285-D5EBBC011E57}
2012-02-13 21:28:27 -------- d-----w- C:\Users\Home\AppData\Local\{56DDFE4F-4D8E-402F-854B-FF348BAABB5D}
2012-02-13 08:28:07 -------- d-----w- C:\Users\Home\AppData\Local\{04DDCA4E-D464-4675-929C-89E43B0254F7}
2012-02-13 08:27:43 -------- d-----w- C:\Users\Home\AppData\Local\{F679DB26-604A-49AC-A7C0-FBA0F72AF8D4}
2012-02-12 10:19:51 -------- d-----w- C:\Users\Home\AppData\Local\{8A522567-D258-4162-8DAE-414575BF89C9}
2012-02-12 10:19:39 -------- d-----w- C:\Users\Home\AppData\Local\{D54203FE-7022-4A09-BBEE-C54F43650A20}
2012-02-11 21:26:08 -------- d-----w- C:\Users\Home\AppData\Local\{BE3A0249-6F4D-45EB-B576-1F781BBD4FA5}
2012-02-11 21:25:56 -------- d-----w- C:\Users\Home\AppData\Local\{593B667B-2831-4835-90D6-7BCB1D45182D}
2012-02-11 09:01:03 -------- d-----w- C:\Users\Home\AppData\Local\{3C48B694-BC4E-438A-8EB1-D0B011FF99D0}
2012-02-11 09:00:51 -------- d-----w- C:\Users\Home\AppData\Local\{07DAB812-9994-4575-A6DA-B12B199BF1AD}
2012-02-10 20:56:30 -------- d-----w- C:\Users\Home\AppData\Local\{6BF1189E-EE7A-48AD-9ADB-912B7B627C2A}
2012-02-10 20:56:15 -------- d-----w- C:\Users\Home\AppData\Local\{5D4B5B95-F3C2-42F2-98F6-E0E5ED6FB082}
2012-02-10 08:48:06 -------- d-----w- C:\Users\Home\AppData\Local\{8DEA6A13-3F27-480A-A925-F3FEFBA0BB28}
2012-02-10 08:47:54 -------- d-----w- C:\Users\Home\AppData\Local\{6F46BF73-FA29-49A3-A742-B2F1E73A159C}
2012-02-09 19:53:51 -------- d-----w- C:\Users\Home\AppData\Local\{39A0A814-831F-4484-BCB7-CBFED8285995}
2012-02-09 19:53:28 -------- d-----w- C:\Users\Home\AppData\Local\{B4FD2253-49F8-4F78-AF61-B091F01D9590}
2012-02-09 07:52:58 -------- d-----w- C:\Users\Home\AppData\Local\{9F7BE2F7-5F6B-4813-B2D0-FA8736FD2DD9}
2012-02-09 07:52:46 -------- d-----w- C:\Users\Home\AppData\Local\{DF0C9304-06DC-4B30-9D1C-76ADB4A8E583}
2012-02-08 09:46:11 -------- d-----w- C:\Users\Home\AppData\Local\{43EC2FA5-8F9B-4818-9CEF-CD9874C78A14}
2012-02-08 09:45:59 -------- d-----w- C:\Users\Home\AppData\Local\{3F07625A-3FA1-4DEF-8830-952C3466AE51}
2012-02-07 17:41:11 -------- d-----w- C:\Users\Home\AppData\Local\{0499B953-0430-4529-934F-70237144EC3B}
2012-02-07 17:40:48 -------- d-----w- C:\Users\Home\AppData\Local\{DBF90175-AD45-49EB-8BFF-AED9641D8A02}
2012-02-07 05:40:18 -------- d-----w- C:\Users\Home\AppData\Local\{3693D7C5-4B8D-4CE3-B21E-7C6B38B62EE3}
2012-02-07 05:40:05 -------- d-----w- C:\Users\Home\AppData\Local\{09EC430A-546C-4A66-A8A2-28975A12BA9D}
2012-02-06 10:07:21 -------- d-----w- C:\Users\Home\AppData\Local\{51B010DB-8780-412D-A9AD-EE36934BC407}
2012-02-06 10:07:07 -------- d-----w- C:\Users\Home\AppData\Local\{D0CF4EF7-49EC-4CB0-9491-F6ED75D5D252}
2012-02-05 22:00:20 -------- d-----w- C:\Users\Home\AppData\Local\{4AA7B9D0-C729-4064-99A4-63A78A118939}
2012-02-05 22:00:07 -------- d-----w- C:\Users\Home\AppData\Local\{4CDF2CF9-C4CF-4B0D-A339-D34E94B62FFA}
2012-02-05 09:50:58 -------- d-----w- C:\Users\Home\AppData\Local\{586C5074-B66D-49CB-8C11-684B9C00E444}
2012-02-05 09:50:46 -------- d-----w- C:\Users\Home\AppData\Local\{70E0FF97-EA26-49DA-A043-BF88485BBF26}
2012-02-04 10:40:07 -------- d-----w- C:\Users\Home\AppData\Local\{1FB565AF-5799-4177-969E-8BE500DFD04A}
2012-02-04 10:39:55 -------- d-----w- C:\Users\Home\AppData\Local\{ACF24CC6-2930-4D55-AB86-F70B2BBDCBCC}
2012-02-03 22:27:11 -------- d-----w- C:\Users\Home\AppData\Local\{1B7CC72A-94D4-4767-A2B0-39CC4B6A1C8D}
2012-02-03 22:26:48 -------- d-----w- C:\Users\Home\AppData\Local\{6A6932CE-FEEC-451C-9083-914D86AACF87}
2012-02-03 16:41:11 -------- d-----w- C:\Users\Home\AppData\Local\PackageAware
2012-02-03 10:26:20 -------- d-----w- C:\Users\Home\AppData\Local\{CE3CA140-A1C9-401D-A1F6-3887A9CC799E}
2012-02-03 10:25:57 -------- d-----w- C:\Users\Home\AppData\Local\{8630FD64-8396-44C6-A9BC-BD6A62AF5F3D}
2012-02-02 22:25:27 -------- d-----w- C:\Users\Home\AppData\Local\{01AD9CF4-AB16-4A40-B105-75A5E44E220B}
2012-02-02 22:25:15 -------- d-----w- C:\Users\Home\AppData\Local\{2C59DAFE-5AEF-467D-BB47-5A89F53CBC8E}
2012-02-02 14:40:57 -------- d-----w- C:\Users\Home\AppData\Local\JollyBear
2012-02-02 14:40:57 -------- d-----w- C:\ProgramData\JollyBear
2012-02-02 08:37:22 -------- d-----w- C:\Users\Home\AppData\Local\{7B0538A3-64EE-47DD-992E-706F2990B37F}
2012-02-02 08:37:08 -------- d-----w- C:\Users\Home\AppData\Local\{3AC66B33-38DF-4A61-ACB0-83443AF91F1F}
2012-02-01 19:14:56 -------- d-----w- C:\Users\Home\AppData\Local\{D3FE91B9-4BDE-4496-9598-40B8F4B62016}
2012-02-01 19:14:44 -------- d-----w- C:\Users\Home\AppData\Local\{688F543C-9142-4FD7-BB41-E7BB0B68B437}
2012-02-01 07:14:11 -------- d-----w- C:\Users\Home\AppData\Local\{8A5BBE13-C7D2-4249-8F37-B5B9A5C07714}
2012-02-01 07:13:48 -------- d-----w- C:\Users\Home\AppData\Local\{42B3588C-E1B3-482D-A9A2-FBAF88105425}
2012-01-31 19:13:20 -------- d-----w- C:\Users\Home\AppData\Local\{56FF45EC-0E36-4DE9-A59C-601098A65A1B}
2012-01-31 19:12:56 -------- d-----w- C:\Users\Home\AppData\Local\{8B53740B-03AF-4383-863E-14F85269D234}
2012-01-31 07:12:27 -------- d-----w- C:\Users\Home\AppData\Local\{C347AD23-EA30-4A0F-8E7A-5CDF58576A3F}
2012-01-31 07:12:15 -------- d-----w- C:\Users\Home\AppData\Local\{0A7E2F47-D625-4797-8D22-001E18928B14}
2012-01-30 16:43:09 -------- d-----w- C:\ProgramData\SpinTop Games
2012-01-30 16:43:09 -------- d-----w- C:\ProgramData\PopCapY
2012-01-30 16:43:09 -------- d-----w- C:\ProgramData\934bcbfe-35c5-4039-88e2-8d1494de198e
2012-01-30 10:30:52 -------- d-----w- C:\Users\Home\AppData\Local\{64A4856B-5527-4A35-BFDC-21A8C9C29357}
2012-01-30 10:30:28 -------- d-----w- C:\Users\Home\AppData\Local\{39E684F1-4B54-4D31-B2F5-FA9A91BFA340}
2012-01-29 22:03:00 -------- d-----w- C:\Users\Home\AppData\Local\{8D6FA052-F36D-4246-B05E-CEB325FF3BBC}
2012-01-29 22:02:35 -------- d-----w- C:\Users\Home\AppData\Local\{D797826F-EAFF-4BC9-ABF3-40E994F3E88C}
.
==================== Find3M ====================
.
2012-01-29 05:10:42 279656 ------w- C:\Windows\System32\MpSigStub.exe
2011-12-16 08:47:38 1188864 ----a-w- C:\Windows\System32\wininet.dll
2011-12-16 07:54:22 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-12-16 06:44:38 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
2011-12-16 06:09:17 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-12-10 15:24:08 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
.
============= FINISH: 12:11:23.32 ===============

BC AdBot (Login to Remove)

 


#2 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:11:43 AM

Posted 29 February 2012 - 07:17 AM

Hello Cherrystik and welcome to BC.


Download Combofix (by Subs) from any of the links below, make sure that you save it to your desktop.

Link 1
Link 2

  • It's important to temporary disable your anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. See HERE
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.

*It's strongly recommended to have this pre-installed on your machine before doing any malware removal.
*The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode.
*This allows us to more easily help you should your computer have a problem after an attempted removal of malware.

  • If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. If you did not have it installed, you will see the prompt below. Choose YES.

Posted Image


  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console.
  • When prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Important notes:

  • Leave your computer alone while ComboFix is running.
  • ComboFix will restart your computer if malware is found; allow it to do so.
  • ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
  • Please do not mouseclick combofix's window while its running because it may call it to stall.
  • ComboFix SHOULD NOT be used unless requested by a forum helper. See HERE.


~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#3 Cherrystik

Cherrystik
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:43 PM

Posted 29 February 2012 - 02:28 PM

ComboFix 12-02-29.01 - Home 29/02/2012 18:45:48.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3002.1532 [GMT 0:00]
Running from: c:\users\Home\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\log.txt
.
.
((((((((((((((((((((((((( Files Created from 2012-01-28 to 2012-02-29 )))))))))))))))))))))))))))))))
.
.
2012-02-29 19:01 . 2012-02-29 19:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-02-28 18:07 . 2012-02-28 18:07 -------- d-----w- c:\programdata\McAfee Security Scan
2012-02-28 18:07 . 2012-02-28 18:07 -------- d-----w- c:\programdata\McAfee
2012-02-28 18:07 . 2012-02-28 18:07 -------- d-----w- c:\program files (x86)\McAfee Security Scan
2012-02-28 17:13 . 2012-02-28 17:34 -------- d-----w- c:\users\Home\AppData\Roaming\Natural Threat.Ominous Shores
2012-02-28 16:55 . 2012-02-28 16:55 -------- d-----w- c:\users\Home\AppData\Roaming\GameInvest
2012-02-28 14:32 . 2012-02-28 14:32 -------- d-----w- c:\users\Home\AppData\Local\Mozilla
2012-02-28 13:51 . 2012-02-28 13:51 748336 ----a-w- c:\program files (x86)\Internet Explorer\iexplore.exe
2012-02-28 13:51 . 2012-02-28 13:51 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-02-28 13:51 . 2012-02-28 13:51 307200 ----a-w- c:\program files (x86)\Internet Explorer\iediagcmd.exe
2012-02-28 13:51 . 2012-02-28 13:51 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-02-28 13:51 . 2012-02-28 13:51 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2012-02-28 13:51 . 2012-02-28 13:51 107008 ----a-w- c:\program files (x86)\Internet Explorer\iecleanup.exe
2012-02-28 12:31 . 2012-02-28 12:31 -------- d-----w- c:\users\Home\AppData\Roaming\Artogon
2012-02-28 11:43 . 2012-02-28 11:43 55384 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2012-02-28 11:40 . 2012-02-29 18:43 -------- d-----w- c:\programdata\Lavasoft
2012-02-26 17:12 . 2012-02-26 17:12 -------- d-----w- c:\windows\SysWow64\1084
2012-02-24 10:42 . 2012-02-24 10:42 -------- d-----w- c:\users\Home\AppData\Roaming\Alawar
2012-02-21 18:56 . 2012-02-21 18:56 -------- d-----w- c:\users\Home\AppData\Roaming\bigwig_media
2012-02-19 21:46 . 2012-02-19 21:46 -------- d-----w- c:\users\Home\AppData\Roaming\Boomzap
2012-02-19 18:43 . 2012-02-26 17:12 -------- d-----w- c:\windows\SysWow64\2068
2012-02-19 18:43 . 2005-05-26 15:34 3767504 ----a-w- c:\windows\system32\d3dx9_26.dll
2012-02-19 18:43 . 2005-05-26 15:34 2297552 ----a-w- c:\windows\SysWow64\d3dx9_26.dll
2012-02-19 18:34 . 2012-02-19 18:34 -------- d-----w- c:\windows\SysWow64\1037
2012-02-19 18:34 . 2012-02-19 18:34 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2012-02-19 18:34 . 2012-02-19 18:34 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2012-02-19 18:34 . 2012-02-19 18:34 -------- d-----w- c:\program files (x86)\OpenAL
2012-02-19 18:34 . 2012-02-19 18:34 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2012-02-19 18:34 . 2012-02-19 18:34 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2012-02-19 18:34 . 2012-02-19 18:34 -------- d-----w- c:\windows\SysWow64\1047
2012-02-19 13:34 . 2012-02-19 13:34 -------- d-----w- c:\users\Home\AppData\Roaming\JoyBits
2012-02-18 15:33 . 2012-02-18 15:33 -------- d-----w- c:\users\Home\AppData\Roaming\tabagames
2012-02-15 07:42 . 2012-01-14 04:06 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-02-15 07:42 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-02-15 07:42 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-02-15 07:42 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-15 07:42 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-02-15 07:42 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-15 07:41 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-15 07:41 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-02-03 16:41 . 2012-02-03 16:41 -------- d-----w- c:\users\Home\AppData\Local\PackageAware
2012-02-02 14:40 . 2012-02-02 14:40 -------- d-----w- c:\users\Home\AppData\Local\JollyBear
2012-02-02 14:40 . 2012-02-02 14:40 -------- d-----w- c:\programdata\JollyBear
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-28 18:07 . 2011-06-08 20:34 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-08 07:13 . 2012-02-28 09:13 8643640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D02E003E-C227-44C2-9116-FC3A9DE84C1E}\mpengine.dll
2012-01-29 05:10 . 2011-06-08 20:40 279656 ------w- c:\windows\system32\MpSigStub.exe
2011-12-10 15:24 . 2001-01-03 15:26 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{17D50821-278E-1646-4AB3-05897E9A2680}]
2010-03-18 12:16 73728 ----a-w- c:\windows\SysWOW64\msvcr100_clr04000.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-03-28 16:22 176936 ----a-w- c:\program files (x86)\ConduitEngine\prxConduitEngin.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{481E7F28-7561-3B6D-3699-304B62A73E6D}]
2009-07-14 01:16 73728 ----a-w- c:\windows\SysWOW64\Nlsdll.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{5CE15024-038A-1181-0836-120E16A50CC0}]
2011-07-16 04:15 73728 ----a-w- c:\windows\SysWOW64\api-ms-win-core-nameddpipe-l1-1-0.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2011-03-28 16:22 176936 ----a-w- c:\program files (x86)\uTorrentBar\prxtbuTor.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\prxtbuTor.dll" [2011-03-28 176936]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\prxConduitEngin.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-05-10 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-04-13 284696]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-03-03 1300560]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-11-28 3744552]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-08 135664]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-08 135664]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [2009-09-02 225280]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 zghsmdm;ZTE General Handset USB Modem Proprietary;c:\windows\system32\DRIVERS\zghsmdm.sys [x]
R4 PuranDefrag;PuranDefrag;c:\windows\system32\PuranDefragS.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-03-03 325200]
S2 ePowerSvc;Acer ePower Service;c:\program files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [2010-04-23 867360]
S2 GREGService;GREGService;c:\program files (x86)\Packard Bell\Registration\GREGsvc.exe [2010-01-08 23584]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-04-13 13336]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe [2010-03-08 250368]
S2 Updater Service;Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2010-01-28 243232]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-02-26 c:\windows\Tasks\At1.job
- c:\windows\SysWOW64\HOSTNAMME.EXE [2009-07-13 01:14]
.
2012-02-26 c:\windows\Tasks\At2.job
- c:\windows\SysWOW64\HOSTTNAMME.EXE [2009-07-13 01:14]
.
2012-02-26 c:\windows\Tasks\At3.job
- c:\windows\SysWOW64\ie4uinnit.exe [2011-06-08 20:20]
.
2012-02-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-08 19:54]
.
2012-02-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-08 19:54]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-11-28 18:01 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-03-23 10134560]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-03-15 165912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-03-15 387608]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-03-15 365592]
"Acer ePower Management"="c:\program files\Packard Bell\Packard Bell Power Management\ePowerTray.exe" [2010-04-23 861216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.packardbell.com/rdr.aspx?b=ACPW&l=0809&m=easynote_th36&r=27360611l235l0464z175f4652e448
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Home\AppData\Roaming\Mozilla\Firefox\Profiles\t3322tun.default\
FF - prefs.js: browser.startup.homepage - www.google.co.uk
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2482960173-3127678332-1849453116-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2482960173-3127678332-1849453116-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
.
**************************************************************************
.
Completion time: 2012-02-29 19:26:01 - machine was rebooted
ComboFix-quarantined-files.txt 2012-02-29 19:25
.
Pre-Run: 93,947,535,360 bytes free
Post-Run: 95,409,786,880 bytes free
.
- - End Of File - - 121FAD316D0C94DA0F8D757E8911D103



thank you

#4 Cherrystik

Cherrystik
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:43 PM

Posted 29 February 2012 - 05:40 PM

just saying that tomorrow i have to go to new york for a week so i wont be taking my laptop, if this thread gets locked can i get it unlocked when i come back?

#5 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:11:43 AM

Posted 29 February 2012 - 11:48 PM

OK don't worry I will keep this topic open for 10 days.


:step1: Please download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.
Note: Do not install Avast anti virus when offered.


:step2: Please download Listparts64
Run the tool, click Scan and post the log (Result.txt) it makes.

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#6 Cherrystik

Cherrystik
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:43 PM

Posted 09 March 2012 - 11:00 AM

heres the log :) thank you for keeping the topic open.


aswMBR version 0.9.9.1649 Copyright© 2011 AVAST Software
Run date: 2012-03-09 15:08:23
-----------------------------
15:08:23.744 OS Version: Windows x64 6.1.7601 Service Pack 1
15:08:23.745 Number of processors: 2 586 0x170A
15:08:23.746 ComputerName: HOME-PC UserName: Home
15:08:25.134 Initialize success
15:08:25.313 AVAST engine defs: 12030900
15:08:29.692 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
15:08:29.697 Disk 0 Vendor: Hitachi_ FB4O Size: 305245MB BusType: 3
15:08:29.716 Disk 0 MBR read successfully
15:08:29.721 Disk 0 MBR scan
15:08:29.727 Disk 0 Windows 7 default MBR code
15:08:29.742 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 12288 MB offset 2048
15:08:29.757 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 25167872
15:08:29.777 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 146427 MB offset 25372672
15:08:29.802 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 146428 MB offset 325255168
15:08:29.835 Disk 0 scanning C:\Windows\system32\drivers
15:08:39.128 Service scanning
15:09:16.974 Modules scanning
15:09:16.996 Disk 0 trace - called modules:
15:09:17.382 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys
15:09:17.396 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80050af3d0]
15:09:17.410 3 CLASSPNP.SYS[fffff8800185143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8002dc4050]
15:09:18.882 AVAST engine scan C:\Windows
15:09:21.740 AVAST engine scan C:\Windows\system32
15:12:51.786 AVAST engine scan C:\Windows\system32\drivers
15:13:38.245 AVAST engine scan C:\Users\Home
15:42:16.906 AVAST engine scan C:\ProgramData
15:50:18.907 Scan finished successfully
15:57:14.380 Disk 0 MBR has been saved successfully to "C:\Users\Home\Desktop\MBR.dat"
15:57:14.386 The log file has been saved successfully to "C:\Users\Home\Desktop\aswMBR.txt"

#7 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,314 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:43 AM

Posted 10 March 2012 - 05:52 AM

Hello, because Sempai is not available at the moment I'll work with you on this topic from here. :)

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants.
    Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. TDSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#8 Cherrystik

Cherrystik
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:43 PM

Posted 11 March 2012 - 07:51 AM

No threats found. What next? hehe.

#9 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,314 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:43 AM

Posted 11 March 2012 - 08:04 AM

How are things running at this point?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#10 Cherrystik

Cherrystik
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:43 PM

Posted 11 March 2012 - 09:39 AM

seems ok at the minute. i needed to reinstall ie9 though cos it started saying it wasnt responding. i'll say later if its working ok now. what was up with it though if nothing was found? thank you.

#11 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,314 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:43 AM

Posted 11 March 2012 - 09:44 AM

It may have to do with the fact that you have two antivirus programs installed.

I do not recommend that you have more than one anti virus product installed and running on your computer at a time. The reason for this is that if both products have their automatic (Real-Time) protection switched on, then those products which do not encrypt the virus strings within them can cause other anti virus products to cause "false alarms". It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause:
  • False Alarms: When the anti virus software tells you that your PC has a virus when it actually doesn't.
  • System Performance Problems: Your system may lock up due to both products attempting to access the same file at the same time.
Therefore please go to add/remove in the control panel and remove either Avast or Ad-Aware.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#12 Cherrystik

Cherrystik
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:43 PM

Posted 11 March 2012 - 09:46 AM

i got rid of ad-aware now :) thank you, will let you know if the problem is fixeds.

#13 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,314 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:43 AM

Posted 11 March 2012 - 10:11 AM

Okay, please take your time to look around and let me know if there are any more issues.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#14 Cherrystik

Cherrystik
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:10:43 PM

Posted 11 March 2012 - 01:14 PM

Ok, it doesn't seem to redirect now but when I click a link on google it says internet explorer has stopped responding. This is so frustrating. :-(

#15 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 61,314 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:06:43 AM

Posted 11 March 2012 - 02:00 PM

Do you have the same problem in Firefox?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users