Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

I am seriously infected and need help


  • This topic is locked This topic is locked
4 replies to this topic

#1 fti9999

fti9999

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:52 PM

Posted 28 February 2012 - 10:54 PM

I appear to have a browser misdirect occurring under both IE and Firefox.

I am running Windows Vista.

I have several indications of the browser misdirect.

I began a few days ago to get a "Internet Explorer cannot display the webpage" error on common web pages; However, after a few times, it would go to the website;

In IE all of the sites that I go to are giving a multiple security warnings like I am going to a https link, but the site does not have such a security warning in Firefox.

Further, I started getting the "Welcome to Nginex!" redirect -- the browser was being redirected to another site, but the site had the "Welcome to Nginex!" on it.

Sometimes, I would get the "404 not found nginx" error;

When I attempted to get ESET online scan link to scan the computer, I got this error:

404 Not Found
nginx/0.7.67

Sometimes, if I try to goto a website in IE, it redirects me to a yahoo search on the webaddress I entered.

Can you please help?

Thanks,

Johnathan Bell

Edited by fti9999, 28 February 2012 - 11:34 PM.


BC AdBot (Login to Remove)

 


#2 Konfliict

Konfliict

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:52 PM

Posted 28 February 2012 - 10:59 PM

Off Topic: We have the same last name haha.

On Topic: I think it may be a fraud virus. Somewhere it seems a program was downloaded that controls your browsers. I suggest searching "Nginex" on ur pc and uninstalling anything in reference with that. On that note, defiantly download Malware Bytes and it should clean up anything that could be causing this problem.

May I ask what security you are using for your PC?
----

Also about nginx, it is a server host similar to apache. Your internet may be responding to the servers DNS info rather then your modems. Which explains your 404 error. The misdirection are caused by this nginx, which is located somewhere on your pc. It should be simple to remove.

Edited by Konfliict, 28 February 2012 - 11:02 PM.


#3 fti9999

fti9999
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:52 PM

Posted 28 February 2012 - 11:19 PM

You are probably very experienced. I certainly appreciate your response. However, the people here on this site are very talented at removing virus. There is a detailed protocol for addressing these issues. I would prefer to follow the protocol.

Here is my Minitoolbox result.txt file for one of the members of this board who deal with sophisticated viruses.


MiniToolBox by Farbar Version: 18-01-2012
Ran by Owner (administrator) on 28-02-2012 at 23:10:05
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Dell Wireless 1397 WLAN Mini-Card = Wireless Network Connection (Connected)
Marvell Yukon 88E8040 PCI-E Fast Ethernet Controller = Local Area Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Owner-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Dell Wireless 1397 WLAN Mini-Card
Physical Address. . . . . . . . . : 00-24-2B-BE-B4-80
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::d4:a1a3:34e4:6955%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.5(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Tuesday, February 28, 2012 9:00:28 AM
Lease Expires . . . . . . . . . . : Wednesday, February 29, 2012 9:00:27 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 285221931
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-11-45-D9-79-00-23-AE-21-C4-50
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : home
Description . . . . . . . . . . . : Marvell Yukon 88E8040 PCI-E Fast Ethernet Controller
Physical Address. . . . . . . . . : 00-23-AE-21-C4-50
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.home
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 7:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{6004B232-A373-4FF2-B06E-14DC066528D8}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:1446:67d:3f57:fefa(Preferred)
Link-local IPv6 Address . . . . . : fe80::1446:67d:3f57:fefa%13(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: UnKnown
Address: 192.168.1.1

Name: google.com
Addresses: 74.125.239.4
74.125.239.5
74.125.239.6
74.125.239.7
74.125.239.8
74.125.239.9
74.125.239.14
74.125.239.0
74.125.239.1
74.125.239.2
74.125.239.3



Pinging google.com [74.125.224.231] with 32 bytes of data:

Reply from 74.125.224.231: bytes=32 time=90ms TTL=49

Reply from 74.125.224.231: bytes=32 time=92ms TTL=49



Ping statistics for 74.125.224.231:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 90ms, Maximum = 92ms, Average = 91ms

Server: UnKnown
Address: 192.168.1.1

Name: yahoo.com
Addresses: 209.191.122.70
98.139.127.62
98.139.183.24



Pinging yahoo.com [98.139.127.62] with 32 bytes of data:

Reply from 98.139.127.62: bytes=32 time=130ms TTL=53

Reply from 98.139.127.62: bytes=32 time=268ms TTL=53



Ping statistics for 98.139.127.62:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 130ms, Maximum = 268ms, Average = 199ms

Server: UnKnown
Address: 192.168.1.1

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:

Request timed out.

Request timed out.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 0, Lost = 2 (100% loss),



Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
11 ...00 24 2b be b4 80 ...... Dell Wireless 1397 WLAN Mini-Card
10 ...00 23 ae 21 c4 50 ...... Marvell Yukon 88E8040 PCI-E Fast Ethernet Controller
1 ........................... Software Loopback Interface 1
12 ...00 00 00 00 00 00 00 e0 isatap.home
14 ...00 00 00 00 00 00 00 e0 isatap.{6004B232-A373-4FF2-B06E-14DC066528D8}
13 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.5 25
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.5 281
192.168.1.5 255.255.255.255 On-link 192.168.1.5 281
192.168.1.255 255.255.255.255 On-link 192.168.1.5 281
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.5 281
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.5 281
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
13 18 ::/0 On-link
1 306 ::1/128 On-link
13 18 2001::/32 On-link
13 266 2001:0:4137:9e76:1446:67d:3f57:fefa/128
On-link
11 281 fe80::/64 On-link
13 266 fe80::/64 On-link
11 281 fe80::d4:a1a3:34e4:6955/128
On-link
13 266 fe80::1446:67d:3f57:fefa/128
On-link
1 306 ff00::/8 On-link
13 266 ff00::/8 On-link
11 281 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [48128] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [19968] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [61440] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [62976] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [78848] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [78848] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [27648] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (02/28/2012 08:12:33 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\HANSONGUESTII\PELLECHIA\FEDERAL COURT\26(F) REPORT\DJTM_HLJ EDITS 26F REPORT 2012-02-28 DRAFT - FINAL.DOCX> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (02/28/2012 08:12:33 PM) (Source: Windows Search Service) (User: )
Description: The entry <C:\HANSONGUESTII\PELLECHIA\FEDERAL COURT\26(F) REPORT\DJTM_HLJ EDITS 26F REPORT 2012-02-28 DRAFT - FINAL.DOCX> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (02/28/2012 08:52:59 AM) (Source: Application Error) (User: )
Description: Faulting application rundll32.exe, version 6.0.6000.16386, time stamp 0x4549bb52, faulting module USER32.dll, version 6.0.6002.18541, time stamp 0x4ec3e855, exception code 0xc0000142, fault offset 0x00000000000b6fc8,
process id 0x1ea8, application start time 0xrundll32.exe0.

Error: (02/27/2012 11:26:45 AM) (Source: Application Hang) (User: )
Description: The program iexplore.exe version 9.0.8112.16421 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 167c
Start Time: 01ccf56c76f061c0
Termination Time: 6

Error: (02/26/2012 09:48:58 AM) (Source: Windows Search Service) (User: )
Description: The entry <C:\COMBOFIX\REGRUNS02> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (02/26/2012 09:48:58 AM) (Source: Windows Search Service) (User: )
Description: The entry <C:\COMBOFIX\REGRUNS0A> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (02/26/2012 09:48:58 AM) (Source: Windows Search Service) (User: )
Description: The entry <C:\COMBOFIX\REGRUNS02> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (02/26/2012 09:48:55 AM) (Source: Windows Search Service) (User: )
Description: The entry <C:\COMBOFIX\TOOLB-00> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (02/26/2012 09:48:46 AM) (Source: Windows Search Service) (User: )
Description: The entry <C:\COMBOFIX\TEMP01> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)

Error: (02/26/2012 09:48:46 AM) (Source: Windows Search Service) (User: )
Description: The entry <C:\COMBOFIX\TEMP00> in the hash map cannot be updated.

Context: Application, SystemIndex Catalog

Details:
A device attached to the system is not functioning. (0x8007001f)


System errors:
=============
Error: (02/27/2012 06:45:05 PM) (Source: DCOM) (User: )
Description: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}

Error: (02/27/2012 04:58:51 PM) (Source: Service Control Manager) (User: )
Description: 30000stisvc

Error: (02/27/2012 02:25:50 AM) (Source: netbt) (User: )
Description: The name "WORKGROUP :1d" could not be registered on the interface with IP address 192.168.1.5.
The computer with the IP address 192.168.1.3 did not allow the name to be claimed by
this computer.

Error: (02/27/2012 00:17:22 AM) (Source: BROWSER) (User: )
Description: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_Tcpip_{6004B232-A373-4FF2-B06E-14DC066528D8}.
The backup browser is stopping.

Error: (02/26/2012 09:42:36 AM) (Source: Service Control Manager) (User: )
Description: Google Update Service (gupdate)%%1053

Error: (02/26/2012 09:42:36 AM) (Source: Service Control Manager) (User: )
Description: 30000Google Update Service (gupdate)

Error: (02/26/2012 09:40:49 AM) (Source: DCOM) (User: LOCAL SERVICE)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)

Error: (02/26/2012 09:40:38 AM) (Source: DCOM) (User: SYSTEM)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)

Error: (02/26/2012 09:40:06 AM) (Source: Service Control Manager) (User: )
Description: Beep

Error: (02/26/2012 09:40:06 AM) (Source: Service Control Manager) (User: )
Description: Intel® PRO/1000 NDIS 6 Adapter Driver%%1058


Microsoft Office Sessions:
=========================
Error: (09/26/2011 00:01:43 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 935834 seconds with 102780 seconds of active time. This session ended with a crash.

Error: (05/30/2011 07:30:44 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 134074 seconds with 22680 seconds of active time. This session ended with a crash.

Error: (09/27/2010 08:10:12 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 179786 seconds with 33120 seconds of active time. This session ended with a crash.

Error: (09/16/2010 11:55:16 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6541.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 417424 seconds with 55680 seconds of active time. This session ended with a crash.

Error: (04/06/2010 09:16:04 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 4135830 seconds with 347700 seconds of active time. This session ended with a crash.

Error: (02/14/2010 01:04:55 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3353 seconds with 3060 seconds of active time. This session ended with a crash.


=========================== Installed Programs ============================

64 Bit HP CIO Components Installer (Version: 7.2.8)
Abacast Distributed Live (Version: 2.2b12)
Adobe Flash Player 11 Plugin 64-bit (Version: 11.1.102.55)
Dell Dock (Version: 1.0.0)
Dell Touchpad (Version: 7.102.115.201)
Dell Wireless WLAN Card Utility (Version: 5.10.38.30)
EPSON Printer Software
GoToMeeting 4.5.0.457
HP Customer Participation Program 8.0 (Version: 8.0)
HP Imaging Device Functions 8.0 (Version: 8.0)
HP LaserJet Professional M1130-M1210 MFP Series
HP LaserJet Professional M1210 MFP Series Fax Installer (Version: 1.1.0)
HP LaserJet Professional M1210 MFP Series Toolbox (Version: 1.0.12)
HP LaserJet Toolbox (Version: 2.0.0)
HP OCR Software 8.0 (Version: 8.0)
HP Officejet Pro All-In-One Series (Version: 1.0)
HP Solution Center 8.0 (Version: 8.0)
Integrated Webcam Driver (1.02.01.0320) (Version: 1.02.01.0320)
Intel® Matrix Storage Manager
LEGO MINDSTORMS NXT Driver for x64 (Version: 1.19.768)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6425.1000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Move Media Player
NetDeviceManager64 (Version: 90.0.192.000)
Octoshape add-in for Adobe Flash Player
PaperPort Image Printer (Version: 1.00.0000)
PhoneFusion Fax Driver (Version: 2.0.0)
Quickset (Version: 9.2.10)
Scan To (Version: 2.0.1)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
Yahoo! BrowserPlus 2.9.8

========================= Memory info: ===================================

Percentage of memory in use: 70%
Total physical RAM: 4057.45 MB
Available physical RAM: 1186.53 MB
Total Pagefile: 8318.14 MB
Available Pagefile: 4574.38 MB
Total Virtual: 4095.88 MB
Available Virtual: 3992.91 MB

========================= Partitions: =====================================

1 Drive c: (OS) (Fixed) (Total:283.4 GB) (Free:225.77 GB) NTFS
2 Drive e: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:6.81 GB) NTFS

========================= Users: ========================================

User accounts for \\OWNER-PC

Administrator Guest Owner


**** End of log ****

#4 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:52 PM

Posted 28 February 2012 - 11:56 PM

Please download Malwarebytes Anti-Malware Posted Image and save it to your desktop.
  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you cannot update Malwarebytes or use the Internet to download any files to the infected computer, manually update the database by following the instructions in FAQ Section A: 4. Issues.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

-- Some types of malware will target Malwarebytes and other security tools to keep them from running properly. If that's the case, go to Start > All Programs > Malwarebytes Anti-Malware folder > Tools > click on Malwarebytes Chameleon and follow the onscreen instructions. The Chameleon folder can be accessed by opening the program folder for Malwarebytes Anti-Malware (normally C:\Program Files\Malwarebytes' Anti-Malware or C:\Program Files (x86)\Malwarebytes' Anti-Malware).
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw

#5 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:52 PM

Posted 29 February 2012 - 05:10 AM

I split off your last post and placed it here: http://www.bleepingcomputer.com/forums/topic444528.html

You posted a Combofix log and a DDS log, which are not permitted in this section of the forum.

One of our malware team will pick up your new topic in due course. To avoid confusion I will now close this topic.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users