Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware Infection - Help?


  • Please log in to reply
7 replies to this topic

#1 carp104

carp104

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:02:54 PM

Posted 04 March 2012 - 10:09 PM

Several of my google searches are being redirect to hxxp://63.209.69.107(search argument). I am using Windows Vista Home Premium, version 6.0, service pack 2.

I use IE 8.0.6001 and also had IE 9 which was also infected (uninstalled it and downgraded back to IE8).

Please help!

Thanks

BC AdBot (Login to Remove)

 


#2 Celena

Celena

  • Banned Spammer
  • 17 posts
  • OFFLINE
  •  
  • Local time:02:54 PM

Posted 04 March 2012 - 11:53 PM

http://www.pcmag.com/article2/0,2817,2370676,00.asp
Hope this link can help you.

#3 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:54 PM

Posted 05 March 2012 - 03:32 AM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)


Please download GMER from here(doesnot work on 64 bit OS)

http://www2.gmer.net/download.php

Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver.

GMER will open to the Rootkit/Malware tab and perform an automatic Full Scan when first run. (do not use the computer while the scan is in progress)

If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO.
Now click the Scan button. If you see a rootkit warning window, click OK.
When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log.
Click the Copy button and paste the results into your next reply.


Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

#4 carp104

carp104
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:02:54 PM

Posted 14 March 2012 - 02:43 AM

TDSKiller Log:



02:17:25.0457 4488 TDSS rootkit removing tool 2.7.20.0 Mar 9 2012 17:10:43
02:17:26.0986 4488 ============================================================
02:17:26.0986 4488 Current date / time: 2012/03/14 02:17:26.0986
02:17:26.0986 4488 SystemInfo:
02:17:26.0986 4488
02:17:26.0986 4488 OS Version: 6.0.6002 ServicePack: 2.0
02:17:26.0986 4488 Product type: Workstation
02:17:27.0002 4488 ComputerName: MATT-PC
02:17:27.0002 4488 UserName: Matt
02:17:27.0002 4488 Windows directory: C:\Windows
02:17:27.0002 4488 System windows directory: C:\Windows
02:17:27.0002 4488 Running under WOW64
02:17:27.0002 4488 Processor architecture: Intel x64
02:17:27.0002 4488 Number of processors: 4
02:17:27.0002 4488 Page size: 0x1000
02:17:27.0002 4488 Boot type: Normal boot
02:17:27.0002 4488 ============================================================
02:17:28.0780 4488 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
02:17:28.0796 4488 \Device\Harddisk0\DR0:
02:17:28.0827 4488 MBR used
02:17:28.0827 4488 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x140249A, BlocksNum 0x22EEAD41
02:17:28.0827 4488 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x242ED1DB, BlocksNum 0x33258126
02:17:28.0967 4488 Initialize success
02:17:28.0967 4488 ============================================================
02:17:33.0969 2712 ============================================================
02:17:33.0969 2712 Scan started
02:17:33.0969 2712 Mode: Manual;
02:17:33.0969 2712 ============================================================
02:17:35.0264 2712 Scan interrupted by user!
02:17:35.0264 2712 Scan interrupted by user!
02:17:35.0264 2712 Scan interrupted by user!
02:17:35.0264 2712 ============================================================
02:17:35.0264 2712 Scan finished
02:17:35.0264 2712 ============================================================
02:17:35.0279 4056 Detected object count: 0
02:17:35.0279 4056 Actual detected object count: 0
02:17:38.0446 2552 ============================================================
02:17:38.0446 2552 Scan started
02:17:38.0446 2552 Mode: Manual; TDLFS;
02:17:38.0446 2552 ============================================================
02:17:39.0398 2552 ACPI - ok
02:17:39.0413 2552 adfs - ok
02:17:39.0429 2552 adp94xx - ok
02:17:39.0444 2552 adpahci - ok
02:17:39.0444 2552 adpu160m - ok
02:17:39.0460 2552 adpu320 - ok
02:17:39.0460 2552 AFD - ok
02:17:39.0476 2552 agp440 - ok
02:17:39.0476 2552 aic78xx - ok
02:17:39.0507 2552 aliide - ok
02:17:39.0522 2552 amdide - ok
02:17:39.0522 2552 AmdK8 - ok
02:17:39.0538 2552 arc - ok
02:17:39.0554 2552 arcsas - ok
02:17:39.0554 2552 ArcSoftKsUFilter - ok
02:17:39.0569 2552 Arctosa - ok
02:17:39.0569 2552 ASInsHelp - ok
02:17:39.0569 2552 AsIO - ok
02:17:39.0585 2552 AsyncMac - ok
02:17:39.0585 2552 atapi - ok
02:17:39.0772 2552 BHDrvx64 (6c64fa457c200874faa87d74152e0d84) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\BASHDefs\20120302.001\BHDrvx64.sys
02:17:39.0788 2552 BHDrvx64 - ok
02:17:39.0803 2552 blbdrive - ok
02:17:39.0803 2552 bowser - ok
02:17:39.0803 2552 BrFiltLo - ok
02:17:39.0819 2552 BrFiltUp - ok
02:17:39.0819 2552 Brserid - ok
02:17:39.0819 2552 BrSerWdm - ok
02:17:39.0834 2552 BrUsbMdm - ok
02:17:39.0834 2552 BrUsbSer - ok
02:17:39.0834 2552 BTHMODEM - ok
02:17:39.0866 2552 ccHP - ok
02:17:39.0866 2552 cdfs - ok
02:17:39.0866 2552 cdrom - ok
02:17:39.0881 2552 circlass - ok
02:17:39.0881 2552 CLFS - ok
02:17:39.0897 2552 cmdide - ok
02:17:39.0912 2552 Compbatt - ok
02:17:39.0912 2552 crcdisk - ok
02:17:39.0928 2552 DfsC - ok
02:17:39.0944 2552 disk - ok
02:17:39.0944 2552 drmkaud - ok
02:17:39.0959 2552 DXGKrnl - ok
02:17:39.0959 2552 E1G60 - ok
02:17:39.0959 2552 Ecache - ok
02:17:40.0037 2552 eeCtrl (0c3f9eff8ddd9f9eb56d754b4620155f) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
02:17:40.0068 2552 eeCtrl - ok
02:17:40.0068 2552 elxstor - ok
02:17:40.0115 2552 EraserUtilRebootDrv (8c0f9b877bc0b7ffd327ef55f9efb642) C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
02:17:40.0131 2552 EraserUtilRebootDrv - ok
02:17:40.0131 2552 ErrDev - ok
02:17:40.0131 2552 exfat - ok
02:17:40.0146 2552 fastfat - ok
02:17:40.0146 2552 fdc - ok
02:17:40.0162 2552 FileInfo - ok
02:17:40.0162 2552 Filetrace - ok
02:17:40.0178 2552 flpydisk - ok
02:17:40.0193 2552 FltMgr - ok
02:17:40.0193 2552 fssfltr - ok
02:17:40.0209 2552 Fs_Rec - ok
02:17:40.0224 2552 gagp30kx - ok
02:17:40.0224 2552 GEARAspiWDM - ok
02:17:40.0240 2552 HdAudAddService - ok
02:17:40.0256 2552 HDAudBus - ok
02:17:40.0256 2552 HidBth - ok
02:17:40.0256 2552 HidIr - ok
02:17:40.0271 2552 HidUsb - ok
02:17:40.0271 2552 HpCISSs - ok
02:17:40.0287 2552 HTTP - ok
02:17:40.0287 2552 i2omp - ok
02:17:40.0287 2552 i8042prt - ok
02:17:40.0287 2552 ialm - ok
02:17:40.0302 2552 iaStorV - ok
02:17:40.0646 2552 IDSVia64 (18c40c3f368323b203ace403cb430db1) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\IPSDefs\20120313.001\IDSvia64.sys
02:17:40.0739 2552 IDSVia64 - ok
02:17:40.0755 2552 iirsp - ok
02:17:40.0770 2552 IntcAzAudAddService - ok
02:17:40.0770 2552 intelide - ok
02:17:40.0786 2552 intelppm - ok
02:17:40.0802 2552 IpFilterDriver - ok
02:17:40.0802 2552 IpInIp - ok
02:17:40.0802 2552 IPMIDRV - ok
02:17:40.0817 2552 IPNAT - ok
02:17:40.0817 2552 IRENUM - ok
02:17:40.0817 2552 isapnp - ok
02:17:40.0817 2552 iScsiPrt - ok
02:17:40.0833 2552 iteatapi - ok
02:17:40.0833 2552 iteraid - ok
02:17:40.0833 2552 kbdclass - ok
02:17:40.0848 2552 kbdhid - ok
02:17:40.0848 2552 KSecDD - ok
02:17:40.0848 2552 ksthunk - ok
02:17:40.0864 2552 lltdio - ok
02:17:40.0880 2552 LSI_FC - ok
02:17:40.0880 2552 LSI_SAS - ok
02:17:40.0880 2552 LSI_SCSI - ok
02:17:40.0895 2552 luafv - ok
02:17:40.0895 2552 MBAMProtector - ok
02:17:40.0926 2552 mcdbus - ok
02:17:40.0926 2552 megasas - ok
02:17:40.0942 2552 MegaSR - ok
02:17:40.0942 2552 Modem - ok
02:17:40.0958 2552 monitor - ok
02:17:40.0958 2552 mouclass - ok
02:17:40.0958 2552 mouhid - ok
02:17:40.0973 2552 MountMgr - ok
02:17:40.0973 2552 mpio - ok
02:17:40.0973 2552 mpsdrv - ok
02:17:40.0989 2552 Mraid35x - ok
02:17:40.0989 2552 MRxDAV - ok
02:17:40.0989 2552 mrxsmb - ok
02:17:40.0989 2552 mrxsmb10 - ok
02:17:41.0004 2552 mrxsmb20 - ok
02:17:41.0004 2552 msahci - ok
02:17:41.0004 2552 msdsm - ok
02:17:41.0020 2552 Msfs - ok
02:17:41.0036 2552 msisadrv - ok
02:17:41.0036 2552 MSKSSRV - ok
02:17:41.0051 2552 MSPCLOCK - ok
02:17:41.0051 2552 MSPQM - ok
02:17:41.0051 2552 MsRPC - ok
02:17:41.0067 2552 mssmbios - ok
02:17:41.0067 2552 MSTEE - ok
02:17:41.0067 2552 MTsensor - ok
02:17:41.0067 2552 Mup - ok
02:17:41.0098 2552 NativeWifiP - ok
02:17:41.0145 2552 NAVENG (2dbe90210de76be6e1653bb20ec70ec2) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20120313.020\ENG64.SYS
02:17:41.0176 2552 NAVENG - ok
02:17:41.0223 2552 NAVEX15 (346da70e203b8e2c850277713de8f71b) C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.1.0.32\Definitions\VirusDefs\20120313.020\EX64.SYS
02:17:41.0270 2552 NAVEX15 - ok
02:17:41.0270 2552 NDIS - ok
02:17:41.0270 2552 NdisTapi - ok
02:17:41.0270 2552 Ndisuio - ok
02:17:41.0285 2552 NdisWan - ok
02:17:41.0285 2552 NDProxy - ok
02:17:41.0301 2552 NetBIOS - ok
02:17:41.0316 2552 netbt - ok
02:17:41.0332 2552 netr28x - ok
02:17:41.0332 2552 nfrd960 - ok
02:17:41.0348 2552 Npfs - ok
02:17:41.0348 2552 nsiproxy - ok
02:17:41.0363 2552 Ntfs - ok
02:17:41.0363 2552 Null - ok
02:17:41.0363 2552 NVHDA - ok
02:17:41.0363 2552 nvlddmkm - ok
02:17:41.0379 2552 nvraid - ok
02:17:41.0379 2552 nvstor - ok
02:17:41.0379 2552 nv_agp - ok
02:17:41.0394 2552 NwlnkFlt - ok
02:17:41.0394 2552 NwlnkFwd - ok
02:17:41.0410 2552 ohci1394 - ok
02:17:41.0426 2552 Parport - ok
02:17:41.0426 2552 partmgr - ok
02:17:41.0441 2552 pci - ok
02:17:41.0441 2552 pciide - ok
02:17:41.0441 2552 pcmcia - ok
02:17:41.0441 2552 PEAUTH - ok
02:17:41.0472 2552 PnkBstrK - ok
02:17:41.0488 2552 PptpMiniport - ok
02:17:41.0488 2552 Processor - ok
02:17:41.0504 2552 PSched - ok
02:17:41.0504 2552 ql2300 - ok
02:17:41.0519 2552 ql40xx - ok
02:17:41.0519 2552 QWAVEdrv - ok
02:17:41.0519 2552 RasAcd - ok
02:17:41.0535 2552 Rasl2tp - ok
02:17:41.0535 2552 RasPppoe - ok
02:17:41.0535 2552 RasSstp - ok
02:17:41.0550 2552 rdbss - ok
02:17:41.0550 2552 RDPCDD - ok
02:17:41.0550 2552 rdpdr - ok
02:17:41.0566 2552 RDPENCDD - ok
02:17:41.0566 2552 RDPWD - ok
02:17:41.0582 2552 rspndr - ok
02:17:41.0582 2552 RTL8169 - ok
02:17:41.0597 2552 sbp2port - ok
02:17:41.0613 2552 secdrv - ok
02:17:41.0613 2552 Serenum - ok
02:17:41.0628 2552 Serial - ok
02:17:41.0628 2552 sermouse - ok
02:17:41.0644 2552 sffdisk - ok
02:17:41.0644 2552 sffp_mmc - ok
02:17:41.0644 2552 sffp_sd - ok
02:17:41.0660 2552 sfloppy - ok
02:17:41.0660 2552 SiSRaid2 - ok
02:17:41.0660 2552 SiSRaid4 - ok
02:17:41.0675 2552 Smb - ok
02:17:41.0691 2552 spldr - ok
02:17:41.0706 2552 SRTSP - ok
02:17:41.0706 2552 SRTSPX - ok
02:17:41.0706 2552 srv - ok
02:17:41.0722 2552 srv2 - ok
02:17:41.0722 2552 srvnet - ok
02:17:41.0753 2552 swenum - ok
02:17:41.0753 2552 Symc8xx - ok
02:17:41.0769 2552 SymDS - ok
02:17:41.0769 2552 SymEFA - ok
02:17:41.0784 2552 SymEvent - ok
02:17:41.0784 2552 SymIRON - ok
02:17:41.0784 2552 SYMTDIv - ok
02:17:41.0800 2552 Sym_hi - ok
02:17:41.0800 2552 Sym_u3 - ok
02:17:41.0816 2552 Tcpip - ok
02:17:41.0816 2552 Tcpip6 - ok
02:17:41.0816 2552 tcpipreg - ok
02:17:41.0831 2552 TDPIPE - ok
02:17:41.0831 2552 TDTCP - ok
02:17:41.0831 2552 tdx - ok
02:17:41.0831 2552 TermDD - ok
02:17:41.0862 2552 tssecsrv - ok
02:17:41.0862 2552 tunmp - ok
02:17:41.0862 2552 tunnel - ok
02:17:41.0862 2552 uagp35 - ok
02:17:41.0878 2552 udfs - ok
02:17:41.0894 2552 uliagpkx - ok
02:17:41.0894 2552 uliahci - ok
02:17:41.0894 2552 UlSata - ok
02:17:41.0909 2552 ulsata2 - ok
02:17:41.0909 2552 umbus - ok
02:17:41.0909 2552 USBAAPL64 - ok
02:17:41.0925 2552 usbaudio - ok
02:17:41.0925 2552 usbccgp - ok
02:17:41.0925 2552 usbcir - ok
02:17:41.0940 2552 usbehci - ok
02:17:41.0956 2552 usbhub - ok
02:17:41.0956 2552 usbohci - ok
02:17:41.0956 2552 usbprint - ok
02:17:41.0972 2552 USBSTOR - ok
02:17:41.0972 2552 usbuhci - ok
02:17:41.0972 2552 usbvideo - ok
02:17:41.0987 2552 vga - ok
02:17:41.0987 2552 VgaSave - ok
02:17:41.0987 2552 viaide - ok
02:17:42.0003 2552 volmgr - ok
02:17:42.0003 2552 volmgrx - ok
02:17:42.0003 2552 volsnap - ok
02:17:42.0003 2552 vsmraid - ok
02:17:42.0018 2552 WacomPen - ok
02:17:42.0018 2552 Wanarp - ok
02:17:42.0034 2552 Wanarpv6 - ok
02:17:42.0034 2552 Wd - ok
02:17:42.0050 2552 Wdf01000 - ok
02:17:42.0096 2552 WmiAcpi - ok
02:17:42.0112 2552 WpdUsb - ok
02:17:42.0112 2552 ws2ifsl - ok
02:17:42.0128 2552 WUDFRd - ok
02:17:42.0159 2552 MBR (0x1B8) (f05261c246ce4b3c544521ffff7aef5d) \Device\Harddisk0\DR0
02:17:42.0502 2552 \Device\Harddisk0\DR0 - ok
02:17:42.0533 2552 Boot (0x1200) (30e89c6e6b0409fd4388e18239551fd3) \Device\Harddisk0\DR0\Partition0
02:17:42.0549 2552 \Device\Harddisk0\DR0\Partition0 - ok
02:17:42.0564 2552 Boot (0x1200) (3e714b26d2935bc7737f31750140b9d3) \Device\Harddisk0\DR0\Partition1
02:17:42.0596 2552 \Device\Harddisk0\DR0\Partition1 - ok
02:17:42.0596 2552 ============================================================
02:17:42.0596 2552 Scan finished
02:17:42.0596 2552 ============================================================
02:17:42.0596 2896 Detected object count: 0
02:17:42.0596 2896 Actual detected object count: 0
02:17:45.0201 4484 Deinitialize success



-------------------------------------------------------------------------------------------



Unable to run GMER because I have a 64 bit OS.

Here is the aswMBR log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-03-14 02:22:14
-----------------------------
02:22:14.580 OS Version: Windows x64 6.0.6002 Service Pack 2
02:22:14.580 Number of processors: 4 586 0x170A
02:22:14.580 ComputerName: MATT-PC UserName: Matt
02:22:17.903 Initialize success
02:26:15.655 AVAST engine defs: 12031301
02:32:52.191 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
02:32:52.191 Disk 0 Vendor: ST3750528AS CC44 Size: 715404MB BusType: 3
02:32:52.207 Disk 0 MBR read successfully
02:32:52.207 Disk 0 MBR scan
02:32:52.222 Disk 0 unknown MBR code
02:32:52.222 Disk 0 Partition 1 00 1B Hidd FAT32 NTFS 10244 MB offset 63
02:32:52.238 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 286165 MB offset 20980890
02:32:52.269 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 418992 MB offset 607048155
02:32:52.300 Disk 0 scanning C:\Windows\system32\drivers
02:33:04.437 Service scanning
02:33:25.778 Modules scanning
02:33:25.778 Disk 0 trace - called modules:
02:33:25.809 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
02:33:25.809 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8008b76790]
02:33:25.809 3 CLASSPNP.SYS[fffffa60011d4c33] -> nt!IofCallDriver -> [0xfffffa8007960930]
02:33:25.809 5 acpi.sys[fffffa6000b81fde] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa800796d060]
02:33:27.338 AVAST engine scan C:\Windows
02:33:30.302 AVAST engine scan C:\Windows\system32
02:37:47.920 AVAST engine scan C:\Windows\system32\drivers
02:38:05.486 AVAST engine scan C:\Users\Matt
02:48:18.406 File: C:\Users\Matt\AppData\Roaming\Apple Computer\Apple Computer\btphzfbs.dll **INFECTED** Win32:Malware-gen
03:15:51.126 AVAST engine scan C:\ProgramData
03:33:24.531 Scan finished successfully
03:40:49.622 Disk 0 MBR has been saved successfully to "C:\Users\Matt\Desktop\MBR.dat"
03:40:49.637 The log file has been saved successfully to "C:\Users\Matt\Desktop\aswMBR.txt"

Edited by carp104, 14 March 2012 - 02:43 AM.


#5 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:54 PM

Posted 14 March 2012 - 06:19 PM

Download

http://www.techspot.com/downloads/4716-malwarebytes-anti-malware.html

Install,update and run a full scan

Click on SHOW results.Select all infections and remove it

Reboot the PC and scan MBAM once in regular mode until you get a clean log

Download

ESET online scanner


Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply



Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size

Click Go and post the result.

#6 carp104

carp104
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:02:54 PM

Posted 16 March 2012 - 10:50 PM

Hello,

Malwarebytes log:

Malwarebytes Anti-Malware (Trial) 1.60.1.1000
www.malwarebytes.org

Database version: v2012.03.15.01

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 8.0.6001.19190
Matt :: MATT-PC [administrator]

Protection: Enabled

3/14/2012 11:24:49 PM
mbam-log-2012-03-14 (23-24-49).txt

Scan type: Full scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 600827
Time elapsed: 2 hour(s), 26 minute(s), 54 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)




----------------------------------------------



ESET log:

C:\Program Files (x86)\Search Toolbar\SearchToolbar.dll Win32/Toolbar.Zugo application cleaned by deleting - quarantined



----------------------------------------------

Mini Toolbox log:



MiniToolBox by Farbar Version: 18-01-2012
Ran by Matt (administrator) on 16-03-2012 at 23:46:53
Microsoft® Windows Vista™ Home Premium Service Pack 2 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
ProxyServer: http=;ftp=;https=;

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================

127.0.0.2 licensing.intellimon.com mailserver.intellimon.com
::1 localhost


========================= IP Configuration: ================================

Realtek RTL8168B/8111B/8112 Family PCI-E GBE NIC = Local Area Connection (Connected)
802.11n Wireless LAN Card = Wireless Network Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Matt-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Wireless LAN adapter Wireless Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : 802.11n Wireless LAN Card
Physical Address. . . . . . . . . : 00-25-D3-14-4C-1F
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8168B/8111B/8112 Family PCI-E GBE NIC
Physical Address. . . . . . . . . : 00-24-8C-E6-86-BD
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::5879:51cf:80c:9501%10(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.2(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Friday, March 16, 2012 10:33:09 PM
Lease Expires . . . . . . . . . . : Saturday, March 17, 2012 10:33:09 PM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 167781516
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-11-9F-AF-A7-00-24-8C-D9-39-01
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Local Area Connection* 6:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{6BEFA00E-8A4C-4393-BA36-E7F11AC1A886}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 02-00-54-55-4E-01
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 13:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : isatap.{8FB02647-45FD-4B43-B5F5-5B9831FA5700}
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: 192.168.1.1

Name: google.com
Addresses: 74.125.225.32
74.125.225.33
74.125.225.34
74.125.225.35
74.125.225.36
74.125.225.37
74.125.225.38
74.125.225.39
74.125.225.40
74.125.225.41
74.125.225.46



Pinging google.com [74.125.225.136] with 32 bytes of data:

Reply from 74.125.225.136: bytes=32 time=27ms TTL=53

Reply from 74.125.225.136: bytes=32 time=34ms TTL=53



Ping statistics for 74.125.225.136:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 27ms, Maximum = 34ms, Average = 30ms

Server: UnKnown
Address: 192.168.1.1

Name: yahoo.com
Addresses: 98.139.183.24
209.191.122.70
72.30.38.140



Pinging yahoo.com [209.191.122.70] with 32 bytes of data:

Reply from 209.191.122.70: bytes=32 time=47ms TTL=51

Reply from 209.191.122.70: bytes=32 time=45ms TTL=51



Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 45ms, Maximum = 47ms, Average = 46ms

Server: UnKnown
Address: 192.168.1.1

Name: bleepingcomputer.com
Address: 208.43.87.2



Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:

Reply from 208.43.87.2: Destination host unreachable.

Reply from 208.43.87.2: Destination host unreachable.



Ping statistics for 208.43.87.2:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),



Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128



Ping statistics for 127.0.0.1:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================
Interface List
11 ...00 25 d3 14 4c 1f ...... 802.11n Wireless LAN Card
10 ...00 24 8c e6 86 bd ...... Realtek RTL8168B/8111B/8112 Family PCI-E GBE NIC
1 ........................... Software Loopback Interface 1
13 ...00 00 00 00 00 00 00 e0 isatap.{6BEFA00E-8A4C-4393-BA36-E7F11AC1A886}
12 ...02 00 54 55 4e 01 ...... Teredo Tunneling Pseudo-Interface
14 ...00 00 00 00 00 00 00 e0 isatap.{8FB02647-45FD-4B43-B5F5-5B9831FA5700}
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.2 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.2 276
192.168.1.2 255.255.255.255 On-link 192.168.1.2 276
192.168.1.255 255.255.255.255 On-link 192.168.1.2 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.2 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.2 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
10 276 fe80::/64 On-link
10 276 fe80::5879:51cf:80c:9501/128
On-link
1 306 ff00::/8 On-link
10 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [48128] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [50176] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [62464] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [19968] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [223232] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [61440] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [62976] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [78848] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [78848] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [27648] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [304128] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (03/16/2012 11:27:15 PM) (Source: Application Hang) (User: )
Description: The program soffice.bin version 3.1.9420.500 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: e44
Start Time: 01cd03eda94bcbdd
Termination Time: 15

Error: (03/16/2012 10:47:52 PM) (Source: Perflib) (User: )
Description: PolicyAgent4

Error: (03/16/2012 10:47:52 PM) (Source: Perflib) (User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4

Error: (03/16/2012 10:47:52 PM) (Source: Perflib) (User: )
Description: EmdCache4

Error: (03/16/2012 10:34:42 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/15/2012 09:56:36 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.

Error: (03/15/2012 09:56:30 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.

Error: (03/15/2012 08:20:19 PM) (Source: Perflib) (User: )
Description: PolicyAgent4

Error: (03/15/2012 08:20:19 PM) (Source: Perflib) (User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4

Error: (03/15/2012 08:20:19 PM) (Source: Perflib) (User: )
Description: EmdCache4


System errors:
=============
Error: (03/16/2012 10:36:00 PM) (Source: Microsoft-Windows-LanguagePackSetup) (User: SYSTEM)
Description: 0x80070032

Error: (03/16/2012 10:35:36 PM) (Source: Service Control Manager) (User: )
Description: i8042prt

Error: (03/15/2012 07:38:11 PM) (Source: Microsoft-Windows-LanguagePackSetup) (User: SYSTEM)
Description: 0x80070032

Error: (03/15/2012 07:38:11 PM) (Source: Service Control Manager) (User: )
Description: i8042prt

Error: (03/15/2012 07:53:13 AM) (Source: Microsoft-Windows-LanguagePackSetup) (User: SYSTEM)
Description: 0x80070032

Error: (03/15/2012 07:52:18 AM) (Source: Service Control Manager) (User: )
Description: i8042prt

Error: (03/15/2012 07:50:46 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 7:42:18 AM on 3/15/2012 was unexpected.

Error: (03/15/2012 07:48:56 AM) (Source: Service Control Manager) (User: )
Description: 30000FDResPub

Error: (03/15/2012 07:48:26 AM) (Source: Service Control Manager) (User: )
Description: 30000LanmanWorkstation

Error: (03/15/2012 07:47:56 AM) (Source: Service Control Manager) (User: )
Description: 30000LanmanWorkstation


Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

Akamai NetSession Interface
Apple Mobile Device Support (Version: 3.2.0.47)
AutoCAD Mechanical 2011 (Version: 15.0.46.0)
AutoCAD Mechanical 2011 Language Pack - English (Version: 15.0.46.0)
Autodesk Inventor 2010 (Version: 14.0.0000.22302)
Autodesk Inventor 2010 English Language Pack (Version: 14.0.0000.22302)
Autodesk Inventor Content Center Libraries 2010 (Desktop Content) (Version: 14.0.0000.22302)
Autodesk Inventor Content Center Libraries 2011 (Desktop Content) (Version: 15.0.0000.23900)
Autodesk Inventor Professional 2010 (Version: 14.0.0000.22302)
Autodesk Inventor Professional 2011 (Version: 15.0.0000.23900)
Autodesk Inventor Professional 2011 English (Version: 15.0.0000.23900)
Autodesk Inventor Professional 2011 English Language Pack (Version: 15.0.0000.23900)
Autodesk Vault 2011 (Client) (Version: 15.0.58.0)
Autodesk Vault 2011 (Client) English Language Pack (Version: 15.0.58.0)
Bing Maps 3D (Version: 4.0.903.16005)
CarbonPoker (Version: 5.0)
DWG TrueView 2010 (Version: 18.0.55.0)
DWG TrueView 2011 (Version: 18.1.49.0)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU
Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU (Version: 8.0.52572)
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053)
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053)
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000)
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000)
NVIDIA Drivers (Version: 1.3)
Windows Live Family Safety (Version: 15.4.3538.0513)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Language Selector (Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
WinRAR archiver
WinZip 16.0 (Version: 16.0.9715)
Yahoo! BrowserPlus 2.9.8

========================= Memory info: ===================================

Percentage of memory in use: 25%
Total physical RAM: 8190.19 MB
Available physical RAM: 6113.17 MB
Total Pagefile: 16431.41 MB
Available Pagefile: 14487.7 MB
Total Virtual: 4095.88 MB
Available Virtual: 3993.84 MB

========================= Partitions: =====================================

1 Drive c: (WINVISTA) (Fixed) (Total:279.46 GB) (Free:110.09 GB) NTFS
2 Drive d: (DATA) (Fixed) (Total:409.17 GB) (Free:397.78 GB) NTFS

========================= Users: ========================================

User accounts for \\MATT-PC

Administrator Guest Matt


**** End of log ****

#7 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:02:54 PM

Posted 18 March 2012 - 01:59 AM

That looks good

Download

TFC


Launch it,it will close all running programs

click on START,it should ask for reboot

Turn off your system restore,restart the PC,create a new restore point

http://windows.microsoft.com/en-US/windows7/Turn-System-Restore-on-or-off


Update your antivirus frequently,do not click on suspicious links

Safe surfing :)

#8 carp104

carp104
  • Topic Starter

  • Members
  • 37 posts
  • OFFLINE
  •  
  • Local time:02:54 PM

Posted 20 March 2012 - 09:35 PM

Wow, can't thank you enough for your help!

You certainly know what you're doing. Thanks again!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users