Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Happili Browser Hijack


  • This topic is locked This topic is locked
26 replies to this topic

#1 abcisme

abcisme

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:23 AM

Posted 03 May 2012 - 08:03 AM

Miscellaneous google results are redirected to Happili or other random ads. Any help would be greatly appreciated!

DDS.txt

DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_30
Run by Angel at 9:11:33 on 2012-05-03
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2073 [GMT -4:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Intel\IntelAppStore\bin\serviceManager.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Linksys\Network Storage\Network Drive Mapping Utility.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Documents and Settings\Angel\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSGTAG Status\MSGTAGStatus.exe
C:\Program Files\2BrightSparks\SyncBack\SyncBack.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\MsiExec.exe
C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\MsiExec.exe
C:\Program Files\Outlook Express\msimn.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
uWindow Title = Windows Internet Explorer provided by MSN & Bing
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: Coupons.com Toolbar: {37153479-1976-43c3-a1ee-557513977b64} - c:\program files\coupons.com\prxtbCou0.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Coupons.com Toolbar: {37153479-1976-43c3-a1ee-557513977b64} - c:\program files\coupons.com\prxtbCou0.dll
BHO: Canon Easy-WebPrint EX BHO: {3785d0ad-bfff-47f6-bf5b-a587c162fed9} - c:\program files\canon\easy-webprint ex\ewpexbho.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Canon Easy-WebPrint EX: {759d9886-0c6f-4498-bab6-4a5f47c6c72f} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
TB: Coupons.com Toolbar: {37153479-1976-43c3-a1ee-557513977b64} - c:\program files\coupons.com\prxtbCou0.dll
TB: {724D43A0-0D85-11D4-9908-00400523E39A} - No File
EB: Canon Easy-WebPrint EX: {21347690-ec41-4f9a-8887-1f4aee672439} - c:\program files\canon\easy-webprint ex\ewpexhlp.dll
EB: Groove Folder Synchronization: {2a541ae1-5bf6-4665-a8a3-cfa9672e4291} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [Network Drive Mapping Utility] "c:\program files\linksys\network storage\Network Drive Mapping Utility.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [SansaDispatch] c:\documents and settings\angel\application data\sandisk\sansa updater\SansaDispatch.exe
uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [Google Update] "c:\documents and settings\angel\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [MSGTAG] "c:\program files\msgtag status\MSGTAGStatus.exe" /startup
mRun: [Network Drive Mapping Utility] "c:\program files\linksys\network storage\Network Drive Mapping Utility.exe" Z
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [Intel AppUp(SM) center] "c:\program files\intel\intelappstore\bin\serviceManager.lnk"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
StartupFolder: c:\docume~1\angel\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\angel\startm~1\programs\startup\E-mail.lnk -
StartupFolder: c:\docume~1\angel\startm~1\programs\startup\syncback.lnk - c:\program files\2brightsparks\syncback\SyncBack.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {36ECAF82-3300-8F84-092E-AFF36D6C7040} - {86529161-034E-4F8A-88D2-3C625E612E04} - c:\program files\winhttrack\WinHTTrackIEBar.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: intuit.com\ttlc
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1298319504437
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.3
TCP: Interfaces\{66477485-7B70-4431-9D8B-2141ACC75187} : DhcpNameServer = 192.168.1.3
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\angel\application data\mozilla\firefox\profiles\3lgduzhl.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2559647&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxps://www.facebook.com/
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\angel\application data\mozilla\plugins\NPShipRush_USPS_LabelsOnly.dll
FF - plugin: c:\documents and settings\angel\local settings\application data\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\documents and settings\angel\local settings\application data\spoon\3.32.2.12\npMozillaSpoonPlugin.dll
FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npkimi.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_233.dll
.
---- FIREFOX POLICIES ----
user_pref(capability.policy.default.Clipboard.cutcopy,allAccess);
FF - user.js: capability.policy.default.Clipboard.paste - allAccess
============= SERVICES / DRIVERS ===============
.
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2010-2-17 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2010-6-29 116608]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\common files\intuit\update service v4\IntuitUpdateService.exe [2011-8-25 13672]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-8-17 654408]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-8-17 22344]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-7-30 136176]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-2-29 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-29 253088]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [2011-3-18 30312]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [2011-3-11 20032]
S3 FlashUSB;FlashUSB;c:\windows\system32\drivers\FlashUSB.sys [2010-11-26 16896]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-7-30 136176]
S3 KiesAllShare;SAMSUNG KiesAllShare Service;c:\program files\samsung\kies\wiselinkpro\wiselinkpro.exe --> c:\program files\samsung\kies\wiselinkpro\WiselinkPro.exe [?]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2012-4-15 32072]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-26 129976]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2011-3-18 121192]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2011-3-18 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2011-3-18 136680]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-05-03 11:11:38 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-05-03 11:11:17 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-04-30 10:49:20 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2012-04-26 14:43:30 -------- d-----w- c:\program files\Windows Media Connect 2
2012-04-26 14:32:42 -------- d-----w- c:\program files\Gogo MP3 To CD Burner
2012-04-26 12:31:35 157352 ----a-w- c:\program files\mozilla firefox\maintenanceservice_installer.exe
2012-04-26 12:31:35 129976 ----a-w- c:\program files\mozilla firefox\maintenanceservice.exe
2012-04-22 18:36:41 12872 ----a-w- c:\windows\system32\bootdelete.exe
2012-04-22 16:01:47 -------- d-----w- c:\documents and settings\all users\application data\HitmanPro
2012-04-20 23:09:19 -------- d-----w- c:\windows\ServiceProfiles
2012-04-20 23:09:19 -------- d-----w- c:\documents and settings\angel\AppData
2012-04-20 23:08:57 -------- d-----w- c:\windows\XSxS
2012-04-20 23:08:49 -------- d-----w- c:\documents and settings\angel\local settings\application data\Spoon
2012-04-20 23:08:48 -------- d-----w- c:\documents and settings\angel\local settings\application data\Xenocode
2012-04-17 18:56:39 -------- d-----w- c:\documents and settings\angel\Config
2012-04-17 01:13:19 -------- d-----w- c:\documents and settings\angel\local settings\application data\Software Statistics Service
2012-04-17 01:12:31 360448 ----a-w- c:\windows\system32\midas.dll
2012-04-17 01:12:31 -------- d-----w- c:\program files\common files\MagneticOne
2012-04-17 01:12:26 -------- d-----w- c:\program files\MagneticOne
2012-04-17 01:12:26 -------- d-----w- c:\documents and settings\angel\local settings\application data\MagneticOne Store Manager for Zen Cart
2012-04-17 01:12:26 -------- d-----w- c:\documents and settings\all users\application data\MagneticOne Store Manager for Zen Cart
2012-04-16 12:45:01 -------- d-----w- c:\documents and settings\angel\local settings\application data\DolphinFutures
2012-04-16 12:44:55 -------- d-----w- c:\program files\Dolphin Futures
2012-04-15 17:55:20 75776 -c----w- c:\windows\system32\dllcache\strmfilt.dll
2012-04-15 17:55:20 25088 -c----w- c:\windows\system32\dllcache\httpapi.dll
2012-04-15 17:50:12 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-15 17:41:51 32072 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2012-04-15 17:40:04 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2012-04-15 15:51:49 -------- d-----w- C:\sh4ldr
2012-04-15 15:51:49 -------- d-----w- c:\program files\Enigma Software Group
2012-04-15 15:51:29 -------- d-----w- c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP
2012-04-15 15:51:25 -------- d-----w- c:\program files\common files\Wise Installation Wizard
2012-04-04 19:48:48 -------- d-----w- c:\program files\oDesk
2012-04-04 19:48:43 -------- d-----w- c:\documents and settings\angel\local settings\application data\oDesk
2012-04-04 14:20:29 -------- d-----r- c:\program files\Skype
.
==================== Find3M ====================
.
2012-04-14 12:39:05 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-14 12:39:05 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-04 19:56:40 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-22 19:12:12 4435968 ----a-w- c:\windows\system32\GPhotos.scr
2012-03-01 11:01:32 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01:32 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01:32 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10:16 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10:16 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17:40 385024 ----a-w- c:\windows\system32\html.iec
2012-02-07 15:02:40 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX
.
============= FINISH: 9:15:13.46 ===============
Attach.txt


Mod Edit: Merged posts,removed code for ease of reading~~boopme

Attached Files


Edited by boopme, 03 May 2012 - 09:47 AM.


BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:23 AM

Posted 03 May 2012 - 11:59 PM

Hello and Welcome to Bleeping Computer!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.

Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.



Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 abcisme

abcisme
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:23 AM

Posted 04 May 2012 - 08:22 AM

checkup.txt

Results of screen317's Security Check version 0.99.32
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
```````````````````````````````
Anti-malware/Other Utilities Check:

SUPERAntiSpyware
Java™ 6 Update 30
Java version out of date!
Adobe Flash Player 11.2.202.233
Mozilla Firefox (12.0.)
Mozilla Thunderbird (x86 en-US..)
````````````````````````````````
Process Check:
objlist.exe by Laurent

Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
``````````End of Log````````````

Edited by abcisme, 04 May 2012 - 08:29 AM.


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:23 AM

Posted 04 May 2012 - 11:30 AM

ok let me have the combofix report when you are ready


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 abcisme

abcisme
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:23 AM

Posted 04 May 2012 - 11:32 AM

Still trying to backup my files.. Sorry it is taking so long! Will post combofix as soon as possible. Thank you so much for your help!

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:23 AM

Posted 04 May 2012 - 12:03 PM

:thumbup2:
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 abcisme

abcisme
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:23 AM

Posted 05 May 2012 - 07:27 PM

Here is the combofix log:

ComboFix 12-05-05.05 - Angel 05/05/2012 7:41.1.4 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2392 [GMT -4:00]
Running from: c:\documents and settings\Angel\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\windows\system32\dllcache\dlimport.exe
c:\windows\system32\dllcache\wmpvis.dll
c:\windows\system32\muzapp.exe
c:\windows\system32\SET2A9.tmp
c:\windows\system32\SET2AD.tmp
c:\windows\system32\SET2B4.tmp
c:\windows\system32\SET2EF.tmp
c:\windows\system32\SET77.tmp
c:\windows\system32\SET83.tmp
c:\windows\system32\system32
c:\windows\system32\system32\cis-2.4.dll
c:\windows\system32\system32\issacapi_bs-2.3.dll
c:\windows\system32\system32\issacapi_pe-2.3.dll
c:\windows\system32\system32\issacapi_se-2.3.dll
c:\windows\system32\system32\MACXMLProto.dll
c:\windows\system32\system32\MaDRM.dll
c:\windows\system32\system32\MaJGUILib.dll
c:\windows\system32\system32\MaJUtilLib.dll
c:\windows\system32\system32\MAMACExtract.dll
c:\windows\system32\system32\MASetupCaller.dll
c:\windows\system32\system32\MASetupCleaner.exe
c:\windows\system32\system32\MaXMLProto.dll
c:\windows\system32\system32\MetaStore2.dll
c:\windows\system32\system32\Microsoft.Synchronization.dll
c:\windows\system32\system32\MK_Lyric.dll
c:\windows\system32\system32\MSCLib.dll
c:\windows\system32\system32\MSFLib.dll
c:\windows\system32\system32\MSLUR71.dll
c:\windows\system32\system32\msvcp60.dll
c:\windows\system32\system32\MTTELECHIP.dll
c:\windows\system32\system32\MTXSYNCICON.dll
c:\windows\system32\system32\muzaf1.dll
c:\windows\system32\system32\muzapp.dll
c:\windows\system32\system32\muzapp.exe
c:\windows\system32\system32\muzdecode.ax
c:\windows\system32\system32\muzeffect.ax
c:\windows\system32\system32\muzmp4sp.ax
c:\windows\system32\system32\muzmpgsp.ax
c:\windows\system32\system32\muzoggsp.ax
c:\windows\system32\system32\muzwmts.dll
c:\windows\system32\system32\psapi.dll
c:\windows\system32\system32\Synchronization2.dll
c:\windows\XSxS
F:\autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2012-04-05 to 2012-05-05 )))))))))))))))))))))))))))))))
.
.
2012-05-03 11:11 . 2012-05-03 11:11 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-05-03 11:11 . 2012-05-03 11:11 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-04-30 10:49 . 2012-05-03 11:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2012-04-26 14:43 . 2012-05-03 11:09 -------- d-----w- c:\program files\Windows Media Connect 2
2012-04-26 14:32 . 2012-05-03 11:10 -------- d-----w- c:\program files\Gogo MP3 To CD Burner
2012-04-26 12:31 . 2012-04-26 12:31 157352 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-04-26 12:31 . 2012-04-26 12:31 129976 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe
2012-04-22 18:36 . 2012-04-22 18:36 12872 ----a-w- c:\windows\system32\bootdelete.exe
2012-04-22 16:01 . 2012-05-03 11:10 -------- d-----w- c:\documents and settings\All Users\Application Data\HitmanPro
2012-04-20 23:09 . 2012-04-20 23:09 -------- d-----w- c:\windows\ServiceProfiles
2012-04-20 23:09 . 2012-04-20 23:09 -------- d-----w- c:\documents and settings\Angel\AppData
2012-04-20 23:08 . 2012-04-20 23:09 -------- d-----w- c:\documents and settings\Angel\Local Settings\Application Data\Spoon
2012-04-20 23:08 . 2012-04-20 23:08 -------- d-----w- c:\documents and settings\Angel\Local Settings\Application Data\Xenocode
2012-04-17 18:56 . 2012-04-17 18:56 -------- d-----w- c:\documents and settings\Angel\Config
2012-04-17 01:13 . 2012-04-17 01:13 -------- d-----w- c:\documents and settings\Angel\Local Settings\Application Data\Software Statistics Service
2012-04-17 01:12 . 2012-04-17 01:12 -------- d-----w- c:\program files\Common Files\MagneticOne
2012-04-17 01:12 . 2007-12-12 01:04 360448 ----a-w- c:\windows\system32\midas.dll
2012-04-17 01:12 . 2012-04-25 13:35 -------- d-----w- c:\documents and settings\Angel\Local Settings\Application Data\MagneticOne Store Manager for Zen Cart
2012-04-17 01:12 . 2012-04-17 01:13 -------- d-----w- c:\documents and settings\All Users\Application Data\MagneticOne Store Manager for Zen Cart
2012-04-17 01:12 . 2012-04-17 01:12 -------- d-----w- c:\program files\MagneticOne
2012-04-16 12:45 . 2012-04-16 12:45 -------- d-----w- c:\documents and settings\Angel\Local Settings\Application Data\DolphinFutures
2012-04-16 12:44 . 2012-04-16 12:44 -------- d-----w- c:\program files\Dolphin Futures
2012-04-15 17:55 . 2009-10-21 05:38 75776 -c----w- c:\windows\system32\dllcache\strmfilt.dll
2012-04-15 17:55 . 2009-10-21 05:38 25088 -c----w- c:\windows\system32\dllcache\httpapi.dll
2012-04-15 17:50 . 2012-04-15 17:50 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-15 17:41 . 2012-04-15 17:46 32072 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2012-04-15 17:40 . 2012-04-15 17:40 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2012-04-15 15:51 . 2012-04-15 17:38 -------- d-----w- C:\sh4ldr
2012-04-15 15:51 . 2012-04-15 15:51 -------- d-----w- c:\program files\Enigma Software Group
2012-04-15 15:51 . 2012-04-15 17:38 -------- d-----w- c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP
2012-04-15 15:51 . 2012-04-15 15:51 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-14 12:39 . 2012-03-29 10:04 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-14 12:39 . 2011-08-16 16:51 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-04 19:56 . 2010-08-17 21:08 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\system32\GPhotos.scr
2012-03-01 11:01 . 2002-09-03 17:12 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2002-09-03 16:39 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2002-09-03 16:35 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2002-09-03 17:12 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2002-09-03 16:35 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec
2012-02-07 15:02 . 2012-02-07 15:02 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-04-26 12:31 . 2011-04-06 21:23 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{37153479-1976-43c3-a1ee-557513977b64}"= "c:\program files\Coupons.com\prxtbCou0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{37153479-1976-43c3-a1ee-557513977b64}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{37153479-1976-43c3-a1ee-557513977b64}]
2011-05-09 09:49 176936 ----a-w- c:\program files\Coupons.com\prxtbCou0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{37153479-1976-43c3-a1ee-557513977b64}"= "c:\program files\Coupons.com\prxtbCou0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{37153479-1976-43c3-a1ee-557513977b64}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{37153479-1976-43C3-A1EE-557513977B64}"= "c:\program files\Coupons.com\prxtbCou0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{37153479-1976-43c3-a1ee-557513977b64}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Network Drive Mapping Utility"="c:\program files\Linksys\Network Storage\Network Drive Mapping Utility.exe" [2007-06-08 278144]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"SansaDispatch"="c:\documents and settings\Angel\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe" [2010-08-30 79872]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-04-28 3905920]
"MSGTAG"="c:\program files\MSGTAG Status\MSGTAGStatus.exe" [2007-07-11 1820160]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Network Drive Mapping Utility"="c:\program files\Linksys\Network Storage\Network Drive Mapping Utility.exe" [2007-06-08 278144]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-01-30 206064]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-11-02 2508104]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-04 767312]
"RTHDCPL"="RTHDCPL.EXE" [2008-01-09 16859648]
"Intel AppUp(SM) center"="c:\program files\Intel\IntelAppStore\bin\serviceManager.lnk" [2011-03-22 933]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-13 421736]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]
.
c:\documents and settings\Angel\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
E-mail.lnk - [N/A]
SyncBack.lnk - c:\program files\2BrightSparks\SyncBack\SyncBack.exe [2011-4-3 3019096]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-08-05 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^Angel^Start Menu^Programs^Startup^Mozilla Firefox.lnk]
path=c:\documents and settings\Angel\Start Menu\Programs\Startup\Mozilla Firefox.lnk
backup=c:\windows\pss\Mozilla Firefox.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Angel^Start Menu^Programs^Startup^Spoon Sandbox Manager 3.32.lnk]
path=c:\documents and settings\Angel\Start Menu\Programs\Startup\Spoon Sandbox Manager 3.32.lnk
backup=c:\windows\pss\Spoon Sandbox Manager 3.32.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DropBoxUtility]
2008-02-10 00:53 405504 ----a-w- c:\program files\DropBox\DropBox\DropBox.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-11-13 05:24 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]
2011-01-30 04:11 3372856 ----a-w- c:\program files\Samsung\Kies\KiesTrayAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-02-29 12:55 17148552 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"RoxWatch9"=2 (0x2)
"RoxMediaDB9"=3 (0x3)
"Pml Driver HPZ12"=2 (0x2)
"stllssvr"=3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Linksys\\Network Storage\\Network Drive Mapping Utility.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\MSGTAG\\MSGTAG.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Smith Micro\\Anime Studio Debut 7\\Anime Studio.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\GlobalSCAPE\\CuteFTP 8 Professional\\ftpte.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Password Solutions\\Office Password Recovery PRO\\OfficePasswordRecoveryPRO.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\BitTorrent\\BitTorrent.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"5353:TCP"= 5353:TCP:*:Disabled:Adobe CSI CS4
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2/17/2010 2:25 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [6/29/2010 1:48 PM 116608]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [8/25/2011 6:53 PM 13672]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [8/17/2010 5:08 PM 654408]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [8/17/2010 5:08 PM 22344]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/30/2011 3:31 PM 136176]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2/29/2012 8:50 AM 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [3/29/2012 6:04 AM 253088]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [3/18/2011 8:54 PM 30312]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [3/11/2011 1:14 AM 20032]
S3 FlashUSB;FlashUSB;c:\windows\system32\drivers\FlashUSB.sys [11/26/2010 9:41 PM 16896]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [7/30/2011 3:31 PM 136176]
S3 KiesAllShare;SAMSUNG KiesAllShare Service;c:\program files\Samsung\Kies\WiselinkPro\WiselinkPro.exe --> c:\program files\Samsung\Kies\WiselinkPro\WiselinkPro.exe [?]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [4/15/2012 1:41 PM 32072]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [4/26/2012 8:31 AM 129976]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [3/18/2011 8:54 PM 121192]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [3/18/2011 8:54 PM 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [3/18/2011 8:54 PM 136680]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 12:39]
.
2012-05-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2012-05-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-30 19:31]
.
2012-05-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-30 19:31]
.
2012-05-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-329068152-299502267-725345543-1004Core.job
- c:\documents and settings\Angel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-02-03 14:05]
.
2012-05-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-329068152-299502267-725345543-1004UA.job
- c:\documents and settings\Angel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-02-03 14:05]
.
2012-05-01 c:\windows\Tasks\SyncBack BACKUP.job
- c:\program files\2BrightSparks\SyncBack\SyncBack.exe [2011-04-03 19:42]
.
2012-04-30 c:\windows\Tasks\SyncBack DAILY PHOTOS.job
- c:\program files\2BrightSparks\SyncBack\SyncBack.exe [2011-04-03 19:42]
.
2012-05-04 c:\windows\Tasks\SyncBack DAILY.job
- c:\program files\2BrightSparks\SyncBack\SyncBack.exe [2011-04-03 19:42]
.
2012-04-30 c:\windows\Tasks\SyncBack WEEKLY PHOTOS.job
- c:\program files\2BrightSparks\SyncBack\SyncBack.exe [2011-04-03 19:42]
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.1.3
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Angel\Application Data\Mozilla\Firefox\Profiles\3lgduzhl.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2559647&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxps://www.facebook.com/
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
FF - prefs.js: network.proxy.type - 0
user_pref(capability.policy.default.Clipboard.cutcopy,allAccess);
FF - user.js: capability.policy.default.Clipboard.paste - allAccess
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
SafeBoot-11563408.sys
MSConfigStartUp-RoxWatchTray - c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
AddRemove-Diff Doc_is1 - c:\program files\Softinterface
AddRemove-01_Simmental - c:\program files\SAMSUNG\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\SAMSUNG\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\SAMSUNG\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\SAMSUNG\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\SAMSUNG\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\SAMSUNG\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\SAMSUNG\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\SAMSUNG\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\SAMSUNG\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-12_Symbian_USB_Download_Driver - c:\program files\SAMSUNG\USB Drivers\12_Symbian_USB_Download_Driver\Uninstall.exe
AddRemove-15_Symbian_Samsung_PC_DLC_Driver - c:\program files\SAMSUNG\USB Drivers\15_Symbian_Samsung_PC_DLC_Driver\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\SAMSUNG\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\SAMSUNG\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\SAMSUNG\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\SAMSUNG\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\SAMSUNG\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\SAMSUNG\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-05 08:05
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
SansaDispatch = c:\documents and settings\Angel\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe?=&platform=&is-debug=&rom-version=&part-number=&product-name=&content-class=common_conten
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(756)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Completion time: 2012-05-05 08:47:54
ComboFix-quarantined-files.txt 2012-05-05 12:47
.
Pre-Run: 136,763,133,952 bytes free
Post-Run: 140,519,137,280 bytes free
.
- - End Of File - - 8DA80FC5CA4CE9C40EAF7894F84AB2DF

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:23 AM

Posted 05 May 2012 - 08:43 PM

Greetings

I want you to run these next,

tdsskiller:

Please read carefully and follow these steps.
  • Download TDSSKiller and save it to your Desktop.
  • doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

Please download aswMBR to your desktop.
  • Double click the aswMBR.exe icon to run it
  • it will ask to download extra definitions - ALLOW IT
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.

If you have any problems running either one come back and let me know

please reply with the reports from TDSSKiller and aswMBR

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 abcisme

abcisme
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:23 AM

Posted 05 May 2012 - 09:03 PM

TDSSKiller said no threats found.

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-05-05 21:55:42
-----------------------------
21:55:42.281 OS Version: Windows 5.1.2600 Service Pack 3
21:55:42.281 Number of processors: 4 586 0xF0B
21:55:42.281 ComputerName: CARLSON-UPSTAIR UserName: Angel
21:55:43.640 Initialize success
21:58:13.078 AVAST engine defs: 12050501
21:58:16.937 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
21:58:16.937 Disk 0 Vendor: Hitachi_HDP725050GLA360 GM4OA52A Size: 476940MB BusType: 3
21:58:16.968 Disk 0 MBR read successfully
21:58:16.968 Disk 0 MBR scan
21:58:17.000 Disk 0 Windows XP default MBR code
21:58:17.000 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 47 MB offset 63
21:58:17.031 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 473509 MB offset 96390
21:58:17.062 Disk 0 Partition 3 00 DB CP/M / CTOS Dell 8.0 3380 MB offset 969844050
21:58:17.062 Disk 0 scanning sectors +976768065
21:58:17.156 Disk 0 scanning C:\WINDOWS\system32\drivers
21:58:28.390 Service scanning
21:58:44.015 Modules scanning
21:58:49.406 Disk 0 trace - called modules:
21:58:49.437 ntkrnlpa.exe catchme.sys CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
21:58:49.437 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b2dbab8]
21:58:49.437 3 CLASSPNP.SYS[ba108fd7] -> nt!IofCallDriver -> \Device\00000066[0x8b2e0f18]
21:58:49.437 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8b2b5d98]
21:58:50.796 AVAST engine scan C:\WINDOWS
21:59:21.218 AVAST engine scan C:\WINDOWS\system32
22:02:08.859 AVAST engine scan C:\WINDOWS\system32\drivers
22:02:32.296 AVAST engine scan C:\Documents and Settings\Angel
22:02:49.625 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Angel\Desktop\MBR.dat"
22:02:49.656 The log file has been saved successfully to "C:\Documents and Settings\Angel\Desktop\aswMBR.txt"

#10 abcisme

abcisme
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:23 AM

Posted 05 May 2012 - 09:07 PM

BTW, still getting a random redirect :( But my computer fan seems to be running MUCH quieter, which is a good sign :)

http://click.findsearchengineresults.com/ads-clicktrack/click/jump1.do?sid=4T7YxHNdS6a6b3NDcFrOBHkteq6OkGjHf5L%2BNvKthyg%3D&affiliate=46573&subid=10673-1-28356&rc=0&terms=fedex

EDITED TO ADD: I think that may have just been a cached link... When I run the google search for fedex again, it comes up without redirecting.

Edited by abcisme, 05 May 2012 - 09:09 PM.


#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:23 AM

Posted 05 May 2012 - 09:11 PM

Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

FireFox::
FF - ProfilePath - c:\documents and settings\Angel\Application Data\Mozilla\Firefox\Profiles\3lgduzhl.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2559647&SearchSource=3&q={searchTerms}

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 abcisme

abcisme
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:23 AM

Posted 06 May 2012 - 08:01 AM

Here's the combofix log. Still getting redirects.... :(

http://www.1stdirect.com/?trackcode=bizcom&directory=CRM&keywords=CRMSoftware


ComboFix 12-05-06.01 - Angel 05/06/2012 7:23.2.4 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3070.2411 [GMT -4:00]
Running from: c:\documents and settings\Angel\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Angel\Desktop\CFScript.txt
.
.
((((((((((((((((((((((((( Files Created from 2012-04-06 to 2012-05-06 )))))))))))))))))))))))))))))))
.
.
2012-05-03 11:11 . 2012-05-03 11:11 -------- d-----w- c:\program files\Spybot - Search & Destroy
2012-05-03 11:11 . 2012-05-03 11:11 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-04-30 10:49 . 2012-05-03 11:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2012-04-26 14:43 . 2012-05-03 11:09 -------- d-----w- c:\program files\Windows Media Connect 2
2012-04-26 14:32 . 2012-05-03 11:10 -------- d-----w- c:\program files\Gogo MP3 To CD Burner
2012-04-26 12:31 . 2012-04-26 12:31 157352 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-04-26 12:31 . 2012-04-26 12:31 129976 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe
2012-04-22 18:36 . 2012-04-22 18:36 12872 ----a-w- c:\windows\system32\bootdelete.exe
2012-04-22 16:01 . 2012-05-03 11:10 -------- d-----w- c:\documents and settings\All Users\Application Data\HitmanPro
2012-04-20 23:09 . 2012-04-20 23:09 -------- d-----w- c:\windows\ServiceProfiles
2012-04-20 23:09 . 2012-04-20 23:09 -------- d-----w- c:\documents and settings\Angel\AppData
2012-04-20 23:08 . 2012-04-20 23:09 -------- d-----w- c:\documents and settings\Angel\Local Settings\Application Data\Spoon
2012-04-20 23:08 . 2012-04-20 23:08 -------- d-----w- c:\documents and settings\Angel\Local Settings\Application Data\Xenocode
2012-04-20 21:56 . 2012-04-20 21:56 -------- d-----w- c:\windows\system32\config\systemprofile\Application Data\ATI
2012-04-17 18:56 . 2012-04-17 18:56 -------- d-----w- c:\documents and settings\Angel\Config
2012-04-17 01:13 . 2012-04-17 01:13 -------- d-----w- c:\documents and settings\Angel\Local Settings\Application Data\Software Statistics Service
2012-04-17 01:12 . 2012-04-17 01:12 -------- d-----w- c:\program files\Common Files\MagneticOne
2012-04-17 01:12 . 2007-12-12 01:04 360448 ----a-w- c:\windows\system32\midas.dll
2012-04-17 01:12 . 2012-04-25 13:35 -------- d-----w- c:\documents and settings\Angel\Local Settings\Application Data\MagneticOne Store Manager for Zen Cart
2012-04-17 01:12 . 2012-04-17 01:13 -------- d-----w- c:\documents and settings\All Users\Application Data\MagneticOne Store Manager for Zen Cart
2012-04-17 01:12 . 2012-04-17 01:12 -------- d-----w- c:\program files\MagneticOne
2012-04-16 12:45 . 2012-04-16 12:45 -------- d-----w- c:\documents and settings\Angel\Local Settings\Application Data\DolphinFutures
2012-04-16 12:44 . 2012-04-16 12:44 -------- d-----w- c:\program files\Dolphin Futures
2012-04-15 17:55 . 2009-10-21 05:38 75776 -c----w- c:\windows\system32\dllcache\strmfilt.dll
2012-04-15 17:55 . 2009-10-21 05:38 25088 -c----w- c:\windows\system32\dllcache\httpapi.dll
2012-04-15 17:50 . 2012-04-15 17:50 -------- d-----w- C:\TDSSKiller_Quarantine
2012-04-15 17:41 . 2012-04-15 17:46 32072 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2012-04-15 17:40 . 2012-04-15 17:40 -------- d-----w- c:\program files\Malwarebytes Anti-Malware
2012-04-15 15:51 . 2012-04-15 17:38 -------- d-----w- C:\sh4ldr
2012-04-15 15:51 . 2012-04-15 15:51 -------- d-----w- c:\program files\Enigma Software Group
2012-04-15 15:51 . 2012-04-15 17:38 -------- d-----w- c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP
2012-04-15 15:51 . 2012-04-15 15:51 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-14 12:39 . 2012-03-29 10:04 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-14 12:39 . 2011-08-16 16:51 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-04 19:56 . 2010-08-17 21:08 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-22 19:12 . 2012-03-22 19:12 4435968 ----a-w- c:\windows\system32\GPhotos.scr
2012-03-01 11:01 . 2002-09-03 17:12 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2002-09-03 16:39 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2002-09-03 16:35 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2002-09-03 17:12 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 14:10 . 2002-09-03 16:35 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 12:17 . 2004-08-04 05:59 385024 ----a-w- c:\windows\system32\html.iec
2012-02-07 15:02 . 2012-02-07 15:02 1070352 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-04-26 12:31 . 2011-04-06 21:23 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-05-05_12.05.30 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-05-06 10:53 . 2012-05-06 10:53 16384 c:\windows\Temp\Perflib_Perfdata_50c.dat
+ 2010-08-18 20:54 . 2012-05-06 02:15 27136 c:\windows\Installer\{90170409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2010-08-18 20:54 . 2010-08-18 20:54 27136 c:\windows\Installer\{90170409-6000-11D3-8CFE-0150048383C9}\oisicon.exe
- 2010-08-18 20:54 . 2010-08-18 20:54 12288 c:\windows\Installer\{90170409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2010-08-18 20:54 . 2012-05-06 02:15 12288 c:\windows\Installer\{90170409-6000-11D3-8CFE-0150048383C9}\cagicon.exe
+ 2003-07-15 07:14 . 2003-07-15 07:14 27192 c:\windows\Installer\$PatchCache$\Managed\9040710900063D11C8EF10054038389C\11.0.5614\OISCTRL.DLL
+ 2003-07-15 03:29 . 2003-07-15 03:29 51808 c:\windows\Installer\$PatchCache$\Managed\9040710900063D11C8EF10054038389C\11.0.5614\MICROSOFT_OFFICE_FP_WFCHOST.DLL
+ 2003-07-15 02:57 . 2003-07-15 02:57 87096 c:\windows\Installer\$PatchCache$\Managed\9040710900063D11C8EF10054038389C\11.0.5614\IEAWSDC.DLL
+ 2003-07-15 07:18 . 2003-07-15 07:18 47160 c:\windows\Installer\$PatchCache$\Managed\9040710900063D11C8EF10054038389C\11.0.5614\DFUICOM.EXE
+ 2010-08-18 20:54 . 2012-05-06 02:15 4096 c:\windows\Installer\{90170409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2010-08-18 20:54 . 2010-08-18 20:54 4096 c:\windows\Installer\{90170409-6000-11D3-8CFE-0150048383C9}\opwicon.exe
- 2010-08-18 20:54 . 2010-08-18 20:54 135168 c:\windows\Installer\{90170409-6000-11D3-8CFE-0150048383C9}\misc.exe
+ 2010-08-18 20:54 . 2012-05-06 02:15 135168 c:\windows\Installer\{90170409-6000-11D3-8CFE-0150048383C9}\misc.exe
- 2010-08-18 20:54 . 2010-08-18 20:54 282624 c:\windows\Installer\{90170409-6000-11D3-8CFE-0150048383C9}\fpicon.exe
+ 2010-08-18 20:54 . 2012-05-06 02:15 282624 c:\windows\Installer\{90170409-6000-11D3-8CFE-0150048383C9}\fpicon.exe
+ 2003-07-15 03:37 . 2003-07-15 03:37 736824 c:\windows\Installer\$PatchCache$\Managed\9040710900063D11C8EF10054038389C\11.0.5614\VTIPRES.EXE
+ 2003-07-15 03:33 . 2003-07-15 03:33 177720 c:\windows\Installer\$PatchCache$\Managed\9040710900063D11C8EF10054038389C\11.0.5614\VTIFORM.EXE
+ 2003-07-15 03:34 . 2003-07-15 03:34 587832 c:\windows\Installer\$PatchCache$\Managed\9040710900063D11C8EF10054038389C\11.0.5614\VTIDISC.EXE
+ 2003-07-15 03:36 . 2003-07-15 03:36 307256 c:\windows\Installer\$PatchCache$\Managed\9040710900063D11C8EF10054038389C\11.0.5614\VTIDB.EXE
+ 2003-07-15 07:14 . 2003-07-15 07:14 828472 c:\windows\Installer\$PatchCache$\Managed\9040710900063D11C8EF10054038389C\11.0.5614\OISAPP.DLL
+ 2003-07-15 07:14 . 2003-07-15 07:14 283696 c:\windows\Installer\$PatchCache$\Managed\9040710900063D11C8EF10054038389C\11.0.5614\OIS.EXE
+ 2003-07-24 02:40 . 2003-07-24 02:40 482872 c:\windows\Installer\$PatchCache$\Managed\9040710900063D11C8EF10054038389C\11.0.5614\MSTORES.DLL
+ 2003-07-15 02:56 . 2003-07-15 02:56 124984 c:\windows\Installer\$PatchCache$\Managed\9040710900063D11C8EF10054038389C\11.0.5614\MSTORE.EXE
+ 2003-07-15 03:02 . 2003-07-15 03:02 627256 c:\windows\Installer\$PatchCache$\Managed\9040710900063D11C8EF10054038389C\11.0.5614\MSTORDB.EXE
+ 2003-07-24 02:35 . 2003-07-24 02:35 127032 c:\windows\Installer\$PatchCache$\Managed\9040710900063D11C8EF10054038389C\11.0.5614\MSOCFU.DLL
+ 2003-07-15 07:14 . 2003-07-15 07:14 106552 c:\windows\Installer\$PatchCache$\Managed\9040710900063D11C8EF10054038389C\11.0.5614\MSOCF.DLL
+ 2003-07-15 03:34 . 2003-07-15 03:34 675904 c:\windows\Installer\$PatchCache$\Managed\9040710900063D11C8EF10054038389C\11.0.5614\MSIMPORT.EXE
+ 2003-07-15 03:29 . 2003-07-15 03:29 117824 c:\windows\Installer\$PatchCache$\Managed\9040710900063D11C8EF10054038389C\11.0.5614\HTMLCHKR.DLL
+ 2003-07-24 03:00 . 2003-07-24 03:00 694840 c:\windows\Installer\$PatchCache$\Managed\9040710900063D11C8EF10054038389C\11.0.5614\FPWEL.DLL
+ 2003-07-25 23:14 . 2003-07-25 23:14 799288 c:\windows\Installer\$PatchCache$\Managed\9040710900063D11C8EF10054038389C\11.0.5614\FPWEC.DLL
+ 2003-07-15 03:36 . 2003-07-15 03:36 186424 c:\windows\Installer\$PatchCache$\Managed\9040710900063D11C8EF10054038389C\11.0.5614\FPDTC.DLL
+ 2003-07-15 03:34 . 2003-07-15 03:34 320056 c:\windows\Installer\$PatchCache$\Managed\9040710900063D11C8EF10054038389C\11.0.5614\FPDB.DLL
+ 2003-07-15 07:14 . 2003-07-15 07:14 350264 c:\windows\Installer\$PatchCache$\Managed\9040710900063D11C8EF10054038389C\11.0.5614\CDLMSO.DLL
+ 2003-08-01 19:09 . 2003-08-01 19:09 8086072 c:\windows\Installer\$PatchCache$\Managed\9040710900063D11C8EF10054038389C\11.0.5614\OWC11.DLL
+ 2003-07-24 03:00 . 2003-07-24 03:00 4425272 c:\windows\Installer\$PatchCache$\Managed\9040710900063D11C8EF10054038389C\11.0.5614\FRONTPG.EXE
+ 2003-07-25 23:00 . 2003-07-25 23:00 1157696 c:\windows\Installer\$PatchCache$\Managed\9040710900063D11C8EF10054038389C\11.0.5614\FPSRVUTL.DLL
+ 2003-07-28 17:04 . 2003-07-28 17:04 6600256 c:\windows\Installer\$PatchCache$\Managed\9040710900063D11C8EF10054038389C\11.0.5614\FPEDITAX.DLL
+ 2003-07-24 03:01 . 2003-07-24 03:01 1949240 c:\windows\Installer\$PatchCache$\Managed\9040710900063D11C8EF10054038389C\11.0.5614\FPCUTL.DLL
+ 2005-08-08 18:25 . 2005-08-08 18:25 97385984 c:\windows\Installer\89cdf06.msp
+ 2003-08-08 04:23 . 2003-08-08 04:23 12172336 c:\windows\Installer\$PatchCache$\Managed\9040710900063D11C8EF10054038389C\11.0.5614\MSO.DLL
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{37153479-1976-43c3-a1ee-557513977b64}"= "c:\program files\Coupons.com\prxtbCou0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{37153479-1976-43c3-a1ee-557513977b64}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{37153479-1976-43c3-a1ee-557513977b64}]
2011-05-09 09:49 176936 ----a-w- c:\program files\Coupons.com\prxtbCou0.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{37153479-1976-43c3-a1ee-557513977b64}"= "c:\program files\Coupons.com\prxtbCou0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{37153479-1976-43c3-a1ee-557513977b64}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{37153479-1976-43C3-A1EE-557513977B64}"= "c:\program files\Coupons.com\prxtbCou0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{37153479-1976-43c3-a1ee-557513977b64}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Network Drive Mapping Utility"="c:\program files\Linksys\Network Storage\Network Drive Mapping Utility.exe" [2007-06-08 278144]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"SansaDispatch"="c:\documents and settings\Angel\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe" [2010-08-30 79872]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-04-28 3905920]
"MSGTAG"="c:\program files\MSGTAG Status\MSGTAGStatus.exe" [2007-07-11 1820160]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Network Drive Mapping Utility"="c:\program files\Linksys\Network Storage\Network Drive Mapping Utility.exe" [2007-06-08 278144]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-01-30 206064]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-12 640376]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-11-02 2508104]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-09-04 767312]
"RTHDCPL"="RTHDCPL.EXE" [2008-01-09 16859648]
"Intel AppUp(SM) center"="c:\program files\Intel\IntelAppStore\bin\serviceManager.lnk" [2011-03-22 933]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-11-13 421736]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-10-24 421888]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]
.
c:\documents and settings\Angel\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
E-mail.lnk - [N/A]
SyncBack.lnk - c:\program files\2BrightSparks\SyncBack\SyncBack.exe [2011-4-3 3019096]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-08-05 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^Angel^Start Menu^Programs^Startup^Mozilla Firefox.lnk]
path=c:\documents and settings\Angel\Start Menu\Programs\Startup\Mozilla Firefox.lnk
backup=c:\windows\pss\Mozilla Firefox.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Angel^Start Menu^Programs^Startup^Spoon Sandbox Manager 3.32.lnk]
path=c:\documents and settings\Angel\Start Menu\Programs\Startup\Spoon Sandbox Manager 3.32.lnk
backup=c:\windows\pss\Spoon Sandbox Manager 3.32.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DropBoxUtility]
2008-02-10 00:53 405504 ----a-w- c:\program files\DropBox\DropBox\DropBox.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-11-13 05:24 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]
2011-01-30 04:11 3372856 ----a-w- c:\program files\Samsung\Kies\KiesTrayAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-02-29 12:55 17148552 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"RoxWatch9"=2 (0x2)
"RoxMediaDB9"=3 (0x3)
"Pml Driver HPZ12"=2 (0x2)
"stllssvr"=3 (0x3)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Linksys\\Network Storage\\Network Drive Mapping Utility.exe"=
"c:\\Program Files\\TeamViewer\\Version5\\TeamViewer.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\MSGTAG\\MSGTAG.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\Smith Micro\\Anime Studio Debut 7\\Anime Studio.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\GlobalSCAPE\\CuteFTP 8 Professional\\ftpte.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Password Solutions\\Office Password Recovery PRO\\OfficePasswordRecoveryPRO.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\BitTorrent\\BitTorrent.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"5353:TCP"= 5353:TCP:*:Disabled:Adobe CSI CS4
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2/17/2010 2:25 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [6/29/2010 1:48 PM 116608]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [8/25/2011 6:53 PM 13672]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [8/17/2010 5:08 PM 654408]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [8/17/2010 5:08 PM 22344]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [7/30/2011 3:31 PM 136176]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2/29/2012 8:50 AM 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [3/29/2012 6:04 AM 253088]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [3/18/2011 8:54 PM 30312]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [3/11/2011 1:14 AM 20032]
S3 FlashUSB;FlashUSB;c:\windows\system32\drivers\FlashUSB.sys [11/26/2010 9:41 PM 16896]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [7/30/2011 3:31 PM 136176]
S3 KiesAllShare;SAMSUNG KiesAllShare Service;c:\program files\Samsung\Kies\WiselinkPro\WiselinkPro.exe --> c:\program files\Samsung\Kies\WiselinkPro\WiselinkPro.exe [?]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [4/15/2012 1:41 PM 32072]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [4/26/2012 8:31 AM 129976]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [3/18/2011 8:54 PM 121192]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [3/18/2011 8:54 PM 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [3/18/2011 8:54 PM 136680]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 12:39]
.
2012-05-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2012-05-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-30 19:31]
.
2012-05-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-30 19:31]
.
2012-05-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-329068152-299502267-725345543-1004Core.job
- c:\documents and settings\Angel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-02-03 14:05]
.
2012-05-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-329068152-299502267-725345543-1004UA.job
- c:\documents and settings\Angel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-02-03 14:05]
.
2012-05-01 c:\windows\Tasks\SyncBack BACKUP.job
- c:\program files\2BrightSparks\SyncBack\SyncBack.exe [2011-04-03 19:42]
.
2012-04-30 c:\windows\Tasks\SyncBack DAILY PHOTOS.job
- c:\program files\2BrightSparks\SyncBack\SyncBack.exe [2011-04-03 19:42]
.
2012-05-05 c:\windows\Tasks\SyncBack DAILY.job
- c:\program files\2BrightSparks\SyncBack\SyncBack.exe [2011-04-03 19:42]
.
2012-04-30 c:\windows\Tasks\SyncBack WEEKLY PHOTOS.job
- c:\program files\2BrightSparks\SyncBack\SyncBack.exe [2011-04-03 19:42]
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 192.168.1.3
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Angel\Application Data\Mozilla\Firefox\Profiles\3lgduzhl.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.facebook.com/
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
FF - prefs.js: network.proxy.type - 0
user_pref(capability.policy.default.Clipboard.cutcopy,allAccess);
FF - user.js: capability.policy.default.Clipboard.paste - allAccess
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-06 07:36
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
SansaDispatch = c:\documents and settings\Angel\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe?=&platform=&is-debug=&rom-version=&part-number=&product-name=&content-class=common_conten
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(756)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
- - - - - - - > 'explorer.exe'(1004)
c:\windows\system32\WININET.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
Completion time: 2012-05-06 08:18:56
ComboFix-quarantined-files.txt 2012-05-06 12:18
ComboFix2.txt 2012-05-05 12:47
.
Pre-Run: 139,837,603,840 bytes free
Post-Run: 139,955,245,056 bytes free
.
- - End Of File - - 55B85F80C9886A375E68ACDE018451F0

#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:23 AM

Posted 06 May 2012 - 01:01 PM

Hello


which browsers are redirecting - please verify all that are installed



gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 abcisme

abcisme
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:12:23 AM

Posted 06 May 2012 - 01:21 PM

The only browser I use is FireFox 12. However, I do have Chrome 18 and IE 8 installed.

Edited by abcisme, 06 May 2012 - 01:23 PM.


#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:23 AM

Posted 06 May 2012 - 03:18 PM

have you verified if they are redircting or not?

the answer to this will dictate what we do next - that is why I am asking
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users