Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser hijacker redirect to Linnbucks


  • This topic is locked This topic is locked
23 replies to this topic

#1 banaan

banaan

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:26 AM

Posted 18 June 2012 - 12:17 AM

Hi,
I got this virus (?) 2 days ago and what it did first was redirect Google to a linkbucks site and now i can use Google but it redirect Facebook to 63ce2138.qqc.co site which is also linkbucks. It also appears on my other two laptop and a Samsung tablet as well. I use Eset32,and Malwarebytes,but none of them found anything. It would be great if you could help me find a solution before i fix my computer with a hammer :)
Thank you in advance.

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:26 AM

Posted 18 June 2012 - 08:50 AM

Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your computer problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of hartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.


DeFogger:

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


Security Check

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Download DDS:

  • Please download DDS by sUBs from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs:

  • In your next post I need the following

  • .logs from DDS
  • let me know of any problems you may have had

Gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 banaan

banaan
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:26 AM

Posted 18 June 2012 - 12:46 PM

First of all thank you for your time.
Since last night i do not have internet on the desktop it says network address required.
Also i noticed that 2 days ago the notepad does not work, had to download notepad++ .
And the icons on the desktop randomly changing position.
The restore option was disabled for some reason.
Here are the logs:

Results of screen317's Security Check version 0.99.42
Windows XP Service Pack 3 x86
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
ESET NOD32 Antivirus 5.0
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.61.0.1400
Java™ 6 Update 26
Java™ 6 Update 7
Java version out of Date!
Adobe Flash Player 11.2.202.235
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox 12.0 Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 11% Defragment your hard drive soon!
````````````````````End of Log``````````````````````

ATTACH.txt :

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 12/18/2008 6:05:52 PM
System Uptime: 6/18/2012 12:53:20 PM (1 hours ago)
.
Motherboard: http://www.abit.com.tw/ | | IP35 PRO(P35+ICH9R)
Processor: Intel® Core™2 Quad CPU Q6600 @ 2.40GHz | Socket 775 | 2393/266mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 466 GiB total, 320.529 GiB free.
D: is CDROM (CDFS)
E: is Removable
F: is Removable
G: is FIXED (NTFS) - 1863 GiB total, 1134.482 GiB free.
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Ethernet Controller
Device ID: PCI\VEN_11AB&DEV_1FAA&SUBSYS_6B001385&REV_03\4&BB29FA6&0&18F0
Manufacturer:
Name: Ethernet Controller
PNP Device ID: PCI\VEN_11AB&DEV_1FAA&SUBSYS_6B001385&REV_03\4&BB29FA6&0&18F0
Service:
.
Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description:
Device ID: ACPI\ABT2005\3&2411E6FE&0
Manufacturer:
Name:
PNP Device ID: ACPI\ABT2005\3&2411E6FE&0
Service:
.
Class GUID: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Description: Microsoft Kernel DLS Synthesizer
Device ID: SW\{8C07DD50-7A8D-11D2-8F8C-00C04FBF8FEF}\DMUSIC
Manufacturer: Microsoft
Name: Microsoft Kernel DLS Synthesizer
PNP Device ID: SW\{8C07DD50-7A8D-11D2-8F8C-00C04FBF8FEF}\DMUSIC
Service: DMusic
.
Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia Windows Portable Device Driver
Device ID: ROOT\WPD\0000
Manufacturer: Nokia
Name: Nokia N73
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd
.
Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia N73
Device ID: ROOT\WPD\0001
Manufacturer: Nokia
Name: Nokia N73
PNP Device ID: ROOT\WPD\0001
Service: WUDFRd
.
==== System Restore Points ===================
.
RP1: 6/18/2012 12:32:40 PM - System Checkpoint
.
==== Installed Programs ======================
.
.
Acrobat.com
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe Community Help
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Drive CS4
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Fonts All
Adobe Linguistics CS4
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Photoshop CS5
Adobe Photoshop Lightroom 3.2
Adobe Reader 9.5.1
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Shockwave Player 11
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Amazon Kindle
Amazon MP3 Downloader 1.0.10
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoImpression 6
ArcSoft Print Creations
Auslogics BoostSpeed
Bonjour
BS.Player FREE
Canon i960
Color Efex Pro 3.0 Complete
Color Efex Pro 3.0 Versace Edition
Comcast Desktop Software (v1.2.0.9)
Comcast High-Speed Internet Install Wizard
Comcast Toolbar 3.5
Connect
Creative WebCam Notebook Driver (1.04.01.0322)
Desktop Doctor
DivX Converter
DivX Plus DirectShow Filters
DivX Setup
DivX Version Checker
Dream Aquarium
Dropbox
EPSON CX9400 User's Guide
EPSON Printer Software
EPSON Scan
EPSON Stylus CX9400Fax Series Scanner Driver Update
ESET NOD32 Antivirus
Fireplace 3D Screensaver 1.0
Free Mp3 Wma Converter V 1.81
Google Earth Plug-in
Google SketchUp 8
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
ImageMixer 3 SE Ver.4 Transfer Utility
ImageMixer 3 SE Ver.4 Video Tools
iTunes
Java Auto Updater
Java™ 6 Update 26
Java™ 6 Update 7
JMB36X Raid Configurer
K-Lite Codec Pack 4.3.1 (Standard)
kuler
LeapFrog Connect
LeapFrog LeapPad Explorer Plugin
Malwarebytes Anti-Malware version 1.61.0.1400
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft User-Mode Driver Framework Feature Pack 1.5
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Windows Journal Viewer
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Mozilla Firefox 12.0 (x86 en-US)
Mozilla Maintenance Service
MSN
MSVC80_x86
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Music Transfer Utility Ver.1
Native Instruments Traktor 3 LE
Nero 7 Ultra Edition
NI Service Center
Notepad++
Numark Cue LE (Atomix Productions)
NVIDIA Control Panel 270.61
NVIDIA Graphics Driver 270.61
NVIDIA Install Application
NVIDIA nView 135.70
NVIDIA nView Desktop Manager
NVIDIA PhysX
NVIDIA PhysX System Software 9.10.0514
NVIDIA Update 1.1.34
NVIDIA Update Components
OpenOffice.org 3.0
PC Connectivity Solution
PDF Settings CS4
PDF Settings CS5
Photomatix Pro version 3.1.2
Photoshop Camera Raw
PTGui Pro 8.2.1
QuickTime
REALTEK GbE & FE Ethernet PCI NIC Driver
Realtek High Definition Audio Driver
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2482017)
Security Update for Windows Internet Explorer 8 (KB2497640)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2530548)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
SHOUTcast Source DSP 1.9.1 (remove only)
Silver Efex Pro
Silver Efex Pro 2
Skype™ 5.5
Suite Shared Configuration CS4
System Requirements Lab
TeamViewer 6
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Use the entry named LeapFrog Connect to uninstall (LeapFrog LeapPad Explorer Plugin)
VC80CRTRedist - 8.0.50727.6195
Virtual DJ - Atomix Productions
Viveza
VLC media player 2.0.1
Wacom Tablet
WebFldrs XP
Winamp
Windows Driver Package - Leapfrog (Leapfrog-USBLAN) Net (09/10/2009 02.03.05.012)
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
WinRAR archiver
Yahoo! BrowserPlus 2.9.8
.
==== Event Viewer Messages From Past Week ========
.
6/18/2012 12:35:24 AM, error: Service Control Manager [7000] - The CryptSvc service failed to start due to the following error: The executable program that this service is configured to run in does not implement the service.
6/18/2012 11:41:09 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the TCP/IP NetBIOS Helper service to connect.
6/18/2012 11:41:09 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IPSEC Services service to connect.
6/18/2012 11:41:09 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the @%SystemRoot%\System32\wscsvc.dll,-200 service to connect.
6/18/2012 11:41:09 AM, error: Service Control Manager [7003] - The @%SystemRoot%\system32\iphlpsvc.dll,-200 service depends on the following nonexistent service: NSI
6/18/2012 11:41:09 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the @%SystemRoot%\system32\tcpipcfg.dll,-50004 service which failed to start because of the following error: A device attached to the system is not functioning.
6/18/2012 11:41:09 AM, error: Service Control Manager [7000] - The Windows Time service failed to start due to the following error: The account specified for this service is different from the account specified for other services running in the same process.
6/18/2012 11:41:09 AM, error: Service Control Manager [7000] - The TCP/IP NetBIOS Helper service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/18/2012 11:41:09 AM, error: Service Control Manager [7000] - The IPSEC Services service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/18/2012 11:41:09 AM, error: Service Control Manager [7000] - The @%systemroot%\system32\wuaueng.dll,-105 service failed to start due to the following error: %%1290
6/18/2012 11:41:09 AM, error: Service Control Manager [7000] - The @%SystemRoot%\System32\wscsvc.dll,-200 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/17/2012 12:05:45 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
6/17/2012 12:05:16 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD ehdrv epfwtdir Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip tdx WS2IFSL
6/17/2012 12:05:16 AM, error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the @%systemroot%\system32\drivers\afd.sys,-1000 service which failed to start because of the following error: A device attached to the system is not functioning.
6/17/2012 12:05:16 AM, error: Service Control Manager [7001] - The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: A device attached to the system is not functioning.
6/17/2012 12:05:16 AM, error: Service Control Manager [7001] - The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
6/17/2012 12:05:16 AM, error: Service Control Manager [7001] - The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error: A device attached to the system is not functioning.
6/17/2012 12:05:16 AM, error: Service Control Manager [7001] - The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
6/17/2012 12:05:16 AM, error: Service Control Manager [7001] - The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
6/17/2012 12:05:03 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service netman with arguments "" in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}
6/17/2012 10:51:21 PM, error: Service Control Manager [7000] - The Automatic Updates service failed to start due to the following error: %%1290
6/17/2012 10:51:21 PM, error: DCOM [10005] - DCOM got error "%1290" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
6/17/2012 10:49:27 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: tdx
6/17/2012 10:49:27 PM, error: Service Control Manager [7003] - The @%SystemRoot%\system32\iphlpsvc.dll,-200 service depends on the following nonexistent service: nsi
6/16/2012 12:45:38 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
6/16/2012 12:42:53 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
6/16/2012 12:40:19 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD avfsmn ehdrv epfwtdir Fips intelppm IPSec MRxSmb NetBIOS NetBT RasAcd Rdbss Tcpip tdx WS2IFSL
6/16/2012 12:40:10 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
6/15/2012 2:09:25 PM, error: Service Control Manager [7034] - The Anvi Smart Defender Realtime Guard Service service terminated unexpectedly. It has done this 1 time(s).
6/15/2012 1:30:42 PM, error: Service Control Manager [7000] - The @%SystemRoot%\system32\tcpipcfg.dll,-50004 service failed to start due to the following error: The system cannot find the file specified.
6/14/2012 10:36:40 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the SupportSoft Sprocket Service (ddoctorv2) service to connect.
6/14/2012 10:36:40 PM, error: Service Control Manager [7000] - The SupportSoft Sprocket Service (ddoctorv2) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
6/13/2012 10:54:22 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
6/13/2012 10:54:22 AM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================

DDS.txt


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_26
Run by Gyorgy Papp at 13:24:58 on 2012-06-18
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2501 [GMT -4:00]
.
AV: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\WINDOWS\System32\spoolsv.exe
C:\Program Files\Auslogics\Auslogics BoostSpeed\BoostSpeed.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\PIXELA\ImageMixer 3 SE Ver.4\Transfer Utility\CameraMonitor.exe
C:\Documents and Settings\Gyorgy Papp\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\ALCFDRTM.EXE
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\nlssrv32.exe
svchost.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
C:\Program Files\iPod\bin\iPodService.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Settings,ProxyOverride = *.local
BHO: Updater For Comcast Toolbar 3.5: {164d3751-cac6-4a6d-becd-ea67df61d232} - c:\program files\comcasttb\auxi\comcastAu.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Comcast Toolbar: {79ceea4e-c231-4614-9e3b-53b2a02f39b7} - c:\program files\comcasttb\comcastdx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Comcast Toolbar: {79ceea4e-c231-4614-9e3b-53b2a02f39b7} - c:\program files\comcasttb\comcastdx.dll
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
mRun: [SkyTel] SkyTel.EXE
mRun: [JMB36X IDE Setup] c:\windows\raidtool\xInsIDE.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\docume~1\gyorgy~1\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\gyorgy papp\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\gyorgy~1\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\imagem~1.lnk - c:\program files\pixela\imagemixer 3 se ver.4\transfer utility\CameraMonitor.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} - hxxp://cdn.smugmug.com/photos/activex/ImageUploader5-5.5.1.0-082608.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab
TCP: DhcpNameServer = 70.38.38.4 67.205.67.10
TCP: Interfaces\{29DF941E-8168-462D-AC42-C8770193F4B6} : DhcpNameServer = 70.38.38.4 67.205.67.10
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\gyorgy papp\application data\mozilla\firefox\profiles\efg1d8uh.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.com/
FF - prefs.js: network.proxy.ftp - :0
FF - prefs.js: network.proxy.http - :0
FF - prefs.js: network.proxy.socks - :0
FF - prefs.js: network.proxy.ssl - :0
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\gyorgy papp\local settings\application data\yahoo!\browserplus\2.9.8\plugins\npybrowserplus_2.9.8.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_235.dll
.
============= SERVICES / DRIVERS ===============
.
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2011-8-4 118104]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2011-8-4 103112]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2011-8-9 974944]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-6-16 654408]
R2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\nlssrv32.exe [2011-2-21 66560]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-5-3 2218600]
R2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [2009-6-22 2784256]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-6-16 22344]
R3 P1171VID;Creative WebCam Notebook #2;c:\windows\system32\drivers\P1171Vid.sys [2008-12-18 91392]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2009-6-22 15656]
S1 tdx;@%SystemRoot%\system32\tcpipcfg.dll,-50004;c:\windows\system32\drivers\tdx.sys --> c:\windows\system32\drivers\tdx.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-3-12 136176]
S2 iphlpsvc;@%SystemRoot%\system32\iphlpsvc.dll,-200;c:\windows\system32\svchost.exe -k NetSvcs [2008-4-14 14336]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-26 257696]
S3 ALLOW-IO;ALLOW-IO;\??\e:\allow-io.sys --> e:\ALLOW-IO.sys [?]
S3 FXDrv32;FXDrv32;\??\e:\fxdrv32.sys --> e:\FXDrv32.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-3-12 136176]
S3 Leapfrog-USBLAN;Leapfrog-USBLAN;c:\windows\system32\drivers\btblan.sys [2012-5-1 33792]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-26 129976]
S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 WinDefend;Windows Defender;c:\windows\system32\svchost.exe -k secsvcs [2008-4-14 14336]
.
=============== Created Last 30 ================
.
2012-06-17 05:14:15 -------- d-----w- c:\documents and settings\gyorgy papp\application data\Ad-Aware Antivirus
2012-06-16 18:19:53 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-12 19:15:51 50176 -c--a-w- c:\windows\system32\dllcache\proquota.exe
2012-06-12 19:15:51 50176 ----a-w- c:\windows\system32\proquota.exe
2012-06-11 15:25:40 -------- d-----w- c:\documents and settings\gyorgy papp\application data\Anvisoft
2012-06-11 15:19:16 -------- d-----w- c:\program files\Anvisoft
2012-06-07 04:04:07 -------- d-----w- c:\program files\Dropbox
2012-05-29 03:37:15 42864 ----a-r- c:\windows\system32\SBBD.EXE
2012-05-29 03:37:15 101112 ----a-r- c:\windows\system32\drivers\SBREDrv.sys
.
==================== Find3M ====================
.
2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-05 01:43:04 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-05 01:43:04 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-23 18:30:30 292700 ----a-w- c:\windows\system32\nvdrsdb0.bin
2012-04-23 18:30:30 1 ----a-w- c:\windows\system32\nvdrssel.bin
2012-04-23 18:30:24 292700 ----a-w- c:\windows\system32\nvdrsdb1.bin
2012-04-22 20:39:07 98304 ----a-w- c:\windows\DUMP785c.tmp
2012-04-21 13:38:22 98304 ----a-w- c:\windows\DUMP7dbb.tmp
2012-04-21 13:36:08 98304 ----a-w- c:\windows\DUMP7b69.tmp
2012-04-21 04:42:11 98304 ----a-w- c:\windows\DUMP7a12.tmp
2012-04-21 04:39:49 98304 ----a-w- c:\windows\DUMP79a4.tmp
2012-04-21 04:37:38 98304 ----a-w- c:\windows\DUMP7cf0.tmp
2012-04-21 04:20:27 98304 ----a-w- c:\windows\DUMP6949.tmp
2012-04-19 00:56:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-04-19 00:56:30 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-04-11 13:14:41 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:12:06 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 12:35:51 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-30 04:54:11 0 ----a-w- c:\windows\system32\TempWmicBatchFile.bat
2009-01-21 16:14:40 9780224 ----a-w- c:\program files\openofficeorg30.msi
2008-12-24 04:49:09 33662272 ----a-w- c:\program files\Nokia_PC_Suite_7_1_18_0_eng_us_web.exe
2008-12-20 08:18:06 7317188 ----a-w- c:\program files\klcodec431s.exe
2008-12-19 03:05:17 5115629 ----a-w- c:\program files\RawShooterEssentials.exe
2008-12-18 21:36:47 2400784 ----a-w- c:\program files\WLinstaller.exe
2008-12-18 21:19:32 21736448 ----a-w- c:\program files\eav_nt32_enu.msi
2002-03-11 09:06:30 1822520 ----a-w- c:\program files\instmsiw.exe
2002-03-11 08:45:04 1708856 ----a-w- c:\program files\instmsia.exe
2008-12-20 22:42:49 2826240 --sha-w- c:\windows\system32\amtlib.dll
.
============= FINISH: 13:25:09.04 ===============

#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:26 AM

Posted 18 June 2012 - 03:15 PM

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 banaan

banaan
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:26 AM

Posted 18 June 2012 - 04:40 PM

Thank you for your fast response.
I ran combofix, now all the desktop icons went back to their original position,i got internet too,but notepad is not working which is not a significant problem since i got notepad++.

However Facebook is still redirecting to 63ce2138.qqc.co


Combofix log :

ComboFix 12-06-16.02 - Gyorgy Papp 06/18/2012 16:56:08.4.4 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2562 [GMT -4:00]
Running from: c:\documents and settings\Gyorgy Papp\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 5.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
.
.
((((((((((((((((((((((((( Files Created from 2012-05-18 to 2012-06-18 )))))))))))))))))))))))))))))))
.
.
2012-06-18 17:03 . 2012-06-18 17:03 -------- d-----w- c:\documents and settings\Gyorgy Papp\Application Data\Notepad++
2012-06-18 17:03 . 2012-06-18 17:03 -------- d-----w- c:\program files\Notepad++
2012-06-17 05:14 . 2012-06-17 05:14 -------- d-----w- c:\documents and settings\Gyorgy Papp\Application Data\Ad-Aware Antivirus
2012-06-16 18:19 . 2012-04-04 19:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-12 19:15 . 2008-04-14 12:00 50176 -c--a-w- c:\windows\system32\dllcache\proquota.exe
2012-06-12 19:15 . 2008-04-14 12:00 50176 ----a-w- c:\windows\system32\proquota.exe
2012-06-11 15:25 . 2012-06-11 15:25 -------- d-----w- c:\documents and settings\Gyorgy Papp\Application Data\Anvisoft
2012-06-11 15:19 . 2012-06-17 04:12 -------- d-----w- c:\program files\Anvisoft
2012-06-07 04:04 . 2012-06-07 04:04 -------- d-----w- c:\program files\Dropbox
2012-05-29 03:37 . 2012-01-19 14:22 42864 ----a-r- c:\windows\system32\SBBD.EXE
2012-05-29 03:37 . 2012-01-12 13:26 101112 ----a-r- c:\windows\system32\drivers\SBREDrv.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-31 13:22 . 2008-04-14 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll
2012-05-05 01:43 . 2012-04-26 15:12 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-05 01:43 . 2011-07-19 04:23 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-22 20:39 . 2008-12-18 14:35 98304 ----a-w- c:\windows\DUMP785c.tmp
2012-04-21 13:38 . 2008-12-18 14:35 98304 ----a-w- c:\windows\DUMP7dbb.tmp
2012-04-21 13:36 . 2008-12-18 14:35 98304 ----a-w- c:\windows\DUMP7b69.tmp
2012-04-21 04:42 . 2008-12-18 14:35 98304 ----a-w- c:\windows\DUMP7a12.tmp
2012-04-21 04:39 . 2008-12-18 14:35 98304 ----a-w- c:\windows\DUMP79a4.tmp
2012-04-21 04:37 . 2008-12-18 14:35 98304 ----a-w- c:\windows\DUMP7cf0.tmp
2012-04-21 04:20 . 2008-12-18 14:35 98304 ----a-w- c:\windows\DUMP6949.tmp
2012-04-19 00:56 . 2012-04-19 00:56 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2012-04-19 00:56 . 2012-04-19 00:56 69632 ----a-w- c:\windows\system32\QuickTime.qts
2012-04-11 13:14 . 2008-04-14 12:00 2148352 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-11 13:12 . 2008-04-14 12:00 1862272 ----a-w- c:\windows\system32\win32k.sys
2012-04-11 12:35 . 2008-04-14 00:01 2026496 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-30 04:54 . 2012-03-30 04:54 0 ----a-w- c:\windows\system32\TempWmicBatchFile.bat
2009-01-21 16:14 . 2009-01-21 16:14 9780224 ----a-w- c:\program files\openofficeorg30.msi
2008-12-24 04:49 . 2008-12-24 04:49 33662272 ----a-w- c:\program files\Nokia_PC_Suite_7_1_18_0_eng_us_web.exe
2008-12-20 08:18 . 2008-12-20 08:18 7317188 ----a-w- c:\program files\klcodec431s.exe
2008-12-19 03:05 . 2008-12-19 03:04 5115629 ----a-w- c:\program files\RawShooterEssentials.exe
2008-12-18 21:36 . 2008-12-18 21:36 2400784 ----a-w- c:\program files\WLinstaller.exe
2008-12-18 21:19 . 2008-12-18 21:19 21736448 ----a-w- c:\program files\eav_nt32_enu.msi
2002-03-11 09:06 . 2002-03-11 09:06 1822520 ----a-w- c:\program files\instmsiw.exe
2002-03-11 08:45 . 2002-03-11 08:45 1708856 ----a-w- c:\program files\instmsia.exe
2012-04-26 07:29 . 2011-05-03 05:16 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2008-12-20 22:42 2826240 --sha-w- c:\windows\system32\amtlib.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Gyorgy Papp\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Gyorgy Papp\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Gyorgy Papp\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\documents and settings\Gyorgy Papp\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 139264]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
"RTHDCPL"="RTHDCPL.EXE" [2007-01-30 16116224]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2011-08-10 3076144]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2011-11-12 268640]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
c:\documents and settings\Gyorgy Papp\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\Gyorgy Papp\Application Data\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
ImageMixer 3 SE Camera Monitor Ver.4.lnk - c:\program files\PIXELA\ImageMixer 3 SE Ver.4\Transfer Utility\CameraMonitor.exe [2010-4-16 253952]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
"c:\\Documents and Settings\\Gyorgy Papp\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Common Files\\Java\\Java Update\\jucheck.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\Common Files\\Java\\Java Update\\jusched.exe"=
"c:\\Program Files\\Common Files\\Adobe\\OOBE\\PDApp\\UWA\\AAM Updates Notifier.exe"=
"c:\\Program Files\\java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\LeapFrog\\LeapFrog Connect\\LeapFrogConnect.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"21518:TCP"= 21518:TCP:BitComet 21518 TCP
"21518:UDP"= 21518:UDP:BitComet 21518 UDP
.
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2012-03-13 136176]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 257696]
R3 ALLOW-IO;ALLOW-IO;E:\ALLOW-IO.sys [x]
R3 FXDrv32;FXDrv32;E:\FXDrv32.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2012-03-13 136176]
R3 Leapfrog-USBLAN;Leapfrog-USBLAN;c:\windows\system32\DRIVERS\btblan.sys [2011-11-12 33792]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-26 129976]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 WinDefend;Windows Defender;c:\windows\System32\svchost.exe [2008-04-14 14336]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2011-08-04 118104]
S1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [2011-08-04 103112]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2011-08-10 974944]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 nlsX86cc;Nalpeiron Licensing Service;c:\windows\system32\nlssrv32.exe [2011-02-21 66560]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-04-08 2218600]
S2 TabletServiceWacom;TabletServiceWacom;c:\windows\system32\Wacom_Tablet.exe [2009-03-26 2784256]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 22344]
S3 P1171VID;Creative WebCam Notebook 4036DA175479CE0160D526910278C91B0F6939A58A3599B344DB6F7F;c:\windows\system32\DRIVERS\P1171Vid.sys [2004-03-19 91392]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2008-10-06 15656]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-26 01:43]
.
2012-06-18 c:\windows\Tasks\AdobeAAMUpdater-1.0-KISPITYP-F1E9EB-Gyorgy Papp.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2011-03-11 08:44]
.
2012-06-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2012-06-18 c:\windows\Tasks\Auslogics BoostSpeed Integrator Start On Gyorgy Papp Logon.job
- c:\program files\Auslogics\Auslogics BoostSpeed\BoostSpeed.exe [2012-04-23 21:00]
.
2012-06-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-13 03:57]
.
2012-06-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-03-13 03:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
mWindow Title = Windows Internet Explorer provided by Comcast
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 70.38.38.4 67.205.67.10
FF - ProfilePath - c:\documents and settings\Gyorgy Papp\Application Data\Mozilla\Firefox\Profiles\efg1d8uh.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.com/
FF - prefs.js: network.proxy.ftp - :0
FF - prefs.js: network.proxy.http - :0
FF - prefs.js: network.proxy.socks - :0
FF - prefs.js: network.proxy.ssl - :0
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-Wdf01000.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-06-18 17:10
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(956)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
- - - - - - - > 'lsass.exe'(1016)
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
- - - - - - - > 'explorer.exe'(3556)
c:\windows\system32\WININET.dll
c:\documents and settings\Gyorgy Papp\Application Data\Dropbox\bin\DropboxExt.14.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\LeapFrog\LeapFrog Connect\CommandService.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Comcast\Desktop Doctor\bin\sprtsvc.exe
c:\windows\system32\WTablet\Wacom_TabletUser.exe
c:\windows\RTHDCPL.EXE
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\windows\ALCFDRTM.EXE
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2012-06-18 17:22:59 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-18 21:22
ComboFix2.txt 2012-06-12 19:45
.
Pre-Run: 344,077,643,776 bytes free
Post-Run: 344,558,620,672 bytes free
.
- - End Of File - - 424D0D6D31D0A05D1883069FB779996D

#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:26 AM

Posted 18 June 2012 - 09:22 PM

Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 banaan

banaan
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:26 AM

Posted 18 June 2012 - 10:41 PM

OTL logfile created on: 6/18/2012 11:11:45 PM - Run 1
OTL by OldTimer - Version 3.2.49.0 Folder = C:\Documents and Settings\Gyorgy Papp\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.25 Gb Total Physical Memory | 1.19 Gb Available Physical Memory | 36.71% Memory free
7.96 Gb Paging File | 5.95 Gb Available in Paging File | 74.71% Paging File free
Paging file location(s): C:\pagefile.sys 4989 4989 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 319.42 Gb Free Space | 68.58% Space Free | Partition Type: NTFS
Drive D: | 101.80 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive G: | 1863.01 Gb Total Space | 1134.46 Gb Free Space | 60.89% Space Free | Partition Type: NTFS

Computer Name: KISPITYP-F1E9EB | User Name: Gyorgy Papp | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Gyorgy Papp\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Documents and Settings\Gyorgy Papp\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files\Winamp\winamp.exe (Nullsoft, Inc.)
PRC - C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
PRC - C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
PRC - C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe (LeapFrog Enterprises, Inc.)
PRC - C:\Program Files\Auslogics\Auslogics BoostSpeed\BoostSpeed.exe (Auslogics)
PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)
PRC - C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
PRC - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\WINDOWS\system32\nlssrv32.exe (Nalpeiron Ltd.)
PRC - C:\Program Files\Adobe\Adobe Photoshop Lightroom 3.2\lightroom.exe (Adobe Systems)
PRC - C:\Program Files\ADOBE 5\Adobe Photoshop CS5\Photoshop.exe (Adobe Systems, Incorporated)
PRC - C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
PRC - C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe (Wacom Technology, Corp.)
PRC - C:\WINDOWS\system32\Wacom_Tablet.exe (Wacom Technology, Corp.)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\WINDOWS\ALCFDRTM.EXE (Realtek Semiconductor Corp.)
PRC - C:\Program Files\PIXELA\ImageMixer 3 SE Ver.4\Transfer Utility\CameraMonitor.exe (PIXELA CORPORATION)
PRC - C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe (SupportSoft, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
PRC - C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe (Nero AG)


========== Modules (No Company Name) ==========

MOD - C:\Program Files\Winamp\System\aacdec.w5s ()
MOD - C:\Program Files\Winamp\System\jnetlib.w5s ()
MOD - C:\Program Files\Winamp\Plugins\ml_local.dll ()
MOD - C:\Program Files\Winamp\Plugins\ml_pmp.dll ()
MOD - C:\Program Files\Winamp\System\auth.w5s ()
MOD - C:\Program Files\Winamp\Plugins\pmp_ipod.dll ()
MOD - C:\Program Files\Winamp\System\jpeg.w5s ()
MOD - C:\Program Files\Winamp\Plugins\ml_online.dll ()
MOD - C:\Program Files\Winamp\Plugins\pmp_p4s.dll ()
MOD - C:\Program Files\Winamp\Plugins\pmp_wifi.dll ()
MOD - C:\Program Files\Winamp\System\png.w5s ()
MOD - C:\Program Files\Winamp\System\xml.w5s ()
MOD - C:\Program Files\Winamp\System\playlist.w5s ()
MOD - C:\Program Files\Winamp\tataki.dll ()
MOD - C:\Program Files\Winamp\Plugins\ml_plg.dll ()
MOD - C:\Program Files\Winamp\Plugins\ml_playlists.dll ()
MOD - C:\Program Files\Winamp\Plugins\pmp_android.dll ()
MOD - C:\Program Files\Winamp\Plugins\pmp_usb.dll ()
MOD - C:\Program Files\Winamp\Plugins\out_ds.dll ()
MOD - C:\Program Files\Winamp\zlib.dll ()
MOD - C:\Program Files\Winamp\System\devices.w5s ()
MOD - C:\Program Files\Winamp\System\timer.w5s ()
MOD - C:\Program Files\Winamp\Plugins\ml_rg.dll ()
MOD - C:\Program Files\Winamp\Plugins\ml_transcode.dll ()
MOD - C:\Program Files\Winamp\System\albumart.w5s ()
MOD - C:\Program Files\Winamp\Plugins\out_disk.dll ()
MOD - C:\Program Files\Winamp\System\tagz.w5s ()
MOD - C:\Program Files\Winamp\Plugins\pmp_njb.dll ()
MOD - C:\Program Files\Winamp\Plugins\out_xf.dll ()
MOD - C:\Program Files\Winamp\Plugins\out_null.dll ()
MOD - C:\Program Files\Winamp\System\gif.w5s ()
MOD - C:\Program Files\Winamp\System\bmp.w5s ()
MOD - C:\Program Files\Winamp\Plugins\out_wave.dll ()
MOD - C:\Program Files\Winamp\System\dlmgr.w5s ()
MOD - C:\Program Files\Winamp\System\gracenote.w5s ()
MOD - C:\Program Files\Winamp\System\filereader.w5s ()
MOD - C:\Program Files\Winamp\System\primo.w5s ()
MOD - C:\Program Files\Winamp\Plugins\gen_ff.dll ()
MOD - C:\Program Files\Winamp\Plugins\freeform\wacs\freetype\freetype.wac ()
MOD - C:\Program Files\Winamp\Plugins\gen_ml.dll ()
MOD - C:\Program Files\Winamp\Plugins\in_wm.dll ()
MOD - C:\Program Files\Winamp\Plugins\in_mp3.dll ()
MOD - C:\Program Files\Winamp\Plugins\in_vorbis.dll ()
MOD - C:\Program Files\Winamp\Plugins\ml_devices.dll ()
MOD - C:\Program Files\Winamp\Plugins\ml_disc.dll ()
MOD - C:\Program Files\Winamp\Plugins\gen_jumpex.dll ()
MOD - C:\Program Files\Winamp\Plugins\in_mod.dll ()
MOD - C:\Program Files\Winamp\Plugins\in_midi.dll ()
MOD - C:\Program Files\Winamp\Plugins\in_cdda.dll ()
MOD - C:\Program Files\Winamp\Plugins\in_nsv.dll ()
MOD - C:\Program Files\Winamp\Plugins\in_dshow.dll ()
MOD - C:\Program Files\Winamp\Plugins\in_avi.dll ()
MOD - C:\Program Files\Winamp\Plugins\in_flac.dll ()
MOD - C:\Program Files\Winamp\Plugins\ml_impex.dll ()
MOD - C:\Program Files\Winamp\Plugins\gen_orgler.dll ()
MOD - C:\Program Files\Winamp\Plugins\in_mp4.dll ()
MOD - C:\Program Files\Winamp\Plugins\ml_history.dll ()
MOD - C:\Program Files\Winamp\Plugins\in_mkv.dll ()
MOD - C:\Program Files\Winamp\Plugins\in_flv.dll ()
MOD - C:\Program Files\Winamp\Plugins\ml_autotag.dll ()
MOD - C:\Program Files\Winamp\Plugins\ml_bookmarks.dll ()
MOD - C:\Program Files\Winamp\Plugins\gen_hotkeys.dll ()
MOD - C:\Program Files\Winamp\Plugins\gen_tray.dll ()
MOD - C:\Program Files\Winamp\Plugins\in_swf.dll ()
MOD - C:\Program Files\Winamp\Plugins\in_wave.dll ()
MOD - C:\Program Files\Winamp\Plugins\in_linein.dll ()
MOD - C:\Program Files\Winamp\nsutil.dll ()
MOD - C:\Program Files\Winamp\libsndfile.dll ()
MOD - C:\Program Files\Winamp\libmp4v2.dll ()
MOD - C:\Program Files\Winamp\nde.dll ()
MOD - C:\Program Files\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files\LeapFrog\LeapFrog Connect\QtGui4.dll ()
MOD - C:\Program Files\LeapFrog\LeapFrog Connect\QtCore4.dll ()
MOD - C:\Program Files\Auslogics\Auslogics BoostSpeed\madExcept_.bpl ()
MOD - C:\Program Files\Auslogics\Auslogics BoostSpeed\madBasic_.bpl ()
MOD - C:\Program Files\Auslogics\Auslogics BoostSpeed\madDisAsm_.bpl ()
MOD - C:\Program Files\Notepad++\NppShell_04.dll ()
MOD - C:\Program Files\Nik Software\Silver Efex Pro 2\jpegfhm_shared.fhm ()
MOD - C:\Program Files\Nik Software\Silver Efex Pro 2\tifffhm_shared.fhm ()
MOD - C:\Program Files\ADOBE 5\Adobe Photoshop CS5\QuickTimeGlue.dll ()
MOD - C:\Program Files\Common Files\Adobe\CS5ServiceManager\zlib1.dll ()
MOD - C:\Program Files\PIXELA\ImageMixer 3 SE Ver.4\Transfer Utility\pxl_m17n_tool.dll ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()
MOD - C:\Program Files\OpenOffice.org 3\program\libxml2.dll ()
MOD - C:\WINDOWS\system32\devenum.dll ()


========== Win32 Services (SafeList) ==========

SRV - (WinDefend) -- %ProgramFiles%\Windows Defender\mpsvc.dll File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (LeapFrog Connect Device Service) -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe (LeapFrog Enterprises, Inc.)
SRV - (ekrn) -- C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe (ESET)
SRV - (nvUpdatusService) -- C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (nlsX86cc) -- C:\WINDOWS\system32\nlssrv32.exe (Nalpeiron Ltd.)
SRV - (SwitchBoard) -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (TabletServiceWacom) -- C:\WINDOWS\system32\Wacom_Tablet.exe (Wacom Technology, Corp.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia.)
SRV - (sprtsvc_ddoctorv2) SupportSoft Sprocket Service (ddoctorv2) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe (SupportSoft, Inc.)


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (upperdev) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (FXDrv32) -- E:\FXDrv32.sys File not found
DRV - (Changer) -- File not found
DRV - (catchme) -- C:\ComboFix\catchme.sys File not found
DRV - (ALLOW-IO) -- E:\ALLOW-IO.sys File not found
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (Leapfrog-USBLAN) -- C:\WINDOWS\system32\drivers\btblan.sys (Belcarra Technologies)
DRV - (eamon) -- C:\WINDOWS\system32\drivers\eamon.sys (ESET)
DRV - (epfwtdir) -- C:\WINDOWS\system32\drivers\epfwtdir.sys (ESET)
DRV - (ehdrv) -- C:\WINDOWS\system32\drivers\ehdrv.sys (ESET)
DRV - (wacmoumonitor) -- C:\WINDOWS\system32\drivers\wacmoumonitor.sys (Wacom Technology)
DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
DRV - (wacomvhid) -- C:\WINDOWS\system32\drivers\wacomvhid.sys (Wacom Technology)
DRV - (JRAID) -- C:\WINDOWS\system32\drivers\jraid.sys (JMicron Technology Corp.)
DRV - (wacommousefilter) -- C:\WINDOWS\system32\drivers\wacommousefilter.sys (Wacom Technology)
DRV - (WacomVKHid) -- C:\WINDOWS\system32\drivers\WacomVKHid.sys (Wacom Technology)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (Afc) -- C:\WINDOWS\system32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (P1171VID) -- C:\WINDOWS\system32\drivers\P1171Vid.sys (Creative Technology Ltd.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\ComcastSearch: "URL" = http://search.comcast.net/?q={searchTerms}&cat=Web&con=ie7


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-583907252-448539723-1606980848-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Live Search
IE - HKU\S-1-5-21-583907252-448539723-1606980848-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-583907252-448539723-1606980848-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKU\S-1-5-21-583907252-448539723-1606980848-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-583907252-448539723-1606980848-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BC 1E E5 D7 37 5F CA 01 [binary data]
IE - HKU\S-1-5-21-583907252-448539723-1606980848-1003\..\SearchScopes,DefaultScope = {E519AA1F-E8A8-47ED-92E3-BCFB65055819}
IE - HKU\S-1-5-21-583907252-448539723-1606980848-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-583907252-448539723-1606980848-1003\..\SearchScopes\{2D3BAA0F-F9DB-4E14-8520-FD00F85FB92A}: "URL" = http://www.bing.com/search?FORM=IEFM1&q={searchTerms}&src={referrer:source?}
IE - HKU\S-1-5-21-583907252-448539723-1606980848-1003\..\SearchScopes\{5A2E3EDB-DBF8-472D-B265-A5AA8A062E2E}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-583907252-448539723-1606980848-1003\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1750559
IE - HKU\S-1-5-21-583907252-448539723-1606980848-1003\..\SearchScopes\{E519AA1F-E8A8-47ED-92E3-BCFB65055819}: "URL" = http://search.comcast.net/search?cat=Web&con=toolbar&q={searchTerms}
IE - HKU\S-1-5-21-583907252-448539723-1606980848-1003\..\SearchScopes\Comcast: "URL" = http://search.comcast.net/?cat=web&con=net&q={searchTerms}
IE - HKU\S-1-5-21-583907252-448539723-1606980848-1003\..\SearchScopes\ComcastSearch: "URL" = http://search.comcast.net/?q={searchTerms}&cat=Web&con=ie7
IE - HKU\S-1-5-21-583907252-448539723-1606980848-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-583907252-448539723-1606980848-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\S-1-5-21-583907252-448539723-1606980848-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :0


========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://google.com/"
FF - prefs.js..network.proxy.ftp: ":0"
FF - prefs.js..network.proxy.http: ":0"
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: ":0"
FF - prefs.js..network.proxy.ssl: ":0"
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@yahoo.com/BrowserPlus,version=2.9.8: C:\Documents and Settings\Gyorgy Papp\Local Settings\Application Data\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011/12/24 00:10:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/06 10:01:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/06/18 21:33:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2012/01/02 20:04:32 | 000,000,000 | ---D | M]

[2011/05/03 01:16:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Gyorgy Papp\Application Data\Mozilla\Extensions
[2012/05/02 04:29:52 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Gyorgy Papp\Application Data\Mozilla\Firefox\Profiles\efg1d8uh.default\extensions
[2012/01/02 19:25:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/12/24 00:10:41 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2012/04/26 03:29:06 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/12/09 13:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012/02/12 03:47:35 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/12 03:47:35 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/06/18 17:10:03 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Updater For Comcast Toolbar 3.5) - {164d3751-cac6-4a6d-becd-ea67df61d232} - C:\Program Files\comcasttb\auxi\comcastAu.dll (Visicom Media)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Comcast Toolbar) - {79CEEA4E-C231-4614-9E3B-53B2A02F39B7} - C:\Program Files\comcasttb\comcastdx.dll ()
O3 - HKLM\..\Toolbar: (Comcast Toolbar) - {79CEEA4E-C231-4614-9E3B-53B2A02F39B7} - C:\Program Files\comcasttb\comcastdx.dll ()
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [Monitor] C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe (LeapFrog Enterprises, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKU\S-1-5-21-583907252-448539723-1606980848-1003..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-21-583907252-448539723-1606980848-1005..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Common Files\Ahead\Lib\NMFirstStart.exe (Nero AG)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ImageMixer 3 SE Camera Monitor Ver.4.lnk = C:\Program Files\PIXELA\ImageMixer 3 SE Ver.4\Transfer Utility\CameraMonitor.exe (PIXELA CORPORATION)
O4 - Startup: C:\Documents and Settings\Gyorgy Papp\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Gyorgy Papp\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Documents and Settings\Gyorgy Papp\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-583907252-448539723-1606980848-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-583907252-448539723-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-583907252-448539723-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-583907252-448539723-1606980848-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-583907252-448539723-1606980848-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-583907252-448539723-1606980848-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://cdn.smugmug.com/photos/activex/ImageUploader5-5.5.1.0-082608.cab (Image Uploader Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 70.38.38.4 67.205.67.10
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{29DF941E-8168-462D-AC42-C8770193F4B6}: DhcpNameServer = 70.38.38.4 67.205.67.10
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Gyorgy Papp\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/12/18 19:03:30 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/06/18 22:15:29 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/06/18 21:33:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gyorgy Papp\Start Menu\Programs\Winamp Detector Plug-in
[2012/06/18 21:33:30 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp Detect
[2012/06/18 21:33:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gyorgy Papp\Application Data\Winamp
[2012/06/18 17:23:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2012/06/18 17:16:23 | 000,521,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll
[2012/06/18 16:54:23 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/06/18 16:54:23 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/06/18 16:54:23 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/06/18 16:54:23 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/06/18 16:54:09 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/06/18 16:41:27 | 004,560,591 | R--- | C] (Swearware) -- C:\Documents and Settings\Gyorgy Papp\Desktop\ComboFix.exe
[2012/06/18 13:03:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gyorgy Papp\Start Menu\Programs\Notepad++
[2012/06/18 13:03:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Notepad++
[2012/06/18 13:03:32 | 000,000,000 | ---D | C] -- C:\Program Files\Notepad++
[2012/06/18 13:03:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gyorgy Papp\Application Data\Notepad++
[2012/06/18 12:51:46 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Gyorgy Papp\Desktop\dds.scr
[2012/06/17 01:14:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gyorgy Papp\Application Data\Ad-Aware Antivirus
[2012/06/17 00:12:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/06/17 00:11:30 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Gyorgy Papp\Recent
[2012/06/16 14:19:53 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/06/12 15:15:51 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\proquota.exe
[2012/06/12 15:15:51 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\proquota.exe
[2012/06/11 11:25:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gyorgy Papp\Application Data\Anvisoft
[2012/06/11 11:19:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Gyorgy Papp\Start Menu\Programs\Anvisoft
[2012/06/11 11:19:16 | 000,000,000 | ---D | C] -- C:\Program Files\Anvisoft
[2012/06/07 00:04:07 | 000,000,000 | ---D | C] -- C:\Program Files\Dropbox
[2012/06/06 10:08:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2012/06/06 10:01:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2012/06/06 10:01:08 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2012/05/28 23:37:15 | 000,101,112 | R--- | C] (GFI Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2012/05/28 23:37:15 | 000,042,864 | R--- | C] (GFI Software) -- C:\WINDOWS\System32\SBBD.EXE
[12 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/06/18 23:33:34 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/06/18 23:08:00 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/06/18 22:43:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/06/18 18:17:39 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/06/18 18:17:30 | 000,000,892 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/06/18 18:17:28 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\Auslogics BoostSpeed Integrator Start On Gyorgy Papp Logon.job
[2012/06/18 18:16:59 | 003,468,720 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/06/18 18:15:18 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/06/18 17:40:10 | 000,504,284 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2012/06/18 17:40:10 | 000,097,544 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2012/06/18 17:36:09 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012/06/18 17:10:03 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/06/18 16:40:34 | 004,560,591 | R--- | M] (Swearware) -- C:\Documents and Settings\Gyorgy Papp\Desktop\ComboFix.exe
[2012/06/18 12:59:52 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Gyorgy Papp\defogger_reenable
[2012/06/18 12:48:22 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Gyorgy Papp\Desktop\dds.scr
[2012/06/18 12:48:02 | 000,881,475 | ---- | M] () -- C:\Documents and Settings\Gyorgy Papp\Desktop\SecurityCheck.exe
[2012/06/18 12:47:40 | 000,050,477 | ---- | M] () -- C:\Documents and Settings\Gyorgy Papp\Desktop\Defogger.exe
[2012/06/18 02:00:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-KISPITYP-F1E9EB-Gyorgy Papp.job
[2012/06/17 00:02:35 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\TEMP(2)
[2012/06/16 14:19:55 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/07 00:04:25 | 000,001,046 | ---- | M] () -- C:\Documents and Settings\Gyorgy Papp\Start Menu\Programs\Startup\Dropbox.lnk
[2012/06/07 00:04:00 | 000,001,042 | ---- | M] () -- C:\Documents and Settings\Gyorgy Papp\Desktop\Dropbox.lnk
[2012/06/06 09:56:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/06/02 22:57:26 | 000,233,984 | ---- | M] () -- C:\Documents and Settings\Gyorgy Papp\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/05/31 09:22:09 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll
[2012/05/29 04:31:08 | 000,070,344 | ---- | M] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2012/05/27 21:43:07 | 1392,465,412 | ---- | M] () -- C:\Documents and Settings\Gyorgy Papp\Desktop\John Carter.avi
[2012/05/26 23:32:13 | 000,001,984 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/05/26 01:34:57 | 000,000,132 | ---- | M] () -- C:\Documents and Settings\Gyorgy Papp\Application Data\Adobe PNG Format CS5 Prefs
[2012/05/23 00:14:05 | 000,000,154 | ---- | M] () -- C:\Documents and Settings\Gyorgy Papp\default.pls
[2012/05/23 00:13:59 | 000,000,229 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[12 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/06/18 17:08:09 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/06/18 16:54:23 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/06/18 16:54:23 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/06/18 16:54:23 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/06/18 16:54:23 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/06/18 16:54:23 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/06/18 12:59:52 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Gyorgy Papp\defogger_reenable
[2012/06/18 12:51:49 | 000,881,475 | ---- | C] () -- C:\Documents and Settings\Gyorgy Papp\Desktop\SecurityCheck.exe
[2012/06/18 12:51:49 | 000,050,477 | ---- | C] () -- C:\Documents and Settings\Gyorgy Papp\Desktop\Defogger.exe
[2012/06/16 14:19:55 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2012/06/16 12:44:00 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2012/06/12 15:14:50 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\TEMP(2)
[2012/05/28 23:48:47 | 000,070,344 | ---- | C] () -- C:\WINDOWS\System32\drivers\kgpcpy.cfg
[2012/05/28 00:19:43 | 1392,465,412 | ---- | C] () -- C:\Documents and Settings\Gyorgy Papp\Desktop\John Carter.avi
[2012/05/19 02:20:34 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Gyorgy Papp\Application Data\Adobe PNG Format CS5 Prefs
[2012/02/15 21:05:51 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/09 22:40:00 | 002,783,770 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2012/02/07 02:23:38 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Gyorgy Papp\Application Data\Adobe AIFF Format CS5 Prefs
[2012/01/01 16:40:18 | 000,012,932 | -HS- | C] () -- C:\Documents and Settings\Gyorgy Papp\Local Settings\Application Data\524rmk55y814sg03h7kit2q246271c53c0383
[2012/01/01 16:40:18 | 000,012,932 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\524rmk55y814sg03h7kit2q246271c53c0383
[2011/11/23 16:07:37 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011/05/29 22:45:08 | 000,001,984 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/24 17:12:12 | 000,000,132 | ---- | C] () -- C:\Documents and Settings\Gyorgy Papp\Application Data\Adobe GIF Format CS5 Prefs
[2011/05/03 01:38:41 | 000,292,700 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/05/03 01:38:41 | 000,292,700 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/05/03 01:38:41 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/05/03 01:38:26 | 002,116,894 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2011/05/03 01:16:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/03/26 22:40:20 | 000,001,456 | ---- | C] () -- C:\Documents and Settings\Gyorgy Papp\Local Settings\Application Data\Adobe Save for Web 12.0 Prefs
[2011/02/21 17:17:34 | 000,316,928 | ---- | C] () -- C:\WINDOWS\System32\SilverEfexPro2FC32.dll
[2010/07/25 18:21:18 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\CNMVS5c.DLL
[2010/07/11 00:00:37 | 000,027,148 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:07BF512B
@Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP(2):07BF512B

< End of report >

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:26 AM

Posted 18 June 2012 - 10:57 PM

Hello

Run this custom script and when it is complete I need to know how the computer is doing

Run OTL Script

  • Double-click OTL.exe to start the program.
  • Copy and Paste the following code into the Posted Image textbox. Do not include the word Code
    :OTL
    IE - HKU\S-1-5-21-583907252-448539723-1606980848-1003\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = <http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT1750559>
    @Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:07BF512B
    @Alternate Data Stream - 135 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP(2):07BF512B
    :Files
    ipconfig /flushdns /c
    :Commands
    [PURITY]
    [emptyjava]
    [EMPTYFLASH]
    
  • Then click the Run Fix button at the top.
  • Click Posted Image.
  • OTL may ask to reboot the machine. Please do so if asked.
  • The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.

Let me know How things are doing

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 banaan

banaan
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:26 AM

Posted 18 June 2012 - 11:47 PM

Facebook still redirect to 63ce2138.qqc.co



========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-583907252-448539723-1606980848-1003\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:07BF512B deleted successfully.
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP(2):07BF512B .
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Gyorgy Papp\My Documents\Downloads\cmd.bat deleted successfully.
C:\Documents and Settings\Gyorgy Papp\My Documents\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYJAVA]

User: All Users

User: Default User

User: Gyorgy Papp
->Java cache emptied: 0 bytes

User: HelpAssistant

User: LocalService

User: NetworkService
->Java cache emptied: 0 bytes

User: UpdatusUser

Total Java Files Cleaned = 0.00 mb


[EMPTYFLASH]

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: Gyorgy Papp
->Flash cache emptied: 0 bytes

User: HelpAssistant

User: LocalService

User: NetworkService
->Flash cache emptied: 0 bytes

User: UpdatusUser
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.49.0 log created on 06192012_003900

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:26 AM

Posted 18 June 2012 - 11:51 PM

Hello


In which browser does this happen - check all that are installed


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 banaan

banaan
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:26 AM

Posted 18 June 2012 - 11:56 PM

Firefox and Internet Explorer redirect to the same address : 63ce2138.qqc.co

#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:26 AM

Posted 19 June 2012 - 12:22 AM

Greetings,

I want you to try this and let me know if it fixes IE

first I would like you to go here and click on the fixit button - http://support.microsoft.com/kb/923737


Then I want you to do the following

  • Start Internet Explorer.
  • click on safety
  • click on delete browsing history
  • make sure all boxes are checked
  • click on Tools,
  • click Internet Options.
  • On the Advanced tab, click Reset
  • put a check mark next to Delete Personal Settings
  • click Reset to confirm
  • when complete click the close button
  • restart IE


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 banaan

banaan
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:26 AM

Posted 19 June 2012 - 12:50 AM

I did all of those and its still redirect to 63ce2138.qqc.co

#14 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:26 AM

Posted 19 June 2012 - 01:02 AM

Create and Run Batch File
Open Notepad and copy/paste the entire contents of the codebox below, into Notepad:
@echo off
>Log1.txt (
ipconfig /all
nslookup google.com
nslookup yahoo.com
ping -n 2 google.com
ping -n 2 yahoo.com
route print
)
start Log1.txt
del %0
Save this as router.bat Choose to Save type as - All Files and where to save - Desktop - then close the Notepad file.

It should look like this: Posted Image <--XP
Double-click on router.bat to run it. it will open notepad when done please post back the results
gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#15 banaan

banaan
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:09:26 AM

Posted 19 June 2012 - 01:11 AM

Thank you for your patience. I would have gone crazy already. Here is the result :



Windows IP Configuration



Host Name . . . . . . . . . . . . : kispityp-f1e9eb

Primary Dns Suffix . . . . . . . :

Node Type . . . . . . . . . . . . : Unknown

IP Routing Enabled. . . . . . . . : No

WINS Proxy Enabled. . . . . . . . : No

DNS Suffix Search List. . . . . . : hsd1.fl.comcast.net.



Ethernet adapter Local Area Connection:



Connection-specific DNS Suffix . : hsd1.fl.comcast.net.

Description . . . . . . . . . . . : Realtek RTL8169/8110 Family Gigabit Ethernet NIC

Physical Address. . . . . . . . . : 00-50-8D-B5-2E-C3

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 192.168.1.100

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 192.168.1.1

DHCP Server . . . . . . . . . . . : 192.168.1.1

DNS Servers . . . . . . . . . . . : 70.38.38.4

67.205.67.10

Lease Obtained. . . . . . . . . . : Tuesday, June 19, 2012 12:04:26 AM

Lease Expires . . . . . . . . . . : Wednesday, June 20, 2012 12:04:26 AM



Ethernet adapter Local Area Connection 2:



Media State . . . . . . . . . . . : Media disconnected

Description . . . . . . . . . . . : Realtek RTL8169/8110 Family Gigabit Ethernet NIC #2

Physical Address. . . . . . . . . : 00-50-8D-B5-2E-C4

(root) nameserver = a.root-servers.net
(root) nameserver = b.root-servers.net
(root) nameserver = c.root-servers.net
(root) nameserver = d.root-servers.net
(root) nameserver = e.root-servers.net
(root) nameserver = f.root-servers.net
(root) nameserver = g.root-servers.net
(root) nameserver = h.root-servers.net
(root) nameserver = i.root-servers.net
(root) nameserver = j.root-servers.net
(root) nameserver = k.root-servers.net
(root) nameserver = l.root-servers.net
(root) nameserver = m.root-servers.net
a.root-servers.net internet address = 198.41.0.4
a.root-servers.net AAAA IPv6 address = 2001:503:ba3e::2:30
b.root-servers.net internet address = 192.228.79.201
c.root-servers.net internet address = 192.33.4.12
d.root-servers.net internet address = 128.8.10.90
d.root-servers.net AAAA IPv6 address = 2001:500:2d::d
e.root-servers.net internet address = 192.203.230.10
f.root-servers.net internet address = 192.5.5.241
f.root-servers.net AAAA IPv6 address = 2001:500:2f::f
g.root-servers.net internet address = 192.112.36.4
h.root-servers.net internet address = 128.63.2.53
h.root-servers.net AAAA IPv6 address = 2001:500:1::803f:235
i.root-servers.net internet address = 192.36.148.17
Server: UnKnown
Address: 70.38.38.4

Name: google.com
Addresses: 74.125.226.4, 74.125.226.3, 74.125.226.0, 74.125.226.9
74.125.226.7, 74.125.226.5, 74.125.226.1, 74.125.226.6, 74.125.226.8
74.125.226.2, 74.125.226.14

(root) nameserver = l.root-servers.net
(root) nameserver = m.root-servers.net
(root) nameserver = a.root-servers.net
(root) nameserver = b.root-servers.net
(root) nameserver = c.root-servers.net
(root) nameserver = d.root-servers.net
(root) nameserver = e.root-servers.net
(root) nameserver = f.root-servers.net
(root) nameserver = g.root-servers.net
(root) nameserver = h.root-servers.net
(root) nameserver = i.root-servers.net
(root) nameserver = j.root-servers.net
(root) nameserver = k.root-servers.net
a.root-servers.net internet address = 198.41.0.4
a.root-servers.net AAAA IPv6 address = 2001:503:ba3e::2:30
b.root-servers.net internet address = 192.228.79.201
c.root-servers.net internet address = 192.33.4.12
d.root-servers.net internet address = 128.8.10.90
d.root-servers.net AAAA IPv6 address = 2001:500:2d::d
e.root-servers.net internet address = 192.203.230.10
f.root-servers.net internet address = 192.5.5.241
f.root-servers.net AAAA IPv6 address = 2001:500:2f::f
g.root-servers.net internet address = 192.112.36.4
h.root-servers.net internet address = 128.63.2.53
h.root-servers.net AAAA IPv6 address = 2001:500:1::803f:235
i.root-servers.net internet address = 192.36.148.17
Server: UnKnown
Address: 70.38.38.4

Name: yahoo.com
Addresses: 209.191.122.70, 98.139.183.24, 72.30.38.140



Pinging google.com [74.125.226.4] with 32 bytes of data:



Reply from 74.125.226.4: bytes=32 time=68ms TTL=48

Reply from 74.125.226.4: bytes=32 time=65ms TTL=48



Ping statistics for 74.125.226.4:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 65ms, Maximum = 68ms, Average = 66ms



Pinging yahoo.com [209.191.122.70] with 32 bytes of data:



Reply from 209.191.122.70: bytes=32 time=54ms TTL=47

Reply from 209.191.122.70: bytes=32 time=52ms TTL=47



Ping statistics for 209.191.122.70:

Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 52ms, Maximum = 54ms, Average = 53ms

===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 50 8d b5 2e c3 ...... Realtek RTL8169/8110 Family Gigabit Ethernet NIC - Packet Scheduler Miniport
0x3 ...00 50 8d b5 2e c4 ...... Realtek RTL8169/8110 Family Gigabit Ethernet NIC #2 - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.100 20
127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
169.254.0.0 255.255.0.0 192.168.1.100 192.168.1.100 20
192.168.1.0 255.255.255.0 192.168.1.100 192.168.1.100 20
192.168.1.100 255.255.255.255 127.0.0.1 127.0.0.1 20
192.168.1.255 255.255.255.255 192.168.1.100 192.168.1.100 20
224.0.0.0 240.0.0.0 192.168.1.100 192.168.1.100 20
255.255.255.255 255.255.255.255 192.168.1.100 192.168.1.100 1
255.255.255.255 255.255.255.255 192.168.1.100 3 1
Default Gateway: 192.168.1.1
===========================================================================
Persistent Routes:
None




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users