Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Homepage has been HiJacked!!!


  • Please log in to reply
10 replies to this topic

#1 Djsmoov

Djsmoov

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:09:14 PM

Posted 30 September 2012 - 10:53 AM

Hi, I am hoping someone can help me with this issue. I have tried everything and i mean everything to try and rid this trojan from my computer with no luck at all, but doesnt matter what I do, my homepage is still stuck at
(http://home.webalta.ru/).

I have scanned my computer with countless programs including :

- Malwarebytes
- Adware cleaner
- ESET online scanner
- Mini toolbox
- TDSSkiller

To name a few, and have also tried removing (webalta) entries in the registry both in normal and safemodes, but this damn website still keeps popping up everyone. I dont know what else to do. Changing homepage in internet options does nothing at all

Any HELP would be much appreciated

Thanks in advance :)

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:14 PM

Posted 30 September 2012 - 10:57 AM

Download

Junkware removal tool

Launch it and scan should start running.After scan gets completed,post the generated log here.

NOTE:For vista and windows 7,right click on the tool and run as administrator


Download

http://www.bleepingcomputer.com/download/rkill/

Run it and after scan finishes,post the contents of RKILL log located on the desktop here


Download

Autoruns

Extract and launch autoruns.exe

Allow the scan to get finished

Now click on FILE-SAVE

Filename:Autoruns.txt
Save as :Text

Paste the contents of text here

#3 Djsmoov

Djsmoov
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:09:14 PM

Posted 30 September 2012 - 11:23 AM

Thankyou so much for the quick response >

I have attached the logs as per requested.

Junkware removal tool log

Junkware Removal Tool (JRT) by Thisisu
Version: 1.1.7 (09.29.2012)
OS: Windows 7 Professional x64
Ran by Mrsmoov on Mon 01/10/2012 at 2:16:46.63
Blog: http://thisisudax.blogspot.com
**************************************************************




*** Registry Values: 0 Detections



*** Registry Keys: 0 Detections



*** Files: 0 Detections



*** Folders: 0 Detections



*** FireFox detected and repaired



*** Event Viewer Logs - Cleared





**************************************************************
Scan was completed on Mon 01/10/2012 at 2:16:56.89
End of Report


RKILL log

Rkill 2.4.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 10/01/2012 02:19:02 AM in x64 mode.
Windows Version: Windows 7 Professional Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Firewall Disabled

[HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = dword:00000000

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:


127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com

Program finished at: 10/01/2012 02:19:07 AM
Execution time: 0 hours(s), 0 minute(s), and 5 seconds(s)

Auto Run Log\

"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "AdobeAAMUpdater-1.0" "Adobe Updater Startup Utility" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\oobe\pdapp\uwa\updaterstartuputility.exe"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "Adobe ARM" "Adobe Reader and Acrobat Manager" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\arm\1.0\adobearm.exe"
+ "AdobeCS6ServiceManager" "Adobe CS6 Service Manager" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\cs6servicemanager\cs6servicemanager.exe"
+ "APSDaemon" "Apple Push" "Apple Inc." "c:\program files (x86)\common files\apple\apple application support\apsdaemon.exe"
+ "AVG_TRAY" "AVG Tray Monitor" "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg2012\avgtray.exe"
+ "HDAudDeck" "VIA HD Audio CPL" "VIA" "c:\program files (x86)\via\viaudioi\vdeck\vdeck.exe"
+ "iTunesHelper" "iTunesHelper" "Apple Inc." "c:\program files (x86)\itunes\ituneshelper.exe"
+ "SwitchBoard" "SwitchBoard Server (32 bit)" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\switchboard\switchboard.exe"
"C:\Users\Mrsmoov\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup" "" "" ""
+ "GameStop Now.lnk" "GameStop Now" "GameStop Corp." "c:\program files (x86)\gamestop app\now\gamestopnow.exe"
"HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files\windows mail\winmail.exe"
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Active Setup\Installed Components" "" "" ""
+ "Microsoft Windows" "Windows Mail" "Microsoft Corporation" "c:\program files (x86)\windows mail\winmail.exe"
"HKCU\Software\Microsoft\Windows\CurrentVersion\Run" "" "" ""
+ "DAEMON Tools Lite" "DAEMON Tools Lite" "DT Soft Ltd" "c:\program files (x86)\daemon tools lite\dtlite.exe"
+ "Google Update" "Google Installer" "Google Inc." "c:\users\mrsmoov\appdata\local\google\update\googleupdate.exe"
+ "Sidebar" "Windows Desktop Gadgets" "Microsoft Corporation" "c:\program files\windows sidebar\sidebar.exe"
+ "Steam" "Steam" "Valve Corporation" "c:\program files (x86)\steam\steam.exe"
"HKLM\SOFTWARE\Classes\Protocols\Handler" "" "" ""
+ "linkscanner" "Safe Search pluggable protocol" "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg2012\avgppa.dll"
"HKLM\Software\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "AVG Shell Extension" "AVG Shell Extension" "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg2012\avgsea.dll"
+ "WinRAR" "WinRAR shell extension" "Alexander Roshal" "c:\program files\winrar\rarext.dll"
"HKLM\Software\Wow6432Node\Classes\*\ShellEx\ContextMenuHandlers" "" "" ""
+ "AVG Shell Extension" "AVG Shell Extension" "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg2012\avgse.dll"
+ "WinRAR32" "WinRAR shell extension" "Alexander Roshal" "c:\program files\winrar\rarext32.dll"
"HKLM\Software\Classes\AllFileSystemObjects\ShellEx\ContextMenuHandlers" "" "" ""
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll"
"HKLM\Software\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "Gadgets" "Sidebar droptarget" "Microsoft Corporation" "c:\program files\windows sidebar\sbdrop.dll"
+ "NvCplDesktopContext" "" "NVIDIA Corporation" "c:\windows\system32\nvshext.dll"
"HKLM\Software\Wow6432Node\Classes\Directory\Background\ShellEx\ContextMenuHandlers" "" "" ""
+ "Gadgets" "Sidebar droptarget" "Microsoft Corporation" "c:\program files (x86)\windows sidebar\sbdrop.dll"
"HKLM\Software\Wow6432Node\Classes\Folder\Shellex\ColumnHandlers" "" "" ""
+ "PDF Shell Extension" "PDF Shell Extension" "Adobe Systems, Inc." "c:\program files (x86)\common files\adobe\acrobat\activex\pdfshell.dll"
"HKLM\Software\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "AVG Shell Extension" "AVG Shell Extension" "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg2012\avgsea.dll"
+ "MBAMShlExt" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamext.dll"
+ "WinRAR" "WinRAR shell extension" "Alexander Roshal" "c:\program files\winrar\rarext.dll"
"HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\ContextMenuHandlers" "" "" ""
+ "AVG Shell Extension" "AVG Shell Extension" "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg2012\avgse.dll"
+ "WinRAR32" "WinRAR shell extension" "Alexander Roshal" "c:\program files\winrar\rarext32.dll"
"HKLM\Software\Classes\Folder\ShellEx\DragDropHandlers" "" "" ""
+ "WinRAR" "WinRAR shell extension" "Alexander Roshal" "c:\program files\winrar\rarext.dll"
"HKLM\Software\Wow6432Node\Classes\Folder\ShellEx\DragDropHandlers" "" "" ""
+ "WinRAR32" "WinRAR shell extension" "Alexander Roshal" "c:\program files\winrar\rarext32.dll"
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "AVG Do Not Track" "TODO: <File description>" "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg2012\avgdtiea.dll"
+ "AVG Safe Search" "Safe Search for Internet Explorer" "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg2012\avgssiea.dll"
+ "Google Toolbar Helper" "Google Toolbar" "Google Inc." "c:\program files (x86)\google\google toolbar\googletoolbar_64.dll"
+ "Windows Live ID Sign-in Helper" "Microsoft® Windows Live ID Login Helper" "Microsoft Corporation" "c:\program files\common files\microsoft shared\windows live\windowslivelogin.dll"
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects" "" "" ""
+ "Adobe PDF Link Helper" "Adobe PDF Helper for Internet Explorer" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelpershim.dll"
+ "AVG Do Not Track" "TODO: <File description>" "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg2012\avgdtiex.dll"
+ "AVG Safe Search" "Safe Search for Internet Explorer" "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg2012\avgssie.dll"
+ "Google Toolbar Helper" "Google Toolbar" "Google Inc." "c:\program files (x86)\google\google toolbar\googletoolbar_32.dll"
+ "MyAshampoo Toolbar" "Conduit Toolbar" "Conduit Ltd." "c:\program files (x86)\myashampoo\prxtbmya0.dll"
+ "uTorrentControl2 Toolbar" "Conduit Toolbar" "Conduit Ltd." "c:\program files (x86)\utorrentcontrol2\prxtbutor.dll"
+ "Windows Live ID Sign-in Helper" "Microsoft® Windows Live ID Login Helper" "Microsoft Corporation" "c:\program files (x86)\common files\microsoft shared\windows live\windowslivelogin.dll"
"HKLM\Software\Microsoft\Internet Explorer\Toolbar" "" "" ""
+ "Google Toolbar" "Google Toolbar" "Google Inc." "c:\program files (x86)\google\google toolbar\googletoolbar_64.dll"
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar" "" "" ""
+ "Google Toolbar" "Google Toolbar" "Google Inc." "c:\program files (x86)\google\google toolbar\googletoolbar_32.dll"
+ "MyAshampoo Toolbar" "Conduit Toolbar" "Conduit Ltd." "c:\program files (x86)\myashampoo\prxtbmya0.dll"
+ "uTorrentControl2 Toolbar" "Conduit Toolbar" "Conduit Ltd." "c:\program files (x86)\utorrentcontrol2\prxtbutor.dll"
"HKLM\Software\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "AVG Do Not Track" "TODO: <File description>" "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg2012\avgdtiea.dll"
"HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Extensions" "" "" ""
+ "AVG Do Not Track" "TODO: <File description>" "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg2012\avgdtiex.dll"
"Task Scheduler" "" "" ""
+ "\Adobe Flash Player Updater" "Adobe® Flash® Player Update Service 11.4 r402" "Adobe Systems Incorporated" "c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe"
+ "\AdobeAAMUpdater-1.0-Mrsmoov-PC-Mrsmoov" "Adobe Updater Startup Utility" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\oobe\pdapp\uwa\updaterstartuputility.exe"
+ "\GoogleUpdateTaskMachineCore" "Google Installer" "Google Inc." "c:\program files (x86)\google\update\googleupdate.exe"
+ "\GoogleUpdateTaskMachineUA" "Google Installer" "Google Inc." "c:\program files (x86)\google\update\googleupdate.exe"
+ "\GoogleUpdateTaskUserS-1-5-21-2062559977-3047391869-3192783355-1001Core" "Google Installer" "Google Inc." "c:\users\mrsmoov\appdata\local\google\update\googleupdate.exe"
+ "\GoogleUpdateTaskUserS-1-5-21-2062559977-3047391869-3192783355-1001UA" "Google Installer" "Google Inc." "c:\users\mrsmoov\appdata\local\google\update\googleupdate.exe"
+ "\Microsoft\Windows Defender\MP Scheduled Scan" "Microsoft Malware Protection Command Line Utility" "Microsoft Corporation" "c:\program files\windows defender\mpcmdrun.exe"
+ "\Microsoft\Windows Defender\MpIdleTask" "Microsoft Malware Protection Command Line Utility" "Microsoft Corporation" "c:\program files\windows defender\mpcmdrun.exe"
+ "\Microsoft\Windows\NetTrace\GatherNetworkInfo" "" "" "c:\windows\system32\gathernetworkinfo.vbs"
+ "\Microsoft\Windows\Windows Media Sharing\UpdateLibrary" "Windows Media Player Network Sharing Service Configuration Application" "Microsoft Corporation" "c:\program files\windows media player\wmpnscfg.exe"
+ "\MSIAfterburner" "MSIAfterburner" "" "c:\program files (x86)\msi afterburner\msiafterburner.exe"
+ "\SidebarExecute" "Windows Desktop Gadgets" "Microsoft Corporation" "c:\program files\windows sidebar\sidebar.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "AdobeARMservice" "Adobe Acrobat Updater keeps your Adobe software up to date." "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe"
+ "AdobeFlashPlayerUpdateSvc" "This service keeps your Adobe Flash Player installation up to date with the latest enhancements and security fixes." "Adobe Systems Incorporated" "c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe"
+ "Apple Mobile Device" "Provides the interface to Apple mobile devices." "Apple Inc." "c:\program files (x86)\common files\apple\mobile device support\applemobiledeviceservice.exe"
+ "avgfws" "AVG Firewall Service" "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg2012\avgfws.exe"
+ "AVGIDSAgent" "Provides Identity Protection Against Cyber Crime." "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg2012\avgidsagent.exe"
+ "avgwd" "AVG Watchdog Service" "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg2012\avgwdsvc.exe"
+ "Bonjour Service" "Enables hardware devices and software services to automatically configure themselves on the network and advertise their presence." "Apple Inc." "c:\program files\bonjour\mdnsresponder.exe"
+ "Futuremark SystemInfo Service" "Futuremark SystemInfo Service" "Futuremark Corporation" "c:\program files (x86)\common files\futuremark shared\futuremark systeminfo\fmsisvc.exe"
+ "gupdate" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files (x86)\google\update\googleupdate.exe"
+ "gupdatem" "Keeps your Google software up to date. If this service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This service uninstalls itself when there is no Google software using it." "Google Inc." "c:\program files (x86)\google\update\googleupdate.exe"
+ "gusvc" "Google Updater keeps your Google software up to date. If Google Updater Service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work." "Google" "c:\program files (x86)\google\common\google updater\googleupdaterservice.exe"
+ "iPod Service" "iPod hardware management services" "Apple Inc." "c:\program files\ipod\bin\ipodservice.exe"
+ "MBAMScheduler" "Malwarebytes Anti-Malware scheduler" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamscheduler.exe"
+ "MBAMService" "Malwarebytes Anti-Malware service" "Malwarebytes Corporation" "c:\program files (x86)\malwarebytes' anti-malware\mbamservice.exe"
+ "MozillaMaintenance" "The Mozilla Maintenance Service ensures that you have the latest and most secure version of Mozilla Firefox on your computer. Keeping Firefox up to date is very important for your online security, and Mozilla strongly recommends that you keep this service enabled." "Mozilla Foundation" "c:\program files (x86)\mozilla maintenance service\maintenanceservice.exe"
+ "nvsvc" "Provides system and desktop level support to the NVIDIA display driver" "NVIDIA Corporation" "c:\windows\system32\nvvsvc.exe"
+ "PnkBstrA" "PunkBuster Service Component [v1036] http://www.evenbalance.com" "" "c:\windows\syswow64\pnkbstra.exe"
+ "Steam Client Service" "Steam Client Service monitors and updates Steam content" "Valve Corporation" "c:\program files (x86)\common files\steam\steamservice.exe"
+ "Stereo Service" "Provides system support for NVIDIA Stereoscopic 3D driver" "NVIDIA Corporation" "c:\program files (x86)\nvidia corporation\3d vision\nvscpapisvr.exe"
+ "SwitchBoard" "Adobe SwitchBoard" "Adobe Systems Incorporated" "c:\program files (x86)\common files\adobe\switchboard\switchboard.exe"
+ "VIAKaraokeService" "Service binary" "VIA Technologies, Inc." "c:\windows\system32\viakaraokesrv.exe"
+ "WinDefend" "Protection against spyware and potentially unwanted software" "Microsoft Corporation" "c:\program files\windows defender\mpsvc.dll"
+ "wlidsvc" "Enables Windows Live ID authentication." "Microsoft Corporation" "c:\program files\common files\microsoft shared\windows live\wlidsvc.exe"
+ "WMPNetworkSvc" "Shares Windows Media Player libraries to other networked players and media devices using Universal Plug and Play" "Microsoft Corporation" "c:\program files\windows media player\wmpnetwk.exe"
"HKLM\System\CurrentControlSet\Services" "" "" ""
+ "adp94xx" "Adaptec Windows SAS/SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adp94xx.sys"
+ "adpahci" "Adaptec Windows SATA Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\adpahci.sys"
+ "adpu320" "Adaptec StorPort Ultra320 SCSI Driver (X64)" "Adaptec, Inc." "c:\windows\system32\drivers\adpu320.sys"
+ "aliide" "ALi mini IDE Driver" "Acer Laboratories Inc." "c:\windows\system32\drivers\aliide.sys"
+ "amd_sata" "AHCI 1.2 Device Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amd_sata.sys"
+ "amd_xata" "Stor Filter Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amd_xata.sys"
+ "AMDCIR64" "Consumer IR Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdcir64.sys"
+ "amdhub30" "AMD USB 3.0 Hub Driver" "Advanced Micro Devices, INC." "c:\windows\system32\drivers\amdhub30.sys"
+ "amdsata" "AHCI 1.2 Device Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdsata.sys"
+ "amdsbs" "AMD Technology AHCI Compatible Controller Driver for Windows - AMD64 platform" "AMD Technologies Inc." "c:\windows\system32\drivers\amdsbs.sys"
+ "amdxata" "Storage Filter Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\amdxata.sys"
+ "amdxhc" "AMD USB 3.0 Host Controller Driver" "Advanced Micro Devices, INC." "c:\windows\system32\drivers\amdxhc.sys"
+ "arc" "Adaptec RAID Storport Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arc.sys"
+ "arcsas" "Adaptec SAS RAID WS03 Driver" "Adaptec, Inc." "c:\windows\system32\drivers\arcsas.sys"
+ "asahci64" "Asmedia 106x SATA Host Controller Driver" "Asmedia Technology" "c:\windows\system32\drivers\asahci64.sys"
+ "asmthub3" "ASMedia USB3 Hub Driver" "ASMedia Technology Inc" "c:\windows\system32\drivers\asmthub3.sys"
+ "asmtxhci" "ASMEDIA XHCI Host Controller Driver" "ASMedia Technology Inc" "c:\windows\system32\drivers\asmtxhci.sys"
+ "Avgfwfd" "AVG network filter driver" "AVG Technologies CZ, s.r.o." "c:\windows\system32\drivers\avgfwd6a.sys"
+ "AVGIDSDriver" "AVG Technologies IDS Application Activity Monitor Driver" "AVG Technologies CZ, s.r.o. " "c:\windows\system32\drivers\avgidsdrivera.sys"
+ "AVGIDSFilter" "AVG Technologies IDS Application Activity Monitor Filter Driver" "AVG Technologies CZ, s.r.o. " "c:\windows\system32\drivers\avgidsfiltera.sys"
+ "AVGIDSHA" "AVG Technologies IDS Application Activity Monitor Helper Driver" "AVG Technologies CZ, s.r.o. " "c:\windows\system32\drivers\avgidsha.sys"
+ "Avgldx64" "AVG AVI Loader Driver" "AVG Technologies CZ, s.r.o." "c:\windows\system32\drivers\avgldx64.sys"
+ "Avgmfx64" "AVG Resident Shield Minifilter Driver" "AVG Technologies CZ, s.r.o." "c:\windows\system32\drivers\avgmfx64.sys"
+ "Avgrkx64" "AVG Anti-Rootkit Driver" "AVG Technologies CZ, s.r.o." "c:\windows\system32\drivers\avgrkx64.sys"
+ "Avgtdia" "AVG Network connection watcher" "AVG Technologies CZ, s.r.o." "c:\windows\system32\drivers\avgtdia.sys"
+ "b06bdrv" "Broadcom NetXtreme II GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\bxvbda.sys"
+ "b57nd60a" "Broadcom NetXtreme Gigabit Ethernet NDIS6.x Unified Driver." "Broadcom Corporation" "c:\windows\system32\drivers\b57nd60a.sys"
+ "b57xdbd" "Broadcom xD Picture Card Bus Driver" "Broadcom Corporation" "c:\windows\system32\drivers\b57xdbd.sys"
+ "b57xdmp" "Broadcom xD Picture Card Miniport Driver" "Broadcom Corporation" "c:\windows\system32\drivers\b57xdmp.sys"
+ "BrFiltLo" "Windows ME USB Mass-Storage Bulk-Only Lower Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltlo.sys"
+ "BrFiltUp" "Windows ME USB Mass-Storage Bulk-Only Upper Filter Driver" "Brother Industries, Ltd." "c:\windows\system32\drivers\brfiltup.sys"
+ "Brserid" "Brotehr Serial I/F Driver (WDM)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserid.sys"
+ "BrSerWdm" "Brother Serial driver (WDM version)" "Brother Industries Ltd." "c:\windows\system32\drivers\brserwdm.sys"
+ "BrUsbMdm" "Brother USB MDM Driver " "Brother Industries Ltd." "c:\windows\system32\drivers\brusbmdm.sys"
+ "BrUsbSer" "Brother USB Serial Driver" "Brother Industries Ltd." "c:\windows\system32\drivers\brusbser.sys"
+ "bScsiMSa" "Broadcom Memory Stick Driver" "Broadcom Corporation" "c:\windows\system32\drivers\bscsimsa.sys"
+ "cmdide" "CMD PCI IDE Bus Driver" "CMD Technology, Inc." "c:\windows\system32\drivers\cmdide.sys"
+ "cpuz135" "CPUID Driver" "CPUID" "c:\windows\system32\drivers\cpuz135_x64.sys"
+ "dtsoftbus01" "DAEMON Tools Virtual Bus Driver" "DT Soft Ltd" "c:\windows\system32\drivers\dtsoftbus01.sys"
+ "ebdrv" "Broadcom NetXtreme II 10 GigE VBD" "Broadcom Corporation" "c:\windows\system32\drivers\evbda.sys"
+ "elxstor" "Storport Miniport Driver for LightPulse HBAs" "Emulex" "c:\windows\system32\drivers\elxstor.sys"
+ "EtronHub3" "Etron eXtensible Hub Driver." "Etron Technology Inc" "c:\windows\system32\drivers\etronhub3.sys"
+ "EtronXHCI" "Etron eXtensible Host Controller Driver." "Etron Technology Inc" "c:\windows\system32\drivers\etronxhci.sys"
+ "GEARAspiWDM" "CD DVD Filter" "GEAR Software Inc." "c:\windows\system32\drivers\gearaspiwdm.sys"
+ "hcw85cir" "Hauppauge WinTV 885 Consumer IR Driver for eHome" "Hauppauge Computer Works, Inc." "c:\windows\system32\drivers\hcw85cir.sys"
+ "HpSAMD" "Smart Array SAS/SATA Controller Media Driver" "Hewlett-Packard Company" "c:\windows\system32\drivers\hpsamd.sys"
+ "IAMTVE" "Intel® Active Management Technology – KCS" "Intel Corporation" "c:\windows\system32\drivers\iamtve.sys"
+ "IAMTXPE" "Intel® Active Management Technology – KCS" "Intel Corporation" "c:\windows\system32\drivers\iamtxpe.sys"
+ "iaStorV" "Intel Matrix Storage Manager driver - x64" "Intel Corporation" "c:\windows\system32\drivers\iastorv.sys"
+ "IFCoEMP" "Intel® FCoE Storage Virtual Miniport Driver" "Intel® Corporation" "c:\windows\system32\drivers\ifm52x64.sys"
+ "IFCoEVB" "Intel® Ethernet FCoE Protocol NDIS(5.1) Driver" "Intel® Corporation" "c:\windows\system32\drivers\ifp52x64.sys"
+ "iirsp" "Intel/ICP Raid Storport Driver" "Intel Corp./ICP vortex GmbH" "c:\windows\system32\drivers\iirsp.sys"
+ "ioatdma" "Intel® 5000 Series Chipsets Integrated Device - 1A38" "Intel Corporation" "c:\windows\system32\drivers\ioatdma.sys"
+ "ioatdma1" "Intel® 5000 Series Chipsets Integrated Device - 1A38" "Intel Corporation" "c:\windows\system32\drivers\qd162x64.sys"
+ "ioatdma2" "Intel® 5000 Series Chipsets Integrated Device - 1A38" "Intel Corporation" "c:\windows\system32\drivers\qd262x64.sys"
+ "ISCT" "ISCT and IFFS Driver" "" "c:\windows\system32\drivers\isctd64.sys"
+ "iSSetup" "Intel® iSCSI Setup Driver" "Intel Corporation" "c:\windows\system32\drivers\issetup.sys"
+ "iusb3hcs" "Intel® USB 3.0 Host Controller Switch Driver" "Intel Corporation" "c:\windows\system32\drivers\iusb3hcs.sys"
+ "iusb3hub" "Intel® USB 3.0 Hub Driver" "Intel Corporation" "c:\windows\system32\drivers\iusb3hub.sys"
+ "iusb3xhc" "Intel® USB 3.0 eXtensible Host Controller Driver" "Intel Corporation" "c:\windows\system32\drivers\iusb3xhc.sys"
+ "L1C" "Atheros L1c PCI-E Gigabit Ethernet Controller" "Atheros Communications, Inc." "c:\windows\system32\drivers\l1c62x64.sys"
+ "LSI_FC" "LSI Fusion-MPT FC Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_fc.sys"
+ "LSI_SAS" "LSI Fusion-MPT SAS Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas.sys"
+ "LSI_SAS2" "LSI SAS Gen2 Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_sas2.sys"
+ "LSI_SCSI" "LSI Fusion-MPT SCSI Driver (StorPort)" "LSI Corporation" "c:\windows\system32\drivers\lsi_scsi.sys"
+ "MBAMProtector" "Malwarebytes Anti-Malware" "Malwarebytes Corporation" "c:\windows\system32\drivers\mbam.sys"
+ "megasas" "MEGASAS RAID Controller Driver for Windows 7\Server 2008 R2 for x64" "LSI Corporation" "c:\windows\system32\drivers\megasas.sys"
+ "MegaSR" "LSI MegaRAID Software RAID Driver" "LSI Corporation, Inc." "c:\windows\system32\drivers\megasr.sys"
+ "MEIx64" "Intel® Management Engine Interface" "Intel Corporation" "c:\windows\system32\drivers\hecix64.sys"
+ "mv91cons" "Marvell 91xx Confige Device Driver" "Marvell Semiconductor Inc." "c:\windows\system32\drivers\mv91cons.sys"
+ "mv91xx" "Marvell magni Windows Driver" "Marvell Semiconductor, Inc." "c:\windows\system32\drivers\mv91xx.sys"
+ "mvs91xx" "Marvell magni Windows Driver" "Marvell Semiconductor, Inc." "c:\windows\system32\drivers\mvs91xx.sys"
+ "nfrd960" "IBM ServeRAID Controller Driver" "IBM Corporation" "c:\windows\system32\drivers\nfrd960.sys"
+ "nusb3hub" "USB 3.0 Hub Driver" "Renesas Electronics Corporation" "c:\windows\system32\drivers\nusb3hub.sys"
+ "nusb3xhc" "USB 3.0 Host Controller Driver" "Renesas Electronics Corporation" "c:\windows\system32\drivers\nusb3xhc.sys"
+ "nvamacpi" "NVIDIA AM ACPI Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvamacpi.sys"
+ "NVHDA" "NVIDIA HDMI Audio Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvhda64v.sys"
+ "nvlddmkm" "NVIDIA Windows Kernel Mode Driver, Version 306.23 " "NVIDIA Corporation" "c:\windows\system32\drivers\nvlddmkm.sys"
+ "nvraid" "NVIDIA® nForce™ RAID Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvraid.sys"
+ "nvrd64" "NVIDIA® nForce™ RAID Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvrd64.sys"
+ "nvsmu" "NVIDIA nForce™ SMU Microcontroller Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvsmu.sys"
+ "nvstor" "NVIDIA® nForce™ Sata Performance Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvstor.sys"
+ "nvstor64" "NVIDIA® nForce™ Sata Performance Driver" "NVIDIA Corporation" "c:\windows\system32\drivers\nvstor64.sys"
+ "pavboot" "Panda Boot Driver" "Panda Security, S.L." "c:\windows\system32\drivers\pavboot64.sys"
+ "ql2300" "QLogic Fibre Channel Stor Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql2300.sys"
+ "ql40xx" "QLogic iSCSI Storport Miniport Driver" "QLogic Corporation" "c:\windows\system32\drivers\ql40xx.sys"
+ "SBRE" "" "" "File not found: C:\Windows\system32\drivers\SBREdrv.sys"
+ "secdrv" "Macrovision SECURITY Driver" "Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K." "c:\windows\system32\drivers\secdrv.sys"
+ "SiSRaid2" "SiS RAID Stor Miniport Driver" "Silicon Integrated Systems Corp." "c:\windows\system32\drivers\sisraid2.sys"
+ "SiSRaid4" "SiS AHCI Stor-Miniport Driver" "Silicon Integrated Systems" "c:\windows\system32\drivers\sisraid4.sys"
+ "stexstor" "Promise SuperTrak EX Series Driver for Windows " "Promise Technology" "c:\windows\system32\drivers\stexstor.sys"
+ "USBAAPL64" "Apple Mobile Device USB Driver" "Apple, Inc." "c:\windows\system32\drivers\usbaapl64.sys"
+ "usbfilter" "AMD USB Filter Driver" "Advanced Micro Devices" "c:\windows\system32\drivers\usbfilter.sys"
+ "VIAHdAudAddService" "VIA High Definition Audio Function Driver" "VIA Technologies, Inc." "c:\windows\system32\drivers\viahduaa.sys"
+ "viaide" "VIA Generic PCI IDE Bus Driver" "VIA Technologies, Inc." "c:\windows\system32\drivers\viaide.sys"
+ "vsmraid" "VIA RAID DRIVER FOR AMD-X86-64" "VIA Technologies Inc.,Ltd" "c:\windows\system32\drivers\vsmraid.sys"
+ "WDC_SAM" "Manages WD external storage products." "Western Digital Technologies" "c:\windows\system32\drivers\wdcsam64.sys"
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\system32\l3codeca.acm"
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Drivers32" "" "" ""
+ "msacm.l3acm" "MPEG Layer-3 Audio Codec for MSACM" "Fraunhofer Institut Integrierte Schaltungen IIS" "c:\windows\syswow64\l3codeca.acm"
+ "vidc.cvid" "Cinepak® Codec" "Radius Inc." "c:\windows\syswow64\iccvid.dll"
+ "VIDC.RTV1" "" "" "c:\windows\syswow64\rtvcvfw32.dll"
"HKLM\System\CurrentControlSet\Control\Session Manager\BootExecute" "" "" ""
+ "C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart" "AVG Resident Shield Service" "AVG Technologies CZ, s.r.o." "c:\program files (x86)\avg\avg2012\avgrsa.exe"
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers" "" "" ""
+ "WLIDCredentialProvider" "Microsoft® Windows Live ID Credential Provider" "Microsoft Corporation" "c:\program files\common files\microsoft shared\windows live\wlidcredprov.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries" "" "" ""
+ "mdnsNSP" "Bonjour Namespace Provider" "Apple Inc." "c:\program files (x86)\bonjour\mdnsnsp.dll"
+ "WindowsLive Local NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corporation" "c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll"
+ "WindowsLive NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corporation" "c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll"
"HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64" "" "" ""
+ "mdnsNSP" "Bonjour Namespace Provider" "Apple Inc." "c:\program files\bonjour\mdnsnsp.dll"
+ "WindowsLive Local NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corporation" "c:\program files\common files\microsoft shared\windows live\wlidnsp.dll"
+ "WindowsLive NSP" "Microsoft® Windows Live ID Namespace Provider" "Microsoft Corporation" "c:\program files\common files\microsoft shared\windows live\wlidnsp.dll"
"C:\Users\Mrsmoov\AppData\Local\Microsoft\Windows Sidebar\Settings.ini" "" "" ""
+ ".:GPU Observer:." "Lets you observe the current GPU stats of your Graphic Card." "Orbmu2k" "C:\Users\Mrsmoov\AppData\Local\Microsoft\Windows Sidebar\Gadgets\GPUObserver37.gadget\Gadget.xml"
+ "Weather" "See what the weather looks like around the world." "Microsoft Corporation" "C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-us\Gadget.xml"


Again thanks in advance :D

One thing i have noticed is when i open a browser there are 2 processes running with this damn (webalta)thing >

Edited by Djsmoov, 30 September 2012 - 11:25 AM.


#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:14 PM

Posted 30 September 2012 - 11:29 AM

Download

System look

Launch it and copy this script and paste it in notepad

:folderfind
Webaltaservice
:regfind
WebaltaService

Click on LOOK,post the generated log

Edited by narenxp, 30 September 2012 - 11:37 AM.


#5 Djsmoov

Djsmoov
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:09:14 PM

Posted 30 September 2012 - 11:35 AM

Real head scatcher this 1 >

System look log:

SystemLook 30.07.11 by jpshortstuff
Log created at 02:31 on 01/10/2012 by Mrsmoov
Administrator - Elevation successful
WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.

========== folderfind ==========

Searching for "Webaltaservice"
No folders found.

========== regfind ==========

Searching for "WebaltaService"
No data found.

-= EOF =-

My home page is set at > http://www.google.com/ <

Yet everytime i open firfox or IE it opens http://home.webalta.ru/

Driving me insane. There must be a process runing from somewhere........

#6 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:14 PM

Posted 30 September 2012 - 11:39 AM

Download system look from previous link again and copy the script and post the new log

#7 Djsmoov

Djsmoov
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:09:14 PM

Posted 30 September 2012 - 11:44 AM

Updated log:

SystemLook 30.07.11 by jpshortstuff
Log created at 02:43 on 01/10/2012 by Mrsmoov
Administrator - Elevation successful

========== folderfind ==========

Searching for "Webaltaservice"
No folders found.

========== regfind ==========

Searching for "WebaltaService"
No data found.

-= EOF =-

#8 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:14 PM

Posted 30 September 2012 - 11:46 AM

"C:\Users\Mrsmoov\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup" "" "" ""
+ "GameStop Now.lnk" "GameStop Now" "GameStop Corp." "c:\program files (x86)\gamestop app\now\gamestopnow.exe"


Do you remember installing this?

Post the minitoolbox and malwarebytes log

#9 Djsmoov

Djsmoov
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:09:14 PM

Posted 30 September 2012 - 11:56 AM

Yeah thats a game app > similar to steam!

Minitoolbox log

MiniToolBox by Farbar Version: 23-07-2012
Ran by Mrsmoov (administrator) on 01-10-2012 at 02:49:22
Microsoft Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================



127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com

========================= IP Configuration: ================================

Atheros AR8151 PCI-E Gigabit Ethernet Controller (NDIS 6.20) = Local Area Connection (Connected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Mrsmoov-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Bluetooth Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
Physical Address. . . . . . . . . : 00-15-83-3D-0A-57
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Atheros AR8151 PCI-E Gigabit Ethernet Controller (NDIS 6.20)
Physical Address. . . . . . . . . : 50-E5-49-ED-E7-4C
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::95b5:164c:3efd:1871%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.0.2(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Monday, 1 October 2012 1:12:38 AM
Lease Expires . . . . . . . . . . : Tuesday, 2 October 2012 1:12:38 AM
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DHCPv6 IAID . . . . . . . . . . . : 240182601
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-17-70-79-C5-50-E5-49-ED-E7-4C
DNS Servers . . . . . . . . . . . : 192.168.0.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{E525E9C6-4145-4F33-BC4A-F75306A6F7A8}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{04DB38AC-D8EC-464E-A8BD-46EBE84CA128}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6ab8:2c94:2d7f:c30f:cf58(Preferred)
Link-local IPv6 Address . . . . . : fe80::2c94:2d7f:c30f:cf58%15(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 192.168.0.1

Name: google.com
Addresses: 2404:6800:4006:803::1005
74.125.237.102
74.125.237.110
74.125.237.104
74.125.237.103
74.125.237.105
74.125.237.101
74.125.237.99
74.125.237.96
74.125.237.98
74.125.237.100
74.125.237.97


Pinging google.com [74.125.237.102] with 32 bytes of data:
Reply from 74.125.237.102: bytes=32 time=24ms TTL=57
Reply from 74.125.237.102: bytes=32 time=35ms TTL=57

Ping statistics for 74.125.237.102:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 24ms, Maximum = 35ms, Average = 29ms
DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 192.168.0.1

DNS request timed out.
timeout was 2 seconds.
Name: yahoo.com
Addresses: 72.30.38.140
98.139.183.24
98.138.253.109


Pinging yahoo.com [72.30.38.140] with 32 bytes of data:
Reply from 72.30.38.140: bytes=32 time=653ms TTL=55
Reply from 72.30.38.140: bytes=32 time=826ms TTL=55

Ping statistics for 72.30.38.140:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 653ms, Maximum = 826ms, Average = 739ms
DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 192.168.0.1

DNS request timed out.
timeout was 2 seconds.
Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
12...00 15 83 3d 0a 57 ......Bluetooth Device (Personal Area Network)
11...50 e5 49 ed e7 4c ......Atheros AR8151 PCI-E Gigabit Ethernet Controller (NDIS 6.20)
1...........................Software Loopback Interface 1
16...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
13...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
15...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.2 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.0.0 255.255.255.0 On-link 192.168.0.2 276
192.168.0.2 255.255.255.255 On-link 192.168.0.2 276
192.168.0.255 255.255.255.255 On-link 192.168.0.2 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.0.2 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.0.2 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
15 58 ::/0 On-link
1 306 ::1/128 On-link
15 58 2001::/32 On-link
15 306 2001:0:9d38:6ab8:2c94:2d7f:c30f:cf58/128
On-link
11 276 fe80::/64 On-link
15 306 fe80::/64 On-link
15 306 fe80::2c94:2d7f:c30f:cf58/128
On-link
11 276 fe80::95b5:164c:3efd:1871/128
On-link
1 306 ff00::/8 On-link
15 306 ff00::/8 On-link
11 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation)
Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [134528] (Microsoft Corporation)
Catalog5 10 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [134528] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation)
x64-Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog5 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [168304] (Microsoft Corporation)x64-Catalog5 10 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [168304] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

=========================== Installed Programs ============================

3DMark 11 (Version: 1.0.3)
Adobe AIR (Version: 3.1.0.4880)
Adobe Creative Suite 6 Master Collection (Version: 6)
Adobe Flash Player 11 ActiveX (Version: 11.4.402.265)
Adobe Flash Player 11 Plugin (Version: 11.4.402.278)
Adobe Help Manager (Version: 4.0.244)
Adobe Reader X (10.1.4) (Version: 10.1.4)
Adobe Widget Browser (Version: 2.0 Build 348)
Adobe Widget Browser (Version: 2.0.348)
Advanced Combat Tracker (remove only)
Alan Wake's American Nightmare
ANNO 2070 (Version: 1.0.0.0)
Apple Application Support (Version: 2.1.9)
Apple Mobile Device Support (Version: 5.2.0.6)
Apple Software Update (Version: 2.1.3.127)
Ashampoo Burning Studio 6 FREE v.6.80 (Version: 6.8.0)
µTorrent (Version: 3.1.3)
AVG 2012 (Version: 12.0.2221)
AVG 2012 (Version: 12.0.2441)
AVG 2012 (Version: 2012.0.2221)
Batman - Arkham City (Version: 1.0.0.0)
Batman: Arkham City - Harley Quinn's Revenge
Batman: Arkham City™ (Version: 1.0.0003.131)
Bonjour (Version: 3.0.0.10)
Borderlands 2
CPUID CPU-Z 1.60.1
DAEMON Tools Lite (Version: 4.45.4.0315)
Deus Ex: Human Revolution
Diablo III (Version: 1.0.3.10485)
F1 2012
FIFA 13 Demo (Version: 1.0.0.0)
Futuremark SystemInfo (Version: 4.9.0)
GameStop App (Version: 4.00)
Google Chrome (Version: 22.0.1229.79)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.4.3230.2052)
Google Update Helper (Version: 1.3.21.123)
Grand Ages: Rome
Guild Wars 2
GuildStats.NET Client ( Remove only)
iTunes (Version: 10.6.3.25)
Malwarebytes Anti-Malware version 1.65.0.1400 (Version: 1.65.0.1400)
Mass Effect™ 3 (Version: 1.01.0.0)
Max Payne 3 (Version: 1.0.0.0)
Metro 2033
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Games for Windows - LIVE Redistributable (Version: 3.5.92.0)
Microsoft Games for Windows Marketplace (Version: 3.5.50.0)
Microsoft Office 2010 (Version: 14.0.4763.1000)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053)
Microsoft_VC90_CRT_x86 (Version: 1.00.0000)
Mozilla Firefox 15.0.1 (x86 en-US) (Version: 15.0.1)
Mozilla Maintenance Service (Version: 15.0.1)
MSI Afterburner 2.2.2 (Version: 2.2.2)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Mumble 1.2.3 (Version: 1.2.3)
MyAshampoo Toolbar (Version: 6.8.5.1)
NVIDIA 3D Vision Controller Driver 306.23 (Version: 306.23)
NVIDIA 3D Vision Driver 306.23 (Version: 306.23)
NVIDIA Control Panel 306.23 (Version: 306.23)
NVIDIA Graphics Driver 306.23 (Version: 306.23)
NVIDIA HD Audio Driver 1.3.18.0 (Version: 1.3.18.0)
NVIDIA Install Application (Version: 2.1002.85.551)
NVIDIA PhysX (Version: 9.12.0604)
NVIDIA PhysX System Software 9.12.0604 (Version: 9.12.0604)
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.0623)
OpenAL
Origin (Version: 9.0.2.2065)
Panda ActiveScan 2.0 (Version: 01.04.01.0014)
PDF Settings CS6 (Version: 11.0)
Platform (Version: 1.36)
PunkBuster Services (Version: 0.993)
Rapture3D 2.4.9 Game
Rockstar Games Social Club (Version: 1.0.9.5)
Samsung_MonSetup (Version: 1.00.0000)
Sleeping Dogs™
Steam (Version: 1.0.0.0)
TeamSpeak 3 Client (Version: 3.0.6)
TechPowerUp GPU-Z
The Secret World (Version: 1.0.0)
Tom Clancy's Ghost Recon Future Soldier (Version: 1.00)
Torchlight II © Runic Games version 1 (Version: 1)
Ubisoft Game Launcher (Version: 1.0.0.0)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
UseNeXT
uTorrentControl2 Toolbar (Version: 6.8.11.4)
VIA Platform Device Manager (Version: 1.36)
Visual Studio 2008 x64 Redistributables (Version: 10.0.0.2)
VLC media player 2.0.1 (Version: 2.0.1)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
WinRAR 4.20 (64-bit) (Version: 4.20.0)
Worms Crazy Golf

========================= Memory info: ===================================

Percentage of memory in use: 20%
Total physical RAM: 12250.29 MB
Available physical RAM: 9691.63 MB
Total Pagefile: 24498.78 MB
Available Pagefile: 21256.34 MB
Total Virtual: 4095.88 MB
Available Virtual: 3967.42 MB

========================= Partitions: =====================================

1 Drive c: (Windows) (Fixed) (Total:200 GB) (Free:52.24 GB) NTFS
2 Drive d: (Data) (Fixed) (Total:1662.92 GB) (Free:1314.41 GB) NTFS

========================= Users: ========================================

User accounts for \\MRSMOOV-PC

Administrator Guest Mrsmoov

========================= Minidump Files ==================================

No minidump file found

========================= Restore Points ==================================

30-09-2012 05:48:56 Installed SpyHunter
30-09-2012 05:54:42 Removed SpyHunter
30-09-2012 06:01:11 Installed SpyHunter
30-09-2012 13:55:38 Removed SpyHunter

**** End of log ****


Malware log:

Malwarebytes Anti-Malware (PRO) 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.28.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Mrsmoov :: MRSMOOV-PC [administrator]

Protection: Disabled

1/10/2012 2:51:38 AM
mbam-log-2012-10-01 (02-51-38).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 205656
Time elapsed: 3 minute(s), 54 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 4
HKCR\CLSID\{FE704BF8-384B-44E1-8CF2-8DBEB3637A8A} (PUP.ToolBar.WA) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{61EB20A4-D4D5-4276-A2C9-DCCE8CE9F633} (PUP.ToolBar.WA) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{FE704BF8-384B-44E1-8CF2-8DBEB3637A8A} (PUP.ToolBar.WA) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{FE704BF8-384B-44E1-8CF2-8DBEB3637A8A} (PUP.ToolBar.WA) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

#10 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:09:14 PM

Posted 30 September 2012 - 12:03 PM

Lets take a deeper look

Read the guide here on preparing logs

http://www.bleepingcomputer.com/forums/topic34773.html

and create a topic here

http://www.bleepingcomputer.com/forums/forum22.html

Good luck

#11 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,338 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:10:14 PM

Posted 30 September 2012 - 07:35 PM

Removing this part of the discussion as the posting of a (by InadequateInfirmity)
link to a tool that is not known if it will work or is not more malware itself is really poor advice.. and WILL NOT be tolerated. ..
This is your warning.

Note to the OP
Please read this for future use.
Am I Infected? What do I do? How do I get help? Who is helping me?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users