Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

google redirects?


  • Please log in to reply
46 replies to this topic

#1 havoc110

havoc110

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Local time:05:44 AM

Posted 21 October 2012 - 01:17 PM

Hello,

Some background: I recently suffered the FBI moneypak virus. That thread is here:
http://www.bleepingcomputer.com/forums/topic470383.html/page__p__2856877__fromsearch__1#entry2856877

Now I get google redirects. The events may be related or unrelated.

Most google search links are blocked by avast. (Malicious URL blocked).

some URLs that appear when I use the back button on my browser (from the blocked page) are:
merchantcircle
myfindhere
nixxie

Thanks for your help.

Win 7 home premium (64 bit), IE9, avast antivirus (soon to be replaced by whatever is suggested by the bleepingcomputer rep who assists me).

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:44 AM

Posted 21 October 2012 - 05:42 PM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here.If you get crashes in normal mode,run it in safemode with networking

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 havoc110

havoc110
  • Topic Starter

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Local time:05:44 AM

Posted 21 October 2012 - 06:26 PM

I have run tdsskiller, but I can't copy paste the log because it says post too long. and I can't seem to find the option to attach...

please help.

Edited by havoc110, 21 October 2012 - 06:27 PM.


#4 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:44 AM

Posted 21 October 2012 - 06:27 PM

If it has detected nothing,skip it and go to other scans.

#5 havoc110

havoc110
  • Topic Starter

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Local time:05:44 AM

Posted 21 October 2012 - 08:16 PM

aswmbr log:

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-10-21 21:01:52
-----------------------------
21:01:52.725 OS Version: Windows x64 6.1.7600
21:01:52.725 Number of processors: 2 586 0x602
21:01:52.740 ComputerName: DON-W7PC UserName: Don
21:01:55.392 Initialize success
21:01:56.656 AVAST engine defs: 12102101
21:03:21.290 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000054
21:03:21.290 Disk 0 Vendor: ST350041 HP34 Size: 476940MB BusType: 3
21:03:21.290 Disk 0 MBR read successfully
21:03:21.306 Disk 0 MBR scan
21:03:21.602 Disk 0 unknown MBR code
21:03:21.618 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
21:03:21.820 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 466726 MB offset 206848
21:03:21.883 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 10112 MB offset 956061696
21:03:22.132 Disk 0 scanning C:\Windows\system32\drivers
21:03:35.205 Service scanning
21:03:48.044 Modules scanning
21:03:48.044 Disk 0 trace - called modules:
21:03:48.044 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll nvstor64.sys
21:03:48.044 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8003287060]
21:03:48.044 3 CLASSPNP.SYS[fffff8800193343f] -> nt!IofCallDriver -> [0xfffffa8002177d20]
21:03:48.060 5 ACPI.sys[fffff88000e5b781] -> nt!IofCallDriver -> \Device\00000054[0xfffffa80021c78f0]
21:03:50.337 AVAST engine scan C:\Windows
21:03:52.053 AVAST engine scan C:\Windows\system32
21:05:39.646 AVAST engine scan C:\Windows\system32\drivers
21:05:46.776 AVAST engine scan C:\Users\Don
21:07:14.136 AVAST engine scan C:\ProgramData
21:08:14.118 Scan finished successfully
21:15:14.709 Disk 0 MBR has been saved successfully to "C:\Users\Don\Desktop\MBR.dat"
21:15:14.725 The log file has been saved successfully to "C:\Users\Don\Desktop\aswMBR.txt"
21:15:52.648 Disk 0 MBR has been saved successfully to "C:\Users\DonStandard\Desktop\MBR.dat"
21:15:52.648 The log file has been saved successfully to "C:\Users\DonStandard\Desktop\aswMBR.txt"

#6 havoc110

havoc110
  • Topic Starter

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Local time:05:44 AM

Posted 22 October 2012 - 02:44 AM

eset list:

C:\Users\DonStandard\AppData\Local\Temp\eoox23.exe Win32/LockScreen.AMD trojan cleaned by deleting - quarantined

#7 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:44 AM

Posted 22 October 2012 - 10:08 AM

Download

Malwarebytes

Install,update and run a full scan

Click on Show results.Right click on the list ,select all and remove them.

Post the generated log here

Download

mini toolbox

Checkmark following boxes:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries
List last 10 Event Viewer log
List Installed Programs
List Users, Partitions and Memory size
List restore points

Click Go and post the result.

Download

Farbar service scanner

Checkmark all the boxes

Click on "Scan".
Please copy and paste the log to your reply.

Download

adware cleaner

Launch it click on Delete

A log should be generated after scan ,post it here

Download

Junkware removal tool

For vista and windows 7 right click on the tool and select run as administrator

After scan gets completed,post the generated log here.

#8 havoc110

havoc110
  • Topic Starter

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Local time:05:44 AM

Posted 24 October 2012 - 04:21 AM

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.10.23.10

Windows 7 x64 NTFS (Safe Mode/Networking)
Internet Explorer 9.0.8112.16421
Don :: DON-W7PC [administrator]

10/23/2012 9:56:47 PM
mbam-log-2012-10-23 (21-56-47).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 472022
Time elapsed: 44 minute(s), 37 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Users\DonStandard\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\HI88GTVR\pack[1].exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\DonStandard\AppData\Local\Temp\0.9104595532005919 (Trojan.Happili) -> Quarantined and deleted successfully.

(end)

#9 havoc110

havoc110
  • Topic Starter

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Local time:05:44 AM

Posted 24 October 2012 - 04:31 AM

MiniToolBox by Farbar Version: 23-07-2012
Ran by DonStandard (ATTENTION: The logged in user is not administrator) on 24-10-2012 at 05:30:52
Windows 7 Home Premium (X64)
Boot Mode: Network
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================



========================= IP Configuration: ================================

NVIDIA nForce 10/100 Mbps Ethernet = Local Area Connection (Connected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled


popd
# End of IPv4 configuration



Windows IP Configuration

Host Name . . . . . . . . . . . . : Don-w7PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : walsh.dyndns.org

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . : walsh.dyndns.org
Description . . . . . . . . . . . : NVIDIA nForce 10/100 Mbps Ethernet
Physical Address. . . . . . . . . : E0-CB-4E-A7-D1-04
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::f9dc:80b2:f3e4:18ad%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.2.2(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Wednesday, October 24, 2012 5:23:19 AM
Lease Expires . . . . . . . . . . : Saturday, November 30, 2148 11:59:10 AM
Default Gateway . . . . . . . . . : 192.168.2.1
DHCP Server . . . . . . . . . . . : 192.168.2.1
DHCPv6 IAID . . . . . . . . . . . : 249613134
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-1D-C0-8F-E0-CB-4E-A7-D1-04
DNS Servers . . . . . . . . . . . : 192.168.2.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: UnKnown
Address: 192.168.2.1

Name: google.com
Addresses: 2607:f8b0:4004:802::1005
74.125.228.65
74.125.228.72
74.125.228.64
74.125.228.66
74.125.228.67
74.125.228.73
74.125.228.78
74.125.228.70
74.125.228.68
74.125.228.69
74.125.228.71


Pinging google.com [74.125.228.71] with 32 bytes of data:
Reply from 74.125.228.71: bytes=32 time=14ms TTL=55
Reply from 74.125.228.71: bytes=32 time=13ms TTL=55

Ping statistics for 74.125.228.71:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 13ms, Maximum = 14ms, Average = 13ms
Server: UnKnown
Address: 192.168.2.1

Name: yahoo.com
Addresses: 72.30.38.140
98.138.253.109
98.139.183.24


Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=92ms TTL=51
Reply from 98.139.183.24: bytes=32 time=143ms TTL=49

Ping statistics for 98.139.183.24:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 92ms, Maximum = 143ms, Average = 117ms
Server: UnKnown
Address: 192.168.2.1

Name: bleepingcomputer.com
Address: 208.43.87.2


Pinging bleepingcomputer.com [208.43.87.2] with 32 bytes of data:
Reply from 208.43.87.2: Destination host unreachable.
Reply from 208.43.87.2: Destination host unreachable.

Ping statistics for 208.43.87.2:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
11...e0 cb 4e a7 d1 04 ......NVIDIA nForce 10/100 Mbps Ethernet
1...........................Software Loopback Interface 1
13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.2.1 192.168.2.2 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.2.0 255.255.255.0 On-link 192.168.2.2 276
192.168.2.2 255.255.255.255 On-link 192.168.2.2 276
192.168.2.255 255.255.255.255 On-link 192.168.2.2 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.2.2 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.2.2 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
11 276 fe80::/64 On-link
11 276 fe80::f9dc:80b2:f3e4:18ad/128
On-link
1 306 ff00::/8 On-link
11 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [51712] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70144] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [320000] (Microsoft Corporation)

========================= Event log errors: ================================

Could not start eventlog service, could not read events.

System error 5 has occurred.

Access is denied.


=========================== Installed Programs ============================

Update for Microsoft Office 2007 (KB2508958)
Acrobat.com (Version: 2.1.0)
Acrobat.com (Version: 2.1.0.0)
ActiveCheck component for HP Active Support Library (Version: 3.0.0.1)
Adobe AIR (Version: 1.5.3.9130)
Adobe Flash Player 11 ActiveX 64-bit (Version: 11.0.1.152)
Adobe Reader 9.4.4 (Version: 9.4.4)
Adobe Shockwave Player 11.6 (Version: 11.6.1.629)
AutoCAD 2006 - English (Version: 16.2.54.10)
Autodesk DWF Viewer (Version: 5.1)
avast! Free Antivirus (Version: 7.0.1466.0)
Canon MP Navigator 1.0
Colossus
Colossus (Public Testing Build)
Colossus (Special Build)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
CyberLink DVD Suite Deluxe (Version: 7.0.2115)
DirectX for Managed Code Update (Summer 2004) (Version: 9.02.2904)
Documents To Go (Version: 7.006.940)
ESET Online Scanner v3
Full Tilt Poker (Version: 4.27.2.WIN.FullTilt.COM)
Hardware Diagnostic Tools (Version: 6.0.5247.34)
HP Advisor (Version: 3.3.9512.3162)
HP Customer Experience Enhancements (Version: 6.0.1.3)
HP Games (Version: 1.0.0.71)
HP Odometer (Version: 2.10.0000)
HP Remote Solution (Version: 1.1.11.0)
HP Setup (Version: 1.2.3560.3170)
HP Support Assistant (Version: 4.2.5.3)
HP Support Information (Version: 10.1.0002)
HP Update (Version: 5.001.000.014)
HPAsset component for HP Active Support Library (Version: 3.0.0.3)
Java Auto Updater (Version: 2.0.6.1)
Java™ 6 Update 29 (Version: 6.0.290)
Junk Mail filter update (Version: 14.0.8117.416)
LabelPrint (Version: 2.5.2017)
LightScribe System Software (Version: 1.18.8.1)
LSI PCI-SV92EX Soft Modem (Version: 2.2.98)
Malwarebytes Anti-Malware version 1.65.1.1000 (Version: 1.65.1.1000)
Memoir'44 Online 1.2.0 (Version: 1.2.0)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Choice Guard (Version: 2.0.48.0)
Microsoft Live Search Toolbar (Version: 3.0.566.0)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000)
Microsoft Office Home and Student 60 day trial
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Search Enhancement Pack (Version: 1.3.59.0)
Microsoft Silverlight (Version: 4.1.10329.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Sync Framework Runtime Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Sync Framework Services Native v1.0 (x86) (Version: 1.0.1215.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Works (Version: 9.7.0621)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Norton Online Backup (Version: 1.2.20.0)
NVIDIA Drivers (Version: 1.5)
Palm (Version: 4.1.0420)
Pdf995
Picasa 3 (Version: 3.8)
PictureMover (Version: 3.3.1.19)
PlayReady PC Runtime amd64 (Version: 1.3.0)
Power2Go (Version: 6.0.3304)
PowerDirector (Version: 7.0.3503)
Realtek High Definition Audio Driver (Version: 6.0.1.5938)
Recovery Manager (Version: 5.5.2216)
Scrapbook MAX! 2.0 Trial (Version: 2.0.5.1)
swMSM (Version: 12.0.0.1)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Windows Live Call (Version: 14.0.8117.0416)
Windows Live Communications Platform (Version: 14.0.8117.416)
Windows Live Essentials (Version: 14.0.8117.0416)
Windows Live Essentials (Version: 14.0.8117.416)
Windows Live Mail (Version: 14.0.8117.0416)
Windows Live Messenger (Version: 14.0.8117.0416)
Windows Live Movie Maker (Version: 14.0.8117.0416)
Windows Live Photo Gallery (Version: 14.0.8117.416)
Windows Live Sign-in Assistant (Version: 5.000.818.5)
Windows Live Sync (Version: 14.0.8117.416)
Windows Live Toolbar (Version: 14.0.8117.416)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Live Writer (Version: 14.0.8117.0416)
WinRAR 4.00 beta 4 (32-bit) (Version: 4.00.4)
WinZip 14.5 (Version: 14.5.9095)

========================= Memory info: ===================================

Percentage of memory in use: 19%
Total physical RAM: 2815.3 MB
Available physical RAM: 2258.29 MB
Total Pagefile: 5628.75 MB
Available Pagefile: 5116.38 MB
Total Virtual: 4095.88 MB
Available Virtual: 3967.4 MB

========================= Partitions: =====================================

1 Drive c: (COMPAQ) (Fixed) (Total:455.79 GB) (Free:399.7 GB) NTFS
2 Drive d: (FACTORY_IMAGE) (Fixed) (Total:9.87 GB) (Free:1.47 GB) NTFS

========================= Users: ========================================

User accounts for \\DON-W7PC

Administrator Don DonStandard
Guest Steph


**** End of log ****

#10 havoc110

havoc110
  • Topic Starter

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Local time:05:44 AM

Posted 24 October 2012 - 04:42 AM

the adware cleaner report did not open upon reboot as it said it would. as a result, i ran it again. i have located both reports:

first log:

# AdwCleaner v2.005 - Logfile created 10/24/2012 at 05:32:36
# Updated 14/10/2012 by Xplode
# Operating system : Windows 7 Home Premium (64 bits)
# User : Don - DON-W7PC
# Boot Mode : Safe mode with networking
# Running from : C:\Users\DonStandard\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
Folder Deleted : C:\Users\Don\AppData\Local\Temp\boost_interprocess
Folder Deleted : C:\Users\DonStandard\AppData\Local\Temp\boost_interprocess
Folder Deleted : C:\Users\Steph\AppData\Local\Temp\boost_interprocess

***** [Registry] *****

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Key Deleted : HKLM\SOFTWARE\Software

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

*************************

AdwCleaner[S1].txt - [1091 octets] - [24/10/2012 05:32:36]

########## EOF - \AdwCleaner[S1].txt - [1151 octets] ##########


second log:

# AdwCleaner v2.005 - Logfile created 10/24/2012 at 05:36:11
# Updated 14/10/2012 by Xplode
# Operating system : Windows 7 Home Premium (64 bits)
# User : Don - DON-W7PC
# Boot Mode : Normal
# Running from : C:\Users\DonStandard\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****


***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

*************************

AdwCleaner[S2].txt - [505 octets] - [24/10/2012 05:36:11]
AdwCleaner[S1].txt - [1214 octets] - [24/10/2012 05:32:36]

########## EOF - \AdwCleaner[S2].txt - [624 octets] ##########

Edited by havoc110, 24 October 2012 - 04:43 AM.


#11 havoc110

havoc110
  • Topic Starter

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Local time:05:44 AM

Posted 24 October 2012 - 05:15 AM

Junkware Removal Tool (JRT) by Thisisu
Version: 2.0.6 (10.24.2012)
OS: Windows 7 Home Premium x64
Ran by Don on Wed 10/24/2012 at 5:45:07.76
Blog: http://thisisudax.blogspot.com
**************************************************************




*** Services: 0 Detections



*** Registry Values: 0 Detections



*** Registry Keys: 0 Detections



*** Files: 0 Detections



*** Folders: 0 Detections



*** Event Viewer Logs - Cleared





**************************************************************
Scan was completed on Wed 10/24/2012 at 6:03:35.81
End of Report

#12 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:44 AM

Posted 24 October 2012 - 09:21 AM

Reboot into normal mode

Ran by DonStandard (ATTENTION: The logged in user is not administrator) on 24-10-2012 at 05:30:52


log into an admin account.

Run malwarebytes and ESET online scanner again and post the logs.You didnot post the farbar service scanner log yet.

#13 havoc110

havoc110
  • Topic Starter

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Local time:05:44 AM

Posted 24 October 2012 - 05:33 PM

farbar log:

Farbar Service Scanner Version: 19-10-2012
Ran by Don (administrator) on 24-10-2012 at 18:32:39
Running from "C:\Users\Don\Desktop"
Microsoft Windows 7 Home Premium (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============

Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys
[2012-02-15 06:31] - [2011-12-27 23:59] - 0499200 ____A (Microsoft Corporation) DB9D6C6B2CD95A9CA414D045B627422E

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys
[2012-05-10 10:20] - [2012-03-30 07:09] - 1895280 ____A (Microsoft Corporation) 624C5B3AA4C99B3184BB922D9ECE3FF0

C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll
[2009-07-13 20:09] - [2009-07-13 21:41] - 0824832 ____A (Microsoft Corporation) AECAB449567D1846DAD63ECE49E893E3

C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll
[2009-07-13 19:36] - [2009-07-13 21:41] - 0170496 ____A (Microsoft Corporation) 765A27C3279CE11D14CB9E4F5869FCA5

C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll
[2012-10-10 05:30] - [2012-06-02 01:25] - 0182272 ____A (Microsoft Corporation) BAF19B633933A9FB4883D27D66C39E9A

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****

#14 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:05:44 AM

Posted 24 October 2012 - 06:26 PM

Run malwarebytes and ESET online scanner in normal mode again and post the logs

Edited by narenxp, 24 October 2012 - 06:26 PM.


#15 havoc110

havoc110
  • Topic Starter

  • Members
  • 81 posts
  • OFFLINE
  •  
  • Local time:05:44 AM

Posted 24 October 2012 - 06:27 PM

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.10.23.10

Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Don :: DON-W7PC [administrator]

10/24/2012 6:35:18 PM
mbam-log-2012-10-24 (18-35-18).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 467641
Time elapsed: 51 minute(s), 54 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users