misterC

Thanks for your reply i have done the TDSS and the anti root just on with combofix but keeps stopping for some reason, I have to go out now and will try again and post them here tomorrow afternoon thanks

Hey about 2 days ago my nephew was using the laptop to play games not sure how but since then the browsers change and full of adverts (looks like google but its not) here are the required fields for your kind assistance DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 9.0.8112.16450 BrowserJavaVersion: 10.4.0Run by Robbie at 23:04:58 on 2013-06-18Microsoft Windows 7 Professional 6.1.7600.0.1252.44.1033.18.894.71 [GMT 1:00].SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ================.C:\Windows\system32\wininit.exeC:\Windows\system32\lsm.exeC:\Windows\system32\nvvsvc.exeC:\Program Files\NVIDIA Corporation\Display\nvxdsync.exeC:\Windows\system32\nvvsvc.exeC:\Windows\System32\spoolsv.exeC:\ProgramData\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exeC:\Windows\system32\WUDFHost.exeC:\Windows\system32\taskhost.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\ProgramData\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exeC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\Windows\vsnpstd3.exeC:\Windows\System32\rundll32.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Program Files\Internet Explorer\iexplore.exeC:\Windows\system32\SearchIndexer.exeC:\Program Files\NVIDIA Corporation\Display\nvtray.exeC:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Windows\system32\SearchProtocolHost.exeC:\Windows\system32\SearchFilterHost.exeC:\Windows\system32\conhost.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\svchost.exe -k LocalServiceNoNetworkC:\Windows\system32\svchost.exe -k imgsvcC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation.============== Pseudo HJT Report ===============.uWindow Title = Windows Internet Explorer provided by MSN and BingBHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dllBHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dllBHO: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - c:\program files\yontoo\YontooIEClient_2.dlluRun: [scoriz] "c:\windows\system32\rundll32.exe" "c:\users\robbie\appdata\roaming\scoriz.dll",ExecCodeModulemRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"mRun: [snpstd3] c:\windows\vsnpstd3.exeuPolicies-Explorer: NoDriveTypeAutoRun = dword:145mPolicies-System: ConsentPromptBehaviorAdmin = dword:5mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableUIADesktopToggle = dword:0TCP: NameServer = 192.168.1.1TCP: Interfaces\{DA490BEE-9577-45E2-8AEE-0E0DC9119304} : DHCPNameServer = 192.168.1.1AppInit_DLLs= c:\progra~2\browse~1\261339~1.144\{c16c1~1\browse~1.dllSSODL: WebCheck - <orphaned>mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\27.0.1453.116\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome.============= SERVICES / DRIVERS ===============.R2 BrowserProtect;BrowserProtect;c:\programdata\browserprotect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [2013-6-18 3085264]R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-6-18 418376]R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-6-18 701512]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-6-18 22856]R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]S3 skfiltv;skfiltv;c:\windows\system32\drivers\skfiltv.sys [2008-8-14 17408]S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2012-6-6 1343400].=============== Created Last 30 ================.2013-06-18 21:49:14 -------- d-----w- c:\program files\CCleaner2013-06-18 21:28:06 -------- d-----w- c:\users\robbie\appdata\roaming\Malwarebytes2013-06-18 21:27:51 -------- d-----w- c:\programdata\Malwarebytes2013-06-18 21:27:49 22856 ----a-w- c:\windows\system32\drivers\mbam.sys2013-06-18 21:27:49 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware2013-06-18 21:27:29 -------- d-----w- c:\users\robbie\appdata\local\Programs2013-06-08 20:31:18 163504 ----a-w- c:\programdata\microsoft\windows\sqm\manifest\Sqm10144.bin.==================== Find3M ====================..============= FINISH: 23:09:07.14 ===============.UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 7 Professional Boot Device: \Device\HarddiskVolume1Install Date: 04/06/2012 17:11:56System Uptime: 18/06/2013 22:43:46 (1 hours ago).Motherboard: Wistron | | 303CProcessor: AMD Athlon Dual-Core QL-60 | Socket A | 988/133mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 103 GiB total, 82.618 GiB free.D: is FIXED (NTFS) - 9 GiB total, 8.746 GiB free.E: is CDROM (UDF)F: is Removable.==== Disabled Device Manager Items =============.Class GUID: Description: CoprocessorDevice ID: PCI\VEN_10DE&DEV_0753&SUBSYS_360A103C&REV_A2\3&2411E6FE&1&0BManufacturer: Name: CoprocessorPNP Device ID: PCI\VEN_10DE&DEV_0753&SUBSYS_360A103C&REV_A2\3&2411E6FE&1&0BService: .==== System Restore Points ===================.RP103: 03/02/2013 12:03:05 - Scheduled CheckpointRP104: 27/02/2013 07:47:35 - Removed SteamRP105: 27/02/2013 07:50:22 - Removed Skype™ 5.10RP106: 27/02/2013 07:51:08 - Removed Skype Click to CallRP107: 21/03/2013 19:43:59 - Scheduled CheckpointRP108: 16/06/2013 13:17:12 - Restore Operation.==== Installed Programs ======================.Adobe Flash Player 11 ActiveXAdobe Shockwave Player 11.6CCleanerGoogle ChromeGoogle Update HelperJava Auto UpdaterJava 7 Update 4Malwarebytes Anti-Malware version 1.75.0.1300Microsoft .NET Framework 4 Client ProfileNVIDIA Control Panel 301.42NVIDIA Graphics Driver 301.42NVIDIA HD Audio Driver 1.3.16.0NVIDIA Install ApplicationNVIDIA PhysXNVIDIA PhysX System Software 9.12.0213NVIDIA Update 1.8.15NVIDIA Update ComponentsPVSonyDllSecurity Update for Microsoft .NET Framework 4 Client Profile (KB2604121)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)swMSMSystem Progressive ProtectionUpdate for Microsoft .NET Framework 4 Client Profile (KB2468871)Update for Microsoft .NET Framework 4 Client Profile (KB2533523)Update for Microsoft .NET Framework 4 Client Profile (KB2600217).==== Event Viewer Messages From Past Week ========.18/06/2013 22:44:15, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.18/06/2013 22:44:12, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-214702489118/06/2013 22:44:12, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.18/06/2013 22:44:11, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.16/06/2013 16:17:27, Error: Microsoft-Windows-WHEA-Logger [20] - A fatal hardware error has occurred. Component: AMD Northbridge Error Source: Machine Check Exception Error Type: 11 Processor ID: 0 The details view of this entry contains further information..==== End Of File =========================== thanks