Jump to content

Mediashifting.com browser hijack


Recommended Posts

Hiya. I seem to be infected with a pesky hijacker/trojan. It keeps randomly opening tabs in Firefox and directing them to mediashifting.com and other sites of the sort. I ran Anti-Malware but it can't remove the thing even after a reboot, and the same infected file shows up again and again when I run a scan. Here are my DDS.txt and Attach.txt logs. Thanks in advance!

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_19

Run by snowgrouse at 1:51:02 on 2011-12-22

Microsoft Windows 7 Home Premium 6.1.7600.0.1252.358.1033.18.4092.3026 [GMT 2:00]

.

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\STacSV64.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\Hpservice.exe

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe

C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\SysWOW64\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\Tablet.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\explorer.exe

C:\Windows\system32\WTablet\TabUserW.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\IDT\WDM\sttray64.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

C:\Windows\system32\Tablet.exe

C:\Program Files (x86)\7 Taskbar Tweaker x64.exe

C:\Program Files (x86)\uTorrent\uTorrent.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Users\snowgrouse\AppData\Roaming\Mozilla\Firefox\Profiles\0rr95vv0.default\extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}\components\afom.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Program Files\Java\jre6\bin\jucheck.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.fi/

mDefault_Page_URL = hxxp://www.bing.com

uWinlogon: Shell=C:\Users\snowgrouse\AppData\Local\11d749c6\X

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: {3706EE7C-3CAD-445D-8A43-03EBC3B75908} - No File

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [spybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

uRun: [7 Taskbar Tweaker] "C:\Program Files (x86)\7 Taskbar Tweaker x64.exe" -hidewnd

uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

mPolicies-system: HideFastUserSwitching = 0 (0x0)

IE: Copy to Semagic - C:\Program Files (x86)\Semagic\copy.htm

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: Semagic - C:\Program Files (x86)\Semagic\link.htm

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

LSP: mswsock.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

DPF: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_19-windows-i586.cab

TCP: DhcpNameServer = 192.168.0.254

TCP: Interfaces\{45A92557-F67C-420D-A522-3E3A8CDB6E6B} : DhcpNameServer = 192.168.0.254

SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: {3706EE7C-3CAD-445D-8A43-03EBC3B75908} - No File

BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll

BHO-X64: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll

BHO-X64: Search Helper - No File

BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO-X64: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

TB-X64: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll

EB-X64: {32683183-48a0-441b-a342-7c2a440a9478} - No File

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

Hosts: 127.0.0.1 www.spywareinfo.com

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\snowgrouse\AppData\Roaming\Mozilla\Firefox\Profiles\0rr95vv0.default\

FF - prefs.js: browser.startup.homepage - hxxp://google.co.uk

FF - component: C:\Users\snowgrouse\AppData\Roaming\Mozilla\Firefox\Profiles\0rr95vv0.default\extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}\components\npAFOM.dll

FF - plugin: C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

FF - plugin: C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

FF - plugin: C:\Program Files (x86)\TabletPlugins\npwacom.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}

FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}

FF - Ext: Tab Mix Plus: {dc572301-7619-498c-a57d-39143191b318} - %profile%\extensions\{dc572301-7619-498c-a57d-39143191b318}

FF - Ext: Memory Fox: {E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B} - %profile%\extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}

FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}

.

============= SERVICES / DRIVERS ===============

.

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_ccf0dd3cb081af84\AESTSr64.exe [2010-2-24 89600]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 ezSharedSvc;Easybits Shared Services for Windows;C:\Windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]

R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-4-26 366152]

R3 enecir;ENE CIR Receiver;C:\Windows\system32\DRIVERS\enecir.sys --> C:\Windows\system32\DRIVERS\enecir.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]

S2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2010-3-20 1153368]

S3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-11-16 228408]

S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-3-19

1038088]

S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS

\netw5v64.sys [?]

S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]

S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]

S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]

S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]

S3 wacmoumonitor;Wacom Mode Helper;C:\Windows\system32\DRIVERS\wacmoumonitor.sys --> C:\Windows\system32\DRIVERS\wacmoumonitor.sys [?]

S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);C:\Windows\system32\drivers\WsAudio_DeviceS(1).sys --> C:\Windows\system32\drivers\WsAudio_DeviceS(1).sys [?]

S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);C:\Windows\system32\drivers\WsAudio_DeviceS(2).sys --> C:\Windows\system32\drivers\WsAudio_DeviceS(2).sys [?]

S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);C:\Windows\system32\drivers\WsAudio_DeviceS(3).sys --> C:\Windows\system32\drivers\WsAudio_DeviceS(3).sys [?]

S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);C:\Windows\system32\drivers\WsAudio_DeviceS(4).sys --> C:\Windows\system32\drivers\WsAudio_DeviceS(4).sys [?]

S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);C:\Windows\system32\drivers\WsAudio_DeviceS(5).sys --> C:\Windows\system32\drivers\WsAudio_DeviceS(5).sys [?]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]

S4 TabletServiceWacom;TabletServiceWacom;C:\Windows\system32\Wacom_Tablet.exe --> C:\Windows\system32\Wacom_Tablet.exe [?]

.

=============== Created Last 30 ================

.

2011-12-21 23:37:27 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

2011-12-21 20:08:56 -------- d-sh--w- C:\Windows\System32\%APPDATA%

2011-12-21 20:04:33 -------- d-sh--w- C:\Users\snowgrouse\AppData\Local\11d749c6

2011-12-17 20:09:27 -------- d-----w- C:\Program Files (x86)\CamStudio

2011-12-15 14:58:27 29288 ----a-w- C:\Windows\System32\drivers\WsAudio_DeviceS(5).sys

2011-12-15 14:57:49 29288 ----a-w- C:\Windows\System32\drivers\WsAudio_DeviceS(4).sys

2011-12-15 14:57:02 29288 ----a-w- C:\Windows\System32\drivers\WsAudio_DeviceS(3).sys

2011-12-15 14:55:54 29288 ----a-w- C:\Windows\System32\drivers\WsAudio_DeviceS(2).sys

2011-12-15 14:55:14 29288 ----a-w- C:\Windows\System32\drivers\WsAudio_DeviceS(1).sys

2011-12-15 14:55:07 892928 ----a-w- C:\Windows\SysWow64\iconv.dll

2011-12-15 14:55:07 675840 ----a-w- C:\Windows\SysWow64\ac3filter.ax

2011-12-15 14:55:07 496640 ----a-w- C:\Windows\SysWow64\xvid.ax

2011-12-14 21:03:57 -------- d-----w- C:\Users\snowgrouse\AppData\Roaming\DigitalTheatrePlayer.50FAA36E94B2E1439B0A75CE1D37D773E96BC306.1

2011-12-14 21:03:52 -------- d-----w- C:\Program Files (x86)\Digital Theatre Player

2011-11-23 05:31:32 -------- d-----w- C:\Users\snowgrouse\AppData\Roaming\IObit

2011-11-23 05:31:31 -------- d-----w- C:\Program Files (x86)\IObit

.

==================== Find3M ====================

.

2011-12-21 00:47:15 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-01-07 09:58:31 178176 ----a-w- C:\Program Files (x86)\7 Taskbar Tweaker x64.exe

2011-01-03 13:36:42 8260783 ----a-w- C:\Program Files (x86)\gfsetup.exe

2010-05-07 04:52:29 1823744 ----a-w- C:\Program Files (x86)\Folder2Iso15.exe

2010-04-09 11:35:42 2668544 ----a-w- C:\Program Files (x86)\VirtualDub.exe

2010-04-09 11:35:18 8704 ----a-w- C:\Program Files (x86)\vdub.exe

2010-04-09 11:35:18 69632 ----a-w- C:\Program Files (x86)\auxsetup.exe

2010-04-09 11:35:16 73728 ----a-w- C:\Program Files (x86)\vdremote.dll

2010-04-09 11:35:16 69632 ----a-w- C:\Program Files (x86)\vdicmdrv.dll

2010-04-09 11:34:54 65536 ----a-w- C:\Program Files (x86)\vdsvrlnk.dll

2009-07-10 11:39:00 350720 ----a-w- C:\Program Files (x86)\hjsplit.exe

2006-11-16 04:44:40 183920 ----a-w- C:\Program Files (x86)\CoreAVCDecoder.ax

2004-07-26 00:16:40 1117491 ----a-w- C:\Program Files (x86)\dvdshrink32setup.exe

2003-04-16 23:38:22 225280 ----a-w- C:\Program Files (x86)\DVD2AVI.exe

2002-12-07 06:38:24 3310495 ----a-w- C:\Program Files (x86)\BulletProofFTP242.exe

2002-06-27 09:33:24 551161 ----a-w- C:\Program Files\bpftp240.exe

2002-06-21 14:54:48 155648 ----a-w- C:\Program Files (x86)\DVD2AVI.vfp

2001-12-18 02:25:26 358 ----a-w- C:\Program Files\Eagle.reg

2006-05-03 09:06:54 163328 --sha-r- C:\Windows\SysWOW64\flvDX.dll

2007-02-21 10:47:16 31232 --sha-r- C:\Windows\SysWOW64\msfDX.dll

2008-03-16 12:30:52 216064 --sha-r- C:\Windows\SysWOW64\nbDX.dll

.

============= FINISH: 1:51:52,47 ===============

Attach.txt

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 19.3.2010 8:03:41

System Uptime: 22.12.2011 1:35:50 (0 hours ago)

.

Motherboard: Hewlett-Packard | | 3637

Processor: AMD Turion II Dual-Core Mobile M520 | Socket S1G3 | 2300/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 450 GiB total, 185,759 GiB free.

D: is FIXED (NTFS) - 15 GiB total, 2,541 GiB free.

E: is FIXED (FAT32) - 0 GiB total, 0,09 GiB free.

F: is CDROM ()

H: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID:

Description: Bluetooth Peripheral Device

Device ID: BTHENUM\{00005005-0000-1000-8000-0002EE000001}

_VID&00010001_PID&00A3\7&802BD4&0&0025D039D0C8_C00000000

Manufacturer:

Name: Bluetooth Peripheral Device

PNP Device ID: BTHENUM\{00005005-0000-1000-8000-0002EE000001}

_VID&00010001_PID&00A3\7&802BD4&0&0025D039D0C8_C00000000

Service:

.

Class GUID:

Description: Bluetooth Peripheral Device

Device ID: BTHENUM\{0000110E-0000-1000-8000-00805F9B34FB}

_VID&00010001_PID&00A3\7&802BD4&0&0025D039D0C8_C00000000

Manufacturer:

Name: Bluetooth Peripheral Device

PNP Device ID: BTHENUM\{0000110E-0000-1000-8000-00805F9B34FB}

_VID&00010001_PID&00A3\7&802BD4&0&0025D039D0C8_C00000000

Service:

.

Class GUID:

Description: Bluetooth Peripheral Device

Device ID: BTHENUM\{00000002-0000-1000-8000-0002EE000002}

_VID&00010001_PID&00A3\7&802BD4&0&0025D039D0C8_C00000000

Manufacturer:

Name: Bluetooth Peripheral Device

PNP Device ID: BTHENUM\{00000002-0000-1000-8000-0002EE000002}

_VID&00010001_PID&00A3\7&802BD4&0&0025D039D0C8_C00000000

Service:

.

Class GUID:

Description: Bluetooth Peripheral Device

Device ID: BTHENUM\{00005557-0000-1000-8000-0002EE000001}

_VID&00010001_PID&00A3\7&802BD4&0&0025D039D0C8_C00000000

Manufacturer:

Name: Bluetooth Peripheral Device

PNP Device ID: BTHENUM\{00005557-0000-1000-8000-0002EE000001}

_VID&00010001_PID&00A3\7&802BD4&0&0025D039D0C8_C00000000

Service:

.

Class GUID:

Description: Bluetooth Peripheral Device

Device ID: BTHENUM\{0000111B-0000-1000-8000-00805F9B34FB}

_VID&00010001_PID&00A3\7&802BD4&0&0025D039D0C8_C00000000

Manufacturer:

Name: Bluetooth Peripheral Device

PNP Device ID: BTHENUM\{0000111B-0000-1000-8000-00805F9B34FB}

_VID&00010001_PID&00A3\7&802BD4&0&0025D039D0C8_C00000000

Service:

.

Class GUID:

Description: Bluetooth Peripheral Device

Device ID: BTHENUM\{00005601-0000-1000-8000-0002EE000001}

_VID&00010001_PID&00A3\7&802BD4&0&0025D039D0C8_C00000000

Manufacturer:

Name: Bluetooth Peripheral Device

PNP Device ID: BTHENUM\{00005601-0000-1000-8000-0002EE000001}

_VID&00010001_PID&00A3\7&802BD4&0&0025D039D0C8_C00000000

Service:

.

==== System Restore Points ===================

.

RP78: 23.11.2011 7:32:30 - Advanced SystemCare RestorePoint

RP79: 23.11.2011 7:36:36 - advancedpro

RP80: 15.12.2011 16:54:06 - ennendrm

RP81: 15.12.2011 16:55:19 - Device Driver Package Install: WsAudio_DeviceS(1) Sound, video and game controllers

RP82: 15.12.2011 16:55:56 - Device Driver Package Install: WsAudio_DeviceS(2) Sound, video and game controllers

RP83: 15.12.2011 16:57:03 - Device Driver Package Install: WsAudio_DeviceS(3) Sound, video and game controllers

RP84: 15.12.2011 16:57:51 - Device Driver Package Install: WsAudio_DeviceS(4) Sound, video and game controllers

RP85: 15.12.2011 16:58:29 - Device Driver Package Install: WsAudio_DeviceS(5) Sound, video and game controllers

.

==== Installed Programs ======================

.

Acrobat.com

Adobe AIR

Adobe Anchor Service CS4

Adobe Bridge CS4

Adobe CMaps CS4

Adobe Color - Photoshop Specific CS4

Adobe Color EU Extra Settings CS4

Adobe Color JA Extra Settings CS4

Adobe Color NA Recommended Settings CS4

Adobe Color Video Profiles CS CS4

Adobe CSI CS4

Adobe Default Language CS4

Adobe Device Central CS4

Adobe ExtendScript Toolkit CS4

Adobe Fonts All

Adobe Linguistics CS4

Adobe Output Module

Adobe PDF Library Files CS4

Adobe Photoshop CS4

Adobe Photoshop CS4 Support

Adobe Photoshop CS5

Adobe Reader 9.1 MUI

Adobe Search for Help

Adobe Service Manager Extension

Adobe Setup

Adobe Shockwave Player

Adobe Type Support CS4

Adobe Update Manager CS4

Adobe WinSoft Linguistics Plugin

Adobe XMP Panels CS4

AdobeColorCommonSetCMYK

AdobeColorCommonSetRGB

Advanced SystemCare 3

AMD USB Filter Driver

Any Video Converter Professional 2.7.9

Atheros Driver Installation Program

µTorrent

BulletProof FTP

CamStudio

Catalyst Control Center - Branding

Catalyst Control Center Core Implementation

Catalyst Control Center Graphics Full Existing

Catalyst Control Center Graphics Full New

Catalyst Control Center Graphics Light

Catalyst Control Center Graphics Previews Common

Catalyst Control Center Graphics Previews Vista

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-core-static

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

Compatibility Pack for the 2007 Office system

Connect

Creative DVD Audio Plugin for Audigy Series

CyberLink DVD Suite

Digital Theatre Player

DVD Decrypter (Remove Only)

DVD Shrink 3.2

EPSON TWAIN 5

FrostWire 4.21.5

GetFLV Pro 8.9.7.3

HiJackThis

HP Advisor

HP Customer Experience Enhancements

HP MediaSmart Webcam

HP Quick Launch Buttons

HP Setup

HP User Guides 0154

HP Wireless Assistant

IDT Audio

InterVideo WinDVD 6

Jasc Paint Shop Pro 9

Java Auto Updater

Java 6 Update 19

JDownloader

JMicron Flash Media Controller Driver

Junk Mail filter update

K-Lite Mega Codec Pack 5.8.3

kuler

LightScribe System Software

ljArchive

Malwarebytes' Anti-Malware version 1.51.2.1300

Microsoft Choice Guard

Microsoft Office Excel MUI (Danish) 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office Excel MUI (Finnish) 2007

Microsoft Office Excel MUI (Norwegian (Bokmål)) 2007

Microsoft Office Excel MUI (Swedish) 2007

Microsoft Office Home and Student 2007

Microsoft Office OneNote MUI (Danish) 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office OneNote MUI (Finnish) 2007

Microsoft Office OneNote MUI (Norwegian (Bokmål)) 2007

Microsoft Office OneNote MUI (Swedish) 2007

Microsoft Office PowerPoint MUI (Danish) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office PowerPoint MUI (Finnish) 2007

Microsoft Office PowerPoint MUI (Norwegian (Bokmål)) 2007

Microsoft Office PowerPoint MUI (Swedish) 2007

Microsoft Office PowerPoint Viewer 2007 (English)

Microsoft Office Proof (Danish) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (Finnish) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (German) 2007

Microsoft Office Proof (Norwegian (Bokmål)) 2007

Microsoft Office Proof (Norwegian (Nynorsk)) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proof (Swedish) 2007

Microsoft Office Proofing (Danish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing (Finnish) 2007

Microsoft Office Proofing (Norwegian (Bokmål)) 2007

Microsoft Office Proofing (Swedish) 2007

Microsoft Office Shared MUI (Danish) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared MUI (Finnish) 2007

Microsoft Office Shared MUI (Norwegian (Bokmål)) 2007

Microsoft Office Shared MUI (Swedish) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Suite Activation Assistant

Microsoft Office Word MUI (Danish) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Office Word MUI (Finnish) 2007

Microsoft Office Word MUI (Norwegian (Bokmål)) 2007

Microsoft Office Word MUI (Swedish) 2007

Microsoft Search Enhancement Pack

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Sync Framework Runtime Native v1.0 (x86)

Microsoft Sync Framework Services Native v1.0 (x86)

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Works

Microsoft_VC80_ATL_x86

Microsoft_VC80_CRT_x86

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFCLOC_x86

Microsoft_VC90_ATL_x86

Microsoft_VC90_CRT_x86

Microsoft_VC90_MFC_x86

Mozilla Firefox (3.6)

MSVCRT

OpenOffice.org 3.2

PDF Settings CS4

PDF Settings CS5

Photoshop Camera Raw

QLBCASL

QuickTime

Realtek 8136 8168 8169 Ethernet Driver

Recovery Manager

Semagic (remove only)

Skype™ 4.0

Spybot - Search & Destroy

StreamTransport version: 1.0.2.2171

Subtitle Workshop 2.51

Suite Shared Configuration CS4

SUPER © v2011.build.48 (April 23, 2011) version v2011.build.48

Tablet

The KMPlayer (remove only)

Trillian

Update for Office 2007 (KB934528)

WebTablet IE Plugin

WebTablet Netscape Plugin

Winamp (remove only)

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Mail

Windows Live Messenger

Windows Live Photo Gallery

Windows Live Sign-in Assistant

Windows Live Sync

Windows Live Toolbar

Windows Live Upload Tool

Windows Live Writer

Windows Media Player Firefox Plugin

VLC media player 1.0.5

VueScan

.

==== Event Viewer Messages From Past Week ========

.

22.12.2011 1:40:54, Error: Service Control Manager [7022] - The Windows Update service hung on starting.

22.12.2011 1:36:44, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with

service-specific error %%-2147023143.

22.12.2011 1:36:14, Error: Service Control Manager [7023] - The Computer Browser service terminated with the

following error: The specified service does not exist as an installed service.

22.12.2011 1:36:10, Error: Service Control Manager [7003] - The SBSD Security Center Service service depends

the following service: wscsvc. This service might not be installed.

22.12.2011 1:36:10, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the

following service: BFE. This service might not be installed.

22.12.2011 1:36:10, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service

depends the following service: BFE. This service might not be installed.

22.12.2011 1:36:06, Error: atikmdag [52236] - CPLIB :: General - Invalid Parameter

22.12.2011 1:36:03, Error: volmgr [46] - Crash dump initialization failed!

21.12.2011 21:38:41, Error: bowser [8003] - The master browser has received a server announcement from the

computer AUKKI-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{45A92557

-F67C-420D-A522-3E3A8CDB6E6B}. The master browser is stopping or an election is being forced.

21.12.2011 1:38:11, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while

waiting for a transaction response from the ShellHWDetection service.

18.12.2011 1:44:58, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while

waiting for a transaction response from the WinDefend service.

.

==== End Of File ===========================

Link to post
Share on other sites

Got the same problem here, everytime i search something with google it send me to some stupid spam sites not even related to the things i search for

malwarebytes doesnt seem to fix this one =-\

tomorrow i will buy a virus scanner and i hope that will solve this annoying problem.

But if someone knows anything about this help would be appriciated.

Link to post
Share on other sites

  • Staff

timeywimey,

Please update MBAM, run a Quick Scan, and post its log.

Next, please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites

Actually, I think I managed to fix it. The hijacker got so vicious this morning (it was starting my computer and turning it off whenever it wanted to) that I got tired of waiting and just ran System Restore. That seems to have helped so far, and the MBAM scan I just did revealed no infected items. I'll come back and start another thread if the hijacker somehow manages to come back. Thanks anyway.

Link to post
Share on other sites

  • Staff

Great news!!

I highly recommend the PRO version of MBAM; with it, it's likely that this issue would have been prevented in the first place.

Now that your computer seems to be in proper working order, please take the following steps to help prevent reinfection:

1) Download and install Javacool's SpywareBlaster, which will prevent malware from being installed on your computer. A tutorial on it can be found here.

2) Go to Windows Update frequently to get all of the latest updates (security or otherwise) for Windows.

3) Make sure your programs are up to date! Older versions may contain security risks. To find out what programs need to be updated, please run Secunia's Software Inspector.

4) WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:

  • Green to go
  • Yellow for caution
  • Red to stop

WOT has an addon available for both Firefox and IE.

5) Be sure to update your Antivirus and Antispyware programs often!

Finally, please also take the time to read Tony Klein's excellent article on: So How Did I Get Infected in the First Place?

Safe surfing,

-screen317

Link to post
Share on other sites

  • 1 month later...
  • Staff

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.