Jump to content

Redirect Virus


Recommended Posts

I have a redirect virus. When I do a Google search and click on a link, I am sometimes redirected to unrelated sites. This seems to occur at random and can occur for any link. Any help in removing this virus would be greatly appreciated.

I have done a Quick Scan using Malwarebytes' Anti-Malware program and run the DDS tool. Here are the three logs:

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

Database version: v2012.08.13.04

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Brett :: BRETT-91WMYRWX0 [administrator]

8/13/2012 10:24:41 AM

mbam-log-2012-08-13 (10-24-41).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 258305

Time elapsed: 5 minute(s), 21 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

_____________________________________________________

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_31

Run by Brett at 10:55:17 on 2012-08-13

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1371 [GMT -4:00]

.

AV: AVG Anti-Virus Free *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

C:\Program Files\AVG\AVG9\avgchsvx.exe

C:\Program Files\AVG\AVG9\avgrsx.exe

svchost.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe

C:\WINDOWS\Mixer.exe

C:\WINDOWS\system32\RunDll32.exe

C:\WINDOWS\system32\RunDLL32.exe

C:\Program Files\DivX\DivX Update\DivXUpdate.exe

svchost.exe

C:\program files\real\realplayer\update\realsched.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\AVG\AVG9\avgwdsvc.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\System32\GEARSec.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\Program Files\InterVideo\DVD5R\SchSvr.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\System32\svchost.exe -k imgsvc

C:\Program Files\PowerQuest\Drive Image 7.0\Agent\PQV2iSvc.exe

C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe

C:\Program Files\AVG\AVG9\avgemc.exe

C:\Program Files\AVG\AVG9\avgnsx.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe

C:\WINDOWS\system32\wscntfy.exe

.

============== Pseudo HJT Report ===============

.

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mSearchAssistant = hxxp://www.google.com/ie

uURLSearchHooks: SearchHook Class: {bc86e1ab-eda5-4059-938f-ce307b0c6f0a} - c:\program files\devicevm\browser configuration utility\AddressBarSearch.dll

uURLSearchHooks: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\prxtbFre0.dll

BHO: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\prxtbFre0.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - e:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll

BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll

BHO: IEHlprObj Class: {8ca5ed52-f3fb-4414-a105-2e3491156990} - e:\progra~1\iwinga~1\IWINGA~1.DLL

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\prxtbFre0.dll

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [bCU] "c:\program files\devicevm\browser configuration utility\BCU.exe"

mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe

mRun: [C-Media Mixer] Mixer.exe /startup

mRun: [CmPCIaudio] RunDll32 CMICNFG3.cpl,CMICtrlWnd

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login

mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet

mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW

mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [QuickTime Task] "e:\program files\quicktime\QTTask.exe" -atboottime

mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpimag~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\interv~1.lnk - c:\program files\intervideo\dvd5r\SchSvr.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1265828294639

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: Interfaces\{E6369C99-FB1F-4E1E-8DC0-93AD1E34A0AB} : NameServer = 68.105.28.11,68.105.28.12

Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll

Notify: AtiExtEvent - Ati2evxx.dll

Notify: avgrsstarter - avgrsstx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\brett\application data\mozilla\firefox\profiles\gx45mfd6.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox/

FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprpchromebrowserrecordext.dll

FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll

FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll

FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\musicnotes\npmusicn.dll

FF - plugin: c:\program files\musicnotes\NPSibelius.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_268.dll

FF - plugin: e:\program files\divx\divx ovs helper\npovshelper.dll

FF - plugin: e:\program files\divx\divx plus web player\npdivx32.dll

FF - plugin: e:\program files\quicktime\plugins\npqtplugin.dll

FF - plugin: e:\program files\quicktime\plugins\npqtplugin2.dll

FF - plugin: e:\program files\quicktime\plugins\npqtplugin3.dll

FF - plugin: e:\program files\quicktime\plugins\npqtplugin4.dll

FF - plugin: e:\program files\quicktime\plugins\npqtplugin5.dll

FF - plugin: e:\program files\quicktime\plugins\npqtplugin6.dll

FF - plugin: e:\program files\quicktime\plugins\npqtplugin7.dll

.

============= SERVICES / DRIVERS ===============

.

R0 PQV2i;PQV2i;c:\windows\system32\drivers\PQV2i.sys [2003-6-3 123957]

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-2-11 216400]

R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-2-11 29712]

R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-2-11 243152]

R1 PQIMount;PQIMount;c:\windows\system32\drivers\PQIMount.sys [2003-6-3 46900]

R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-7-16 921952]

R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-16 308136]

R2 ES lite Service;ES lite Service for program management.;c:\program files\gigabyte\easysaver\essvr.exe [2010-2-11 68136]

R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-1-26 50704]

R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-7-9 2214504]

R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2011-7-9 119528]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-12 135664]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-12 135664]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-25 113120]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

S4 BCUService;Browser Configuration Utility Service;c:\program files\devicevm\browser configuration utility\BCUService.exe [2010-2-11 219360]

S4 iWinGamesInstaller;iWinGamesInstaller;e:\program files\iwin games\iWinGamesInstaller.exe [2008-7-17 78104]

.

=============== Created Last 30 ================

.

2012-08-13 14:22:55 -------- d-----w- c:\documents and settings\brett\application data\Malwarebytes

2012-08-13 14:22:28 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-08-13 14:22:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-08-13 14:22:28 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes

2012-07-15 16:51:16 96512 ----a-w- c:\windows\system32\drivers\atapi.sys

.

==================== Find3M ====================

.

2012-08-13 10:49:12 17488 ----a-w- c:\windows\gdrv.sys

2012-07-28 18:58:02 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-07-28 18:58:02 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-07-07 16:59:02 391168 ----a-w- c:\windows\system32\drivers\whldr.dll

2012-07-07 16:57:14 122368 ----a-w- c:\windows\system32\drivers\autos.dll

2012-06-13 13:19:59 1866112 ----a-w- c:\windows\system32\win32k.sys

2012-06-05 15:50:25 1372672 ------w- c:\windows\system32\msxml6.dll

2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll

2012-06-04 04:32:08 152576 ----a-w- c:\windows\system32\schannel.dll

2012-06-02 19:19:44 22040 ----a-w- c:\windows\system32\wucltui.dll.mui

2012-06-02 19:19:38 219160 ----a-w- c:\windows\system32\wuaucpl.cpl

2012-06-02 19:19:38 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui

2012-06-02 19:19:34 15384 ----a-w- c:\windows\system32\wuapi.dll.mui

2012-06-02 19:19:30 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui

2012-05-31 13:22:09 599040 ----a-w- c:\windows\system32\crypt32.dll

2012-05-16 15:08:26 916992 ----a-w- c:\windows\system32\wininet.dll

.

============= FINISH: 10:55:40.37 ===============

_____________________________________________________

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume1

Install Date: 2/11/2010 2:43:12 AM

System Uptime: 8/13/2012 6:48:28 AM (4 hours ago)

.

Motherboard: Gigabyte Technology Co., Ltd. | | GA-MA785GM-US2H

Processor: AMD Athlon™ II X2 245 Processor | Socket M2 | 2913/200mhz

.

==== Disk Partitions =========================

.

A: is Removable

B: is Removable

C: is FIXED (NTFS) - 75 GiB total, 55.404 GiB free.

D: is CDROM ()

E: is FIXED (NTFS) - 466 GiB total, 309.049 GiB free.

.

==== Disabled Device Manager Items =============

.

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: Realtek PCIe GBE Family Controller

Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_E0001458&REV_02\4&36A73F9A&0&0050

Manufacturer: Realtek Semiconductor Corp.

Name: Realtek PCIe GBE Family Controller

PNP Device ID: PCI\VEN_10EC&DEV_8168&SUBSYS_E0001458&REV_02\4&36A73F9A&0&0050

Service: RTLE8023xp

.

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}

Description: 1394 Net Adapter

Device ID: V1394\NIC1394\241DE5C400

Manufacturer: Microsoft

Name: 1394 Net Adapter

PNP Device ID: V1394\NIC1394\241DE5C400

Service: NIC1394

.

==== System Restore Points ===================

.

RP6: 7/13/2012 9:19:55 PM - July 13, 2012

RP7: 7/14/2012 3:38:27 AM - Software Distribution Service 3.0

RP8: 7/14/2012 11:19:38 AM - Software Distribution Service 3.0

RP9: 7/15/2012 1:41:50 PM - System Checkpoint

RP10: 7/16/2012 2:30:54 PM - System Checkpoint

RP11: 7/17/2012 2:34:36 PM - System Checkpoint

RP12: 7/18/2012 2:47:10 PM - System Checkpoint

RP13: 7/19/2012 3:46:51 PM - System Checkpoint

RP14: 7/20/2012 4:26:25 PM - System Checkpoint

RP15: 7/21/2012 4:48:43 PM - System Checkpoint

RP16: 7/22/2012 4:57:25 PM - System Checkpoint

RP17: 7/23/2012 5:31:46 PM - System Checkpoint

RP18: 7/24/2012 8:33:30 PM - System Checkpoint

RP19: 7/26/2012 9:48:10 AM - System Checkpoint

RP20: 7/27/2012 9:59:32 AM - System Checkpoint

RP21: 7/28/2012 12:32:43 PM - System Checkpoint

RP22: 7/29/2012 2:02:09 PM - System Checkpoint

RP23: 7/30/2012 2:17:42 PM - System Checkpoint

RP24: 7/31/2012 3:11:03 PM - System Checkpoint

RP25: 8/1/2012 3:58:26 PM - System Checkpoint

RP26: 8/2/2012 9:59:43 PM - System Checkpoint

RP27: 8/4/2012 9:07:49 AM - System Checkpoint

RP28: 8/5/2012 10:43:47 AM - System Checkpoint

RP29: 8/6/2012 11:25:18 AM - System Checkpoint

RP30: 8/7/2012 7:52:56 PM - System Checkpoint

RP31: 8/9/2012 11:27:57 AM - System Checkpoint

RP32: 8/10/2012 11:32:03 AM - System Checkpoint

RP33: 8/11/2012 12:37:16 PM - System Checkpoint

RP34: 8/12/2012 12:51:22 PM - System Checkpoint

.

==== Installed Programs ======================

.

1400

1400_Help

1400Trb

7-Zip 9.20

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.2)

AiO_Scan

AiOSoftware

Amazing Adventures The Lost Tomb 1.0.0.5

Apple Application Support

Apple Software Update

Aquaria

ATI Catalyst Control Center

ATI Catalyst Install Manager

ATI Display Driver

ATI Parental Control & Encoder

Audacity 1.2.4

AVG Free 9.0

Bastion

Bejeweled 2 Deluxe 1.0

Belarc Advisor 8.1

Big Fish Games: Game Manager

Braid

Browser Configuration Utility

BufferChm

C-Media PCI Audio Device

Catalyst Control Center Core Implementation

Catalyst Control Center Graphics Full Existing

Catalyst Control Center Graphics Full New

Catalyst Control Center Graphics Light

Catalyst Control Center Graphics Previews Common

Catalyst Control Center Localization All

Cave Story+

ccc-core-preinstall

ccc-core-static

ccc-utility

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

CCleaner

Corel WinDVD 2010

CP_AtenaShokunin1Config

CP_CalendarTemplates1

CP_Package_Basic1

CP_Package_Variety1

CP_Package_Variety2

CP_Package_Variety3

CP_Panorama1Config

CueTour

CutePDF Writer 2.8

Destinations

DeviceFunctionQFolder

DeviceManagementQFolder

Diablo II

Divinity II - The Dragon Knight Saga

DivX Setup

DocProc

DocumentViewer

DocumentViewerQFolder

Dolet Light for Finale 2005

Drawn: The Painted Tower ™

Dreamfall: The Longest Journey

Driver Detective

Driver Genius Professional Edition

Dungeon Defenders

EasySaver B9.0904.1

eGames GameButler

eSupportQFolder

Fax

Finale 2005a

Finale Performance Assessment

Fortune Summoners: Secret of the Elemental Stone

Free YouTube Downloader 3.5.126

Freecorder Toolbar

FullDPAppQFolder

Google Toolbar for Internet Explorer

Google Update Helper

Gratuitous Space Battles Demo

GSP Sudoku

Hidden Mysteries Buckingham Palace

Hidden Mysteries Civil War

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows XP (KB2633952)

Hotfix for Windows XP (KB942288-v3)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB958655-v2)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB976098-v2)

HP Document Viewer 5.3

HP Image Zone 5.3

HP Imaging Device Functions 5.3

HP PSC & OfficeJet 5.3.B

HP Software Update

HP Solution Center & Imaging Support Tools 5.3

HPProductAssistant

Igor - The Time Machine

Insaniquarium Deluxe 1.0

Instant Play Piano

InstantShareDevices

InterVideo WinDVD Recorder 5

IrfanView (remove only)

iWin Games (remove only)

Java Auto Updater

Java™ 6 Update 31

Jazz Jackrabbit 2

Jewel Quest Mysteries Curse of the Emerald Tear (remove only)

Luxor 3

Machinarium

Mahjongg Master 4

Malwarebytes Anti-Malware version 1.62.0.1300

Maxima 5.26.0

Microsoft .NET Framework (English)

Microsoft .NET Framework (English) v1.0.3705

Microsoft .NET Framework 1.0 Hotfix (KB928367)

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2656353)

Microsoft .NET Framework 1.1 Security Update (KB2656370)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft .NET Framework 4 Multi-Targeting Pack

Microsoft Application Error Reporting

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft FrontPage Client - English

Microsoft Help Viewer 1.0

Microsoft Kernel-Mode Driver Framework Feature Pack 1.7

Microsoft Office Professional Edition 2003

Microsoft Silverlight

Microsoft SQL Server Compact 3.5 SP2 ENU

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual Basic .NET Standard 2003 - English

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft Visual C++ 2010 Express - ENU

Microsoft XNA Framework Redistributable 4.0

MixMeister

Morrowind

Mozilla Firefox 14.0.1 (x86 en-US)

Mozilla Maintenance Service

MSDN Library for Visual Studio .NET 2003

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Music Coach Player

Musicnotes Software Suite 1.5.3

Nero 8 Essentials

neroxml

NewCopy

Nimbus

NVIDIA Control Panel 275.33

NVIDIA Display Control Panel

NVIDIA Graphics Driver 275.33

NVIDIA HD Audio Driver 1.2.23.3

NVIDIA Install Application

NVIDIA nView 135.85

NVIDIA nView Desktop Manager

NVIDIA PhysX

NVIDIA PhysX System Software 9.10.0514

NVIDIA Update 1.3.5

NVIDIA Update Components

Oddworld: Abe's Exoddus

Oddworld: Abe's Oddysee

Oddworld: Munch's Oddysee

Oddworld: Stranger's Wrath

OpenAL

Orcs Must Die!

PanoStandAlone

PCI Audio Driver

pdfsam

Peggle Deluxe 1.0

PhotoGallery

Plants vs. Zombies: Game of the Year

Portal

PowerDVD

PowerQuest Drive Image 7.0

Prince of Persia

ProductContext

Psychonauts

Puzzle Quest Galactrix

QuickTime

RandMap

Readme

Realm of the Mad God

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealPlayer

REALTEK GbE & FE Ethernet PCI-E NIC Driver

RealUpgrade 1.1

RevoluTV 2.1

Rise of the Argonauts

RUSH

Sanctum

Scan

ScannerCopy

Scratch

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft Windows (KB2564958)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2618444)

Security Update for Windows Internet Explorer 8 (KB2647516)

Security Update for Windows Internet Explorer 8 (KB2675157)

Security Update for Windows Internet Explorer 8 (KB2699988)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2584146)

Security Update for Windows XP (KB2585542)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB2598479)

Security Update for Windows XP (KB2603381)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2619339)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2631813)

Security Update for Windows XP (KB2646524)

Security Update for Windows XP (KB2653956)

Security Update for Windows XP (KB2655992)

Security Update for Windows XP (KB2659262)

Security Update for Windows XP (KB2661637)

Security Update for Windows XP (KB2676562)

Security Update for Windows XP (KB2685939)

Security Update for Windows XP (KB2686509)

Security Update for Windows XP (KB2691442)

Security Update for Windows XP (KB2695962)

Security Update for Windows XP (KB2698365)

Security Update for Windows XP (KB2707511)

Security Update for Windows XP (KB2718523)

Security Update for Windows XP (KB2719985)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977165)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB978262)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982665)

SEGA Genesis & Mega Drive Classics

Serif WebPlus X4

Serif WebPlus X4 Resources

Skins

SkinsHP1

SolutionCenter

Sonic Foundry ACID XPress 3.0d

Sonic_PrimoSDK

SpaceChem

Status

Steam

System Requirements Lab CYRI

Terraria

TES Construction Set

The Elder Scrolls IV: Oblivion

The Longest Journey

Tobe's Vertical Adventure

Toki Tori

TorchED

Torchlight

TrayApp

Two Explorers

Unload

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Windows Internet Explorer 8 (KB2598845)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB2718704)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

Update for Windows XP (KB978207)

Vampire: The Masquerade - Bloodlines

VC80CRTRedist - 8.0.50727.6195

Visual Basic .NET Standard 2003 - English

Visual Studio.NET Baseline - English

VVVVVV

WebFldrs XP

WebReg

Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Internet Explorer 8

Windows Media Format 11 runtime

Windows Media Player 11

Windows XP Service Pack 3

WinPcap 4.1.1

WinX Free DVD Ripper 4.5.14

Worms Reloaded

yEd Graph Editor 3.8

.

==== Event Viewer Messages From Past Week ========

.

8/8/2012 5:00:22 PM, error: Print [6161] - The document Finale 2005a - [Melody in C Minor, Op. 3b.MUS] owned by Brett failed to print on printer HP PSC 1400 series. Data type: NT EMF 1.008. Size of the spool file in bytes: 0. Number of bytes printed: 0. Total number of pages in the document: 0. Number of pages printed: 0. Client machine: \\BRETT-91WMYRWX0. Win32 error code returned by the print processor: 259 (0x103).

8/13/2012 10:55:19 AM, error: Service Control Manager [7016] - The GEARSecurity service has reported an invalid current state 0.

.

==== End Of File ===========================

Link to post
Share on other sites

Welcome to the forum.

Please go to your control panels add/remove programs and uninstall:

iWin Games (remove only)

Then.......

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller to your desktop.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

MrC

Link to post
Share on other sites

Thanks for the reply. Here is the report:

RogueKiller V7.6.6 [08/10/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo...13-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Normal mode

User: Brett [Admin rights]

Mode: Scan -- Date: 08/13/2012 14:18:57

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 7 ¤¤¤

[Rans.Gendarm] HKUS\S-1-5-19_Classes[...]\Run : Update (rundll32.exe "C:\Documents and Settings\Brett\Application Data\Corel\Corel\mijimxh.dll",DllRegisterServer) -> FOUND

[Rans.Gendarm] HKUS\S-1-5-20_Classes[...]\Run : Update (rundll32.exe "C:\Documents and Settings\Brett\Application Data\Corel\Corel\mijimxh.dll",DllRegisterServer) -> FOUND

[sUSP PATH] HKLM\[...]\RunOnce : iWinArcadeIECleanup (C:\DOCUME~1\Brett\LOCALS~1\Temp\iWinArcadeAutocleanup.bat) -> FOUND

[DNS] HKLM\[...]\ControlSet001\Parameters\Interfaces\{E6369C99-FB1F-4E1E-8DC0-93AD1E34A0AB} : NameServer (68.105.28.11,68.105.28.12) -> FOUND

[DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{E6369C99-FB1F-4E1E-8DC0-93AD1E34A0AB} : NameServer (68.105.28.11,68.105.28.12) -> FOUND

[DNS] HKLM\[...]\ControlSet003\Parameters\Interfaces\{E6369C99-FB1F-4E1E-8DC0-93AD1E34A0AB} : NameServer (68.105.28.11,68.105.28.12) -> FOUND

[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : Rans.Gendarm ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST380013AS +++++

--- User ---

[MBR] 0af982d224b094e7a4bd73d4de3180e3

[bSP] 0e39d6266a9c5dcc72339f867e4fd8c6 : Windows XP MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76316 Mo

User = LL1 ... OK!

User = LL2 ... OK!

+++++ PhysicalDrive1: WDC WD5000AAKS-00D2B0 +++++

--- User ---

[MBR] 76731482a8ca6ea4294aac8691a8d0cf

[bSP] b365f41492cccc72ce7492ac83eba308 : Standard MBR Code

Partition table:

0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476937 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1].txt >>

RKreport[1].txt

Link to post
Share on other sites

Run RogueKiller again and click Scan

When the scan completes > click on the Registry tab

Put a check next to all of these and uncheck the rest: (if found)

¤¤¤ Registry Entries: 7 ¤¤¤

[Rans.Gendarm] HKUS\S-1-5-19_Classes[...]\Run : Update (rundll32.exe "C:\Documents and Settings\Brett\Application Data\Corel\Corel\mijimxh.dll",DllRegisterServer) -> FOUND

[Rans.Gendarm] HKUS\S-1-5-20_Classes[...]\Run : Update (rundll32.exe "C:\Documents and Settings\Brett\Application Data\Corel\Corel\mijimxh.dll",DllRegisterServer) -> FOUND

Now click Delete on the right hand column under Options

~~~~~~~~~~~~~~~~

Next..............

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

I ran ComboFix twice. The first time I ran it, it stopped during the scan and ended with a blue screen that included the following information:

A problem has been detected and windows has been shut down to prevent damage to your computer.

Plug and Play detected an error most likely caused by a faulty driver.

Technical information:

*** STOP: 0x000000CA (0x00000004,0x897E3148,0x00000000,0x00000000)

The second time I ran it, it finished and produced a log file, but during the scan, an error message appeared titled "PEV.exe - Application Error". After ComboFix finished, the message was gone.

Should I be concerned about either of these errors?

Here is the ComboFix.txt information:

ComboFix 12-08-13.01 - Brett 08/13/2012 21:24:31.1.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1458 [GMT -4:00]

Running from: c:\documents and settings\Brett\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\TEMP

c:\documents and settings\All Users\Start Menu\HP Image Zone .lnk

c:\documents and settings\Brett\Application Data\PriceGong

c:\documents and settings\Brett\Application Data\PriceGong\Data\1.xml

c:\documents and settings\Brett\Application Data\PriceGong\Data\a.xml

c:\documents and settings\Brett\Application Data\PriceGong\Data\b.xml

c:\documents and settings\Brett\Application Data\PriceGong\Data\c.xml

c:\documents and settings\Brett\Application Data\PriceGong\Data\d.xml

c:\documents and settings\Brett\Application Data\PriceGong\Data\e.xml

c:\documents and settings\Brett\Application Data\PriceGong\Data\f.xml

c:\documents and settings\Brett\Application Data\PriceGong\Data\g.xml

c:\documents and settings\Brett\Application Data\PriceGong\Data\h.xml

c:\documents and settings\Brett\Application Data\PriceGong\Data\i.xml

c:\documents and settings\Brett\Application Data\PriceGong\Data\J.xml

c:\documents and settings\Brett\Application Data\PriceGong\Data\k.xml

c:\documents and settings\Brett\Application Data\PriceGong\Data\l.xml

c:\documents and settings\Brett\Application Data\PriceGong\Data\m.xml

c:\documents and settings\Brett\Application Data\PriceGong\Data\mru.xml

c:\documents and settings\Brett\Application Data\PriceGong\Data\n.xml

c:\documents and settings\Brett\Application Data\PriceGong\Data\o.xml

c:\documents and settings\Brett\Application Data\PriceGong\Data\p.xml

c:\documents and settings\Brett\Application Data\PriceGong\Data\q.xml

c:\documents and settings\Brett\Application Data\PriceGong\Data\r.xml

c:\documents and settings\Brett\Application Data\PriceGong\Data\s.xml

c:\documents and settings\Brett\Application Data\PriceGong\Data\t.xml

c:\documents and settings\Brett\Application Data\PriceGong\Data\u.xml

c:\documents and settings\Brett\Application Data\PriceGong\Data\v.xml

c:\documents and settings\Brett\Application Data\PriceGong\Data\w.xml

c:\documents and settings\Brett\Application Data\PriceGong\Data\x.xml

c:\documents and settings\Brett\Application Data\PriceGong\Data\y.xml

c:\documents and settings\Brett\Application Data\PriceGong\Data\z.xml

c:\documents and settings\Brett\WINDOWS

c:\windows\system32\dllcache\dlimport.exe

c:\windows\system32\dllcache\wmpvis.dll

c:\windows\system32\SET57.tmp

c:\windows\system32\SET63.tmp

c:\windows\system32\SETA7.tmp

c:\windows\system32\SETAC.tmp

c:\windows\system32\URTTemp

c:\windows\system32\URTTemp\regtlib.exe

E:\install.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-07-14 to 2012-08-14 )))))))))))))))))))))))))))))))

.

.

2012-08-13 18:04 . 2012-08-13 18:04 -------- d-----w- c:\documents and settings\All Users\Application Data\iWin Games

2012-08-13 14:22 . 2012-08-13 14:22 -------- d-----w- c:\documents and settings\Brett\Application Data\Malwarebytes

2012-08-13 14:22 . 2012-08-13 14:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-08-13 14:22 . 2012-08-13 14:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2012-08-13 14:22 . 2012-07-03 17:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-07-15 16:56 . 2012-07-15 16:56 -------- d-----w- c:\documents and settings\Administrator.BRETT-91WMYRWX0

2012-07-15 16:51 . 2012-07-14 00:56 96512 ----a-w- c:\windows\system32\drivers\atapi.sys

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-08-14 01:19 . 2010-02-10 18:57 17488 ----a-w- c:\windows\gdrv.sys

2012-07-28 18:58 . 2012-03-29 13:00 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-07-28 18:58 . 2011-05-14 13:54 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-07-07 16:59 . 2012-07-07 16:59 391168 ----a-w- c:\windows\system32\drivers\whldr.dll

2012-07-07 16:57 . 2012-07-07 16:57 122368 ----a-w- c:\windows\system32\drivers\autos.dll

2012-06-13 13:19 . 2001-08-18 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys

2012-06-05 15:50 . 2010-02-11 05:10 1372672 ------w- c:\windows\system32\msxml6.dll

2012-06-05 15:50 . 2001-08-18 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll

2012-06-04 04:32 . 2001-08-18 12:00 152576 ----a-w- c:\windows\system32\schannel.dll

2012-06-02 19:19 . 2010-02-10 18:58 22040 ----a-w- c:\windows\system32\wucltui.dll.mui

2012-06-02 19:19 . 2010-02-10 18:58 329240 ----a-w- c:\windows\system32\wucltui.dll

2012-06-02 19:19 . 2010-02-10 18:58 219160 ----a-w- c:\windows\system32\wuaucpl.cpl

2012-06-02 19:19 . 2010-02-10 18:58 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui

2012-06-02 19:19 . 2009-08-07 03:23 210968 ----a-w- c:\windows\system32\wuweb.dll

2012-06-02 19:19 . 2010-02-11 07:38 53784 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-02 19:19 . 2010-02-10 18:58 45080 ----a-w- c:\windows\system32\wups2.dll

2012-06-02 19:19 . 2010-02-10 18:58 35864 ----a-w- c:\windows\system32\wups.dll

2012-06-02 19:19 . 2010-02-10 18:58 15384 ----a-w- c:\windows\system32\wuapi.dll.mui

2012-06-02 19:19 . 2001-08-18 12:00 97304 ----a-w- c:\windows\system32\cdm.dll

2012-06-02 19:19 . 2010-02-10 18:58 17944 ----a-w- c:\windows\system32\wuaueng.dll.mui

2012-06-02 19:19 . 2010-02-10 18:58 577048 ----a-w- c:\windows\system32\wuapi.dll

2012-06-02 19:19 . 2010-02-11 07:38 1933848 ----a-w- c:\windows\system32\wuaueng.dll

2012-05-31 13:22 . 2001-08-18 12:00 599040 ----a-w- c:\windows\system32\crypt32.dll

2012-05-16 15:08 . 2001-08-18 12:00 916992 ----a-w- c:\windows\system32\wininet.dll

2012-08-07 13:15 . 2012-04-25 08:15 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[7] 2008-04-13 16:39 . 8BED39E3C35D6A489438B8141717A557 . 142592 . . [5.1.2601.3142] . . c:\windows\ServicePackFiles\i386\aec.sys

[-] 2004-08-04 05:39 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows\$NtServicePackUninstall$\aec.sys

[-] 2004-08-04 05:39 . 841F385C6CFAF66B58FBD898722BB4F0 . 142464 . . [5.1.2601.2078] . . c:\windows\system32\drivers\aec.sys

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]

"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files\Freecorder\prxtbFre0.dll" [2011-05-09 176936]

.

[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]

2011-05-09 09:49 176936 ----a-w- c:\program files\Freecorder\prxtbFre0.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files\Freecorder\prxtbFre0.dll" [2011-05-09 176936]

.

[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{1392B8D2-5C05-419F-A8F6-B9F15A596612}"= "c:\program files\Freecorder\prxtbFre0.dll" [2011-05-09 176936]

.

[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-02-11 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BCU"="c:\program files\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-08-05 346320]

"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2008-07-09 570664]

"C-Media Mixer"="Mixer.exe" [2002-01-28 1228800]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-05-25 13895272]

"NvMediaCenter"="NvMCTray.dll" [2011-05-25 111208]

"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-05-05 1632360]

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]

"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2011-10-31 273528]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]

"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-21 59240]

"QuickTime Task"="e:\program files\QuickTime\QTTask.exe" [2012-04-19 421888]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-12 282624]

HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2005-5-12 73728]

InterVideo Scheduler server.lnk - c:\program files\InterVideo\DVD5R\SchSvr.exe [2010-2-13 147456]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2010-07-16 16:22 12536 ----a-w- c:\windows\system32\avgrsstx.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\InterVideo WinCinema Manager.lnk

backup=c:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]

2008-06-24 20:06 1840424 ----a-w- c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2008-04-14 00:12 1695232 --sh--w- c:\program files\Messenger\msmsgs.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]

2009-07-30 08:51 98304 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"iWinGamesInstaller"=2 (0x2)

"PSI_SVC_2"=2 (0x2)

"NMIndexingService"=3 (0x3)

"MDM"=2 (0x2)

"BCUService"=2 (0x2)

"Ati HotKey Poller"=2 (0x2)

"JavaQuickStarterService"=2 (0x2)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=

"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"e:\\Program Files\\Steam\\steamapps\\common\\aquaria\\Aquaria.exe"=

"e:\\Program Files\\Ubisoft\\Prince of Persia\\Prince of Persia.exe"=

"e:\\Program Files\\Ubisoft\\Prince of Persia\\PrinceOfPersia_Launcher.exe"=

"e:\\Program Files\\Steam\\steamapps\\common\\sega classics\\SEGAGenesisClassics.exe"=

"e:\\Program Files\\Steam\\steamapps\\common\\machinarium\\machinarium.exe"=

"e:\\Program Files\\Steam\\steamapps\\common\\oddworld abes oddysee\\AbeWin.exe"=

"e:\\Program Files\\Steam\\steamapps\\common\\oddworld abes exoddus\\Exoddus.exe"=

"e:\\Program Files\\Steam\\steamapps\\common\\oddworld munchs oddysee\\bin\\launcher.exe"=

"e:\\Program Files\\Steam\\steamapps\\common\\stranger's wrath\\Launcher.exe"=

"e:\\Program Files\\Steam\\steamapps\\common\\Vampire The Masquerade - Bloodlines\\vampire.exe"=

"e:\\Program Files\\Steam\\steamapps\\common\\the longest journey\\game.exe"=

"e:\\Program Files\\Steam\\steamapps\\common\\dreamfall the longest journey\\dreamfall.exe"=

"e:\\Program Files\\Steam\\steamapps\\common\\oblivion\\OblivionLauncher.exe"=

"e:\\Program Files\\Steam\\steamapps\\common\\rush\\rush.exe"=

"e:\\Program Files\\Steam\\steamapps\\common\\psychonauts\\Psychonauts.exe"=

"e:\\Program Files\\Steam\\steamapps\\common\\worms reloaded\\WormsReloaded.exe"=

"e:\\Program Files\\Steam\\steamapps\\common\\orcs must die!\\Build\\release\\OrcsMustDie.exe"=

"e:\\Program Files\\yWorks\\yEd\\yEd.exe"=

"e:\\Program Files\\Steam\\steamapps\\common\\divinity ii - dragon knight saga\\bin\\Divinity2.exe"=

"e:\\Program Files\\Steam\\steamapps\\common\\toki tori\\tokitori.exe"=

"e:\\Program Files\\Steam\\steamapps\\common\\realm of the mad god\\Realm of the Mad God.exe"=

"e:\\Program Files\\Steam\\steamapps\\common\\plants vs zombies\\PlantsVsZombies.exe"=

"e:\\Program Files\\Steam\\steamapps\\common\\dungeon defenders\\Binaries\\Win32\\DungeonDefenders.exe"=

"e:\\Program Files\\Steam\\steamapps\\common\\sanctum\\Binaries\\Win32\\SanctumGame-Win32-Shipping.exe"=

"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=

"e:\\Program Files\\Steam\\steamapps\\common\\tobe's vertical adventure\\Tobe's Vertical Adventure.exe"=

"e:\\Program Files\\Steam\\steamapps\\common\\spacechem\\SpaceChem.exe"=

"e:\\Program Files\\Steam\\steamapps\\common\\fortune summoners\\sotes.exe"=

"e:\\Program Files\\Steam\\steamapps\\common\\bastion\\Bastion.exe"=

.

R0 PQV2i;PQV2i;c:\windows\system32\drivers\PQV2i.sys [6/3/2003 7:52 PM 123957]

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2/11/2010 12:13 AM 216400]

R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2/11/2010 12:13 AM 243152]

R1 PQIMount;PQIMount;c:\windows\system32\drivers\PQIMount.sys [6/3/2003 7:52 PM 46900]

R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [7/16/2010 12:21 PM 921952]

R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [7/16/2010 12:22 PM 308136]

R2 ES lite Service;ES lite Service for program management.;c:\program files\Gigabyte\EasySaver\essvr.exe [2/11/2010 3:49 AM 68136]

R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [1/26/2010 10:09 PM 50704]

R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [7/9/2011 5:15 PM 2214504]

R2 regi;regi;c:\windows\system32\drivers\regi.sys [4/17/2007 8:09 PM 11032]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [7/9/2011 5:14 PM 119528]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/12/2010 5:35 PM 135664]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/12/2010 5:35 PM 135664]

S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [4/25/2012 4:15 AM 113120]

S4 BCUService;Browser Configuration Utility Service;c:\program files\DeviceVM\Browser Configuration Utility\BCUService.exe [2/11/2010 3:49 AM 219360]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

Contents of the 'Scheduled Tasks' folder

.

2012-08-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-12 21:35]

.

2012-08-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-12 21:35]

.

2012-08-14 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-2052111302-2147070641-839522115-1004.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-09-27 17:40]

.

2012-07-30 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2052111302-2147070641-839522115-1004.job

- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-09-27 17:40]

.

.

------- Supplementary Scan -------

.

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

TCP: Interfaces\{E6369C99-FB1F-4E1E-8DC0-93AD1E34A0AB}: NameServer = 68.105.28.11,68.105.28.12

FF - ProfilePath - c:\documents and settings\Brett\Application Data\Mozilla\Firefox\Profiles\gx45mfd6.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/firefox/

.

- - - - ORPHANS REMOVED - - - -

.

HKLM-Run-CmPCIaudio - CMICNFG3.cpl

MSConfigStartUp-autos - c:\documents and settings\Brett\Application Data\autos.dll

MSConfigStartUp-QuickTime Task - c:\program files\QuickTime\qttask.exe

MSConfigStartUp-TkBellExe - c:\program files\Common Files\Real\Update_OB\realsched.exe

MSConfigStartUp-Update - c:\documents and settings\Brett\Application Data\Corel\Corel\mijimxh.dll

MSConfigStartUp-whldr - c:\documents and settings\Brett\Application Data\whldr.dll

AddRemove-Steam App 24420 - c:\program files\Steam\steam.exe

AddRemove-Steam App 26800 - c:\program files\Steam\steam.exe

AddRemove-Steam App 38700 - c:\program files\Steam\steam.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-08-13 21:29

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47761F54-3284-4187-35228790176E1027}\{9364B136-59D9-79F3-ED3B0078FC46782B}\{67D1DB51-467A-B17B-59ADF812AC6D3A34}*]

"L5OTYL4OSK54QTZWOGJWMONWTG1"=hex:01,00,01,00,00,00,00,00,4f,1a,34,b6,a9,51,c3,

92,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{61A3D62A-E669-8B2B-95B7C505631D6590}\{1D71893B-0DD3-8FF9-31AA9E7B284EB027}\{CF9E2073-5E5A-1B13-96346A906352FBBE}*]

"L5OTYL4OSK54QTZWOGJWMONWTG1"=hex:01,00,01,00,00,00,00,00,4f,1a,34,b6,a9,51,c3,

92,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E24A3BE2-0E58-440D-C5291999CC5C5741}\{9EE83BBD-CDA7-8737-4BFE3ADA0C41BF51}\{12860FBF-70CB-D90A-D9669DC891BE38B3}*]

"{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1"=hex:01,00,01,00,0c,00,00,00,db,75,f7,

ed,74,f7,19,cc,af,c7,19,a9,d0,b5,8c,55,0d,f6,2b,fd,47,4f,5e,40,b0,ff,4c,f7,\

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FE8DBE89-D247-CDA0-331071706D351D5D}\{D7E03019-A44C-9829-6C33C3798CE56E87}\{A96D9761-82B1-07BB-8B5956B67D5931EC}*]

"{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1"=hex:01,00,01,00,0c,00,00,00,db,75,f7,

ed,74,f7,19,cc,af,c7,19,a9,d0,b5,8c,55,0d,f6,2b,fd,47,4f,5e,40,b0,ff,4c,f7,\

.

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Reinstall\æHõwæ*]

"DisplayName"="???\16?\11\09"

"DeviceDesc"="???\16?\11\09"

"ProviderName"="???\11?\18?\11??"

"MFG"="???????"

"ReinstallString"=".10.1000.8"

"DeviceInstanceIds"=multi:"d:\\chipset\\7-ser\\xp\\sbdrv\\smbus\\smbusati.inf\00"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(824)

c:\windows\system32\Ati2evxx.dll

.

Completion time: 2012-08-13 21:30:22

ComboFix-quarantined-files.txt 2012-08-14 01:30

.

Pre-Run: 59,314,925,568 bytes free

Post-Run: 59,273,482,240 bytes free

.

- - End Of File - - EBA3090653308AD1B8197080432F66E2

Link to post
Share on other sites

Here is the MBAM report and the RogueKiller log:

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

Database version: v2012.08.14.03

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Brett :: BRETT-91WMYRWX0 [administrator]

8/14/2012 11:00:34 AM

mbam-log-2012-08-14 (11-00-34).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 258532

Time elapsed: 5 minute(s), 7 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

_____________________________________________________

RogueKiller V7.6.6 [08/10/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo...13-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Normal mode

User: Brett [Admin rights]

Mode: Scan -- Date: 08/14/2012 11:12:13

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 5 ¤¤¤

[PREVRUN] HKLM\[...]\Run : NvCplDaemon (RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup) -> FOUND

[PREVRUN] HKLM\[...]\Run : NvMediaCenter (RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login) -> FOUND

[DNS] HKLM\[...]\ControlSet001\Parameters\Interfaces\{E6369C99-FB1F-4E1E-8DC0-93AD1E34A0AB} : NameServer (68.105.28.11,68.105.28.12) -> FOUND

[DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{E6369C99-FB1F-4E1E-8DC0-93AD1E34A0AB} : NameServer (68.105.28.11,68.105.28.12) -> FOUND

[DNS] HKLM\[...]\ControlSet003\Parameters\Interfaces\{E6369C99-FB1F-4E1E-8DC0-93AD1E34A0AB} : NameServer (68.105.28.11,68.105.28.12) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST380013AS +++++

--- User ---

[MBR] 0af982d224b094e7a4bd73d4de3180e3

[bSP] 0e39d6266a9c5dcc72339f867e4fd8c6 : Windows XP MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76316 Mo

User = LL1 ... OK!

User = LL2 ... OK!

+++++ PhysicalDrive1: WDC WD5000AAKS-00D2B0 +++++

--- User ---

[MBR] 76731482a8ca6ea4294aac8691a8d0cf

[bSP] b365f41492cccc72ce7492ac83eba308 : Standard MBR Code

Partition table:

0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 476937 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[4].txt >>

RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt

Link to post
Share on other sites

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

tdss_1.jpg

-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

tdss_2.jpg

------------------------

Click the Start Scan button.

tdss_3.jpg

-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

tdss_4.jpg

----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

tdss_5.jpg

--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

MrC

Link to post
Share on other sites

I am unable to download TDSSKiller. I have tried a few times over the past few hours on two different computers, but the connection times out every time. I also tried visiting support.kaspersky.com to see if I could download it there, but got the same result. Is there another way I might be able to download it?

Link to post
Share on other sites

Neither FF nor IE seems to be redirecting now. After reading your reply, I did a few searches in FF, and was redirected once. Then, I did a few searches in IE and was not redirected. I then rebooted the computer and spent a few minutes doing searches in both browsers. I was not redirected in either browser, so the problem seems to be gone. Is there anything else I should do?

Link to post
Share on other sites

I suggest you run this one line scan>>>>>>>>>>>

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

http://www.eset.eu/online-scanner

Tick the box next to YES, I accept the Terms of Use.

Click Start

When asked, allow the ActiveX control to install

Click Start

Make sure that the options Remove found threats and the option Scan unwanted applications is checked

Click Advanced settings and select the following:

  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology

Click Start

Wait for the scan to finish

Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt

Copy and paste that log as a reply to this topic

MrC

Link to post
Share on other sites

Here is the log:

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=6f9b76425872e445833abef5631d18d4

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2012-08-15 04:28:24

# local_time=2012-08-15 12:28:24 (-0500, Eastern Daylight Time)

# country="United States"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=1024 16777175 100 0 78219626 78219626 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=255767

# found=8

# cleaned=8

# scan_time=5674

C:\Documents and Settings\Brett\Application Data\Corel\Corel\ezbdzgg.dll Win32/Boaxxe.A trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Brett\Application Data\Sun\Java\Deployment\cache\6.0\26\1832c21a-79aafba8 a variant of Java/Exploit.CVE-2011-3544.C trojan (deleted - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Brett\Local Settings\Application Data\{0A9FE248-C855-11E1-8270-B8AC6F996F26}\chrome\content\browser.xul JS/Redirector.NIQ trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Brett\My Documents\Downloads\FreeYouTubeDownloaderInstaller.exe a variant of Win32/Somoto.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Brett\My Documents\Downloads\FreeYouTubeDownloaderSetup.exe multiple threats (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Brett\My Documents\Downloads\musicnotesSuite(2).exe Win32/OpenCandy application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Brett\My Documents\Downloads\musicnotesSuite.exe Win32/OpenCandy application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{7A33C17E-4E5D-43F6-AF8C-CF93A004A200}\RP36\A0012046.dll Win32/Boaxxe.A trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Link to post
Share on other sites

OK, found a couple of items, if everything is OK.......

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.

This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall)

---------------------------------

Please download OTL from one of the links below: (you may already have OTL on the system)

http://oldtimer.geekstogo.com/OTL.exe

http://oldtimer.geekstogo.com/OTL.com

http://www.itxassoci...T-Tools/OTL.exe

Save it to your desktop.

Run OTL and hit the CleanUp button. (This will cleanup the tools and logs used including itself)

Any other programs or logs you can manually delete.

IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, etc....

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again.

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.