Jump to content

Infected with Google redirect malware.

jdartigas

By jdartigas
in Resolved Malware Removal Logs

 Share

Recommended Posts

jdartigas

jdartigas

Posted
Posted

Hi, my PC is infected with malware that redirects Google searches to various unrelated sites. I've tried several methods to remove the malware, AVG, F-Secure rescue disk and Malwarebytes Anti-Malware, with zero success. I've read the "I'm Infected" sticky and ran DDS. Below are the logs. Thanks for the assistance!

DDS:

.

DDS (Ver_2011-08-26.01) - NTFSAMD64

Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.7.2

Run by jon at 17:17:48 on 2012-09-23

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8061.5845 [GMT -4:00]

.

AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\PROGRA~2\AVG\AVG2012\avgrsa.exe

C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\SYSTEM32\WISPTIS.EXE

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\SysWOW64\svchost.exe -k Akamai

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe

C:\Program Files\Windows Home Server\esClient.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe

C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe

C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Windows Home Server\WHSConnector.exe

C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe

C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe

C:\Windows\SYSTEM32\WISPTIS.EXE

C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe

C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler.exe

C:\Program Files (x86)\Google\Update\1.3.21.123\GoogleCrashHandler64.exe

C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe

C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\SearchProtocolHost.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Windows\vVX3000.exe

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Users\jon\AppData\Local\Akamai\netsession_win.exe

C:\Users\jon\AppData\Local\Akamai\netsession_win.exe

C:\Users\jon\AppData\Local\Programs\Google\MusicManager\MusicManager.exe

C:\Users\jon\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

C:\Users\jon\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe

C:\Program Files (x86)\Samsung\Kies\Kies.exe

C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

C:\Program Files (x86)\Napster\napster.exe

C:\Program Files\Windows Home Server\WHSTrayApp.exe

C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\acrotray.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Users\jon\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files (x86)\AVG\AVG2012\avgtray.exe

C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe

C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe

C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe

C:\Windows\SysWOW64\CtHelper.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

\\?\C:\Windows\system32\wbem\WMIADAP.EXE

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe

C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\sppsvc.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\vssvc.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\system32\wuauclt.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>??????????????????????????????;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>;<local>

mURLSearchHooks: H - No File

mWinlogon: Userinit=userinit.exe,

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll

BHO: ChromeFrame BHO: {ecb3c477-1a0a-44bd-bb57-78f9efe34fa7} - C:\Program Files (x86)\Google\Chrome Frame\Application\21.0.1180.89\npchrome_frame.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

uRun: [Google Update] "C:\Users\jon\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [Akamai NetSession Interface] "C:\Users\jon\AppData\Local\Akamai\netsession_win.exe"

uRun: [MusicManager] "C:\Users\jon\AppData\Local\Programs\Google\MusicManager\MusicManager.exe"

uRun: [spotify Web Helper] "C:\Users\jon\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"

uRun: [skyDrive] "C:\Users\jon\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background

uRun: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload

uRun: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup

uRun: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

mRun: [<NO NAME>]

mRun: [NapsterShell] C:\Program Files (x86)\Napster\napster.exe /systray

mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

mRun: [Adobe_ID0EYTHM] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE

mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"

mRun: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe

mRun: [CTxfiHlp] CTXFIHLP.EXE

mRun: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [AsioThk32Reg] REGSVR32.EXE /S CTASIO.DLL

mRun: [CTHelper] CTHELPER.EXE

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

StartupFolder: C:\Users\jon\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\jon\AppData\Roaming\Dropbox\bin\Dropbox.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\WINDOW~1.LNK - C:\Windows\Installer\{21E49794-7C13-4E84-8659-55BD378267D5}\WHSTrayApp.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200

IE: Append to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000

IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html

IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll

IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL

Trusted Zone: rhapsody.com\rhap-app-4-0

Trusted Zone: rhapsody.com\rhapreg

DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} - hxxp://intel-drv-cdn.systemrequirementslab.com/multi/bin/sysreqlab_srlx.cab

DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.3.cab

DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab

DPF: {A3E21079-7F41-4125-9EBB-FD44CFCC0AC1} - hxxps://www.mesh.com/0.9.4014.28/TSWeb.cab

DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://www.cvsphoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab

DPF: {C7DEDA04-2FFF-4B81-AE66-0A0E0EF4AD2F} - hxxp://www.ritzpix.com/net/Uploader/LPUploader57.cab

DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab

DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab

DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab

DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab

DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab

TCP: DhcpNameServer = 192.168.1.254

TCP: Interfaces\{6C0A4901-86B9-4A68-B0BE-F424BEF2AF7A} : DhcpNameServer = 192.168.1.254

Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll

Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome Frame\Application\21.0.1180.89\npchrome_frame.dll

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO-X64: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO-X64: AcroIEHelperStub - No File

BHO-X64: AVG Do Not Track: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll

BHO-X64: AVG Do Not Track - No File

BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll

BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File

BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL

BHO-X64: URLRedirectionBHO - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

BHO-X64: Google Gears Helper: {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files (x86)\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll

BHO-X64: Google Gears Helper - No File

BHO-X64: ChromeFrame BHO: {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files (x86)\Google\Chrome Frame\Application\21.0.1180.89\npchrome_frame.dll

BHO-X64: ChromeFrame BHO - No File

TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll

TB-X64: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File

TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

EB-X64: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - No File

mRun-x64: [(Default)]

mRun-x64: [NapsterShell] C:\Program Files (x86)\Napster\napster.exe /systray

mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

mRun-x64: [Adobe_ID0EYTHM] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE

mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"

mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"

mRun-x64: [Carbonite Backup] C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe

mRun-x64: [CTxfiHlp] CTXFIHLP.EXE

mRun-x64: [Monitor] "C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe"

mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun-x64: [AsioThk32Reg] REGSVR32.EXE /S CTASIO.DLL

mRun-x64: [CTHelper] CTHELPER.EXE

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\jon\AppData\Roaming\Mozilla\Firefox\Profiles\lubhwkkd.default\

FF - component: C:\Program Files (x86)\Google\Google Gears\Firefox\lib\ff36\gears.dll

FF - component: C:\Users\jon\AppData\Roaming\Mozilla\Firefox\Profiles\lubhwkkd.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll

FF - component: C:\Users\jon\AppData\Roaming\Mozilla\Firefox\Profiles\lubhwkkd.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll

FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.29\npGoogleOneClick8.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npstrlnk.dll

FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll

FF - plugin: C:\Program Files (x86)\TabletPlugins\npwacom.dll

FF - plugin: C:\Program Files (x86)\Virtual Earth 3D\npVE3D.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\jon\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll

FF - plugin: C:\Users\jon\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll

FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll

FF - plugin: C:\Windows\SysWOW64\npmproxy.dll

FF - plugin: C:\Windows\SysWOW64\NPSWF32.dll

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys --> C:\Windows\system32\DRIVERS\avgidsha.sys [?]

R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]

R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]

R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]

R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]

R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]

R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960]

R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 20992]

R2 arXfrSvc;Windows Media Center TV Archive Transfer Service;C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe [2011-1-10 231280]

R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe [2012-8-13 5167736]

R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2012-2-14 193288]

R2 esClient;Windows Media Center Client Service;C:\Program Files\Windows Home Server\esClient.exe [2011-1-10 109936]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-23 399432]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-23 676936]

R2 SplashtopRemoteService;Splashtop® Remote Service;C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe [2012-9-3 548264]

R2 SSUService;Splashtop Software Updater Service;C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe [2012-3-15 370504]

R2 TabletServiceWacom;TabletServiceWacom;C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe [2011-1-20 5716848]

R2 WHSConnector;Windows Home Server Connector Service;C:\Program Files\Windows Home Server\WHSConnector.exe [2011-1-10 489840]

R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys --> C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?]

R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\avgidsfiltera.sys --> C:\Windows\system32\DRIVERS\avgidsfiltera.sys [?]

R3 COMMONFX.SYS;COMMONFX.SYS;C:\Windows\system32\drivers\COMMONFX.SYS --> C:\Windows\system32\drivers\COMMONFX.SYS [?]

R3 CTAUDFX.SYS;CTAUDFX.SYS;C:\Windows\system32\drivers\CTAUDFX.SYS --> C:\Windows\system32\drivers\CTAUDFX.SYS [?]

R3 CTSBLFX.SYS;CTSBLFX.SYS;C:\Windows\system32\drivers\CTSBLFX.SYS --> C:\Windows\system32\drivers\CTSBLFX.SYS [?]

R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;C:\Windows\system32\DRIVERS\e1k60x64.sys --> C:\Windows\system32\DRIVERS\e1k60x64.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-4-12 135664]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-5-30 250288]

S3 ATIDACXX;ATI DTV Wonder Analog Audio Capture Device;C:\Windows\system32\drivers\atidacxx.sys --> C:\Windows\system32\drivers\atidacxx.sys [?]

S3 ATIDDCXX;ATI DTV Wonder Digital BDA Capture Device;C:\Windows\system32\drivers\atiddcxx.sys --> C:\Windows\system32\drivers\atiddcxx.sys [?]

S3 ATIDTUXX;ATI DTV Wonder Digital And Analog Tuner Device;C:\Windows\system32\drivers\atidtuxx.sys --> C:\Windows\system32\drivers\atidtuxx.sys [?]

S3 ATIDVCXX;ATI DTV Wonder Analog AV Capture Device;C:\Windows\system32\drivers\atidvcxx.sys --> C:\Windows\system32\drivers\atidvcxx.sys [?]

S3 ATIDXBXX;ATI DTV Wonder Analog AV Crossbar Device;C:\Windows\system32\drivers\atidxbxx.sys --> C:\Windows\system32\drivers\atidxbxx.sys [?]

S3 BackupReader;BackupReader;C:\Windows\system32\DRIVERS\BackupReader.sys --> C:\Windows\system32\DRIVERS\BackupReader.sys [?]

S3 COMMONFX;COMMONFX;C:\Windows\system32\drivers\COMMONFX.SYS --> C:\Windows\system32\drivers\COMMONFX.SYS [?]

S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-5-15 79360]

S3 CTAUDFX;CTAUDFX;C:\Windows\system32\drivers\CTAUDFX.SYS --> C:\Windows\system32\drivers\CTAUDFX.SYS [?]

S3 CTERFXFX.SYS;CTERFXFX.SYS;C:\Windows\system32\drivers\CTERFXFX.SYS --> C:\Windows\system32\drivers\CTERFXFX.SYS [?]

S3 CTERFXFX;CTERFXFX;C:\Windows\system32\drivers\CTERFXFX.SYS --> C:\Windows\system32\drivers\CTERFXFX.SYS [?]

S3 ctgame;Game Port;C:\Windows\system32\DRIVERS\ctgame.sys --> C:\Windows\system32\DRIVERS\ctgame.sys [?]

S3 CTSBLFX;CTSBLFX;C:\Windows\system32\drivers\CTSBLFX.SYS --> C:\Windows\system32\drivers\CTSBLFX.SYS [?]

S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudbus.sys --> C:\Windows\system32\DRIVERS\ssudbus.sys [?]

S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2012-1-24 135584]

S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-4-12 135664]

S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-8-6 113120]

S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]

S3 RDPDISPM;RDPDISPM;C:\Windows\system32\DRIVERS\rdpdispm.sys --> C:\Windows\system32\DRIVERS\rdpdispm.sys [?]

S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\system32\DRIVERS\ssudmdm.sys --> C:\Windows\system32\DRIVERS\ssudmdm.sys [?]

S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]

S3 wacmoumonitor;Wacom Mode Helper;C:\Windows\system32\DRIVERS\wacmoumonitor.sys --> C:\Windows\system32\DRIVERS\wacmoumonitor.sys [?]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2012-09-23 21:08:55 711240 ----a-w- C:\Windows\isRS-000.tmp

2012-09-21 05:06:42 -------- d-----w- C:\ProgramData\Splashtop

2012-09-21 05:06:07 -------- d-----w- C:\Program Files (x86)\Splashtop

2012-09-21 05:05:14 -------- d-----w- C:\Users\jon\AppData\Local\{646C1DD5-B133-46BD-B38C-18CB744E0217}

2012-09-20 02:26:24 -------- d-----w- C:\Temp

2012-09-20 02:22:27 708168 ----a-w- C:\Windows\System32\WinUSBCoInstaller.dll

2012-09-20 02:22:27 203104 ----a-w- C:\Windows\System32\drivers\ssudmdm.sys

2012-09-20 02:22:27 1490656 ----a-w- C:\Windows\System32\WdfCoInstaller01007.dll

2012-09-20 02:22:27 102240 ----a-w- C:\Windows\System32\drivers\ssudbus.sys

2012-09-20 02:10:53 -------- d-----w- C:\Users\jon\AppData\Local\Samsung

2012-09-20 01:50:28 -------- d-----w- C:\Users\jon\AppData\Roaming\Samsung

2012-09-20 01:24:39 4659712 ----a-w- C:\Windows\SysWow64\Redemption.dll

2012-09-20 01:24:24 821824 ----a-w- C:\Windows\SysWow64\dgderapi.dll

2012-09-20 01:24:24 -------- d-----w- C:\Program Files (x86)\MarkAny

2012-09-20 01:23:39 -------- d-----w- C:\ProgramData\Samsung

2012-09-20 01:23:39 -------- d-----w- C:\Program Files (x86)\Samsung

2012-09-18 13:19:12 -------- d-----r- C:\Program Files (x86)\Skype

2012-09-11 21:04:09 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys

2012-09-11 21:04:09 41472 ----a-w- C:\Windows\System32\drivers\RNDISMP.sys

2012-09-11 21:04:06 574464 ----a-w- C:\Windows\System32\d3d10level9.dll

2012-09-11 21:04:06 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll

2012-09-11 21:04:05 376688 ----a-w- C:\Windows\System32\drivers\netio.sys

2012-09-11 21:04:05 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS

2012-09-11 21:04:05 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2012-09-08 15:05:14 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll

2012-08-27 00:58:55 -------- d-----w- C:\Program Files (x86)\WinDirStat

.

==================== Find3M ====================

.

2012-09-20 23:21:19 73136 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2012-09-20 23:21:19 696240 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2012-09-08 15:04:31 821736 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll

2012-09-08 15:04:31 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2012-09-07 21:04:46 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys

2012-08-24 19:43:16 384352 ----a-w- C:\Windows\System32\drivers\avgtdia.sys

2012-07-26 07:21:28 291680 ----a-w- C:\Windows\System32\drivers\avgldx64.sys

2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys

2012-07-04 22:13:27 59392 ----a-w- C:\Windows\System32\browcli.dll

2012-07-04 22:13:27 136704 ----a-w- C:\Windows\System32\browser.dll

2012-07-04 21:14:34 41984 ----a-w- C:\Windows\SysWow64\browcli.dll

2012-06-29 03:56:34 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2012-06-29 03:49:11 1392128 ----a-w- C:\Windows\System32\wininet.dll

2012-06-29 03:48:07 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2012-06-29 03:43:49 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2012-06-29 03:39:48 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2012-06-29 00:16:58 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2012-06-29 00:09:01 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2012-06-29 00:08:59 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2012-06-29 00:04:43 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2012-06-29 00:00:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

.

============= FINISH: 17:21:51.97 ===============

ATTACH:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows 7 Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 11/21/2009 3:25:15 PM

System Uptime: 9/23/2012 5:10:02 PM (0 hours ago)

.

Motherboard: Intel Corporation | | DQ45CB

Processor: Intel® Core2 Duo CPU E7400 @ 2.80GHz | LGA775 | 2793/266mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 466 GiB total, 21.111 GiB free.

D: is CDROM ()

F: is FIXED (NTFS) - 1863 GiB total, 1274.713 GiB free.

G: is Removable

H: is Removable

I: is CDROM ()

J: is Removable

K: is Removable

M: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID:

Description: PCI Input Device

Device ID: PCI\VEN_1102&DEV_7003&SUBSYS_00401102&REV_03\4&1F58F763&0&01F0

Manufacturer:

Name: PCI Input Device

PNP Device ID: PCI\VEN_1102&DEV_7003&SUBSYS_00401102&REV_03\4&1F58F763&0&01F0

Service:

.

==== System Restore Points ===================

.

RP323: 9/18/2012 9:17:51 AM - Windows Update

RP324: 9/19/2012 9:22:51 PM - Installed Samsung Kies

RP325: 9/19/2012 10:05:35 PM - Installed Samsung Kies

RP326: 9/21/2012 1:05:22 AM - Installed Splashtop Streamer

RP327: 9/21/2012 11:12:14 PM - Removed HP Play [beta]

.

==== Installed Programs ======================

.

.

Update for Microsoft Office 2007 (KB2508958)

µTorrent

3DMark 11

Add or Remove Adobe Creative Suite 3 Design Premium

Adobe Acrobat 8 Professional

Adobe Acrobat 8.3.1 - CPSID_83708

Adobe Acrobat 8.3.1 Professional

Adobe AIR

Adobe Anchor Service CS3

Adobe Asset Services CS3

Adobe Bridge CS3

Adobe Bridge Start Meeting

Adobe BridgeTalk Plugin CS3

Adobe Camera Raw 4.0

Adobe CMaps CS4

Adobe Color - Photoshop Specific

Adobe Color Common Settings

Adobe Color EU Extra Settings CS4

Adobe Color JA Extra Settings CS4

Adobe Color NA Recommended Settings CS4

Adobe Creative Suite 3 Design Premium

Adobe Default Language CS4

Adobe Device Central CS3

Adobe Download Assistant

Adobe Dreamweaver CS3

Adobe ExtendScript Toolkit 2

Adobe Extension Manager CS3

Adobe Flash CS3

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Flash Video Encoder

Adobe Fonts All

Adobe Help Viewer CS3

Adobe Illustrator CS3

Adobe InDesign CS3

Adobe InDesign CS3 Icon Handler

Adobe Linguistics CS3

Adobe MotionPicture Color Files

Adobe PDF Library Files CS4

Adobe Photoshop CS3

Adobe Reader X (10.1.4)

Adobe Setup

Adobe SING CS3

Adobe Stock Photos CS3

Adobe Type Support CS4

Adobe Update Manager CS3

Adobe Version Cue CS3 Client

Adobe Version Cue CS3 Server {ko_KR}

Adobe WAS CS3

Adobe WinSoft Linguistics Plugin

Adobe XMP Panels CS3

AdobeColorCommonSetRGB

AHV content for Acrobat and Flash

Aid file recovery software version 3.5.3.0

Akamai NetSession Interface

Amazon Send to Kindle

Apple Application Support

Apple Software Update

Audacity 1.2.6

Belarc Advisor 8.1

Beyond TV DVD Burning Foundation

Canon Inkjet Printer/Scanner/Fax Extended Survey Program

Canon MX870 series User Registration

Carbonite

CDisplay 1.8

Creative Audio Console

Creative Software AutoUpdate

D3DX10

DeepSkyStacker

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Dropbox

DVD Architect Studio 5.0

DVD Decrypter (Remove Only)

DVD Flick 1.3.0.7

Easy Drive Data Recovery

Elyse 1.0.4.2

EPSON Scan

ffdshow [rev 3154] [2009-12-09]

FileZilla Client 3.5.3

Futuremark SystemInfo

Google Chrome

Google Chrome Frame

Google Earth

Google Gears

Google SketchUp 8

Google Toolbar for Internet Explorer

Google Update Helper

Handbrake 0.9.4

HiJackThis

Host OpenAL (ADI)

Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)

Intel® Graphics Media Accelerator Driver

Internet TV for Windows Media Center

Java 7 Update 7

Java Auto Updater

Java 6 Update 32

Junk Mail filter update

LeapFrog Connect

LeapFrog My Pals Plugin

Malwarebytes Anti-Malware version 1.65.0.1400

Mesh Runtime

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office 2010 Language Pack Service Pack 1 (SP1)

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Enterprise 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2007

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing (English) 2010

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Visio 2010

Microsoft Office Visio MUI (English) 2010

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft SkyDrive

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visio 2010 Service Pack 1 (SP1)

Microsoft Visio Premium 2010

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

MKVtoolnix 4.2.0

Move Media Player

Mozilla Firefox 14.0.1 (x86 en-US)

Mozilla Maintenance Service

MSVCRT

MSVCRT Redists

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Music Manager

Napster

Octoshape add-in for Adobe Flash Player

OpenAL

OpenOffice.org 3.4

Pando Media Booster

PDF Settings CS4

Photomatix Pro version 3.2

PhotoRescue PC v3.1.14.12271

Picasa 3

QuickTime

Rhapsody

Samsung Kies

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition

Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)

Security Update for Microsoft Visio 2010 (KB2597171) 32-Bit Edition

Silver Efex Pro

Skype™ 5.10

Splashtop Streamer

Spotify

Steam

Stellar Phoenix Photo Recovery

System Requirements Lab

System Requirements Lab for Intel

Trillian

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2598289) 32-Bit Edition

Update for Microsoft Office Access 2007 Help (KB963663)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Infopath 2007 Help (KB963662)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687407) 32-Bit Edition

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition

Use the entry named LeapFrog Connect to uninstall (LeapFrog My Pals Plugin)

Vegas Movie Studio HD Platinum 11.0

Visual C++ 8.0 Runtime Setup Package (x64)

Visual Studio 2008 x64 Redistributables

VLC media player 1.0.3

WebTablet IE Plugin

WebTablet Netscape Plugin

WinDirStat 1.1.2

Windows Live Communications Platform

Windows Live Essentials

Windows Live Installer

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live Sync

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Windows Media Encoder 9 Series

Windows Media Player Firefox Plugin

.

==== Event Viewer Messages From Past Week ========

.

9/20/2012 8:09:25 PM, Error: VDS Basic Provider [1] - Unexpected failure. Error code: 490@01010004

9/20/2012 11:24:08 AM, Error: Service Control Manager [7001] - The Windows Media Center TV Archive Transfer Service service depends on the Windows Media Center Receiver Service service which failed to start because of the following error: After starting, the service hung in a start-pending state.

9/20/2012 11:20:43 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk3\DR3.

9/20/2012 11:20:39 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk4\DR4.

9/20/2012 11:20:37 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR2.

9/20/2012 11:20:35 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk5\DR5.

9/18/2012 9:40:36 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the CarboniteService service to connect.

9/18/2012 9:40:36 AM, Error: Service Control Manager [7000] - The CarboniteService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

9/18/2012 9:40:22 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk6\DR6.

9/16/2012 6:48:57 PM, Error: Service Control Manager [7022] - The Windows Search service hung on starting.

.

==== End Of File ===========================

Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

Welcome to the forum.

Before we proceed further, please uninstall or disable uTorrent and any other peer-to-peer filesharing app.

Continued use of filesharing or ill-advised downloads will surely re-infect your system.

Risks of File-Sharing Technology.

P2P file sharing: Know the risks

It's also against the forums policy concerning P2P programs:

http://forums.malwar...showtopic=97700

MrC

----------------------------------------

Then........

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller to your desktop.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

MrC

Link to post
Share on other sites
jdartigas

jdartigas

Posted
  • Author
Posted

MrC, thanks for the quick reply. uTorrent has be removed and below is the RogueKiller log. Thanks again!

RogueKiller V8.0.5 [09/23/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo...13-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : jon [Admin rights]

Mode : Scan -- Date : 09/23/2012 19:44:48

¤¤¤ Bad processes : 1 ¤¤¤

[sUSP PATH] MusicManager.exe -- C:\Users\jon\AppData\Local\Programs\Google\MusicManager\MusicManager.exe -> KILLED [TermProc]

¤¤¤ Registry Entries : 8 ¤¤¤

[RUN][sUSP PATH] HKCU\[...]\Run : MusicManager ("C:\Users\jon\AppData\Local\Programs\Google\MusicManager\MusicManager.exe") -> FOUND

[RUN][bLPATH] HKLM\[...]\Run : AsioReg (REGSVR32.EXE /S CTASIO.DLL) -> FOUND

[RUN][sUSP PATH] HKUS\S-1-5-21-2073629868-4182923565-133119001-1001[...]\Run : MusicManager ("C:\Users\jon\AppData\Local\Programs\Google\MusicManager\MusicManager.exe") -> FOUND

[RUN][bLPATH] HKLM\[...]\Wow6432Node\Run : AsioThk32Reg (REGSVR32.EXE /S CTASIO.DLL) -> FOUND

[TASK][sUSP PATH] {5F6010C8-60E5-41f3-BF5B-C3AF5DBE12D4} : "C:\ProgramData\Carbonite\Carbonite Backup\CarboniteUpgrade.exe" -> FOUND

[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Extern Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD5001AALS-00L3B2 ATA Device +++++

--- User ---

[MBR] 096e31278b00947d78f650be9e124a99

[bSP] cc3cdfe1a3918d2a822f64b2fcadbc15 : Windows 7 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo

1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 476838 Mo

User = LL1 ... OK!

User = LL2 ... OK!

+++++ PhysicalDrive1: ST2000DL004 HD204UI ATA Device +++++

--- User ---

[MBR] 0086f36f0b7bc8b257f89fc226376c3d

[bSP] 9e3b3c473b1db0daa516427cdae6e1cc : Windows 7 MBR Code

Partition table:

0 - [XXXXXX] UNKNOWN (0xee) [VISIBLE] Offset (sectors): 1 | Size: 2097151 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1].txt >>

RKreport[1].txt

Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

Not much showing, what browser is being redirected?

Please do this.......

Please read the directions carefully so you don't end up deleting something that is good!!

Please download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    image000q.png
  • Put a checkmark beside loaded modules.
    2012081514h0118.png
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
    2012081517h0349.png
  • Click the Start Scan button.
    19695967.jpg
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
    67776163.jpg
    Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    62117367.jpg
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here. There may be 3 logs > so post or attach all of them.
  • Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

MrC

Link to post
Share on other sites
jdartigas

jdartigas

Posted
  • Author
Posted

I've only noticed the redirect happening in Chrome. The TDSSKiller scan didn't uncover anything that stood out, just four medium risk files that don't appear to be actual risks. I've pasted the first log below, the second is quite long so I've zipped it up and attached it. Thanks agains!

First Log:

21:13:57.0337 0996 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24

21:13:58.0087 0996 ============================================================

21:13:58.0087 0996 Current date / time: 2012/09/23 21:13:58.0087

21:13:58.0087 0996 SystemInfo:

21:13:58.0087 0996

21:13:58.0087 0996 OS Version: 6.1.7601 ServicePack: 1.0

21:13:58.0087 0996 Product type: Workstation

21:13:58.0087 0996 ComputerName: DAYLIGHT

21:13:58.0087 0996 UserName: jon

21:13:58.0087 0996 Windows directory: C:\Windows

21:13:58.0087 0996 System windows directory: C:\Windows

21:13:58.0087 0996 Running under WOW64

21:13:58.0087 0996 Processor architecture: Intel x64

21:13:58.0087 0996 Number of processors: 2

21:13:58.0087 0996 Page size: 0x1000

21:13:58.0087 0996 Boot type: Normal boot

21:13:58.0087 0996 ============================================================

21:13:59.0333 0996 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

21:14:08.0417 0996 Drive \Device\Harddisk1\DR1 - Size: 0x1D1C1116000 (1863.02 Gb), SectorSize: 0x200, Cylinders: 0x3B601, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040

21:14:08.0475 0996 ============================================================

21:14:08.0475 0996 \Device\Harddisk0\DR0:

21:14:08.0475 0996 MBR partitions:

21:14:08.0475 0996 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000

21:14:08.0475 0996 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3A353000

21:14:08.0475 0996 \Device\Harddisk1\DR1:

21:14:08.0475 0996 GPT partitions:

21:14:08.0475 0996 \Device\Harddisk1\DR1\Partition1: GPT, TypeGUID: {E3C9E316-0B5C-4DB8-817D-F92DF00215AE}, UniqueGUID: {34602926-9C52-46FB-BCC6-B96E4F53C3AD}, Name: Microsoft reserved partition, StartLBA 0x22, BlocksNum 0x40000

21:14:08.0475 0996 \Device\Harddisk1\DR1\Partition2: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {6CEB2BD6-41DA-45FD-990E-BC3F93B7D85C}, Name: Basic data partition, StartLBA 0x40800, BlocksNum 0xE8DC8000

21:14:08.0475 0996 MBR partitions:

21:14:08.0475 0996 ============================================================

21:14:08.0509 0996 C: <-> \Device\Harddisk0\DR0\Partition2

21:14:08.0540 0996 F: <-> \Device\Harddisk1\DR1\Partition2

21:14:08.0540 0996 ============================================================

21:14:08.0540 0996 Initialize success

21:14:08.0540 0996 ============================================================

21:14:56.0211 6876 Deinitialize success

TDSSKiller.2.8.10.0_23.09.2012_21.18.08_log.zip

Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

That log was clean......

Please download AdwCleaner from here and save it on your Desktop.

  1. Right-click on adwcleaner.exe and select Run As Administrator to launch the application.
  2. Now click on the Search tab.
  3. Please post the contents of the log-file created in your next post.

Note: The log can also be located at C:\ >> AdwCleaner[XX].txt >> XX <-- Denotes the number of times the application has been ran, so in this should be something like R1.

MrC

Link to post
Share on other sites
jdartigas

jdartigas

Posted
  • Author
Posted

I opened Chrome up to see if it's still redirecting, and it is, this time to click.gethotresults.com. Below is the AdwCleaner log:

# AdwCleaner v2.003 - Logfile created 09/23/2012 at 22:00:32

# Updated 23/09/2012 by Xplode

# Operating system : Windows 7 Professional Service Pack 1 (64 bits)

# User : jon - DAYLIGHT

# Boot Mode : Normal

# Running from : C:\Users\jon\Desktop\adwcleaner.exe

# Option [search]

***** [services] *****

***** [Files / Folders] *****

Folder Found : C:\Program Files (x86)\splashtop

Folder Found : C:\ProgramData\splashtop

Folder Found : C:\Users\jon\AppData\Local\Temp\boost_interprocess

***** [Registry] *****

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B0DE3308-5D5A-470D-81B9-634FC078393B}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0702A2B6-13AA-4090-9E01-BCDC85DD933F}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B0DE3308-5D5A-470D-81B9-634FC078393B}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v14.0.1 (en-US)

Profile name : default

File : C:\Users\jon\AppData\Roaming\Mozilla\Firefox\Profiles\lubhwkkd.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v21.0.1180.89

File : C:\Users\jon\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1762 octets] - [23/09/2012 22:00:32]

########## EOF - C:\AdwCleaner[R1].txt - [1822 octets] ##########

Link to post
Share on other sites
MrCharlie

MrCharlie

Posted
Posted

  1. Please re-run AdwCleaner
  2. Click on Delete button.
  3. Confirm each time with OK.
  4. Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.

Note: You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number.

~~~~~~~~~~~~~~~~~~~~

Then...............

.... lets do some checking in Chrome:

First please make sure you have the latest version of Chrome:

Click the wrench in the upper right hand corner

Click on "About Google Chrome"

If an update is available it will be downloaded and installed

Next:

Carefully check for any odd extensions or plugins:

Type the following into the address box and hit Enter:

chrome:plugins

Do the same for:

chrome:extensions

Next:

Go to Settings > Show advanced settings........ (at the bottom)

Put a check next to all of these:

  1. Clear browsing history
  2. Clear download history
  3. Empty the cache

Click "Clear Browsing Data"

Next:

Look through the rest of Tools, Settings and View Backround Pages and make sure there's nothing suspicious.

---------------------------

Then look at this link (it's for a different infection but the way to change Chromes settings is the same)

http://deletemalware...tall-guide.html

Let me know, MrC

Link to post
Share on other sites
jdartigas

jdartigas

Posted
  • Author
Posted

Chrome was up to date, and I didn't see an plugins I viewed as being suspicious. I did delete an extension, Adblock for Pirate Bay, I forgot I installed that a while back. I tested again after running AdwCleaner, and was still getting redirected. I then diabled all extensions and plugins and rebooted and I'm no longer getting redirected. I'm now going to go through each extension and plugin to determine which one was causing the redirect issue. Thanks for you help, it's, much appreciated!

Link to post
Share on other sites
Maurice Naggar

Maurice Naggar

Posted
Posted

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.