Jump to content

Google redirect virus and other random stuffy - Malwarebytes and others don't find it!


Recommended Posts

:)

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

You might want to print these instructions out.

I suggest you do this:

Please download GooredFix from one of the locations below and save it to your Desktop

Download Mirror #1

Download Mirror #2

  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • It doesn't take long to run, once it is finished move onto the next step

Download TDSSKiller and save it to your Desktop.

  • Make sure all other windows are closed and to let it run uninterrupted.
  • Extract the file and run it.
  • Once completed it will create a log in your C:\ drive called TDSSKiller_* (* denotes version & date)
  • Reboot your machine and see if the infection is gone
  • Please post the contents of that log TDSSKiller and GooredFix log.

Please use Copy/Paste to post the logs, DO NOT attach them

Link to post
Share on other sites

Thank you so much for your prompt response. Logs are requested. Deepti

TDSSKiller

2010/10/19 13:22:28.0140 TDSS rootkit removing tool 2.4.4.0 Oct 4 2010 09:06:59

2010/10/19 13:22:28.0140 ================================================================================

2010/10/19 13:22:28.0140 SystemInfo:

2010/10/19 13:22:28.0140

2010/10/19 13:22:28.0140 OS Version: 5.1.2600 ServicePack: 3.0

2010/10/19 13:22:28.0140 Product type: Workstation

2010/10/19 13:22:28.0140 ComputerName: DEEPTI-B4147B46

2010/10/19 13:22:28.0140 UserName: Deepti

2010/10/19 13:22:28.0140 Windows directory: C:\WINDOWS

2010/10/19 13:22:28.0140 System windows directory: C:\WINDOWS

2010/10/19 13:22:28.0140 Processor architecture: Intel x86

2010/10/19 13:22:28.0140 Number of processors: 2

2010/10/19 13:22:28.0140 Page size: 0x1000

2010/10/19 13:22:28.0140 Boot type: Normal boot

2010/10/19 13:22:28.0140 ================================================================================

2010/10/19 13:22:29.0234 Initialize success

2010/10/19 13:22:31.0703 ================================================================================

2010/10/19 13:22:31.0703 Scan started

2010/10/19 13:22:31.0703 Mode: Manual;

2010/10/19 13:22:31.0703 ================================================================================

2010/10/19 13:22:32.0640 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2010/10/19 13:22:32.0687 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys

2010/10/19 13:22:32.0828 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2010/10/19 13:22:32.0875 AFD (7e775010ef291da96ad17ca4b17137d7) C:\WINDOWS\System32\drivers\afd.sys

2010/10/19 13:22:33.0296 AsusACPI (12415a4b61ded200fe9932b47a35fa42) C:\WINDOWS\system32\DRIVERS\ASUSACPI.sys

2010/10/19 13:22:33.0343 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2010/10/19 13:22:33.0390 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2010/10/19 13:22:33.0500 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2010/10/19 13:22:33.0578 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2010/10/19 13:22:33.0625 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2010/10/19 13:22:33.0734 btaudio (b6e16da77eafe84a8c5bc44784feeaea) C:\WINDOWS\system32\drivers\btaudio.sys

2010/10/19 13:22:33.0796 BTDriver (58a49bd10e08d3d4333a60dedcb1ced8) C:\WINDOWS\system32\DRIVERS\btport.sys

2010/10/19 13:22:33.0843 BTKRNL (ef5e0de0a7ca2977a9255f36f4d915ab) C:\WINDOWS\system32\DRIVERS\btkrnl.sys

2010/10/19 13:22:33.0890 BTWDNDIS (80f61de965c116051614ac2f04222ff7) C:\WINDOWS\system32\DRIVERS\btwdndis.sys

2010/10/19 13:22:33.0968 btwhid (e48668b4a6a5cf68b33aecad18ee8e1e) C:\WINDOWS\system32\DRIVERS\btwhid.sys

2010/10/19 13:22:34.0015 BTWUSB (053dc5be74621b63bb48c2b86bafc7b0) C:\WINDOWS\system32\Drivers\btwusb.sys

2010/10/19 13:22:34.0234 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2010/10/19 13:22:34.0296 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys

2010/10/19 13:22:34.0390 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2010/10/19 13:22:34.0437 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2010/10/19 13:22:34.0515 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2010/10/19 13:22:34.0609 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys

2010/10/19 13:22:34.0671 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys

2010/10/19 13:22:34.0859 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2010/10/19 13:22:35.0000 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2010/10/19 13:22:35.0125 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

2010/10/19 13:22:35.0171 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2010/10/19 13:22:35.0234 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2010/10/19 13:22:35.0312 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2010/10/19 13:22:35.0406 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2010/10/19 13:22:35.0531 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys

2010/10/19 13:22:35.0562 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2010/10/19 13:22:35.0593 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys

2010/10/19 13:22:35.0656 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\DRIVERS\fltMgr.sys

2010/10/19 13:22:35.0734 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2010/10/19 13:22:35.0859 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2010/10/19 13:22:36.0062 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2010/10/19 13:22:36.0109 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

2010/10/19 13:22:36.0234 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2010/10/19 13:22:36.0328 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2010/10/19 13:22:36.0656 ialm (0f68e2ec713f132ffb19e45415b09679) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys

2010/10/19 13:22:36.0781 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2010/10/19 13:22:37.0078 IntcAzAudAddService (45ffc97a47248550e799da5eb5dca6a1) C:\WINDOWS\system32\drivers\RtkHDAud.sys

2010/10/19 13:22:37.0203 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2010/10/19 13:22:37.0265 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys

2010/10/19 13:22:37.0328 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2010/10/19 13:22:37.0375 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2010/10/19 13:22:37.0406 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2010/10/19 13:22:37.0468 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2010/10/19 13:22:37.0500 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2010/10/19 13:22:37.0562 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2010/10/19 13:22:37.0609 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2010/10/19 13:22:37.0656 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2010/10/19 13:22:37.0718 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2010/10/19 13:22:37.0750 Ktp (85b6d85c044e3df77e92b5a7b265008f) C:\WINDOWS\system32\DRIVERS\ETD.sys

2010/10/19 13:22:37.0796 L1e (303627228dd739d98289679901a38c8f) C:\WINDOWS\system32\DRIVERS\l1e51x86.sys

2010/10/19 13:22:37.0984 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2010/10/19 13:22:38.0062 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2010/10/19 13:22:38.0109 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2010/10/19 13:22:38.0156 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2010/10/19 13:22:38.0218 MpFilter (c98301ad8173a2235a9ab828955c32bb) C:\WINDOWS\system32\DRIVERS\MpFilter.sys

2010/10/19 13:22:38.0328 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2010/10/19 13:22:38.0437 MRxSmb (f3aefb11abc521122b67095044169e98) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2010/10/19 13:22:38.0546 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2010/10/19 13:22:38.0687 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2010/10/19 13:22:38.0750 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2010/10/19 13:22:38.0796 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2010/10/19 13:22:38.0859 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2010/10/19 13:22:38.0937 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys

2010/10/19 13:22:39.0046 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys

2010/10/19 13:22:39.0125 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys

2010/10/19 13:22:39.0250 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2010/10/19 13:22:39.0312 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys

2010/10/19 13:22:39.0390 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2010/10/19 13:22:39.0468 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2010/10/19 13:22:39.0546 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2010/10/19 13:22:39.0593 NDProxy (6215023940cfd3702b46abc304e1d45a) C:\WINDOWS\system32\drivers\NDProxy.sys

2010/10/19 13:22:39.0625 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2010/10/19 13:22:39.0703 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2010/10/19 13:22:39.0812 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2010/10/19 13:22:39.0875 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2010/10/19 13:22:39.0953 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2010/10/19 13:22:40.0046 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2010/10/19 13:22:40.0078 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2010/10/19 13:22:40.0171 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\drivers\Parport.sys

2010/10/19 13:22:40.0218 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2010/10/19 13:22:40.0265 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2010/10/19 13:22:40.0328 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2010/10/19 13:22:40.0406 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2010/10/19 13:22:40.0484 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

2010/10/19 13:22:40.0812 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2010/10/19 13:22:40.0906 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2010/10/19 13:22:40.0984 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2010/10/19 13:22:41.0281 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2010/10/19 13:22:41.0343 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2010/10/19 13:22:41.0437 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2010/10/19 13:22:41.0468 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2010/10/19 13:22:41.0562 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2010/10/19 13:22:41.0640 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2010/10/19 13:22:41.0812 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2010/10/19 13:22:41.0921 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2010/10/19 13:22:42.0109 RT80x86 (8a11953e6d852a80aef12ff33d848d35) C:\WINDOWS\system32\DRIVERS\RT2860.sys

2010/10/19 13:22:42.0281 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2010/10/19 13:22:42.0359 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\drivers\Serial.sys

2010/10/19 13:22:42.0437 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

2010/10/19 13:22:42.0562 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys

2010/10/19 13:22:42.0687 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2010/10/19 13:22:42.0796 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2010/10/19 13:22:42.0875 Srv (0f6aefad3641a657e18081f52d0c15af) C:\WINDOWS\system32\DRIVERS\srv.sys

2010/10/19 13:22:42.0968 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys

2010/10/19 13:22:43.0062 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2010/10/19 13:22:43.0125 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2010/10/19 13:22:43.0343 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2010/10/19 13:22:43.0421 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2010/10/19 13:22:43.0484 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2010/10/19 13:22:43.0531 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2010/10/19 13:22:43.0578 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2010/10/19 13:22:43.0703 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2010/10/19 13:22:43.0796 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2010/10/19 13:22:43.0875 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2010/10/19 13:22:43.0937 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2010/10/19 13:22:43.0968 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2010/10/19 13:22:44.0031 usbstor (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2010/10/19 13:22:44.0046 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2010/10/19 13:22:44.0109 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys

2010/10/19 13:22:44.0171 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2010/10/19 13:22:44.0218 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2010/10/19 13:22:44.0296 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2010/10/19 13:22:44.0421 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2010/10/19 13:22:44.0625 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS

2010/10/19 13:22:44.0671 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2010/10/19 13:22:44.0734 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2010/10/19 13:22:44.0875 ================================================================================

2010/10/19 13:22:44.0875 Scan finished

2010/10/19 13:22:44.0875 ================================================================================

Gooredfix

GooredFix by jpshortstuff (03.07.10.1)

Log created at 13:19 on 19/10/2010 (Deepti)

Firefox version 3.6.10 (en-GB)

========== GooredScan ==========

(none)

========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\

{972ce4c6-7e08-4474-a285-3208198ce6fd} [09:10 19/10/2010]

C:\Documents and Settings\Deepti.DEEPTI-B4147B46\Application Data\Mozilla\Firefox\Profiles\0hbrx28i.default\extensions\

(none)

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]

"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [12:01 24/09/2010]

-=E.O.F=-

Link to post
Share on other sites

Those scans look good :)

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision.

Doing so could make your pc inoperatible and could require a full reinstall of your OS, losing all your programs and data.

Vista and Windows 7 users:

1. These tools MUST be run from the executable. (.exe) every time you run them

2. With Admin Rights (Right click, choose "Run as Administrator")

Stay with this topic until I give you the all clean post.

You might want to print these instructions out.

I suggest you do this:

XP Users

Double-click My Computer.

Click the Tools menu, and then click Folder Options.

Click the View tab.

Uncheck "Hide file extensions for known file types."

Under the "Hidden files" folder, select "Show hidden files and folders."

Uncheck "Hide protected operating system files."

Click Apply, and then click OK.

Vista Users

To enable the viewing of hidden and protected system files in Windows Vista please follow these steps:

Close all programs so that you are at your desktop.

Click on the Start button. This is the small round button with the Windows flag in the lower left corner.

Click on the Control Panel menu option.

When the control panel opens you can either be in Classic View or Control Panel Home view:

If you are in the Classic View do the following:

Double-click on the Folder Options icon.

Click on the View tab.

If you are in the Control Panel Home view do the following:

Click on the Appearance and Personalization link.

Click on Show Hidden Files or Folders.

Under the Hidden files and folders section select the radio button labeled Show hidden files and folders.

Remove the checkmark from the checkbox labeled Hide extensions for known file types.

Remove the checkmark from the checkbox labeled Hide protected operating system files.

Please do not delete anything unless instructed to.

Next:

Please download ATF Cleaner by Atribune.

Download - ATF Cleaner

Link to post
Share on other sites

Thanks for the encouragement. Did as asked. MBAM logs as requested. Nothing was found. Google still redirecting me to places I don't want to go. Gmail still won't let me log in - still refreshes back to log in page. Deepti

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4867

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

19/10/2010 13:44:34

mbam-log-2010-10-19 (13-44-34).txt

Scan type: Quick scan

Objects scanned: 184415

Time elapsed: 9 minute(s), 40 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

Are you using a Router?

Download ComboFix from one of these locations:

Link 1

Link 2 If using this link, Right Click and select Save As.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link : Protective Programs
  • Double click on ComboFix.exe & follow the prompts.
    Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
    Note: If you have SP3, use the SP2 package.
    If Vista or Windows 7, skip the Recovery Console part
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RC1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Give it atleast 20-30 minutes to finish if needed.

Please do not attach the scan results from Combofx. Use copy/paste.

Also please describe how your computer behaves at the moment.

Link to post
Share on other sites

Hi again LDTate - combofix logs as required - still being redirected to random websites in google in all browsers - computer has also become unusually slow - thanks for your patience. Deepti

--

ComboFix 10-10-22.02 - Deepti 22/10/2010 18:32:08.3.2 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1015.548 [GMT 1:00]

Running from: c:\documents and settings\Deepti.DEEPTI-B4147B46\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

* Created a new restore point

.

((((((((((((((((((((((((( Files Created from 2010-09-22 to 2010-10-22 )))))))))))))))))))))))))))))))

.

2010-10-19 10:19 . 2010-10-19 10:19 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Microsoft

2010-10-19 10:10 . 2010-10-19 10:10 -------- d-----w- c:\program files\Microsoft Analysis Services

2010-10-19 10:04 . 2010-10-19 10:04 -------- d-----w- c:\documents and settings\Deepti.DEEPTI-B4147B46\Local Settings\Application Data\Microsoft Help

2010-10-19 10:00 . 2010-10-19 10:27 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft Help

2010-10-19 09:58 . 2010-10-19 09:58 -------- d-----r- C:\MSOCache

2010-10-19 09:21 . 2010-10-07 23:21 6146896 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F2989285-C758-4C33-BC00-F7E164C356D7}\mpengine.dll

2010-10-19 09:10 . 2010-10-19 09:10 -------- d-----w- c:\documents and settings\Deepti.DEEPTI-B4147B46\Local Settings\Application Data\Mozilla

2010-10-18 10:49 . 2010-10-18 10:50 -------- d-----w- c:\program files\CCleaner

2010-10-18 09:14 . 2010-10-18 10:50 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy

2010-10-18 09:11 . 2010-10-18 09:11 -------- d-sh--w- c:\documents and settings\Deepti.DEEPTI-B4147B46\IECompatCache

2010-10-18 09:11 . 2010-10-18 09:11 -------- d-sh--w- c:\documents and settings\Deepti.DEEPTI-B4147B46\PrivacIE

2010-10-18 08:11 . 2010-10-18 08:11 -------- d-sh--w- c:\documents and settings\Deepti.DEEPTI-B4147B46\IETldCache

2010-10-16 15:39 . 2008-04-14 12:00 221184 ----a-w- c:\windows\system32\wmpns.dll

2010-10-16 15:37 . 2010-08-26 11:08 13312 -c----w- c:\windows\system32\dllcache\iecompat.dll

2010-10-16 15:36 . 2010-09-10 05:58 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll

2010-10-16 15:36 . 2010-09-10 05:58 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll

2010-10-16 15:36 . 2010-09-10 05:58 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll

2010-10-16 15:36 . 2010-09-10 05:58 1986560 -c----w- c:\windows\system32\dllcache\iertutil.dll

2010-10-16 15:36 . 2010-09-10 05:58 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll

2010-10-16 15:36 . 2010-09-10 05:58 11080192 -c----w- c:\windows\system32\dllcache\ieframe.dll

2010-10-16 15:36 . 2010-09-10 05:58 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll

2010-10-11 16:10 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-10-11 16:10 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-10-11 16:05 . 2010-10-11 16:05 -------- d-----w- c:\documents and settings\Deepti.DEEPTI-B4147B46\Application Data\Malwarebytes

2010-10-11 16:05 . 2010-10-11 16:05 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes

2010-09-26 18:27 . 2010-09-26 18:27 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Google

2010-09-26 18:22 . 2010-09-26 18:22 -------- d-----w- c:\documents and settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Google

2010-09-24 12:02 . 2010-09-24 12:01 73728 ----a-w- c:\windows\system32\javacpl.cpl

2010-09-24 12:02 . 2010-09-24 12:01 423656 ----a-w- c:\windows\system32\deployJava1.dll

2010-09-24 08:16 . 2010-10-11 17:05 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2010-09-24 08:15 . 2010-10-11 17:05 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Hitman Pro

2010-09-22 18:08 . 2010-10-09 18:22 -------- d-----w- c:\documents and settings\Deepti.DEEPTI-B4147B46\Local Settings\Application Data\Adobe

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-09-18 11:23 . 2008-04-14 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll

2010-09-18 06:53 . 2008-04-14 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll

2010-09-18 06:53 . 2008-04-14 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll

2010-09-18 06:53 . 2008-04-14 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll

2010-09-15 15:40 . 2010-09-15 15:53 5934416 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll

2010-09-15 15:16 . 2008-01-29 13:47 966656 ----a-w- c:\windows\system32\btrez.dll

2010-09-15 15:16 . 2008-06-27 05:37 74688 ----a-w- c:\windows\system32\drivers\btwusb.sys

2010-09-15 15:16 . 2008-06-27 05:37 106557 ----a-w- c:\windows\system32\btw_ci.dll

2010-09-15 15:16 . 2008-06-27 05:37 55352 ----a-w- c:\windows\system32\drivers\btwhid.sys

2010-09-15 15:16 . 2008-06-27 05:37 156392 ----a-w- c:\windows\system32\drivers\btwdndis.sys

2010-09-15 15:16 . 2008-06-27 05:37 37424 ----a-w- c:\windows\system32\drivers\btport.sys

2010-09-15 15:16 . 2008-06-27 05:37 879624 ----a-w- c:\windows\system32\drivers\btkrnl.sys

2010-09-15 15:16 . 2008-06-27 05:37 539640 ----a-w- c:\windows\system32\drivers\btaudio.sys

2010-09-15 15:07 . 2010-09-15 15:25 920088 ----a-w- c:\windows\system32\igxpun.exe

2010-09-15 15:07 . 2010-09-15 15:25 319456 ----a-w- c:\windows\system32\difxapi.dll

2010-09-15 15:07 . 2010-09-15 15:25 57344 ----a-w- c:\windows\system32\igxprd32.dll

2010-09-15 15:07 . 2010-09-15 15:25 5854688 ----a-w- c:\windows\system32\drivers\igxpmp32.sys

2010-09-15 15:07 . 2010-09-15 15:25 135168 ----a-w- c:\windows\system32\igfxtray.exe

2010-09-15 15:07 . 2010-09-15 15:25 48128 ----a-w- c:\windows\system32\igfxsrvc.dll

2010-09-15 15:07 . 2010-09-15 15:25 294912 ----a-w- c:\windows\system32\igldev32.dll

2010-09-15 15:07 . 2010-09-15 15:25 249856 ----a-w- c:\windows\system32\igfxsrvc.exe

2010-09-15 15:07 . 2010-09-15 15:25 2334720 ----a-w- c:\windows\system32\iglicd32.dll

2010-09-15 15:07 . 2010-09-15 15:25 1670144 ----a-w- c:\windows\system32\igxpdv32.dll

2010-09-15 15:07 . 2010-09-15 15:25 163840 ----a-w- c:\windows\system32\igfxzoom.exe

2010-09-15 15:07 . 2010-09-15 15:25 151040 ----a-w- c:\windows\system32\igxpgd32.dll

2010-09-15 15:07 . 2010-09-15 15:25 2643456 ----a-w- c:\windows\system32\igxpdx32.dll

2010-09-15 15:07 . 2010-09-15 15:25 147456 ----a-w- c:\windows\system32\igfxCoIn_v4906.dll

2010-09-15 15:07 . 2010-09-11 13:14 172032 ----a-w- c:\windows\system32\igfxrtrk.lrc

2010-09-15 15:07 . 2010-09-11 13:14 172032 ----a-w- c:\windows\system32\igfxrsve.lrc

2010-09-15 15:07 . 2010-09-11 13:14 180224 ----a-w- c:\windows\system32\igfxrrus.lrc

2010-09-15 15:07 . 2010-09-11 13:14 180224 ----a-w- c:\windows\system32\igfxrptg.lrc

2010-09-15 15:07 . 2010-09-11 13:14 180224 ----a-w- c:\windows\system32\igfxrptb.lrc

2010-09-15 15:07 . 2010-09-11 13:14 176128 ----a-w- c:\windows\system32\igfxrsky.lrc

2010-09-15 15:07 . 2010-09-11 13:14 172032 ----a-w- c:\windows\system32\igfxrslv.lrc

2010-09-15 15:07 . 2010-09-11 13:14 163840 ----a-w- c:\windows\system32\igfxrtha.lrc

2010-09-15 15:07 . 2010-09-15 15:27 172032 ----a-w- c:\windows\system32\igfxres.dll

2010-09-15 15:07 . 2010-09-15 15:25 24576 ----a-w- c:\windows\system32\igfxexps.dll

2010-09-15 15:07 . 2010-09-15 15:25 163840 ----a-w- c:\windows\system32\igfxext.exe

2010-09-15 15:07 . 2010-09-15 15:25 131072 ----a-w- c:\windows\system32\igfxpers.exe

2010-09-15 15:07 . 2010-09-15 15:25 3293184 ----a-w- c:\windows\system32\igfxress.dll

2010-09-15 15:07 . 2010-09-15 15:25 208896 ----a-w- c:\windows\system32\igfxdev.dll

2010-09-15 15:07 . 2010-09-15 15:25 204800 ----a-w- c:\windows\system32\igfxpph.dll

2010-09-15 15:07 . 2010-09-15 15:25 135168 ----a-w- c:\windows\system32\igfxdo.dll

2010-09-15 15:07 . 2010-09-11 13:14 188416 ----a-w- c:\windows\system32\igfxrita.lrc

2010-09-15 15:07 . 2010-09-11 13:14 184320 ----a-w- c:\windows\system32\igfxrfra.lrc

2010-09-15 15:07 . 2010-09-11 13:14 172032 ----a-w- c:\windows\system32\igfxrdan.lrc

2010-09-15 15:07 . 2010-09-11 13:14 155648 ----a-w- c:\windows\system32\igfxrheb.lrc

2010-09-15 15:07 . 2010-09-11 13:14 131072 ----a-w- c:\windows\system32\igfxrjpn.lrc

2010-09-15 15:07 . 2010-09-11 13:14 126976 ----a-w- c:\windows\system32\igfxrkor.lrc

2010-09-15 15:07 . 2010-09-11 13:14 192512 ----a-w- c:\windows\system32\igfxrell.lrc

2010-09-15 15:07 . 2010-09-11 13:14 192512 ----a-w- c:\windows\system32\igfxrdeu.lrc

2010-09-15 15:07 . 2010-09-11 13:14 188416 ----a-w- c:\windows\system32\igfxrnld.lrc

2010-09-15 15:07 . 2010-09-11 13:14 188416 ----a-w- c:\windows\system32\igfxresp.lrc

2010-09-15 15:07 . 2010-09-11 13:14 180224 ----a-w- c:\windows\system32\igfxrplk.lrc

2010-09-15 15:07 . 2010-09-11 13:14 180224 ----a-w- c:\windows\system32\igfxrhun.lrc

2010-09-15 15:07 . 2010-09-11 13:14 176128 ----a-w- c:\windows\system32\igfxrnor.lrc

2010-09-15 15:07 . 2010-09-11 13:14 176128 ----a-w- c:\windows\system32\igfxrfin.lrc

2010-09-15 15:07 . 2010-09-11 13:14 176128 ----a-w- c:\windows\system32\igfxrcsy.lrc

2010-09-15 15:07 . 2010-09-11 13:14 172032 ----a-w- c:\windows\system32\igfxrenu.lrc

2010-09-15 15:07 . 2010-09-11 13:14 159744 ----a-w- c:\windows\system32\igfxrara.lrc

2010-09-15 15:07 . 2010-09-11 13:14 110592 ----a-w- c:\windows\system32\igfxrcht.lrc

2010-09-15 15:07 . 2010-09-11 13:14 110592 ----a-w- c:\windows\system32\igfxrchs.lrc

2010-09-15 15:07 . 2010-09-15 15:25 524288 ----a-w- c:\windows\system32\igfxcfg.exe

2010-09-15 15:07 . 2010-09-15 15:25 102400 ----a-w- c:\windows\system32\hccutils.dll

2010-09-15 15:07 . 2010-09-15 15:25 159744 ----a-w- c:\windows\system32\hkcmd.exe

2010-09-15 15:07 . 2010-09-15 15:25 122880 ----a-w- c:\windows\system32\igfxcpl.cpl

2010-09-15 14:51 . 2008-03-12 02:37 36864 ----a-w- c:\windows\system32\drivers\l1e51x86.sys

2010-09-15 14:43 . 2009-02-12 21:59 93696 ----a-w- c:\windows\system32\drivers\ETD.sys

2010-09-15 14:38 . 2010-09-15 14:38 315392 ----a-w- c:\windows\HideWin.exe

2010-09-15 14:33 . 2010-09-15 14:38 520192 ----a-w- c:\windows\RtlExUpd.dll

2010-09-15 14:33 . 2010-09-15 14:40 49152 ----a-w- c:\windows\system32\ChCfg.exe

2010-09-15 14:33 . 2010-09-15 14:39 86016 ----a-w- c:\windows\SoundMan.exe

2010-09-15 14:33 . 2010-09-15 14:39 266240 ----a-w- c:\windows\system32\RTSndMgr.cpl

2010-09-15 14:33 . 2010-09-15 14:39 1826816 ----a-w- c:\windows\SkyTel.exe

2010-09-15 14:33 . 2010-09-15 14:39 1196032 ----a-w- c:\windows\RtlUpd.exe

2010-09-15 14:33 . 2010-09-15 14:39 9715200 ----a-w- c:\windows\RTLCPL.exe

2010-09-15 14:33 . 2010-09-15 14:39 4733440 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys

2010-09-15 14:33 . 2010-09-15 14:39 16861696 ----a-w- c:\windows\RTHDCPL.exe

2010-09-15 14:33 . 2010-09-15 14:39 2165760 ----a-w- c:\windows\MicCal.exe

2010-09-15 14:33 . 2010-09-15 14:39 69632 ----a-w- c:\windows\Alcmtr.exe

2010-09-15 14:33 . 2010-09-15 14:39 299008 ----a-w- c:\windows\system32\ALSndMgr.cpl

2010-09-15 14:33 . 2010-09-15 14:39 2808832 ----a-w- c:\windows\alcwzrd.exe

2010-09-10 05:58 . 2008-04-14 12:00 916480 ----a-w- c:\windows\system32\wininet.dll

2010-09-10 05:58 . 2008-04-14 12:00 43520 ------w- c:\windows\system32\licmgr10.dll

2010-09-10 05:58 . 2008-04-14 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl

2010-09-09 22:52 . 2010-09-16 11:38 6084944 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2010-09-09 14:16 . 2010-09-09 14:16 81920 ------w- c:\windows\system32\ieencode.dll

2010-09-01 11:51 . 2008-04-14 12:00 285824 ----a-w- c:\windows\system32\atmfd.dll

2010-08-31 13:42 . 2008-04-14 12:00 1852800 ----a-w- c:\windows\system32\win32k.sys

2010-08-27 08:02 . 2008-04-14 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll

2010-08-27 05:57 . 2008-04-14 12:00 99840 ----a-w- c:\windows\system32\srvsvc.dll

2010-08-26 13:39 . 2008-04-14 12:00 357248 ----a-w- c:\windows\system32\drivers\srv.sys

2010-08-26 12:52 . 2010-09-16 07:47 5120 ----a-w- c:\windows\system32\xpsp4res.dll

2010-08-23 16:12 . 2008-04-14 12:00 617472 ----a-w- c:\windows\system32\comctl32.dll

2010-08-17 13:17 . 2008-04-14 12:00 58880 ----a-w- c:\windows\system32\spoolsv.exe

2010-08-16 08:45 . 2008-04-14 12:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll

2008-05-07 23:34 . 2008-06-27 06:48 15523560 ----a-w- c:\program files\U1 Setup.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SoundMan"="SOUNDMAN.EXE" [2010-09-15 86016]

"AsusTray"="c:\program files\EeePC\ACPI\AsTray.exe" [2008-12-04 114688]

"AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2008-12-17 622592]

"AsusEPCMonitor"="c:\program files\EeePC\ACPI\AsEPCMon.exe" [2008-05-21 94208]

"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-09-15 1094224]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2010-02-28 519584]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=

"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\WINDOWS\\system32\\sessmgr.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=

"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=

"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=

R3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [15/09/2010 14:50 933504]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [08/05/2009 19:08 133104]

S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [09/01/2010 21:37 4640000]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - FWPIQPOC

*NewlyCreated* - KLMD25

*Deregistered* - fwpiqpoc

*Deregistered* - klmd25

.

Contents of the 'Scheduled Tasks' folder

2010-10-19 c:\windows\Tasks\GlaryInitialize.job

- c:\program files\Glary Utilities\initialize.exe [2008-11-15 09:32]

2010-10-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cb720eb262e3c8.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-08 18:08]

2010-10-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2009-05-08 18:08]

2010-10-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1229272821-2139871995-515967899-1004Core.job

- c:\documents and settings\Deepti.DEEPTI-B4147B46\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-16 08:24]

2010-10-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1229272821-2139871995-515967899-1004UA.job

- c:\documents and settings\Deepti.DEEPTI-B4147B46\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-16 08:24]

2010-10-19 c:\windows\Tasks\MP Scheduled Scan.job

- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2010-03-25 20:40]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.co.uk/

IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

FF - ProfilePath - c:\documents and settings\Deepti.DEEPTI-B4147B46\Application Data\Mozilla\Firefox\Profiles\0hbrx28i.default\

FF - prefs.js: browser.startup.homepage - www.aldaily.com

FF - prefs.js: network.proxy.type - 0

FF - plugin: c:\documents and settings\Deepti.DEEPTI-B4147B46\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll

FF - plugin: c:\progra~1\MICROS~4\Office14\NPAUTHZ.DLL

FF - plugin: c:\progra~1\MICROS~4\Office14\NPSPWRAP.DLL

FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll

---- FIREFOX POLICIES ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-10-22 18:38

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(772)

c:\windows\system32\igfxdev.dll

- - - - - - - > 'explorer.exe'(128)

c:\windows\system32\WININET.dll

c:\progra~1\WINDOW~2\wmpband.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\mshtml.dll

c:\windows\system32\msls31.dll

c:\windows\system32\jscript.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\btncopy.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Completion time: 2010-10-22 18:42:39

ComboFix-quarantined-files.txt 2010-10-22 17:42

Pre-Run: 22,988,193,792 bytes free

Post-Run: 22,979,555,328 bytes free

- - End Of File - - ECA4BA5F7603CED9E9F6F7BDE43EDEA4

Link to post
Share on other sites

Combofix didn't find anything. It could be your router needs to be rest.

http://www.eset.eu/online-scanner

Go here to run an online scannner from ESET.

Click the green ESET Online Scanner button.

Read the End User License Agreement and check the box: YES, I accept the Terms of Use.

Click on the Start button next to it.

You may receive an alert on the address bar that "This site might require the following ActiveX control...Click here to install...". Click on that alert and then click Insall ActiveX component.

A new window will appear asking "Do you want to install this software?"".

Answer Yes to download and install the ActiveX controls that allows the scan to run.

Click Start.

Check Remove found threats and Scan potentially unwanted applications.

Click Scan to begin.

If offered the option to get information or buy software. Just close the window.

Wait for the scan to finish

Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt

Copy and paste that log as a reply to this topic.

Link to post
Share on other sites

Finally some progress - ESET scanner found something! What next? Not sure it is my router as other computers that link to the same router have no problems. Deepti

C:\System Volume Information\_restore{1099F455-FDC1-4A17-9774-80FD2C17C67A}\RP29\A0005989.inf Win32/AutoRun.Agent.LA worm cleaned by deleting - quarantined

Link to post
Share on other sites

Please download DDS by sUBs from one of the following links and save it to your desktop.

[*]Disable any script blocking protection (How to Disable your Security Programs)

[*]Double click DDS icon to run the tool (may take up to 3 minutes to run)

[*]When done, DDS.txt will open.

[*]After a few moments, attach.txt will open in a second window.

[*]Save both reports to your desktop.

---------------------------------------------------

  • Post the contents of the DDS.txt report in your next reply
  • Attach the Attach.txt report to your post by scroling down to the Attachments area and then clicking Browse. Browse to where you saved the file, and click Open and then click UPLOAD.

Link to post
Share on other sites

DDS files as requested. Thanks for hanging in there with me, I am grateful. Deepti

DDS (Ver_10-10-10.03) - NTFSx86

Run by Deepti at 13:55:07.78 on 23/10/2010

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1015.218 [GMT 1:00]

AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\Program Files\Microsoft Security Essentials\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\WINDOWS\system32\crypserv.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\SOUNDMAN.EXE

C:\Program Files\EeePC\ACPI\AsTray.exe

C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe

C:\Program Files\EeePC\ACPI\AsEPCMon.exe

C:\Program Files\Microsoft Security Essentials\msseces.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\igfxext.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\internet explorer\iexplore.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Deepti.DEEPTI-B4147B46\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~4\office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [Google Update] "c:\documents and settings\deepti.deepti-b4147b46\local settings\application data\google\update\GoogleUpdate.exe" /c

mRun: [soundMan] SOUNDMAN.EXE

mRun: [AsusTray] c:\program files\eeepc\acpi\AsTray.exe

mRun: [AsusACPIServer] c:\program files\eeepc\acpi\AsAcpiSvr.exe

mRun: [AsusEPCMonitor] c:\program files\eeepc\acpi\AsEPCMon.exe

mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\micros~4\office14\ONBttnIE.dll/105

IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm

IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1284566998609

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\deepti~1.dee\applic~1\mozilla\firefox\profiles\0hbrx28i.default\

FF - prefs.js: browser.startup.homepage - www.aldaily.com

FF - prefs.js: network.proxy.type - 0

FF - plugin: c:\documents and settings\deepti.deepti-b4147b46\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\progra~1\micros~4\office14\NPAUTHZ.DLL

FF - plugin: c:\progra~1\micros~4\office14\NPSPWRAP.DLL

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

============= SERVICES / DRIVERS ===============

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-12-2 151216]

R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-10-11 38224]

R3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [2010-9-15 933504]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-5-8 133104]

S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]

=============== Created Last 30 ================

2010-10-23 08:58:53 -------- d-----w- c:\docume~1\deepti~1.dee\locals~1\applic~1\Help

2010-10-23 08:58:48 61440 ----a-w- c:\windows\system32\Crypserv.exe

2010-10-23 08:58:48 28518 ----a-w- c:\windows\system32\Ckldrv.sys

2010-10-23 08:58:48 27648 ----a-r- c:\windows\Setup_ck.exe

2010-10-23 08:58:48 18432 ----a-w- c:\windows\Setup_ck.dll

2010-10-23 08:58:48 165888 ----a-w- c:\windows\Ckconfig.exe

2010-10-23 08:58:48 11776 ----a-w- c:\windows\Ckrfresh.exe

2010-10-23 08:58:08 304128 ----a-w- c:\windows\IsUninst.exe

2010-10-23 08:57:59 -------- d-----w- c:\documents and settings\deepti.deepti-b4147b46\WINDOWS

2010-10-19 10:19:36 -------- d-----w- c:\documents and settings\all users.windows\Microsoft

2010-10-19 10:10:17 -------- d-----w- c:\program files\Microsoft Analysis Services

2010-10-19 10:04:34 -------- d-----w- c:\docume~1\deepti~1.dee\locals~1\applic~1\Microsoft Help

2010-10-19 09:21:02 6146896 ----a-w- c:\docume~1\alluse~1.win\applic~1\microsoft\microsoft antimalware\definition updates\{f2989285-c758-4c33-bc00-f7e164c356d7}\mpengine.dll

2010-10-19 09:10:59 -------- d-----w- c:\docume~1\deepti~1.dee\locals~1\applic~1\Mozilla

2010-10-18 10:49:43 -------- d-----w- c:\program files\CCleaner

2010-10-18 09:14:47 -------- d-----w- c:\docume~1\alluse~1.win\applic~1\Spybot - Search & Destroy

2010-10-18 09:11:50 -------- d-sh--w- c:\documents and settings\deepti.deepti-b4147b46\IECompatCache

2010-10-18 09:11:32 -------- d-sh--w- c:\documents and settings\deepti.deepti-b4147b46\PrivacIE

2010-10-18 08:11:25 -------- d-sh--w- c:\documents and settings\deepti.deepti-b4147b46\IETldCache

2010-10-16 15:39:48 221184 ----a-w- c:\windows\system32\wmpns.dll

2010-10-16 15:37:53 13312 -c----w- c:\windows\system32\dllcache\iecompat.dll

2010-10-16 15:36:46 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll

2010-10-16 15:36:46 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll

2010-10-16 15:36:46 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll

2010-10-16 15:36:45 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll

2010-10-16 15:36:45 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll

2010-10-16 15:36:45 1986560 -c----w- c:\windows\system32\dllcache\iertutil.dll

2010-10-16 15:36:45 11080192 -c----w- c:\windows\system32\dllcache\ieframe.dll

2010-10-11 16:10:18 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-10-11 16:10:15 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-10-11 16:05:50 -------- d-----w- c:\docume~1\deepti~1.dee\applic~1\Malwarebytes

2010-10-11 16:05:02 -------- d-----w- c:\docume~1\alluse~1.win\applic~1\Malwarebytes

2010-09-24 12:02:10 73728 ----a-w- c:\windows\system32\javacpl.cpl

2010-09-24 12:02:10 423656 ----a-w- c:\windows\system32\deployJava1.dll

2010-09-24 08:16:41 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys

2010-09-24 08:15:19 -------- d-----w- c:\docume~1\alluse~1.win\applic~1\Hitman Pro

==================== Find3M ====================

2010-09-18 11:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll

2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll

2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll

2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll

2010-09-15 15:16:08 966656 ----a-w- c:\windows\system32\btrez.dll

2010-09-15 15:16:06 106557 ----a-w- c:\windows\system32\btw_ci.dll

2010-09-15 14:38:48 315392 ----a-w- c:\windows\HideWin.exe

2010-09-15 14:33:34 520192 ----a-w- c:\windows\RtlExUpd.dll

2010-09-15 14:33:33 86016 ----a-w- c:\windows\SoundMan.exe

2010-09-15 14:33:33 49152 ----a-w- c:\windows\system32\ChCfg.exe

2010-09-15 14:33:33 266240 ----a-w- c:\windows\system32\RTSndMgr.cpl

2010-09-15 14:33:33 1826816 ----a-w- c:\windows\SkyTel.exe

2010-09-15 14:33:32 9715200 ----a-w- c:\windows\RTLCPL.exe

2010-09-15 14:33:32 1196032 ----a-w- c:\windows\RtlUpd.exe

2010-09-15 14:33:31 16861696 ----a-w- c:\windows\RTHDCPL.exe

2010-09-15 14:33:30 2165760 ----a-w- c:\windows\MicCal.exe

2010-09-15 14:33:29 69632 ----a-w- c:\windows\Alcmtr.exe

2010-09-15 14:33:29 299008 ----a-w- c:\windows\system32\ALSndMgr.cpl

2010-09-15 14:33:29 2808832 ----a-w- c:\windows\alcwzrd.exe

2010-09-10 05:58:08 916480 ----a-w- c:\windows\system32\wininet.dll

2010-09-10 05:58:06 43520 ------w- c:\windows\system32\licmgr10.dll

2010-09-10 05:58:06 1469440 ------w- c:\windows\system32\inetcpl.cpl

2010-09-09 14:16:29 81920 ------w- c:\windows\system32\ieencode.dll

2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll

2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys

2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll

2010-08-27 05:57:43 99840 ----a-w- c:\windows\system32\srvsvc.dll

2010-08-26 12:52:45 5120 ----a-w- c:\windows\system32\xpsp4res.dll

2010-08-23 16:12:04 617472 ----a-w- c:\windows\system32\comctl32.dll

2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe

2010-08-16 08:45:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll

2008-05-07 23:34:00 15523560 ----a-w- c:\program files\U1 Setup.exe

============= FINISH: 13:58:01.03 ===============

Attach.txt

Link to post
Share on other sites

Copy and paste these lines in Notepad.

@Echo on

pushd\windows\system32\drivers\etc

attrib -h -s -r hosts

echo 127.0.0.1 localhost>HOSTS

attrib +r +h +s hosts

popd

ipconfig /release

ipconfig /renew

ipconfig /flushdns

netsh winsock reset all

netsh int ip reset all

shutdown -r -t 1

del %0

Save as flush.bat to your desktop. Double click to run.

*** note: Win Vista and Win 7 need to right click and choose to "run as Administrator" .. the computer will reboot itself.

Let me know if that fixed it.

Link to post
Share on other sites

Please go to http://virusscan.jotti.org, click on Browse, and upload the following file for analysis:

c:\windows\Ckconfig.exe

Then click Submit. Allow the file to be scanned, and then please copy and paste the results here for me to see.

If virscan.org is too busy you can try these.

http://virscan.org/

http://www.kaspersky.com/scanforvirus.html

http://www.virustotal.com/en/indexf.html

Link to post
Share on other sites

Used the first two options, both say it is clear. They also say the file has been scanned before so the result won't be stored. Can't get the names of the scanners to paste. Sorry. Deepti

Scanners

2010-10-23 Found nothing 2010-10-23 Found nothing

2010-10-23 Found nothing 2010-10-23 Found nothing

2010-10-23 Found nothing 2010-10-23 Found nothing

2010-10-22 Found nothing 2010-10-23 Found nothing

2010-10-23 Found nothing Operation timed out

2010-10-23 Found nothing 2010-10-22 Found nothing

2010-10-23 Found nothing 2010-10-23 Found nothing

2010-10-23 Found nothing 2010-10-22 Found nothing

2010-10-22 Found nothing 2010-10-23 Found nothing

2010-10-23 Found nothing

Link to post
Share on other sites

Thanks for the heads up about the Firefox add ons. Hope it helps. It is odd that only google mail and google search are affected. Have switched to Bing and Yahoo and seem to be doing okay so far. Pity my email is with Google! Do you think reformatting my machine would help? Thanks for everything so far, you are brilliant. Deepti

DDS

DDS (Ver_10-10-21.02) - NTFSx86

Run by Deepti at 16:37:28.75 on 24/10/2010

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1015.284 [GMT 1:00]

AV: Microsoft Security Essentials *On-access scanning enabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\Program Files\Microsoft Security Essentials\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\WINDOWS\system32\crypserv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Java\jre6\bin\jqs.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\SOUNDMAN.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\EeePC\ACPI\AsTray.exe

C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe

C:\Program Files\EeePC\ACPI\AsEPCMon.exe

C:\WINDOWS\system32\igfxext.exe

C:\Program Files\Microsoft Security Essentials\msseces.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Deepti.DEEPTI-B4147B46\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Deepti.DEEPTI-B4147B46\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Deepti.DEEPTI-B4147B46\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Deepti.DEEPTI-B4147B46\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Deepti.DEEPTI-B4147B46\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Deepti.DEEPTI-B4147B46\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\Deepti.DEEPTI-B4147B46\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~4\office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [Google Update] "c:\documents and settings\deepti.deepti-b4147b46\local settings\application data\google\update\GoogleUpdate.exe" /c

mRun: [soundMan] SOUNDMAN.EXE

mRun: [AsusTray] c:\program files\eeepc\acpi\AsTray.exe

mRun: [AsusACPIServer] c:\program files\eeepc\acpi\AsAcpiSvr.exe

mRun: [AsusEPCMonitor] c:\program files\eeepc\acpi\AsEPCMon.exe

mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\micros~4\office14\ONBttnIE.dll/105

IE: Send to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm

IE: Send To Bluetooth - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1284566998609

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\deepti~1.dee\applic~1\mozilla\firefox\profiles\0hbrx28i.default\

FF - prefs.js: browser.startup.homepage - www.aldaily.com

FF - prefs.js: network.proxy.type - 0

FF - plugin: c:\documents and settings\deepti.deepti-b4147b46\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\progra~1\micros~4\office14\NPAUTHZ.DLL

FF - plugin: c:\progra~1\micros~4\office14\NPSPWRAP.DLL

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional

c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

============= SERVICES / DRIVERS ===============

R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-12-2 151216]

R3 RT80x86;Ralink 802.11n Wireless Driver;c:\windows\system32\drivers\rt2860.sys [2010-9-15 933504]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-5-8 133104]

S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-10-11 38224]

S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]

=============== Created Last 30 ================

2010-10-23 19:08:58 6146896 ----a-w- c:\docume~1\alluse~1.win\applic~1\microsoft\microsoft antimalware\definition updates\{b751865d-f480-4aea-b195-8101ba95bec6}\mpengine.dll

2010-10-23 08:58:53 -------- d-----w- c:\docume~1\deepti~1.dee\locals~1\applic~1\Help

2010-10-23 08:58:48 61440 ----a-w- c:\windows\system32\Crypserv.exe

2010-10-23 08:58:48 28518 ----a-w- c:\windows\system32\Ckldrv.sys

2010-10-23 08:58:48 27648 ----a-r- c:\windows\Setup_ck.exe

2010-10-23 08:58:48 18432 ----a-w- c:\windows\Setup_ck.dll

2010-10-23 08:58:48 165888 ----a-w- c:\windows\Ckconfig.exe

2010-10-23 08:58:48 11776 ----a-w- c:\windows\Ckrfresh.exe

2010-10-23 08:58:08 304128 ----a-w- c:\windows\IsUninst.exe

2010-10-23 08:57:59 -------- d-----w- c:\documents and settings\deepti.deepti-b4147b46\WINDOWS

2010-10-19 10:19:36 -------- d-----w- c:\documents and settings\all users.windows\Microsoft

2010-10-19 10:10:17 -------- d-----w- c:\program files\Microsoft Analysis Services

2010-10-19 10:04:34 -------- d-----w- c:\docume~1\deepti~1.dee\locals~1\applic~1\Microsoft Help

2010-10-19 09:10:59 -------- d-----w- c:\docume~1\deepti~1.dee\locals~1\applic~1\Mozilla

2010-10-18 10:49:43 -------- d-----w- c:\program files\CCleaner

2010-10-18 09:14:47 -------- d-----w- c:\docume~1\alluse~1.win\applic~1\Spybot - Search & Destroy

2010-10-18 09:11:50 -------- d-sh--w- c:\documents and settings\deepti.deepti-b4147b46\IECompatCache

2010-10-18 09:11:32 -------- d-sh--w- c:\documents and settings\deepti.deepti-b4147b46\PrivacIE

2010-10-18 08:11:25 -------- d-sh--w- c:\documents and settings\deepti.deepti-b4147b46\IETldCache

2010-10-16 15:39:48 221184 ----a-w- c:\windows\system32\wmpns.dll

2010-10-16 15:37:53 13312 -c----w- c:\windows\system32\dllcache\iecompat.dll

2010-10-16 15:36:46 602112 -c----w- c:\windows\system32\dllcache\msfeeds.dll

2010-10-16 15:36:46 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll

2010-10-16 15:36:46 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll

2010-10-16 15:36:45 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll

2010-10-16 15:36:45 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll

2010-10-16 15:36:45 1986560 -c----w- c:\windows\system32\dllcache\iertutil.dll

2010-10-16 15:36:45 11080192 -c----w- c:\windows\system32\dllcache\ieframe.dll

2010-10-11 16:10:18 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-10-11 16:10:15 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-10-11 16:05:50 -------- d-----w- c:\docume~1\deepti~1.dee\applic~1\Malwarebytes

2010-10-11 16:05:02 -------- d-----w- c:\docume~1\alluse~1.win\applic~1\Malwarebytes

==================== Find3M ====================

2010-10-19 20:51:33 222080 ------w- c:\windows\system32\MpSigStub.exe

2010-09-24 12:01:44 73728 ----a-w- c:\windows\system32\javacpl.cpl

2010-09-24 12:01:42 423656 ----a-w- c:\windows\system32\deployJava1.dll

2010-09-18 11:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll

2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll

2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll

2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll

2010-09-15 15:16:08 966656 ----a-w- c:\windows\system32\btrez.dll

2010-09-15 15:16:06 106557 ----a-w- c:\windows\system32\btw_ci.dll

2010-09-15 14:38:48 315392 ----a-w- c:\windows\HideWin.exe

2010-09-15 14:33:34 520192 ----a-w- c:\windows\RtlExUpd.dll

2010-09-15 14:33:33 86016 ----a-w- c:\windows\SoundMan.exe

2010-09-15 14:33:33 49152 ----a-w- c:\windows\system32\ChCfg.exe

2010-09-15 14:33:33 266240 ----a-w- c:\windows\system32\RTSndMgr.cpl

2010-09-15 14:33:33 1826816 ----a-w- c:\windows\SkyTel.exe

2010-09-15 14:33:32 9715200 ----a-w- c:\windows\RTLCPL.exe

2010-09-15 14:33:32 1196032 ----a-w- c:\windows\RtlUpd.exe

2010-09-15 14:33:31 16861696 ----a-w- c:\windows\RTHDCPL.exe

2010-09-15 14:33:30 2165760 ----a-w- c:\windows\MicCal.exe

2010-09-15 14:33:29 69632 ----a-w- c:\windows\Alcmtr.exe

2010-09-15 14:33:29 299008 ----a-w- c:\windows\system32\ALSndMgr.cpl

2010-09-15 14:33:29 2808832 ----a-w- c:\windows\alcwzrd.exe

2010-09-10 05:58:08 916480 ----a-w- c:\windows\system32\wininet.dll

2010-09-10 05:58:06 43520 ------w- c:\windows\system32\licmgr10.dll

2010-09-10 05:58:06 1469440 ------w- c:\windows\system32\inetcpl.cpl

2010-09-09 14:16:29 81920 ------w- c:\windows\system32\ieencode.dll

2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll

2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys

2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll

2010-08-27 05:57:43 99840 ----a-w- c:\windows\system32\srvsvc.dll

2010-08-26 12:52:45 5120 ----a-w- c:\windows\system32\xpsp4res.dll

2010-08-23 16:12:04 617472 ----a-w- c:\windows\system32\comctl32.dll

2010-08-17 13:17:06 58880 ----a-w- c:\windows\system32\spoolsv.exe

2010-08-16 08:45:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll

2008-05-07 23:34:00 15523560 ----a-w- c:\program files\U1 Setup.exe

============= FINISH: 16:39:10.64 ===============

Attach.txt

Link to post
Share on other sites

It turns out that there is malware but it is not on my computer but on the router - Google have no idea how to get it off (I didn't even realise routers could get malware!) but apparently resetting the router with fresh names and passwords contains the issue, temporarily at least. Just thought I would let you know in case others have the same problem. You've been fab. Thanks for everything. All the best. Deepti

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.