Jump to content

Google redirect virus


ero213

Recommended Posts

Hello,

I recently contracted a redirect virus that is redirecting my google

links in Firefox and IE7. In addition, I keep getting a service host

32 error and my audio driver keeps going down.

Below are the logs from hijack this, OTL and RKU. Any help appreciated.

Also, I should mention that I've already run spybot, malware bytes and

turned off system restore. These programs did find some

viruses but after deleting them it didn't solve the problem.

Hijack This

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 9:04:10 AM, on 11/14/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.17080)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

C:\Program Files\COMODO\COMODO Internet Security\cfp.exe

C:\Program Files\Sony\Reader\Data\bin\launcher\eBook Library Launcher.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

C:\Program Files\PowerISO\PWRISOVM.EXE

C:\Program Files\Sandboxie\SbieCtrl.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Common Files\Apple\Mobile Device

Support\bin\AppleMobileDeviceService.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Sandboxie\SbieSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Pen_Tablet.exe

C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe

C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe

C:\WINDOWS\system32\Pen_Tablet.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\system32\msiexec.exe

C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe

C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Mozilla Firefox\plugin-container.exe

C:\WINDOWS\System32\svchost.exe

C:\Documents and Settings\Eric\Desktop\CaptureBox\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL

= http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =

http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =

http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet

Settings,ProxyOverride = *.local

O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} -

C:\Program Files\HP\Digital Imaging\Smart Web

Printing\hpswp_printenhancer.dll

O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} -

C:\Program Files\AskBarDis\bar\bin\askBar.dll

O2 - BHO: IE Developer Toolbar BHO -

{CC7E636D-39AA-49b6-B511-65413DA137A1} - C:\Program

Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll

O2 - BHO: Java Plug-In 2 SSV Helper -

{DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program

Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl -

{E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program

Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}

- C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

O3 - Toolbar: Foxit Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} -

C:\Program Files\AskBarDis\bar\bin\askBar.dll

O4 - HKLM\..\Run: [hpWirelessAssistant]

%ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP

Quick Launch Buttons\QlbCtrl.exe /Start

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program

Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program

Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [HP Component Manager] "C:\Program

Files\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program

Files\COMODO\COMODO Internet Security\cfp.exe" -h

O4 - HKLM\..\Run: [eBook Library Launcher] C:\Program

Files\Sony\Reader\Data\bin\launcher\eBook Library Launcher.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software

Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital

Imaging\bin\hpqSRMon.exe

O4 - HKLM\..\Run: [RemoteControl] "C:\Program

Files\CyberLink\PowerDVD\PDVDServ.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE

O4 - HKCU\..\Run: [Workrave] C:\Program Files\Workrave\lib\workrave.exe

O4 - HKCU\..\Run: [sandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program

Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: HP Pavilion Webcam Tray Icon.lnk = C:\Program

Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe

O8 - Extra context menu item: Add to Google Photos Screensa&ver -

res://C:\WINDOWS\system32\GPhotos.scr/200

O9 - Extra button: IE Developer Toolbar -

{48FFE35F-36D9-44bd-A6CC-1D34414EAC0D} - C:\Program

Files\Microsoft\Internet Explorer Developer Toolbar\IEDevToolbar.dll

O9 - Extra button: HP Smart Select -

{DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital

Imaging\Smart Web Printing\hpswp_BHO.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583}

- C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 -

{e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network

Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683}

- C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe

O9 - Extra button: PDFill PDF Editor -

{FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program

Files\PlotSoft\PDFill\DownloadPDF.exe

O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll

O16 - DPF: vzTCPConfig -

http://www2.verizon.net/help/dsl_settings/...vzTCPConfig.CAB

O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com

Configuration Class) -

https://activatemydsl.verizon.net/sdcCommon...20Installer.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -

http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} -

C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll

O22 - SharedTaskScheduler: Browseui preloader -

{438755C2-A8BA-11D1-B96B-00A0C90312E1} -

C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon -

{8C7461EF-2B13-11d2-BE35-3078302C2030} -

C:\WINDOWS\system32\browseui.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program

Files\Common Files\Apple\Mobile Device

Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program

Files\Bonjour\mDNSResponder.exe

O23 - Service: COMODO Internet Security Helper Service (cmdAgent) -

COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. -

C:\Program Files\Common Files\Macrovision Shared\FLEXnet

Publisher\FNPLicensingService.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc.

- C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program

Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. -

C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program

Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun

Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: Sandboxie Service (SbieSvc) - tzuk - C:\Program

Files\Sandboxie\SbieSvc.exe

O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program

Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe

O23 - Service: Sony SCSI Helper Service - Sony Corporation -

C:\Program Files\Common Files\Sony

Shared\Fsk\SonySCSIHelperService.exe

O23 - Service: TabletServicePen - Wacom Technology, Corp. -

C:\WINDOWS\system32\Pen_Tablet.exe

O23 - Service: wampapache - Apache Software Foundation -

c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe

O23 - Service: wampmysqld - Unknown owner -

c:\wamp\bin\mysql\mysql5.1.33\bin\mysqld.exe

--

End of file - 9493 bytes

OTL

OTL logfile created on: 11/14/2010 9:25:19 AM - Run 1

OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and

Settings\Eric\Desktop\CaptureBox

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) -

Type = NTWorkstation

Internet Explorer (Version = 7.0.5730.13)

Locale: 00000409 | Country: United States | Language: ENU | Date

Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory |

59.00% Memory free

4.00 Gb Paging File | 3.00 Gb Available in Paging File | 81.00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% =

C:\Program Files

Drive C: | 149.04 Gb Total Space | 24.05 Gb Free Space | 16.13% Space

Free | Partition Type: NTFS

Computer Name: LAPTOP | User Name: Eric | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company

Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/14 09:15:40 | 000,575,488 | ---- | M] (OldTimer Tools)

-- C:\Documents and Settings\Eric\Desktop\CaptureBox\OTL.exe

PRC - [2010/11/14 09:03:41 | 000,388,608 | ---- | M] (Trend Micro

Inc.) -- C:\Documents and

Settings\Eric\Desktop\CaptureBox\HijackThis.exe

PRC - [2010/10/26 22:10:10 | 000,016,856 | ---- | M] (Mozilla

Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe

PRC - [2010/10/26 22:10:00 | 000,912,344 | ---- | M] (Mozilla

Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2009/09/30 01:15:54 | 000,387,584 | ---- | M] (tzuk) --

C:\Program Files\Sandboxie\SbieCtrl.exe

PRC - [2009/09/30 01:15:52 | 000,065,024 | ---- | M] (tzuk) --

C:\Program Files\Sandboxie\SbieSvc.exe

PRC - [2009/07/20 12:50:54 | 001,793,808 | ---- | M] (COMODO) --

C:\Program Files\COMODO\COMODO Internet Security\cfp.exe

PRC - [2009/07/20 12:50:42 | 000,707,152 | ---- | M] (COMODO) --

C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe

PRC - [2009/07/03 14:01:50 | 000,902,440 | ---- | M] (Sony

Corporation) -- C:\Program Files\Sony\Reader\Data\bin\launcher\eBook

Library Launcher.exe

PRC - [2008/12/11 10:12:00 | 000,159,528 | ---- | M] (Wacom

Technology, Corp.) -- C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe

PRC - [2008/12/11 10:11:30 | 002,749,736 | ---- | M] (Wacom

Technology, Corp.) -- C:\WINDOWS\system32\Pen_Tablet.exe

PRC - [2008/04/14 04:00:00 | 001,033,728 | ---- | M] (Microsoft

Corporation) -- C:\WINDOWS\explorer.exe

PRC - [2007/08/06 16:05:46 | 000,200,704 | ---- | M] (PowerISO

Computing, Inc.) -- C:\Program Files\PowerISO\PWRISOVM.EXE

PRC - [2006/06/27 15:31:34 | 000,102,400 | ---- | M] () -- C:\Program

Files\Hewlett-Packard\HP Pavilion Webcam\HPWebcam.exe

========== Modules (SafeList) ==========

MOD - [2010/11/14 09:15:40 | 000,575,488 | ---- | M] (OldTimer Tools)

-- C:\Documents and Settings\Eric\Desktop\CaptureBox\OTL.exe

MOD - [2009/07/20 12:51:44 | 000,179,792 | ---- | M] (COMODO) --

C:\WINDOWS\system32\guard32.dll

========== Win32 Services (SafeList) ==========

SRV - [2009/09/30 01:15:52 | 000,065,024 | ---- | M] (tzuk) [Auto |

Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)

SRV - [2009/07/20 12:50:42 | 000,707,152 | ---- | M] (COMODO) [Auto |

Running] -- C:\Program Files\COMODO\COMODO Internet

Security\cmdagent.exe -- (cmdAgent)

SRV - [2009/07/01 10:35:53 | 000,079,360 | ---- | M] (SolidWorks)

[On_Demand | Stopped] -- C:\Program Files\Common Files\SolidWorks

Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing

Service)

SRV - [2009/06/22 15:33:52 | 000,073,728 | ---- | M] (Sony

Corporation) [On_Demand | Stopped] -- C:\Program Files\Common

Files\Sony Shared\Fsk\SonySCSIHelperService.exe -- (Sony SCSI Helper

Service)

SRV - [2009/03/16 09:29:28 | 006,562,432 | ---- | M] () [On_Demand |

Stopped] -- c:\wamp\bin\mysql\mysql5.1.33\bin\mysqld.exe --

(wampmysqld)

SRV - [2009/02/24 06:35:45 | 000,654,848 | ---- | M] (Macrovision

Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common

Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe --

(FLEXnet Licensing Service)

SRV - [2008/12/11 10:11:30 | 002,749,736 | ---- | M] (Wacom

Technology, Corp.) [Auto | Running] --

C:\WINDOWS\system32\Pen_Tablet.exe -- (TabletServicePen)

SRV - [2008/12/09 21:10:14 | 000,024,636 | ---- | M] (Apache Software

Foundation) [On_Demand | Stopped] --

c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe -- (wampapache)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] --

C:\WINDOWS\System32\DRIVERS\UIUSYS.SYS -- (UIUSys)

DRV - File not found [Kernel | Boot | Stopped] --

C:\WINDOWS\System32\drivers\lodhla.sys -- (bybbc)

DRV - [2009/09/30 01:15:52 | 000,116,736 | ---- | M] (tzuk) [Kernel |

On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys --

(SbieDrv)

DRV - [2009/07/20 12:51:41 | 000,086,976 | ---- | M] (COMODO) [Kernel

| Boot | Running] -- C:\WINDOWS\System32\DRIVERS\inspect.sys --

(Inspect)

DRV - [2009/07/20 12:51:40 | 000,025,160 | ---- | M] (COMODO) [Kernel

| System | Running] -- C:\WINDOWS\system32\drivers\cmdhlp.sys --

(cmdHlp)

DRV - [2009/07/20 12:51:39 | 000,132,040 | ---- | M] (COMODO)

[File_System | System | Running] --

C:\WINDOWS\system32\drivers\cmdguard.sys -- (cmdGuard)

DRV - [2008/10/06 09:53:24 | 000,015,656 | ---- | M] (Wacom

Technology) [Kernel | On_Demand | Stopped] --

C:\WINDOWS\system32\drivers\wacmoumonitor.sys -- (wacmoumonitor)

DRV - [2008/08/18 13:45:00 | 000,013,352 | ---- | M] (Wacom

Technology) [Kernel | On_Demand | Running] --

C:\WINDOWS\system32\drivers\wacomvhid.sys -- (wacomvhid)

DRV - [2008/04/14 04:00:00 | 000,144,384 | ---- | M] (Windows ®

Server 2003 DDK provider) [Kernel | On_Demand | Running] --

C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)

DRV - [2008/04/14 04:00:00 | 000,088,320 | ---- | M] (Microsoft

Corporation) [Kernel | Auto | Running] --

C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)

DRV - [2008/04/14 04:00:00 | 000,063,232 | ---- | M] (Microsoft

Corporation) [Kernel | Auto | Running] --

C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)

DRV - [2008/04/14 04:00:00 | 000,055,936 | ---- | M] (Microsoft

Corporation) [Kernel | Auto | Running] --

C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)

DRV - [2008/04/13 20:15:14 | 000,060,032 | ---- | M] (Microsoft

Corporation) [Kernel | On_Demand | Stopped] --

C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio

Driver (WDM)

DRV - [2007/09/29 20:03:12 | 000,308,248 | ---- | M] (Intel

Corporation) [Kernel | Boot | Running] --

C:\WINDOWS\system32\DRIVERS\iaStor.sys -- (iaStor)

DRV - [2007/09/26 03:01:32 | 002,236,032 | ---- | M] (Intel

Corporation) [Kernel | On_Demand | Running] --

C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel®

DRV - [2007/08/06 16:15:07 | 000,033,052 | ---- | M] (PowerISO

Computing, Inc.) [Kernel | System | Running] --

C:\WINDOWS\System32\drivers\scdemu.sys -- (SCDEmu)

DRV - [2007/06/18 13:12:04 | 000,016,768 | ---- | M] (Hewlett-Packard

Development Company, L.P.) [Kernel | On_Demand | Running] --

C:\WINDOWS\system32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)

DRV - [2007/02/16 10:12:36 | 000,011,312 | ---- | M] (Wacom

Technology) [Kernel | On_Demand | Running] --

C:\WINDOWS\system32\drivers\wacommousefilter.sys -- (wacommousefilter)

DRV - [2007/02/15 15:11:28 | 000,011,440 | ---- | M] (Wacom

Technology) [Kernel | On_Demand | Running] --

C:\WINDOWS\system32\drivers\WacomVKHid.sys -- (WacomVKHid)

DRV - [2007/02/12 12:56:44 | 000,625,664 | ---- | M] (Conexant Systems

Inc.) [Kernel | On_Demand | Running] --

C:\WINDOWS\system32\drivers\CHDAud.sys -- (HdAudAddService)

DRV - [2006/09/05 20:34:34 | 001,109,568 | ---- | M] (Intel

Corporation) [Kernel | On_Demand | Running] --

C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)

DRV - [2006/08/29 11:12:28 | 000,990,592 | ---- | M] (Conexant

Systems, Inc.) [Kernel | On_Demand | Running] --

C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)

DRV - [2006/08/29 11:11:08 | 000,208,384 | ---- | M] (Conexant

Systems, Inc.) [Kernel | On_Demand | Running] --

C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)

DRV - [2006/08/29 11:10:56 | 000,728,576 | ---- | M] (Conexant

Systems, Inc.) [Kernel | On_Demand | Running] --

C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)

DRV - [2006/07/06 07:28:58 | 000,047,744 | ---- | M] () [Kernel |

On_Demand | Running] -- C:\WINDOWS\system32\drivers\snp2uvc.sys --

(SNP2UVC) USB2.0 PC Camera (SNP2UVC)

DRV - [2006/06/28 06:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard

Development Company, L.P.) [Kernel | On_Demand | Running] --

C:\WINDOWS\system32\drivers\CPQBttn.sys -- (HBtnKey)

DRV - [2005/12/22 14:02:22 | 000,051,840 | ---- | M] (REDC) [Kernel |

On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys --

(rimsptsk)

DRV - [2005/11/16 17:28:32 | 000,028,928 | ---- | M] (REDC) [Kernel |

On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys --

(rimmptsk)

DRV - [2005/11/01 15:08:00 | 000,308,992 | ---- | M] (REDC) [Kernel |

On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys --

(rismxdp)

DRV - [2002/07/17 04:53:02 | 000,016,877 | ---- | M] (Adaptec) [Kernel

| Auto | Running] -- C:\WINDOWS\System32\drivers\ASPI32.SYS --

(Aspi32)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page =

%SystemRoot%\system32\blank.htm

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings:

"ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings:

"ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"

FF - prefs.js..browser.search.selectedEngine: "Bye Bye Demand -

Google Custom Search"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "http://reader.google.com"

FF - HKLM\software\mozilla\Mozilla Firefox

3.6.12\extensions\\Components: C:\Program Files\Mozilla

Firefox\components [2010/11/13 18:57:17 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins:

C:\Program Files\Mozilla Firefox\plugins [2010/11/13 18:57:15 |

000,000,000 | ---D | M]

[2009/04/29 03:38:43 | 000,000,000 | ---D | M] -- C:\Documents and

Settings\Eric\Application Data\Mozilla\Extensions

[2009/04/29 03:38:43 | 000,000,000 | ---D | M] -- C:\Documents and

Settings\Eric\Application Data\Mozilla\Extensions\celtx@celtx.com

[2010/11/14 08:45:20 | 000,000,000 | ---D | M] -- C:\Documents and

Settings\Eric\Application

Data\Mozilla\Firefox\Profiles\jr15tdwb.default\extensions

[2010/06/08 17:49:25 | 000,000,000 | ---D | M] (Microsoft .NET

Framework Assistant) -- C:\Documents and Settings\Eric\Application

Data\Mozilla\Firefox\Profiles\jr15tdwb.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010/11/13 11:19:53 | 000,000,000 | ---D | M] (No name found) --

C:\Documents and Settings\Eric\Application

Data\Mozilla\Firefox\Profiles\jr15tdwb.default\extensions\{2fa4ed95-0317-4c6a-a74c-5f3e3912c1f9}(2)

[2010/11/13 11:18:21 | 000,000,000 | ---D | M] (No name found) --

C:\Documents and Settings\Eric\Application

Data\Mozilla\Firefox\Profiles\jr15tdwb.default\extensions\{5fb1186a-3398-4c47-b579-0f2eee222ad1}(2)

[2009/09/23 09:43:55 | 000,000,000 | ---D | M] (No name found) --

C:\Documents and Settings\Eric\Application

Data\Mozilla\Firefox\Profiles\jr15tdwb.default\extensions\{9D6218B8-03C7-4b91-AA43-680B305DD35C}

[2010/03/26 21:32:45 | 000,000,000 | ---D | M] (LeechBlock) --

C:\Documents and Settings\Eric\Application

Data\Mozilla\Firefox\Profiles\jr15tdwb.default\extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387}

[2010/11/13 11:19:52 | 000,000,000 | ---D | M] (RSFind! Mod) --

C:\Documents and Settings\Eric\Application

Data\Mozilla\Firefox\Profiles\jr15tdwb.default\extensions\{b8d51471-15f1-46cd-a600-448a6b103c2d}(2)

[2009/09/29 08:24:42 | 000,000,000 | ---D | M] (No name found) --

C:\Documents and Settings\Eric\Application

Data\Mozilla\Firefox\Profiles\jr15tdwb.default\extensions\{D9A7CBEC-DE1A-444f-A092-844461596C4D}

[2010/06/25 10:38:40 | 000,000,000 | ---D | M] (DownThemAll!) --

C:\Documents and Settings\Eric\Application

Data\Mozilla\Firefox\Profiles\jr15tdwb.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}

[2010/03/26 21:32:18 | 000,000,000 | ---D | M] -- C:\Documents and

Settings\Eric\Application

Data\Mozilla\Firefox\Profiles\jr15tdwb.default\extensions\anttoolbar@ant.com

[2010/11/13 11:18:15 | 000,000,000 | ---D | M] -- C:\Documents and

Settings\Eric\Application

Data\Mozilla\Firefox\Profiles\jr15tdwb.default\extensions\base-outfit@outwit(2).com

[2010/06/08 17:49:22 | 000,000,000 | ---D | M] -- C:\Documents and

Settings\Eric\Application

Data\Mozilla\Firefox\Profiles\jr15tdwb.default\extensions\firebug@software.joehewitt.com

[2010/11/13 11:19:50 | 000,000,000 | ---D | M] -- C:\Documents and

Settings\Eric\Application

Data\Mozilla\Firefox\Profiles\jr15tdwb.default\extensions\yslow@yahoo-inc(2).com

[2010/11/13 11:18:14 | 000,000,000 | ---D | M] -- C:\Documents and

Settings\Eric\Application

Data\Mozilla\Firefox\Profiles\jr15tdwb.default\extensions\zotero@chnm.gmu(2).edu

[2010/03/28 18:02:55 | 000,002,131 | ---- | M] () -- C:\Documents and

Settings\Eric\Application

Data\Mozilla\Firefox\Profiles\jr15tdwb.default\searchplugins\bmrk-file-host-search.xml

[2010/11/14 08:45:20 | 000,000,000 | ---D | M] -- C:\Program

Files\Mozilla Firefox\extensions

[2010/06/20 17:39:30 | 000,000,000 | ---D | M] (Skype extension for

Firefox) -- C:\Program Files\Mozilla

Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

[2009/05/26 20:04:02 | 000,155,648 | ---- | M] (Dassault Syst

Link to post
Share on other sites

Hi ero213 and Welcome to Malwarebytes Forum!

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper.

Please Download Rootkit Unhooker Save it to your desktop.

  • extract RKUnhooker to your desktop
    • Note** it is zipped up in a .rar file - If you do not have a program to unzip this type of file -
      you can get a free one from here -
    http://www.7-zip.org/

  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.

Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!

It is recommended to remove parasite, okay?"

"just click on Cancel, then Accept".

Link to post
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.