Jump to content

Google redirects


Recommended Posts

Noticed Google redirects happening starting yesterday after visiting a link off of a Google Image search (don't remember what it was exactly, it also crashed Firefox when I did so). Malwarebytes says I'm clean. tdsskiller says I'm clean. ESET says I'm clean. Logs attached. Either this bad boy is so new it's not in the Malwarebytes definitions (which I updated as of this morning), or it's something else all together? Help much appreciated.

Attach.zip

Link to post
Share on other sites

  • Staff

Hi and welcome to Malwarebytes.

Please update MBAM, run a Quick Scan, and post its log.

Next, download DDS by sUBs and save it to your Desktop.

Double-click on the DDS icon and let the scan run. When it has run two logs will be produced, please post only DDS.txt directly into your reply.

Link to post
Share on other sites

Looks like something in my prior efforts might have been successful. The redirects have ceased, and I'm reporting clean. Here are the logs.

Malwarebytes' Anti-Malware 1.51.0.1200

www.malwarebytes.org

Database version: 6763

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

6/7/2011 11:17:26 AM

mbam-log-2011-06-07 (11-17-26).txt

Scan type: Quick scan

Objects scanned: 158582

Time elapsed: 1 minute(s), 15 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

.

DDS (Ver_2011-06-03.01) - NTFSAMD64

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_22

Run by Nick at 11:18:25 on 2011-06-07

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.8126.6490 [GMT -6:00]

.

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\atieclxx.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\taskhost.exe

C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\SysWOW64\RunDll32.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe

C:\Windows\system32\svchost.exe -k SDRSVC

C:\Windows\splwow64.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\conhost.exe

C:\Windows\SysWOW64\cscript.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

uRun: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"

uRun: [AlcoholAutomount] "C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount

uRun: [Google Update] "C:\Users\Nick\AppData\Local\Google\Update\GoogleUpdate.exe" /c

mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin

mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

StartupFolder: C:\Users\Nick\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: Customize Menu - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html

IE: Fill Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html

IE: RoboForm Toolbar - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

IE: Save Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html

IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html

IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html

IE: {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

TCP: Interfaces\{F0AD8771-7BCC-4921-B329-0712D2033CB8} : DhcpNameServer = 68.87.85.102 68.87.69.150

TCP: Interfaces\{F0AD8771-7BCC-4921-B329-0712D2033CB8}\74C6F62616C6355796475675962756C6563737 : DhcpNameServer = 4.2.2.1

C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

BHO-X64: RoboForm - No File

BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB-X64: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll

mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin

mRun-x64: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

IE-X64: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html

IE-X64: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html

IE-X64: {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\9f1teq2d.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - plugin: C:\Program Files (x86)\Foxit Reader\plugins\npFoxitReaderPlugin.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Protomold\ProtoView\npProtoView.dll

FF - plugin: C:\Program Files (x86)\QuickCutCNC\QuickCutCNC Viewer\npQCNCVwr.dll

FF - plugin: C:\Users\Nick\AppData\Local\Google\Update\1.3.21.57\npGoogleUpdate3.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: Classic Compact: {D46E8522-6E86-44b1-A622-58C0668AD78E} - %profile%\extensions\{D46E8522-6E86-44b1-A622-58C0668AD78E}

FF - Ext: Classic Compact Options: notreal.ccoptions@environmentalchemistry.com - %profile%\extensions\notreal.ccoptions@environmentalchemistry.com

FF - Ext: Smart Bookmarks Bar: smartbookmarksbar@remy.juteau - %profile%\extensions\smartbookmarksbar@remy.juteau

FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

FF - Ext: RankChecker: rankchecker@seobook.com - %profile%\extensions\rankchecker@seobook.com

FF - Ext: Seo Toolbar: seotoolbar@seobook.com - %profile%\extensions\seotoolbar@seobook.com

FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}

FF - Ext: Exif Viewer: exif_viewer@mozilla.doslash.org - %profile%\extensions\exif_viewer@mozilla.doslash.org

FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}

.

============= SERVICES / DRIVERS ===============

.

R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-6-2 366640]

R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-11-15 2533400]

R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]

R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]

R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]

R3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\system32\drivers\btwampfl.sys --> C:\Windows\system32\drivers\btwampfl.sys [?]

R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]

R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]

R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]

R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]

S3 pwdrvio;pwdrvio;\??\C:\Windows\system32\pwdrvio.sys --> C:\Windows\system32\pwdrvio.sys [?]

S3 pwdspio;pwdspio;\??\C:\Windows\system32\pwdspio.sys --> C:\Windows\system32\pwdspio.sys [?]

S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]

S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]

.

=============== File Associations ===============

.

.txt=Notepad++_file

.

=============== Created Last 30 ================

.

2011-06-06 12:21:17 -------- d-sh--w- C:\$RECYCLE.BIN

2011-06-03 23:10:23 98816 ----a-w- C:\Windows\sed.exe

2011-06-03 23:10:23 518144 ----a-w- C:\Windows\SWREG.exe

2011-06-03 23:10:23 256512 ----a-w- C:\Windows\PEV.exe

2011-06-03 23:10:23 208896 ----a-w- C:\Windows\MBR.exe

2011-06-03 20:24:58 -------- d-----w- C:\Program Files (x86)\ESET

2011-06-03 05:54:03 -------- d-----w- C:\Users\Nick\AppData\Roaming\Malwarebytes

2011-06-03 05:54:00 39984 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

2011-06-03 05:53:59 -------- d-----w- C:\ProgramData\Malwarebytes

2011-06-03 05:53:57 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys

2011-06-03 05:53:57 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2011-05-25 02:51:47 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-05-19 23:06:00 -------- d-----w- C:\Users\Nick\.lDdi

2011-05-19 23:02:37 -------- d-----w- C:\Program Files\LetDaveDoIt

2011-05-19 23:02:02 521448 ----a-w- C:\Windows\System32\deployJava1.dll

.

==================== Find3M ====================

.

2011-03-17 12:36:06 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll

.

============= FINISH: 11:18:47.69 ===============

Link to post
Share on other sites

  • Staff

Hi,

Let's be sure everything's gone.

Please visit this webpage for instructions for running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  • When the tool is finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.

-screen317

Link to post
Share on other sites

Thanks for all your help. Weirdly enough, ComboFix didn't put its log where it said it would (C:\ComboFix.txt), but rather in C:\ComboFix\ComboFix.txt

Anyway:

ComboFix 11-06-10.0A - Nick 06/11/2011 8:09:40.2.8 - x64

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.8126.6378 [GMT -6:00]

Running from: C:\Users\Nick\Desktop\ComboFix.exe

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

((((((((((((((((((((((((( Files Created from 2011-05-11 to 2011-06-11 )))))))))))))))))))))))))))))))

2011-06-11 14:12:25 . 2011-06-11 14:12:25 -------- d-----w- C:\Users\Default\AppData\Local\temp

2011-06-03 20:24:58 . 2011-06-03 20:24:58 -------- d-----w- C:\Program Files (x86)\ESET

2011-06-03 05:54:03 . 2011-06-03 05:54:03 -------- d-----w- C:\Users\Nick\AppData\Roaming\Malwarebytes

2011-06-03 05:54:00 . 2011-05-29 15:11:30 39984 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys

2011-06-03 05:53:59 . 2011-06-03 05:53:59 -------- d-----w- C:\ProgramData\Malwarebytes

2011-06-03 05:53:57 . 2011-06-03 05:54:00 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2011-06-03 05:53:57 . 2011-05-29 15:11:20 25912 ----a-w- C:\Windows\system32\drivers\mbam.sys

2011-05-25 02:51:47 . 2011-05-25 02:51:47 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2011-05-19 23:06:00 . 2011-06-03 20:42:45 -------- d-----w- C:\Users\Nick\.lDdi

2011-05-19 23:02:37 . 2011-05-19 23:02:37 -------- d-----w- C:\Program Files\LetDaveDoIt

2011-05-19 23:02:02 . 2011-05-19 23:01:55 521448 ----a-w- C:\Windows\system32\deployJava1.dll

2011-05-19 23:01:54 . 2011-05-19 23:01:54 -------- d-----w- C:\Program Files\Java

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2011-03-17 12:36:06 . 2011-03-17 12:36:11 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll

((((((((((((((((((((((((((((( SnapShot@2011-06-03_23.14.17 )))))))))))))))))))))))))))))))))))))))))

+ 2010-11-15 21:17:08 . 2011-06-06 12:54:28 22460 C:\Windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

- 2009-07-14 05:10:35 . 2011-06-03 15:49:13 30330 C:\Windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10:35 . 2011-06-06 12:54:28 30330 C:\Windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

- 2010-11-15 21:30:17 . 2011-06-03 20:42:35 16384 C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2010-11-15 21:30:17 . 2011-06-06 13:25:23 16384 C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2010-11-15 21:30:17 . 2011-06-03 20:42:35 32768 C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2010-11-15 21:30:17 . 2011-06-06 13:25:23 32768 C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54:19 . 2011-06-06 13:25:23 16384 C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-07-14 04:54:19 . 2011-06-03 20:42:35 16384 C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2010-11-15 21:44:32 . 2011-06-03 23:11:08 16384 C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2010-11-15 21:44:32 . 2011-06-11 14:10:36 16384 C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2010-11-15 21:44:32 . 2011-06-03 23:11:08 16384 C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2010-11-15 21:44:32 . 2011-06-11 14:10:36 16384 C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2010-11-15 20:44:10 . 2011-06-06 12:54:28 4656 C:\Windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1782595664-513828507-1629503161-1000_UserData.bin

+ 2011-06-06 12:52:43 . 2011-06-06 12:52:43 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2011-06-03 15:47:31 . 2011-06-03 15:47:31 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2011-06-06 12:52:43 . 2011-06-06 12:52:43 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2011-06-03 15:47:31 . 2011-06-03 15:47:31 2048 C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2010-11-16 16:18:58 . 2011-06-07 16:23:33 257418 C:\Windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin

+ 2010-11-15 23:12:58 . 2011-06-11 14:07:42 294434 C:\Windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin

- 2009-07-14 02:36:59 . 2011-06-03 20:26:39 615360 C:\Windows\system32\perfh009.dat

+ 2009-07-14 02:36:59 . 2011-06-06 12:56:58 615360 C:\Windows\system32\perfh009.dat

- 2009-07-14 02:36:59 . 2011-06-03 20:26:39 103702 C:\Windows\system32\perfc009.dat

+ 2009-07-14 02:36:59 . 2011-06-06 12:56:58 103702 C:\Windows\system32\perfc009.dat

- 2009-07-14 02:34:08 . 2011-05-31 18:53:51 10223616 C:\Windows\system32\SMI\Store\Machine\SCHEMA.DAT

+ 2009-07-14 02:34:08 . 2011-06-06 13:40:09 10223616 C:\Windows\system32\SMI\Store\Machine\SCHEMA.DAT

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RoboForm"="C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2010-11-15 22:16:33 160328]

"AlcoholAutomount"="C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2009-11-15 09:42:00 33120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"AdobeCS5ServiceManager"="C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 11:57:06 406992]

"SwitchBoard"="C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 20:37:14 517096]

"StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-10-27 05:37:46 98304]

"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-05-14 17:44:46 248552]

"Malwarebytes' Anti-Malware"="C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 15:11:28 449584]

C:\Users\Nick\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

OpenOffice.org 3.3.lnk - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-7-29 1132320]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

R3 pwdrvio;pwdrvio;C:\Windows\system32\pwdrvio.sys [x]

R3 pwdspio;pwdspio;C:\Windows\system32\pwdspio.sys [x]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys [x]

R3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 20:37:14 517096]

S0 sptd;sptd;C:\Windows\System32\Drivers\sptd.sys [x]

S1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys [x]

S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe [x]

S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-05-29 15:11:28 366640]

S2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-06-08 18:51:16 2533400]

S3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys [x]

S3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys [x]

S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys [x]

S3 btwampfl;Bluetooth AMP USB Filter;C:\Windows\system32\drivers\btwampfl.sys [x]

S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys [x]

S3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys [x]

S3 MBAMProtector;MBAMProtector;C:\Windows\system32\drivers\mbam.sys [x]

S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys [x]

Contents of the 'Scheduled Tasks' folder

2011-06-10 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1782595664-513828507-1629503161-1000Core.job

- C:\Users\Nick\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-15 22:06:44 . 2010-11-15 22:06:43]

2011-06-11 C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1782595664-513828507-1629503161-1000UA.job

- C:\Users\Nick\AppData\Local\Google\Update\GoogleUpdate.exe [2010-11-15 22:06:44 . 2010-11-15 22:06:43]

--------- x86-64 -----------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]

"AdobeAAMUpdater-1.0"="C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 10:44:40 500208]

------- Supplementary Scan -------

uLocal Page = C:\Windows\system32\blank.htm

mLocal Page = C:\Windows\SysWOW64\blank.htm

IE: Customize Menu - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html

IE: Fill Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html

IE: RoboForm Toolbar - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html

IE: Save Forms - file://C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html

IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

TCP: DhcpNameServer = 68.87.85.102 68.87.69.150

TCP: Interfaces\{F0AD8771-7BCC-4921-B329-0712D2033CB8}: NameServer = 8.8.8.8,8.8.4.4

FF - ProfilePath - C:\Users\Nick\AppData\Roaming\Mozilla\Firefox\Profiles\9f1teq2d.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: Classic Compact: {D46E8522-6E86-44b1-A622-58C0668AD78E} - %profile%\extensions\{D46E8522-6E86-44b1-A622-58C0668AD78E}

FF - Ext: Classic Compact Options: notreal.ccoptions@environmentalchemistry.com - %profile%\extensions\notreal.ccoptions@environmentalchemistry.com

FF - Ext: Smart Bookmarks Bar: smartbookmarksbar@remy.juteau - %profile%\extensions\smartbookmarksbar@remy.juteau

FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

FF - Ext: RankChecker: rankchecker@seobook.com - %profile%\extensions\rankchecker@seobook.com

FF - Ext: Seo Toolbar: seotoolbar@seobook.com - %profile%\extensions\seotoolbar@seobook.com

FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}

FF - Ext: Exif Viewer: exif_viewer@mozilla.doslash.org - %profile%\extensions\exif_viewer@mozilla.doslash.org

------- File Associations -------

.txt=Notepad++_file

Link to post
Share on other sites

  • Staff

Hi,

Next, please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Next, download my Security Check from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Let me know how things are running now and what issues remain.

-screen317

Link to post
Share on other sites

  • 2 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.