Jump to content

Google redirect


Recommended Posts

hi i have recently been infected and my avg cannot find what ever it is,

i have ran every thing in the im infected topic and a few things were found,

they were removed but my google still redirects me. here are the results:

-----------Anti-walware----------

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

Database version: 7377

Windows 6.1.7600

Internet Explorer 8.0.7600.16385

04/08/2011 17:35:42

mbam-log-2011-08-04 (17-35-42).txt

Scan type: Quick scan

Objects scanned: 183452

Time elapsed: 3 minute(s), 58 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 9

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\conhost (Trojan.Agent) -> Value: conhost -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\Windows\System32\config\systemprofile\AppData\Roaming\microsoft\conhost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

c:\Windows\System32\config\systemprofile\AppData\Roaming\dwm.exe (Backdoor.Cycbot) -> Quarantined and deleted successfully.

c:\Users\jacko\downloads\camtasia studio 7 keygen.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.

c:\Windows\bch.exe (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.

c:\Windows\cdi.exe (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.

c:\Windows\dss.exe (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.

c:\Windows\hti.exe (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.

c:\Windows\xtr.exe (Trojan.Downloader.Gen) -> Quarantined and deleted successfully.

c:\Windows\pdesrv2.exe (Trojan.FraudPack) -> Quarantined and deleted successfully.

----------------DDS results---------------

.

DDS (Ver_2011-06-23.01) - NTFSx86

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_26

Run by jacko at 18:01:00 on 2011-08-04

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.44.1033.18.3328.2010 [GMT 1:00]

.

AV: AVG Anti-Virus *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\AVG\AVG9\avgwdsvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\PnkBstrA.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\rundll32.exe

C:\Program Files\AVG\AVG9\avgemc.exe

C:\Program Files\AVG\AVG9\avgam.exe

C:\Program Files\AVG\AVG9\avgnsx.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\AVG\AVG9\avgtray.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Steam\Steam.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files\AVG\AVG9\avgchsvx.exe

C:\Program Files\AVG\AVG9\avgrsx.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\Program Files\AVG\AVG9\avgcsrvx.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Common Files\Steam\SteamService.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe

C:\Windows\system32\wuauclt.exe

C:\Users\jacko\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\jacko\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\jacko\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\jacko\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2304157

uInternet Settings,ProxyOverride = *.local

uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll

uURLSearchHooks: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - c:\program files\xfirexo\prxtbXfir.dll

mURLSearchHooks: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - c:\program files\xfirexo\prxtbXfir.dll

mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll

BHO: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - c:\program files\xfirexo\prxtbXfir.dll

BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll

BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll

TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll

TB: XfireXO Toolbar: {5e5ab302-7f65-44cd-8211-c1d4caaccea3} - c:\program files\xfirexo\prxtbXfir.dll

TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\prxConduitEngine.dll

uRun: [steam] "c:\program files\steam\steam.exe" -silent

uRun: [Google Update] "c:\users\jacko\appdata\local\google\update\GoogleUpdate.exe" /c

mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"

mRun: [switchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe

mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [uSB2Check] RUNDLL32.EXE "c:\windows\system32\PCLECoInst.dll",CheckUSBController

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray

mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

dRun: [8DDYX0ZBPZ] c:\windows\temp\Lr1.exe

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab

TCP: DhcpNameServer = 192.168.0.1

TCP: Interfaces\{69A16A63-629B-4842-B042-75E3DFA9FD6B} : DhcpNameServer = 192.168.0.1

Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg9\toolbar\IEToolbar.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Hosts: 204.9.178.11 typepad.com

Hosts: 74.113.152.32 istockphoto.com

Hosts: 208.94.0.38 yfrog.com

Hosts: 63.309.5.102 virustotal.com

Hosts: 123.125.50.22 126.com

.

Note: multiple HOSTS entries found. Please refer to Attach.txt

.

============= SERVICES / DRIVERS ===============

.

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2011-7-10 52872]

R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2011-7-10 216400]

R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2011-7-10 29584]

R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2011-7-10 243152]

R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2011-6-6 64952]

R2 avg9emc;AVG E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2011-7-10 921952]

R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2011-7-10 308136]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-8-4 366640]

R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-7-29 2214504]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2011-5-20 378472]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-8-4 22712]

R3 RTL8192su;%RTL8192su.DeviceDesc.DispName%;c:\windows\system32\drivers\RTL8192su.sys [2010-1-6 528896]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2011-7-10 1025352]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-7-11 1343400]

.

=============== Created Last 30 ================

.

2011-08-04 16:30:08 -------- d-----w- c:\users\jacko\appdata\roaming\Malwarebytes

2011-08-04 16:30:00 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-08-04 16:30:00 -------- d-----w- c:\programdata\Malwarebytes

2011-08-04 16:29:57 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-04 16:29:57 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-08-04 13:25:12 -------- d-----w- c:\users\jacko\appdata\local\Deployment

2011-08-04 13:25:12 -------- d-----w- c:\users\jacko\appdata\local\Apps

2011-08-03 21:20:01 48902 --sha-w- c:\windows\mtn3.exe

2011-08-03 21:10:35 0 --sha-w- c:\windows\svcsvh32.exe

2011-08-03 21:01:17 65536 --sha-r- c:\windows\system32\XAudio2_23.dll

2011-08-03 14:44:22 -------- d-----w- c:\users\jacko\appdata\roaming\fretsonfire

2011-08-03 14:44:14 -------- d-----w- c:\program files\Frets on Fire

2011-08-03 13:49:19 -------- d-----w- c:\users\jacko\appdata\local\Aspyr

2011-08-03 13:26:32 -------- d-----w- c:\program files\Aspyr

2011-08-03 13:07:03 -------- d-----w- c:\users\jacko\.worldpainter

2011-08-03 12:12:44 -------- d-----w- c:\users\jacko\backups

2011-08-02 11:09:39 -------- d-----w- c:\program files\Activision

2011-08-02 11:02:39 -------- d-sh--w- c:\windows\ftpcache

2011-08-02 10:32:04 -------- d-----w- c:\users\jacko\appdata\roaming\AVG

2011-08-01 10:12:19 -------- d-----w- c:\program files\iPod

2011-08-01 10:12:18 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

2011-08-01 10:12:18 -------- d-----w- c:\program files\iTunes

2011-08-01 10:11:05 -------- d-----w- c:\program files\Bonjour

2011-07-31 18:06:48 138160 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys

2011-07-31 18:06:44 271200 ----a-w- c:\windows\system32\PnkBstrB.exe

2011-07-31 18:06:44 271200 ----a-w- c:\windows\system32\PnkBstrB.ex0

2011-07-31 18:06:37 271200 ----a-w- c:\windows\system32\PnkBstrB.xtr

2011-07-31 18:06:30 75136 ----a-w- c:\windows\system32\PnkBstrA.exe

2011-07-31 17:56:16 -------- d-----w- c:\users\jacko\appdata\local\Google

2011-07-31 17:56:01 -------- d-----w- c:\program files\Conduit

2011-07-31 17:55:54 -------- d-----w- c:\program files\ConduitEngine

2011-07-31 17:55:49 -------- d-----w- c:\users\jacko\appdata\local\Conduit

2011-07-31 17:55:48 -------- d-----w- c:\program files\XfireXO

2011-07-31 17:55:26 -------- d-----w- c:\users\jacko\appdata\roaming\Xfire

2011-07-31 17:55:21 -------- d-----w- c:\programdata\Xfire

2011-07-31 17:55:20 -------- d-----w- c:\program files\Xfire

2011-07-31 16:57:33 -------- d-----w- c:\program files\Sytexis Software

2011-07-31 13:07:01 -------- d-----w- c:\program files\NuGardt Software

2011-07-31 10:00:09 -------- d-----w- c:\windows\system32\QuickTime

2011-07-31 09:59:40 -------- d-----w- c:\program files\common files\TechSmith Shared

2011-07-30 11:33:28 -------- d-----w- c:\program files\Phyxion.net

2011-07-29 23:05:33 -------- d-----w- c:\users\jacko\appdata\local\Nem's Tools

2011-07-29 20:42:29 -------- d-----w- c:\users\jacko\appdata\roaming\Minecrafter

2011-07-29 17:24:37 -------- d-----w- c:\program files\Amnesia

2011-07-29 16:47:45 -------- d-----w- C:\NVIDIA

2011-07-28 21:29:22 -------- d-----w- c:\program files\VTFEdit

2011-07-28 21:29:04 -------- d-----w- c:\program files\Nem's Tools

2011-07-28 12:07:13 -------- d-----w- c:\users\jacko\appdata\local\VeniceAlphaTrial

2011-07-28 12:07:13 -------- d-----w- c:\users\jacko\appdata\local\BF3

2011-07-28 12:06:57 -------- d-----w- c:\program files\BF3 Alpha Trial Web Plugins

2011-07-28 12:05:25 -------- d-----w- c:\programdata\EA Core

2011-07-28 12:05:13 -------- d--h--w- c:\program files\common files\EAInstaller

2011-07-28 12:03:29 443752 ----a-w- c:\windows\system32\d3dx10_33.dll

2011-07-27 19:19:25 -------- d-----w- c:\users\jacko\appdata\roaming\Origin

2011-07-27 19:19:23 -------- d-----w- c:\users\jacko\appdata\local\Origin

2011-07-27 19:19:13 -------- d-----w- c:\programdata\Origin

2011-07-27 19:19:13 -------- d-----w- c:\programdata\Electronic Arts

2011-07-27 19:19:13 -------- d-----w- c:\program files\Origin Games

2011-07-27 19:18:56 -------- d-----w- c:\program files\Origin

2011-07-27 17:58:12 -------- d-----w- c:\programdata\WeGame

2011-07-27 17:57:15 488800 ----a-w- c:\windows\system32\Ltkrn15u.dll

2011-07-27 17:57:15 390496 ----a-w- c:\windows\system32\Lfcmp15u.dll

2011-07-27 17:57:15 185688 ----a-w- c:\windows\system32\Ltfil15u.dll

2011-07-27 17:57:15 -------- d-----w- c:\users\jacko\appdata\local\WeGame

2011-07-27 17:57:15 -------- d-----w- c:\program files\WeGame

2011-07-27 09:57:29 737072 ----a-w- c:\programdata\microsoft\ehome\packages\sportsv2\sportstemplatecore-2\Microsoft.MediaCenter.Sports.UI.dll

2011-07-27 09:57:09 4283672 ----a-w- c:\programdata\microsoft\ehome\packages\mceclientux\updateablemarkup-2\markup.dll

2011-07-27 09:56:37 42776 ----a-w- c:\programdata\microsoft\ehome\packages\mceclientux\dsm-2\StartResources.dll

2011-07-27 09:56:33 539968 ----a-w- c:\programdata\microsoft\ehome\packages\mcespotlight\mcespotlight-2\SpotlightResources.dll

2011-07-23 21:36:20 -------- d-----w- c:\windows\XSxS

2011-07-23 21:36:20 -------- d-----w- c:\program files\Xenocode

2011-07-23 21:35:47 -------- d-----w- c:\users\jacko\appdata\local\XboxMB

2011-07-23 12:35:24 -------- d-----w- c:\windows\system32\appmgmt

2011-07-22 12:02:46 -------- d-----w- c:\users\jacko\appdata\local\Xenocode

2011-07-22 10:46:41 -------- d--h--w- C:\$AVG

2011-07-19 15:28:02 -------- d-----w- c:\program files\NCH Software

2011-07-19 15:28:00 -------- d-----w- c:\users\jacko\appdata\roaming\NCH Software

2011-07-19 13:17:39 -------- d-----w- C:\Fraps

2011-07-18 21:03:31 -------- d-----w- c:\users\jacko\appdata\roaming\Rovio

2011-07-17 02:24:15 737072 ----a-w- c:\programdata\microsoft\ehome\packages\sportsv2\sportstemplatecore\Microsoft.MediaCenter.Sports.UI.dll

2011-07-17 02:23:59 4283672 ----a-w- c:\programdata\microsoft\ehome\packages\mceclientux\updateablemarkup\markup.dll

2011-07-17 02:23:47 42776 ----a-w- c:\programdata\microsoft\ehome\packages\mceclientux\dsm\StartResources.dll

2011-07-17 02:23:43 539968 ----a-w- c:\programdata\microsoft\ehome\packages\mcespotlight\mcespotlight\SpotlightResources.dll

2011-07-17 00:26:45 -------- d-----w- c:\users\jacko\appdata\local\Apple Computer

2011-07-16 23:39:32 -------- d-----w- c:\users\jacko\Unigine Heaven

2011-07-16 23:38:53 -------- d-----w- c:\program files\Unigine

2011-07-16 22:23:34 -------- d-----w- c:\program files\Audacity 1.3 Beta (Unicode)

2011-07-15 01:43:30 -------- d-----w- c:\program files\MSXML 4.0

2011-07-15 00:48:54 -------- d-----w- c:\users\jacko\appdata\local\LooksBuilder

2011-07-15 00:48:25 -------- d-----w- c:\program files\LooksBuilder

2011-07-15 00:48:25 -------- d-----w- C:\My Product Name

2011-07-15 00:41:28 -------- d-----w- C:\Twixtor4

2011-07-14 21:24:46 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll

2011-07-14 21:24:46 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll

2011-07-14 21:24:46 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll

2011-07-14 21:24:46 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll

2011-07-14 21:24:46 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll

2011-07-14 21:24:46 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll

2011-07-14 21:24:46 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll

2011-07-14 21:23:27 -------- d-----w- c:\users\jacko\appdata\local\Apple

2011-07-14 17:56:37 22528 ----a-w- c:\windows\system32\drivers\emAudio.sys

2011-07-14 17:56:35 9739 ----a-w- c:\windows\system32\emUSD.dll

2011-07-14 17:56:35 81920 ----a-w- c:\windows\system32\PCLECoInst.dll

2011-07-14 17:56:35 45056 ----a-w- c:\windows\system32\emVFW.dll

2011-07-14 17:56:35 24269 ----a-w- c:\windows\system32\drivers\emStream.sys

2011-07-14 17:56:35 17808 ----a-w- c:\windows\system32\emYUV.dll

2011-07-14 17:56:34 5245 ----a-w- c:\windows\system32\drivers\emFilter.sys

2011-07-14 17:56:34 4493 ----a-w- c:\windows\system32\drivers\emScan.sys

2011-07-14 17:56:34 32768 ----a-w- c:\windows\system32\emProp.ax

2011-07-14 17:56:34 100957 ----a-w- c:\windows\system32\drivers\emDevice.sys

2011-07-14 17:56:22 -------- d-----w- c:\program files\common files\Pinnacle

2011-07-14 17:55:31 -------- d-----w- c:\users\jacko\appdata\local\Downloaded Installations

2011-07-14 17:55:20 -------- d-----w- c:\programdata\Pinnacle Studio Ultimate

2011-07-14 17:51:57 -------- d-----w- c:\programdata\Studio 12

2011-07-14 17:51:57 -------- d-----w- c:\programdata\Pinnacle Studio Plus

2011-07-14 17:51:57 -------- d-----w- c:\program files\Pinnacle

2011-07-14 17:51:57 -------- d-----w- c:\program files\common files\Yahoo!

2011-07-14 17:48:05 -------- d-----w- C:\temp

2011-07-14 12:33:04 -------- d-----w- c:\program files\common files\Macrovision Shared

2011-07-13 20:52:24 -------- d-----w- c:\program files\BitTorrent

2011-07-13 20:51:58 -------- d-----w- c:\users\jacko\appdata\roaming\BitTorrent

2011-07-13 10:31:55 271872 ----a-w- c:\windows\system32\conhost.exe

2011-07-13 10:31:55 169984 ----a-w- c:\windows\system32\winsrv.dll

2011-07-13 10:31:53 2332672 ----a-w- c:\windows\system32\win32k.sys

2011-07-12 15:17:33 -------- d-----w- c:\users\jacko\appdata\local\MCEdit

2011-07-12 10:20:54 83816 ----a-w- c:\windows\system32\dns-sd.exe

2011-07-12 10:20:54 73064 ----a-w- c:\windows\system32\dnssd.dll

2011-07-12 10:20:54 50536 ----a-w- c:\windows\system32\jdns_sd.dll

2011-07-12 10:20:54 178536 ----a-w- c:\windows\system32\dnssdX.dll

2011-07-11 21:28:43 -------- d-----w- c:\users\jacko\appdata\roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

2011-07-11 16:46:25 -------- d-----w- c:\programdata\Skype Extras

2011-07-11 15:30:48 -------- d-----w- c:\program files\MAXON

2011-07-11 15:27:11 -------- d-----w- c:\users\jacko\appdata\roaming\MAXON

2011-07-11 15:17:29 -------- d-----w- c:\users\jacko\appdata\roaming\DAEMON Tools Lite

2011-07-11 15:17:29 -------- d-----w- c:\programdata\DAEMON Tools Lite

2011-07-11 13:16:43 -------- d-----w- c:\windows\system32\Wat

2011-07-11 13:04:54 257024 ----a-w- c:\windows\system32\msv1_0.dll

2011-07-11 13:02:28 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll

2011-07-11 13:02:28 49472 ----a-w- c:\windows\system32\netfxperf.dll

2011-07-11 13:02:28 297808 ----a-w- c:\windows\system32\mscoree.dll

2011-07-11 13:02:28 295264 ----a-w- c:\windows\system32\PresentationHost.exe

2011-07-11 13:02:28 1130824 ----a-w- c:\windows\system32\dfshim.dll

2011-07-11 12:54:55 293376 ----a-w- c:\windows\system32\browserchoice.exe

2011-07-11 12:52:58 190976 ----a-w- c:\windows\system32\drivers\ks.sys

2011-07-11 12:52:25 276992 ----a-w- c:\windows\system32\wcncsvc.dll

2011-07-11 10:52:59 294912 ----a-w- c:\windows\system32\umpnpmgr.dll

2011-07-11 10:51:59 70656 ----a-w- c:\windows\system32\fontsub.dll

2011-07-11 10:50:59 85504 ----a-w- c:\windows\system32\secproc_ssp_isv.dll

2011-07-11 10:48:34 7680 ----a-w- c:\program files\internet explorer\iecompat.dll

2011-07-11 10:33:15 -------- d--h--w- c:\programdata\Common Files

2011-07-11 02:10:57 -------- d-----w- c:\windows\Panther

2011-07-11 02:03:34 -------- d--h--w- C:\$WINDOWS.~Q

2011-07-11 02:00:45 -------- d--h--w- C:\$INPLACE.~TR

2011-07-10 22:48:06 -------- d-----w- c:\programdata\regid.1986-12.com.adobe

2011-07-10 22:32:17 -------- d--h--w- c:\windows\PIF

2011-07-10 22:09:21 -------- d-----w- c:\users\jacko\appdata\local\Microsoft Games

2011-07-10 20:26:21 -------- d-----w- c:\users\jacko\appdata\local\CrashRpt

2011-07-10 20:14:14 -------- d-sh--w- C:\Boot

2011-07-10 20:07:40 -------- d-----w- c:\users\jacko\appdata\local\Adobe

2011-07-10 18:21:09 2613248 ----a-w- c:\windows\explorer_edit_w7sbc.exe

2011-07-10 18:21:09 2613248 ----a-w- c:\windows\explorer_backup_w7sbc.exe

2011-07-10 18:21:09 2130432 ----a-w- c:\windows\explorer.exe

2011-07-10 18:21:09 -------- d-----w- c:\windows\W7SBC

2011-07-10 18:02:37 249856 ----a-w- c:\windows\system32\uxtheme.dll.backup

2011-07-10 18:02:35 2755072 ----a-w- c:\windows\system32\themeui.dll.backup

2011-07-10 18:02:33 37376 ----a-w- c:\windows\system32\themeservice.dll.backup

2011-07-10 17:39:51 -------- d-----w- c:\windows\system32\wbem\Performance

2011-07-10 17:39:35 172032 ----a-w- c:\windows\system32\wintrust.dll

2011-07-10 17:39:34 132608 ----a-w- c:\windows\system32\cabview.dll

2011-07-10 17:33:15 -------- d-sh--w- C:\Recovery

2011-07-10 16:33:58 -------- d-----r- c:\program files\Skype

2011-07-10 16:11:51 12536 ----a-w- c:\windows\system32\avgrsstx.dll

2011-07-10 15:55:57 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys

2011-07-10 15:55:55 243152 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2011-07-10 15:55:50 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys

2011-07-10 15:55:49 -------- d-----w- c:\windows\system32\drivers\Avg

2011-07-10 15:55:46 -------- d-----w- c:\programdata\AVG Security Toolbar

2011-07-10 15:55:40 -------- d-----w- c:\programdata\avg9

2011-07-10 15:55:40 -------- d-----w- c:\program files\AVG

2011-07-10 15:35:17 -------- d-----w- c:\users\jacko\appdata\local\PunkBuster

2011-07-10 14:43:18 -------- d-----w- c:\program files\common files\Steam

2011-07-10 14:43:17 -------- d-----w- c:\program files\Steam

2011-07-10 13:34:26 -------- d-----w- c:\users\jacko\appdata\roaming\.minecraft

2011-07-10 13:28:05 -------- d-----w- c:\users\jacko\appdata\local\ATI

2011-07-10 13:20:46 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-07-10 13:20:29 472808 ----a-w- c:\windows\system32\deployJava1.dll

2011-07-10 12:21:45 -------- d-----w- c:\program files\Lavalys

2011-07-10 11:38:31 -------- d-----w- c:\users\jacko\appdata\local\Mozilla

2011-07-10 11:31:11 -------- d-----w- c:\program files\Belkin

2011-07-10 11:30:37 -------- d-----w- c:\windows\{58DD9328-F612-41B7-8353-D3B190E70C7C}

2011-07-10 11:26:57 -------- d-----w- c:\users\jacko\appdata\local\VirtualStore

.

==================== Find3M ====================

.

2011-07-10 18:02:37 249856 ----a-w- c:\windows\system32\uxtheme.dll

2011-07-10 18:02:35 2755072 ----a-w- c:\windows\system32\themeui.dll

2011-07-10 18:02:33 37376 ----a-w- c:\windows\system32\themeservice.dll

2011-06-24 18:51:18 36352 ----a-w- c:\windows\system32\xfcodec.dll

2011-06-02 05:58:05 290816 ----a-w- c:\windows\system32\KernelBase.dll

2011-06-02 03:45:49 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll

2011-06-02 03:45:49 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2011-06-02 03:45:49 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2011-06-02 03:45:49 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll

2011-05-28 03:00:02 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2011-05-20 21:35:28 304744 ----a-w- c:\windows\system32\nvStreaming.exe

2011-05-10 07:06:08 4517664 ----a-w- c:\windows\system32\usbaaplrc.dll

2011-05-10 07:06:08 42496 ----a-w- c:\windows\system32\drivers\usbaapl.sys

.

============= FINISH: 18:01:36.54 ===============

the rest of results are attached

please help thanks.

Attach.zip

Link to post
Share on other sites

Hello jacko121 and welcome to Malwarebytes! :welcome:

I am D-FRED-BROWN and I will be helping you. :)

Please print or save this topic: it will make it easier for you to follow the instructions and complete all of the necessary steps.

-------------

I see you have Daemon Tools installed. This program can and will interfere with some of the fixes I ask you to peform. DeFogger will temporarily disable these emulation drivers.

Please download DeFogger to your Desktop.

Double click DeFogger to run the tool.

  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger will now ask to reboot the machine - click OK

IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your Desktop.
Do not re-enable these drivers until otherwise instructed.
-------------
Please download to your Desktop:
  • TDSSKiller.zip from here and extract it (right click on it => "Extract here").

>>> TDSSKiller: Double-click on TDSSKiller.exe to run the application.

  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue tdsskiller2.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue tdsskiller3.png
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

In your next reply, please include the following (you may need to use two posts to get it all in):

  • TDSSKiller_log.txt
how the PC is running now?
-------------
Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
***IMPORTANT: save ComboFix to your Desktop***
* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Please go here to see a list of programs that should be disabled.
**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**
Please include the C:\ComboFix.txt in your next reply for further review.
Also, please let me know if any problems still remain.
-------------
Please download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-------------

In your next reply, please include:

  • C:\ComboFix.txt
  • TDSSKiller log
  • Security Check checkup.txt

How is your computer running now?

Link to post
Share on other sites

  • 2 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.