Results 1 to 10 of 24

Thread: Websites keep redirecting

Hybrid View

  1. 2012-08-02, 12:08 #1
    corrie1
    corrie1 is offline
    Member
    Join Date
    Jun 2008
    Posts
    31

    Default Websites keep redirecting

    Hi,
    My current problem is when I click on a link on a webpage it redirects to a unrelated page giving me the change to participate in a survey or win a iphone 4s.
    My DDS log is

    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 9.0.8112.16421
    Run by CORRINE at 19:41:20 on 2012-08-02
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.61.1033.18.3068.820 [GMT 10:00]
    .
    AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
    C:\Program Files\AVG\AVG2012\avgcsrvx.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\STacSV.exe
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\rundll32.exe
    C:\Windows\system32\Hpservice.exe
    C:\Windows\system32\vfsFPService.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\DigitalPersona\Bin\DpHostW.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\aestsrv.exe
    C:\Windows\system32\agrsmsvc.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\AVG\AVG2012\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Windows\system32\svchost.exe -k hpdevmgmt
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
    C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
    C:\Windows\SMINST\BLService.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\AVG\AVG2012\avgnsx.exe
    C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    C:\Program Files\AVG\AVG2012\avgemcx.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\HP\QuickPlay\QPService.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files\AVG\AVG2012\avgtray.exe
    C:\Program Files\DigitalPersona\Bin\DpAgent.exe
    C:\Program Files\IDT\WDM\sttray.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\Program Files\AVG Secure Search\vprot.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
    C:\Program Files\uTorrent\uTorrent.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Tiqbiz\Tiqbiz.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
    C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
    C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
    C:\Windows\ehome\ehsched.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
    C:\Program Files\AVG\AVG2012\avgcsrvx.exe
    C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Windows\ehome\ehRecvr.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
    c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Users\CORRINE\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\CORRINE\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\CORRINE\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\CORRINE\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\CORRINE\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\CORRINE\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\CORRINE\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\rundll32.exe
    C:\Users\CORRINE\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Program Files\AVG\AVG2012\avgcsrvx.exe
    C:\Users\CORRINE\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Users\CORRINE\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\CORRINE\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
    C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Users\CORRINE\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\CORRINE\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com.au/
    uSearch Bar = Preserve
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_au&c=83&bd=Pavilion&pf=cnnb
    mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_au&c=83&bd=Pavilion&pf=cnnb
    uInternet Settings,ProxyOverride = *.local
    mURLSearchHooks: H - No File
    TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
    TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.1.0.12\AVG Secure Search_toolbar.dll
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    {e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    uRun: [ISUSPM] "c:\programdata\macrovision\flexnet connect\6\ISUSPM.exe" -scheduler
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    uRun: [Google Update] "c:\users\corrine\appdata\local\google\update\GoogleUpdate.exe" /c
    uRun: [MobileDocuments] c:\program files\common files\apple\internet services\ubd.exe
    uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" /MINIMIZED
    uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" update "software\cyberlink\youcam\2.0"
    mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
    mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
    mRun: [OnScreenDisplay] c:\program files\hewlett-packard\hp quicktouch\HPKBDAPP.exe
    mRun: [hpqSRMon]
    mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
    mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
    mRun: [DpAgent] c:\program files\digitalpersona\bin\dpagent.exe
    mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
    mRun: [ROC_roc_dec12] "c:\program files\avg secure search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [HF_G_Jul] "c:\program files\avg secure search\HF_G_Jul.exe" /DoAction
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    StartupFolder: c:\users\corrine\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
    StartupFolder: c:\users\corrine\appdata\roaming\micros~1\windows\startm~1\programs\startup\tiqbiz.lnk - c:\program files\tiqbiz\Tiqbiz.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\ssv.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
    IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    TCP: DhcpNameServer = 10.0.0.138
    TCP: Interfaces\{12962477-CD03-4EB1-9918-BE933E93A01F} : DhcpNameServer = 10.0.0.138
    TCP: Interfaces\{62CB97A3-6F2A-4529-90CF-B3D5735EDB07} : DhcpNameServer = 10.0.0.138
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\11.2.0\ViProtocol.dll
    LSA: Notification Packages = scecli DPPWDFLT
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 31952]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-2-22 235216]
    R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 41040]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-3-19 301248]
    R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_a7e996cd\AEstSrv.exe [2010-11-27 77824]
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-4-30 5106744]
    R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]
    R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
    R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2008-3-19 19456]
    R3 AVerBDA6x;AVerBDA6x service;c:\windows\system32\drivers\AVerBDA716x.sys [2010-11-27 1020160]
    R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]
    R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
    R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
    R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-8-11 193840]
    R3 enecir;ENE CIR Receiver;c:\windows\system32\drivers\enecir.sys [2008-1-24 52736]
    R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2008-7-8 96856]
    R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-8-2 40776]
    R3 NETw5v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\drivers\NETw5v32.sys [2010-11-27 3658752]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-5-14 43552]
    R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
    R3 vfs101x;vfs101x;c:\windows\system32\drivers\vfs101x.sys [2008-4-28 40752]
    R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2008-1-21 16896]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-2 250056]
    S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-4-15 1025352]
    S3 GamesAppService;GamesAppService;c:\program files\wildtangent games\app\GamesAppService.exe [2010-10-13 206072]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-9-14 22344]
    S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2010-4-19 18432]
    S4 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-9-14 655944]
    .
    =============== Created Last 30 ================
    .
    2012-08-02 06:59:06 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2012-07-15 09:22:02 -------- d-----w- c:\program files\iPod
    2012-07-15 09:21:57 -------- d-----w- c:\program files\iTunes
    2012-07-13 00:30:49 2047488 ----a-w- c:\windows\system32\win32k.sys
    2012-07-11 08:40:36 708608 ----a-w- c:\program files\common files\system\ado\msado15.dll
    2012-07-11 08:40:19 1401856 ----a-w- c:\windows\system32\msxml6.dll
    2012-07-11 08:40:18 1248768 ----a-w- c:\windows\system32\msxml3.dll
    2012-07-11 08:40:17 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2012-07-11 08:40:17 278528 ----a-w- c:\windows\system32\schannel.dll
    2012-07-11 08:40:17 204288 ----a-w- c:\windows\system32\ncrypt.dll
    2012-07-09 09:41:32 -------- d-----w- c:\users\corrine\appdata\local\etax2012
    2012-07-09 09:39:59 -------- d-----w- c:\program files\etax2012
    .
    ==================== Find3M ====================
    .
    2012-07-27 13:14:18 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-07-27 13:14:18 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-07-03 03:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-06-02 22:12:32 2422272 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-02 22:12:13 88576 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-02 05:19:42 171904 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-02 05:12:20 33792 ----a-w- c:\windows\system32\wuapp.exe
    .
    ============= FINISH: 19:43:30.30 ===============

    To the wonderful helpers at Spybot forums. Thanks in advance for all your help.
    I appear to have some malware on my computer that Malwarebytes cannot find nor can AVG. You assistance is much appreciated. Due to your help in the past my computer has stayed clean from malware for almost 6 years!

    Here are the aswMBR log file and attach.zip files as requested in the instructions.
    My apolgies for the abrupt first post. I had assumed (wrongly) that I would be able to edit it to add niceties.

    Thanks again

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-08-02 19:52:03
    -----------------------------
    19:52:03.963 OS Version: Windows 6.0.6002 Service Pack 2
    19:52:03.964 Number of processors: 2 586 0x1706
    19:52:03.969 ComputerName: CORRINE-PC UserName: CORRINE
    19:52:10.177 Initialize success
    19:52:17.604 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
    19:52:17.611 Disk 0 Vendor: WDC_WD5000BEVT-00SCST0 01.01A01 Size: 476940MB BusType: 3
    19:52:17.617 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-1
    19:52:17.623 Disk 1 Vendor: TOSHIBA_MK4058GSX FF011C Size: 381554MB BusType: 3
    19:52:17.669 Disk 0 MBR read successfully
    19:52:17.676 Disk 0 MBR scan
    19:52:17.686 Disk 0 unknown MBR code
    19:52:17.694 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 467053 MB offset 63
    19:52:17.729 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 9883 MB offset 956526592
    19:52:17.739 Disk 0 scanning sectors +976766976
    19:52:17.799 Disk 0 scanning C:\Windows\system32\drivers
    19:52:37.436 Service scanning
    19:53:08.841 Modules scanning
    19:53:23.043 Disk 0 trace - called modules:
    19:54:55.865 ntkrnlpa.exe CLASSPNP.SYS disk.sys hpdskflt.sys hal.dll ataport.SYS PCIIDEX.SYS msahci.sys USBPORT.SYS usbuhci.sys ndis.sys NETw5v32.sys nwifi.sys tcpip.sys NETIO.SYS tdx.sys afd.sys dxgkrnl.sys nvlddmkm.sys partmgr.sys volmgr.sys ecache.
    19:54:55.997 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86d970a0]
    19:54:56.015 3 CLASSPNP.SYS[82e0f8b3] -> nt!IofCallDriver -> [0x86d97b98]
    19:54:56.031 5 hpdskflt.sys[8bbb4f05] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x863848a0]
    19:54:56.055 7 CLASSPNP.SYS[82e0e7ec] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0x86345030]
    19:54:56.076 9 vfs101x.sys[93104cf2] -> nt!IofCallDriver -> \Device\USBPDO-10[0x927f7030]
    19:54:56.092 11 usbhub.sys[90c03ce0] -> nt!IofCallDriver -> \Device\USBPDO-0[0x87dd2028]
    19:54:56.107 13 volsnap.sys[8bb386ff] -> nt!IofCallDriver -> [0x87315020]
    19:54:56.138 15 ecache.sys[8bb9585e] -> nt!IofCallDriver -> \Device\HarddiskVolume1[0x864a91b8]
    19:54:56.157 17 volmgr.sys[807546eb] -> nt!IofCallDriver -> [0x86e9ad18]
    19:54:56.184 19 partmgr.sys[80737110] -> nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86d970a0]
    19:54:56.202 21 CLASSPNP.SYS[82e0f8b3] -> nt!IofCallDriver -> [0x86d97b98]
    19:54:56.222 23 hpdskflt.sys[8bbb4f05] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x863848a0]
    19:54:56.243 25 CLASSPNP.SYS[82e0e7ec] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0x86345030]
    19:54:56.259 27 CLASSPNP.SYS[82e0e7ec] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0x86345030]
    19:54:56.274 29 CLASSPNP.SYS[82e0e7ec] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0x86345030]
    19:54:56.291 31 CLASSPNP.SYS[82e0e7ec] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0x86345030]
    19:54:56.308 33 CLASSPNP.SYS[82e0e7ec] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0x86345030]
    19:54:56.325 35 CLASSPNP.SYS[82e0e7ec] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0x86345030]
    19:54:56.343 37 CLASSPNP.SYS[82e0e7ec] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0x86345030]
    19:54:56.361 39 CLASSPNP.SYS[82e0e7ec] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0x86345030]
    19:54:56.382 41 CLASSPNP.SYS[82e0e7ec] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0x86345030]
    19:54:56.401 43 CLASSPNP.SYS[82e0e7ec] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0x86345030]
    19:54:56.419 45 CLASSPNP.SYS[82e0e7ec] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0x86345030]
    19:54:56.440 Scan finished successfully
    19:55:56.118 Disk 0 MBR has been saved successfully to "C:\Users\CORRINE\Documents\MBR.dat"
    19:55:56.135 The log file has been saved successfully to "C:\Users\CORRINE\Documents\aswMBR.txt"


    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-08-02 19:52:03
    -----------------------------
    19:52:03.963 OS Version: Windows 6.0.6002 Service Pack 2
    19:52:03.964 Number of processors: 2 586 0x1706
    19:52:03.969 ComputerName: CORRINE-PC UserName: CORRINE
    19:52:10.177 Initialize success
    19:52:17.604 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
    19:52:17.611 Disk 0 Vendor: WDC_WD5000BEVT-00SCST0 01.01A01 Size: 476940MB BusType: 3
    19:52:17.617 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-1
    19:52:17.623 Disk 1 Vendor: TOSHIBA_MK4058GSX FF011C Size: 381554MB BusType: 3
    19:52:17.669 Disk 0 MBR read successfully
    19:52:17.676 Disk 0 MBR scan
    19:52:17.686 Disk 0 unknown MBR code
    19:52:17.694 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 467053 MB offset 63
    19:52:17.729 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 9883 MB offset 956526592
    19:52:17.739 Disk 0 scanning sectors +976766976
    19:52:17.799 Disk 0 scanning C:\Windows\system32\drivers
    19:52:37.436 Service scanning
    19:53:08.841 Modules scanning
    19:53:23.043 Disk 0 trace - called modules:
    19:54:55.865 ntkrnlpa.exe CLASSPNP.SYS disk.sys hpdskflt.sys hal.dll ataport.SYS PCIIDEX.SYS msahci.sys USBPORT.SYS usbuhci.sys ndis.sys NETw5v32.sys nwifi.sys tcpip.sys NETIO.SYS tdx.sys afd.sys dxgkrnl.sys nvlddmkm.sys partmgr.sys volmgr.sys ecache.
    19:54:55.997 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86d970a0]
    19:54:56.015 3 CLASSPNP.SYS[82e0f8b3] -> nt!IofCallDriver -> [0x86d97b98]
    19:54:56.031 5 hpdskflt.sys[8bbb4f05] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x863848a0]
    19:54:56.055 7 CLASSPNP.SYS[82e0e7ec] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0x86345030]
    19:54:56.076 9 vfs101x.sys[93104cf2] -> nt!IofCallDriver -> \Device\USBPDO-10[0x927f7030]
    19:54:56.092 11 usbhub.sys[90c03ce0] -> nt!IofCallDriver -> \Device\USBPDO-0[0x87dd2028]
    19:54:56.107 13 volsnap.sys[8bb386ff] -> nt!IofCallDriver -> [0x87315020]
    19:54:56.138 15 ecache.sys[8bb9585e] -> nt!IofCallDriver -> \Device\HarddiskVolume1[0x864a91b8]
    19:54:56.157 17 volmgr.sys[807546eb] -> nt!IofCallDriver -> [0x86e9ad18]
    19:54:56.184 19 partmgr.sys[80737110] -> nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86d970a0]
    19:54:56.202 21 CLASSPNP.SYS[82e0f8b3] -> nt!IofCallDriver -> [0x86d97b98]
    19:54:56.222 23 hpdskflt.sys[8bbb4f05] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x863848a0]
    19:54:56.243 25 CLASSPNP.SYS[82e0e7ec] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0x86345030]
    19:54:56.259 27 CLASSPNP.SYS[82e0e7ec] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0x86345030]
    19:54:56.274 29 CLASSPNP.SYS[82e0e7ec] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0x86345030]
    19:54:56.291 31 CLASSPNP.SYS[82e0e7ec] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0x86345030]
    19:54:56.308 33 CLASSPNP.SYS[82e0e7ec] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0x86345030]
    19:54:56.325 35 CLASSPNP.SYS[82e0e7ec] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0x86345030]
    19:54:56.343 37 CLASSPNP.SYS[82e0e7ec] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0x86345030]
    19:54:56.361 39 CLASSPNP.SYS[82e0e7ec] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0x86345030]
    19:54:56.382 41 CLASSPNP.SYS[82e0e7ec] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0x86345030]
    19:54:56.401 43 CLASSPNP.SYS[82e0e7ec] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0x86345030]
    19:54:56.419 45 CLASSPNP.SYS[82e0e7ec] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0x86345030]
    19:54:56.440 Scan finished successfully
    19:55:56.118 Disk 0 MBR has been saved successfully to "C:\Users\CORRINE\Documents\MBR.dat"
    19:55:56.135 The log file has been saved successfully to "C:\Users\CORRINE\Documents\aswMBR.txt"
    20:16:26.003 Disk 0 MBR has been saved successfully to "C:\Users\CORRINE\Documents\MBR.dat"
    20:16:26.049 The log file has been saved successfully to "C:\Users\CORRINE\Documents\aswMBR.txt"
    Attached Files Attached Files
    Last edited by tashi; 2012-08-02 at 15:14. Reason: Merged two posts :-)
  2. 2012-08-05, 09:56 #2
    Blade81
    Blade81 is offline
    Security Expert Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,470

    Default

    Hi,

    IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

    µTorrent


    I'd like you to read this thread.

    Please uninstall the programs listed above (in red). Post fresh dds logs when done.
    Microsoft MVP Consumer Security 2008 2009 2010 2011 2012
    ASAP & UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.
  3. 2012-08-09, 05:51 #3
    corrie1
    corrie1 is offline
    Member
    Join Date
    Jun 2008
    Posts
    31

    Default

    Thanks for your reply. Utorrent has been uninstalled.
    Here is the new DDS log.
    Thanks again

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 9.0.8112.16421
    Run by CORRINE at 13:46:38 on 2012-08-09
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.61.1033.18.3068.851 [GMT 10:00]
    .
    AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\PROGRA~1\AVG\AVG2012\avgrsx.exe
    C:\Program Files\AVG\AVG2012\avgcsrvx.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\STacSV.exe
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\Hpservice.exe
    C:\Windows\system32\rundll32.exe
    C:\Windows\system32\vfsFPService.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\DigitalPersona\Bin\DpHostW.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_a7e996cd\aestsrv.exe
    C:\Windows\system32\agrsmsvc.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\AVG\AVG2012\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Windows\system32\svchost.exe -k hpdevmgmt
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
    C:\Program Files\HP\QuickPlay\Kernel\TV\QPSched.exe
    C:\Windows\SMINST\BLService.exe
    C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
    C:\Program Files\AVG\AVG2012\avgnsx.exe
    C:\Program Files\AVG\AVG2012\avgemcx.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    C:\Windows\ehome\ehsched.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\ehome\ehRecvr.exe
    c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\HP\QuickPlay\QPService.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files\AVG\AVG2012\avgtray.exe
    C:\Program Files\DigitalPersona\Bin\DpAgent.exe
    C:\Program Files\IDT\WDM\sttray.exe
    C:\WINDOWS\System32\rundll32.exe
    C:\Program Files\AVG Secure Search\vprot.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
    C:\WINDOWS\ehome\ehtray.exe
    C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
    C:\Users\CORRINE\AppData\Local\Google\Update\GoogleUpdate.exe
    C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\Tiqbiz\Tiqbiz.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
    C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
    C:\Users\CORRINE\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\CORRINE\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\CORRINE\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\CORRINE\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\CORRINE\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
    C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
    C:\Program Files\Common Files\Apple\Apple Application Support\distnoted.exe
    C:\Users\CORRINE\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files\AVG\AVG2012\avgcsrvx.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Users\CORRINE\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files\AVG\AVG2012\avgcsrvx.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com.au/
    uSearch Bar = Preserve
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_au&c=83&bd=Pavilion&pf=cnnb
    mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_au&c=83&bd=Pavilion&pf=cnnb
    uInternet Settings,ProxyOverride = *.local
    mURLSearchHooks: H - No File
    TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll
    TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
    TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.1.0.12\AVG Secure Search_toolbar.dll
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    {e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    uRun: [ISUSPM] "c:\programdata\macrovision\flexnet connect\6\ISUSPM.exe" -scheduler
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    uRun: [Google Update] "c:\users\corrine\appdata\local\google\update\GoogleUpdate.exe" /c
    uRun: [MobileDocuments] c:\program files\common files\apple\internet services\ubd.exe
    uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" /MINIMIZED
    uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" update "software\cyberlink\youcam\2.0"
    mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
    mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
    mRun: [OnScreenDisplay] c:\program files\hewlett-packard\hp quicktouch\HPKBDAPP.exe
    mRun: [hpqSRMon]
    mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
    mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
    mRun: [DpAgent] c:\program files\digitalpersona\bin\dpagent.exe
    mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
    mRun: [ROC_roc_dec12] "c:\program files\avg secure search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [HF_G_Jul] "c:\program files\avg secure search\HF_G_Jul.exe" /DoAction
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    StartupFolder: c:\users\corrine\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
    StartupFolder: c:\users\corrine\appdata\roaming\micros~1\windows\startm~1\programs\startup\tiqbiz.lnk - c:\program files\tiqbiz\Tiqbiz.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\ssv.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
    IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
    IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    TCP: DhcpNameServer = 10.0.0.138
    TCP: Interfaces\{12962477-CD03-4EB1-9918-BE933E93A01F} : DhcpNameServer = 10.0.0.138
    TCP: Interfaces\{62CB97A3-6F2A-4529-90CF-B3D5735EDB07} : DhcpNameServer = 10.0.0.138
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\11.2.0\ViProtocol.dll
    LSA: Notification Packages = scecli DPPWDFLT
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]
    R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2012-1-31 31952]
    R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2012-2-22 235216]
    R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-12-23 41040]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-3-19 301248]
    R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_a7e996cd\AEstSrv.exe [2010-11-27 77824]
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-4-30 5106744]
    R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]
    R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
    R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2008-3-19 19456]
    R2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\sminst\BLService.exe [2008-8-11 361808]
    R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2012-5-23 1153368]
    R2 vfsFPService;Validity Fingerprint Service;c:\windows\system32\vfsFPService.exe [2008-4-28 599344]
    R2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\11.2.0\ToolbarUpdater.exe [2012-7-13 935008]
    R3 AVerBDA6x;AVerBDA6x service;c:\windows\system32\drivers\AVerBDA716x.sys [2010-11-27 1020160]
    R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]
    R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
    R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
    R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-8-11 193840]
    R3 enecir;ENE CIR Receiver;c:\windows\system32\drivers\enecir.sys [2008-1-24 52736]
    R3 JMCR;JMCR;c:\windows\system32\drivers\jmcr.sys [2008-7-8 96856]
    R3 NETw5v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\drivers\NETw5v32.sys [2010-11-27 3658752]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-5-14 43552]
    R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
    R3 vfs101x;vfs101x;c:\windows\system32\drivers\vfs101x.sys [2008-4-28 40752]
    R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2008-1-21 16896]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-2 250056]
    S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-4-15 1025352]
    S3 GamesAppService;GamesAppService;c:\program files\wildtangent games\app\GamesAppService.exe [2010-10-13 206072]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-9-14 22344]
    S3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\drivers\netaapl.sys [2010-4-19 18432]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    S4 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-9-14 655944]
    .
    =============== Created Last 30 ================
    .
    2012-07-15 09:22:02 -------- d-----w- c:\program files\iPod
    2012-07-15 09:21:57 -------- d-----w- c:\program files\iTunes
    2012-07-13 00:30:49 2047488 ----a-w- c:\windows\system32\win32k.sys
    2012-07-11 08:40:36 708608 ----a-w- c:\program files\common files\system\ado\msado15.dll
    2012-07-11 08:40:19 1401856 ----a-w- c:\windows\system32\msxml6.dll
    2012-07-11 08:40:18 1248768 ----a-w- c:\windows\system32\msxml3.dll
    2012-07-11 08:40:17 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2012-07-11 08:40:17 278528 ----a-w- c:\windows\system32\schannel.dll
    2012-07-11 08:40:17 204288 ----a-w- c:\windows\system32\ncrypt.dll
    .
    ==================== Find3M ====================
    .
    2012-08-03 09:13:42 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-08-03 09:13:42 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-07-03 03:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-06-02 22:12:32 2422272 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-02 22:12:13 88576 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-02 05:19:42 171904 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-02 05:12:20 33792 ----a-w- c:\windows\system32\wuapp.exe
    .
    ============= FINISH: 13:49:34.02 ===============
  4. 2012-08-09, 06:20 #4
    Blade81
    Blade81 is offline
    Security Expert Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,470

    Default

    Please post fresh attach.txt file too.
    Microsoft MVP Consumer Security 2008 2009 2010 2011 2012
    ASAP & UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.
  5. 2012-08-09, 07:15 #5
    corrie1
    corrie1 is offline
    Member
    Join Date
    Jun 2008
    Posts
    31

    Default

    Done - thankyou!
    Attached Files Attached Files
  6. 2012-08-09, 08:49 #6
    Blade81
    Blade81 is offline
    Security Expert Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,470

    Default

    Hi


    Please visit this webpage for download links, and instructions for running ComboFix tool:

    http://www.bleepingcomputer.com/comb...o-use-combofix

    Please ensure you read this guide carefully first.

    Please continue as follows:

    1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
      Remember to re-enable them afterwards.

    2. Click Yes to allow ComboFix to continue scanning for malware.


    When the tool is finished, it will produce a report for you.

    Please include the following reports for further review, and so we may continue cleansing the system:

    C:\ComboFix.txt
    New dds log.

    A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
    Microsoft MVP Consumer Security 2008 2009 2010 2011 2012
    ASAP & UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules