Page 1 of 3 123 LastLast
Results 1 to 10 of 30

Thread: Web Pages Redirect

  1. #1
    Member
    Join Date
    May 2008
    Posts
    60

    Exclamation Web Pages Redirect

    Hi,

    I'm reading the instructions laid out in the sticky, thus far I've got a DDS report which I'm posting below. First I'm giving a link to my initial thread which is here:

    http://forums.spybot.info/showthread.php?t=66481

    Now the DDS report (note that it days DDS not .txt):

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31
    Run by Martin Family at 6:57:09 on 2012-08-08
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2942.1540 [GMT -5:00]
    .
    AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
    AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: AVG Internet Security 2012 *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\rundll32.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\hp\support\hpsysdrv.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files\AVG\AVG2012\avgtray.exe
    C:\Program Files\AVG Secure Search\vprot.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\PictureMover\Bin\PictureMover.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.exe
    C:\Program Files\OpenOffice.org 3\program\soffice.bin
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\AVG\AVG2012\avgwdsvc.exe
    C:\Program Files\Common Files\Iconix\IconixService.exe
    c:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\AVG\AVG2012\avgnsx.exe
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
    C:\Program Files\Windows Live\Contacts\wlcomm.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Windows\system32\NOTEPAD.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe
    C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe
    C:\Windows\system32\NOTEPAD.EXE
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.aol.com/
    uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cndt
    uSearch Page = hxxp://www.google.com
    uSearch Bar = hxxp://www.google.com/ie
    uDefault_Search_URL = hxxp://www.google.com/ie
    mStart Page = hxxp://www.yahoo.com
    mDefault_Page_URL = hxxp://www.yahoo.com
    mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
    mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
    mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - c:\program files\avg\avg2012\avgdtiex.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll
    BHO: IconixBHOClass Class: {761233b6-f228-49e4-8f6b-668499d4e55a} - c:\program files\iconix\ieaddon\IconixBHO_46.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.1.0.12\AVG Secure Search_toolbar.dll
    BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn2\YTSingleInstance.dll
    TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn2\yt.dll
    TB: Ad-Aware Security Toolbar: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - c:\program files\adawaretb\adawareDx.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - c:\program files\avg secure search\11.1.0.12\AVG Secure Search_toolbar.dll
    TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
    uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    uRun: [HPAdvisor] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe autorun=AUTORUN
    uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
    uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quiet
    uRun: [Search Protection] c:\program files\yahoo!\search protection\SearchProtection.exe
    uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
    uRun: [AROReminder] c:\program files\aro 2011\ARO.exe -rem
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
    mRun: [UpdateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
    mRun: [UpdatePDIRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0"
    mRun: [UpdatePSTShortCut] "c:\program files\cyberlink\cyberlink dvd suite deluxe\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\cyberlink dvd suite deluxe" updatewithcreateonce "software\cyberlink\PowerStarter"
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [YSearchProtection] "c:\program files\yahoo!\search protection\SearchProtection.exe"
    mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [IconixOEAddOn] "c:\program files\iconix\oeaddon\OEdmn_6.exe"
    mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
    mRun: [vProt] "c:\program files\avg secure search\vprot.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
    StartupFolder: c:\users\martin~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
    StartupFolder: c:\users\martin~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\pictur~1.lnk - c:\program files\picturemover\bin\PictureMover.exe
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {400A6CFA-E326-4d61-A90C-9AD75358DC5F} - {44E212AB-13EA-4CA4-BE65-197FBA170412} - c:\program files\iconix\ieaddon\IconixBHO_46.dll
    IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll
    IE: {BC3F6B6D-2E49-4603-B028-7411655713F3} - {0CC2F28D-D415-4FC6-A2E4-54B4D983609A} - c:\program files\iconix\ieaddon\IconixBHO_46.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
    TCP: Interfaces\{5A7565AE-22B9-469D-B456-2F2EAD521EBD} : DhcpNameServer = 75.75.75.75 75.75.76.76
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\common files\avg secure search\viprotocolinstaller\11.2.0\ViProtocol.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
    Hosts: 127.0.0.1 www.spywareinfo.com
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\martin family\appdata\roaming\mozilla\firefox\profiles\lhdogrld.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=
    FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/
    FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bb4e5add5-6007-493c-b3eb-a497bd2834d0%7D&mid=46128029ee8747d097a7d16c5707ed62-a191216ca99fa9b2aa327703be8d3ca57ae4a29a&ds=AVG&v=11.1.0.12&lang=en&pr=pr&d=2012-06-17%2008%3A06%3A21&sap=ku&q=
    FF - component: c:\users\martin family\appdata\roaming\mozilla\firefox\profiles\lhdogrld.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components\XPATLCOM.dll
    FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\11.2.0\npsitesafety.dll
    FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
    FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\java\jre6\bin\plugin2\npdeployJava1.dll
    FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
    FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npIconixProxy110.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - plugin: c:\users\martin family\appdata\roaming\mozilla\plugins\npatgpc.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_270.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]
    R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2012-3-19 301248]
    R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-12-2 165264]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
    R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928]
    R2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]
    R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
    R2 IconixService;Iconix Update Service;c:\program files\common files\iconix\IconixService.exe [2012-2-21 284512]
    R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-7-10 1153368]
    R2 vToolbarUpdater11.2.0;vToolbarUpdater11.2.0;c:\program files\common files\avg secure search\vtoolbarupdater\11.2.0\ToolbarUpdater.exe [2012-7-9 935008]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 54144]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2010-11-11 206360]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-29 135664]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-4 250056]
    S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2012-6-20 39272]
    S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2012-3-8 1492840]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-1-29 135664]
    S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-2 113120]
    S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2009-12-2 43392]
    S3 PCD5SRVC{BD6912E3-AC9D80E8-05040000};PCD5SRVC{BD6912E3-AC9D80E8-05040000} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\pc-doc~1\PCD5SRVC.pkms [2008-9-9 20640]
    S3 SBFWIMCL;GFI Software Firewall NDIS IM Filter Service;c:\windows\system32\drivers\SbFwIm.sys [2012-5-20 94584]
    S3 SBFWIMCLMP;GFI Software Firewall NDIS IM Filter Miniport;c:\windows\system32\drivers\SbFwIm.sys [2012-5-20 94584]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
    .
    =============== Created Last 30 ================
    .
    2012-08-08 03:04:38 -------- d-----w- c:\users\martin family\appdata\local\{1DEA8D23-068E-4729-9A04-632884736888}
    2012-08-08 03:04:28 -------- d-----w- c:\users\martin family\appdata\local\{E8DC795A-9702-41CF-B15E-8AE8446D7702}
    2012-08-08 01:20:30 -------- d-----w- c:\programdata\Kaspersky Lab
    2012-08-07 15:04:00 -------- d-----w- c:\users\martin family\appdata\local\{4F0504A6-492D-4336-8367-6C4A4D61C7D7}
    2012-08-07 15:03:48 -------- d-----w- c:\users\martin family\appdata\local\{3A1E9A8A-410C-4093-A91F-61B7557961A6}
    2012-08-07 03:03:14 -------- d-----w- c:\users\martin family\appdata\local\{CDBA57D0-3576-4BBF-B729-28125BE9DAA7}
    2012-08-06 15:02:46 -------- d-----w- c:\users\martin family\appdata\local\{D7D31DA0-D450-4535-BEE2-3F5AF69BB859}
    2012-08-06 15:02:36 -------- d-----w- c:\users\martin family\appdata\local\{A4BDAD94-7D01-4416-845E-D2066E4ED4DA}
    2012-08-06 03:02:10 -------- d-----w- c:\users\martin family\appdata\local\{BC3DDF39-772C-4259-B666-1E16F83F9B2E}
    2012-08-05 15:01:35 -------- d-----w- c:\users\martin family\appdata\local\{1D524CD1-ECB6-4886-9518-A9705F348916}
    2012-08-05 15:01:25 -------- d-----w- c:\users\martin family\appdata\local\{AD007A0F-CD17-4970-9051-B18F185C7BA6}
    2012-08-05 03:00:54 -------- d-----w- c:\users\martin family\appdata\local\{5909DBFE-891F-4B74-B634-CAB7F1BCCDC8}
    2012-08-04 15:00:31 -------- d-----w- c:\users\martin family\appdata\local\{BD11699D-9271-4482-A505-5107BD9FBE0C}
    2012-08-04 15:00:20 -------- d-----w- c:\users\martin family\appdata\local\{0CA90C0F-9182-45F7-81F0-96D8AD1F5D31}
    2012-08-04 02:59:54 -------- d-----w- c:\users\martin family\appdata\local\{B2350E05-C6A9-4739-85C8-8482F3496614}
    2012-08-03 14:59:22 -------- d-----w- c:\users\martin family\appdata\local\{C44E4657-078B-49DB-AF13-D76529B67272}
    2012-08-03 14:59:06 -------- d-----w- c:\users\martin family\appdata\local\{A7DC715C-FA39-44B1-BF0C-C7FB10AAC7AD}
    2012-08-03 02:58:37 -------- d-----w- c:\users\martin family\appdata\local\{8C56C30C-3947-45FE-8890-25F12FE0EE7D}
    2012-08-02 14:58:12 -------- d-----w- c:\users\martin family\appdata\local\{BFA5BFF6-1C0B-43F4-BEC6-FB6832D5E29A}
    2012-08-02 14:58:02 -------- d-----w- c:\users\martin family\appdata\local\{D424A5DB-FC1D-49A1-A039-8C492DB3BFF3}
    2012-08-02 02:57:36 -------- d-----w- c:\users\martin family\appdata\local\{A0074DDF-A4B6-498C-8003-786E74AC5A7B}
    2012-08-01 14:57:12 -------- d-----w- c:\users\martin family\appdata\local\{11F0D512-0282-441E-920C-7131BAA1104F}
    2012-08-01 14:57:02 -------- d-----w- c:\users\martin family\appdata\local\{8F209260-1FDF-4726-B6F9-5A55985D764D}
    2012-08-01 02:56:36 -------- d-----w- c:\users\martin family\appdata\local\{49F13FD2-ABD2-4625-ABB1-5976B143B370}
    2012-07-31 14:56:08 -------- d-----w- c:\users\martin family\appdata\local\{B893AF97-BF0A-4B88-87D2-1B9585B7E0F4}
    2012-07-31 14:55:57 -------- d-----w- c:\users\martin family\appdata\local\{5B3B99E5-DCEB-45BF-9CB0-5412101C4FE9}
    2012-07-31 02:55:29 -------- d-----w- c:\users\martin family\appdata\local\{80876975-6BB4-497B-989E-C16530DBD1BB}
    2012-07-30 14:55:05 -------- d-----w- c:\users\martin family\appdata\local\{F4AAB010-9C79-4E46-AC62-6A984C046E04}
    2012-07-30 14:54:54 -------- d-----w- c:\users\martin family\appdata\local\{B6F98CC7-19DD-4126-A233-277E6D849362}
    2012-07-30 02:54:28 -------- d-----w- c:\users\martin family\appdata\local\{79E6C730-2006-4390-AB54-DE9D4705E68B}
    2012-07-29 14:54:05 -------- d-----w- c:\users\martin family\appdata\local\{61FAC536-D751-449D-B4A8-A7A9C89F6835}
    2012-07-29 14:53:55 -------- d-----w- c:\users\martin family\appdata\local\{4D33E1DA-7F91-4524-B33A-685CB3D63585}
    2012-07-29 02:53:29 -------- d-----w- c:\users\martin family\appdata\local\{4C5984CA-7A75-441E-8180-592F79F17568}
    2012-07-28 14:53:07 -------- d-----w- c:\users\martin family\appdata\local\{EF5BA75D-290A-4B66-9CA5-994C80A71B77}
    2012-07-28 14:52:57 -------- d-----w- c:\users\martin family\appdata\local\{2DCDFBD1-DE48-4276-8F3E-237DDDCE4BD7}
    2012-07-28 02:52:31 -------- d-----w- c:\users\martin family\appdata\local\{80F2255E-47FF-4F7B-A4B9-D668CE94FAD0}
    2012-07-27 14:51:32 -------- d-----w- c:\users\martin family\appdata\local\{3C121276-F206-4B11-BABE-8ACF03870882}
    2012-07-27 14:51:20 -------- d-----w- c:\users\martin family\appdata\local\{7C4A949E-EBC0-4A8B-97F3-71E64F8B1138}
    2012-07-27 02:50:52 -------- d-----w- c:\users\martin family\appdata\local\{1EEEC85D-C8EE-4FA7-8696-CCB8E8D0A630}
    2012-07-26 14:50:24 -------- d-----w- c:\users\martin family\appdata\local\{5A3AAE00-91FB-45A1-A5DC-CB758402D6D0}
    2012-07-26 14:49:32 -------- d-----w- c:\users\martin family\appdata\local\{8D0417C7-C771-4FD1-A56E-E08E1D792E82}
    2012-07-26 02:40:53 -------- d-----w- c:\users\martin family\appdata\local\{B37F42B5-0AAF-4FED-B3E7-F5D0733E1010}
    2012-07-25 14:40:28 -------- d-----w- c:\users\martin family\appdata\local\{F25EF22F-1C92-4746-A1F7-BDECF4F49048}
    2012-07-25 14:40:18 -------- d-----w- c:\users\martin family\appdata\local\{E5F8BCF6-16DA-450D-8415-0F72148D5F3A}
    2012-07-25 02:39:52 -------- d-----w- c:\users\martin family\appdata\local\{8CE97118-C4F0-49E2-BF86-4F3F2EFB447D}
    2012-07-24 14:39:27 -------- d-----w- c:\users\martin family\appdata\local\{29031777-2841-4BE4-8F59-C517ED0B520E}
    2012-07-24 14:39:16 -------- d-----w- c:\users\martin family\appdata\local\{480B231E-FF8E-41FB-AACB-29C822CFA5AD}
    2012-07-24 02:38:49 -------- d-----w- c:\users\martin family\appdata\local\{64716C0A-3F6D-4EE0-9CA3-50D693A0317D}
    2012-07-23 14:38:20 -------- d-----w- c:\users\martin family\appdata\local\{35612AB7-E7DD-4B99-BB16-94EDE79EB2C1}
    2012-07-23 14:38:08 -------- d-----w- c:\users\martin family\appdata\local\{23196A2F-816A-44C8-ACBC-509647C9ADED}
    2012-07-23 02:37:40 -------- d-----w- c:\users\martin family\appdata\local\{DEBFB491-BB1A-4397-A851-B7F80CC4B586}
    2012-07-22 14:37:17 -------- d-----w- c:\users\martin family\appdata\local\{97542311-A60D-47CE-9A15-1C7438CAA731}
    2012-07-22 14:37:06 -------- d-----w- c:\users\martin family\appdata\local\{023DC6C0-5BFF-401F-804B-F737A8EE61A6}
    2012-07-22 02:36:39 -------- d-----w- c:\users\martin family\appdata\local\{F852DCF4-8C20-44B2-B115-C809BF8EBC76}
    2012-07-21 14:36:15 -------- d-----w- c:\users\martin family\appdata\local\{3DAB6339-6D38-4BF4-88DF-CA1CCFEEC67F}
    2012-07-21 14:36:05 -------- d-----w- c:\users\martin family\appdata\local\{0DF91E8A-A407-42D7-A480-41D75F1C4F82}
    2012-07-21 02:35:39 -------- d-----w- c:\users\martin family\appdata\local\{07EA811D-F5CC-4561-97F5-BD8066CBC60B}
    2012-07-20 14:35:16 -------- d-----w- c:\users\martin family\appdata\local\{82DC6B02-32C1-48E3-B280-CF1016B0EA4B}
    2012-07-20 14:35:06 -------- d-----w- c:\users\martin family\appdata\local\{37327163-3C91-4A0A-8A51-D0787464FF69}
    2012-07-20 02:34:41 -------- d-----w- c:\users\martin family\appdata\local\{3EEE2E21-D7A1-46AC-91D3-87944426319F}
    2012-07-19 14:34:14 -------- d-----w- c:\users\martin family\appdata\local\{E9A88D60-BF4D-448F-BC43-785EBC8FA04B}
    2012-07-19 14:34:03 -------- d-----w- c:\users\martin family\appdata\local\{580B70FE-41A2-4655-BF15-DF2CA1CEA153}
    2012-07-19 02:33:36 -------- d-----w- c:\users\martin family\appdata\local\{91453AD6-0841-4CBE-B09D-B3D26DDD0437}
    2012-07-18 14:33:12 -------- d-----w- c:\users\martin family\appdata\local\{3B3ED044-149E-4C0A-9881-24570E5378C5}
    2012-07-18 14:33:02 -------- d-----w- c:\users\martin family\appdata\local\{3AB877F0-D8F1-4ADB-9008-886B6294ADCE}
    2012-07-18 02:32:36 -------- d-----w- c:\users\martin family\appdata\local\{21E5CE21-DD41-4462-A069-B69A38546C11}
    2012-07-18 02:32:25 -------- d-----w- c:\users\martin family\appdata\local\{FE8FAE82-52F8-46C9-A3EA-E7AB3F3815FD}
    2012-07-17 14:31:59 -------- d-----w- c:\users\martin family\appdata\local\{25CE7E0C-8A50-4F66-8376-9356F41AD2CB}
    2012-07-17 14:31:48 -------- d-----w- c:\users\martin family\appdata\local\{0C313EB6-D31E-43B0-8883-1EE9A715D3B4}
    2012-07-17 14:03:03 -------- d-----w- C:\AVG2012
    2012-07-17 02:31:20 -------- d-----w- c:\users\martin family\appdata\local\{3DEBB7D2-E2C0-4EC5-AD71-27725CF9A9FE}
    2012-07-17 02:31:10 -------- d-----w- c:\users\martin family\appdata\local\{C732BA41-F2B6-4995-B596-D79118FE99CC}
    2012-07-16 19:50:47 -------- d-----w- c:\program files\AVG Secure Search
    2012-07-16 14:30:45 -------- d-----w- c:\users\martin family\appdata\local\{36FDB2E1-A988-41AC-A946-A5143164229B}
    2012-07-16 14:30:34 -------- d-----w- c:\users\martin family\appdata\local\{1CE2C3A5-318D-4F6A-98AD-57B8F39058BA}
    2012-07-16 02:30:08 -------- d-----w- c:\users\martin family\appdata\local\{18DCB3E3-18DE-4263-89DF-912A926F6F28}
    2012-07-16 02:29:58 -------- d-----w- c:\users\martin family\appdata\local\{6BE19E60-9790-4EA1-B781-71AC37C69427}
    2012-07-15 14:29:32 -------- d-----w- c:\users\martin family\appdata\local\{D8DDCBBD-46EE-46AB-909A-D7627FD6DB2C}
    2012-07-15 14:29:22 -------- d-----w- c:\users\martin family\appdata\local\{4E5DFA99-CC8C-4BD9-AA2C-B79711182430}
    2012-07-15 02:28:56 -------- d-----w- c:\users\martin family\appdata\local\{476994D6-83E4-4344-8A34-614DA3F952A0}
    2012-07-14 14:28:33 -------- d-----w- c:\users\martin family\appdata\local\{FA37792E-9F07-4B79-90E7-CB5EDFB0A6A5}
    2012-07-14 14:28:23 -------- d-----w- c:\users\martin family\appdata\local\{E785ADF4-2441-4E3D-A6F8-3961E9F67B4A}
    2012-07-14 02:27:57 -------- d-----w- c:\users\martin family\appdata\local\{C7FA93A0-21BE-4FA1-A02E-F176E332BAC9}
    2012-07-13 14:27:34 -------- d-----w- c:\users\martin family\appdata\local\{350386A9-78BE-4687-A3E2-C6FB28C2F3BA}
    2012-07-13 14:27:20 -------- d-----w- c:\users\martin family\appdata\local\{FE6D1994-B2A1-4E95-9EEB-AA5DD786580E}
    2012-07-13 02:26:54 -------- d-----w- c:\users\martin family\appdata\local\{75F12242-3106-4F6F-BEC4-EE3EA96BCA86}
    2012-07-12 14:26:30 -------- d-----w- c:\users\martin family\appdata\local\{F211939C-3709-4653-8A0B-AFC703BF98D9}
    2012-07-12 14:26:20 -------- d-----w- c:\users\martin family\appdata\local\{E6A50AF2-1D96-4004-AB1C-45277A24B09F}
    2012-07-12 13:59:25 2047488 ----a-w- c:\windows\system32\win32k.sys
    2012-07-12 02:25:54 -------- d-----w- c:\users\martin family\appdata\local\{EA78E62A-51B3-4E74-9305-5B7AE035DFC9}
    2012-07-11 17:58:47 708608 ----a-w- c:\program files\common files\system\ado\msado15.dll
    2012-07-11 17:58:46 1401856 ----a-w- c:\windows\system32\msxml6.dll
    2012-07-11 17:58:46 1248768 ----a-w- c:\windows\system32\msxml3.dll
    2012-07-11 17:58:45 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2012-07-11 17:58:45 278528 ----a-w- c:\windows\system32\schannel.dll
    2012-07-11 17:58:45 204288 ----a-w- c:\windows\system32\ncrypt.dll
    2012-07-11 14:25:30 -------- d-----w- c:\users\martin family\appdata\local\{87486BDF-1035-42B5-A105-9F84652987D3}
    2012-07-11 14:25:19 -------- d-----w- c:\users\martin family\appdata\local\{6AAE6EF5-5F4B-499C-8B9D-AB47BE52BB86}
    2012-07-11 02:24:53 -------- d-----w- c:\users\martin family\appdata\local\{49B3EA4D-41A9-4059-8FC8-221883E388C8}
    2012-07-10 14:24:29 -------- d-----w- c:\users\martin family\appdata\local\{3F1BD996-6D42-404B-9EBC-72CE185057B5}
    2012-07-10 14:24:18 -------- d-----w- c:\users\martin family\appdata\local\{7CC6E946-A5C4-40E0-8511-6225ECC6F876}
    2012-07-10 02:23:53 -------- d-----w- c:\users\martin family\appdata\local\{7FC4D807-6628-493C-AC37-6507B644957A}
    2012-07-10 00:04:27 -------- d-----w- c:\windows\system32\cache
    2012-07-09 14:23:30 -------- d-----w- c:\users\martin family\appdata\local\{8FD137A4-23C7-4B72-BFBB-ABCC1B339975}
    2012-07-09 14:23:20 -------- d-----w- c:\users\martin family\appdata\local\{01873328-545E-4253-A54F-E73459DBF022}
    .
    ==================== Find3M ====================
    .
    2012-08-03 01:46:12 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-08-03 01:46:12 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-07-03 18:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-06-02 22:12:32 2422272 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-02 22:12:13 88576 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-02 20:19:42 171904 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-02 20:12:20 33792 ----a-w- c:\windows\system32\wuapp.exe
    2012-06-02 08:33:25 1800192 ----a-w- c:\windows\system32\jscript9.dll
    2012-06-02 08:25:08 1129472 ----a-w- c:\windows\system32\wininet.dll
    2012-06-02 08:25:03 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-06-02 08:20:33 142848 ----a-w- c:\windows\system32\ieUnatt.exe
    2012-06-02 08:16:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    .
    ============= FINISH: 6:57:50.50 ===============

    The instructions for running spybot in advanced mode are very detailed so I'll need to print them out first. I'll run that in approximately three hours and post the logs in this thread.

    I don't know if the scan is complete, I was watching it run, turned my head for a moment then when I looked again it had stopped. I waited an additional ten minutes but witness no further activity. Here's the file:


    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-08-08 07:13:30
    -----------------------------
    07:13:30.431 OS Version: Windows 6.0.6002 Service Pack 2
    07:13:30.431 Number of processors: 2 586 0x6B02
    07:13:30.432 ComputerName: MARTINFAMILY-PC UserName: Martin Family
    07:13:32.657 Initialize success
    07:16:09.029 AVAST engine defs: 12080800
    07:16:52.035 The log file has been saved successfully to "C:\Users\Martin Family\Documents\aswMBR SPYBOT.txt"
    07:17:01.431 The log file has been saved successfully to "C:\Users\Martin Family\Documents\aswMBR.txt"
    07:17:20.374 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000055
    07:17:20.382 Disk 0 Vendor: WDC_WD25 01.0 Size: 238475MB BusType: 3
    07:17:20.395 Disk 0 MBR read successfully
    07:17:20.403 Disk 0 MBR scan
    07:17:20.416 Disk 0 unknown MBR code
    07:17:20.425 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 226949 MB offset 63
    07:17:20.466 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 11523 MB offset 464792580
    07:17:20.483 Disk 0 scanning sectors +488392065
    07:17:20.552 Disk 0 scanning C:\Windows\system32\drivers
    07:17:34.070 Service scanning
    07:17:55.198 Modules scanning
    07:17:59.410 Disk 0 trace - called modules:
    07:17:59.435 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys
    07:17:59.441 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8543f780]
    07:17:59.448 3 CLASSPNP.SYS[807338b3] -> nt!IofCallDriver -> [0x85287700]
    07:17:59.456 5 acpi.sys[8060f6bc] -> nt!IofCallDriver -> \Device\00000055[0x84e5f9c0]
    07:18:01.387 AVAST engine scan C:\Windows
    07:18:03.979 AVAST engine scan C:\Windows\system32
    07:20:54.188 AVAST engine scan C:\Windows\system32\drivers
    07:21:18.409 AVAST engine scan C:\Users\Martin Family
    07:36:59.166 Disk 0 MBR has been saved successfully to "C:\Users\Martin Family\Desktop\MBR.dat"
    07:36:59.177 The log file has been saved successfully to "C:\Users\Martin Family\Desktop\aswMBR.txt"
    Last edited by tashi; 2012-08-08 at 15:57. Reason: Merged three posts, as per FAQ

  2. #2
    Emeritus
    Join Date
    Apr 2011
    Location
    USA
    Posts
    1,038

    Default

    Hi and Welcome!! My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:
    • The fixes are specific to your problem and should only be used for the issues on this machine.
    • It's often worth reading through these instructions and printing them for ease of reference.
    • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
    • Please reply to this thread. Do not start a new topic.
    • If you happen to have a flash drive/thumb drive please have that ready in the event that we need to use it.

    IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
    DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.


    Having said that....Let's get going!! :thumbup:
    ----------

    Download Combofix from either of the links below, and save it to your desktop.
    Link 1
    Link 2

    **Note: It is important that it is saved directly to your desktop**
    If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.


    --------------------------------------------------------------------

    IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

    --------------------------------------------------------------------

    Right-Click and Run as Administrator on ComboFix.exe & follow the prompts.
    • When finished, it will produce a report for you.
    • Please post the C:\ComboFix.txt for further review.

  3. #3
    Member
    Join Date
    May 2008
    Posts
    60

    Default

    Hello,

    Will you be needing my Spybot advanced mode results? I read the "Before You Post" thread and have the Spybot results.


    Right Media: Tracking cookie (Internet Explorer: Martin Family) (Cookie, nothing done)



    --- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

    2009-01-26 blindman.exe (1.0.0.8)
    2009-01-26 SDFiles.exe (1.6.1.7)
    2009-01-26 SDMain.exe (1.0.0.6)
    2009-01-26 SDShred.exe (1.0.2.5)
    2009-01-26 SDUpdate.exe (1.6.0.12)
    2009-01-26 SDWinSec.exe (1.0.0.12)
    2009-01-26 SpybotSD.exe (1.6.2.46)
    2009-03-05 TeaTimer.exe (1.6.6.32)
    2009-07-10 unins000.exe (51.49.0.0)
    2009-01-26 Update.exe (1.6.0.7)
    2009-11-04 advcheck.dll (1.6.5.20)
    2007-04-02 aports.dll (2.1.0.0)
    2008-06-14 DelZip179.dll (1.79.11.1)
    2009-01-26 SDHelper.dll (1.6.2.14)
    2008-06-19 sqlite3.dll
    2009-01-26 Tools.dll (2.1.6.10)
    2009-01-16 UninsSrv.dll (1.0.0.0)
    2012-04-04 Includes\Adware.sbi (*)
    2012-07-31 Includes\AdwareC.sbi (*)
    2010-08-13 Includes\Cookies.sbi (*)
    2010-12-14 Includes\Dialer.sbi (*)
    2011-11-29 Includes\DialerC.sbi (*)
    2012-01-31 Includes\HeavyDuty.sbi (*)
    2012-06-19 Includes\Hijackers.sbi (*)
    2012-07-31 Includes\HijackersC.sbi (*)
    2010-09-15 Includes\iPhone.sbi (*)
    2012-03-13 Includes\Keyloggers.sbi (*)
    2012-03-13 Includes\KeyloggersC.sbi (*)
    2004-11-29 Includes\LSP.sbi (*)
    2012-06-18 Includes\Malware.sbi (*)
    2012-07-31 Includes\MalwareC.sbi (*)
    2011-02-24 Includes\PUPS.sbi (*)
    2012-07-19 Includes\PUPSC.sbi (*)
    2010-01-25 Includes\Revision.sbi (*)
    2012-06-19 Includes\Security.sbi (*)
    2011-12-13 Includes\SecurityC.sbi (*)
    2008-06-03 Includes\Spybots.sbi (*)
    2008-06-03 Includes\SpybotsC.sbi (*)
    2012-07-23 Includes\Spyware.sbi (*)
    2012-07-31 Includes\SpywareC.sbi (*)
    2010-03-08 Includes\Tracks.uti
    2011-09-28 Includes\Trojans.sbi (*)
    2012-07-23 Includes\TrojansC-02.sbi (*)
    2012-07-31 Includes\TrojansC-03.sbi (*)
    2012-07-31 Includes\TrojansC-04.sbi (*)
    2012-07-12 Includes\TrojansC-05.sbi (*)
    2012-07-31 Includes\TrojansC.sbi (*)
    2008-03-04 Plugins\Chai.dll
    2008-03-05 Plugins\Fennel.dll
    2008-02-26 Plugins\Mate.dll
    2007-12-24 Plugins\TCPIPAddress.dll

  4. #4
    Emeritus
    Join Date
    Apr 2011
    Location
    USA
    Posts
    1,038

    Default

    Hi,

    Thanks for that.

    When you get the ComboFix log please post that as well.

  5. #5
    Member
    Join Date
    May 2008
    Posts
    60

    Default Firewalls

    Before running combofix, in addition to disabling Windows Firewall, should I disable Spybot and Malware Bytes?

  6. #6
    Emeritus
    Join Date
    Apr 2011
    Location
    USA
    Posts
    1,038

    Default

    Go ahead and disable Spybot just in case, but Malwarebytes should be fine.

  7. #7
    Member
    Join Date
    May 2008
    Posts
    60

    Default

    Hello,

    I don't see Tea Timer in Spybot's Startup Menu, early this morning when doing the first scan (per this forum's instructions) I unchecked the Tea Timer and restarted my computer then performed the scan and pasted in here for you to analyze. So, does that mean the Tea Timer is already disabled?

    Thanks

  8. #8
    Emeritus
    Join Date
    Apr 2011
    Location
    USA
    Posts
    1,038

    Default

    More than likely....go ahead with ComboFix.

  9. #9
    Member
    Join Date
    May 2008
    Posts
    60

    Default Combo Fix Report

    Hi,

    It took nearly 1h30m from the initiation of the scan to its completion to produce this file. Is that normal?


    ComboFix 12-08-08.01 - Martin Family 08/08/2012 19:06:38.1.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2942.1359 [GMT -5:00]
    Running from: c:\users\Martin Family\Downloads\ComboFix.exe
    AV: AVG Internet Security 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
    FW: AVG Internet Security 2012 *Disabled* {621CC794-9486-F902-D092-0484E8EA828B}
    SP: AVG Internet Security 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\Martin Family\g2mdlhlpx.exe
    c:\windows\system32\Cache
    c:\windows\system32\Cache\272512937d9e61a4.fb
    c:\windows\system32\Cache\287204568329e189.fb
    c:\windows\system32\Cache\28bc8f716fd76a47.fb
    c:\windows\system32\Cache\2c53092c95605355.fb
    c:\windows\system32\Cache\31a0997e9a5b5eb3.fb
    c:\windows\system32\Cache\32c84fe32bb74d60.fb
    c:\windows\system32\Cache\3917078cb68ec657.fb
    c:\windows\system32\Cache\590ba23ce359fd0c.fb
    c:\windows\system32\Cache\610289e025a3ee9a.fb
    c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
    c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
    c:\windows\system32\Cache\6d03dad1035885d3.fb
    c:\windows\system32\Cache\87beec71a9f9cc3c.fb
    c:\windows\system32\Cache\a8556537add6dfc5.fb
    c:\windows\system32\Cache\ad10a52aff5e038d.fb
    c:\windows\system32\Cache\c1fa887b03019701.fb
    c:\windows\system32\Cache\c4d28dca2e7648be.fb
    c:\windows\system32\Cache\d201ef9910cd39de.fb
    c:\windows\system32\Cache\d2e94710a5708128.fb
    c:\windows\system32\Cache\d79b9dfe81484ec4.fb
    c:\windows\system32\Cache\f998975c9cc711ee.fb
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-07-09 to 2012-08-09 )))))))))))))))))))))))))))))))
    .
    .
    2012-08-09 00:17 . 2012-08-09 00:17 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-08-08 11:52 . 2012-08-08 11:53 -------- d-----w- c:\program files\ERUNT
    2012-08-08 01:20 . 2012-08-08 01:20 -------- d-----w- c:\programdata\Kaspersky Lab
    2012-07-17 14:03 . 2012-07-17 14:03 -------- d-----w- C:\AVG2012
    2012-07-16 19:50 . 2012-07-16 19:50 -------- d-----w- c:\program files\AVG Secure Search
    2012-07-12 13:59 . 2012-06-13 13:40 2047488 ----a-w- c:\windows\system32\win32k.sys
    2012-07-11 17:58 . 2012-06-05 16:47 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
    2012-07-11 17:58 . 2012-06-05 16:47 1401856 ----a-w- c:\windows\system32\msxml6.dll
    2012-07-11 17:58 . 2012-06-05 16:47 1248768 ----a-w- c:\windows\system32\msxml3.dll
    2012-07-11 17:58 . 2012-06-04 15:26 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys
    2012-07-11 17:58 . 2012-06-02 00:04 278528 ----a-w- c:\windows\system32\schannel.dll
    2012-07-11 17:58 . 2012-06-02 00:03 204288 ----a-w- c:\windows\system32\ncrypt.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-08-03 01:46 . 2012-04-04 11:49 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-08-03 01:46 . 2011-05-17 14:22 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-07-03 18:46 . 2009-07-10 23:50 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-06-20 13:03 . 2010-06-24 17:33 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2012-06-16 12:20 . 2012-06-16 12:20 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6087DC9F-696C-49C4-A01C-56DFFFFDDAD9}\offreg.dll
    2012-06-02 22:19 . 2012-06-21 13:13 53784 ----a-w- c:\windows\system32\wuauclt.exe
    2012-06-02 22:19 . 2012-06-21 13:13 45080 ----a-w- c:\windows\system32\wups2.dll
    2012-06-02 22:19 . 2012-06-21 13:12 35864 ----a-w- c:\windows\system32\wups.dll
    2012-06-02 22:19 . 2012-06-21 13:12 577048 ----a-w- c:\windows\system32\wuapi.dll
    2012-06-02 22:19 . 2012-06-21 13:12 1933848 ----a-w- c:\windows\system32\wuaueng.dll
    2012-06-02 22:12 . 2012-06-21 13:13 2422272 ----a-w- c:\windows\system32\wucltux.dll
    2012-06-02 22:12 . 2012-06-21 13:12 88576 ----a-w- c:\windows\system32\wudriver.dll
    2012-06-02 20:19 . 2012-06-21 13:12 171904 ----a-w- c:\windows\system32\wuwebv.dll
    2012-06-02 20:12 . 2012-06-21 13:12 33792 ----a-w- c:\windows\system32\wuapp.exe
    2012-05-20 14:27 . 2012-05-20 14:27 677136 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
    2012-07-18 04:53 . 2012-02-13 13:35 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
    2011-10-21 09:10 87440 ----a-w- c:\program files\adawaretb\adawareDx.dll
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
    2012-07-16 19:50 2074208 ----a-w- c:\program files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{6c97a91e-4524-4019-86af-2aa2d567bf5c}"= "c:\program files\adawaretb\adawareDx.dll" [2011-10-21 87440]
    "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll" [2012-07-16 2074208]
    .
    [HKEY_CLASSES_ROOT\clsid\{6c97a91e-4524-4019-86af-2aa2d567bf5c}]
    .
    [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
    [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
    [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
    "HPAdvisor"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2008-10-17 972080]
    "Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2010-06-01 5252408]
    "Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-10 39408]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
    "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-07-05 2424192]
    "AROReminder"="c:\program files\ARO 2011\ARO.exe" [2011-01-25 2312048]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-27 13539872]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-27 92704]
    "HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
    "UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
    "UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
    "UpdatePSTShortCut"="c:\program files\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" [2008-09-11 210216]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-09 54840]
    "YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2009-02-23 111856]
    "Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2012-07-03 973488]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "IconixOEAddOn"="c:\program files\Iconix\OEAddOn\OEdmn_6.exe" [2012-03-21 343392]
    "AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-04-05 2587008]
    "vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-07-16 1107552]
    .
    c:\users\Martin Family\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
    OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    PictureMover.lnk - c:\program files\PictureMover\Bin\PictureMover.exe [2008-9-8 430080]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
    S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-08-09 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 01:46]
    .
    2012-08-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 18:57]
    .
    2012-08-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 18:57]
    .
    2012-08-05 c:\windows\Tasks\PCDRScheduledMaintenance.job
    - c:\program files\PC-Doctor for Windows\pcdr5cuiw32.exe [2008-09-10 14:43]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.aol.com/
    uDefault_Search_URL = hxxp://www.google.com/ie
    mStart Page = hxxp://www.yahoo.com
    mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll
    FF - ProfilePath - c:\users\Martin Family\AppData\Roaming\Mozilla\Firefox\Profiles\lhdogrld.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q=
    FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/
    FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7Bb4e5add5-6007-493c-b3eb-a497bd2834d0%7D&mid=46128029ee8747d097a7d16c5707ed62-a191216ca99fa9b2aa327703be8d3ca57ae4a29a&ds=AVG&v=11.1.0.12&lang=en&pr=pr&d=2012-06-17%2008%3A06%3A21&sap=ku&q=
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKLM-Run-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2012-08-08 20:15
    Windows 6.0.6002 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCD5SRVC{BD6912E3-AC9D80E8-05040000}]
    "ImagePath"="\??\c:\progra~1\PC-DOC~1\PCD5SRVC.pkms"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    Completion time: 2012-08-08 20:18:07
    ComboFix-quarantined-files.txt 2012-08-09 01:18
    .
    Pre-Run: 156,175,355,904 bytes free
    Post-Run: 155,725,508,608 bytes free
    .
    - - End Of File - - 81DA667DFEA0AAE555F1793438AC2382

  10. #10
    Emeritus
    Join Date
    Apr 2011
    Location
    USA
    Posts
    1,038

    Default

    Hi,

    It took nearly 1h30m from the initiation of the scan to its completion to produce this file. Is that normal?
    Sometimes yes.
    --------

    Malwarebytes

    I see that you have Malwarebytes already on your computer. Please open Malwarebytes, update it and then run a Quick Scan. Save the log that is created for your next reply.
    ----------

    Please run a free online scan with the ESET Online Scanner
    Note: You will need to use Internet Explorer for this scan
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • When asked, allow the ActiveX control to install
    • Click Start
    • Make sure that the options Remove found threats is NOT selected and the option Scan unwanted applications is selected.
    • Click Scan (This scan can take several hours, so please be patient)
    • If there are threats that are found, please press List of found threats and then in the next window that opens press Export to text file...
    • Copy and paste/or attach that log as a reply to this topic

    **Note** If not threats are found there will not be a log created.
    ----------

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •