Results 1 to 3 of 3

Thread: Not Downloading

  1. #1
    Junior Member
    Join Date
    Oct 2013
    Posts
    2

    Default Not Downloading

    My IE9 isnt letting me download anything..used firefox as well and same thing..thx in advance

    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 9.0.8112.16506
    Run by Phil at 0:36:52 on 2013-10-16
    Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.1978.859 [GMT -5:00]
    .
    AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    AV: AVG Anti-Virus Free *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
    SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    .
    ============== Running Processes ================
    .
    C:\Windows\system32\wininit.exe
    C:\Program Files\AVG\AVG9\avgchsvx.exe
    C:\Program Files\AVG\AVG9\avgrsx.exe
    C:\Windows\system32\lsm.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\WLANExt.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\ATT\8.3.1.7\ma\bin\MAHostService.exe
    C:\Program Files\AVG\AVG9\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\PROGRA~1\Guffins\bar\1.bin\u4barsvc.exe
    C:\Program Files\ATT\8.3.1.7\ma\bin\node.exe
    C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
    C:\Program Files\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe
    C:\Program Files\NewTech Infosystems\Backup Now EZ\BackupNowEZSvr.exe
    C:\Program Files\AVG\AVG9\avgnsx.exe
    C:\Program Files\Common Files\Motive\pcCMService.exe
    C:\Program Files\SMINST\BLService.exe
    C:\Program Files\CyberLink\Shared files\RichVideo.exe
    C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
    C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Program Files\AVG\AVG9\avgemc.exe
    C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
    C:\Windows\System32\alg.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\DllHost.exe
    C:\Program Files\Norton Internet Security\Engine\16.8.3.6\ccSvcHst.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\HP\QuickPlay\QPService.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\AVG\AVG9\avgtray.exe
    C:\Program Files\Guffins\bar\1.bin\u4brmon.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\NewTech Infosystems\Backup Now EZ\BackupNowEZtray.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
    C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
    C:\Program Files\FlashGet Network\FlashGet 3\Flashget3.exe
    C:\Program Files\FlashGet Network\FlashGet 3\mxhelper.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
    C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Memeo\AutoBackup\InstantBackup.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\Seagate\Seagate Dashboard\MemeoDashboard.exe
    C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil32_11_8_800_175_ActiveX.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnb
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnb
    mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnb
    uURLSearchHooks: UrlSearchHook Class: {00000000-6E41-4FD3-8538-502F5495E5FC} - c:\program files\ask.com\GenericAskToolbar.dll
    uURLSearchHooks: <No Name>: {c3d3840c-12ea-4461-a61d-190555fecc82} - c:\program files\guffins\bar\1.bin\u4SrcAs.dll
    uURLSearchHooks: <No Name>: - LocalServer32 - <no file>
    uURLSearchHooks: {2e9331d0-b42b-42b7-9824-a6545d0ceaa6} - <orphaned>
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - c:\program files\avg\avg9\avgssie.dll
    BHO: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton internet security\engine\16.8.3.6\CoIEPlg.dll
    BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton internet security\engine\16.8.3.6\IPSBHO.dll
    BHO: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
    BHO: Toolbar BHO: {a916eefe-6a17-4d7d-a131-2738b260bb55} - c:\program files\guffins\bar\1.bin\u4bar.dll
    BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: FlashGetBHO: {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - c:\users\phil\appdata\roaming\flashgetbho\FlashGetBHO31.dll
    BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll
    BHO: Dictionary.com Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    BHO: Search Assistant BHO: {d6a34acb-76fa-4a14-88ea-5d54797a2028} - c:\program files\guffins\bar\1.bin\u4SrcAs.dll
    TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton internet security\engine\16.8.3.6\CoIEPlg.dll
    TB: Guffins: {DE2FDF7C-2637-4BA3-B427-3FCE2D331DB5} - c:\program files\guffins\bar\1.bin\u4bar.dll
    TB: Dictionary.com Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton internet security\engine\16.8.3.6\CoIEPlg.dll
    TB: Microsoft Live Search Toolbar: {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll
    TB: Guffins: {de2fdf7c-2637-4ba3-b427-3fce2d331db5} - c:\program files\guffins\bar\1.bin\u4bar.dll
    TB: Dictionary.com Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    uRun: [HPAdvisor] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe autorun=AUTORUN
    uRun: [Vsironat] rundll32.exe "c:\users\phil\appdata\local\ecepeqepijovapu.dll",Startup
    uRun: [FlashGet 3] "c:\program files\flashget network\flashget 3\FlashGet3.exe" -minimize
    uRun: [FlashGetBHO] "c:\program files\flashget network\flashget 3\mxhelper.exe"
    uRun: [AdobeBridge] <no file>
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe"
    mRun: [UpdateLBPShortCut] "c:\program files\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5"
    mRun: [UpdatePSTShortCut] "c:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter"
    mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [UpdateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0"
    mRun: [UpdatePDIRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0"
    mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0_07\bin\jusched.exe"
    mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
    mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
    mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
    mRun: [Guffins Browser Plugin Loader] c:\progra~1\guffins\bar\1.bin\u4brmon.exe
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [BackupNowEZtray] "c:\program files\newtech infosystems\backup now ez\BackupNowEZtray.exe" -k
    mRun: [Memeo Instant Backup] c:\program files\memeo\autobackup\MemeoLauncher2.exe --silent --no_ui
    mRun: [Memeo AutoSync] c:\program files\memeo\autosync\MemeoLauncher2.exe --silent
    mRun: [Seagate Dashboard] c:\program files\seagate\seagate dashboard\MemeoLauncher.exe --silent --no_ui
    mRun: [Wondershare Helper Compact.exe] c:\program files\common files\wondershare\wondershare helper compact\WSHelper.exe
    mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [SDTray] "c:\program files\spybot - search & destroy 2\SDTray.exe"
    StartupFolder: c:\users\phil\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
    StartupFolder: c:\users\phil\appdata\roaming\micros~1\windows\startm~1\programs\startup\seagat~1.lnk - c:\users\phil\appdata\roaming\leadertech\powerregister\Seagate NA038BEL Product Registration.exe
    mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: Download all by FlashGet3 - c:\users\phil\appdata\roaming\flashgetbho\GetAllUrl.htm
    IE: Download by FlashGet3 - c:\users\phil\appdata\roaming\flashgetbho\GetUrl.htm
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
    IE: ʹÓÿ쳵3ÏÂÔØ - c:\users\phil\appdata\roaming\flashgetbho\GetUrl.htm
    IE: ʹÓÿ쳵3ÏÂÔØÈ«²¿Á´½Ó - c:\users\phil\appdata\roaming\flashgetbho\GetAllUrl.htm
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} - hxxp://kitchenplanner.ikea.com/US/Core/Player/2020PlayerAX_Win32.cab
    DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} - hxxp://panda-plugin.disney.go.com/plugin/win32/p3dactivex.cab
    DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} - hxxp://lads.myspace.com/upload/MySpaceUploader2.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    TCP: NameServer = 192.168.1.254
    TCP: Interfaces\{32C2327E-28A9-422B-A7A4-54D6F9BA7C8F} : DHCPNameServer = 192.168.1.254
    TCP: Interfaces\{F2AFB4E5-A1E8-415B-A7B3-A433B3227715} : DHCPNameServer = 192.168.0.1
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
    Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton internet security\engine\16.8.3.6\CoIEPlg.dll
    Notify: igfxcui - igfxdev.dll
    Notify: SDWinLogon - SDWinLogon.dll
    AppInit_DLLs= avgrsstx.dll
    LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\phil\appdata\roaming\mozilla\firefox\profiles\10vd42ng.default\
    FF - prefs.js: browser.search.selectedEngine - XFINITY
    FF - prefs.js: browser.startup.homepage - hxxp://xfinity.comcast.net/?cid=insDate09192012|http://www.comcast.net/xfinity/?cid=...mail&cid=ffpin
    FF - plugin: c:\progra~1\sonyon~1\npsoe.dll
    FF - plugin: c:\progra~1\sonyon~1\npsoeact.dll
    FF - plugin: c:\program files\att\8.3.1.7\ma\bin\npMotive.dll
    FF - plugin: c:\program files\common files\motive\npMotive.dll
    FF - plugin: c:\program files\common files\motive\npMotiveRequest.dll
    FF - plugin: c:\program files\google\update\1.3.21.165\npGoogleUpdate3.dll
    FF - plugin: c:\program files\guffins\bar\1.bin\NPu4Stub.dll
    FF - plugin: c:\program files\microsoft silverlight\5.1.20513.0\npctrlui.dll
    FF - plugin: c:\program files\veetle\player\npvlc.dll
    FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
    FF - plugin: c:\users\phil\appdata\local\citrix\plugins\104\npappdetector.dll
    FF - plugin: c:\users\phil\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
    FF - ExtSQL: 2013-09-20 09:34; mcciwbch@motive.com; c:\program files\mozilla firefox\extensions\mcciwbch@motive.com.xpi
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1008030.006\SymEFA.sys [2011-10-13 310320]
    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-1-3 226016]
    R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-1-3 29712]
    R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-1-3 243152]
    R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nis\1008030.006\BHDrvx86.sys [2011-10-13 259632]
    R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1008030.006\cchpx86.sys [2011-10-13 467592]
    R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20100218.001\IDSvix86.sys [2010-2-19 343088]
    R2 ATT MAHostService;ATT MAHostService;c:\program files\att\8.3.1.7\ma\bin\MAHostService.exe [2013-8-26 321024]
    R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-9-23 921952]
    R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-9-23 308136]
    R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
    R2 GuffinsService;Guffins Service;c:\progra~1\guffins\bar\1.bin\u4barsvc.exe [2010-10-23 28766]
    R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-10-23 193840]
    R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-6-29 112128]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-12-24 102448]
    .
    =============== File Associations ===============
    .
    FileExt: .txt: GetDiz.Document="c:\program files\getdiz\GetDiz.exe" "%1"
    FileExt: .ini: GetDiz.Document="c:\program files\getdiz\GetDiz.exe" "%1"
    .
    =============== Created Last 30 ================
    .
    2013-10-10 22:00:26 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2013-10-10 21:59:45 15224 ----a-w- c:\windows\system32\sdnclean.exe
    2013-10-10 21:59:32 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
    2013-09-29 20:41:55 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2013-09-26 17:14:24 -------- d-----w- c:\program files\ATT
    2013-09-20 14:35:06 -------- d-----w- c:\program files\ATT-HSI
    2013-09-20 14:34:13 -------- d-----w- c:\program files\common files\Motive
    .
    ==================== Find3M ====================
    .
    2013-09-29 20:41:55 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-08-08 01:45:09 2049536 ----a-w- c:\windows\system32\win32k.sys
    2013-08-02 04:09:35 1548288 ----a-w- c:\windows\system32\WMVDECOD.DLL
    2013-07-31 10:00:20 1800704 ----a-w- c:\windows\system32\jscript9.dll
    2013-07-31 09:52:44 1129472 ----a-w- c:\windows\system32\wininet.dll
    2013-07-31 09:52:34 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
    2013-07-31 09:48:43 142848 ----a-w- c:\windows\system32\ieUnatt.exe
    2013-07-31 09:48:09 420864 ----a-w- c:\windows\system32\vbscript.dll
    2013-07-31 09:45:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    .
    ============= FINISH: 0:38:43.09 ===============

    aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
    Run date: 2013-10-16 00:41:57
    -----------------------------
    00:41:57.398 OS Version: Windows 6.0.6002 Service Pack 2
    00:41:57.398 Number of processors: 1 586 0xF0D
    00:41:57.399 ComputerName: Phil-PC UserName: Phil
    00:42:00.137 Initialize success
    00:44:07.904 The log file has been saved successfully to "C:\Users\Phil\Desktop\aswMBR.txt"

    aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
    Run date: 2013-10-16 00:41:57
    -----------------------------
    00:41:57.398 OS Version: Windows 6.0.6002 Service Pack 2
    00:41:57.398 Number of processors: 1 586 0xF0D
    00:41:57.399 ComputerName: Phil-PC UserName: Phil
    00:42:00.137 Initialize success
    00:44:07.904 The log file has been saved successfully to "C:\Users\Phil\Desktop\aswMBR.txt"
    00:44:17.324 AVAST engine defs: 13101501
    00:44:41.401 The log file has been saved successfully to "C:\Users\Phil\Desktop\aswMBR.txt"

    aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
    Run date: 2013-10-16 00:41:57
    -----------------------------
    00:41:57.398 OS Version: Windows 6.0.6002 Service Pack 2
    00:41:57.398 Number of processors: 1 586 0xF0D
    00:41:57.399 ComputerName: Phil-PC UserName: Phil
    00:42:00.137 Initialize success
    00:44:07.904 The log file has been saved successfully to "C:\Users\Phil\Desktop\aswMBR.txt"
    00:44:17.324 AVAST engine defs: 13101501
    00:44:41.401 The log file has been saved successfully to "C:\Users\Phil\Desktop\aswMBR.txt"
    00:47:32.967 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
    00:47:32.977 Disk 0 Vendor: ST9160310AS HP07 Size: 152627MB BusType: 3
    00:47:33.107 Disk 0 MBR read successfully
    00:47:33.107 Disk 0 MBR scan
    00:47:33.227 Disk 0 unknown MBR code
    00:47:33.297 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 142032 MB offset 63
    00:47:33.427 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10591 MB offset 290883584
    00:47:33.447 Disk 0 scanning sectors +312573952
    00:47:33.537 Disk 0 scanning C:\Windows\system32\drivers
    00:48:00.547 Service scanning
    00:48:51.766 Service ?etadpug C:\Program Files\Google\Desktop\Install\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\ \...\???\{ff24043d-55f8-5ce9-a20a-8337d9b4b888}\GoogleUpdate.exe **HIDDEN**
    00:48:53.060 Modules scanning
    00:49:12.819 Disk 0 trace - called modules:
    00:49:12.859 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS hal.dll PCIIDEX.SYS msahci.sys
    00:49:12.871 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86037ac8]
    00:49:12.877 3 CLASSPNP.SYS[82a0a8b3] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x84df3030]
    00:49:15.747 AVAST engine scan C:\Windows
    00:49:19.950 AVAST engine scan C:\Windows\system32
    00:54:39.928 File: C:\Windows\assembly\GAC\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
    00:57:16.493 AVAST engine scan C:\Windows\system32\drivers
    00:57:58.506 AVAST engine scan C:\Users\Phil
    01:13:43.217 Disk 0 MBR has been saved successfully to "C:\Users\Phil\Desktop\MBR.dat"
    01:13:43.252 The log file has been saved successfully to "C:\Users\Phil\Desktop\aswMBR.txt"

  2. #2
    Security Expert-Emeritus Dakeyras's Avatar
    Join Date
    Sep 2008
    Location
    The Tundra
    Posts
    1,173

    Default

    Hi,

    I have bad news I'm afraid.

    One or more of the identified infections is a variant of the extremely severe Zero Access Rootkit plus undoubtedly other comprising malware!

    OK since we are dealing with the aforementioned infection(s) I would be providing your good self with a disservice if I did not make you aware of the ramifications below:

    This allows hackers to remotely control your computer, steal critical system information and Download and Execute files.

    I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

    Although an attempt could be made to clean this machine, it could never be considered to be truly clean, secure, or trustworthy. We could not say definitively that unknown and unseen malware will have been removed, nor will your system be restored to its pre-infection state. We cannot remedy unknown changes the malware may likely have made in order to allow itself access, nor can we repair the damage it may possibly have caused to vital system files. Additionally, it is quite possible that changes made to the system by the malware may impact negatively on your computer during the removal process. In short, your system may never regain its former stability or its full functionality without a reformat. Therefore, your best and safest course of action is a reformat and reinstallation of the Windows Operating System, and that is the course I strongly recommend.

    Please read these for more information:

    How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

    When Should I Format, How Should I Reinstall

    Next:

    I can attempt to clean this machine(anything I try may not be successful and the machine may loose internet connectivity) but I can't guarantee that it will be at all secure afterwards.

    Should you have any questions, please feel free to ask.

    Please let myself know what you have decided to do in your next post.
    Mammuthus Hibernian Scouserus, member of ASAP and UNITE.

  3. #3
    Security Expert-Emeritus Dakeyras's Avatar
    Join Date
    Sep 2008
    Location
    The Tundra
    Posts
    1,173

    Default

    Due to the lack of feedback this Topic is closed...

    If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh set of DDS logs and a link to your previous thread.

    If it has been less than three days since your last response and you need the thread re-opened, please send a private message (pm). A valid, working link to the closed topic is required.
    Mammuthus Hibernian Scouserus, member of ASAP and UNITE.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •