Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Help with Malware Removal (internet redirect)

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Help with Malware Removal (internet redirect)

Unread postby rasta006 » June 19th, 2011, 12:51 pm

I recently had the Windows Vista Restore bug, where it says your hard drive is all kinds of messed up and then offers a full version of this restore service to fix the errors. I managed to clear that off (as far as I know), but now I'm faced with a redirect to random webpages whenever I'm searching on Google or a similar site. Any insight would be greatly appreciated.

.
DDS (Ver_2011-06-12.02) - NTFSx86
Internet Explorer: 8.0.6001.19088 BrowserJavaVersion: 1.6.0_24
Run by Nick at 10:18:28 on 2011-06-19
Microsoft® Windows Vista™ Enterprise 6.0.6002.2.1252.1.1033.18.2006.784 [GMT -5:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\AEADISRV.EXE
C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
C:\Windows\System32\svchost.exe -k Akamai
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Lenovo\System Update\SUService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Windows Live\Companion\companionuser.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchFilterHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mURLSearchHooks: H - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent
uRun: [usoRDPRVVkvyke] c:\programdata\usoRDPRVVkvyke.exe
uRun: [wImmllaMmJiOJ] c:\programdata\wImmllaMmJiOJ.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [InstaLAN] "c:\program files\belkin\router setup and monitor\BelkinRouterMonitor.exe" startup
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstall ... AA4ADYARwA"&"inst=NwA3AC0ANAAxADQANwA4ADIAMQAyADQALQBGAFAAOQArADYALQBUAEIAOQArADIALQBGAEwAKwA5AC0AWABPADMANgArADEALQBGADkATQA3AEMAKwA1AC0ARgA5AE0AMQAwAEIAKwAyAC0AWABPADkAKwAxAC0ARgA5AE0AMgArADEA"&"prod=90"&"ver=9.0.894
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\device~1.lnk - c:\program files\pixela\mediabrowser le\MBCameraMonitor.exe
mPolicies-explorer: UseDefaultTile = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
mPolicies-system: DisableCAD = 1 (0x1)
mPolicies-system: LogonType = 0 (0x0)
dPolicies-explorer: NoWelcomeScreen = 1 (0x1)
dPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
dPolicies-explorer: NoStrCmpLogical = 1 (0x1)
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.co ... 1.71.0.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://wireless.net.uts.edu.au/dana-ca ... Client.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{0F6C4C99-AE12-43B5-B5AF-947AF8A55D1E} : DhcpNameServer = 68.87.77.134 68.87.72.134
TCP: Interfaces\{70AC67CB-D1F5-457F-B88E-E9D79F2C5DE1} : DhcpNameServer = 68.87.77.134 68.87.72.134
TCP: Interfaces\{D26F9DC7-1359-48AF-B886-552ADB374F12} : DhcpNameServer = 192.168.2.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
Notify: psfus - c:\windows\system32\psqlpwd.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\abc\appdata\roaming\mozilla\firefox\profiles\guul31uy.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.coachingactuaries.com/Exams/ ... ourse.aspx
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=n ... t&hl=en&q=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\users\abc\appdata\roaming\mozilla\firefox\profiles\guul31uy.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\users\abc\appdata\roaming\mozilla\firefox\profiles\guul31uy.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\abc\appdata\local\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\users\abc\appdata\roaming\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\users\abc\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\abc\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-10-13 64288]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2008-7-22 13744]
R1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [2011-6-19 18816]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-1-20 21504]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-8-12 1378040]
R2 smihlp;SMI Helper Driver (smihlp);c:\program files\common files\thinkvantage fingerprint software\drivers\smihlp.sys [2006-12-8 11152]
R2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2008-3-26 55936]
R3 LenovoRd;LenovoRd;c:\windows\system32\drivers\LenovoRd.sys [2008-7-2 81280]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-10-22 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-8-12 15264]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 iaNvStor;Intel(R) Turbo Memory Controller;c:\windows\system32\drivers\iaNvStor.sys [2008-7-2 220696]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2011-06-19 14:59:29 18816 ------w- c:\windows\system32\SAVRKBootTasks.sys
2011-06-19 04:29:11 -------- d-----w- c:\users\abc\appdata\local\Google
2011-06-19 03:19:49 -------- d-----w- c:\program files\Sophos
2011-06-19 03:05:10 -------- d-sh--w- C:\$RECYCLE.BIN
2011-06-17 16:29:46 6962000 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{e42e6df6-10a0-49c6-bfd0-549b756689f7}\mpengine.dll
2011-06-16 16:21:58 79872 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-06-16 16:21:58 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-06-16 16:21:58 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-06-16 16:21:55 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-06-12 19:23:18 -------- d--h--w- c:\users\abc\appdata\local\temp
2011-06-12 05:06:41 -------- d--h--w- c:\users\abc\appdata\roaming\Malwarebytes
2011-06-12 05:06:13 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-12 05:06:11 -------- d-----w- c:\programdata\Malwarebytes
2011-06-12 05:06:08 -------- d--h--w- c:\program files\Malwarebytes' Anti-Malware
2011-05-29 04:03:02 -------- d-----w- c:\windows\system32\Updates
2011-05-29 04:03:01 -------- d-----w- c:\windows\system32\Data
.
==================== Find3M ====================
.
2011-05-28 06:08:58 916480 ----a-w- c:\windows\system32\wininet.dll
2011-05-28 06:04:30 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-05-28 06:04:17 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-05-28 06:04:03 71680 ----a-w- c:\windows\system32\iesetup.dll
2011-05-28 06:04:03 109056 ----a-w- c:\windows\system32\iesysprep.dll
2011-05-28 05:10:26 385024 ----a-w- c:\windows\system32\html.iec
2011-05-28 04:33:03 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2011-05-28 04:31:44 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-05-25 00:14:10 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-02 17:16:14 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 13:25:10 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-29 13:25:09 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-04-21 13:58:27 273408 ----a-w- c:\windows\system32\drivers\afd.sys
2011-04-19 19:19:01 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-04-17 00:26:20 15880 ---ha-w- c:\windows\system32\lsdelete.exe
2011-04-14 14:59:03 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys
.
============= FINISH: 10:20:00.46 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-12.02)
.
Microsoft® Windows Vista™ Enterprise
Boot Device: \Device\HarddiskVolume1
Install Date: 10/6/2008 8:24:13 AM
System Uptime: 6/19/2011 10:06:07 AM (0 hours ago)
.
Motherboard: LENOVO | | 64634XU
Processor: Intel(R) Core(TM)2 Duo CPU T7300 @ 2.00GHz | None | 2001/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 112 GiB total, 14.344 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0000
Manufacturer: Microsoft
Name: 6TO4 Adapter
PNP Device ID: ROOT\*6TO4MP\0000
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET\0000
Service: CVirtA
.
==== System Restore Points ===================
.
RP1097: 6/16/2011 9:22:44 AM - Scheduled Checkpoint
RP1098: 6/16/2011 11:14:49 AM - Windows Update
RP1099: 6/17/2011 11:04:14 AM - Windows Update
RP1100: 6/17/2011 11:29:18 AM - Windows Update
RP1101: 6/19/2011 3:00:18 AM - Windows Update
.
==== Installed Programs ======================
.
Akamai NetSession Interface
Curse Client
GameRanger
Juniper Networks Setup Client
Microsoft .NET Framework 4 Client Profile
Move Media Player
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
.
==== Event Viewer Messages From Past Week ========
.
6/19/2011 10:20:05 AM, Error: disk [11] - The driver detected a controller error on \Device\Harddisk0\DR0.
6/19/2011 10:15:11 AM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.
6/19/2011 10:12:51 AM, Error: Microsoft-Windows-WMPNSS-Service [14344] - A new media server was not initialized because WMCreateDeviceRegistration() encountered error '0xc00d2767'. The Windows Media DRM components on your computer might be corrupted. Verify that protected files play correctly in Windows Media Player, and then restart the WMPNetworkSvc service.
.
==== End Of File ===========================


Thanks for the help.
rasta006
Active Member
 
Posts: 4
Joined: June 19th, 2011, 11:22 am
Advertisement
Register to Remove

Re: Help with Malware Removal (internet redirect)

Unread postby MWR 3 day Mod » June 22nd, 2011, 7:28 pm

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: Help with Malware Removal (internet redirect)

Unread postby Cypher » June 23rd, 2011, 2:54 pm

Hi.
Checking your logs now be right back.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Help with Malware Removal (internet redirect)

Unread postby Cypher » June 23rd, 2011, 3:01 pm

Hi and welcome to Malware Removal Forum.
My name is Cypher, and I will be helping you with your malware problems.
This may or may not, solve other issues you have with your machine.
If you no longer require help i would be grateful if you would let me know.

Before we start please note the following important guidelines.
  • The instructions being given are for YOUR computer and system only!.
    Using these instructions on a different computer, can damage that computer and possibly make it inoperable!
  • If you don't know or understand something, please don't hesitate to ask.
  • Only post your problem at One help site. Applying fixes from multiple help sites can cause problems.
  • Only reply to this thread do not start another, Please continue responding until I give you the "All Clean"
    Absence of symptoms does not mean that everything is clear.
  • Please DO NOT run any other tools or scans whilst I am helping you.
  • Please DO NOT install any other software (or hardware) during the cleaning process.
  • Print each set of instructions... if possible...your Internet connection will not be available during some fix processes.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • Note: No Reply Within 3 Days Will Result In Your Topic Being Closed!

Note: If you haven't done so already, please read this topic ALL USERS OF THIS FORUM MUST READ THIS FIRST where the conditions for receiving help here are explained.
Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.
Backup your data - XP
Backup your data - Vista
Backup your data - windows 7



Quick question is this computer used for business? let me know in your next reply.

Please run DDS again and post both resulting logs.
DDS.txt and Attach.txt contents.

Next.

Security Check

  • Please download Security Check by screen317 from one of the links below:
  • Save it to your Desktop.
  • Right click SecurityCheck.exe And select " Run as administrator " , then follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt
  • Please post the contents of that document.

Next.

Scan With RKUnHooker

  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now right-click on RKUnhookerLE.exe and select "Run As Administrator" to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth, Files, Code Hooks. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • * This can take a while. Please be patient *.
  • Save the report somewhere where you can find it. Click Close.
  • Copy the entire contents of this log in you're next reply.
  • This log can be lengthy you may have to post it in separate replies.
  • Note: You may get the following warning - it is ok - just ignore it:
    "Rootkit Unhooker has detected a parasite inside itself!
    It is recommended to remove parasite, okay?"


Logs/Information to Post in your Next Reply

  • Is your computer used for business?
  • DDS.txt and Attach.txt contents.
  • checkup.txt.
  • RKUnHooker log.
  • Please give me an update on your computers performance.
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Help with Malware Removal (internet redirect)

Unread postby rasta006 » June 23rd, 2011, 7:47 pm

First off, thanks for the assistance. I really appreciate it.
1.No, this computer is a personal-use computer.

2. .
DDS (Ver_2011-06-12.02) - NTFSx86
Internet Explorer: 8.0.6001.19088 BrowserJavaVersion: 1.6.0_24
Run by Nick at 18:43:10 on 2011-06-23
Microsoft® Windows Vista™ Enterprise 6.0.6002.2.1252.1.1033.18.2006.510 [GMT -5:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\ThinkVantage Fingerprint Software\upeksvr.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\AEADISRV.EXE
C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
C:\Windows\System32\svchost.exe -k Akamai
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Prevx\prevx.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Lenovo\System Update\SUService.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Citrix\ICA Client\ssonsvr.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Prevx\prevx.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Windows Live\Companion\companionuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mURLSearchHooks: H - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - c:\program files\divx\divx plus web player\npdivx32.dll
BHO: SafeOnline BHO: {69d72956-317c-44bd-b369-8e44d4ef9801} - c:\windows\system32\PxSecure.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent
uRun: [usoRDPRVVkvyke] c:\programdata\usoRDPRVVkvyke.exe
uRun: [wImmllaMmJiOJ] c:\programdata\wImmllaMmJiOJ.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [InstaLAN] "c:\program files\belkin\router setup and monitor\BelkinRouterMonitor.exe" startup
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [googletalk] c:\program files\google\google talk\googletalk.exe /autostart
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstall ... AA4ADYARwA"&"inst=NwA3AC0ANAAxADQANwA4ADIAMQAyADQALQBGAFAAOQArADYALQBUAEIAOQArADIALQBGAEwAKwA5AC0AWABPADMANgArADEALQBGADkATQA3AEMAKwA1AC0ARgA5AE0AMQAwAEIAKwAyAC0AWABPADkAKwAxAC0ARgA5AE0AMgArADEA"&"prod=90"&"ver=9.0.894
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\device~1.lnk - c:\program files\pixela\mediabrowser le\MBCameraMonitor.exe
mPolicies-explorer: UseDefaultTile = 1 (0x1)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
mPolicies-system: DisableCAD = 1 (0x1)
mPolicies-system: LogonType = 0 (0x0)
dPolicies-explorer: NoWelcomeScreen = 1 (0x1)
dPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
dPolicies-explorer: NoStrCmpLogical = 1 (0x1)
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.co ... 1.71.0.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos-be ... canner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://wireless.net.uts.edu.au/dana-ca ... Client.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{70AC67CB-D1F5-457F-B88E-E9D79F2C5DE1} : DhcpNameServer = 68.87.77.134 68.87.72.134
TCP: Interfaces\{D26F9DC7-1359-48AF-B886-552ADB374F12} : DhcpNameServer = 192.168.2.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
Notify: psfus - c:\windows\system32\psqlpwd.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\abc\appdata\roaming\mozilla\firefox\profiles\guul31uy.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.coachingactuaries.com/Exams/ ... ourse.aspx
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=n ... t&hl=en&q=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\users\abc\appdata\roaming\mozilla\firefox\profiles\guul31uy.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\users\abc\appdata\roaming\mozilla\firefox\profiles\guul31uy.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\abc\appdata\roaming\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\users\abc\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\abc\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-10-13 64288]
R0 pxscan;pxscan;c:\windows\system32\drivers\pxscan.sys [2011-6-21 32008]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2008-7-22 13744]
R1 pxrts;pxrts;c:\windows\system32\drivers\pxrts.sys [2011-6-21 76696]
R1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [2011-6-19 18816]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-1-20 21504]
R2 CSIScanner;CSIScanner;c:\program files\prevx\prevx.exe [2011-6-21 6416120]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-8-12 1378040]
R2 smihlp;SMI Helper Driver (smihlp);c:\program files\common files\thinkvantage fingerprint software\drivers\smihlp.sys [2006-12-8 11152]
R2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2008-3-26 55936]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-8-12 15264]
R3 LenovoRd;LenovoRd;c:\windows\system32\drivers\LenovoRd.sys [2008-7-2 81280]
R3 pxkbf;pxkbf;c:\windows\system32\drivers\pxkbf.sys [2011-6-21 26096]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 9D6B9DBA;9D6B9DBA;c:\windows\system32\9d6b9dba.exe --> c:\windows\system32\9D6B9DBA.exe [?]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-10-22 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 iaNvStor;Intel(R) Turbo Memory Controller;c:\windows\system32\drivers\iaNvStor.sys [2008-7-2 220696]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2011-06-23 13:57:46 -------- d-----w- c:\program files\Trend Micro
2011-06-23 13:57:14 -------- d-s---w- C:\ComboFixes28233C
2011-06-23 13:55:45 -------- d-s---w- C:\ComboFixes20118C
2011-06-22 00:41:37 -------- d-----w- c:\program files\ESET
2011-06-22 00:22:12 71880 ----a-w- c:\windows\system32\PxSecure.dll
2011-06-22 00:22:11 76696 ----a-w- c:\windows\system32\drivers\pxrts.sys
2011-06-22 00:22:11 32008 ----a-w- c:\windows\system32\drivers\pxscan.sys
2011-06-22 00:22:11 26096 ----a-w- c:\windows\system32\drivers\pxkbf.sys
2011-06-22 00:22:11 -------- d-----w- c:\program files\Prevx
2011-06-22 00:22:05 -------- d-----w- c:\programdata\PrevxCSI
2011-06-21 23:59:14 -------- d-s---w- C:\ComboFixes2234C
2011-06-21 23:23:57 -------- d-s---w- C:\ComboFixes31848C
2011-06-21 23:02:34 -------- d-s---w- C:\ComboFixes21469C
2011-06-21 22:21:21 7074640 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{57219340-bb7d-4b67-9812-9336244f162a}\mpengine.dll
2011-06-21 21:49:46 -------- d-s---w- C:\ComboFixes23954C
2011-06-21 21:41:23 -------- d-s---w- C:\ComboFixes
2011-06-21 16:42:27 -------- d-----w- c:\users\abc\appdata\local\Adobe
2011-06-21 04:53:11 -------- d-----w- c:\users\abc\appdata\local\Apps
2011-06-20 15:20:15 -------- d-----w- c:\users\abc\appdata\local\Apple
2011-06-20 15:20:00 -------- d-----w- c:\users\abc\appdata\local\Apple Computer
2011-06-19 14:59:29 18816 ------w- c:\windows\system32\SAVRKBootTasks.sys
2011-06-19 04:29:11 -------- d-----w- c:\users\abc\appdata\local\Google
2011-06-19 03:19:49 -------- d-----w- c:\program files\Sophos
2011-06-19 03:05:10 -------- d-sh--w- C:\$RECYCLE.BIN
2011-06-16 16:21:58 79872 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-06-16 16:21:58 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-06-16 16:21:58 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-06-16 16:21:55 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-06-12 19:23:18 -------- d-----w- c:\users\abc\appdata\local\temp
2011-06-12 05:06:41 -------- d-----w- c:\users\abc\appdata\roaming\Malwarebytes
2011-06-12 05:06:13 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-12 05:06:11 -------- d-----w- c:\programdata\Malwarebytes
2011-06-12 05:06:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-29 04:03:02 -------- d-----w- c:\windows\system32\Updates
2011-05-29 04:03:01 -------- d-----w- c:\windows\system32\Data
.
==================== Find3M ====================
.
2011-05-28 06:08:58 916480 ----a-w- c:\windows\system32\wininet.dll
2011-05-28 06:04:30 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-05-28 06:04:17 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-05-28 06:04:03 71680 ----a-w- c:\windows\system32\iesetup.dll
2011-05-28 06:04:03 109056 ----a-w- c:\windows\system32\iesysprep.dll
2011-05-28 05:10:26 385024 ----a-w- c:\windows\system32\html.iec
2011-05-28 04:33:03 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2011-05-28 04:31:44 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-05-25 00:14:10 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-02 17:16:14 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 13:25:10 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-29 13:25:09 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-04-21 13:58:27 273408 ----a-w- c:\windows\system32\drivers\afd.sys
2011-04-19 19:19:01 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-04-17 00:26:20 15880 ----a-w- c:\windows\system32\lsdelete.exe
2011-04-14 14:59:03 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys
.
============= FINISH: 18:44:05.88 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-12.02)
.
Microsoft® Windows Vista™ Enterprise
Boot Device: \Device\HarddiskVolume1
Install Date: 10/6/2008 8:24:13 AM
System Uptime: 6/23/2011 8:44:20 AM (10 hours ago)
.
Motherboard: LENOVO | | 64634XU
Processor: Intel(R) Core(TM)2 Duo CPU T7300 @ 2.00GHz | None | 2001/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 112 GiB total, 9.905 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0000
Manufacturer: Microsoft
Name: 6TO4 Adapter
PNP Device ID: ROOT\*6TO4MP\0000
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET\0000
Service: CVirtA
.
==== System Restore Points ===================
.
RP1097: 6/16/2011 9:22:44 AM - Scheduled Checkpoint
RP1098: 6/16/2011 11:14:49 AM - Windows Update
RP1099: 6/17/2011 11:04:14 AM - Windows Update
RP1100: 6/17/2011 11:29:18 AM - Windows Update
RP1101: 6/19/2011 3:00:18 AM - Windows Update
RP1102: 6/21/2011 12:28:01 AM - Scheduled Checkpoint
RP1103: 6/21/2011 5:20:21 PM - Windows Update
RP1104: 6/23/2011 10:28:35 AM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
Akamai NetSession Interface
Curse Client
ESET Online Scanner v3
GameRanger
HijackThis 2.0.2
Juniper Networks Setup Client
Microsoft .NET Framework 4 Client Profile
Move Media Player
Prevx
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
.
==== Event Viewer Messages From Past Week ========
.
6/23/2011 6:44:06 PM, Error: disk [11] - The driver detected a controller error on \Device\Harddisk0\DR0.
6/23/2011 6:41:27 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the 9D6B9DBA service to connect.
6/23/2011 6:41:27 PM, Error: Service Control Manager [7000] - The 9D6B9DBA service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================


3.

Results of screen317's Security Check version 0.99.15
Windows Vista Service Pack 2 (UAC is disabled!)
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
ESET Online Scanner v3
Prevx
WMI entry may not exist for antivirus; attempting automatic update.
```````````````````````````````
Anti-malware/Other Utilities Check:

HijackThis 2.0.2
````````````````````````````````
Process Check:
objlist.exe by Laurent

Ad-Aware AAWService.exe
Ad-Aware AAWTray.exe
Trend Micro HijackThis HijackThis.exe
``````````End of Log````````````


4.

RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows Vista
Version 6.0.6002 (Service Pack 2)
Number of processors #2
==============================================
>Drivers
==============================================
0x8C80F000 C:\Windows\system32\DRIVERS\igdkmd32.sys 7315456 bytes (Intel Corporation, Intel Graphics Kernel Mode Driver)
0x82201000 C:\Windows\system32\ntkrnlpa.exe 3907584 bytes (Microsoft Corporation, NT Kernel & System)
0x82201000 PnpManager 3907584 bytes
0x82201000 RAW 3907584 bytes
0x82201000 WMIxWDM 3907584 bytes
0x8D203000 C:\Windows\system32\DRIVERS\NETw4v32.sys 2289664 bytes (Intel Corporation, Intel® Wireless WiFi Link Driver)
0x98470000 Win32k 2113536 bytes
0x98470000 C:\Windows\System32\win32k.sys 2113536 bytes (Microsoft Corporation, Multi-User Win32 Driver)
0x88604000 C:\Windows\System32\Drivers\Ntfs.sys 1114112 bytes (Microsoft Corporation, NT File System Driver)
0x88203000 C:\Windows\system32\drivers\ndis.sys 1093632 bytes (Microsoft Corporation, NDIS 6.0 wrapper driver)
0x8FC04000 C:\Windows\system32\DRIVERS\HSF_DPV.sys 991232 bytes (Conexant Systems, Inc., HSF_DP driver)
0x88407000 C:\Windows\System32\drivers\tcpip.sys 958464 bytes (Microsoft Corporation, TCP/IP Driver)
0x806D9000 C:\Windows\system32\CI.dll 917504 bytes (Microsoft Corporation, Code Integrity Module)
0xAF205000 C:\Windows\system32\drivers\peauth.sys 909312 bytes (Microsoft Corporation, Protected Environment Authentication and Authorization Export Driver)
0x8D093000 C:\Windows\system32\DRIVERS\btkrnl.sys 851968 bytes (Broadcom Corporation., Bluetooth Bus Enumerator)
0x8850C000 C:\Windows\System32\Drivers\dump_iaStor.sys 819200 bytes
0x88006000 C:\Windows\system32\drivers\iastor.sys 819200 bytes (Intel Corporation, Intel Matrix Storage Manager driver - ia32)
0x8FCF6000 C:\Windows\system32\DRIVERS\HSF_CNXT.sys 733184 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0x81A0F000 C:\Windows\system32\drivers\spsys.sys 720896 bytes (Microsoft Corporation, security processor)
0x8CF09000 C:\Windows\System32\drivers\dxgkrnl.sys 655360 bytes (Microsoft Corporation, DirectX Graphics Kernel)
0xAE2F0000 C:\Windows\system32\Drivers\CVPNDRVA.sys 589824 bytes (Cisco Systems, Inc., Cisco Systems VPN Client IPSec Driver)
0x8D006000 C:\Windows\system32\DRIVERS\HDAudBus.sys 577536 bytes (Microsoft Corporation, High Definition Audio Bus Driver)
0x8D80D000 C:\Windows\system32\DRIVERS\rdpdr.sys 561152 bytes (Microsoft Corporation, Microsoft RDP Device redirector)
0x87E05000 C:\Windows\system32\drivers\Wdf01000.sys 507904 bytes (Microsoft Corporation, WDF Dynamic)
0x88145000 C:\Windows\System32\Drivers\ksecdd.sys 462848 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0x8060F000 C:\Windows\system32\mcupdate_GenuineIntel.dll 458752 bytes (Microsoft Corporation, Intel Microcode Update Library)
0x81B16000 C:\Windows\system32\drivers\HTTP.sys 446464 bytes (Microsoft Corporation, HTTP Protocol Stack)
0x90AF6000 C:\Windows\system32\drivers\csc.sys 372736 bytes (Microsoft Corporation, Windows Client Side Caching Driver)
0x8D93E000 C:\Windows\system32\drivers\ADIHdAud.sys 368640 bytes (Analog Devices, Inc., High Definition Audio Function Driver)
0x8D48D000 C:\Windows\system32\DRIVERS\rixdptsk.sys 331776 bytes (REDC, RICOH XD SM Driver)
0xAE280000 C:\Windows\System32\DRIVERS\srv.sys 323584 bytes (Microsoft Corporation, Server driver)
0x87F37000 C:\Windows\System32\drivers\volmgrx.sys 303104 bytes (Microsoft Corporation, Volume Manager Extension Driver)
0x90A01000 C:\Windows\system32\drivers\afd.sys 294912 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0x87E8E000 C:\Windows\system32\drivers\acpi.sys 286720 bytes (Microsoft Corporation, ACPI Driver for NT)
0x80698000 C:\Windows\system32\CLFS.SYS 266240 bytes (Microsoft Corporation, Common Log File System Driver)
0x8D163000 C:\Windows\system32\DRIVERS\storport.sys 266240 bytes (Microsoft Corporation, Microsoft Storage Port Driver)
0x88374000 C:\Windows\system32\DRIVERS\USBPORT.SYS 253952 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0x90AAE000 C:\Windows\system32\DRIVERS\rdbss.sys 245760 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0x88339000 C:\Windows\system32\drivers\NETIO.SYS 241664 bytes (Microsoft Corporation, Network I/O Subsystem)
0x8CFB5000 C:\Windows\system32\DRIVERS\e1e6032.sys 233472 bytes (Intel Corporation, Intel(R) PRO/1000 Adapter NDIS 6 deserialized driver)
0xAE207000 C:\Windows\system32\DRIVERS\mrxsmb10.sys 233472 bytes (Microsoft Corporation, Longhorn SMB Downlevel SubRdr)
0x88714000 C:\Windows\system32\drivers\volsnap.sys 233472 bytes (Microsoft Corporation, Volume Shadow Copy Driver)
0x8D8EF000 C:\Windows\system32\DRIVERS\usbhub.sys 217088 bytes (Microsoft Corporation, Default Hub Driver for USB)
0x881B6000 C:\Windows\system32\DRIVERS\HSFHWAZL.sys 212992 bytes (Conexant Systems, Inc., HSF_HWAZL WDM driver)
0x825BB000 ACPI_HAL 208896 bytes
0x825BB000 C:\Windows\system32\hal.dll 208896 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xAF310000 C:\Windows\System32\Drivers\RDPWD.SYS 208896 bytes (Microsoft Corporation, RDP Terminal Stack Driver)
0x880F4000 C:\Windows\system32\drivers\fltmgr.sys 204800 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0x807CD000 C:\Windows\System32\DRIVERS\netbt.sys 204800 bytes (Microsoft Corporation, MBT Transport driver)
0x8D5B2000 C:\Windows\system32\DRIVERS\msiscsi.sys 192512 bytes (Microsoft Corporation, Microsoft iSCSI Initiator Driver)
0x87F9D000 C:\Windows\system32\DRIVERS\pcmcia.sys 184320 bytes (Microsoft Corporation, PCMCIA Bus Driver)
0x8D998000 C:\Windows\system32\drivers\portcls.sys 184320 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0x8830E000 C:\Windows\system32\drivers\msrpc.sys 176128 bytes (Microsoft Corporation, Kernel Remote Procedure Call Provider)
0x8D51A000 C:\Windows\system32\DRIVERS\SynTP.sys 176128 bytes (Synaptics, Inc., Synaptics Touchpad Driver)
0x8D8AE000 C:\Windows\system32\DRIVERS\ks.sys 172032 bytes (Microsoft Corporation, Kernel CSA Library)
0x81ACF000 C:\Windows\system32\DRIVERS\nwifi.sys 172032 bytes (Microsoft Corporation, NativeWiFi Miniport Driver)
0xAE258000 C:\Windows\System32\DRIVERS\srv2.sys 163840 bytes (Microsoft Corporation, Smb 2.0 Server driver)
0x88764000 C:\Windows\System32\drivers\ecache.sys 159744 bytes (Microsoft Corporation, Special Memory Device Cache)
0x87EE5000 C:\Windows\system32\drivers\pci.sys 159744 bytes (Microsoft Corporation, NT Plug and Play PCI Enumerator)
0x8D9C5000 C:\Windows\system32\drivers\drmk.sys 151552 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0x8878B000 C:\Windows\System32\DRIVERS\fvevol.sys 147456 bytes (Microsoft Corporation, BitLocker Drive Encryption Driver)
0x8D1BB000 C:\Windows\system32\DRIVERS\ndiswan.sys 143360 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0x887C0000 C:\Windows\system32\drivers\CLASSPNP.SYS 135168 bytes (Microsoft Corporation, SCSI Class System Dll)
0x81BCE000 C:\Windows\system32\drivers\mrxdav.sys 135168 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0x883DB000 C:\Windows\System32\drivers\VIDEOPRT.SYS 135168 bytes (Microsoft Corporation, Video Port Driver)
0x90BBC000 C:\Windows\system32\DRIVERS\mrxsmb.sys 126976 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0x880D6000 C:\Windows\system32\drivers\ataport.SYS 122880 bytes (Microsoft Corporation, ATAPI Driver Extension)
0x8D589000 C:\Windows\system32\DRIVERS\dne2000.sys 122880 bytes (Deterministic Networks, Inc., Deterministic Network Enhancer)
0x81B83000 C:\Windows\System32\DRIVERS\srvnet.sys 118784 bytes (Microsoft Corporation, Server Network driver)
0x884F1000 C:\Windows\System32\drivers\fwpkclnt.sys 110592 bytes (Microsoft Corporation, FWP/IPsec Kernel-Mode API)
0x90B9F000 C:\Windows\system32\drivers\luafv.sys 110592 bytes (Microsoft Corporation, LUA File Virtualization Filter Driver)
0x8D450000 C:\Windows\system32\DRIVERS\sdbus.sys 106496 bytes (Microsoft Corporation, SecureDigital Bus Driver)
0x81BA0000 C:\Windows\system32\DRIVERS\bowser.sys 102400 bytes (Microsoft Corporation, NT Lan Manager Datagram Receiver Driver)
0x8D562000 C:\Windows\system32\DRIVERS\cdrom.sys 98304 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xAE240000 C:\Windows\system32\DRIVERS\mrxsmb20.sys 98304 bytes (Microsoft Corporation, Longhorn SMB 2.0 Redirector)
0x90B51000 C:\Windows\System32\Drivers\dfsc.sys 94208 bytes (Microsoft Corporation, DFS Namespace Client Driver)
0x8D1A4000 C:\Windows\system32\DRIVERS\rasl2tp.sys 94208 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xAF343000 C:\Windows\system32\DRIVERS\cdfs.sys 90112 bytes (Microsoft Corporation, CD-ROM File System Driver)
0x90A49000 C:\Windows\system32\DRIVERS\pacer.sys 90112 bytes (Microsoft Corporation, QoS Packet Scheduler)
0x881EA000 C:\Windows\system32\DRIVERS\tdx.sys 90112 bytes (Microsoft Corporation, TDI Translation Driver)
0x81BB9000 C:\Windows\System32\drivers\mpsdrv.sys 86016 bytes (Microsoft Corporation, Microsoft Protection Service Driver)
0x883C6000 C:\Windows\system32\DRIVERS\rassstp.sys 86016 bytes (Microsoft Corporation, RAS SSTP Miniport Call Manager)
0x87FE0000 C:\Windows\System32\Drivers\LenovoRd.sys 81920 bytes (Lenovo, Smart Card Reader Driver)
0x883B2000 C:\Windows\system32\DRIVERS\raspptp.sys 81920 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0x8D479000 C:\Windows\system32\DRIVERS\rimsptsk.sys 81920 bytes (REDC, RICOH MS Driver)
0x807B9000 C:\Windows\system32\DRIVERS\smb.sys 81920 bytes (Microsoft Corporation, SMB Transport driver)
0x8D4DE000 C:\Windows\system32\DRIVERS\i8042prt.sys 77824 bytes (Microsoft Corporation, i8042 Port Driver)
0x81B03000 C:\Windows\system32\DRIVERS\rspndr.sys 77824 bytes (Microsoft Corporation, Link-Layer Topology Responder Driver for NDIS 6)
0x90A87000 C:\Windows\system32\DRIVERS\wanarp.sys 77824 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0x887AF000 C:\Windows\system32\drivers\disk.sys 69632 bytes (Microsoft Corporation, PnP Disk Driver)
0x90B75000 C:\Windows\System32\Drivers\dump_dumpfve.sys 69632 bytes
0x8D92D000 C:\Windows\System32\Drivers\NDProxy.SYS 69632 bytes (Microsoft Corporation, NDIS Proxy)
0x8067F000 C:\Windows\system32\PSHED.dll 69632 bytes (Microsoft Corporation, Platform Specific Hardware Error Driver)
0x8FDB6000 C:\Windows\System32\drivers\pxrts.sys 69632 bytes (Prevx, Prevx Realtime Security)
0x8FDCC000 C:\Windows\System32\Drivers\btwusb.sys 65536 bytes (Broadcom Corporation., Driver for Bluetooth USB Devices)
0x88126000 C:\Windows\system32\drivers\fileinfo.sys 65536 bytes (Microsoft Corporation, FileInfo Filter Driver)
0x8D4F3000 C:\Windows\system32\DRIVERS\HIDCLASS.SYS 65536 bytes (Microsoft Corporation, Hid Class Library)
0x81ABF000 C:\Windows\system32\DRIVERS\lltdio.sys 65536 bytes (Microsoft Corporation, Link-Layer Topology Mapper I/O Driver)
0x87FCA000 C:\Windows\System32\drivers\mountmgr.sys 65536 bytes (Microsoft Corporation, Mount Point Manager)
0x8D432000 C:\Windows\system32\DRIVERS\ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0x8D896000 C:\Windows\system32\DRIVERS\termdd.sys 65536 bytes (Microsoft Corporation, Terminal Server Driver)
0x885F0000 C:\Windows\system32\DRIVERS\intelppm.sys 61440 bytes (Microsoft Corporation, Processor Device Driver)
0x88136000 C:\Windows\system32\DRIVERS\Lbd.sys 61440 bytes (Lavasoft AB, Boot Driver)
0x90B90000 C:\Windows\system32\DRIVERS\monitor.sys 61440 bytes (Microsoft Corporation, Monitor Driver)
0x88755000 C:\Windows\System32\Drivers\mup.sys 61440 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0x87F0C000 C:\Windows\System32\drivers\partmgr.sys 61440 bytes (Microsoft Corporation, Partition Management Driver)
0x8D1DE000 C:\Windows\system32\DRIVERS\raspppoe.sys 61440 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0x8D46A000 C:\Windows\system32\DRIVERS\rimmptsk.sys 61440 bytes (REDC, RICOH SD Driver)
0x8C800000 C:\Windows\system32\DRIVERS\usbehci.sys 61440 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0x87F28000 C:\Windows\system32\drivers\volmgr.sys 61440 bytes (Microsoft Corporation, Volume Manager Driver)
0x8D442000 C:\Windows\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0x986B0000 C:\Windows\System32\cdd.dll 57344 bytes (Microsoft Corporation, Canonical Display Driver)
0x90A5F000 C:\Windows\system32\DRIVERS\netbios.sys 57344 bytes (Microsoft Corporation, NetBIOS interface driver)
0x8D1ED000 C:\Windows\System32\Drivers\Npfs.SYS 57344 bytes (Microsoft Corporation, NPFS Driver)
0x87F88000 C:\Windows\system32\DRIVERS\PCIIDEX.SYS 57344 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0x90B68000 C:\Windows\System32\Drivers\crashdmp.sys 53248 bytes (Microsoft Corporation, Crash Dump Driver)
0x8FDA9000 C:\Windows\system32\drivers\modem.sys 53248 bytes (Microsoft Corporation, Modem Device Driver)
0x8D8E2000 C:\Windows\system32\DRIVERS\umbus.sys 53248 bytes (Microsoft Corporation, User-Mode Bus Enumerator)
0x87E81000 C:\Windows\system32\drivers\WDFLDR.SYS 53248 bytes (Microsoft Corporation, WDFLDR)
0xAF2ED000 C:\Windows\System32\drivers\tcpipreg.sys 49152 bytes (Microsoft Corporation, TCP/IP Registry Compatibility Driver)
0xAF304000 C:\Windows\System32\DRIVERS\tssecsrv.sys 49152 bytes (Microsoft Corporation, TS Security Filter Driver)
0x8FDF3000 C:\Windows\System32\drivers\vga.sys 49152 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0x8CFA9000 C:\Windows\System32\drivers\watchdog.sys 49152 bytes (Microsoft Corporation, Watchdog Driver)
0x8D5A7000 C:\Windows\system32\DRIVERS\dsNcAdpt.sys 45056 bytes (Juniper Networks, dsNcAdapter)
0x8D50F000 C:\Windows\system32\DRIVERS\kbdclass.sys 45056 bytes (Microsoft Corporation, Keyboard Class Driver)
0x8D547000 C:\Windows\system32\DRIVERS\mouclass.sys 45056 bytes (Microsoft Corporation, Mouse Class Driver)
0x8D800000 C:\Windows\System32\Drivers\Msfs.SYS 45056 bytes (Microsoft Corporation, Mailslot driver)
0x8D5EC000 C:\Windows\system32\DRIVERS\ndistapi.sys 45056 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0x885E5000 C:\Windows\System32\Drivers\SMCLIB.SYS 45056 bytes (Microsoft Corporation, Smard Card Driver Library)
0x87FF4000 C:\Windows\System32\Drivers\tcusb.sys 45056 bytes (UPEK Inc., TouchChip USB Kernel Driver)
0x8D5E1000 C:\Windows\system32\DRIVERS\TDI.SYS 45056 bytes (Microsoft Corporation, TDI Wrapper)
0xAF2F9000 C:\Windows\system32\drivers\tdtcp.sys 45056 bytes (Microsoft Corporation, TCP Transport Driver)
0x8CFEE000 C:\Windows\system32\DRIVERS\usbuhci.sys 45056 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0x87F1E000 C:\Windows\system32\DRIVERS\BATTC.SYS 40960 bytes (Microsoft Corporation, Battery Class Driver)
0x90B86000 C:\Windows\System32\drivers\Dxapi.sys 40960 bytes (Microsoft Corporation, DirectX API Driver)
0x8D8D8000 C:\Windows\system32\DRIVERS\mssmbios.sys 40960 bytes (Microsoft Corporation, System Management BIOS Driver)
0x81AF9000 C:\Windows\system32\DRIVERS\ndisuio.sys 40960 bytes (Microsoft Corporation, NDIS User mode I/O driver)
0x90AEA000 C:\Windows\system32\drivers\nsiproxy.sys 40960 bytes (Microsoft Corporation, NSI Proxy)
0xAF2E3000 C:\Windows\System32\Drivers\secdrv.SYS 40960 bytes (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K., Macrovision SECURITY Driver)
0xAE2CF000 C:\Windows\system32\DRIVERS\asyncmac.sys 36864 bytes (Microsoft Corporation, MS Remote Access serial network driver)
0xAF374000 C:\Windows\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0x887E1000 C:\Windows\system32\drivers\crcdisk.sys 36864 bytes (Microsoft Corporation, Disk Block Verification Filter Driver)
0x8FDDC000 C:\Windows\System32\Drivers\Fs_Rec.SYS 36864 bytes (Microsoft Corporation, File System Recognizer Driver)
0x8D924000 C:\Windows\system32\DRIVERS\kbdhid.sys 36864 bytes (Microsoft Corporation, HID Keyboard Filter Driver)
0x8D5F7000 C:\Windows\System32\DRIVERS\rasacd.sys 36864 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0x98690000 C:\Windows\System32\TSDDD.dll 36864 bytes (Microsoft Corporation, Framebuffer Display Driver)
0x887F7000 C:\Windows\system32\DRIVERS\tunmp.sys 36864 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0x8D580000 C:\Windows\system32\DRIVERS\wmiacpi.sys 36864 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0x87ED4000 C:\Windows\system32\drivers\WMILIB.SYS 36864 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0x880CE000 C:\Windows\system32\drivers\atapi.sys 32768 bytes (Microsoft Corporation, ATAPI IDE Miniport Driver)
0x8D552000 C:\Windows\system32\DRIVERS\atmeltpm.sys 32768 bytes (Atmel, Inc., Atmel TPM Driver)
0x80690000 C:\Windows\system32\BOOTVID.dll 32768 bytes (Microsoft Corporation, VGA Boot Driver)
0xAF35E000 C:\Users\abc\AppData\Local\Temp\catchme.sys 32768 bytes
0x87EDD000 C:\Windows\system32\drivers\msisadrv.sys 32768 bytes (Microsoft Corporation, ISA Driver)
0x8D9EA000 C:\Windows\System32\DRIVERS\RDPCDD.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x8D9F2000 C:\Windows\system32\drivers\rdpencdd.sys 32768 bytes (Microsoft Corporation, RDP Miniport)
0x90AA6000 C:\Windows\System32\drivers\Smapint.sys 32768 bytes (Microsoft Corporation, SMAPI I/O)
0x8874D000 C:\Windows\System32\Drivers\spldr.sys 32768 bytes (Microsoft Corporation, loader for security processor)
0x8FDEC000 C:\Windows\System32\Drivers\Beep.SYS 28672 bytes (Microsoft Corporation, BEEP Driver)
0x8D503000 C:\Windows\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0x87F81000 C:\Windows\system32\DRIVERS\intelide.sys 28672 bytes (Microsoft Corporation, Intel PCI IDE Driver)
0x80608000 C:\Windows\system32\kdcom.dll 28672 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xAF36D000 C:\Users\abc\AppData\Local\Temp\mbr.sys 28672 bytes
0x8FDE5000 C:\Windows\System32\Drivers\Null.SYS 28672 bytes (Microsoft Corporation, NULL Driver)
0x87F96000 C:\Windows\system32\drivers\pciide.sys 28672 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0x8D57A000 C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0x8D8A6000 C:\Windows\system32\DRIVERS\psadd.sys 24576 bytes (Lenovo (United States) Inc., SMBIOS Driver)
0x87FDA000 C:\Windows\System32\drivers\pxscan.sys 24576 bytes (Prevx, Prevx Scanner)
0x90AA0000 C:\Windows\System32\drivers\TDSMAPI.SYS 24576 bytes
0x90A9A000 C:\Windows\System32\drivers\Tppwr32v.sys 24576 bytes
0x8D50A000 C:\Windows\System32\drivers\pxkbf.sys 20480 bytes (Prevx, Prevx Keyboard Security)
0x8FDC7000 C:\Windows\system32\SAVRKBootTasks.sys 20480 bytes (Sophos Plc, Sophos boot tasks for Windows 2000)
0x8D55A000 C:\Windows\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0x8D55E000 C:\Windows\system32\DRIVERS\ibmpmdrv.sys 16384 bytes (Lenovo., ThinkPad Power Management Driver)
0xAE380000 C:\Windows\system32\DRIVERS\mdmxsdk.sys 16384 bytes (Conexant, Diagnostic Interface x86 Driver)
0x87F1B000 C:\Windows\system32\DRIVERS\compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0xAF359000 C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys 12288 bytes
0xAF35C000 C:\Windows\system32\Drivers\PROCEXP113.SYS 8192 bytes
0x90BBA000 C:\Program Files\Common Files\ThinkVantage Fingerprint Software\Drivers\smihlp.sys 8192 bytes (UPEK Inc., SMI helper driver)
0x90AF4000 C:\Windows\system32\DRIVERS\smiif32.sys 8192 bytes (Lenovo Group Limited, SMI Driver for Lenovo system)
0x8D8AC000 C:\Windows\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0x8D4F1000 C:\Windows\system32\DRIVERS\tkbtnpn.sys 8192 bytes (Lenovo, ThinkPad Tablet Keyboard and Buttons HID Driver)
0x8D545000 C:\Windows\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
==============================================
>Stealth
==============================================
0x88714000 WARNING: Virus alike driver modification [volsnap.sys], 233472 bytes
0x86966288 Unknown page with executable code, 3448 bytes
0x8696AE7A Unknown thread object [ ETHREAD 0x86935D78 ] TID: 300, 600 bytes
0x8696D008 Unknown thread object [ ETHREAD 0x86B95AA0 ] TID: 304, 600 bytes
==============================================
>Files
==============================================
==============================================
>Hooks
==============================================
ntkrnlpa.exe+0x000A87AA, Type: Inline - RelativeJump 0x822A97AA-->822A97B1 [ntkrnlpa.exe]
ntkrnlpa.exe+0x000AC914, Type: Inline - RelativeJump 0x822AD914-->822AD8F5 [ntkrnlpa.exe]
ntkrnlpa.exe+0x000AC9A4, Type: Inline - RelativeJump 0x822AD9A4-->822AD986 [ntkrnlpa.exe]
[1556]plugin-container.exe-->kernel32.dll-->GetCurrentProcess, Type: IAT modification 0x00402008-->59002683 [unknown_code_page]
[1556]plugin-container.exe-->kernel32.dll-->GetCurrentProcessId, Type: IAT modification 0x00402014-->5FBE7C10 [unknown_code_page]
[1556]plugin-container.exe-->kernel32.dll-->GetCurrentThreadId, Type: IAT modification 0x00402030-->FF331000 [unknown_code_page]
[1556]plugin-container.exe-->kernel32.dll-->GetSystemTimeAsFileTime, Type: IAT modification 0x00402010-->00B880FE [QuickTime.dll]
[1556]plugin-container.exe-->kernel32.dll-->GetTickCount, Type: IAT modification 0x00402018-->3353C35E [unknown_code_page]
[1556]plugin-container.exe-->kernel32.dll-->InterlockedCompareExchange, Type: IAT modification 0x00402024-->E8057557 [unknown_code_page]
[1556]plugin-container.exe-->kernel32.dll-->InterlockedExchange, Type: IAT modification 0x0040202C-->ACE4358B [unknown_code_page]
[1556]plugin-container.exe-->kernel32.dll-->IsDebuggerPresent, Type: IAT modification 0x00402000-->E836FFE2 [unknown_code_page]
[1556]plugin-container.exe-->kernel32.dll-->QueryPerformanceCounter, Type: IAT modification 0x0040201C-->8C1D39DB [unknown_code_page]
[1556]plugin-container.exe-->kernel32.dll-->SetUnhandledExceptionFilter, Type: IAT modification 0x00402020-->561000B8 [unknown_code_page]
[1556]plugin-container.exe-->kernel32.dll-->Sleep, Type: IAT modification 0x00402028-->00001F83 [unknown_code_page]
[1556]plugin-container.exe-->kernel32.dll-->TerminateProcess, Type: IAT modification 0x0040200C-->8104C683 [unknown_code_page]
[1556]plugin-container.exe-->kernel32.dll-->UnhandledExceptionFilter, Type: IAT modification 0x00402004-->FFFFFC11 [unknown_code_page]
[2828]SUService.exe-->advapi32.dll-->kernel32.dll-->CopyFileW, Type: IAT modification 0x77C8151C-->6FB5F4C6 [AcGenral.dll]
[2828]SUService.exe-->advapi32.dll-->kernel32.dll-->CreateFileW, Type: IAT modification 0x77C816D0-->6FB60F61 [AcGenral.dll]
[2828]SUService.exe-->advapi32.dll-->kernel32.dll-->DeleteFileW, Type: IAT modification 0x77C81664-->6FB5F635 [AcGenral.dll]
[2828]SUService.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77C814BC-->701C4618 [shimeng.dll]
[2828]SUService.exe-->advapi32.dll-->kernel32.dll-->MoveFileW, Type: IAT modification 0x77C81668-->6FB5F6FF [AcGenral.dll]
[2828]SUService.exe-->advapi32.dll-->kernel32.dll-->OpenFile, Type: IAT modification 0x77C81514-->6FB5F854 [AcGenral.dll]
[2828]SUService.exe-->crypt32.dll-->advapi32.dll-->RegCreateKeyExA, Type: IAT modification 0x73C01004-->6FB600FA [AcGenral.dll]
[2828]SUService.exe-->crypt32.dll-->advapi32.dll-->RegCreateKeyExW, Type: IAT modification 0x73C01000-->6FB60209 [AcGenral.dll]
[2828]SUService.exe-->crypt32.dll-->advapi32.dll-->RegDeleteValueW, Type: IAT modification 0x73C0106C-->6FB608C9 [AcGenral.dll]
[2828]SUService.exe-->crypt32.dll-->advapi32.dll-->RegOpenKeyExA, Type: IAT modification 0x73C0100C-->6FB60311 [AcGenral.dll]
[2828]SUService.exe-->crypt32.dll-->advapi32.dll-->RegOpenKeyExW, Type: IAT modification 0x73C01008-->6FB603E5 [AcGenral.dll]
[2828]SUService.exe-->crypt32.dll-->advapi32.dll-->RegSetValueExA, Type: IAT modification 0x73C01088-->6FB606CB [AcGenral.dll]
[2828]SUService.exe-->crypt32.dll-->advapi32.dll-->RegSetValueExW, Type: IAT modification 0x73C01054-->6FB60777 [AcGenral.dll]
[2828]SUService.exe-->crypt32.dll-->kernel32.dll-->CreateFileA, Type: IAT modification 0x73C0139C-->6FB60E45 [AcGenral.dll]
[2828]SUService.exe-->crypt32.dll-->kernel32.dll-->CreateFileW, Type: IAT modification 0x73C01298-->6FB60F61 [AcGenral.dll]
[2828]SUService.exe-->crypt32.dll-->kernel32.dll-->DeleteFileW, Type: IAT modification 0x73C01324-->6FB5F635 [AcGenral.dll]
[2828]SUService.exe-->crypt32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x73C01288-->701C4618 [shimeng.dll]
[2828]SUService.exe-->crypt32.dll-->kernel32.dll-->SetFileAttributesW, Type: IAT modification 0x73C01328-->6FB5FB76 [AcGenral.dll]
[2828]SUService.exe-->gdi32.dll-->kernel32.dll-->CopyFileW, Type: IAT modification 0x77B61130-->6FB5F4C6 [AcGenral.dll]
[2828]SUService.exe-->gdi32.dll-->kernel32.dll-->CreateFileW, Type: IAT modification 0x77B6119C-->6FB60F61 [AcGenral.dll]
[2828]SUService.exe-->gdi32.dll-->kernel32.dll-->DeleteFileW, Type: IAT modification 0x77B611BC-->6FB5F635 [AcGenral.dll]
[2828]SUService.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77B61170-->701C4618 [shimeng.dll]
[2828]SUService.exe-->shell32.dll-->advapi32.dll-->AccessCheck, Type: IAT modification 0x768E1C04-->6FB5F40A [AcGenral.dll]
[2828]SUService.exe-->shell32.dll-->advapi32.dll-->RegCreateKeyExW, Type: IAT modification 0x768E1B34-->6FB60209 [AcGenral.dll]
[2828]SUService.exe-->shell32.dll-->advapi32.dll-->RegCreateKeyW, Type: IAT modification 0x768E1CB8-->6FB60068 [AcGenral.dll]
[2828]SUService.exe-->shell32.dll-->advapi32.dll-->RegDeleteValueW, Type: IAT modification 0x768E1B54-->6FB608C9 [AcGenral.dll]
[2828]SUService.exe-->shell32.dll-->advapi32.dll-->RegOpenKeyExA, Type: IAT modification 0x768E1CFC-->6FB60311 [AcGenral.dll]
[2828]SUService.exe-->shell32.dll-->advapi32.dll-->RegOpenKeyExW, Type: IAT modification 0x768E1B2C-->6FB603E5 [AcGenral.dll]
[2828]SUService.exe-->shell32.dll-->advapi32.dll-->RegSetValueExW, Type: IAT modification 0x768E1B30-->6FB60777 [AcGenral.dll]
[2828]SUService.exe-->shell32.dll-->advapi32.dll-->RegSetValueW, Type: IAT modification 0x768E1B74-->6FB60623 [AcGenral.dll]
[2828]SUService.exe-->shell32.dll-->advapi32.dll-->SetFileSecurityW, Type: IAT modification 0x768E1CC8-->6FB609C4 [AcGenral.dll]
[2828]SUService.exe-->shell32.dll-->kernel32.dll-->CopyFileW, Type: IAT modification 0x768E125C-->6FB5F4C6 [AcGenral.dll]
[2828]SUService.exe-->shell32.dll-->kernel32.dll-->CreateFileW, Type: IAT modification 0x768E1460-->6FB60F61 [AcGenral.dll]
[2828]SUService.exe-->shell32.dll-->kernel32.dll-->DeleteFileW, Type: IAT modification 0x768E13B4-->6FB5F635 [AcGenral.dll]
[2828]SUService.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x768E1414-->701C4618 [shimeng.dll]
[2828]SUService.exe-->shell32.dll-->kernel32.dll-->MoveFileExW, Type: IAT modification 0x768E13C0-->6FB5F7E4 [AcGenral.dll]
[2828]SUService.exe-->shell32.dll-->kernel32.dll-->MoveFileW, Type: IAT modification 0x768E130C-->6FB5F6FF [AcGenral.dll]
[2828]SUService.exe-->shell32.dll-->kernel32.dll-->SetFileAttributesW, Type: IAT modification 0x768E13B8-->6FB5FB76 [AcGenral.dll]
[2828]SUService.exe-->user32.dll-->advapi32.dll-->RegCreateKeyExW, Type: IAT modification 0x77D51548-->6FB60209 [AcGenral.dll]
[2828]SUService.exe-->user32.dll-->advapi32.dll-->RegOpenKeyExW, Type: IAT modification 0x77D51528-->6FB603E5 [AcGenral.dll]
[2828]SUService.exe-->user32.dll-->advapi32.dll-->RegSetValueExW, Type: IAT modification 0x77D51550-->6FB60777 [AcGenral.dll]
[2828]SUService.exe-->user32.dll-->kernel32.dll-->CopyFileW, Type: IAT modification 0x77D511A8-->6FB5F4C6 [AcGenral.dll]
[2828]SUService.exe-->user32.dll-->kernel32.dll-->CreateFileW, Type: IAT modification 0x77D512B8-->6FB60F61 [AcGenral.dll]
[2828]SUService.exe-->user32.dll-->kernel32.dll-->DeleteFileW, Type: IAT modification 0x77D511B0-->6FB5F635 [AcGenral.dll]
[2828]SUService.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77D51300-->701C4618 [shimeng.dll]
[2828]SUService.exe-->user32.dll-->kernel32.dll-->MoveFileW, Type: IAT modification 0x77D511AC-->6FB5F6FF [AcGenral.dll]
[2828]SUService.exe-->ws2_32.dll-->advapi32.dll-->RegCreateKeyExA, Type: IAT modification 0x4B0D1104-->6FB600FA [AcGenral.dll]
[2828]SUService.exe-->ws2_32.dll-->advapi32.dll-->RegOpenKeyExA, Type: IAT modification 0x4B0D110C-->6FB60311 [AcGenral.dll]
[2828]SUService.exe-->ws2_32.dll-->advapi32.dll-->RegSetValueExA, Type: IAT modification 0x4B0D1114-->6FB606CB [AcGenral.dll]
[2828]SUService.exe-->ws2_32.dll-->advapi32.dll-->RegSetValueExW, Type: IAT modification 0x4B0D1110-->6FB60777 [AcGenral.dll]
[2828]SUService.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x4B0D11E8-->701C4618 [shimeng.dll]
[4988]plugin-container.exe-->user32.dll-->GetWindowInfo, Type: Inline - RelativeJump 0x76F9428E-->642F7187 [xul.dll]
[4988]plugin-container.exe-->user32.dll-->SetWindowLongA, Type: Inline - RelativeJump 0x76F8E7CD-->644C8DD9 [xul.dll]
[4988]plugin-container.exe-->user32.dll-->SetWindowLongW, Type: Inline - RelativeJump 0x76F913B4-->644C8D6B [xul.dll]
[4988]plugin-container.exe-->user32.dll-->TrackPopupMenu, Type: Inline - RelativeJump 0x76FA14F3-->642F7781 [xul.dll]
[5252]iexplore.exe-->advapi32.dll-->CredEnumerateW, Type: Inline - RelativeJump 0x757BA229-->73EA6FB0 [PxSecure.dll]
[5252]iexplore.exe-->advapi32.dll-->CredEnumerateW, Type: Inline - SEH 0x757BA22E [unknown_code_page]
[5252]iexplore.exe-->advapi32.dll-->CredEnumerateW, Type: Inline - SEH 0x757BA22F [unknown_code_page]
[5252]iexplore.exe-->crypt32.dll-->CryptUnprotectData, Type: Inline - RelativeJump 0x74FA501A-->73EA6F30 [PxSecure.dll]
[5252]iexplore.exe-->crypt32.dll-->CryptUnprotectData, Type: Inline - SEH 0x74FA501F [unknown_code_page]
[5252]iexplore.exe-->crypt32.dll-->CryptUnprotectData, Type: Inline - SEH 0x74FA5020 [unknown_code_page]
[5252]iexplore.exe-->kernel32.dll-->CreateThread, Type: Inline - RelativeJump 0x763CC90E-->73EA7090 [PxSecure.dll]
[5252]iexplore.exe-->kernel32.dll-->OutputDebugStringA, Type: Inline - RelativeJump 0x763C0264-->73EA7D60 [PxSecure.dll]
[5252]iexplore.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x77084224-->73EA7940 [PxSecure.dll]
[5252]iexplore.exe-->ntdll.dll-->NtCreateSection, Type: Inline - RelativeJump 0x77084314-->73EA7A60 [PxSecure.dll]
[5252]iexplore.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x77084A04-->73EA78D0 [PxSecure.dll]
[5252]iexplore.exe-->ntdll.dll-->NtOpenSection, Type: Inline - RelativeJump 0x77084AB4-->73EA7B00 [PxSecure.dll]
[5252]iexplore.exe-->ntdll.dll-->NtWriteFile, Type: Inline - RelativeJump 0x77085494-->73EA7B40 [PxSecure.dll]
[5252]iexplore.exe-->user32.dll-->CallNextHookEx, Type: Inline - RelativeJump 0x76F88E3B-->6BE7D0CD [ieframe.dll]
[5252]iexplore.exe-->user32.dll-->CreateWindowExW, Type: Inline - RelativeJump 0x76F91305-->6BE8DB04 [ieframe.dll]
[5252]iexplore.exe-->user32.dll-->DialogBoxIndirectParamA, Type: Inline - RelativeJump 0x76FC847D-->6BF8538C [ieframe.dll]
[5252]iexplore.exe-->user32.dll-->DialogBoxIndirectParamW, Type: Inline - RelativeJump 0x76FB2EF5-->6BF85329 [ieframe.dll]
[5252]iexplore.exe-->user32.dll-->DialogBoxParamA, Type: Inline - RelativeJump 0x76FC8152-->6BF852C6 [ieframe.dll]
[5252]iexplore.exe-->user32.dll-->DialogBoxParamW, Type: Inline - RelativeJump 0x76FB10B0-->6BDB54C5 [ieframe.dll]
[5252]iexplore.exe-->user32.dll-->MessageBoxExA, Type: Inline - RelativeJump 0x76FDD639-->6BF8518E [ieframe.dll]
[5252]iexplore.exe-->user32.dll-->MessageBoxExW, Type: Inline - RelativeJump 0x76FDD65D-->6BF8512C [ieframe.dll]
[5252]iexplore.exe-->user32.dll-->MessageBoxIndirectA, Type: Inline - RelativeJump 0x76FDD4D9-->6BF8525B [ieframe.dll]
[5252]iexplore.exe-->user32.dll-->MessageBoxIndirectW, Type: Inline - RelativeJump 0x76FDD5D3-->6BF851F0 [ieframe.dll]
[5252]iexplore.exe-->user32.dll-->PostMessageA, Type: Inline - RelativeJump 0x76F8F8F8-->73EA6E90 [PxSecure.dll]
[5252]iexplore.exe-->user32.dll-->PostMessageW, Type: Inline - RelativeJump 0x76F9A175-->73EA6ED0 [PxSecure.dll]
[5252]iexplore.exe-->user32.dll-->PostThreadMessageA, Type: Inline - RelativeJump 0x76F8BD34-->73EA2720 [PxSecure.dll]
[5252]iexplore.exe-->user32.dll-->PostThreadMessageW, Type: Inline - RelativeJump 0x76F97C8E-->73EA2740 [PxSecure.dll]
[5252]iexplore.exe-->user32.dll-->SendMessageA, Type: Inline - RelativeJump 0x76F8F956-->73EA69D0 [PxSecure.dll]
[5252]iexplore.exe-->user32.dll-->SendMessageCallbackA, Type: Inline - RelativeJump 0x76FE2CA7-->73EA6D70 [PxSecure.dll]
[5252]iexplore.exe-->user32.dll-->SendMessageCallbackW, Type: Inline - RelativeJump 0x76F94570-->73EA6DC0 [PxSecure.dll]
[5252]iexplore.exe-->user32.dll-->SendMessageTimeoutA, Type: Inline - RelativeJump 0x76FB0006-->73EA6CD0 [PxSecure.dll]
[5252]iexplore.exe-->user32.dll-->SendMessageTimeoutW, Type: Inline - RelativeJump 0x76F9352D-->73EA6D20 [PxSecure.dll]
[5252]iexplore.exe-->user32.dll-->SendMessageW, Type: Inline - RelativeJump 0x76FA0AED-->73EA6AA0 [PxSecure.dll]
[5252]iexplore.exe-->user32.dll-->SendNotifyMessageA, Type: Inline - RelativeJump 0x76FADFCF-->73EA6C50 [PxSecure.dll]
[5252]iexplore.exe-->user32.dll-->SendNotifyMessageW, Type: Inline - RelativeJump 0x76F893D6-->73EA6C90 [PxSecure.dll]
[5252]iexplore.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x76F887AD-->6BE89A91 [ieframe.dll]
[5252]iexplore.exe-->user32.dll-->SetWindowTextW, Type: Inline - RelativeJump 0x76F99815-->73EA7800 [PxSecure.dll]
[5252]iexplore.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x76F898DB-->6BDF466E [ieframe.dll]
[5252]iexplore.exe-->wininet.dll-->HttpSendRequestA, Type: Inline - RelativeJump 0x7584EE89-->73EA2760 [PxSecure.dll]
[5252]iexplore.exe-->wininet.dll-->HttpSendRequestExA, Type: Inline - RelativeJump 0x758AA642-->73EA2820 [PxSecure.dll]
[5252]iexplore.exe-->wininet.dll-->HttpSendRequestExW, Type: Inline - RelativeJump 0x758AA69B-->73EA27F0 [PxSecure.dll]
[5252]iexplore.exe-->wininet.dll-->HttpSendRequestW, Type: Inline - RelativeJump 0x7583FABE-->73EA27C0 [PxSecure.dll]
[5252]iexplore.exe-->wininet.dll-->InternetWriteFile, Type: Inline - RelativeJump 0x75896076-->73EA2790 [PxSecure.dll]
[5252]iexplore.exe-->ws2_32.dll-->closesocket, Type: Inline - RelativeJump 0x7718330C-->0070000A [unknown_code_page]
[5252]iexplore.exe-->ws2_32.dll-->connect, Type: Inline - RelativeJump 0x771840D9-->73EA28D0 [PxSecure.dll]
[5252]iexplore.exe-->ws2_32.dll-->sendto, Type: Inline - RelativeJump 0x771867C5-->73EA2890 [PxSecure.dll]
[5252]iexplore.exe-->ws2_32.dll-->WSAConnect, Type: Inline - RelativeJump 0x7718D7B0-->73EA2850 [PxSecure.dll]
[5252]iexplore.exe-->ws2_32.dll-->WSASend, Type: Inline - RelativeJump 0x77184496-->73EA2910 [PxSecure.dll]
[5252]iexplore.exe-->ws2_32.dll-->WSASocketW, Type: Inline - RelativeJump 0x771834EB-->73EA2950 [PxSecure.dll]
[5252]iexplore.exe-->ws2_32.dll-->WSASocketW, Type: Inline - SEH 0x771834F0 [unknown_code_page]
[5252]iexplore.exe-->ws2_32.dll-->WSASocketW, Type: Inline - SEH 0x771834F1 [unknown_code_page]
[5488]iexplore.exe-->advapi32.dll-->CredEnumerateW, Type: Inline - RelativeJump 0x757BA229-->73EA6FB0 [PxSecure.dll]
[5488]iexplore.exe-->advapi32.dll-->CredEnumerateW, Type: Inline - SEH 0x757BA22E [unknown_code_page]
[5488]iexplore.exe-->advapi32.dll-->CredEnumerateW, Type: Inline - SEH 0x757BA22F [unknown_code_page]
[5488]iexplore.exe-->crypt32.dll-->CryptUnprotectData, Type: Inline - RelativeJump 0x74FA501A-->73EA6F30 [PxSecure.dll]
[5488]iexplore.exe-->crypt32.dll-->CryptUnprotectData, Type: Inline - SEH 0x74FA501F [unknown_code_page]
[5488]iexplore.exe-->crypt32.dll-->CryptUnprotectData, Type: Inline - SEH 0x74FA5020 [unknown_code_page]
[5488]iexplore.exe-->kernel32.dll-->CreateThread, Type: Inline - RelativeJump 0x763CC90E-->73EA7090 [PxSecure.dll]
[5488]iexplore.exe-->kernel32.dll-->OutputDebugStringA, Type: Inline - RelativeJump 0x763C0264-->73EA7D60 [PxSecure.dll]
[5488]iexplore.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x77084224-->73EA7940 [PxSecure.dll]
[5488]iexplore.exe-->ntdll.dll-->NtCreateSection, Type: Inline - RelativeJump 0x77084314-->73EA7A60 [PxSecure.dll]
[5488]iexplore.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x77084A04-->73EA78D0 [PxSecure.dll]
[5488]iexplore.exe-->ntdll.dll-->NtOpenSection, Type: Inline - RelativeJump 0x77084AB4-->73EA7B00 [PxSecure.dll]
[5488]iexplore.exe-->ntdll.dll-->NtWriteFile, Type: Inline - RelativeJump 0x77085494-->73EA7B40 [PxSecure.dll]
[5488]iexplore.exe-->user32.dll-->CreateWindowExW, Type: Inline - RelativeJump 0x76F91305-->6BE8DB04 [ieframe.dll]
[5488]iexplore.exe-->user32.dll-->DialogBoxIndirectParamA, Type: Inline - RelativeJump 0x76FC847D-->6BF8538C [ieframe.dll]
[5488]iexplore.exe-->user32.dll-->DialogBoxIndirectParamW, Type: Inline - RelativeJump 0x76FB2EF5-->6BF85329 [ieframe.dll]
[5488]iexplore.exe-->user32.dll-->DialogBoxParamA, Type: Inline - RelativeJump 0x76FC8152-->6BF852C6 [ieframe.dll]
[5488]iexplore.exe-->user32.dll-->DialogBoxParamW, Type: Inline - RelativeJump 0x76FB10B0-->6BDB54C5 [ieframe.dll]
[5488]iexplore.exe-->user32.dll-->MessageBoxExA, Type: Inline - RelativeJump 0x76FDD639-->6BF8518E [ieframe.dll]
[5488]iexplore.exe-->user32.dll-->MessageBoxExW, Type: Inline - RelativeJump 0x76FDD65D-->6BF8512C [ieframe.dll]
[5488]iexplore.exe-->user32.dll-->MessageBoxIndirectA, Type: Inline - RelativeJump 0x76FDD4D9-->6BF8525B [ieframe.dll]
[5488]iexplore.exe-->user32.dll-->MessageBoxIndirectW, Type: Inline - RelativeJump 0x76FDD5D3-->6BF851F0 [ieframe.dll]
[5488]iexplore.exe-->user32.dll-->PostMessageA, Type: Inline - RelativeJump 0x76F8F8F8-->73EA6E90 [PxSecure.dll]
[5488]iexplore.exe-->user32.dll-->PostMessageW, Type: Inline - RelativeJump 0x76F9A175-->73EA6ED0 [PxSecure.dll]
[5488]iexplore.exe-->user32.dll-->PostThreadMessageA, Type: Inline - RelativeJump 0x76F8BD34-->73EA2720 [PxSecure.dll]
[5488]iexplore.exe-->user32.dll-->PostThreadMessageW, Type: Inline - RelativeJump 0x76F97C8E-->73EA2740 [PxSecure.dll]
[5488]iexplore.exe-->user32.dll-->SendMessageA, Type: Inline - RelativeJump 0x76F8F956-->73EA69D0 [PxSecure.dll]
[5488]iexplore.exe-->user32.dll-->SendMessageCallbackA, Type: Inline - RelativeJump 0x76FE2CA7-->73EA6D70 [PxSecure.dll]
[5488]iexplore.exe-->user32.dll-->SendMessageCallbackW, Type: Inline - RelativeJump 0x76F94570-->73EA6DC0 [PxSecure.dll]
[5488]iexplore.exe-->user32.dll-->SendMessageTimeoutA, Type: Inline - RelativeJump 0x76FB0006-->73EA6CD0 [PxSecure.dll]
[5488]iexplore.exe-->user32.dll-->SendMessageTimeoutW, Type: Inline - RelativeJump 0x76F9352D-->73EA6D20 [PxSecure.dll]
[5488]iexplore.exe-->user32.dll-->SendMessageW, Type: Inline - RelativeJump 0x76FA0AED-->73EA6AA0 [PxSecure.dll]
[5488]iexplore.exe-->user32.dll-->SendNotifyMessageA, Type: Inline - RelativeJump 0x76FADFCF-->73EA6C50 [PxSecure.dll]
[5488]iexplore.exe-->user32.dll-->SendNotifyMessageW, Type: Inline - RelativeJump 0x76F893D6-->73EA6C90 [PxSecure.dll]
[5488]iexplore.exe-->user32.dll-->SetWindowTextW, Type: Inline - RelativeJump 0x76F99815-->73EA7800 [PxSecure.dll]
[5488]iexplore.exe-->wininet.dll-->HttpSendRequestA, Type: Inline - RelativeJump 0x7584EE89-->73EA2760 [PxSecure.dll]
[5488]iexplore.exe-->wininet.dll-->HttpSendRequestExA, Type: Inline - RelativeJump 0x758AA642-->73EA2820 [PxSecure.dll]
[5488]iexplore.exe-->wininet.dll-->HttpSendRequestExW, Type: Inline - RelativeJump 0x758AA69B-->73EA27F0 [PxSecure.dll]
[5488]iexplore.exe-->wininet.dll-->HttpSendRequestW, Type: Inline - RelativeJump 0x7583FABE-->73EA27C0 [PxSecure.dll]
[5488]iexplore.exe-->wininet.dll-->InternetWriteFile, Type: Inline - RelativeJump 0x75896076-->73EA2790 [PxSecure.dll]
[5488]iexplore.exe-->ws2_32.dll-->connect, Type: Inline - RelativeJump 0x771840D9-->73EA28D0 [PxSecure.dll]
[5488]iexplore.exe-->ws2_32.dll-->sendto, Type: Inline - RelativeJump 0x771867C5-->73EA2890 [PxSecure.dll]
[5488]iexplore.exe-->ws2_32.dll-->WSAConnect, Type: Inline - RelativeJump 0x7718D7B0-->73EA2850 [PxSecure.dll]
[5488]iexplore.exe-->ws2_32.dll-->WSASend, Type: Inline - RelativeJump 0x77184496-->73EA2910 [PxSecure.dll]
[5488]iexplore.exe-->ws2_32.dll-->WSASocketW, Type: Inline - RelativeJump 0x771834EB-->73EA2950 [PxSecure.dll]
[5488]iexplore.exe-->ws2_32.dll-->WSASocketW, Type: Inline - SEH 0x771834F0 [unknown_code_page]
[5488]iexplore.exe-->ws2_32.dll-->WSASocketW, Type: Inline - SEH 0x771834F1 [unknown_code_page]
[896]firefox.exe-->advapi32.dll-->CredEnumerateW, Type: Inline - RelativeJump 0x757BA229-->73EA6FB0 [PxSecure.dll]
[896]firefox.exe-->advapi32.dll-->CredEnumerateW, Type: Inline - SEH 0x757BA22E [unknown_code_page]
[896]firefox.exe-->advapi32.dll-->CredEnumerateW, Type: Inline - SEH 0x757BA22F [unknown_code_page]
[896]firefox.exe-->crypt32.dll-->CryptUnprotectData, Type: Inline - RelativeJump 0x74FA501A-->73EA6F30 [PxSecure.dll]
[896]firefox.exe-->crypt32.dll-->CryptUnprotectData, Type: Inline - SEH 0x74FA501F [unknown_code_page]
[896]firefox.exe-->crypt32.dll-->CryptUnprotectData, Type: Inline - SEH 0x74FA5020 [unknown_code_page]
[896]firefox.exe-->kernel32.dll-->CreateThread, Type: Inline - RelativeJump 0x763CC90E-->73EA7090 [PxSecure.dll]
[896]firefox.exe-->kernel32.dll-->OutputDebugStringA, Type: Inline - RelativeJump 0x763C0264-->73EA7D60 [PxSecure.dll]
[896]firefox.exe-->ntdll.dll-->NtCreateFile, Type: Inline - RelativeJump 0x77084224-->73EA7940 [PxSecure.dll]
[896]firefox.exe-->ntdll.dll-->NtCreateSection, Type: Inline - RelativeJump 0x77084314-->73EA7A60 [PxSecure.dll]
[896]firefox.exe-->ntdll.dll-->NtOpenFile, Type: Inline - RelativeJump 0x77084A04-->73EA78D0 [PxSecure.dll]
[896]firefox.exe-->ntdll.dll-->NtOpenSection, Type: Inline - RelativeJump 0x77084AB4-->73EA7B00 [PxSecure.dll]
[896]firefox.exe-->ntdll.dll-->NtWriteFile, Type: Inline - RelativeJump 0x77085494-->73EA7B40 [PxSecure.dll]
[896]firefox.exe-->user32.dll-->PostMessageA, Type: Inline - RelativeJump 0x76F8F8F8-->73EA6E90 [PxSecure.dll]
[896]firefox.exe-->user32.dll-->PostMessageW, Type: Inline - RelativeJump 0x76F9A175-->73EA6ED0 [PxSecure.dll]
[896]firefox.exe-->user32.dll-->PostThreadMessageA, Type: Inline - RelativeJump 0x76F8BD34-->73EA2720 [PxSecure.dll]
[896]firefox.exe-->user32.dll-->PostThreadMessageW, Type: Inline - RelativeJump 0x76F97C8E-->73EA2740 [PxSecure.dll]
[896]firefox.exe-->user32.dll-->SendMessageA, Type: Inline - RelativeJump 0x76F8F956-->73EA69D0 [PxSecure.dll]
[896]firefox.exe-->user32.dll-->SendMessageCallbackA, Type: Inline - RelativeJump 0x76FE2CA7-->73EA6D70 [PxSecure.dll]
[896]firefox.exe-->user32.dll-->SendMessageCallbackW, Type: Inline - RelativeJump 0x76F94570-->73EA6DC0 [PxSecure.dll]
[896]firefox.exe-->user32.dll-->SendMessageTimeoutA, Type: Inline - RelativeJump 0x76FB0006-->73EA6CD0 [PxSecure.dll]
[896]firefox.exe-->user32.dll-->SendMessageTimeoutW, Type: Inline - RelativeJump 0x76F9352D-->73EA6D20 [PxSecure.dll]
[896]firefox.exe-->user32.dll-->SendMessageW, Type: Inline - RelativeJump 0x76FA0AED-->73EA6AA0 [PxSecure.dll]
[896]firefox.exe-->user32.dll-->SendNotifyMessageA, Type: Inline - RelativeJump 0x76FADFCF-->73EA6C50 [PxSecure.dll]
[896]firefox.exe-->user32.dll-->SendNotifyMessageW, Type: Inline - RelativeJump 0x76F893D6-->73EA6C90 [PxSecure.dll]
[896]firefox.exe-->user32.dll-->SetWindowTextW, Type: Inline - RelativeJump 0x76F99815-->73EA7800 [PxSecure.dll]
[896]firefox.exe-->wininet.dll-->HttpSendRequestA, Type: Inline - RelativeJump 0x7584EE89-->73EA2760 [PxSecure.dll]
[896]firefox.exe-->wininet.dll-->HttpSendRequestExA, Type: Inline - RelativeJump 0x758AA642-->73EA2820 [PxSecure.dll]
[896]firefox.exe-->wininet.dll-->HttpSendRequestExW, Type: Inline - RelativeJump 0x758AA69B-->73EA27F0 [PxSecure.dll]
[896]firefox.exe-->wininet.dll-->HttpSendRequestW, Type: Inline - RelativeJump 0x7583FABE-->73EA27C0 [PxSecure.dll]
[896]firefox.exe-->wininet.dll-->InternetWriteFile, Type: Inline - RelativeJump 0x75896076-->73EA2790 [PxSecure.dll]
[896]firefox.exe-->ws2_32.dll-->closesocket, Type: Inline - RelativeJump 0x7718330C-->008C000A [unknown_code_page]
[896]firefox.exe-->ws2_32.dll-->connect, Type: Inline - RelativeJump 0x771840D9-->73EA28D0 [PxSecure.dll]
[896]firefox.exe-->ws2_32.dll-->sendto, Type: Inline - RelativeJump 0x771867C5-->73EA2890 [PxSecure.dll]
[896]firefox.exe-->ws2_32.dll-->WSAConnect, Type: Inline - RelativeJump 0x7718D7B0-->73EA2850 [PxSecure.dll]
[896]firefox.exe-->ws2_32.dll-->WSASend, Type: Inline - RelativeJump 0x77184496-->73EA2910 [PxSecure.dll]
[896]firefox.exe-->ws2_32.dll-->WSASocketW, Type: Inline - RelativeJump 0x771834EB-->73EA2950 [PxSecure.dll]
[896]firefox.exe-->ws2_32.dll-->WSASocketW, Type: Inline - SEH 0x771834F0 [unknown_code_page]
[896]firefox.exe-->ws2_32.dll-->WSASocketW, Type: Inline - SEH 0x771834F1 [unknown_code_page]
[896]firefox.exe-->wsock32.dll-->recv, Type: Inline - RelativeJump 0x716C1858-->008A000A [unknown_code_page]


5. Computer still seems just like before, nothing has changed too much.

Let me know the next steps. Again, thank you.
rasta006
Active Member
 
Posts: 4
Joined: June 19th, 2011, 11:22 am

Re: Help with Malware Removal (internet redirect)

Unread postby Cypher » June 24th, 2011, 4:55 am

Hi rasta006.
==== Installed Programs ======================
.
Akamai NetSession Interface
Curse Client
ESET Online Scanner v3
GameRanger
HijackThis 2.0.2
Juniper Networks Setup Client
Microsoft .NET Framework 4 Client Profile
Move Media Player
Prevx
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Is this the complete list of programs installed on your computer?
Please run DDS again and post the Attach.txt contents.

Next.

  • Please download this tool from Microsoft.
  • Right click on MGADiag.exe and select Run As Administrator to run it.
  • Click Continue.
  • The program will run. It takes a while to finish the diagnosis, please be patient.
  • Once done, click on Copy.
  • Open Notepad and paste the contents in the window.
  • Save this file and copy/paste it in your next reply.

Next.

Run CKScanner

  • Please download CKScanner from Here
  • Important: - Save it to your desktop.
  • Right-click CKScanner.exe > select " Run as administrator " then click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify the file saved.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

Logs/Information to Post in your Next Reply

  • DDS Attach.txt contents.
  • MGADiag log.
  • CKFiles.txt
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns

Re: Help with Malware Removal (internet redirect)

Unread postby rasta006 » June 24th, 2011, 11:18 am

I ran DDS again and the attach.txt file seems to be the same, but those aren't the only files installed on my computer. Is there any other way I can post all of the programs?

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-12.02)
.
Microsoft® Windows Vista™ Enterprise
Boot Device: \Device\HarddiskVolume1
Install Date: 10/6/2008 8:24:13 AM
System Uptime: 6/23/2011 8:44:20 AM (26 hours ago)
.
Motherboard: LENOVO | | 64634XU
Processor: Intel(R) Core(TM)2 Duo CPU T7300 @ 2.00GHz | None | 2001/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 112 GiB total, 9.107 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft 6to4 Adapter
Device ID: ROOT\*6TO4MP\0000
Manufacturer: Microsoft
Name: 6TO4 Adapter
PNP Device ID: ROOT\*6TO4MP\0000
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET\0000
Service: CVirtA
.
==== System Restore Points ===================
.
RP1097: 6/16/2011 9:22:44 AM - Scheduled Checkpoint
RP1098: 6/16/2011 11:14:49 AM - Windows Update
RP1099: 6/17/2011 11:04:14 AM - Windows Update
RP1100: 6/17/2011 11:29:18 AM - Windows Update
RP1101: 6/19/2011 3:00:18 AM - Windows Update
RP1102: 6/21/2011 12:28:01 AM - Scheduled Checkpoint
RP1103: 6/21/2011 5:20:21 PM - Windows Update
RP1104: 6/23/2011 10:28:35 AM - Scheduled Checkpoint
RP1105: 6/24/2011 - Scheduled Checkpoint
RP1106: 6/24/2011 4:33:33 AM - Windows Update
.
==== Installed Programs ======================
.
Akamai NetSession Interface
Curse Client
ESET Online Scanner v3
GameRanger
HijackThis 2.0.2
Juniper Networks Setup Client
Microsoft .NET Framework 4 Client Profile
Move Media Player
Prevx
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
.
==== Event Viewer Messages From Past Week ========
.
6/24/2011 10:12:28 AM, Error: disk [11] - The driver detected a controller error on \Device\Harddisk0\DR0.
.
==== End Of File ===========================


Diagnostic Report (1.9.0027.0):
-----------------------------------------
Windows Validation Data-->
Validation Status: Genuine
Validation Code: 0
Cached Online Validation Code: N/A, hr = 0xc004f012
Windows Product Key: *****-*****-*****-*****-QJG9G
Windows Product Key Hash: RCh+s274CPHzfPmPXgrv+tfj/Qo=
Windows Product ID: 55041-038-7779345-71745
Windows Product ID Type: 6
Windows License Type: Volume MAK
Windows OS version: 6.0.6002.2.00010100.2.0.004
ID: {95ABD649-F3F5-40E2-B6DB-DF7E0AB526AD}(3)
Is Admin: Yes
TestCab: 0x0
LegitcheckControl ActiveX: Registered, 1.9.9.1
Signed By: Microsoft
Product Name: Windows Vista (TM) Enterprise
Architecture: 0x00000000
Build lab: 6002.vistasp2_gdr.101014-0432
TTS Error:
Validation Diagnostic:
Resolution Status: N/A

Vista WgaER Data-->
ThreatID(s): N/A, hr = 0x80070002
Version: N/A, hr = 0x80070002

Windows XP Notifications Data-->
Cached Result: N/A, hr = 0x80070002
File Exists: No
Version: N/A, hr = 0x80070002
WgaTray.exe Signed By: N/A, hr = 0x80070002
WgaLogon.dll Signed By: N/A, hr = 0x80070002

OGA Notifications Data-->
Cached Result: N/A, hr = 0x80070002
Version: 2.0.48.0
OGAExec.exe Signed By: Microsoft
OGAAddin.dll Signed By: Microsoft

OGA Data-->
Office Status: 100 Genuine
Microsoft Office Professional Plus 2007 - 100 Genuine
OGA Version: Registered, 2.0.48.0
Signed By: Microsoft
Office Diagnostics: 77F760FE-153-80070002_7E90FEE8-175-80070002_025D1FF3-364-80041010_025D1FF3-229-80041010_025D1FF3-230-1_025D1FF3-517-80040154_025D1FF3-237-80040154_025D1FF3-238-2_025D1FF3-244-80070002_025D1FF3-258-3_E2AD56EA-765-d003_E2AD56EA-766-0_E2AD56EA-134-80004005

Browser Data-->
Proxy settings: N/A
User Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32)
Default Browser: C:\Program Files\Internet Explorer\iexplore.exe
Download signed ActiveX controls: Prompt
Download unsigned ActiveX controls: Disabled
Run ActiveX controls and plug-ins: Allowed
Initialize and script ActiveX controls not marked as safe: Disabled
Allow scripting of Internet Explorer Webbrowser control: Disabled
Active scripting: Allowed
Script ActiveX controls marked as safe for scripting: Allowed

File Scan Data-->

Other data-->
Office Details: <GenuineResults><MachineData><UGUID>{95ABD649-F3F5-40E2-B6DB-DF7E0AB526AD}</UGUID><Version>1.9.0027.0</Version><OS>6.0.6002.2.00010100.2.0.004</OS><Architecture>x32</Architecture><PKey>*****-*****-*****-*****-BBBBB</PKey><PID>55041-038-7779345-71745</PID><PIDType>6</PIDType><SID>S-1-5-21-4284376366-1104269355-1801436021</SID><SYSTEM><Manufacturer>LENOVO</Manufacturer><Model>64634XU</Model></SYSTEM><BIOS><Manufacturer>LENOVO</Manufacturer><Version>7LETC1WW (2.21 )</Version><SMBIOSVersion major="2" minor="4"/><Date>20080701000000.000000+000</Date></BIOS><HWID>F7323507018400FA</HWID><UserLCID>0409</UserLCID><SystemLCID>0409</SystemLCID><TimeZone>Central Standard Time(GMT-06:00)</TimeZone><iJoin>0</iJoin><SBID><stat>3</stat><msppid></msppid><name></name><model></model></SBID><OEM><OEMID>LENOVO</OEMID><OEMTableID>TP-7L </OEMTableID></OEM><GANotification><File Name="OGAAddin.dll" Version="2.0.48.0"/></GANotification></MachineData><Software><Office><Result>100</Result><Products><Product GUID="{90120000-0011-0000-0000-0000000FF1CE}"><LegitResult>100</LegitResult><Name>Microsoft Office Professional Plus 2007</Name><Ver>12</Ver><Val>14CF642DE1E2586</Val><Hash>yGaJt8WxvZXwikue5cQ5CT7DRNU=</Hash><Pid>89409-707-2804167-65022</Pid><PidType>14</PidType></Product></Products><Applications><App Id="15" Version="12" Result="100"/><App Id="16" Version="12" Result="100"/><App Id="18" Version="12" Result="100"/><App Id="19" Version="12" Result="100"/><App Id="1A" Version="12" Result="100"/><App Id="1B" Version="12" Result="100"/><App Id="44" Version="12" Result="100"/></Applications></Office></Software></GenuineResults>

Spsys.log Content: 0x80070002

Licensing Data-->
Software licensing service version: 6.0.6002.18005
Name: Windows(TM) Vista, Enterprise edition
Description: Windows Operating System - Vista, VOLUME_MAK channel
Activation ID: 74e464f6-45db-41f6-9356-66260bdf3c65
Application ID: 55c92734-d682-4d71-983e-d6ec3f16059f
Extended PID: 55041-00142-038-777934-03-1033-6001.0000-1382009
Installation ID: 005695777536515005722834348786840906057645747253026944
Processor Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43473
Machine Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43474
Use License URL: http://go.microsoft.com/fwlink/?LinkID=43476
Product Key Certificate URL: http://go.microsoft.com/fwlink/?LinkID=43475
Partial Product Key: QJG9G
License Status: Licensed

Windows Activation Technologies-->
N/A

HWID Data-->
HWID Hash Current: PgAAAAEABgABAAIAAQABAAAABAABAAEAJJRClsG1gIWwVC4IGp8ALUaDergSbfZw8vRGBj7BsCasVsrOKoU=

OEM Activation 1.0 Data-->
N/A

OEM Activation 2.0 Data-->
BIOS valid for OA 2.0: yes
Windows marker version: 0x20000
OEMID and OEMTableID Consistent: yes
BIOS Information:
ACPI Table Name OEMID Value OEMTableID Value
APIC LENOVO TP-7L
FACP LENOVO TP-7L
HPET LENOVO TP-7L
BOOT LENOVO TP-7L
MCFG LENOVO TP-7L
SSDT LENOVO TP-7L
ECDT LENOVO TP-7L
TCPA LENOVO TP-7L
SLIC LENOVO TP-7L
ASF! LENOVO TP-7L
SSDT LENOVO TP-7L
SSDT LENOVO TP-7L
SSDT LENOVO TP-7L
SSDT LENOVO TP-7L


CKScanner - Additional Security Risks - These are not necessarily bad
c:\users\abc\appdata\roaming\macromedia\flash player\#sharedobjects\37ky3uxr\crackle.com\cracklesettings.sol
c:\users\abc\appdata\roaming\macromedia\flash player\#sharedobjects\37ky3uxr\image.ugo.com\acrackdown_300expanding.sol
c:\users\abc\appdata\roaming\macromedia\flash player\#sharedobjects\37ky3uxr\widgets.cracked.com\clearspring.sol
c:\users\abc\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\#crackle.com\settings.sol
c:\users\abc\appdata\roaming\macromedia\flash player\macromedia.com\support\flashplayer\sys\#widgets.cracked.com\settings.sol
scanner sequence 3.BC.11
----- EOF -----
rasta006
Active Member
 
Posts: 4
Joined: June 19th, 2011, 11:22 am

Re: Help with Malware Removal (internet redirect)

Unread postby Cypher » June 24th, 2011, 3:37 pm

I see you are posting for help for a "Business" computer.

May I draw your attention to THIS topic, which you should have read before posting for help.

The section Posting for help for business machines explains why we do not offer help for such computers.

This topic is now closed
User avatar
Cypher
Admin/Teacher
Admin/Teacher
 
Posts: 14959
Joined: October 29th, 2008, 12:49 pm
Location: Land Of The Leprechauns
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 43 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware