Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Search Engine Results Redirected to Ads

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Search Engine Results Redirected to Ads

Unread postby rulin8 » July 31st, 2011, 2:05 pm

Hi,
I believe my personal computer has been infected with malware. When clicking a link from the results of a search engine (i.e. google), the link is redirected to a website with an ad. In some cases my anti-malware or anti-spyware software blocks the website, other times the ad website is opened. Below is the DDS and Attach files. I've also ran a full scan using anti-malware and have deleted the infect files that were found, but the problem still exists. Any help is appreciated.

Thank you

.
DDS (Ver_2011-06-23.01) - NTFSx86
Internet Explorer: 8.0.6001.19088 BrowserJavaVersion: 1.6.0_15
Run by Amber at 13:31:43 on 2011-07-31
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2038.789 [GMT -4:00]
.
AV: Trend Micro Titanium *Enabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Trend Micro Titanium *Enabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Windows\system32\agrsmsvc.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Windows\system32\lxbkcoms.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Spare Backup\SpareBackup.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Lexmark X1100 Series\LXBKbmgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
C:\Program Files\BigFix\bigfix.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HP\Digital Imaging\smart web printing\hpswp_clipbook.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.gateway.com/g/startpage.html ... B&M=MT6728
mStart Page = hxxp://broadband.zoomtown.com
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
BHO: {026e7739-861e-44ee-9af7-63e922ddcc94} - c:\windows\system32\AudioEng32.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: IEPlugin Class: {11222041-111b-46e3-bd29-efb2449479b1} - c:\progra~1\arcsoft\mediac~1\intern~1\ARCURL~1.DLL
BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - c:\program files\trend micro\amsp\module\20004\1.5.1464\6.6.1079\TmIEPlg.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
BHO: TmBpIeBHO Class: {bbacbafd-fa5e-4079-8b33-00eb9f13d4ac} - c:\program files\trend micro\amsp\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\windows\system32\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [AnyDVD] c:\program files\slysoft\anydvd\AnyDVD.exe
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Spare Backup] "c:\program files\spare backup\SpareBackup.exe" /silent
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [CloneCDTray] "c:\program files\slysoft\clonecd\CloneCDTray.exe" /s
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [lxbkbmgr.exe] "c:\program files\lexmark x1100 series\lxbkbmgr.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Trend Micro Titanium] c:\program files\trend micro\titanium\uiframework\uiWinMgr.exe -set Silent "1" SplashURL ""
mRun: [Trend Micro Client Framework] "c:\program files\trend micro\uniclient\uifrmwrk\UIWatchDog.exe"
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\bigfix.lnk - c:\program files\bigfix\bigfix.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office10\OSA.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\philip~1.lnk - c:\philips\gogear vibe device manager\GoGear_Vibe_DeviceManager.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office10\EXCEL.EXE/3000
IE: {0b83c99c-1efa-4259-858f-bcb33e007a5b} - {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://vralimuscingh13.connectge.com/d ... tupSP1.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://alpharetta.connectge.com/dana-c ... Client.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{118D78FA-05C4-46CF-B9A5-5D7899A35D07} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{FBB7E9FA-7484-40C0-8B5E-68D2516D0850} : DhcpNameServer = 192.168.200.1 192.168.200.1
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - c:\program files\trend micro\amsp\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\program files\trend micro\amsp\module\20004\1.5.1464\6.6.1079\TmIEPlg.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: avgrsstx.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\amber\appdata\roaming\mozilla\firefox\profiles\yegvf0ig.default\
FF - component: c:\program files\arcsoft\media converter for philips\internet video downloader\plugin_firefox\components\nsURLRecordEx.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBook.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBookDB.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpNeoLogger.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSaturn.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSeymour.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartSelect.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartWebPrinting.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSWPOperation.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPLogging.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTC.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTL.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXREStub.dll
FF - component: c:\program files\trend micro\amsp\module\20004\1.5.1464\6.6.1079\firefoxextension\components\TmFFExt.dll
FF - plugin: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\plugins\nphpclipbook.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npMozCouponPrinter.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: XUL Cache: {b17d411c-f4f5-4748-bbbd-e7f5e138cb5f} - %profile%\extensions\{b17d411c-f4f5-4748-bbbd-e7f5e138cb5f}
FF - Ext: XUL Cache: {80728f79-b8e6-4e58-8377-837dec4868f2} - %profile%\extensions\{80728f79-b8e6-4e58-8377-837dec4868f2}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files\hp\digital imaging\smart web printing\MozillaAddOn3
FF - Ext: Internet Video Downloader: {B728AB94-9BC7-49b7-B76A-422BB31B2FD0} - c:\program files\arcsoft\media converter for philips\internet video downloader\Plugin_FireFox
FF - Ext: Trend Micro NSC Firefox Extension: {22C7F6C6-8D67-4534-92B5-529A0EC09405} - c:\program files\trend micro\amsp\module\20004\1.5.1464\6.6.1079\firefoxextension
.
============= SERVICES / DRIVERS ===============
.
R2 Amsp;Trend Micro Solution Platform;c:\program files\trend micro\amsp\coreServiceShell.exe [2011-7-4 188272]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-9-18 21504]
R2 lxbk_device;lxbk_device;c:\windows\system32\lxbkcoms.exe -service --> c:\windows\system32\lxbkcoms.exe -service [?]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-7-30 366640]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2011-7-4 64080]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-11-26 24652]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-7-30 22712]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\rtl8187B.sys [2007-11-17 281088]
R4 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-7-30 41272]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 Security Activity Dashboard Service;Security Activity Dashboard Service;c:\program files\trend micro\trendsecure\securityactivitydashboard\tmarsvc.exe --> c:\program files\trend micro\trendsecure\securityactivitydashboard\tmarsvc.exe [?]
S3 mr7911;Photo Viewer ;c:\windows\system32\drivers\mr7911.sys [2008-5-23 39552]
S3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\drivers\NETw2v32.sys [2006-11-2 2589184]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-07-31 03:09:35 172032 ----a-w- c:\windows\system32\igfxres.dll
2011-07-31 03:06:09 0 ---ha-w- c:\users\amber\ecpaugdsfk.tmp
2011-07-31 03:01:48 -------- d-sh--w- C:\$RECYCLE.BIN
2011-07-31 02:34:42 98816 ----a-w- c:\windows\sed.exe
2011-07-31 02:34:42 518144 ----a-w- c:\windows\SWREG.exe
2011-07-31 02:34:42 256000 ----a-w- c:\windows\PEV.exe
2011-07-31 02:34:42 208896 ----a-w- c:\windows\MBR.exe
2011-07-31 02:34:30 -------- d-----w- C:\ComboFix
2011-07-30 22:23:36 388096 ----a-r- c:\users\amber\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2011-07-30 22:18:20 -------- d-----w- c:\users\amber\appdata\roaming\Malwarebytes
2011-07-30 22:18:11 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-30 22:18:10 -------- d-----w- c:\programdata\Malwarebytes
2011-07-30 22:18:06 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-30 22:18:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-30 21:58:23 8899 --sha-w- c:\programdata\fwcfg32.dll
2011-07-30 20:57:57 8899 --sha-w- c:\programdata\AudioEng32.dll
2011-07-30 01:59:08 343040 ----a-w- c:\windows\system32\AudioEng32.dll
2011-07-13 14:17:40 49152 ----a-w- c:\windows\system32\csrsrv.dll
2011-07-13 14:17:40 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-07-13 14:17:32 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-07-05 01:40:19 92112 ----a-w- c:\windows\system32\drivers\tmtdi.sys
2011-07-05 01:38:04 64080 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys
2011-07-05 01:38:04 189520 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2011-07-05 01:38:03 80464 ----a-w- c:\windows\system32\drivers\tmactmon.sys
2011-07-05 01:30:36 -------- d-----w- c:\program files\Trend Micro
.
==================== Find3M ====================
.
2011-05-28 06:08:58 916480 ----a-w- c:\windows\system32\wininet.dll
2011-05-28 06:04:30 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-05-28 06:04:17 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-05-28 06:04:03 71680 ----a-w- c:\windows\system32\iesetup.dll
2011-05-28 06:04:03 109056 ----a-w- c:\windows\system32\iesysprep.dll
2011-05-28 05:10:26 385024 ----a-w- c:\windows\system32\html.iec
2011-05-28 04:33:03 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2011-05-28 04:31:44 1638912 ----a-w- c:\windows\system32\mshtml.tlb
.
============= FINISH: 13:35:57.93 ===============




.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 11/17/2007 2:05:51 PM
System Uptime: 7/31/2011 1:16:42 PM (0 hours ago)
.
Motherboard: Gateway | |
Processor: Intel(R) Pentium(R) Dual CPU T2330 @ 1.60GHz | uFCPGA2 | 1600/533mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 138 GiB total, 51.228 GiB free.
D: is FIXED (NTFS) - 11 GiB total, 3.856 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Tun Miniport Adapter
Device ID: ROOT\*TUNMP\0001
Manufacturer: Microsoft
Name: Teredo Tunneling Pseudo-Interface
PNP Device ID: ROOT\*TUNMP\0001
Service: tunmp
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
Activation Assistant for the 2007 Microsoft Office suites
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 8.1.3
afreeCodecVT
Agere Systems HDA Modem
AIM 6
AIM Toolbar
AnyDVD
Apple Application Support
Apple Mobile Device Support
Apple Software Update
BigFix
Bonjour
Browser Address Error Redirector
BufferChm
CloneCD
CloneDVD2
Coupon Printer for Windows
D2600
DeviceDiscovery
DJ_SF_05_D2600_Software_Min
Download Updater (AOL LLC)
DVDFab HD Decrypter 4.1.0.2
Express Burn
Gateway Connect
Gateway Games
Gateway Recovery Center Installer
GoGear VIBE Device Manager
GPBaseService2
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Customer Participation Program 13.0
HP Deskjet D2600 Printer Driver Software 13.0 Rel .5
HP Imaging Device Functions 13.0
HP Print Projects 1.0
HP Smart Web Printing 4.5
HP Solution Center 13.0
HP Update
HPPhotoGadget
hpPrintProjects
HPProductAssistant
HPSSupply
hpWLPGInstaller
IKEA Home Planner
Intel(R) Graphics Media Accelerator Driver
Intel(R) Matrix Storage Manager
iTunes
Japanese Fonts Support For Adobe Reader 8
Java(TM) 6 Update 15
Java(TM) SE Runtime Environment 6 Update 1
Juniper Networks Host Checker
Juniper Networks Setup Client
Juniper Terminal Services Client
LabelPrint
Lexmark X1100 Series
LimeWire 5.5.10
Malwarebytes' Anti-Malware version 1.51.1.1800
MarketResearch
Media Converter for Philips
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Money Essentials
Microsoft Money Shared Libraries
Microsoft Office XP Media Content
Microsoft Office XP Professional with FrontPage
Microsoft Visual C++ 2005 Redistributable
Microsoft WSE 2.0 SP3 Runtime
Mozilla Firefox (3.6.18)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Multy_Y Version 1.01
Photo Viewer
Power2Go 5.0
QuickTime
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
Realtek USB 2.0 Card Reader
REALTEK USB Wireless LAN Driver
Rhapsody
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Shop for HP Supplies
SigmaTel Audio
SmartWebPrinting
SolutionCenter
Spare Backup
Status
Synaptics Pointing Device Driver
Toolbox
TrayApp
Trend Micro Titanium
Trend Micro™ Titanium™
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Viewpoint Media Player
WebReg
Windows Driver Package - OEM (mr7911) Image (05/27/2008 1.0.0.0)
Windows Media Player Firefox Plugin
WinZip 15.0
Xvid 1.1.3 final uninstall
ZoomTown Software
.
==== Event Viewer Messages From Past Week ========
.
7/31/2011 1:19:59 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
7/31/2011 1:18:44 PM, Error: Service Control Manager [7000] - The Security Activity Dashboard Service service failed to start due to the following error: The system cannot find the file specified.
7/31/2011 1:18:44 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
7/30/2011 9:59:07 PM, Error: Service Control Manager [7034] - The Net.Tcp Port Sharing Service service terminated unexpectedly. It has done this 1 time(s).
7/30/2011 10:56:27 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
7/30/2011 10:39:32 AM, Error: EventLog [6008] - The previous system shutdown at 10:38:14 AM on 7/30/2011 was unexpected.
7/27/2011 3:16:25 PM, Error: ACPI [13] - : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.
.
==== End Of File ===========================
rulin8
Active Member
 
Posts: 13
Joined: July 31st, 2011, 1:39 pm
Advertisement
Register to Remove

Re: Search Engine Results Redirected to Ads

Unread postby Jack&Jill » August 2nd, 2011, 11:16 am

Hello and welcome to Malware Removal.

I am currently assessing your situation and will be back with a fix for your problem as soon as possible.

You will be notified of replies by email as soon as they are posted.

Please be patient with me during this time.

Meanwhile, please make a reply to this topic to acknowledge that you have read this and is still with me to tackle the problem until the end. If I do not get any response within 3 days, this topic will be closed.
User avatar
Jack&Jill
MRU Emeritus
MRU Emeritus
 
Posts: 2284
Joined: August 19th, 2008, 5:37 am
Location: South East Asia

Re: Search Engine Results Redirected to Ads

Unread postby rulin8 » August 2nd, 2011, 6:04 pm

Hi,

Thank you for reviewing my problem. I will await a response on the next steps.
rulin8
Active Member
 
Posts: 13
Joined: July 31st, 2011, 1:39 pm

Re: Search Engine Results Redirected to Ads

Unread postby Jack&Jill » August 2nd, 2011, 8:06 pm

Hello rulin8 :),

Welcome to Malware Removal. I am Jack&Jill, and I will be helping you out.

Before we go further, there are a few things that I would like to make clear so that we are share the same understanding.
  • Please observe and follow these Forum Rules and ALL USERS OF THIS FORUM MUST READ THIS FIRST.
  • Any advice is for your computer only and is taken at your own risk. Fixes sometimes will cause unexpected results, but I will do my best to assist you.
  • Please read the instructions carefully and follow them closely, in the order they are presented to you.
  • If you have any doubts or problems during the fix, please stop and ask.
  • All the tools that I will ask you to download and use are safe. Please allow if prompted by any of your security softwares.
  • Do not use or run any malware cleaning tools without supervision as they may cause more harm if improperly used.
  • Refrain from installing any new programs except those that I request during the fix to prevent interference to my diagnosis of the problem.
  • Lack of malware symptoms does not mean your computer is clean. Stick to this topic until I give the All Clear.
  • If you do not reply within 3 days, this topic will be closed.

If you are agreeable to the above, then everything should go smoothly :) . We may begin.

--------------------

Remove P2P software
  • IMPORTANT: I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

    LimeWire 5.5.10

  • Please read our P2P Policy where we explain why it's not a good idea to have them.
  • Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.
  • Go to Control Panel > Add/Remove Programs and uninstall the P2P program(s) listed above (in red).
  • Please remove them before we continue with fixing your computer.

Please post a new Attach.txt.

--------------------

Check for additional security risks
  • Please download CKScanner© by askey127 and save to your desktop. Click here.
  • Double click on CKScanner.exe and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File. You will be prompted, click OK.
  • Post the contents of ckfiles.txt in your reply, it is located on your desktop.

--------------------

Please post back:
1. Attach.txt from DDS
2. CKScanner log
User avatar
Jack&Jill
MRU Emeritus
MRU Emeritus
 
Posts: 2284
Joined: August 19th, 2008, 5:37 am
Location: South East Asia

Re: Search Engine Results Redirected to Ads

Unread postby rulin8 » August 3rd, 2011, 9:11 pm

LimeWire 5.5.10 uninstalled, Attach.txt and ckfiles.txt can be found below.

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-23.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 11/17/2007 2:05:51 PM
System Uptime: 8/3/2011 5:03:54 PM (4 hours ago)
.
Motherboard: Gateway | |
Processor: Intel(R) Pentium(R) Dual CPU T2330 @ 1.60GHz | uFCPGA2 | 1333/533mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 138 GiB total, 57.174 GiB free.
D: is FIXED (NTFS) - 11 GiB total, 3.856 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Tun Miniport Adapter
Device ID: ROOT\*TUNMP\0001
Manufacturer: Microsoft
Name: Teredo Tunneling Pseudo-Interface
PNP Device ID: ROOT\*TUNMP\0001
Service: tunmp
.
==== System Restore Points ===================
.
RP484: 7/29/2011 9:06:25 AM - Scheduled Checkpoint
RP485: 7/30/2011 11:16:34 AM - Scheduled Checkpoint
RP486: 7/30/2011 6:21:17 PM - Installed HiJackThis
RP487: 7/31/2011 6:27:09 PM - Scheduled Checkpoint
RP488: 8/1/2011 4:30:56 PM - Scheduled Checkpoint
RP489: 8/2/2011 1:41:58 PM - Scheduled Checkpoint
RP490: 8/2/2011 4:55:39 PM - Windows Modules Installer
RP491: 8/3/2011 7:04:50 PM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
Activation Assistant for the 2007 Microsoft Office suites
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 8.1.3
afreeCodecVT
Agere Systems HDA Modem
AIM 6
AIM Toolbar
AnyDVD
Apple Application Support
Apple Mobile Device Support
Apple Software Update
BigFix
Bonjour
Browser Address Error Redirector
BufferChm
CloneCD
CloneDVD2
Coupon Printer for Windows
D2600
DeviceDiscovery
DJ_SF_05_D2600_Software_Min
Download Updater (AOL LLC)
DVDFab HD Decrypter 4.1.0.2
Express Burn
Gateway Connect
Gateway Games
Gateway Recovery Center Installer
GoGear VIBE Device Manager
GPBaseService2
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Customer Participation Program 13.0
HP Deskjet D2600 Printer Driver Software 13.0 Rel .5
HP Imaging Device Functions 13.0
HP Print Projects 1.0
HP Smart Web Printing 4.5
HP Solution Center 13.0
HP Update
HPPhotoGadget
hpPrintProjects
HPProductAssistant
HPSSupply
hpWLPGInstaller
IKEA Home Planner
Intel(R) Graphics Media Accelerator Driver
Intel(R) Matrix Storage Manager
iTunes
Japanese Fonts Support For Adobe Reader 8
Java(TM) 6 Update 15
Java(TM) SE Runtime Environment 6 Update 1
Juniper Networks Host Checker
Juniper Networks Setup Client
Juniper Terminal Services Client
LabelPrint
Lexmark X1100 Series
Malwarebytes' Anti-Malware version 1.51.1.1800
MarketResearch
Media Converter for Philips
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Money Essentials
Microsoft Money Shared Libraries
Microsoft Office XP Media Content
Microsoft Office XP Professional with FrontPage
Microsoft Visual C++ 2005 Redistributable
Microsoft WSE 2.0 SP3 Runtime
Mozilla Firefox (3.6.18)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Multy_Y Version 1.01
Photo Viewer
Power2Go 5.0
QuickTime
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
Realtek USB 2.0 Card Reader
REALTEK USB Wireless LAN Driver
Rhapsody
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Shop for HP Supplies
SigmaTel Audio
SmartWebPrinting
SolutionCenter
Spare Backup
Status
Synaptics Pointing Device Driver
Toolbox
TrayApp
Trend Micro Titanium
Trend Micro™ Titanium™
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Viewpoint Media Player
WebReg
Windows Driver Package - OEM (mr7911) Image (05/27/2008 1.0.0.0)
Windows Media Player Firefox Plugin
WinZip 15.0
Xvid 1.1.3 final uninstall
ZoomTown Software
.
==== Event Viewer Messages From Past Week ========
.
8/2/2011 8:57:36 PM, Error: Service Control Manager [7000] - The Security Activity Dashboard Service service failed to start due to the following error: The system cannot find the file specified.
8/2/2011 8:57:36 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
8/2/2011 12:59:44 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the PlugPlay service.
8/1/2011 3:53:37 PM, Error: Server [2505] - The server could not bind to the transport \Device\NetBT_Tcpip_{118D78FA-05C4-46CF-B9A5-5D7899A35D07} because another computer on the network has the same name. The server could not start.
7/31/2011 1:19:59 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
7/30/2011 9:59:07 PM, Error: Service Control Manager [7034] - The Net.Tcp Port Sharing Service service terminated unexpectedly. It has done this 1 time(s).
7/30/2011 10:56:27 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
7/30/2011 10:39:32 AM, Error: EventLog [6008] - The previous system shutdown at 10:38:14 AM on 7/30/2011 was unexpected.
7/27/2011 3:16:25 PM, Error: ACPI [13] - : The embedded controller (EC) did not respond within the specified timeout period. This may indicate that there is an error in the EC hardware or firmware or that the BIOS is accessing the EC incorrectly. You should check with your computer manufacturer for an upgraded BIOS. In some situations, this error may cause the computer to function incorrectly.
.
==== End Of File ===========================


CKScanner - Additional Security Risks - These are not necessarily bad
c:\program files\gateway games\bejeweled 2 deluxe\sounds\firecrackle.ogg
c:\program files\gateway games\blasterball 3\data\art\bitmaps\enemies\boss2_crack.jpg.wkz
scanner sequence 3.AA.11.VQLBOA
----- EOF -----
rulin8
Active Member
 
Posts: 13
Joined: July 31st, 2011, 1:39 pm

Re: Search Engine Results Redirected to Ads

Unread postby Jack&Jill » August 3rd, 2011, 10:17 pm

Hello rulin8 :),

Thank you for removing the P2P and illegal / crack items.

--------------------

I see signs of Combofix on your computer.

While you may see ComboFix being used quite often and without incident, the tool should not be run unsupervised (as stated in the Disclaimer that is first displayed by ComboFix when you run the tool).

Going forward, I highly recommend you heed such instructions.

As stated by the author of ComboFix:
ComboFix is a very powerful tool which when improperly used may render your machine to a doorstop.

We first need to verify if there are any rootkits present and how they could affect our tools. Thus, we use preliminary scans like DDS and GMER and their logs to map our strategy for attack.

With these logs, we can determine the infections present and decide whether to deploy ComboFix.


That said, the log it produced contains valuable information. Kindly post the ComboFix log, C:\ComboFix.txt.

--------------------

Please download TDSSKiller© from Kaspersky and save it to your desktop. Click here.
  • Alternatively, you may get the zip version and extract the file to the desktop.
  • Double click on TDSSKiller.exe to execute it.
  • Press Start scan to begin.
  • If anything is found, please change all the actions to Skip only. <-- Important, please select Skip only, DO NOT Cure yet.
  • Then click on Continue at the lower right corner.
  • You may be prompted to reboot your computer, please consent.
  • Once complete, a log will be produced at C:\. It will be named TDSSKiller.Version_Date_Time_log.txt, for example, C:\TDSSKiller.2.4.12.0_26.12.2010_23.12.11_log.txt.
  • Please post the contents of this log.

--------------------

Please download aswMBR and save it to your desktop. Click here.
  • Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily. They will interfere and may cause unexpected results.
  • If you need help to disable your protection programs see here and here.
  • Double click the aswMBR.exe file to run it.
  • Click on the Scan button to start. The program will launch a scan.
  • When done, you will see Scan finished successfully. Please click on Save log and save the file to your desktop.
  • Please post the contents of the log in your next reply.

--------------------

Please post back:
1. ComboFix log
2. TDSSKiller log
3. aswMBR result
User avatar
Jack&Jill
MRU Emeritus
MRU Emeritus
 
Posts: 2284
Joined: August 19th, 2008, 5:37 am
Location: South East Asia

Re: Search Engine Results Redirected to Ads

Unread postby rulin8 » August 4th, 2011, 10:00 pm

Jack&Jill,

Thank you for your quick reply. The ComboFix Log is below. However, TDSKiller.exe and aswMBR.exe gives an error when i double click to run the applications. The error is "The directory name is invalid." I've downloaded each multiple times (including the alternative tdskiller.zip file) without success. I've also attempted to save the files in other folders (besides the desktop) without success. Any thoughts?


ComboFix 11-07-31.01 - Amber 08/04/2011 21:14:32.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2038.930 [GMT -4:00]
Running from: c:\users\Amber\Desktop\ComboFix.exe
AV: Trend Micro Titanium *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Trend Micro Titanium *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
- REDUCED FUNCTIONALITY MODE -
.
.
((((((((((((((((((((((((( Files Created from 2011-07-05 to 2011-08-05 )))))))))))))))))))))))))))))))
.
.
2011-08-05 01:19 . 2011-08-05 01:20 -------- d-----w- c:\users\Amber\AppData\Local\temp
2011-08-05 01:19 . 2011-08-05 01:19 -------- d-----w- c:\users\Thea\AppData\Local\temp
2011-08-05 01:19 . 2011-08-05 01:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-31 03:09 . 2008-01-02 21:33 172032 ----a-w- c:\windows\system32\igfxres.dll
2011-07-31 03:06 . 2011-07-31 03:06 0 ---ha-w- c:\users\Amber\ecpaugdsfk.tmp
2011-07-30 22:23 . 2011-07-30 22:23 388096 ----a-r- c:\users\Amber\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-07-30 22:18 . 2011-07-30 22:18 -------- d-----w- c:\users\Amber\AppData\Roaming\Malwarebytes
2011-07-30 22:18 . 2011-07-06 23:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-30 22:18 . 2011-07-30 22:18 -------- d-----w- c:\programdata\Malwarebytes
2011-07-30 22:18 . 2011-07-30 22:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-30 22:18 . 2011-07-06 23:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-30 21:58 . 2011-07-30 21:58 8899 --sha-w- c:\programdata\fwcfg32.dll
2011-07-30 20:57 . 2011-07-30 20:57 8899 --sha-w- c:\programdata\AudioEng32.dll
2011-07-30 01:59 . 2011-07-30 01:59 343040 ----a-w- c:\windows\system32\AudioEng32.dll
2011-07-13 14:17 . 2011-04-20 15:55 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-07-13 14:17 . 2011-04-20 15:50 49152 ----a-w- c:\windows\system32\csrsrv.dll
2011-07-13 14:17 . 2011-06-02 13:34 2043392 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-04 18:02 . 2011-07-05 01:40 92112 ----a-w- c:\windows\system32\drivers\tmtdi.sys
2011-07-04 18:02 . 2011-07-05 01:38 64080 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys
2011-07-04 18:02 . 2011-07-05 01:38 189520 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2011-07-04 18:02 . 2011-07-05 01:38 80464 ----a-w- c:\windows\system32\drivers\tmactmon.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{026E7739-861E-44EE-9AF7-63E922DDCC94}]
2011-07-30 01:59 343040 ----a-w- c:\windows\System32\AudioEng32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVD.exe" [2006-12-15 503296]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-02-12 174872]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-26 865840]
"Spare Backup"="c:\program files\Spare Backup\SpareBackup.exe" [2007-09-14 5252936]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-02 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-02 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-02 133656]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2005-05-19 57344]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-02-16 149280]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"lxbkbmgr.exe"="c:\program files\Lexmark X1100 Series\lxbkbmgr.exe" [2008-02-28 74408]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-07 421160]
"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2011-02-17 1111568]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2011-02-10 116752]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2007-07-13 40072]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BigFix.lnk - c:\program files\BigFix\bigfix.exe [2007-11-17 2342912]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Philips GoGear VIBE Device Manager.lnk - c:\philips\GoGear VIBE Device Manager\GoGear_Vibe_DeviceManager.exe [2010-7-19 1701224]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2010-11-30 608584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 Security Activity Dashboard Service;Security Activity Dashboard Service;c:\program files\Trend Micro\TrendSecure\SecurityActivityDashboard\tmarsvc.exe [x]
R3 mr7911;Photo Viewer ;c:\windows\system32\DRIVERS\mr7911.sys [2008-05-24 39552]
R3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\DRIVERS\NETw2v32.sys [2006-11-02 2589184]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
S2 lxbk_device;lxbk_device;c:\windows\system32\lxbkcoms.exe [2008-02-19 537256]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [2011-07-04 64080]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-07-06 22712]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2007-07-18 281088]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.gateway.com/g/startpage.html ... B&M=MT6728
mStart Page = hxxp://broadband.zoomtown.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Amber\AppData\Roaming\Mozilla\Firefox\Profiles\yegvf0ig.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: XUL Cache: {b17d411c-f4f5-4748-bbbd-e7f5e138cb5f} - %profile%\extensions\{b17d411c-f4f5-4748-bbbd-e7f5e138cb5f}
FF - Ext: XUL Cache: {80728f79-b8e6-4e58-8377-837dec4868f2} - %profile%\extensions\{80728f79-b8e6-4e58-8377-837dec4868f2}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - Ext: Internet Video Downloader: {B728AB94-9BC7-49b7-B76A-422BB31B2FD0} - c:\program files\ArcSoft\Media Converter for Philips\Internet Video Downloader\Plugin_FireFox
FF - Ext: Trend Micro NSC Firefox Extension: {22C7F6C6-8D67-4534-92B5-529A0EC09405} - c:\program files\Trend Micro\AMSP\Module\20004\1.5.1464\6.6.1079\firefoxextension
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-04 21:19
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2011-08-04 21:24:04
ComboFix-quarantined-files.txt 2011-08-05 01:23
ComboFix2.txt 2011-07-31 03:01
.
Pre-Run: 60,932,222,976 bytes free
Post-Run: 60,980,510,720 bytes free
.
- - End Of File - - F9BBB755C7E428AE3C8F963CF551A536
rulin8
Active Member
 
Posts: 13
Joined: July 31st, 2011, 1:39 pm

Re: Search Engine Results Redirected to Ads

Unread postby Jack&Jill » August 5th, 2011, 12:36 am

Hello rulin8 :),

Please run TDSSKiller and aswMBR with right click and select Run as administrator.
User avatar
Jack&Jill
MRU Emeritus
MRU Emeritus
 
Posts: 2284
Joined: August 19th, 2008, 5:37 am
Location: South East Asia

Re: Search Engine Results Redirected to Ads

Unread postby rulin8 » August 6th, 2011, 10:45 am

That worked!! Thank you. TDSSKiller and aswMBR are below.

2011/08/06 10:38:33.0866 5892 TDSS rootkit removing tool 2.5.14.0 Aug 5 2011 16:09:29
2011/08/06 10:38:34.0272 5892 ================================================================================
2011/08/06 10:38:34.0272 5892 SystemInfo:
2011/08/06 10:38:34.0272 5892
2011/08/06 10:38:34.0272 5892 OS Version: 6.0.6002 ServicePack: 2.0
2011/08/06 10:38:34.0272 5892 Product type: Workstation
2011/08/06 10:38:34.0272 5892 ComputerName: AMBER-PC
2011/08/06 10:38:34.0272 5892 UserName: Amber
2011/08/06 10:38:34.0272 5892 Windows directory: C:\Windows
2011/08/06 10:38:34.0272 5892 System windows directory: C:\Windows
2011/08/06 10:38:34.0272 5892 Processor architecture: Intel x86
2011/08/06 10:38:34.0272 5892 Number of processors: 2
2011/08/06 10:38:34.0272 5892 Page size: 0x1000
2011/08/06 10:38:34.0272 5892 Boot type: Normal boot
2011/08/06 10:38:34.0272 5892 ================================================================================
2011/08/06 10:38:34.0849 5892 Initialize success
2011/08/06 10:39:15.0113 5696 ================================================================================
2011/08/06 10:39:15.0113 5696 Scan started
2011/08/06 10:39:15.0113 5696 Mode: Manual;
2011/08/06 10:39:15.0113 5696 ================================================================================
2011/08/06 10:39:15.0596 5696 ac97intc (4b56caafed0b0b996341d74ce0e76565) C:\Windows\system32\drivers\ac97intc.sys
2011/08/06 10:39:15.0737 5696 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
2011/08/06 10:39:15.0877 5696 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
2011/08/06 10:39:16.0018 5696 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
2011/08/06 10:39:16.0158 5696 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
2011/08/06 10:39:16.0252 5696 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
2011/08/06 10:39:16.0470 5696 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
2011/08/06 10:39:16.0626 5696 AgereSoftModem (a19871ae65a769c65034b4dc44c29023) C:\Windows\system32\DRIVERS\AGRSM.sys
2011/08/06 10:39:16.0782 5696 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
2011/08/06 10:39:16.0844 5696 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
2011/08/06 10:39:16.0969 5696 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
2011/08/06 10:39:17.0047 5696 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
2011/08/06 10:39:17.0156 5696 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
2011/08/06 10:39:17.0234 5696 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
2011/08/06 10:39:17.0359 5696 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
2011/08/06 10:39:17.0453 5696 AnyDVD (e286e7bd8570c06a94485fe2b84d56d9) C:\Windows\system32\Drivers\AnyDVD.sys
2011/08/06 10:39:17.0609 5696 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
2011/08/06 10:39:17.0671 5696 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
2011/08/06 10:39:17.0812 5696 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
2011/08/06 10:39:17.0905 5696 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
2011/08/06 10:39:18.0061 5696 bcm4sbxp (08015d34f6fdd0b355805bad978497c3) C:\Windows\system32\DRIVERS\bcm4sbxp.sys
2011/08/06 10:39:18.0124 5696 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
2011/08/06 10:39:18.0342 5696 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
2011/08/06 10:39:18.0498 5696 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
2011/08/06 10:39:18.0576 5696 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
2011/08/06 10:39:18.0748 5696 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
2011/08/06 10:39:18.0794 5696 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
2011/08/06 10:39:18.0841 5696 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
2011/08/06 10:39:18.0950 5696 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
2011/08/06 10:39:19.0013 5696 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
2011/08/06 10:39:19.0184 5696 BVRPMPR5 (6598d078d5446197aed6b46c6a2a3431) C:\Windows\system32\drivers\BVRPMPR5.SYS
2011/08/06 10:39:19.0418 5696 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
2011/08/06 10:39:19.0528 5696 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
2011/08/06 10:39:19.0637 5696 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
2011/08/06 10:39:19.0746 5696 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
2011/08/06 10:39:19.0886 5696 CmBatt (99afc3795b58cc478fbbbcdc658fcb56) C:\Windows\system32\DRIVERS\CmBatt.sys
2011/08/06 10:39:19.0949 5696 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
2011/08/06 10:39:20.0058 5696 Compbatt (6afef0b60fa25de07c0968983ee4f60a) C:\Windows\system32\DRIVERS\compbatt.sys
2011/08/06 10:39:20.0120 5696 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
2011/08/06 10:39:20.0167 5696 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
2011/08/06 10:39:20.0339 5696 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
2011/08/06 10:39:20.0526 5696 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
2011/08/06 10:39:20.0651 5696 Dot4 (4f59c172c094e1a1d46463a8dc061cbd) C:\Windows\system32\DRIVERS\Dot4.sys
2011/08/06 10:39:20.0776 5696 Dot4Print (80bf3ba09f6f2523c8f6b7cc6dbf7bd5) C:\Windows\system32\DRIVERS\Dot4Prt.sys
2011/08/06 10:39:20.0838 5696 dot4usb (c55004ca6b419b6695970dfe849b122f) C:\Windows\system32\DRIVERS\dot4usb.sys
2011/08/06 10:39:20.0978 5696 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
2011/08/06 10:39:21.0088 5696 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
2011/08/06 10:39:21.0212 5696 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
2011/08/06 10:39:21.0306 5696 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
2011/08/06 10:39:21.0446 5696 ElbyCDFL (c61c83501268b0110b5c5db7e63dee0c) C:\Windows\system32\Drivers\ElbyCDFL.sys
2011/08/06 10:39:21.0524 5696 ElbyCDIO (b5326548762bfaae7a42d5b0898dfeac) C:\Windows\system32\Drivers\ElbyCDIO.sys
2011/08/06 10:39:21.0587 5696 ElbyDelay (20d3b81663b3dfd5e32b0af8640aaf50) C:\Windows\system32\Drivers\ElbyDelay.sys
2011/08/06 10:39:21.0727 5696 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
2011/08/06 10:39:21.0977 5696 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
2011/08/06 10:39:22.0070 5696 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
2011/08/06 10:39:22.0195 5696 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
2011/08/06 10:39:22.0304 5696 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
2011/08/06 10:39:22.0414 5696 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
2011/08/06 10:39:22.0460 5696 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
2011/08/06 10:39:22.0554 5696 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
2011/08/06 10:39:22.0694 5696 Fs_Rec (65ea8b77b5851854f0c55c43fa51a198) C:\Windows\system32\drivers\Fs_Rec.sys
2011/08/06 10:39:22.0741 5696 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
2011/08/06 10:39:22.0897 5696 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
2011/08/06 10:39:22.0960 5696 HdAudAddService (cb04c744be0a61b1d648faed182c3b59) C:\Windows\system32\drivers\HdAudio.sys
2011/08/06 10:39:23.0116 5696 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
2011/08/06 10:39:23.0256 5696 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
2011/08/06 10:39:23.0303 5696 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
2011/08/06 10:39:23.0412 5696 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
2011/08/06 10:39:23.0521 5696 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
2011/08/06 10:39:23.0646 5696 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
2011/08/06 10:39:23.0771 5696 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
2011/08/06 10:39:23.0880 5696 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
2011/08/06 10:39:24.0036 5696 ialm (8318e04a6455ced1020bcc5039b62cfa) C:\Windows\system32\DRIVERS\ialmnt5.sys
2011/08/06 10:39:24.0176 5696 iaStor (fd7f9d74c2b35dbda400804a3f5ed5d8) C:\Windows\system32\DRIVERS\iaStor.sys
2011/08/06 10:39:24.0254 5696 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
2011/08/06 10:39:24.0473 5696 igfx (c134e69ce901422d1f2d7ea8d69098fe) C:\Windows\system32\DRIVERS\igdkmd32.sys
2011/08/06 10:39:24.0629 5696 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
2011/08/06 10:39:24.0722 5696 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
2011/08/06 10:39:24.0832 5696 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
2011/08/06 10:39:24.0925 5696 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
2011/08/06 10:39:25.0112 5696 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
2011/08/06 10:39:25.0175 5696 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
2011/08/06 10:39:25.0300 5696 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
2011/08/06 10:39:25.0378 5696 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
2011/08/06 10:39:25.0534 5696 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
2011/08/06 10:39:25.0596 5696 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
2011/08/06 10:39:25.0643 5696 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
2011/08/06 10:39:25.0768 5696 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
2011/08/06 10:39:25.0861 5696 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
2011/08/06 10:39:25.0955 5696 KSecDD (86165728af9bf72d6442a894fdfb4f8b) C:\Windows\system32\Drivers\ksecdd.sys
2011/08/06 10:39:26.0126 5696 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
2011/08/06 10:39:26.0204 5696 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
2011/08/06 10:39:26.0329 5696 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
2011/08/06 10:39:26.0392 5696 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
2011/08/06 10:39:26.0438 5696 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
2011/08/06 10:39:26.0610 5696 MBAMProtector (eca00eed9ab95489007b0ef84c7149de) C:\Windows\system32\drivers\mbam.sys
2011/08/06 10:39:26.0704 5696 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
2011/08/06 10:39:26.0813 5696 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
2011/08/06 10:39:26.0875 5696 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
2011/08/06 10:39:27.0000 5696 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
2011/08/06 10:39:27.0062 5696 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
2011/08/06 10:39:27.0156 5696 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
2011/08/06 10:39:27.0265 5696 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
2011/08/06 10:39:27.0343 5696 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
2011/08/06 10:39:27.0468 5696 mr7911 (dac38ef64dbdd5c163ed07e5d0d54c1c) C:\Windows\system32\DRIVERS\mr7911.sys
2011/08/06 10:39:27.0546 5696 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
2011/08/06 10:39:27.0671 5696 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
2011/08/06 10:39:27.0764 5696 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
2011/08/06 10:39:27.0796 5696 mrxsmb10 (d4a3c7c580c4ccb5c06f2ada933ad507) C:\Windows\system32\DRIVERS\mrxsmb10.sys
2011/08/06 10:39:27.0858 5696 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
2011/08/06 10:39:27.0967 5696 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
2011/08/06 10:39:28.0014 5696 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
2011/08/06 10:39:28.0092 5696 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
2011/08/06 10:39:28.0201 5696 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
2011/08/06 10:39:28.0279 5696 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
2011/08/06 10:39:28.0357 5696 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
2011/08/06 10:39:28.0466 5696 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
2011/08/06 10:39:28.0560 5696 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
2011/08/06 10:39:28.0638 5696 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
2011/08/06 10:39:28.0747 5696 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
2011/08/06 10:39:28.0841 5696 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
2011/08/06 10:39:29.0012 5696 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
2011/08/06 10:39:29.0153 5696 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
2011/08/06 10:39:29.0262 5696 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
2011/08/06 10:39:29.0340 5696 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
2011/08/06 10:39:29.0418 5696 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
2011/08/06 10:39:29.0527 5696 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
2011/08/06 10:39:29.0605 5696 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
2011/08/06 10:39:29.0730 5696 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
2011/08/06 10:39:29.0933 5696 NETw2v32 (6e9edc1020b319e7676387b8cdf2398c) C:\Windows\system32\DRIVERS\NETw2v32.sys
2011/08/06 10:39:30.0151 5696 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
2011/08/06 10:39:30.0245 5696 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
2011/08/06 10:39:30.0307 5696 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
2011/08/06 10:39:30.0479 5696 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
2011/08/06 10:39:30.0619 5696 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
2011/08/06 10:39:30.0682 5696 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
2011/08/06 10:39:30.0728 5696 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
2011/08/06 10:39:30.0853 5696 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
2011/08/06 10:39:30.0900 5696 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
2011/08/06 10:39:31.0072 5696 ohci1394 (be32da025a0be1878f0ee8d6d9386cd5) C:\Windows\system32\DRIVERS\ohci1394.sys
2011/08/06 10:39:31.0134 5696 Parport (0fa9b5055484649d63c303fe404e5f4d) C:\Windows\system32\drivers\parport.sys
2011/08/06 10:39:31.0212 5696 partmgr (57389fa59a36d96b3eb09d0cb91e9cdc) C:\Windows\system32\drivers\partmgr.sys
2011/08/06 10:39:31.0337 5696 Parvdm (4f9a6a8a31413180d0fcb279ad5d8112) C:\Windows\system32\drivers\parvdm.sys
2011/08/06 10:39:31.0415 5696 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
2011/08/06 10:39:31.0462 5696 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
2011/08/06 10:39:31.0602 5696 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\DRIVERS\pcmcia.sys
2011/08/06 10:39:31.0680 5696 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
2011/08/06 10:39:31.0930 5696 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
2011/08/06 10:39:31.0992 5696 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
2011/08/06 10:39:32.0148 5696 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
2011/08/06 10:39:32.0242 5696 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
2011/08/06 10:39:32.0382 5696 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
2011/08/06 10:39:32.0444 5696 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
2011/08/06 10:39:32.0554 5696 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
2011/08/06 10:39:32.0632 5696 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
2011/08/06 10:39:32.0694 5696 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
2011/08/06 10:39:32.0866 5696 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
2011/08/06 10:39:32.0944 5696 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
2011/08/06 10:39:32.0990 5696 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
2011/08/06 10:39:33.0100 5696 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
2011/08/06 10:39:33.0240 5696 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
2011/08/06 10:39:33.0334 5696 RDPWD (30bfbdfb7f95559ede971f9ddb9a00ba) C:\Windows\system32\drivers\RDPWD.sys
2011/08/06 10:39:33.0521 5696 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
2011/08/06 10:39:33.0599 5696 RTL8169 (904fd29ec1ff2709099ae2cd1c09a913) C:\Windows\system32\DRIVERS\Rtlh86.sys
2011/08/06 10:39:33.0739 5696 RTL8187B (e0ea9f5f94814f8a31f4b40175e1456e) C:\Windows\system32\DRIVERS\RTL8187B.sys
2011/08/06 10:39:33.0864 5696 RTSTOR (68180821fedebb2b373d83a2d8e4e16a) C:\Windows\system32\drivers\RTSTOR.SYS
2011/08/06 10:39:33.0926 5696 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
2011/08/06 10:39:33.0989 5696 sdbus (4339a2585708c7d9b0c0ce5aad3dd6ff) C:\Windows\system32\DRIVERS\sdbus.sys
2011/08/06 10:39:34.0114 5696 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
2011/08/06 10:39:34.0207 5696 Serenum (68e44e331d46f0fb38f0863a84cd1a31) C:\Windows\system32\drivers\serenum.sys
2011/08/06 10:39:34.0316 5696 Serial (c70d69a918b178d3c3b06339b40c2e1b) C:\Windows\system32\drivers\serial.sys
2011/08/06 10:39:34.0379 5696 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
2011/08/06 10:39:34.0457 5696 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
2011/08/06 10:39:34.0566 5696 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
2011/08/06 10:39:34.0597 5696 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
2011/08/06 10:39:34.0644 5696 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
2011/08/06 10:39:34.0706 5696 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
2011/08/06 10:39:34.0800 5696 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
2011/08/06 10:39:34.0862 5696 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
2011/08/06 10:39:34.0956 5696 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
2011/08/06 10:39:35.0143 5696 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
2011/08/06 10:39:35.0268 5696 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
2011/08/06 10:39:35.0408 5696 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
2011/08/06 10:39:35.0486 5696 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
2011/08/06 10:39:35.0627 5696 STHDA (513f70b6a184fe3765f679c5c64ea9e5) C:\Windows\system32\drivers\stwrt.sys
2011/08/06 10:39:35.0783 5696 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
2011/08/06 10:39:35.0845 5696 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
2011/08/06 10:39:35.0970 5696 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
2011/08/06 10:39:36.0079 5696 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
2011/08/06 10:39:36.0157 5696 SynTP (21470bf105b96ded47e99e1ee7495e8f) C:\Windows\system32\DRIVERS\SynTP.sys
2011/08/06 10:39:36.0360 5696 Tcpip (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\drivers\tcpip.sys
2011/08/06 10:39:36.0532 5696 Tcpip6 (a474879afa4a596b3a531f3e69730dbf) C:\Windows\system32\DRIVERS\tcpip.sys
2011/08/06 10:39:36.0688 5696 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
2011/08/06 10:39:36.0734 5696 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
2011/08/06 10:39:36.0781 5696 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
2011/08/06 10:39:36.0906 5696 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
2011/08/06 10:39:37.0000 5696 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
2011/08/06 10:39:37.0187 5696 tmactmon (de87a23d2ddc7378d1c7ab681e20de47) C:\Windows\system32\DRIVERS\tmactmon.sys
2011/08/06 10:39:37.0249 5696 tmcomm (540c2b5dc47651c572c2804dc72fdda8) C:\Windows\system32\DRIVERS\tmcomm.sys
2011/08/06 10:39:37.0421 5696 tmevtmgr (2de1fa64ebaff376f2c038f64492f62c) C:\Windows\system32\DRIVERS\tmevtmgr.sys
2011/08/06 10:39:37.0468 5696 tmtdi (5a61679b2277b9ad550e30479a69503b) C:\Windows\system32\DRIVERS\tmtdi.sys
2011/08/06 10:39:37.0561 5696 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
2011/08/06 10:39:37.0686 5696 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
2011/08/06 10:39:37.0780 5696 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
2011/08/06 10:39:37.0826 5696 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
2011/08/06 10:39:37.0982 5696 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
2011/08/06 10:39:38.0092 5696 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
2011/08/06 10:39:38.0138 5696 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
2011/08/06 10:39:38.0263 5696 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
2011/08/06 10:39:38.0326 5696 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
2011/08/06 10:39:38.0388 5696 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
2011/08/06 10:39:38.0544 5696 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
2011/08/06 10:39:38.0606 5696 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
2011/08/06 10:39:38.0716 5696 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
2011/08/06 10:39:38.0825 5696 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
2011/08/06 10:39:38.0934 5696 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
2011/08/06 10:39:38.0996 5696 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
2011/08/06 10:39:39.0184 5696 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
2011/08/06 10:39:39.0308 5696 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
2011/08/06 10:39:39.0418 5696 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
2011/08/06 10:39:39.0496 5696 vga (7d92be0028ecdedec74617009084b5ef) C:\Windows\system32\DRIVERS\vgapnp.sys
2011/08/06 10:39:39.0620 5696 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
2011/08/06 10:39:39.0683 5696 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
2011/08/06 10:39:39.0808 5696 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
2011/08/06 10:39:39.0839 5696 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
2011/08/06 10:39:39.0901 5696 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
2011/08/06 10:39:40.0057 5696 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
2011/08/06 10:39:40.0198 5696 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
2011/08/06 10:39:40.0338 5696 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
2011/08/06 10:39:40.0416 5696 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
2011/08/06 10:39:40.0478 5696 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/06 10:39:40.0494 5696 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
2011/08/06 10:39:40.0634 5696 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
2011/08/06 10:39:40.0697 5696 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
2011/08/06 10:39:41.0040 5696 WmiAcpi (2e7255d172df0b8283cdfb7b433b864e) C:\Windows\system32\DRIVERS\wmiacpi.sys
2011/08/06 10:39:41.0134 5696 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
2011/08/06 10:39:41.0227 5696 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
2011/08/06 10:39:41.0352 5696 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
2011/08/06 10:39:41.0414 5696 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
2011/08/06 10:39:41.0461 5696 Boot (0x1200) (6d47148093a450f8f17e77ccd7c2c98c) \Device\Harddisk0\DR0\Partition0
2011/08/06 10:39:41.0477 5696 Boot (0x1200) (8102f7719947c9b23086c434f20fdd52) \Device\Harddisk0\DR0\Partition1
2011/08/06 10:39:41.0492 5696 ================================================================================
2011/08/06 10:39:41.0492 5696 Scan finished
2011/08/06 10:39:41.0492 5696 ================================================================================
2011/08/06 10:39:41.0524 3532 Detected object count: 0
2011/08/06 10:39:41.0524 3532 Actual detected object count: 0


aswMBR version 0.9.8.978 Copyright(c) 2011 AVAST Software
Run date: 2011-08-06 10:40:51
-----------------------------
10:40:51.635 OS Version: Windows 6.0.6002 Service Pack 2
10:40:51.635 Number of processors: 2 586 0xF0D
10:40:51.635 ComputerName: AMBER-PC UserName: Amber
10:41:40.978 Initialize success
10:42:29.389 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
10:42:29.404 Disk 0 Vendor: Hitachi_ BBCO Size: 152627MB BusType: 3
10:42:29.435 Disk 0 MBR read successfully
10:42:29.435 Disk 0 MBR scan
10:42:29.435 Disk 0 Windows VISTA default MBR code
10:42:29.451 Disk 0 scanning sectors +312576705
10:42:29.529 Disk 0 scanning C:\Windows\system32\drivers
10:42:38.655 Service scanning
10:42:40.215 Modules scanning
10:42:50.870 Disk 0 trace - called modules:
10:42:50.901 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys
10:42:50.901 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85cb1ac8]
10:42:50.901 3 CLASSPNP.SYS[883a68b3] -> nt!IofCallDriver -> [0x84474760]
10:42:50.917 5 acpi.sys[806986bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x84476030]
10:42:50.917 Scan finished successfully
10:43:03.724 Disk 0 MBR has been saved successfully to "C:\Users\Amber\Documents\MBR.dat"
10:43:03.740 The log file has been saved successfully to "C:\Users\Amber\Documents\aswMBR.txt"
rulin8
Active Member
 
Posts: 13
Joined: July 31st, 2011, 1:39 pm

Re: Search Engine Results Redirected to Ads

Unread postby Jack&Jill » August 6th, 2011, 11:47 pm

Hello rulin8 :),

To completely remove AVG products after you uninstalled them, please download the AVG Remover. Click here. Choose the appropriate remover to be used from the list.

--------------------

Upload file(s) to VirusTotal (VT) for an online scan. Click here.
  • Click on the Browse button or the white box beside it. A File Upload prompt will open.
  • Copy and paste the following file and its path to upload:
    Code: Select all
    c:\users\Amber\ecpaugdsfk.tmp
  • Press Open, then Send file. The file will be uploaded for testing.
  • If there is any indication or prompt that the file has been scanned before, please proceed to have the file rescanned or reanalyzed.
  • Please wait for all the scanners to finish, then copy and paste the result into Notepad and save it to a convenient place.
  • Repeat for
    Code: Select all
    c:\programdata\fwcfg32.dll
    c:\programdata\AudioEng32.dll
    c:\windows\system32\AudioEng32.dll
  • Post the results in your next response.

Alternatively, if VirusTotal is busy or inaccessible, you may try Jotti or VirScan (VS) with similar steps.

A result from either one of the above scanners would be sufficient.

--------------------

You have Malwarebytes' Anti-Malware (MBAM) on your machine. I wish to take a look at the most recent log file. Open MBAM and click on the Logs tab. Open the file at the bottom of the list and post the contents back here. If there is no log or you have yet to run MBAM, please let me know.

Please post the contents of these files as well:
C:\qoobox\ComboFix2.txt
C:\Qoobox\ComboFix-quarantined-files.txt

--------------------

I see that you have some programs that are not recommended or not safe on board your computer. You may uninstall them through Add/Remove Programs at the Control Panel.

Viewpoint and/or its components

Viewpoint is not malware but considered as foistware since it is installed without consent through other softwares, most notably AOL and AOL Instant Messenger (AIM). For this reason, I recommend you to remove it.

Prevent Viewpoint from reinstall every time running AOL
  • Open AOL.
  • Go to Help on the toolbar.
  • Select About AOL.
  • Hit Ctrl D and a panel will appear, which will allow you to disable all desktop and IM features associated with Viewpoint.

--------------------

Please post back:
1. the results from VT
2. previous MBAM report
3. the two files from ComboFix
User avatar
Jack&Jill
MRU Emeritus
MRU Emeritus
 
Posts: 2284
Joined: August 19th, 2008, 5:37 am
Location: South East Asia

Re: Search Engine Results Redirected to Ads

Unread postby rulin8 » August 7th, 2011, 9:55 am

Jack&Jill,

I've uninstalled Viewpoint, AIM, and AVG. Below are the VT results, MBAM log, and ComboFix files. The VT results show "c:\programdata\fwcfg32.dll" and "c:\programdata\AudioEng32.dll" as the same file.

Thanks,
rulin8

19 VT Community user(s) with a total of 42114 reputation credit(s) say(s) this sample is goodware. 16 VT Community user(s) with a total of 13680 reputation credit(s) say(s) this sample is malware.
File name:
decks_start.php
Submission date:
2011-08-07 09:02:59 (UTC)
Current status:
finished
Result:
0 /42 (0.0%)

VT Community

goodware
Safety score: 75.5%
Compact
Print results
Antivirus Version Last Update Result
AntiVir 7.11.12.233 2011.08.05 -
Antiy-AVL 2.0.3.7 2011.08.06 -
Avast 4.8.1351.0 2011.08.06 -
Avast5 5.0.677.0 2011.08.06 -
AVG 10.0.0.1190 2011.08.07 -
BitDefender 7.2 2011.08.07 -
CAT-QuickHeal 11.00 2011.08.07 -
ClamAV 0.97.0.0 2011.08.06 -
Commtouch 5.3.2.6 2011.08.06 -
Comodo 9656 2011.08.07 -
DrWeb 5.0.2.03300 2011.08.06 -
Emsisoft 5.1.0.8 2011.08.07 -
eSafe 7.0.17.0 2011.08.04 -
eTrust-Vet 36.1.8486 2011.08.05 -
F-Prot 4.6.2.117 2011.08.06 -
F-Secure 9.0.16440.0 2011.08.07 -
Fortinet 4.2.257.0 2011.08.07 -
GData 22 2011.08.07 -
Ikarus T3.1.1.104.0 2011.08.07 -
Jiangmin 13.0.900 2011.08.06 -
K7AntiVirus 9.109.4973 2011.08.02 -
Kaspersky 9.0.0.837 2011.08.07 -
McAfee 5.400.0.1158 2011.08.07 -
McAfee-GW-Edition 2010.1D 2011.08.07 -
Microsoft 1.7104 2011.08.07 -
NOD32 6356 2011.08.07 -
Norman 6.07.10 2011.08.07 -
nProtect 2011-08-07.01 2011.08.07 -
Panda 10.0.3.5 2011.08.06 -
PCTools 8.0.0.5 2011.08.07 -
Prevx 3.0 2011.08.07 -
Rising 23.69.03.03 2011.08.04 -
Sophos 4.67.0 2011.08.07 -
SUPERAntiSpyware 4.40.0.1006 2011.08.06 -
Symantec 20111.2.0.82 2011.08.07 -
TheHacker 6.7.0.1.272 2011.08.06 -
TrendMicro 9.200.0.1012 2011.08.07 -
TrendMicro-HouseCall 9.200.0.1012 2011.08.07 -
VBA32 3.12.16.4 2011.08.06 -
VIPRE 10092 2011.08.07 -
ViRobot 2011.8.6.4609 2011.08.06 -
VirusBuster 14.0.155.0 2011.08.06 -
Additional information
Show all
MD5 : d41d8cd98f00b204e9800998ecf8427e
SHA1 : da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ssdeep: 3::
First seen: 2006-09-18 07:26:15
Last seen : 2011-08-07 09:02:59
Magic: empty
TrID:
Unknown!
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEiD: -
Prevx Info:
http://info.prevx.com/aboutprogramtext. ... 00E2E9DA3B
PDFiD:
['-', None, None]
Androguard:
-
ExifTool:
-
RDS: NSRL Reference Data Set

Earthlink Inc.
EarthLink, 5.06: Drafts, Inbox, Sent, Templates, Trash, Unsent_Messages, blogo.gi!, blogo.gi_, ns45_drafts, ns45_inbox, ns45_sent, ns45_templates, ns45_trash, ns45_unsent_messages, phonepref.txt

Red Orb
Riven, N/A: MSDN332.INF

Creative Wonders
Get Set to Learn, N/A: BD.CON, BF.CON, BG.CON, BL.CON, BN.CON, BNCON.WRI, CC.CON, CD.CON, DISK1, DISK2, DISK3, WOW.DRV

Intuit Inc.
Quicken, CD-Rom DeluxeEd: PREFREPT.BMP, PREFRPT2.BMP, PREFSMOD.BMP, PREFSWIN.BMP, PROGGRP1.BMP, PROGGRP2.BMP, PROGRUN.BMP, QCARD01.BMP, QCARD06.BMP, UGCHAP9.BMP
QuickBooks, 2001: blogo.gi!, blogo.gi_

NuSphere Corporation
MySQL, 1.13.7: .exists, API.bs, B.bs, Base64.bs, ByteLoader.bs, ChangeNotify.bs, Clipboard.bs, Console.bs, DBI.bs, DB_File.bs, DProf.bs, Dumper.bs, Embperl.bs, Event.bs, EventLog.bs, Fcntl.bs, FileSecurity.bs, GDBM_File.bs, Glob.bs, Hostname.bs, IO.bs, IPC.bs, Internet.bs, Leak.bs, MD2.bs, MD5.bs, Mutex.bs, NDBM_File.bs, Net.bs, NetAdmin.bs, NetResource.bs, ODBC.bs, ODBM_File.bs, OLE.bs, Opcode.bs, Oracle.bs, POSIX.bs, Peek.bs, PerfLib.bs, Pipe.bs, Process.bs, Registry.bs, SDBM_File.bs, SHA1.bs, Semaphore.bs, Service.bs, Shortcut.bs, Socket.bs, Sound.bs, Storable.bs, Symbol.bs, SysV.bs, Syslog.bs, Thread.bs, Win32.bs, WinError.bs, attrs.bs, carts.MYD, columns_priv.MYD, comments, host.MYD, images.MYD, mail, mrbs_entry.MYD, mrbs_repeat.MYD, mysql.bs, nomail, sessions.MYD, tables_priv.MYD, users.MYD, zlib.bs

Ideal link Inc.
Yourideallink.com, 3.0: rfc779.htm

Corel Corporation
Photo-Paint, N/A: iesetup.dir
Linux, NA: .FVWM95, .FVWM95RC, .TEXTSWRC, .TEXT_EXTRAS_MENU, .TTYSWRC, ADDGROUP, ANSI, AWK, AWK.1, CAPTOINFO, CBB-MAN, COMPILED, CONFIG, DIGITAL, DUMB, DYNALOADER, EDITOR, EDITOR.1, FDLIST, FDMOUNT.CONF, FDMOUNTD, FDUMOUNT, FUJITSU, GENKSYMS, INFOTOCAP, INIT-RESTART.HOOK, INIT.HOOK, IO, IO.BS, LASTB, LD-LINUX.000, LD-LINUX.SO, LIBAPT-PKG.001, LIBAPT-PKG.SO, LIBATTRGLYPH.001, LIBATTRGLYPH.SO, LIBATTRIBUTE.001, LIBATTRIBUTE.SO, LIBBROKENLOCALE.SO, LIBC.SO, LIBCOMGLYPH.001, LIBCOMGLYPH.SO, LIBCOMTERP.001, LIBCOMTERP.SO, LIBCOMUNIDRAW.001, LIBCOMUNIDRAW.SO, LIBCOMUTIL.001, LIBCOMUTIL.SO, LIBCOM_ERR.000, LIBCRYPT.SO, LIBDB.SO, LIBDL.000, LIBDL.SO, LIBDND++.SO, LIBDND.SO, LIBDPKG.000, LIBDPKG.001, LIBDRAWSERV.001, LIBDRAWSERV.SO, LIBE2P.000, LIBEXT2FS.000, LIBFORM.000, LIBFRAMEUNIDRAW.001, LIBFRAMEUNIDRAW.SO, LIBGDBM.000, LIBGDBM.001, LIBGIF.000, LIBGIF.SO, LIBGRAPHUNIDRAW.001, LIBGRAPHUNIDRAW.SO, LIBHISTORY.000, LIBICE.001, LIBICE.SO, LIBIV-COMMON.001, LIBIV-COMMON.SO, LIBIV.001, LIBIV.SO, LIBIVGLYPH.001, LIBIVGLYPH.SO, LIBJPEG.000, LIBJPEG.SO, LIBM.SO, LIBMAGICK.SO, LIBMENU.000, LIBMRM.001, LIBMRM.SO, LIBNSL.SO, LIBNSS_COMPAT.SO, LIBNSS_DB.SO, LIBNSS_DNS.SO, LIBNSS_FILES.SO, LIBNSS_NIS.SO, LIBOLGX.SO, LIBOVERLAYUNIDRAW.001, LIBOVERLAYUNIDRAW.SO, LIBPANEL.000, LIBPEX5.001, LIBPEX5.SO, LIBPTHREAD.SO, LIBQT.001, LIBQT.SO, LIBRESOLV.SO, LIBSLANG.000, LIBSM.001, LIBSM.SO, LIBSS.000, LIBSTDC++-LIBC6.0-1, LIBSTDC++-LIBC6.1-1, LIBSTDC++.001, LIBSTDC++.SO, LIBTIFF.SO, LIBTIME.001, LIBTIME.SO, LIBTOPOFACE.001, LIBTOPOFACE.SO, LIBUNGIF.SO, LIBUNIDRAW-COMMON.001, LIBUNIDRAW-COMMON.SO, LIBUNIDRAW.001, LIBUNIDRAW.SO, LIBUNIIDRAW.001, LIBUNIIDRAW.SO, LIBUTIL.SO, LIBUUID.000, LIBWRASTER.SO, LIBWXGRID_XT.SO, LIBWXTAB_XT.SO, LIBWX_XT.SO, LIBWX_XTTHREAD.SO, LIBWX_XTWIDGETS.SO, LIBX11.001, LIBX11.SO, LIBXAW.001, LIBXAW.SO, LIBXAW3D.001, LIBXAW3D.SO, LIBXEXT.001, LIBXEXT.SO, LIBXI.001, LIBXI.SO, LIBXIE.001, LIBXIE.SO, LIBXM.001, LIBXM.SO, LIBXMU.001, LIBXMU.SO, LIBXP.001, LIBXP.SO, LIBXPM.000, LIBXPM.SO, LIBXT.001, LIBXT.SO, LIBXTST.001, LIBXTST.SO, LIBXVIEW.SO, LIBZ.001, LIBZ.SO, LOCALE.ALIAS, MACINTOSH, MAIN-MENU-PRE.HOOK, MAIN-MENU.HOOK, MENUDEFS.HOOK, NAWK, NAWK.1, NEC, NEWXSERVER.XSERVER-VGA16, PAGER, PIDOF, POST.HOOK, POWEROFF, RAMSIZE, RBASH, RCLOCK, REBOOT, RESET, RMMOD, ROOTFLAGS, RXVT, RXVT-M, SCREEN, SCREEN-W, SECURITYPOLICY, SG, SGI, SHELLTOOL, SOCKET, SOCKET.BS, SONY, SUN, SWAPDEV, SWAPOFF, TABSET, TELINIT, TERMINFO, VI.1, VIDMODE, VIGR, VT100, VT102, VT220, VT52, W.1, X11R6, XDFFORMAT, XDM-CONFIG, XDVI, XF86CONFIG, XFTP, XINITRC, XKBCOMP, XSCREENSAVER, XSERVERRC, XSETBG, XSYSINFO, XTERM, XTERM-DEBIAN, XTERM-XFREE86
DRAW, 10 Trial: iesetup.dir

Microsoft
Commerce Server - Developer Edition, 2000: BLANK.TXT, blogo.gi!, blogo.gi_
Windows, 98 Second Ed.: empty.htm, logagent.exe, quartz.dll, tvxdup.001, vnetsup.vxd, xeno.avb
eMbedded Visual Tools, 3.0: BLANK DOCUMENT.PSW, BLANK NOTE.PWI, CD1.INF, FILEOSP.RC, chat.adm
Commerce Server Developer Edition, 2000: BLANK.TXT, blogo.gi!, blogo.gi_
Visio, 2000 SR-1 Versi: INSTALL.LOG
Internet Security and Acceleration Server - Enterprise Edition, 2000: cdrom_sp.tst
Visio Enterprise Edition, 2000 SR-1: install.log
Exchange Server Enterprise Edition, 2000: ROUTE.TBL

NIST
NSRL Test, 002: test1.txt, test1.z

Tivoli
Tivoli Manager, 1.6: MessagesD.properties, MessagesF.properties, MessagesJA.properties, access_log



0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.
File name:
fwcfg32.dll
Submission date:
2011-08-07 13:28:20 (UTC)
Current status:
queued queued analysing finished
Result:
1/ 43 (2.3%)

VT Community

not reviewed
Safety score: -
Compact
Print results
Antivirus Version Last Update Result
AhnLab-V3 2011.08.07.00 2011.08.07 -
AntiVir 7.11.12.233 2011.08.05 -
Antiy-AVL 2.0.3.7 2011.08.06 -
Avast 4.8.1351.0 2011.08.07 -
Avast5 5.0.677.0 2011.08.07 -
AVG 10.0.0.1190 2011.08.07 -
BitDefender 7.2 2011.08.07 -
CAT-QuickHeal 11.00 2011.08.07 -
ClamAV 0.97.0.0 2011.08.06 -
Commtouch 5.3.2.6 2011.08.06 -
Comodo 9662 2011.08.07 -
DrWeb 5.0.2.03300 2011.08.07 -
Emsisoft 5.1.0.8 2011.08.07 -
eSafe 7.0.17.0 2011.08.07 -
eTrust-Vet 36.1.8486 2011.08.05 -
F-Prot 4.6.2.117 2011.08.06 -
F-Secure 9.0.16440.0 2011.08.07 -
Fortinet 4.2.257.0 2011.08.07 -
GData 22 2011.08.07 -
Ikarus T3.1.1.104.0 2011.08.07 -
Jiangmin 13.0.900 2011.08.06 -
K7AntiVirus 9.109.4973 2011.08.02 -
Kaspersky 9.0.0.837 2011.08.07 -
McAfee 5.400.0.1158 2011.08.07 -
McAfee-GW-Edition 2010.1D 2011.08.07 -
Microsoft 1.7104 2011.08.07 -
NOD32 6357 2011.08.07 -
Norman 6.07.10 2011.08.07 -
nProtect 2011-08-07.01 2011.08.07 -
Panda 10.0.3.5 2011.08.07 -
PCTools 8.0.0.5 2011.08.07 -
Prevx 3.0 2011.08.07 -
Rising 23.69.03.03 2011.08.04 -
Sophos 4.67.0 2011.08.07 -
SUPERAntiSpyware 4.40.0.1006 2011.08.06 Rogue.Agent/Gen-Nullo[DLL]
Symantec 20111.2.0.82 2011.08.07 -
TheHacker 6.7.0.1.272 2011.08.06 -
TrendMicro 9.200.0.1012 2011.08.07 -
TrendMicro-HouseCall 9.200.0.1012 2011.08.07 -
VBA32 3.12.16.4 2011.08.06 -
VIPRE 10092 2011.08.07 -
ViRobot 2011.8.6.4609 2011.08.07 -
VirusBuster 14.0.155.0 2011.08.06 -
Additional information
Show all
MD5 : 60d0e4b5e55c9064baf2d9f635e4c3f6
SHA1 : 977e3b4c2d495180c784717c34d465f22b59a236
SHA256: 6b4dd24b048ecf4a817ddcc9455cb554362d22bddc980f1c702a032265ef9106
ssdeep: 192:P9kl0yWczMaiKvHtBPgRn/6JTly4scIUVT:P9kyyWUiK1BPbTly4VT
File size : 8899 bytes
First seen: 2011-08-07 13:28:20
Last seen : 2011-08-07 13:28:20
TrID:
Unknown!
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
ExifTool:
file metadata
Error: File format error
FileSize: 8.7 kB




0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.
File name:
fwcfg32.dll
Submission date:
2011-08-07 13:28:20 (UTC)
Current status:
finished
Result:
1 /43 (2.3%)

VT Community

not reviewed
Safety score: -
Compact
Print results
Antivirus Version Last Update Result
AhnLab-V3 2011.08.07.00 2011.08.07 -
AntiVir 7.11.12.233 2011.08.05 -
Antiy-AVL 2.0.3.7 2011.08.06 -
Avast 4.8.1351.0 2011.08.07 -
Avast5 5.0.677.0 2011.08.07 -
AVG 10.0.0.1190 2011.08.07 -
BitDefender 7.2 2011.08.07 -
CAT-QuickHeal 11.00 2011.08.07 -
ClamAV 0.97.0.0 2011.08.06 -
Commtouch 5.3.2.6 2011.08.06 -
Comodo 9662 2011.08.07 -
DrWeb 5.0.2.03300 2011.08.07 -
Emsisoft 5.1.0.8 2011.08.07 -
eSafe 7.0.17.0 2011.08.07 -
eTrust-Vet 36.1.8486 2011.08.05 -
F-Prot 4.6.2.117 2011.08.06 -
F-Secure 9.0.16440.0 2011.08.07 -
Fortinet 4.2.257.0 2011.08.07 -
GData 22 2011.08.07 -
Ikarus T3.1.1.104.0 2011.08.07 -
Jiangmin 13.0.900 2011.08.06 -
K7AntiVirus 9.109.4973 2011.08.02 -
Kaspersky 9.0.0.837 2011.08.07 -
McAfee 5.400.0.1158 2011.08.07 -
McAfee-GW-Edition 2010.1D 2011.08.07 -
Microsoft 1.7104 2011.08.07 -
NOD32 6357 2011.08.07 -
Norman 6.07.10 2011.08.07 -
nProtect 2011-08-07.01 2011.08.07 -
Panda 10.0.3.5 2011.08.07 -
PCTools 8.0.0.5 2011.08.07 -
Prevx 3.0 2011.08.07 -
Rising 23.69.03.03 2011.08.04 -
Sophos 4.67.0 2011.08.07 -
SUPERAntiSpyware 4.40.0.1006 2011.08.06 Rogue.Agent/Gen--o[DLL]
Symantec 20111.2.0.82 2011.08.07 -
TheHacker 6.7.0.1.272 2011.08.06 -
TrendMicro 9.200.0.1012 2011.08.07 -
TrendMicro-HouseCall 9.200.0.1012 2011.08.07 -
VBA32 3.12.16.4 2011.08.06 -
VIPRE 10092 2011.08.07 -
ViRobot 2011.8.6.4609 2011.08.07 -
VirusBuster 14.0.155.0 2011.08.06 -
Additional information
Show all
MD5 : 60d0e4b5e55c9064baf2d9f635e4c3f6
SHA1 : 977e3b4c2d495180c784717c34d465f22b59a236
SHA256: 6b4dd24b048ecf4a817ddcc9455cb554362d22bddc980f1c702a032265ef9106
ssdeep: 192:P9kl0yWczMaiKvHtBPgRn/6JTly4scIUVT:P9kyyWUiK1BPbTly4VT
File size : 8899 bytes
First seen: 2011-08-07 13:28:20
Last seen : 2011-08-07 13:28:20
Magic: data
TrID:
Unknown!
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
PEiD: -
Androguard:
-
ExifTool:
file metadata
Error: File format error
FileSize: 8.7 kB



0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.
File name:
ati2dvag32.dll
Submission date:
2011-08-07 03:24:25 (UTC)
Current status:
finished
Result:
24 /43 (55.8%)

VT Community

not reviewed
Safety score: -
Compact
Print results
Antivirus Version Last Update Result
AhnLab-V3 2011.08.06.00 2011.08.06 Trojan/Win32.BHO
AntiVir 7.11.12.233 2011.08.05 TR/Dldr.Tracur.Q.365
Antiy-AVL 2.0.3.7 2011.08.06 Trojan/win32.agent.gen
Avast 4.8.1351.0 2011.08.06 Win32:Dracur-F [Cryp]
Avast5 5.0.677.0 2011.08.06 Win32:Dracur-F [Cryp]
AVG 10.0.0.1190 2011.08.07 Generic23.CKSW
BitDefender 7.2 2011.08.07 Gen:Variant.Kazy.32801
CAT-QuickHeal 11.00 2011.08.06 -
ClamAV 0.97.0.0 2011.08.06 -
Commtouch 5.3.2.6 2011.08.06 -
Comodo 9654 2011.08.06 UnclassifiedMalware
DrWeb 5.0.2.03300 2011.08.06 -
Emsisoft 5.1.0.8 2011.08.06 Trojan-Downloader.Win32.Tracur!IK
eSafe 7.0.17.0 2011.08.04 -
eTrust-Vet 36.1.8486 2011.08.05 -
F-Prot 4.6.2.117 2011.08.06 -
F-Secure 9.0.16440.0 2011.08.06 Gen:Variant.Kazy.32801
Fortinet 4.2.257.0 2011.08.07 W32/BHO.BPCT!tr
GData 22 2011.08.07 Gen:Variant.Kazy.32801
Ikarus T3.1.1.104.0 2011.08.06 Trojan-Downloader.Win32.Tracur
Jiangmin 13.0.900 2011.08.06 Trojan/BHO.pel
K7AntiVirus 9.109.4973 2011.08.02 -
Kaspersky 9.0.0.837 2011.08.07 Trojan.Win32.BHO.bpct
McAfee 5.400.0.1158 2011.08.07 -
McAfee-GW-Edition 2010.1D 2011.08.07 -
Microsoft 1.7104 2011.08.06 TrojanDownloader:Win32/Tracur.Q
NOD32 6356 2011.08.07 -
Norman 6.07.10 2011.08.06 -
nProtect 2011-08-06.01 2011.08.06 Gen:Variant.Kazy.32801
Panda 10.0.3.5 2011.08.06 Generic Trojan
PCTools 8.0.0.5 2011.08.07 Trojan.Generic
Prevx 3.0 2011.08.07 -
Rising 23.69.03.03 2011.08.04 -
Sophos 4.67.0 2011.08.07 -
SUPERAntiSpyware 4.40.0.1006 2011.08.06 -
Symantec 20111.2.0.82 2011.08.07 Trojan Horse
TheHacker 6.7.0.1.272 2011.08.06 -
TrendMicro 9.200.0.1012 2011.08.06 TROJ_GEN.RC1C2H1
TrendMicro-HouseCall 9.200.0.1012 2011.08.07 TROJ_GEN.RC1C2H1
VBA32 3.12.16.4 2011.08.06 -
VIPRE 10090 2011.08.07 Trojan.Win32.Generic!BT
ViRobot 2011.8.6.4609 2011.08.06 -
VirusBuster 14.0.155.0 2011.08.06 Trojan.BHO!lVZ2w//ihdE
Additional information
Show all
MD5 : 2e9c03258944d2d30e484ad4b3cc1d07
SHA1 : 45f860ab3027e7617f2b493a135bbda3a0feaee3
SHA256: 09ada001080b1c324f14debd6c016ff1b1dde6ab80864396c447358df9c7c7bd
ssdeep: 6144:F/HELkOGO7ZcUGUEb786PFw2FkqnDsAs2tEDRciX+ao0FHp4ODOCMDM29u:96nGaEf3drl
DabRcW+ao0FHGZCMo29
File size : 343040 bytes
First seen: 2011-07-30 03:05:18
Last seen : 2011-08-07 03:24:25
Magic: PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
TrID:
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
VXD Driver (0.1%)
sigcheck:
publisher....: 3D Realms Entertainment
copyright....: Copyright (c) 2002 3D Realms Entertainment
product......:
description..: Bug management code adapted with permission from John Robbins_ Bugslayer Library
original name: BugHandler.DLL
internal name: BugHandler
file version.: 3.4.000
comments.....: Kill bugs dead.
signers......: -
signing date.: -
verified.....: Unsigned
PEiD: -
PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0x8062
timedatestamp....: 0x490A219D (Thu Oct 30 21:05:33 2008)
machinetype......: 0x14C (Intel I386)

[[ 8 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0x9000, 0x8800, 6.54, d7fd7aa09a4a60b97ece99a919d41c59
.data, 0xA000, 0x23000, 0x22C00, 7.46, df28181d85a78de000a002ee7301d0e6
.rdata, 0x2D000, 0x28000, 0x27200, 7.52, e91828342865ec451576d6efdf8f3146
.bss, 0x55000, 0x33000, 0x0, 0.0, d41d8cd98f00b204e9800998ecf8427e
.edata, 0x88000, 0x1000, 0x200, 1.95, 78f3fe4847a6a51d947c3719e4ee8b7e
.idata, 0x89000, 0x1000, 0x600, 4.32, a1ac453d38ea1ea70a256dc7522594a6
.rsrc, 0x8A000, 0x1000, 0x600, 2.82, 60aa7892863b0fc826f216a8d85a5846
.reloc, 0x8B000, 0x353, 0x400, 5.46, 65ef6842caac17aef03e16b16f994773

[[ 6 import(s) ]]
advapi32.dll: AbortSystemShutdownA, GetKernelObjectSecurity, ObjectDeleteAuditAlarmA
comctl32.dll: FlatSB_GetScrollInfo, -
kernel32.dll: LoadLibraryA, VirtualAlloc, VirtualFree, InterlockedDecrement, GetProcAddress, GetModuleHandleA, GetFileTime, ExitProcess, DeleteCriticalSection
msvcrt.dll: __p__commode, malloc, time, exit
ole32.dll: CoGetMalloc, CoTaskMemFree, IsAccelerator, IsEqualGUID, IsValidIid, StringFromGUID2, CoCreateGuid
user32.dll: ToUnicodeEx, UnhookWinEvent, TabbedTextOutA, EnumDisplayMonitors, CharToOemA, ChangeDisplaySettingsA, PostMessageW, PeekMessageW, OemToCharA, GetGuiResources, GetSystemMetrics, NotifyWinEvent

[[ 4 export(s) ]]
InaKjrDwoEZeapn, WxmsIeLUxMxtx, XquxffitTxhf, vuldvrfpctxswhKfNqoel
Androguard:
-
ExifTool:
file metadata
CharacterSet: Windows, Latin1
CodeSize: 36864
Comments: Kill bugs dead.
CompanyName: 3D Realms Entertainment
EntryPoint: 0x8062
FileDescription: Bug management code adapted with permission from John Robbins' Bugslayer Library
FileFlagsMask: 0x003f
FileOS: Win32
FileSize: 335 kB
FileSubtype: 0
FileType: Win32 DLL
FileVersion: 3.4.000
FileVersionNumber: 3.4.0.0
ImageVersion: 1.0
InitializedDataSize: 357376
InternalName: BugHandler
LanguageCode: English (U.S.)
LegalCopyright: Copyright 2002 3D Realms Entertainment
LinkerVersion: 2.38
MIMEType: application/octet-stream
MachineType: Intel 386 or later, and compatibles
OSVersion: 4.0
ObjectFileType: Dynamic link library
OriginalFilename: BugHandler.DLL
PEType: PE32
ProductName:
ProductVersion: 3.4.000
ProductVersionNumber: 3.4.0.0
Subsystem: Windows GUI
SubsystemVersion: 4.0
TimeStamp: 2008:10:30 22:05:33+01:00
UninitializedDataSize: 208896
Symantec reputation:Suspicious.Insight
F-Secure DeepGuard:Suspicious:W32/Malware!Online




Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7331

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.19088

7/31/2011 7:50:02 PM
mbam-log-2011-07-31 (19-50-02).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 392048
Time elapsed: 4 hour(s), 17 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\.fsharproj (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



ComboFix 11-07-31.01 - Amber 07/30/2011 22:37:59.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2038.938 [GMT -4:00]
Running from: c:\users\Amber\Desktop\ComboFix.exe
AV: Trend Micro Titanium *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Trend Micro Titanium *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Amber\AppData\Roaming\Mozilla\Firefox\Profiles\yegvf0ig.default\extensions\{fa540f90-5a77-4674-8bff-93576bba908d}
c:\users\Amber\AppData\Roaming\Mozilla\Firefox\Profiles\yegvf0ig.default\extensions\{fa540f90-5a77-4674-8bff-93576bba908d}\chrome.manifest
c:\users\Amber\AppData\Roaming\Mozilla\Firefox\Profiles\yegvf0ig.default\extensions\{fa540f90-5a77-4674-8bff-93576bba908d}\chrome\xulcache.jar
c:\users\Amber\AppData\Roaming\Mozilla\Firefox\Profiles\yegvf0ig.default\extensions\{fa540f90-5a77-4674-8bff-93576bba908d}\defaults\preferences\xulcache.js
c:\users\Amber\AppData\Roaming\Mozilla\Firefox\Profiles\yegvf0ig.default\extensions\{fa540f90-5a77-4674-8bff-93576bba908d}\install.rdf
c:\users\Thea\AppData\Roaming\Mozilla\Firefox\Profiles\4lgekejg.default\extensions\{fa540f90-5a77-4674-8bff-93576bba908d}
c:\users\Thea\AppData\Roaming\Mozilla\Firefox\Profiles\4lgekejg.default\extensions\{fa540f90-5a77-4674-8bff-93576bba908d}\chrome.manifest
c:\users\Thea\AppData\Roaming\Mozilla\Firefox\Profiles\4lgekejg.default\extensions\{fa540f90-5a77-4674-8bff-93576bba908d}\chrome\xulcache.jar
c:\users\Thea\AppData\Roaming\Mozilla\Firefox\Profiles\4lgekejg.default\extensions\{fa540f90-5a77-4674-8bff-93576bba908d}\defaults\preferences\xulcache.js
c:\users\Thea\AppData\Roaming\Mozilla\Firefox\Profiles\4lgekejg.default\extensions\{fa540f90-5a77-4674-8bff-93576bba908d}\install.rdf
c:\windows\system32\service
c:\windows\system32\service\10052011_TIS17_SfFniAU.log
D:\Autorun.inf
.
.
((((((((((((((((((((((((( Files Created from 2011-06-28 to 2011-07-31 )))))))))))))))))))))))))))))))
.
.
2011-07-31 02:55 . 2011-07-31 02:55 -------- d-----w- c:\users\Thea\AppData\Local\temp
2011-07-31 02:55 . 2011-07-31 02:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-30 22:23 . 2011-07-30 22:23 388096 ----a-r- c:\users\Amber\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-07-30 22:18 . 2011-07-30 22:18 -------- d-----w- c:\users\Amber\AppData\Roaming\Malwarebytes
2011-07-30 22:18 . 2011-07-06 23:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-30 22:18 . 2011-07-30 22:18 -------- d-----w- c:\programdata\Malwarebytes
2011-07-30 22:18 . 2011-07-30 22:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-30 22:18 . 2011-07-06 23:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-30 21:58 . 2011-07-30 21:58 8899 --sha-w- c:\programdata\fwcfg32.dll
2011-07-30 20:57 . 2011-07-30 20:57 8899 --sha-w- c:\programdata\AudioEng32.dll
2011-07-30 01:59 . 2011-07-30 01:59 343040 ----a-w- c:\windows\system32\AudioEng32.dll
2011-07-13 14:17 . 2011-04-20 15:55 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-07-13 14:17 . 2011-04-20 15:50 49152 ----a-w- c:\windows\system32\csrsrv.dll
2011-07-13 14:17 . 2011-06-02 13:34 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-07-05 01:40 . 2011-07-04 18:02 92112 ----a-w- c:\windows\system32\drivers\tmtdi.sys
2011-07-05 01:38 . 2011-07-04 18:02 64080 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys
2011-07-05 01:38 . 2011-07-04 18:02 189520 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2011-07-05 01:38 . 2011-07-04 18:02 80464 ----a-w- c:\windows\system32\drivers\tmactmon.sys
2011-07-05 01:30 . 2011-07-30 22:23 -------- d-----w- c:\program files\Trend Micro
2011-07-01 13:36 . 2011-07-01 13:36 -------- d-----w- c:\program files\Apple Software Update
2011-07-01 13:01 . 2011-07-01 13:01 -------- d-----w- c:\program files\iPod
2011-07-01 13:01 . 2011-07-01 13:35 -------- d-----w- c:\program files\iTunes
2011-07-01 12:51 . 2011-07-01 12:51 -------- d-----w- c:\program files\Bonjour
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-28 06:08 . 2011-06-16 18:40 916480 ----a-w- c:\windows\system32\wininet.dll
2011-05-28 06:04 . 2011-06-16 18:40 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-05-28 06:04 . 2011-06-16 18:40 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-05-28 06:04 . 2011-06-16 18:40 71680 ----a-w- c:\windows\system32\iesetup.dll
2011-05-28 06:04 . 2011-06-16 18:40 109056 ----a-w- c:\windows\system32\iesysprep.dll
2011-05-28 05:10 . 2011-06-16 18:40 385024 ----a-w- c:\windows\system32\html.iec
2011-05-28 04:33 . 2011-06-16 18:40 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2011-05-28 04:31 . 2011-06-16 18:40 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-05-02 17:16 . 2011-06-16 18:40 739328 ----a-w- c:\windows\system32\inetcomm.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{026E7739-861E-44EE-9AF7-63E922DDCC94}]
2011-07-30 01:59 343040 ----a-w- c:\windows\System32\AudioEng32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVD.exe" [2006-12-15 503296]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-02-12 174872]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-26 865840]
"Spare Backup"="c:\program files\Spare Backup\SpareBackup.exe" [2007-09-14 5252936]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-02 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-02 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-02 133656]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2005-05-19 57344]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-02-16 149280]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"lxbkbmgr.exe"="c:\program files\Lexmark X1100 Series\lxbkbmgr.exe" [2008-02-28 74408]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-07 421160]
"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2011-02-17 1111568]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2011-02-10 116752]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2007-07-13 40072]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BigFix.lnk - c:\program files\BigFix\bigfix.exe [2007-11-17 2342912]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Philips GoGear VIBE Device Manager.lnk - c:\philips\GoGear VIBE Device Manager\GoGear_Vibe_DeviceManager.exe [2010-7-19 1701224]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2010-11-30 608584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 Security Activity Dashboard Service;Security Activity Dashboard Service;c:\program files\Trend Micro\TrendSecure\SecurityActivityDashboard\tmarsvc.exe [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-07-06 41272]
R3 mr7911;Photo Viewer ;c:\windows\system32\DRIVERS\mr7911.sys [2008-05-24 39552]
R3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\DRIVERS\NETw2v32.sys [2006-11-02 2589184]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
S2 lxbk_device;lxbk_device;c:\windows\system32\lxbkcoms.exe [2008-02-19 537256]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [2011-07-04 64080]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-07-06 22712]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2007-07-18 281088]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.gateway.com/g/startpage.html ... B&M=MT6728
mStart Page = hxxp://broadband.zoomtown.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Amber\AppData\Roaming\Mozilla\Firefox\Profiles\yegvf0ig.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - Ext: Internet Video Downloader: {B728AB94-9BC7-49b7-B76A-422BB31B2FD0} - c:\program files\ArcSoft\Media Converter for Philips\Internet Video Downloader\Plugin_FireFox
FF - Ext: Trend Micro NSC Firefox Extension: {22C7F6C6-8D67-4534-92B5-529A0EC09405} - c:\program files\Trend Micro\AMSP\Module\20004\1.5.1464\6.6.1079\firefoxextension
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-NapsterShell - c:\program files\Napster\napster.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-30 22:56
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2011-07-30 23:01:23
ComboFix-quarantined-files.txt 2011-07-31 03:01
.
Pre-Run: 51,525,136,384 bytes free
Post-Run: 53,342,461,952 bytes free
.
- - End Of File - - 6C3EB75A709947A8F6A85BBEBBF88240




2011-07-31 02:59:44 . 2011-07-31 02:59:44 80 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-NapsterShell.reg.dat
2011-07-31 02:56:37 . 2004-04-30 09:01:00 53 ----a-w- C:\Qoobox\Quarantine\D\Autorun.inf.vir
2011-07-31 02:48:07 . 2011-07-31 02:48:07 5,830 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2011-07-31 02:34:32 . 2011-08-05 01:14:32 124 ----a-w- C:\Qoobox\Quarantine\catchme.log
2011-07-30 01:59:10 . 2011-07-30 01:59:10 134 ----a-w- C:\Qoobox\Quarantine\C\Users\Thea\AppData\Roaming\Mozilla\Firefox\Profiles\4lgekejg.default\extensions\{fa540f90-5a77-4674-8bff-93576bba908d}\chrome.manifest.vir
2011-07-30 01:59:10 . 2011-07-30 01:59:10 1,666 ----a-w- C:\Qoobox\Quarantine\C\Users\Thea\AppData\Roaming\Mozilla\Firefox\Profiles\4lgekejg.default\extensions\{fa540f90-5a77-4674-8bff-93576bba908d}\chrome\xulcache.jar.vir
2011-07-30 01:59:10 . 2011-07-30 01:59:10 256 ----a-w- C:\Qoobox\Quarantine\C\Users\Thea\AppData\Roaming\Mozilla\Firefox\Profiles\4lgekejg.default\extensions\{fa540f90-5a77-4674-8bff-93576bba908d}\defaults\preferences\xulcache.js.vir
2011-07-30 01:59:10 . 2011-07-30 01:59:10 771 ----a-w- C:\Qoobox\Quarantine\C\Users\Thea\AppData\Roaming\Mozilla\Firefox\Profiles\4lgekejg.default\extensions\{fa540f90-5a77-4674-8bff-93576bba908d}\install.rdf.vir
2011-07-30 01:59:10 . 2011-07-30 01:59:10 134 ----a-w- C:\Qoobox\Quarantine\C\Users\Amber\AppData\Roaming\Mozilla\Firefox\Profiles\yegvf0ig.default\extensions\{fa540f90-5a77-4674-8bff-93576bba908d}\chrome.manifest.vir
2011-07-30 01:59:09 . 2011-07-30 01:59:09 1,666 ----a-w- C:\Qoobox\Quarantine\C\Users\Amber\AppData\Roaming\Mozilla\Firefox\Profiles\yegvf0ig.default\extensions\{fa540f90-5a77-4674-8bff-93576bba908d}\chrome\xulcache.jar.vir
2011-07-30 01:59:09 . 2011-07-30 01:59:09 256 ----a-w- C:\Qoobox\Quarantine\C\Users\Amber\AppData\Roaming\Mozilla\Firefox\Profiles\yegvf0ig.default\extensions\{fa540f90-5a77-4674-8bff-93576bba908d}\defaults\preferences\xulcache.js.vir
2011-07-30 01:59:09 . 2011-07-30 01:59:09 771 ----a-w- C:\Qoobox\Quarantine\C\Users\Amber\AppData\Roaming\Mozilla\Firefox\Profiles\yegvf0ig.default\extensions\{fa540f90-5a77-4674-8bff-93576bba908d}\install.rdf.vir
2011-05-10 23:28:27 . 2011-05-10 23:28:28 928 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\Service\10052011_TIS17_SfFniAU.log.vir
rulin8
Active Member
 
Posts: 13
Joined: July 31st, 2011, 1:39 pm

Re: Search Engine Results Redirected to Ads

Unread postby Jack&Jill » August 7th, 2011, 9:02 pm

Hello rulin8 :),

The VT results show "c:\programdata\fwcfg32.dll" and "c:\programdata\AudioEng32.dll" as the same file.
OK, but there is another one c:\windows\system32\AudioEng32.dll that is not scanned. Could you get result for me?

--------------------

Please download SystemLook© by jpshortstuff from one of the links below and save it to your desktop.

Link 1 - 32-bit version
Link 2 - 32-bit version


  • Double click on SystemLook.exe to run it.
  • Copy and paste the following text into the main textfield:
    Code: Select all
    :filefind 
    ati2dvag32.dll
    
  • Click the Look button to start the scan. This might take a while.
  • When finished, a Notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The log can also be found at on your desktop as SystemLook.txt.

--------------------

Please download GooredFix© by jpshortstuff and save it to your desktop. Click here.

Run GooredFix
  • Close all Firefox windows and double click on GooredFix.exe to run it.
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections and a log will open. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt).

--------------------

Do an online scan with ESET Online Scanner.
Please be patient as scanning will take quite some time. If you have problem running the scan, you might want to disable any real time protection that you have.
  • Click here to go to ESET Online Scanner page.
  • Click on Run ESET Online Scanner. A new window will open.
    For FireFox user, you will need to download and install esetsmartinstaller_enu.exe. Click on it and save the file to a convenient location. Double click on it to install and a new window will open.
  • After reading through the Terms of Use, check YES, I accept the Terms of Use and click Start to begin scan.
  • You will be prompted to install an ActiveX Control from ESET. Please install.
  • At the Computer scan settings section, uncheck (untick) Remove found threats. <-- Important, do not remove anything yet.
  • Then, check Scan archives.
  • Now, click on Advanced settings and make sure all these are checked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click on Scan to proceed.
  • When done, the scan result will be shown. Look for C:\Program Files\ESET\ESET Online Scanner\log.txt and open the file.
  • Post the contents in your reply.

If the contents of log.txt do not reflect what is shown in the result window, click on List of found threats, then Export to text file..., save a file and post that instead.

--------------------

Please post back:
1. VT result for c:\windows\system32\AudioEng32.dll
2. SystemLook log
3. GooredLog
4. ESET online scan result
User avatar
Jack&Jill
MRU Emeritus
MRU Emeritus
 
Posts: 2284
Joined: August 19th, 2008, 5:37 am
Location: South East Asia

Re: Search Engine Results Redirected to Ads

Unread postby rulin8 » August 9th, 2011, 6:40 pm

Jack&Jill,

Guess I forgot to include the VT result for c:\windows\system32\AudioEng32.dll. It is included below, but note that the file name is "ati2dvag32.dll" instead of "AudioEng32.dll". Also included are SystemLook log, GooredLog, and ESET online scan result as requested.

Thanks,
rulin8

0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.
File name:
ati2dvag32.dll
Submission date:
2011-08-07 03:24:25 (UTC)
Current status:
finished
Result:
24 /43 (55.8%)

VT Community

not reviewed
Safety score: -
Compact
Print results
Antivirus Version Last Update Result
AhnLab-V3 2011.08.06.00 2011.08.06 Trojan/Win32.BHO
AntiVir 7.11.12.233 2011.08.05 TR/Dldr.Tracur.Q.365
Antiy-AVL 2.0.3.7 2011.08.06 Trojan/win32.agent.gen
Avast 4.8.1351.0 2011.08.06 Win32:Dracur-F [Cryp]
Avast5 5.0.677.0 2011.08.06 Win32:Dracur-F [Cryp]
AVG 10.0.0.1190 2011.08.07 Generic23.CKSW
BitDefender 7.2 2011.08.07 Gen:Variant.Kazy.32801
CAT-QuickHeal 11.00 2011.08.06 -
ClamAV 0.97.0.0 2011.08.06 -
Commtouch 5.3.2.6 2011.08.06 -
Comodo 9654 2011.08.06 UnclassifiedMalware
DrWeb 5.0.2.03300 2011.08.06 -
Emsisoft 5.1.0.8 2011.08.06 Trojan-Downloader.Win32.Tracur!IK
eSafe 7.0.17.0 2011.08.04 -
eTrust-Vet 36.1.8486 2011.08.05 -
F-Prot 4.6.2.117 2011.08.06 -
F-Secure 9.0.16440.0 2011.08.06 Gen:Variant.Kazy.32801
Fortinet 4.2.257.0 2011.08.07 W32/BHO.BPCT!tr
GData 22 2011.08.07 Gen:Variant.Kazy.32801
Ikarus T3.1.1.104.0 2011.08.06 Trojan-Downloader.Win32.Tracur
Jiangmin 13.0.900 2011.08.06 Trojan/BHO.pel
K7AntiVirus 9.109.4973 2011.08.02 -
Kaspersky 9.0.0.837 2011.08.07 Trojan.Win32.BHO.bpct
McAfee 5.400.0.1158 2011.08.07 -
McAfee-GW-Edition 2010.1D 2011.08.07 -
Microsoft 1.7104 2011.08.06 TrojanDownloader:Win32/Tracur.Q
NOD32 6356 2011.08.07 -
Norman 6.07.10 2011.08.06 -
nProtect 2011-08-06.01 2011.08.06 Gen:Variant.Kazy.32801
Panda 10.0.3.5 2011.08.06 Generic Trojan
PCTools 8.0.0.5 2011.08.07 Trojan.Generic
Prevx 3.0 2011.08.07 -
Rising 23.69.03.03 2011.08.04 -
Sophos 4.67.0 2011.08.07 -
SUPERAntiSpyware 4.40.0.1006 2011.08.06 -
Symantec 20111.2.0.82 2011.08.07 Trojan Horse
TheHacker 6.7.0.1.272 2011.08.06 -
TrendMicro 9.200.0.1012 2011.08.06 TROJ_GEN.RC1C2H1
TrendMicro-HouseCall 9.200.0.1012 2011.08.07 TROJ_GEN.RC1C2H1
VBA32 3.12.16.4 2011.08.06 -
VIPRE 10090 2011.08.07 Trojan.Win32.Generic!BT
ViRobot 2011.8.6.4609 2011.08.06 -
VirusBuster 14.0.155.0 2011.08.06 Trojan.BHO!lVZ2w//ihdE
Additional information
Show all
MD5 : 2e9c03258944d2d30e484ad4b3cc1d07
SHA1 : 45f860ab3027e7617f2b493a135bbda3a0feaee3
SHA256: 09ada001080b1c324f14debd6c016ff1b1dde6ab80864396c447358df9c7c7bd
ssdeep: 6144:F/HELkOGO7ZcUGUEb786PFw2FkqnDsAs2tEDRciX+ao0FHp4ODOCMDM29u:96nGaEf3drl
DabRcW+ao0FHGZCMo29
File size : 343040 bytes
First seen: 2011-07-30 03:05:18
Last seen : 2011-08-07 03:24:25
Magic: PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bit
TrID:
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
VXD Driver (0.1%)
sigcheck:
publisher....: 3D Realms Entertainment
copyright....: Copyright (c) 2002 3D Realms Entertainment
product......:
description..: Bug management code adapted with permission from John Robbins_ Bugslayer Library
original name: BugHandler.DLL
internal name: BugHandler
file version.: 3.4.000
comments.....: Kill bugs dead.
signers......: -
signing date.: -
verified.....: Unsigned
PEiD: -
PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0x8062
timedatestamp....: 0x490A219D (Thu Oct 30 21:05:33 2008)
machinetype......: 0x14C (Intel I386)

[[ 8 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0x9000, 0x8800, 6.54, d7fd7aa09a4a60b97ece99a919d41c59
.data, 0xA000, 0x23000, 0x22C00, 7.46, df28181d85a78de000a002ee7301d0e6
.rdata, 0x2D000, 0x28000, 0x27200, 7.52, e91828342865ec451576d6efdf8f3146
.bss, 0x55000, 0x33000, 0x0, 0.0, d41d8cd98f00b204e9800998ecf8427e
.edata, 0x88000, 0x1000, 0x200, 1.95, 78f3fe4847a6a51d947c3719e4ee8b7e
.idata, 0x89000, 0x1000, 0x600, 4.32, a1ac453d38ea1ea70a256dc7522594a6
.rsrc, 0x8A000, 0x1000, 0x600, 2.82, 60aa7892863b0fc826f216a8d85a5846
.reloc, 0x8B000, 0x353, 0x400, 5.46, 65ef6842caac17aef03e16b16f994773

[[ 6 import(s) ]]
advapi32.dll: AbortSystemShutdownA, GetKernelObjectSecurity, ObjectDeleteAuditAlarmA
comctl32.dll: FlatSB_GetScrollInfo, -
kernel32.dll: LoadLibraryA, VirtualAlloc, VirtualFree, InterlockedDecrement, GetProcAddress, GetModuleHandleA, GetFileTime, ExitProcess, DeleteCriticalSection
msvcrt.dll: __p__commode, malloc, time, exit
ole32.dll: CoGetMalloc, CoTaskMemFree, IsAccelerator, IsEqualGUID, IsValidIid, StringFromGUID2, CoCreateGuid
user32.dll: ToUnicodeEx, UnhookWinEvent, TabbedTextOutA, EnumDisplayMonitors, CharToOemA, ChangeDisplaySettingsA, PostMessageW, PeekMessageW, OemToCharA, GetGuiResources, GetSystemMetrics, NotifyWinEvent

[[ 4 export(s) ]]
InaKjrDwoEZeapn, WxmsIeLUxMxtx, XquxffitTxhf, vuldvrfpctxswhKfNqoel
Androguard:
-
ExifTool:
file metadata
CharacterSet: Windows, Latin1
CodeSize: 36864
Comments: Kill bugs dead.
CompanyName: 3D Realms Entertainment
EntryPoint: 0x8062
FileDescription: Bug management code adapted with permission from John Robbins' Bugslayer Library
FileFlagsMask: 0x003f
FileOS: Win32
FileSize: 335 kB
FileSubtype: 0
FileType: Win32 DLL
FileVersion: 3.4.000
FileVersionNumber: 3.4.0.0
ImageVersion: 1.0
InitializedDataSize: 357376
InternalName: BugHandler
LanguageCode: English (U.S.)
LegalCopyright: Copyright 2002 3D Realms Entertainment
LinkerVersion: 2.38
MIMEType: application/octet-stream
MachineType: Intel 386 or later, and compatibles
OSVersion: 4.0
ObjectFileType: Dynamic link library
OriginalFilename: BugHandler.DLL
PEType: PE32
ProductName:
ProductVersion: 3.4.000
ProductVersionNumber: 3.4.0.0
Subsystem: Windows GUI
SubsystemVersion: 4.0
TimeStamp: 2008:10:30 22:05:33+01:00
UninitializedDataSize: 208896
Symantec reputation:Suspicious.Insight
F-Secure DeepGuard:Suspicious:W32/Malware!Online


SystemLook 30.07.11 by jpshortstuff
Log created at 19:51 on 08/08/2011 by Amber
Administrator - Elevation successful

No Context: Code:

========== filefind ==========

Searching for "ati2dvag32.dll"
No files found.

-= EOF =-



GooredFix by jpshortstuff (03.07.10.1)
Log created at 20:23 on 08/08/2011 (Amber)
Firefox version 3.6.18 (en-US)

========== GooredScan ==========

Deleting "C:\Users\Amber\Application Data\Mozilla\Firefox\Profiles\yegvf0ig.default\extensions\{04a0389c-ac08-4cf4-9b2f-e599d629ae3a}" -> Success!
Deleting "C:\Users\Amber\Application Data\Mozilla\Firefox\Profiles\yegvf0ig.default\extensions\{80728f79-b8e6-4e58-8377-837dec4868f2}" -> Success!
Deleting "C:\Users\Amber\Application Data\Mozilla\Firefox\Profiles\yegvf0ig.default\extensions\{b17d411c-f4f5-4748-bbbd-e7f5e138cb5f}" -> Success!

========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [16:21 10/01/2009]
{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} [18:02 16/02/2010]

C:\Users\Amber\Application Data\Mozilla\Firefox\Profiles\yegvf0ig.default\extensions\
{20a82645-c095-46ed-80e3-08825760534b} [00:40 27/06/2010]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" [15:15 04/07/2009]
"smartwebprinting@hp.com"="C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3" [00:02 06/02/2010]
"{B728AB94-9BC7-49b7-B76A-422BB31B2FD0}"="C:\Program Files\ArcSoft\Media Converter for Philips\Internet Video Downloader\Plugin_FireFox" [00:56 20/07/2010]
"{22C7F6C6-8D67-4534-92B5-529A0EC09405}"="C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1464\6.6.1079\firefoxextension\" [01:55 05/07/2011]

-=E.O.F=-



ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=47e36591a4fca6498c7381162e7b4fa5
# end=stopped
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-08-09 12:37:49
# local_time=2011-08-08 08:37:49 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 698786 698786 0 0
# compatibility_mode=1026 16777214 0 2 96052725 96052725 0 0
# compatibility_mode=5892 16776573 100 100 46513624 149457327 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=17618
# found=0
# cleaned=0
# scan_time=469
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=47e36591a4fca6498c7381162e7b4fa5
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2011-08-09 03:28:00
# local_time=2011-08-08 11:28:00 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 699312 699312 0 0
# compatibility_mode=1026 16777214 0 2 96053251 96053251 0 0
# compatibility_mode=5892 16776573 100 100 46514150 149457853 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=225148
# found=17
# cleaned=0
# scan_time=10155
C:\Qoobox\Quarantine\C\Users\Amber\AppData\Roaming\Mozilla\Firefox\Profiles\yegvf0ig.default\extensions\{fa540f90-5a77-4674-8bff-93576bba908d}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Users\Amber\AppData\Roaming\Mozilla\Firefox\Profiles\yegvf0ig.default\extensions\{fa540f90-5a77-4674-8bff-93576bba908d}\chrome\xulcache.jar.vir JS/Agent.NDJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Users\Thea\AppData\Roaming\Mozilla\Firefox\Profiles\4lgekejg.default\extensions\{fa540f90-5a77-4674-8bff-93576bba908d}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan (unable to clean) 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\Users\Thea\AppData\Roaming\Mozilla\Firefox\Profiles\4lgekejg.default\extensions\{fa540f90-5a77-4674-8bff-93576bba908d}\chrome\xulcache.jar.vir JS/Agent.NDJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Amber\Desktop\GooredFix Backups\C\Users\Amber\Application Data\Mozilla\Firefox\Profiles\yegvf0ig.default\extensions\{04a0389c-ac08-4cf4-9b2f-e599d629ae3a}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Amber\Desktop\GooredFix Backups\C\Users\Amber\Application Data\Mozilla\Firefox\Profiles\yegvf0ig.default\extensions\{04a0389c-ac08-4cf4-9b2f-e599d629ae3a}\chrome\xulcache.jar JS/Agent.NDJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Amber\Desktop\GooredFix Backups\C\Users\Amber\Application Data\Mozilla\Firefox\Profiles\yegvf0ig.default\extensions\{80728f79-b8e6-4e58-8377-837dec4868f2}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Amber\Desktop\GooredFix Backups\C\Users\Amber\Application Data\Mozilla\Firefox\Profiles\yegvf0ig.default\extensions\{80728f79-b8e6-4e58-8377-837dec4868f2}\chrome\xulcache.jar JS/Agent.NDJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Amber\Desktop\GooredFix Backups\C\Users\Amber\Application Data\Mozilla\Firefox\Profiles\yegvf0ig.default\extensions\{b17d411c-f4f5-4748-bbbd-e7f5e138cb5f}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Amber\Desktop\GooredFix Backups\C\Users\Amber\Application Data\Mozilla\Firefox\Profiles\yegvf0ig.default\extensions\{b17d411c-f4f5-4748-bbbd-e7f5e138cb5f}\chrome\xulcache.jar JS/Agent.NDJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Thea\AppData\Roaming\Mozilla\Firefox\Profiles\4lgekejg.default\extensions\{04a0389c-ac08-4cf4-9b2f-e599d629ae3a}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Thea\AppData\Roaming\Mozilla\Firefox\Profiles\4lgekejg.default\extensions\{04a0389c-ac08-4cf4-9b2f-e599d629ae3a}\chrome\xulcache.jar JS/Agent.NDJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Thea\AppData\Roaming\Mozilla\Firefox\Profiles\4lgekejg.default\extensions\{80728f79-b8e6-4e58-8377-837dec4868f2}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Thea\AppData\Roaming\Mozilla\Firefox\Profiles\4lgekejg.default\extensions\{80728f79-b8e6-4e58-8377-837dec4868f2}\chrome\xulcache.jar JS/Agent.NDJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Thea\AppData\Roaming\Mozilla\Firefox\Profiles\4lgekejg.default\extensions\{b17d411c-f4f5-4748-bbbd-e7f5e138cb5f}\chrome.manifest Win32/TrojanDownloader.Tracur.F trojan (unable to clean) 00000000000000000000000000000000 I
C:\Users\Thea\AppData\Roaming\Mozilla\Firefox\Profiles\4lgekejg.default\extensions\{b17d411c-f4f5-4748-bbbd-e7f5e138cb5f}\chrome\xulcache.jar JS/Agent.NDJ trojan (unable to clean) 00000000000000000000000000000000 I
C:\Windows\System32\AudioEng32.dll a variant of Win32/Kryptik.QXW trojan (unable to clean) 00000000000000000000000000000000 I
rulin8
Active Member
 
Posts: 13
Joined: July 31st, 2011, 1:39 pm

Re: Search Engine Results Redirected to Ads

Unread postby Jack&Jill » August 9th, 2011, 9:02 pm

Hello rulin8 :),

Please delete the copy of ComboFix that you have.

Please download ComboFix from one of the links below and save it to your desktop.

Link 1
Link 2

Do not mouse click on ComboFix while it is running. That may cause it to stall. ComboFix is a powerful tool and must not be used without supervision.

Run ComboFix
  • Please disable your real time protection of any Antivirus, Antispyware or Antimalware programs temporarily when running ComboFix. They will interfere and may cause unexpected results.
  • If you need help to disable your protection programs see here and here.
  • Open Notepad. Copy and paste the following text into it:
    Code: Select all
    http://malwareremoval.com/forum/viewtopic.php?f=11&t=57567
    Collect::
    c:\windows\System32\AudioEng32.dll
    c:\programdata\fwcfg32.dll
    c:\programdata\AudioEng32.dll
    
    File::
    c:\users\Amber\ecpaugdsfk.tmp
    
    Folder::
    C:\Users\Thea\AppData\Roaming\Mozilla\Firefox\Profiles\4lgekejg.default\extensions\{04a0389c-ac08-4cf4-9b2f-e599d629ae3a}
    C:\Users\Thea\AppData\Roaming\Mozilla\Firefox\Profiles\4lgekejg.default\extensions\{80728f79-b8e6-4e58-8377-837dec4868f2}
    C:\Users\Thea\AppData\Roaming\Mozilla\Firefox\Profiles\4lgekejg.default\extensions\{b17d411c-f4f5-4748-bbbd-e7f5e138cb5f}
    
    Registry::
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000000
    
    RegLock::
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

  • Save it as CFScript.txt at the desktop. Make sure the Save as type: is All Files (*.*).
  • Go to Start > Run.... Copy and paste the following text into the white box:
    Code: Select all
    "%userprofile%\desktop\ComboFix.exe" "%userprofile%\desktop\CFScript.txt"
  • Click OK. ComboFix will now run a scan on your system.
  • ComboFix will also ask to upload some bad files for analysis. Please follow the steps accordingly.
  • When finished, a log will be produced as C:\ComboFix.txt. Please post this log in your next reply.
  • If you lose Internet connection after running ComboFix, right click on the network icon at the system tray and select Repair, or you can reboot the computer.
  • Enable back your security softwares as soon as you completed the ComboFix steps.

A detailed step by step tutorial to run ComboFix can be found here if you need help.

A word of warning: Please do not run ComboFix on your own. This tool is not a toy and not for everyday use. Do not mouse click on ComboFix while it is running. That may cause it to stall.

--------------------

Please post back:
1. the ComboFix log
User avatar
Jack&Jill
MRU Emeritus
MRU Emeritus
 
Posts: 2284
Joined: August 19th, 2008, 5:37 am
Location: South East Asia

Re: Search Engine Results Redirected to Ads

Unread postby rulin8 » August 10th, 2011, 9:50 pm

Jack&Jill,

The ComboFix log is below.

ComboFix 11-08-10.03 - Amber 08/10/2011 21:01:03.3.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2038.857 [GMT -4:00]
Running from: c:\users\Amber\Desktop\ComboFix.exe
Command switches used :: c:\users\Amber\desktop\CFScript.txt
AV: Trend Micro Titanium *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Trend Micro Titanium *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Amber\ecpaugdsfk.tmp
c:\users\Thea\AppData\Roaming\Mozilla\Firefox\Profiles\4lgekejg.default\extensions\{04a0389c-ac08-4cf4-9b2f-e599d629ae3a}
c:\users\Thea\AppData\Roaming\Mozilla\Firefox\Profiles\4lgekejg.default\extensions\{04a0389c-ac08-4cf4-9b2f-e599d629ae3a}\chrome.manifest
c:\users\Thea\AppData\Roaming\Mozilla\Firefox\Profiles\4lgekejg.default\extensions\{04a0389c-ac08-4cf4-9b2f-e599d629ae3a}\chrome\xulcache.jar
c:\users\Thea\AppData\Roaming\Mozilla\Firefox\Profiles\4lgekejg.default\extensions\{04a0389c-ac08-4cf4-9b2f-e599d629ae3a}\defaults\preferences\xulcache.js
c:\users\Thea\AppData\Roaming\Mozilla\Firefox\Profiles\4lgekejg.default\extensions\{04a0389c-ac08-4cf4-9b2f-e599d629ae3a}\install.rdf
c:\users\Thea\AppData\Roaming\Mozilla\Firefox\Profiles\4lgekejg.default\extensions\{80728f79-b8e6-4e58-8377-837dec4868f2}
c:\users\Thea\AppData\Roaming\Mozilla\Firefox\Profiles\4lgekejg.default\extensions\{80728f79-b8e6-4e58-8377-837dec4868f2}\chrome.manifest
c:\users\Thea\AppData\Roaming\Mozilla\Firefox\Profiles\4lgekejg.default\extensions\{80728f79-b8e6-4e58-8377-837dec4868f2}\chrome\xulcache.jar
c:\users\Thea\AppData\Roaming\Mozilla\Firefox\Profiles\4lgekejg.default\extensions\{80728f79-b8e6-4e58-8377-837dec4868f2}\defaults\preferences\xulcache.js
c:\users\Thea\AppData\Roaming\Mozilla\Firefox\Profiles\4lgekejg.default\extensions\{80728f79-b8e6-4e58-8377-837dec4868f2}\install.rdf
c:\users\Thea\AppData\Roaming\Mozilla\Firefox\Profiles\4lgekejg.default\extensions\{b17d411c-f4f5-4748-bbbd-e7f5e138cb5f}
c:\users\Thea\AppData\Roaming\Mozilla\Firefox\Profiles\4lgekejg.default\extensions\{b17d411c-f4f5-4748-bbbd-e7f5e138cb5f}\chrome.manifest
c:\users\Thea\AppData\Roaming\Mozilla\Firefox\Profiles\4lgekejg.default\extensions\{b17d411c-f4f5-4748-bbbd-e7f5e138cb5f}\chrome\xulcache.jar
c:\users\Thea\AppData\Roaming\Mozilla\Firefox\Profiles\4lgekejg.default\extensions\{b17d411c-f4f5-4748-bbbd-e7f5e138cb5f}\defaults\preferences\xulcache.js
c:\users\Thea\AppData\Roaming\Mozilla\Firefox\Profiles\4lgekejg.default\extensions\{b17d411c-f4f5-4748-bbbd-e7f5e138cb5f}\install.rdf
.
.
((((((((((((((((((((((((( Files Created from 2011-07-11 to 2011-08-11 )))))))))))))))))))))))))))))))
.
.
2011-08-11 01:18 . 2011-08-11 01:19 -------- d-----w- c:\users\Amber\AppData\Local\temp
2011-08-11 01:18 . 2011-08-11 01:18 -------- d-----w- c:\users\Thea\AppData\Local\temp
2011-08-11 01:18 . 2011-08-11 01:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-09 16:25 . 2011-07-20 13:44 6881616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{72B0F37E-C3F9-481F-9B11-B1D20E2ED310}\mpengine.dll
2011-08-09 16:25 . 2011-05-24 23:14 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-08-09 00:24 . 2011-08-09 00:24 -------- d-----w- c:\program files\ESET
2011-08-07 13:25 . 2011-08-07 13:25 -------- d-----w- c:\program files\VirusTotalUploader2
2011-08-07 12:53 . 2011-08-07 12:53 -------- d-----w- c:\users\Amber\AppData\Local\AOL
2011-08-05 01:32 . 2011-08-05 01:32 -------- d-----w- c:\users\Amber\AppData\Local\WinZip
2011-07-31 03:09 . 2008-01-02 21:33 172032 ----a-w- c:\windows\system32\igfxres.dll
2011-07-30 22:23 . 2011-07-30 22:23 388096 ----a-r- c:\users\Amber\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-07-30 22:18 . 2011-07-30 22:18 -------- d-----w- c:\users\Amber\AppData\Roaming\Malwarebytes
2011-07-30 22:18 . 2011-07-06 23:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-30 22:18 . 2011-07-30 22:18 -------- d-----w- c:\programdata\Malwarebytes
2011-07-30 22:18 . 2011-07-30 22:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-30 22:18 . 2011-07-06 23:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-30 21:58 . 2011-07-30 21:58 8899 --sha-w- c:\programdata\fwcfg32.dll
2011-07-30 20:57 . 2011-07-30 20:57 8899 --sha-w- c:\programdata\AudioEng32.dll
2011-07-30 01:59 . 2011-07-30 01:59 343040 ----a-w- c:\windows\system32\AudioEng32.dll
2011-07-13 14:17 . 2011-04-20 15:55 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-07-13 14:17 . 2011-04-20 15:50 49152 ----a-w- c:\windows\system32\csrsrv.dll
2011-07-13 14:17 . 2011-06-02 13:34 2043392 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-04 18:02 . 2011-07-05 01:40 92112 ----a-w- c:\windows\system32\drivers\tmtdi.sys
2011-07-04 18:02 . 2011-07-05 01:38 64080 ----a-w- c:\windows\system32\drivers\tmevtmgr.sys
2011-07-04 18:02 . 2011-07-05 01:38 189520 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2011-07-04 18:02 . 2011-07-05 01:38 80464 ----a-w- c:\windows\system32\drivers\tmactmon.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{026E7739-861E-44EE-9AF7-63E922DDCC94}]
2011-07-30 01:59 343040 ----a-w- c:\windows\System32\AudioEng32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"AnyDVD"="c:\program files\SlySoft\AnyDVD\AnyDVD.exe" [2006-12-15 503296]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-02-12 174872]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-04-26 865840]
"Spare Backup"="c:\program files\Spare Backup\SpareBackup.exe" [2007-09-14 5252936]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-01-02 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-01-02 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-01-02 133656]
"CloneCDTray"="c:\program files\SlySoft\CloneCD\CloneCDTray.exe" [2005-05-19 57344]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-02-16 149280]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"lxbkbmgr.exe"="c:\program files\Lexmark X1100 Series\lxbkbmgr.exe" [2008-02-28 74408]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-07 421160]
"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2011-02-17 1111568]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2011-02-10 116752]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Launcher"="c:\windows\SMINST\launcher.exe" [2007-07-13 40072]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
BigFix.lnk - c:\program files\BigFix\bigfix.exe [2007-11-17 2342912]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
Philips GoGear VIBE Device Manager.lnk - c:\philips\GoGear VIBE Device Manager\GoGear_Vibe_DeviceManager.exe [2010-7-19 1701224]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2010-11-30 608584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 Security Activity Dashboard Service;Security Activity Dashboard Service;c:\program files\Trend Micro\TrendSecure\SecurityActivityDashboard\tmarsvc.exe [x]
R3 mr7911;Photo Viewer ;c:\windows\system32\DRIVERS\mr7911.sys [2008-05-24 39552]
R3 NETw2v32;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\DRIVERS\NETw2v32.sys [2006-11-02 2589184]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
S2 lxbk_device;lxbk_device;c:\windows\system32\lxbkcoms.exe [2008-02-19 537256]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [2011-07-04 64080]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-07-06 22712]
S3 RTL8187B;Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [2007-07-18 281088]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.gateway.com/g/startpage.html ... B&M=MT6728
mStart Page = hxxp://broadband.zoomtown.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Amber\AppData\Roaming\Mozilla\Firefox\Profiles\yegvf0ig.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: HP Smart Web Printing: smartwebprinting@hp.com - c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - Ext: Internet Video Downloader: {B728AB94-9BC7-49b7-B76A-422BB31B2FD0} - c:\program files\ArcSoft\Media Converter for Philips\Internet Video Downloader\Plugin_FireFox
FF - Ext: Trend Micro NSC Firefox Extension: {22C7F6C6-8D67-4534-92B5-529A0EC09405} - c:\program files\Trend Micro\AMSP\Module\20004\1.5.1464\6.6.1079\firefoxextension
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-10 21:18
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2011-08-10 21:23:41
ComboFix-quarantined-files.txt 2011-08-11 01:23
ComboFix2.txt 2011-08-05 01:24
ComboFix3.txt 2011-07-31 03:01
.
Pre-Run: 49,500,651,520 bytes free
Post-Run: 49,457,631,232 bytes free
.
- - End Of File - - 8A94D60AF62FB7E1231D216C5B216631
rulin8
Active Member
 
Posts: 13
Joined: July 31st, 2011, 1:39 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: pgmigg and 46 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware