Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

possible browser hijack help please

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

possible browser hijack help please

Unread postby sgf909 » October 29th, 2011, 9:25 pm

Hi,

My browser(chrome) has been sending me to some strange places. Microsoft Security Essentials has also been detecting, and trying to remove, a handful of malware over the past couple days.

Exploit:Java/Blacole.A (and .W .X .Y .Z)
TrojanDownloader:Win32/unruy.H
PWS:Win32/Zbot
Exploit:HTML/IframeRef.Z

Thanks in advance.


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by dave at 19:06:19 on 2011-10-29
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4095.1925 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\Explorer.EXE
C:\Windows\SysWOW64\svchost.exe -k Akamai
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe
C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Logitech\Gaming Software\LWEMon.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\PeerBlock\peerblock.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Users\dave\Local Settings\Apps\F.lux\flux.exe
C:\Users\dave\AppData\Local\Google\Update\1.3.21.79\GoogleCrashHandler.exe
C:\Program Files (x86)\GamersFirst\LIVE!\Live.exe
C:\Program Files (x86)\MagicDisc\MagicDisc.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Logitech\SetPointG\SetPointII.exe
C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Users\dave\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dave\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dave\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dave\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dave\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dave\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dave\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Users\dave\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\ping.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\dave\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dave\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dave\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [Google Update] "C:\Users\dave\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe
uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
uRun: [F.lux] "C:\Users\dave\Local Settings\Apps\F.lux\flux.exe" /noshow
mRun: [TaskTray]
mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun: [AsioThk32Reg] REGSVR32.EXE /S CTASIO.DLL
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
StartupFolder: C:\Users\dave\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MAGICD~1.LNK - C:\Program Files (x86)\MagicDisc\MagicDisc.exe
StartupFolder: C:\Users\dave\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\GAMERS~1.LNK - C:\Program Files (x86)\GamersFirst\LIVE!\Live.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
LSP: mswsock.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/s ... wflash.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{8A5B7EA7-69C6-4D61-9707-E019645F8BC7} : DhcpNameServer = 192.168.0.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
SubSystems: Windows = basesrv,1 winsrv:UserServerDllInitialization,3 consrv:ConServerDllInitialization,2 sxssrv,4
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
BHO-X64: Increase performance and video formats for your HTML5 <video> - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Skype Plug-In: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO-X64: SkypeIEPluginBHO - No File
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun-x64: [TaskTray]
mRun-x64: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun-x64: [AsioThk32Reg] REGSVR32.EXE /S CTASIO.DLL
mRun-x64: [CTxfiHlp] CTXFIHLP.EXE
mRun-x64: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
mRun-x64: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
IE-X64: {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Users\dave\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\dave\AppData\Roaming\Mozilla\Firefox\Profiles\sp6bf1ab.default\
FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordext.dll
FF - component: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\components\nprpffbrowserrecordlegacyext.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
FF - plugin: C:\Program Files (x86)\Veetle\Player\npvlc.dll
FF - plugin: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\Users\dave\AppData\Local\Google\Update\1.3.21.69\npGoogleUpdate3.dll
FF - plugin: C:\Users\dave\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - Ext: DivX Plus Web Player HTML5 &lt;video&gt;: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
.
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 20992]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 cpuz134;cpuz134;\??\C:\Windows\system32\drivers\cpuz134_x64.sys --> C:\Windows\system32\drivers\cpuz134_x64.sys [?]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-10-28 366152]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;C:\Windows\system32\DRIVERS\ManyCam_x64.sys --> C:\Windows\system32\DRIVERS\ManyCam_x64.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
R3 pbfilter;pbfilter;C:\Program Files\PeerBlock\pbfilter.sys [2010-12-9 24176]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\system32\drivers\viahduaa.sys --> C:\Windows\system32\drivers\viahduaa.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 Abyssus;Razer Abyssus;C:\Windows\system32\drivers\Abyssus.sys --> C:\Windows\system32\drivers\Abyssus.sys [?]
S3 COMMONFX;COMMONFX;C:\Windows\system32\drivers\COMMONFX.SYS --> C:\Windows\system32\drivers\COMMONFX.SYS [?]
S3 CTAUDFX;CTAUDFX;C:\Windows\system32\drivers\CTAUDFX.SYS --> C:\Windows\system32\drivers\CTAUDFX.SYS [?]
S3 CTERFXFX;CTERFXFX;C:\Windows\system32\drivers\CTERFXFX.SYS --> C:\Windows\system32\drivers\CTERFXFX.SYS [?]
S3 CTSBLFX;CTSBLFX;C:\Windows\system32\drivers\CTSBLFX.SYS --> C:\Windows\system32\drivers\CTSBLFX.SYS [?]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Users\dave\Downloads\RealTemp_360\WinRing0x64.sys [2008-7-26 14544]
.
=============== Created Last 30 ================
.
2011-10-30 00:36:17 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E0CDDDB8-1D22-418C-B804-3EEE5E64619A}\offreg.dll
2011-10-29 03:25:11 -------- d-----w- C:\Users\dave\AppData\Roaming\Malwarebytes
2011-10-29 03:24:55 -------- d-----w- C:\ProgramData\Malwarebytes
2011-10-29 03:24:51 25416 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-10-29 03:24:51 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-10-29 01:29:49 8570192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E0CDDDB8-1D22-418C-B804-3EEE5E64619A}\mpengine.dll
2011-10-27 17:41:08 175104 ----a-w- C:\Windows\SysWow64\SNx57.com_
2011-10-26 20:20:20 -------- d-----w- C:\Users\dave\AppData\Roaming\Ugdiy
2011-10-26 20:20:20 -------- d-----w- C:\Users\dave\AppData\Roaming\Ohwu
2011-10-26 07:14:03 -------- d-----we C:\Windows\system64
2011-10-25 18:36:37 -------- d-----w- C:\Users\dave\AppData\Local\Rockstar Games
2011-10-18 01:40:43 -------- d-----w- C:\Program Files (x86)\SopCast
2011-10-17 04:37:48 167936 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{1B3A8AE1-15B0-4472-A22B-99BA0C2A8D3D}-Keygen.exe
2011-10-17 04:35:15 -------- d-----w- C:\Users\dave\AppData\Roaming\ChessBase
2011-10-17 04:35:08 -------- d-----w- C:\Users\dave\AppData\Local\ChessBase
2011-10-17 04:34:55 167936 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{8A771CEF-7D74-4A77-A143-25518EFBDCBA}-Keygen.exe
2011-10-17 04:33:35 167936 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{A2554253-1712-460A-B296-9CD48B9BA113}-Keygen.exe
2011-10-17 04:33:00 167936 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{F160E348-FD7D-4330-B5A9-E53D23BB4228}-Keygen.exe
2011-10-17 04:32:02 -------- d-----w- C:\ProgramData\ChessBase
2011-10-17 04:32:02 -------- d-----w- C:\Program Files (x86)\Common Files\ChessBase
2011-10-12 22:58:07 -------- d-----w- C:\Users\dave\AppData\Roaming\mm
2011-10-12 16:57:18 388096 ----a-r- C:\Users\dave\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-10-12 16:57:16 -------- d-----w- C:\Program Files (x86)\Trend Micro
2011-10-12 16:44:27 -------- d-----w- C:\Users\dave\AppData\Local\Chromium
2011-10-12 16:44:04 -------- d-----w- C:\Users\dave\AppData\Local\Ubisoft Game Launcher
2011-10-12 16:41:51 -------- d-----w- C:\Users\dave\AppData\Roaming\Might & Magic Heroes VI
2011-10-12 00:43:59 2309120 ----a-w- C:\Windows\System32\jscript9.dll
2011-10-12 00:43:59 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-10-12 00:43:58 887296 ----a-w- C:\Program Files\Internet Explorer\iedvtool.dll
2011-10-12 00:43:58 678912 ----a-w- C:\Program Files (x86)\Internet Explorer\iedvtool.dll
2011-10-11 23:07:04 3138048 ----a-w- C:\Windows\System32\win32k.sys
2011-10-11 23:07:03 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax
2011-10-11 23:07:03 613888 ----a-w- C:\Windows\System32\psisdecd.dll
2011-10-11 23:07:02 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll
2011-10-11 23:07:02 108032 ----a-w- C:\Windows\System32\psisrndr.ax
2011-10-11 23:06:40 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2011-10-11 23:06:40 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2011-10-11 23:06:40 331776 ----a-w- C:\Windows\System32\oleacc.dll
2011-10-11 23:06:40 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
2011-10-11 22:47:58 -------- d-----w- C:\Program Files (x86)\AMD APP
2011-10-11 22:43:41 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2011-10-11 22:43:40 18534912 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2011-10-11 22:43:36 151552 ----a-w- C:\Windows\System32\atiapfxx.exe
2011-10-11 22:43:30 10203648 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2011-10-11 22:43:19 3888640 ----a-w- C:\Windows\System32\atiumd6a.dll
2011-10-11 22:43:18 466944 ----a-w- C:\Windows\System32\ATIDEMGX.dll
2011-10-11 22:43:06 5428736 ----a-w- C:\Windows\System32\atiumd64.dll
2011-10-11 22:43:02 4204032 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2011-10-11 22:43:01 310784 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2011-10-11 22:43:00 54784 ----a-w- C:\Windows\System32\atimpc64.dll
2011-10-11 22:43:00 54784 ----a-w- C:\Windows\System32\amdpcom64.dll
2011-10-11 22:41:58 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll
2011-10-11 22:41:58 21504 ----a-w- C:\Windows\System32\atimuixx.dll
2011-10-11 22:41:58 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2011-10-11 22:41:57 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2011-10-11 22:41:57 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2011-10-11 22:41:57 423424 ----a-w- C:\Windows\System32\atipdl64.dll
2011-10-11 22:41:54 4064768 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2011-10-11 22:41:52 15360 ----a-w- C:\Windows\System32\atig6pxx.dll
2011-10-11 22:41:48 4289024 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2011-10-11 22:41:47 8723456 ----a-w- C:\Windows\System32\aticaldd64.dll
2011-10-11 22:41:46 53760 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2011-10-11 22:41:46 53760 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2011-10-11 22:41:44 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2011-10-11 00:37:31 917840 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F715EEE6-5CD4-466E-B552-8DCC1633A8C9}\gapaengine.dll
2011-10-10 04:56:07 -------- d-----w- C:\Users\dave\AppData\Roaming\IObit
2011-10-10 04:55:56 -------- d-----w- C:\Program Files (x86)\IObit
2011-10-03 06:26:48 -------- d-----w- C:\Program Files (x86)\Boxee
2011-10-03 01:55:56 -------- d-----w- C:\Users\dave\AppData\Roaming\com.tametick.CardinalQuest
2011-10-03 01:55:53 -------- d-----w- C:\Program Files (x86)\cardinalquest
2011-10-03 01:53:42 -------- d-----w- C:\Users\dave\AppData\Local\Adobe
.
==================== Find3M ====================
.
2011-10-30 00:46:52 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-11 22:43:41 38912 ----a-w- C:\Windows\System32\atiu9p64.dll
2011-10-11 22:43:33 7331840 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2011-10-11 22:43:32 58880 ----a-w- C:\Windows\System32\coinst.dll
2011-10-11 22:43:02 4944896 ----a-w- C:\Windows\System32\atidxx64.dll
2011-10-11 22:43:00 13312 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2011-10-11 22:43:00 13312 ----a-w- C:\Windows\System32\atiglpxx.dll
2011-10-11 22:42:54 24229376 ----a-w- C:\Windows\System32\atio6axx.dll
2011-10-11 22:42:52 1828864 ----a-w- C:\Windows\SysWow64\atiumdmv.dll
2011-10-11 22:42:46 732672 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2011-10-11 22:42:43 31744 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2011-10-11 22:42:33 1113088 ----a-w- C:\Windows\System32\atiumd6v.dll
2011-10-11 22:42:29 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2011-10-11 22:42:25 356352 ----a-w- C:\Windows\SysWow64\atipdlxx.dll
2011-10-11 22:42:24 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2011-10-11 22:42:12 486912 ----a-w- C:\Windows\System32\atieclxx.exe
2011-10-11 22:42:06 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2011-10-11 22:42:06 39936 ----a-w- C:\Windows\System32\atig6txx.dll
2011-10-11 22:42:06 204288 ----a-w- C:\Windows\System32\atiesrxx.exe
2011-10-11 22:41:56 270336 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2011-10-11 22:41:54 29184 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2011-10-11 22:41:50 40960 ----a-w- C:\Windows\System32\atiuxp64.dll
2011-10-11 22:41:46 381952 ----a-w- C:\Windows\System32\atiadlxx.dll
2011-10-11 22:41:46 32768 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2011-10-11 22:41:45 862720 ----a-w- C:\Windows\System32\aticfx64.dll
2011-10-10 18:53:27 281656 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2011-10-10 18:53:27 281656 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2011-10-03 11:06:03 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-09-14 17:47:42 60416 ----a-w- C:\Windows\System32\OVDecode64.dll
2011-09-14 17:47:40 53760 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2011-09-14 17:47:10 16652288 ----a-w- C:\Windows\System32\amdocl64.dll
2011-09-14 17:46:58 13625856 ----a-w- C:\Windows\SysWow64\amdocl.dll
2011-09-14 17:38:30 44032 ----a-w- C:\Windows\System32\amdoclcl64.dll
2011-09-14 17:38:28 37376 ----a-w- C:\Windows\SysWow64\amdoclcl.dll
2011-09-01 05:17:57 1389056 ----a-w- C:\Windows\System32\wininet.dll
2011-09-01 05:12:04 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-09-01 02:28:15 1126912 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-09-01 02:22:54 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-08-29 21:44:50 466520 ----a-w- C:\Windows\System32\wrap_oal.dll
2011-08-29 21:44:50 445016 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2011-08-29 21:44:50 123480 ----a-w- C:\Windows\System32\OpenAL32.dll
2011-08-29 21:44:50 109144 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2011-08-24 23:45:39 231440 ----a-w- C:\Windows\System32\drivers\AtihdW76.sys
.
============= FINISH: 19:07:10.17 ===============
sgf909
Active Member
 
Posts: 4
Joined: October 29th, 2011, 9:09 pm
Advertisement
Register to Remove

Re: possible browser hijack help please

Unread postby deltalima » October 31st, 2011, 5:14 pm

Checking your log - back soon.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: possible browser hijack help please

Unread postby deltalima » October 31st, 2011, 5:18 pm

Hi sgf909,

Welcome to the forum.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Please note the following:
  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please do not run any scans or make any changes to the system unless I ask you too.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • If after 3 days you have not responded to this topic, it will be closed, and you will need to start a new one.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

Please Note:
The programs I ask you to run need to be run in Administrator Mode by... Right clicking the program file and selecting: Run as Administrator.
Additionally, the built-in User Account Control (UAC) utility, if enabled, may prompt you for permission to run the program.
When prompted, please select: Allow. Reference: User Account Control (UAC) and Running as Administrator

Rootkit Warning

Your computer has multiple infections, including a rootkit.
A rootkit is a set of software tools intended for concealing running processes, files or system data from the operating system.

The rootkit in question is name Zero Access and can be dificult to remove, sometimes needing a reformat.

You are strongly advised to do the following:
  1. Disconnect the computer from the Internet and from any networked computers until it is cleaned.
  2. Call all your banks, financial institutions, credit card companies and inform them that you may be a victim of identity theft and put a watch on your accounts.
    If you don't mind the hassle, change all your account numbers.
  3. From a clean computer, change all your passwords
    (Internet login, your email address(es), financial accounts, PayPal, eBay, Amazon...any online activities you carry out which require a username and password).
    Do NOT change your passwords from this computer, the attacker can still get all the new passwords and transaction records.
  4. Back up all your important data except programs. The programs can be reinstalled back from the original disc or from the Net.

Due to its rootkit functionality, your computer is very likely to have been compromised and there is no way that it can be trusted again.
Many experts in the security community believe that once infected with this type of trojan, the best course of action would be to do a reformat and re-installation of the operating system (OS).
This decision will have to be made by you...

To help you understand more, please take some time to read the following articles:
When should I re-format and reinstall my OS
What are Remote Access Trojans and why are they dangerous
How do I respond to a possible identity theft and how do I prevent it
Back up and restore: frequently asked questions
Restoring your Vista-W7 backups ... Restoring your XP backups

Please let me know how you wish to proceed.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: possible browser hijack help please

Unread postby sgf909 » October 31st, 2011, 6:51 pm

Thanks for the help deltalima.

I did a clean install on my primary HD, but I also have a secondary HD for my media and games. Would it be best to reformat that HD as well?

I haven't noticed anything out of the ordinary so far.

Here is an updated DDS log just in case.


.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by dave at 16:37:19 on 2011-10-31
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4095.1949 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\SysWOW64\CtHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\sppsvc.exe
D:\Program Files (x86)\Steam\steam.exe
C:\Program Files\PeerBlock\peerblock.exe
C:\Users\dave\Local Settings\Apps\F.lux\flux.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\PROGRA~2\MAGICD~1\MAGICD~1.EXE
C:\Users\dave\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dave\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dave\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dave\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dave\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dave\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\dave\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dave\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [Google Update] "C:\Users\dave\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [PeerBlock] C:\Program Files\PeerBlock\peerblock.exe
uRun: [F.lux] "C:\Users\dave\Local Settings\Apps\F.lux\flux.exe" /noshow
mRun: [AsioThk32Reg] REGSVR32.EXE /S CTASIO.DLL
mRun: [CTHelper] CTHELPER.EXE
mRun: [CTxfiHlp] CTXFIHLP.EXE
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
dRun: [DevconDefaultDB] C:\Windows\system32\READREG /SILENT /FAIL=1
StartupFolder: C:\Users\dave\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MAGICD~1.LNK - C:\Program Files (x86)\MagicDisc\MagicDisc.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{AA364F1C-D65C-4F9F-9F21-2E56F57AF154} : DhcpNameServer = 192.168.0.1
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun-x64: [AsioThk32Reg] REGSVR32.EXE /S CTASIO.DLL
mRun-x64: [CTHelper] CTHELPER.EXE
mRun-x64: [CTxfiHlp] CTXFIHLP.EXE
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
============= SERVICES / DRIVERS ===============
.
R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-10-30 1153368]
R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?]
R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?]
R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\system32\DRIVERS\MpNWMon.sys --> C:\Windows\system32\DRIVERS\MpNWMon.sys [?]
R3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-4-27 288272]
R3 pbfilter;pbfilter;C:\Program Files\PeerBlock\pbfilter.sys [2011-10-30 24176]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2011-10-31 20:23:32 69000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F0EAB69B-737F-4766-8512-06543BECB49A}\offreg.dll
2011-10-31 20:23:29 8570192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F0EAB69B-737F-4766-8512-06543BECB49A}\mpengine.dll
2011-10-31 20:22:18 43520 ----a-w- C:\Windows\SysWow64\CmdLineExt03.dll
2011-10-31 05:41:05 77824 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\ctor.dll
2011-10-31 05:41:05 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\objectps.dll
2011-10-31 05:41:05 221184 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll
2011-10-31 05:41:05 221184 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\iuser.dll
2011-10-31 05:41:04 212992 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\engine\6\Intel 32\ILog.dll
2011-10-31 05:37:33 -------- d-----w- C:\Windows\_ISTMP1.DIR
2011-10-31 05:37:33 -------- d-----w- C:\_ISTMP1.DIR
2011-10-31 05:26:15 -------- d-----w- C:\BI
2011-10-31 05:25:27 306688 ----a-w- C:\Windows\IsUninst.exe
2011-10-31 05:22:02 255552 ----a-w- C:\Windows\SysWow64\drivers\mcdbus.sys
2011-10-31 05:22:02 255552 ----a-w- C:\Windows\System32\drivers\mcdbus.sys
2011-10-31 05:22:00 -------- d-----w- C:\Program Files (x86)\MagicDisc
2011-10-31 01:40:44 -------- d-----w- C:\Users\dave\AppData\Local\Apps
2011-10-31 00:43:54 -------- d-----w- C:\Program Files\PeerBlock
2011-10-30 23:44:04 -------- d-----w- C:\Program Files\ATI
2011-10-30 23:42:30 -------- d-----w- C:\Program Files\ATI Technologies
2011-10-30 23:38:43 159080 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10138.bin
2011-10-30 16:08:09 -------- d-----w- C:\Windows\SysWow64\Wat
2011-10-30 16:08:09 -------- d-----w- C:\Windows\System32\Wat
2011-10-30 16:00:45 -------- d-----w- C:\Windows\System32\SPReview
2011-10-30 16:00:22 -------- d-----w- C:\Windows\System32\EventProviders
2011-10-30 15:56:59 828416 ----a-w- C:\Windows\System32\MPSSVC.dll
2011-10-30 15:55:59 78720 ----a-w- C:\Windows\System32\drivers\HpSAMD.sys
2011-10-30 15:54:59 781312 ----a-w- C:\Windows\System32\wmdrmsdk.dll
2011-10-30 15:53:59 7168 ----a-w- C:\Windows\SysWow64\KBDINORI.DLL
2011-10-30 15:52:35 529408 ----a-w- C:\Windows\System32\wbemcomn.dll
2011-10-30 15:52:35 244736 ----a-w- C:\Program Files\Windows Portable Devices\sqmapi.dll
2011-10-30 15:52:32 244736 ----a-w- C:\Windows\System32\sqmapi.dll
2011-10-30 15:50:19 8570192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-10-30 15:34:32 -------- d-----w- C:\Windows\System32\appmgmt
2011-10-30 15:31:22 917840 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{2C90EDB5-3296-4449-827D-0EDB586ADF00}\gapaengine.dll
2011-10-30 15:25:45 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2011-10-30 15:25:45 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2011-10-30 15:25:36 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2011-10-30 15:25:30 -------- d-----w- C:\Program Files\Microsoft Security Client
2011-10-30 15:15:44 -------- d-----w- C:\Program Files (x86)\OpenOffice.org 3
2011-10-30 15:11:18 8570192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{FC6F398E-5B9F-41FE-A8BC-A49F8905C35E}\mpengine.dll
2011-10-30 15:11:18 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-10-30 15:09:57 2871808 ----a-w- C:\Windows\explorer.exe
2011-10-30 15:08:58 1359872 ----a-w- C:\Windows\System32\mfc42u.dll
2011-10-30 15:06:51 288640 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2011-10-30 15:05:45 -------- d-----w- C:\Users\dave\AppData\Local\Adobe
2011-10-30 15:05:16 -------- d-sh--w- C:\Windows\Installer
2011-10-30 15:04:53 -------- d-----w- C:\Users\dave\AppData\Local\Google
2011-10-30 14:58:58 0 ----a-w- C:\Windows\ativpsrm.bin
2011-10-30 14:56:29 86016 ----a-w- C:\Windows\SysWow64\cttele.dll
2011-10-30 14:56:29 431104 ----a-w- C:\Windows\System32\wrap_oal.dll
2011-10-30 14:56:29 409600 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2011-10-30 14:56:29 136192 ----a-w- C:\Windows\System32\OpenAL32.dll
2011-10-30 14:56:29 114688 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2011-10-30 14:56:01 -------- d-----w- C:\Windows\SysWow64\data
2011-10-30 14:55:57 -------- d-----w- C:\Windows\System32\data
2011-10-30 14:53:04 -------- d-----w- C:\Users\dave\AppData\Local\VirtualStore
2011-10-30 10:10:50 -------- d-----w- C:\Windows\Panther
2011-10-30 10:10:37 -------- d-sh--w- C:\Boot
2011-10-11 22:42:58 13312 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2011-10-11 22:41:58 278528 ----a-w- C:\Windows\SysWow64\Oemdspif.dll
.
==================== Find3M ====================
.
2011-10-30 16:17:30 175616 ----a-w- C:\Windows\System32\msclmd.dll
2011-10-30 16:17:30 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-10-30 15:05:57 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-10-11 22:44:04 18534912 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2011-10-11 22:42:54 24229376 ----a-w- C:\Windows\System32\atio6axx.dll
2011-10-11 22:41:59 21504 ----a-w- C:\Windows\System32\atimuixx.dll
2011-09-06 03:03:17 3138048 ----a-w- C:\Windows\System32\win32k.sys
2011-08-27 05:37:49 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2011-08-27 05:37:48 331776 ----a-w- C:\Windows\System32\oleacc.dll
2011-08-27 04:26:27 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2011-08-27 04:26:27 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
2011-08-17 05:26:46 613888 ----a-w- C:\Windows\System32\psisdecd.dll
2011-08-17 05:25:08 108032 ----a-w- C:\Windows\System32\psisrndr.ax
2011-08-17 04:24:12 465408 ----a-w- C:\Windows\SysWow64\psisdecd.dll
2011-08-17 04:19:27 75776 ----a-w- C:\Windows\SysWow64\psisrndr.ax
.
============= FINISH: 16:38:02.49 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 10/30/2011 8:52:32 AM
System Uptime: 10/30/2011 5:55:24 PM (23 hours ago)
.
Motherboard: ASUSTeK Computer INC. | | P5QL/EPU
Processor: Intel(R) Core(TM)2 Quad CPU Q9300 @ 2.50GHz | LGA775 | 3000/402mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 75 GiB total, 29.657 GiB free.
D: is FIXED (NTFS) - 932 GiB total, 494.077 GiB free.
E: is CDROM (CDFS)
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP10: 10/30/2011 5:57:36 PM - Windows Update
RP11: 10/30/2011 11:22:07 PM - Device Driver Package Install: MagicISO, Inc. Storage controllers
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Reader X (10.1.1)
Baldur's Gate
Baldur's Gate(TM) II - Throne of Bhaal (TM)
F.lux
Google Chrome
Java Auto Updater
Java(TM) 6 Update 29
MagicDisc 2.7.106
Microsoft Silverlight
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
OpenOffice.org 3.3
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Spybot - Search & Destroy
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
VLC media player 1.1.11
.
==== Event Viewer Messages From Past Week ========
.
10/30/2011 9:32:56 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID= ... 752CCA7094 Signature Type: AntiVirus Update Type: Full User: dave-PC\dave Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee2 Error description: The operation timed out
10/30/2011 9:32:56 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID= ... 752CCA7094 Signature Type: AntiVirus Update Type: Full User: dave-PC\dave Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee2 Error description: The operation timed out
10/30/2011 9:32:56 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID= ... 752CCA7094 Signature Type: AntiSpyware Update Type: Full User: dave-PC\dave Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee2 Error description: The operation timed out
10/30/2011 9:32:56 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID= ... 752CCA7094 Signature Type: AntiSpyware Update Type: Full User: dave-PC\dave Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee2 Error description: The operation timed out
10/30/2011 9:32:23 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID= ... 752CCA7094 Signature Type: AntiVirus Update Type: Full User: dave-PC\dave Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee2 Error description: The operation timed out
10/30/2011 9:32:23 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID= ... 752CCA7094 Signature Type: AntiVirus Update Type: Full User: dave-PC\dave Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee2 Error description: The operation timed out
10/30/2011 9:32:23 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID= ... 752CCA7094 Signature Type: AntiSpyware Update Type: Full User: dave-PC\dave Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee2 Error description: The operation timed out
10/30/2011 9:32:23 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID= ... 752CCA7094 Signature Type: AntiSpyware Update Type: Full User: dave-PC\dave Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072ee2 Error description: The operation timed out
10/30/2011 9:31:04 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID= ... 752CCA7094 Signature Type: AntiVirus Update Type: Full User: dave-PC\dave Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072f76 Error description: The requested header was not found
10/30/2011 9:31:04 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID= ... 752CCA7094 Signature Type: AntiVirus Update Type: Full User: dave-PC\dave Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072f76 Error description: The requested header was not found
10/30/2011 9:31:04 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID= ... 752CCA7094 Signature Type: AntiSpyware Update Type: Full User: dave-PC\dave Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072f76 Error description: The requested header was not found
10/30/2011 9:31:04 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 0.0.0.0 Update Source: Microsoft Malware Protection Center Update Stage: Search Source Path: http://go.microsoft.com/fwlink/?LinkID= ... 752CCA7094 Signature Type: AntiSpyware Update Type: Full User: dave-PC\dave Current Engine Version: Previous Engine Version: 0.0.0.0 Error code: 0x80072f76 Error description: The requested header was not found
10/30/2011 9:29:47 AM, Error: Service Control Manager [7023] -
10/30/2011 9:26:23 AM, Error: Service Control Manager [7023] - The Windows Modules Installer service terminated with the following error: The process cannot access the file because it is being used by another process.
10/30/2011 2:15:30 AM, Error: Service Control Manager [7023] - The Windows Time service terminated with the following error: The system cannot find the file specified.
10/30/2011 10:14:12 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
10/30/2011 10:10:22 AM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
10/30/2011 10:05:11 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft Visual C++ 2008 Service Pack 1 Redistributable Package (KB2538243).
.
==== End Of File ===========================


Thanks again for the help!
sgf909
Active Member
 
Posts: 4
Joined: October 29th, 2011, 9:09 pm

Re: possible browser hijack help please

Unread postby deltalima » November 1st, 2011, 9:32 am

Hi sgf909,

I did a clean install on my primary HD, but I also have a secondary HD for my media and games. Would it be best to reformat that HD as well?


Well the DDS log looks clean, but we need to do some more checks to make sure.

C:\Program Files (x86)\uTorrent\uTorrent.exe


Remove P2P Programs

  • I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.
  • Please read the Guidelines for P2P Programs where we explain why it's not a good idea to have them.
  • Note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

It is almost certain that the infection came from use of P2P programs, if you wish to continue to recieve help here you need to remove all P2P applications and undertake to not use them in future.

If you wish to continue.

MBRCheck

Please download MBRCheck.exe to your desktop.
  • Right click on MBRCheck.exe and select: Run as Administrator.
  • It will show a Black screen with some information.
  • if an unknown bootcode is found you will have further options available to you, at this time press N then press Enter twice.
  • If nothing unusual is found just press Enter
  • A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.
  • Please post the contents of that file in you're next reply.

Malwarebytes Anti-Malware

Please download Malwarebytes' Anti-Malware to your desktop.

  • Double-click mbam-setup.exe and select then follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please post that log in your next reply.
The log can also be found here:
  1. Launch Malwarebytes' Anti-Malware
  2. Click on the Logs radio tab.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: possible browser hijack help please

Unread postby sgf909 » November 1st, 2011, 1:37 pm

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Ultimate Edition
Windows Information: Service Pack 1 (build 7601), 64-bit
Base Board Manufacturer: ASUSTeK Computer INC.
BIOS Manufacturer: American Megatrends Inc.
System Manufacturer: System manufacturer
System Product Name: System Product Name
Logical Drives Mask: 0x0000003d

Kernel Drivers (total 168):
0x02A1F000 \SystemRoot\system32\ntoskrnl.exe
0x03008000 \SystemRoot\system32\hal.dll
0x00BB6000 \SystemRoot\system32\kdcom.dll
0x00C38000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x00C87000 \SystemRoot\system32\PSHED.dll
0x00C9B000 \SystemRoot\system32\CLFS.SYS
0x00CF9000 \SystemRoot\system32\CI.dll
0x00E9D000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00F41000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00F50000 \SystemRoot\system32\drivers\ACPI.sys
0x00FA7000 \SystemRoot\system32\drivers\WMILIB.SYS
0x00FB0000 \SystemRoot\system32\drivers\msisadrv.sys
0x00FBA000 \SystemRoot\system32\drivers\pci.sys
0x00FED000 \SystemRoot\system32\drivers\vdrvroot.sys
0x00E00000 \SystemRoot\System32\drivers\partmgr.sys
0x00E15000 \SystemRoot\system32\drivers\volmgr.sys
0x00E2A000 \SystemRoot\System32\drivers\volmgrx.sys
0x00E86000 \SystemRoot\system32\drivers\pciide.sys
0x00E8D000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x00DB9000 \SystemRoot\System32\drivers\mountmgr.sys
0x010C5000 \SystemRoot\system32\drivers\vmbus.sys
0x01101000 \SystemRoot\system32\drivers\winhv.sys
0x01115000 \SystemRoot\system32\drivers\atapi.sys
0x0111E000 \SystemRoot\system32\drivers\ataport.SYS
0x01148000 \SystemRoot\system32\drivers\amdxata.sys
0x01153000 \SystemRoot\system32\drivers\fltmgr.sys
0x0119F000 \SystemRoot\system32\drivers\fileinfo.sys
0x0124B000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01000000 \SystemRoot\System32\Drivers\msrpc.sys
0x01200000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01459000 \SystemRoot\System32\Drivers\cng.sys
0x014CB000 \SystemRoot\System32\drivers\pcw.sys
0x014DC000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x014E6000 \SystemRoot\system32\drivers\ndis.sys
0x0105E000 \SystemRoot\system32\drivers\NETIO.SYS
0x01400000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x016F1000 \SystemRoot\System32\drivers\tcpip.sys
0x018F5000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x0193F000 \SystemRoot\system32\drivers\vmstorfl.sys
0x0194F000 \SystemRoot\system32\drivers\volsnap.sys
0x0199B000 \SystemRoot\System32\Drivers\spldr.sys
0x019A3000 \SystemRoot\System32\drivers\rdyboost.sys
0x019DD000 \SystemRoot\System32\Drivers\mup.sys
0x019EF000 \SystemRoot\System32\drivers\hwpolicy.sys
0x01600000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x0163A000 \SystemRoot\system32\DRIVERS\disk.sys
0x01650000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x016B6000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0x016E7000 \SystemRoot\System32\Drivers\Null.SYS
0x019F8000 \SystemRoot\System32\Drivers\Beep.SYS
0x0142B000 \SystemRoot\System32\drivers\vga.sys
0x015D9000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x01439000 \SystemRoot\System32\drivers\watchdog.sys
0x01449000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x0121B000 \SystemRoot\system32\drivers\rdpencdd.sys
0x01224000 \SystemRoot\system32\drivers\rdprefmp.sys
0x0122D000 \SystemRoot\System32\Drivers\Msfs.SYS
0x01238000 \SystemRoot\System32\Drivers\Npfs.SYS
0x011B3000 \SystemRoot\system32\DRIVERS\tdx.sys
0x013EE000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x0400E000 \SystemRoot\system32\drivers\afd.sys
0x04097000 \SystemRoot\System32\DRIVERS\netbt.sys
0x040DC000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x040E5000 \SystemRoot\system32\DRIVERS\pacer.sys
0x0410B000 \SystemRoot\system32\DRIVERS\netbios.sys
0x0411A000 \SystemRoot\system32\DRIVERS\serial.sys
0x04137000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x04152000 \SystemRoot\system32\drivers\termdd.sys
0x04166000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x041B7000 \SystemRoot\system32\drivers\nsiproxy.sys
0x041C3000 \SystemRoot\system32\drivers\mssmbios.sys
0x041CE000 \SystemRoot\System32\drivers\discache.sys
0x02CF0000 \SystemRoot\system32\drivers\csc.sys
0x02D73000 \SystemRoot\System32\Drivers\dfsc.sys
0x02D91000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x02DA2000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x02DC8000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x02C00000 \SystemRoot\system32\DRIVERS\atikmpag.sys
0x048C7000 \SystemRoot\system32\DRIVERS\atikmdag.sys
0x052D5000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x04800000 \SystemRoot\System32\drivers\dxgmms1.sys
0x04846000 \SystemRoot\system32\drivers\HDAudBus.sys
0x0486A000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x02C51000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x04877000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x04888000 \SystemRoot\system32\DRIVERS\Rt64win7.sys
0x0442C000 \SystemRoot\system32\drivers\ctaud2k.sys
0x044FD000 \SystemRoot\system32\drivers\portcls.sys
0x0453A000 \SystemRoot\system32\drivers\drmk.sys
0x0455C000 \SystemRoot\system32\drivers\ks.sys
0x0459F000 \SystemRoot\system32\drivers\ctoss2k.sys
0x045DA000 \SystemRoot\system32\drivers\ctprxy2k.sys
0x045E2000 \SystemRoot\system32\drivers\ksthunk.sys
0x045E8000 \SystemRoot\system32\DRIVERS\fdc.sys
0x04400000 \SystemRoot\system32\DRIVERS\parport.sys
0x0441D000 \SystemRoot\system32\DRIVERS\ASACPI.sys
0x048BA000 \SystemRoot\system32\DRIVERS\serenum.sys
0x053C9000 \SystemRoot\system32\drivers\CompositeBus.sys
0x053D9000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x02CA7000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x053EF000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x00C00000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x02CCB000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x02DDE000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x041DD000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x045F5000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x011D5000 \SystemRoot\system32\drivers\kbdclass.sys
0x011E4000 \SystemRoot\system32\drivers\mouclass.sys
0x04425000 \SystemRoot\system32\drivers\swenum.sys
0x00DD3000 \SystemRoot\system32\drivers\umbus.sys
0x0423F000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x04299000 \SystemRoot\system32\drivers\hap17v2k.sys
0x042E4000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0x06833000 \SystemRoot\system32\drivers\ha10kx2k.sys
0x042EF000 \SystemRoot\system32\drivers\emupia2k.sys
0x06800000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x04341000 \SystemRoot\system32\drivers\ctsfm2k.sys
0x0438B000 \SystemRoot\system32\COMMONFX.DLL
0x06A99000 \SystemRoot\system32\CTAUDFX.DLL
0x06B48000 \SystemRoot\system32\CTSBLFX.DLL
0x06A00000 \SystemRoot\system32\drivers\HdAudio.sys
0x06A5C000 \SystemRoot\System32\Drivers\crashdmp.sys
0x06A6A000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x06A76000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x06A7F000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x06815000 \SystemRoot\system32\drivers\USBSTOR.SYS
0x06A92000 \SystemRoot\system32\drivers\USBD.SYS
0x043B6000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x04200000 \SystemRoot\System32\Drivers\usbvideo.sys
0x043D3000 \SystemRoot\system32\drivers\usbaudio.sys
0x06BF3000 \SystemRoot\system32\drivers\HIDPARSE.SYS
0x069EC000 \SystemRoot\system32\drivers\hidusb.sys
0x01699000 \SystemRoot\system32\drivers\HIDCLASS.SYS
0x07200000 \SystemRoot\system32\drivers\cdrom.sys
0x0722A000 \SystemRoot\system32\drivers\kbdhid.sys
0x07238000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x00080000 \SystemRoot\System32\win32k.sys
0x07245000 \SystemRoot\System32\drivers\Dxapi.sys
0x07251000 \SystemRoot\system32\DRIVERS\monitor.sys
0x004F0000 \SystemRoot\System32\TSDDD.dll
0x00790000 \SystemRoot\System32\cdd.dll
0x0725F000 \SystemRoot\system32\drivers\luafv.sys
0x07282000 \SystemRoot\system32\drivers\WudfPf.sys
0x072A3000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x072B8000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x072D0000 \SystemRoot\system32\drivers\HTTP.sys
0x07399000 \SystemRoot\system32\DRIVERS\bowser.sys
0x073B7000 \SystemRoot\System32\drivers\mpsdrv.sys
0x073CF000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x070CB000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x07119000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x0713D000 \SystemRoot\system32\drivers\peauth.sys
0x071E3000 \SystemRoot\System32\Drivers\secdrv.SYS
0x07000000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x07031000 \SystemRoot\System32\drivers\tcpipreg.sys
0x07043000 \SystemRoot\System32\DRIVERS\srv2.sys
0x082E3000 \SystemRoot\System32\DRIVERS\srv.sys
0x0837B000 \SystemRoot\system32\DRIVERS\MpNWMon.sys
0x0838B000 \SystemRoot\system32\DRIVERS\NisDrvWFP.sys
0x08200000 \SystemRoot\System32\Drivers\fastfat.SYS
0x08236000 \SystemRoot\system32\drivers\spsys.sys
0x082A7000 \??\C:\Program Files\PeerBlock\pbfilter.sys
0x083A3000 \SystemRoot\system32\DRIVERS\mcdbus.sys
0x082B0000 \SystemRoot\system32\DRIVERS\SCSIPORT.SYS
0x083E0000 \SystemRoot\system32\DRIVERS\cdfs.sys
0x771C0000 \Windows\System32\ntdll.dll
0x478E0000 \Windows\System32\smss.exe
0xFF4E0000 \Windows\System32\apisetschema.dll

Processes (total 59):
0 System Idle Process
4 System
292 C:\Windows\System32\smss.exe
396 csrss.exe
468 C:\Windows\System32\wininit.exe
492 csrss.exe
536 C:\Windows\System32\winlogon.exe
580 C:\Windows\System32\services.exe
600 C:\Windows\System32\lsass.exe
608 C:\Windows\System32\lsm.exe
712 C:\Windows\System32\svchost.exe
780 C:\Windows\System32\svchost.exe
860 C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
940 C:\Windows\System32\atiesrxx.exe
980 C:\Windows\System32\svchost.exe
1012 C:\Windows\System32\svchost.exe
340 C:\Windows\System32\svchost.exe
1044 C:\Windows\System32\svchost.exe
1180 C:\Windows\System32\svchost.exe
1308 C:\Windows\System32\spoolsv.exe
1348 C:\Windows\System32\svchost.exe
1464 C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
1512 C:\Windows\System32\svchost.exe
1748 C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
1820 C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
2216 C:\Windows\System32\atieclxx.exe
2440 C:\Windows\System32\taskhost.exe
2548 C:\Windows\System32\dwm.exe
2560 C:\Windows\explorer.exe
2812 C:\Program Files\Microsoft Security Client\msseces.exe
3032 C:\Windows\SysWOW64\CtHelper.exe
3056 C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
1152 C:\Windows\System32\SearchIndexer.exe
2364 C:\Program Files\Windows Media Player\wmpnetwk.exe
2944 C:\Windows\System32\sppsvc.exe
3812 C:\Windows\System32\audiodg.exe
3712 D:\Program Files (x86)\Steam\steam.exe
4088 C:\Program Files\PeerBlock\peerblock.exe
3996 C:\Users\dave\AppData\Local\Apps\F.lux\flux.exe
2492 C:\Windows\System32\taskhost.exe
3328 C:\Windows\System32\svchost.exe
2112 C:\PROGRA~2\MAGICD~1\MAGICD~1.EXE
3360 C:\Users\dave\AppData\Local\Google\Chrome\Application\chrome.exe
1808 C:\Users\dave\AppData\Local\Google\Chrome\Application\chrome.exe
4276 C:\Windows\SysWOW64\rundll32.exe
5096 C:\Users\dave\AppData\Local\Google\Chrome\Application\chrome.exe
4456 C:\Users\dave\AppData\Local\Google\Chrome\Application\chrome.exe
4404 C:\Users\dave\AppData\Local\Google\Chrome\Application\chrome.exe
3412 C:\Users\dave\AppData\Local\Google\Chrome\Application\chrome.exe
4280 C:\Users\dave\AppData\Local\Google\Chrome\Application\chrome.exe
4356 C:\Windows\servicing\TrustedInstaller.exe
3772 C:\Users\dave\AppData\Local\Google\Chrome\Application\chrome.exe
3068 C:\Windows\System32\SearchProtocolHost.exe
4744 C:\Windows\System32\SearchFilterHost.exe
4664 C:\Users\dave\AppData\Local\Google\Chrome\Application\chrome.exe
5056 C:\Users\dave\AppData\Local\Google\Chrome\Application\chrome.exe
5032 C:\Users\dave\Desktop\MBRCheck.exe
4172 C:\Windows\System32\conhost.exe
4724 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (NTFS)
\\.\D: --> \\.\PhysicalDrive1 at offset 0x00000000`00100000 (NTFS)

PhysicalDrive0 Model Number: ST380815AS, Rev: 3.AAD
PhysicalDrive1 Model Number: HitachiHDS721010CLA332, Rev: JP4OA3EA

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
931 GB \\.\PhysicalDrive1 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Done!




Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8062

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

11/1/2011 11:36:14 AM
mbam-log-2011-11-01 (11-36-14).txt

Scan type: Quick scan
Objects scanned: 167697
Time elapsed: 1 minute(s), 33 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
sgf909
Active Member
 
Posts: 4
Joined: October 29th, 2011, 9:09 pm

Re: possible browser hijack help please

Unread postby deltalima » November 1st, 2011, 2:09 pm

Hi sgf909,

The logs appear clean.

Update your AntiVirus Software and keep your other programs up-to-date
Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system.
You can use one of these sites to check if any updates are needed for your pc.
Secunia Software Inspector
F-secure Health Check

Security Updates for Windows, Internet Explorer & Microsoft Office
Whenever a security problem in its software is found, Microsoft will usually create a patch so that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC. Keeping up with these patches will help to prevent malicious software being installed on your PC. Ensure you are registered for Windows updates via Start > right-click on My Computer > Properties > Automatic Updates tab or visit the Microsoft Update site on a regular basis.

Here are some additional utilities that will enhance your safety


Happy surfing and stay clean!
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK

Re: possible browser hijack help please

Unread postby deltalima » November 1st, 2011, 3:30 pm

As this issue appears to be resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
deltalima
Admin/Teacher
Admin/Teacher
 
Posts: 7614
Joined: February 28th, 2009, 4:38 pm
Location: UK
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 68 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware