Sign in to follow this  
trojanmana

I think I have a browser virus

Recommended Posts

Hi All,

First time poster. I believe I have some kind of malware, virus etc.


symptoms


1) Internet explorer randomly starts. I go to task bar and close it and it starts again.

2) randomly plays sound - commercials of some kind

3) takes me to random sites when i press on links. doesnt matter which browser i am using . chrome, firefox

4) something happened to all my start button shortcuts. it is empty



i've cleaned my computer with everything and IE is still popping up randomly even when i close it.

Share this post


Link to post
Share on other sites
Hi,

Download DDS and save it to your desktop from [url=http://download.bleepingcomputer.com/sUBs/dds.com][b][color=seagreen]here[/color][/b][/url] or [url=http://download.bleepingcomputer.com/sUBs/dds.scr][b][color=seagreen]here[/color][/b][/url] or [url=http://www.forospyware.com/sUBs/dds][b][color=seagreen]here[/color][/b][/url].
Disable any script blocker, and then double click [b]dds file [/b]to run the tool. [list]
[*]When done, DDS will open two (2) logs: [list=1]
[*] DDS.txt
[*] Attach.txt
[/list]
[*]Save both reports to your desktop. Post them back to your topic.
[/list]

Share this post


Link to post
Share on other sites
Hi,

Having antivirus protection disabled should be enough.

Share this post


Link to post
Share on other sites
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows 7 Ultimate Edition
Windows Information: Service Pack 1 (build 7601), 64-bit
Logical Drives Mask: 0x0000000d

Kernel Drivers (total 153):
0x02A1B000 \SystemRoot\system32\ntoskrnl.exe
0x03004000 \SystemRoot\system32\hal.dll
0x00BB6000 \SystemRoot\system32\kdcom.dll
0x00C0A000 \SystemRoot\system32\mcupdate_AuthenticAMD.dll
0x00C17000 \SystemRoot\system32\PSHED.dll
0x00C2B000 \SystemRoot\system32\CLFS.SYS
0x00C89000 \SystemRoot\system32\CI.dll
0x00D49000 \SystemRoot\system32\drivers\Wdf01000.sys
0x00DED000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x00E77000 \SystemRoot\system32\drivers\ACPI.sys
0x00ECE000 \SystemRoot\system32\drivers\WMILIB.SYS
0x00ED7000 \SystemRoot\system32\drivers\msisadrv.sys
0x00EE1000 \SystemRoot\system32\drivers\pci.sys
0x00F14000 \SystemRoot\system32\drivers\vdrvroot.sys
0x00F21000 \SystemRoot\System32\drivers\partmgr.sys
0x00F36000 \SystemRoot\system32\drivers\volmgr.sys
0x00F4B000 \SystemRoot\System32\drivers\volmgrx.sys
0x00FA7000 \SystemRoot\system32\drivers\viaide.sys
0x00FAF000 \SystemRoot\system32\drivers\PCIIDEX.SYS
0x00FBF000 \SystemRoot\system32\DRIVERS\videX64.sys
0x00FC7000 \SystemRoot\System32\drivers\mountmgr.sys
0x00E00000 \SystemRoot\system32\drivers\vmbus.sys
0x00E3C000 \SystemRoot\system32\drivers\winhv.sys
0x00E50000 \SystemRoot\system32\drivers\atapi.sys
0x010CE000 \SystemRoot\system32\drivers\ataport.SYS
0x010F8000 \SystemRoot\system32\DRIVERS\vsmraid.sys
0x01122000 \SystemRoot\system32\DRIVERS\storport.sys
0x01185000 \SystemRoot\system32\DRIVERS\viamrx64.sys
0x011B0000 \SystemRoot\system32\drivers\amdxata.sys
0x01000000 \SystemRoot\system32\drivers\fltmgr.sys
0x0104C000 \SystemRoot\system32\drivers\fileinfo.sys
0x01243000 \SystemRoot\System32\Drivers\Ntfs.sys
0x01060000 \SystemRoot\System32\Drivers\msrpc.sys
0x01200000 \SystemRoot\System32\Drivers\ksecdd.sys
0x01403000 \SystemRoot\System32\Drivers\cng.sys
0x01475000 \SystemRoot\System32\drivers\pcw.sys
0x01486000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x01490000 \SystemRoot\system32\drivers\ndis.sys
0x01583000 \SystemRoot\system32\drivers\NETIO.SYS
0x011BB000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x016E3000 \SystemRoot\System32\drivers\tcpip.sys
0x018E7000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x01931000 \SystemRoot\system32\drivers\vmstorfl.sys
0x01941000 \SystemRoot\system32\drivers\volsnap.sys
0x0198D000 \SystemRoot\System32\Drivers\spldr.sys
0x01995000 \SystemRoot\System32\drivers\rdyboost.sys
0x019CF000 \SystemRoot\System32\Drivers\mup.sys
0x01A28000 \SystemRoot\system32\DRIVERS\kl1.sys
0x02187000 \SystemRoot\System32\drivers\hwpolicy.sys
0x02190000 \SystemRoot\system32\DRIVERS\gagp30kx.sys
0x021A4000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x021DE000 \SystemRoot\system32\DRIVERS\disk.sys
0x01600000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x01630000 \SystemRoot\system32\drivers\cdrom.sys
0x0348F000 \SystemRoot\system32\DRIVERS\klif.sys
0x03525000 \SystemRoot\System32\Drivers\Null.SYS
0x0352E000 \SystemRoot\System32\Drivers\Beep.SYS
0x03535000 \SystemRoot\System32\drivers\vga.sys
0x03543000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x03568000 \SystemRoot\System32\drivers\watchdog.sys
0x03578000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x03581000 \SystemRoot\system32\drivers\rdpencdd.sys
0x0358A000 \SystemRoot\system32\drivers\rdprefmp.sys
0x03593000 \SystemRoot\System32\Drivers\Msfs.SYS
0x0359E000 \SystemRoot\System32\Drivers\Npfs.SYS
0x035AF000 \SystemRoot\system32\DRIVERS\tdx.sys
0x035D1000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x035DE000 \SystemRoot\system32\DRIVERS\kl2.sys
0x03400000 \SystemRoot\system32\drivers\afd.sys
0x0165A000 \SystemRoot\System32\DRIVERS\netbt.sys
0x035E5000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x01A00000 \SystemRoot\system32\DRIVERS\pacer.sys
0x035EE000 \SystemRoot\system32\DRIVERS\klim6.sys
0x0169F000 \SystemRoot\system32\DRIVERS\netbios.sys
0x016AE000 \SystemRoot\system32\DRIVERS\serial.sys
0x019E1000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x016CB000 \SystemRoot\system32\drivers\termdd.sys
0x044D2000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x04523000 \SystemRoot\system32\drivers\nsiproxy.sys
0x0452F000 \SystemRoot\system32\drivers\mssmbios.sys
0x0453A000 \SystemRoot\System32\drivers\discache.sys
0x04549000 \SystemRoot\system32\drivers\csc.sys
0x045CC000 \SystemRoot\System32\Drivers\dfsc.sys
0x045EA000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x04400000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x050A5000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x05B69000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x04210000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x04304000 \SystemRoot\System32\drivers\dxgmms1.sys
0x0434A000 \SystemRoot\system32\drivers\1394ohci.sys
0x04388000 \SystemRoot\system32\DRIVERS\yk62x64.sys
0x043ED000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0x04200000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x05B6B000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x05BC1000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x05BD2000 \SystemRoot\system32\drivers\i8042prt.sys
0x05BF0000 \SystemRoot\system32\drivers\kbdclass.sys
0x05000000 \SystemRoot\system32\DRIVERS\fdc.sys
0x0500D000 \SystemRoot\system32\DRIVERS\parport.sys
0x0502A000 \SystemRoot\system32\DRIVERS\serenum.sys
0x05036000 \SystemRoot\system32\drivers\ac97via.sys
0x0505E000 \SystemRoot\system32\drivers\portcls.sys
0x04426000 \SystemRoot\system32\drivers\drmk.sys
0x04448000 \SystemRoot\system32\drivers\ks.sys
0x043FA000 \SystemRoot\system32\drivers\ksthunk.sys
0x0448B000 \SystemRoot\system32\DRIVERS\amdk8.sys
0x044A2000 \SystemRoot\system32\drivers\CompositeBus.sys
0x044B2000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x0121B000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x021F4000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x04644000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x04673000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x0468E000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x046AF000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x046C9000 \SystemRoot\system32\DRIVERS\rdpbus.sys
0x046D4000 \SystemRoot\system32\drivers\mouclass.sys
0x046E3000 \SystemRoot\system32\drivers\swenum.sys
0x046E5000 \SystemRoot\system32\drivers\umbus.sys
0x046F7000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x04751000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0x0475C000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x04771000 \SystemRoot\system32\DRIVERS\udfs.sys
0x047C6000 \SystemRoot\system32\drivers\hidusb.sys
0x047D4000 \SystemRoot\system32\drivers\HIDCLASS.SYS
0x047ED000 \SystemRoot\system32\drivers\HIDPARSE.SYS
0x047F6000 \SystemRoot\system32\drivers\USBD.SYS
0x04600000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x00090000 \SystemRoot\System32\win32k.sys
0x0461B000 \SystemRoot\System32\drivers\Dxapi.sys
0x04627000 \SystemRoot\system32\DRIVERS\monitor.sys
0x004B0000 \SystemRoot\System32\TSDDD.dll
0x00650000 \SystemRoot\System32\cdd.dll
0x00950000 \SystemRoot\System32\ATMFD.DLL
0x02A4D000 \SystemRoot\system32\drivers\luafv.sys
0x02A70000 \SystemRoot\system32\drivers\WudfPf.sys
0x02A91000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x02AA6000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x02ABE000 \SystemRoot\system32\drivers\HTTP.sys
0x02B87000 \SystemRoot\system32\DRIVERS\bowser.sys
0x02BA5000 \SystemRoot\System32\drivers\mpsdrv.sys
0x02BBD000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x03A1E000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x03A6C000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x03A90000 \SystemRoot\system32\drivers\peauth.sys
0x03B36000 \SystemRoot\System32\Drivers\secdrv.SYS
0x03B41000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x03B72000 \SystemRoot\System32\drivers\tcpipreg.sys
0x03B84000 \SystemRoot\System32\DRIVERS\srv2.sys
0x04CCE000 \SystemRoot\System32\DRIVERS\srv.sys
0x04D66000 \SystemRoot\system32\drivers\spsys.sys
0x76D40000 \Windows\System32\ntdll.dll
0x48380000 \Windows\System32\smss.exe
0xFF060000 \Windows\System32\apisetschema.dll

Processes (total 46):
0 System Idle Process
4 System
376 C:\Windows\System32\smss.exe
464 csrss.exe
520 C:\Windows\System32\wininit.exe
532 csrss.exe
588 C:\Windows\System32\services.exe
596 C:\Windows\System32\lsass.exe
604 C:\Windows\System32\lsm.exe
672 C:\Windows\System32\winlogon.exe
788 C:\Windows\System32\svchost.exe
872 C:\Windows\System32\svchost.exe
988 C:\Windows\System32\svchost.exe
356 C:\Windows\System32\svchost.exe
480 C:\Windows\System32\svchost.exe
1120 C:\Windows\System32\svchost.exe
1256 C:\Windows\System32\svchost.exe
1504 C:\Windows\System32\spoolsv.exe
1544 C:\Windows\System32\svchost.exe
1568 C:\Windows\System32\taskhost.exe
1696 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
1792 C:\Program Files\Bonjour\mDNSResponder.exe
1880 C:\Windows\System32\lxbscoms.exe
2208 C:\Windows\System32\svchost.exe
2504 C:\Windows\System32\sppsvc.exe
2680 C:\Windows\System32\svchost.exe
2656 C:\Windows\System32\dwm.exe
3000 C:\Windows\explorer.exe
2164 C:\Program Files\Microsoft IntelliPoint\ipoint.exe
2296 C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
2752 C:\Program Files (x86)\Maxtor\OneTouch Status\MaxMenuMgr.exe
2016 C:\Program Files (x86)\Maxtor\Maxtor Quick Start\msssort.exe
2240 C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
956 C:\Program Files (x86)\iTunes\iTunesHelper.exe
3892 C:\Program Files\iPod\bin\iPodService.exe
3964 C:\Windows\System32\svchost.exe
3932 C:\Users\trojan\AppData\Local\Google\Chrome\Application\chrome.exe
2416 C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtblfs.exe
3564 C:\Program Files (x86)\AIM Toolbar\aimtbServer.exe
3536 C:\Windows\System32\audiodg.exe
2672 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
2708 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
528 dllhost.exe
740 dllhost.exe
3612 C:\Users\trojan\Downloads\MBRCheck.exe
3432 C:\Windows\System32\conhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)

PhysicalDrive0 Model Number: WDC WD1600JD-00GBB0, Rev: 02.0

Size Device Name MBR Status
--------------------------------------------
149 GB \\.\PhysicalDrive0 MBR Code Faked!
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

Done! Edited by trojanmana

Share this post


Link to post
Share on other sites
Hi,

Please download and run [url=http://download.bleepingcomputer.com/sUBs/Beta/dds.exe]this[/url]. Let the settings be as default and run. Post back the logs it creates.

Share this post


Link to post
Share on other sites
DDS (Ver_2011-09-30.01) - NTFS_AMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_23
Run by trojan at 11:48:56 on 2011-11-15
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.1023.157 [GMT -8:00]
.
AV: Kaspersky Internet Security *Disabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Kaspersky Internet Security *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
FW: Kaspersky Internet Security *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\lxbscoms.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Maxtor\OneTouch Status\MaxMenuMgr.exe
C:\Program Files (x86)\Maxtor\Maxtor Quick Start\msssort.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtblfs.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
c:\program files (x86)\aim toolbar\aimtbServer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\conhost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.msn.com
mStart Page = hxxp://www.msn.com
uURLSearchHooks: AOL Messaging Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
mURLSearchHooks: AOL Messaging Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
BHO: AOL Messaging Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
TB: AOL Messaging Toolbar: {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
TB: AOL Messaging Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [MusicManager] "C:\Users\trojan\AppData\Local\Programs\Google\MusicManager\MusicManager.exe"
uRun: [Google Update] "C:\Users\trojan\AppData\Local\Google\Update\GoogleUpdate.exe" /c
mRun: [mxomssmenu] "C:\Program Files (x86)\Maxtor\OneTouch Status\maxmenumgr.exe"
mRun: [mssSort] C:\Program Files (x86)\Maxtor\Maxtor Quick Start\msssort.exe
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} - hxxp://utilities.pcpitstop.com/DiskMD3/DiskMD3Ctrl.dll
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{18A8FB4E-82C2-444B-A306-2E3DAE03D657} : DHCPNameServer = 192.168.1.254
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll
x64-BHO: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\ievkbd.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll
x64-Run: [LXBSCATS] rundll32 C:\Windows\System32\spool\DRIVERS\x64\3\LXBStime.dll,RunDLLEntry
x64-Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtbbho.dll
.
INFO: x64-HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Notify: klogon - C:\Windows\System32\klogon.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
Hosts: 127.0.0.1 www.spywareinfoforum.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\trojan\AppData\Roaming\Mozilla\Firefox\Profiles\luw180xk.default\
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
FF - plugin: C:\Users\trojan\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 viamrx64;viamrx64;C:\Windows\System32\drivers\viamrx64.sys [2011-3-15 162928]
R0 videX64;videX64;C:\Windows\System32\drivers\videX64.sys [2010-2-11 15000]
R1 kl2;kl2;C:\Windows\System32\drivers\kl2.sys [2010-6-9 11864]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2010-4-22 27736]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-9-28 395264]
S?2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe -r --> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe -r [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2010-7-21 61288]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-4-28 704872]
S3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2009-11-2 22544]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2011-6-8 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-6-8 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2011-8-2 51712]
.
=============== File Associations ===============
.
FileExt: .bat: batfile=NOTEPAD.EXE %1
FileExt: .cmd: cmdfile=NOTEPAD.EXE %1
FileExt: .com: comfile=NOTEPAD.EXE %1
FileExt: .pif: piffile=NOTEPAD.EXE %1
FileExt: .txt: Applications\EXCEL.EXE="C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE" "%1" [UserChoice]
FileExt: .vbe: VBEFile=NOTEPAD.EXE %1
FileExt: .vbs: VBSFile=NOTEPAD.EXE %1
FileExt: .js: JSFile=NOTEPAD.EXE %1
FileExt: .jse: JSEFile=NOTEPAD.EXE %1
FileExt: .wsf: WSFFile=NOTEPAD.EXE %1
.
=============== Created Last 30 ================
.
11/15/2011 3:26 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5DB27C78-721E-47DF-A058-E2AF26913B90}\offreg.dll
11/14/2011 3:35 55384 ----a-w- C:\Windows\System32\drivers\SBREDrv.sys
11/14/2011 3:17 388096 ----a-r- C:\Users\trojan\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
11/14/2011 3:17 -------- d-----w- C:\Program Files (x86)\Trend Micro
11/12/2011 7:46 -------- d-----w- C:\Program Files\CCleaner
11/12/2011 7:44 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
11/12/2011 7:44 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
11/12/2011 7:42 -------- d-----w- C:\Program Files\SUPERAntiSpyware
11/11/2011 12:02 8570192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5DB27C78-721E-47DF-A058-E2AF26913B90}\mpengine.dll
11/9/2011 21:29 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll
11/9/2011 21:29 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
11/9/2011 21:29 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys
11/9/2011 21:29 3144704 ----a-w- C:\Windows\System32\win32k.sys
11/6/2011 9:44 -------- d-----w- C:\Program Files (x86)\Seagate
11/6/2011 9:10 -------- d-----w- C:\ProgramData\PCPitstop
11/6/2011 8:35 -------- d-----w- C:\Users\trojan\AppData\Roaming\QuickScan
11/4/2011 5:46 -------- d-----w- C:\Users\trojan\AppData\Local\AIM Toolbar
10/17/2011 2:55 18139008 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSO.DLL
.
==================== Find3M ====================
.
11/14/2011 0:53 1664 ----a-w- C:\Windows\System32\ASOROSet.bin
10/1/2011 3:25 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
10/1/2011 2:42 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
8/31/2011 6:05 96104 ----a-w- C:\Windows\System32\dns-sd.exe
8/31/2011 6:05 85864 ----a-w- C:\Windows\System32\dnssd.dll
8/31/2011 6:05 83816 ----a-w- C:\Windows\SysWow64\dns-sd.exe
8/31/2011 6:05 73064 ----a-w- C:\Windows\SysWow64\dnssd.dll
8/27/2011 5:37 861696 ----a-w- C:\Windows\System32\oleaut32.dll
8/27/2011 5:37 331776 ----a-w- C:\Windows\System32\oleacc.dll
8/27/2011 4:26 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
8/27/2011 4:26 233472 ----a-w- C:\Windows\SysWow64\oleacc.dll
8/20/2011 5:37 1188864 ----a-w- C:\Windows\System32\wininet.dll
8/20/2011 4:31 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
.
============= FINISH: 11:53:21.20 =============== Edited by trojanmana

Share this post


Link to post
Share on other sites
DDS (Ver_2011-09-30.01) - NTFS_AMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_23
Run by trojan at 19:18:50 on 2011-11-15
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.1023.423 [GMT -8:00]
.
AV: Kaspersky Internet Security *Disabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Kaspersky Internet Security *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
FW: Kaspersky Internet Security *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\lxbscoms.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Maxtor\OneTouch Status\MaxMenuMgr.exe
C:\Program Files (x86)\Maxtor\Maxtor Quick Start\msssort.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\x64\klwtblfs.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\taskhost.exe
c:\program files (x86)\aim toolbar\aimtbServer.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.msn.com
mStart Page = hxxp://www.msn.com
uURLSearchHooks: AOL Messaging Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
mURLSearchHooks: AOL Messaging Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
BHO: AOL Messaging Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll

TB: AOL Messaging Toolbar: {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll<span class="Apple-tab-span" style="white-space:pre">

Share this post


Link to post
Share on other sites
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-09-30.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 7/20/2010 3:15:17 PM
System Uptime: 11/14/2011 7:21:42 PM (24 hours ago)
.
Motherboard: ASUSTeK Computer Inc. | | K8VSEDX
Processor: AMD Athlon(tm) 64 Processor 3400+ | Socket 754 | 2403/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 149 GiB total, 94.351 GiB free.
D: is CDROM (UDF)
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: RAID Controller
Device ID: PCI\VEN_105A&DEV_3373&SUBSYS_80F51043&REV_02\3&267A616A&0&40
Manufacturer:
Name: RAID Controller
PNP Device ID: PCI\VEN_105A&DEV_3373&SUBSYS_80F51043&REV_02\3&267A616A&0&40
Service:
.
==== System Restore Points ===================
.
RP217: 11/9/2011 7:38:14 PM - Windows Update
RP218: 11/11/2011 3:00:37 AM - Windows Update
RP219: 11/11/2011 11:24:42 PM - Removed Windows Media Player Firefox Plugin
RP220: 11/13/2011 4:33:32 PM - Advanced System Optimizer - First Install
RP221: 11/13/2011 6:28:24 PM - Advanced System Optimizer - System Protector 11/13/2011 6:28:13 PM
RP222: 11/13/2011 7:15:46 PM - Installed HiJackThis
RP223: 11/13/2011 7:25:17 PM - Installed Ad-Aware
RP224: 11/13/2011 7:27:05 PM - Installed Ad-Aware
RP225: 11/14/2011 6:22:53 PM - Advanced System Optimizer
RP226: 11/14/2011 7:07:33 PM - Removed Ad-Aware
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.4.6
AIM 7
AOL Messaging Toolbar
Apple Application Support
Apple Mobile Device Support
Apple Software Update
BitLord 1.1
Bonjour
CCleaner
Definition update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Download Updater (AOL LLC)
Google Chrome
Google Update Helper
Google Updater
HiJackThis
iCloud
iTunes
Java Auto Updater
Java(TM) 6 Update 23
Kaspersky Internet Security 2011
Lexmark 810 Series
Maxtor Quick Start
Microsoft .NET Framework 1.1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft IntelliPoint 8.0
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MobileMe Control Panel
Mozilla Firefox 8.0 (x86 en-US)
MSVCRT
Music Manager
NVIDIA Drivers
Octoshape add-in for Adobe Flash Player
PerformanceTest v7.0
PerformanceTest v7.0 (64-bit)
Picasa 3
PVSonyDll
QuickTime
Safari
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft Excel 2010 (KB2553070)
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft SharePoint Workspace 2010 (KB2566445)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553455) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553323) 32-Bit Edition
Update for Microsoft Outlook Social Connector (KB2583935)
VLC media player 1.1.7
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Player Firefox Plugin
WinRAR archiver
.
==== Event Viewer Messages From Past Week ========
.
11/9/2011 1:45:44 PM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
11/14/2011 7:42:47 PM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume .
11/14/2011 7:24:37 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
11/14/2011 7:21:55 PM, Error: volmgr [46] - Crash dump initialization failed!
11/14/2011 7:21:51 PM, Error: Microsoft-Windows-Kernel-Processor-Power [6] - Some processor performance power management features have been disabled due to a known firmware problem. Check with the computer manufacturer for updated firmware.

11/14/2011 7:19:04 PM, Error: Service Control

Share this post


Link to post
Share on other sites
[color=#FF0000]Bitlord[/color]

Above listed ones are P2P file sharing programs. P2P downloads are nowadays one of those things that most likely bring infection into the system. My [b]recommendation is to uninstall these (and other if present) P2P file sharing programs[/b].


Download [url=http://public.avast.com/~gmerek/aswMBR.exe]aswMBR[/url] to your desktop. Double click the aswMBR.exe to run it
Click the Scan button to start scan

On completion of the scan click save log, save it to your desktop and post in your next reply.

Share this post


Link to post
Share on other sites
aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-11-15 22:32:10
-----------------------------
22:32:10.471 OS Version: Windows x64 6.1.7601 Service Pack 1
22:32:10.471 Number of processors: 1 586 0xC00
22:32:10.471 ComputerName: TROJAN-PC UserName: trojan
22:32:17.208 Initialize success
22:32:43.335 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005a
22:32:43.351 Disk 0 Vendor: WDC_WD16 02.0 Size: 152627MB BusType: 8
22:32:45.367 Disk 0 MBR read successfully
22:32:45.370 Disk 0 MBR scan
22:32:45.374 Disk 0 Windows 7 default MBR code
22:32:45.377 Service scanning
22:32:46.885 Service kl1 C:\Windows\system32\DRIVERS\kl1.sys **LOCKED** 5
22:32:46.890 Service kl2 C:\Windows\system32\DRIVERS\kl2.sys **LOCKED** 5
22:32:46.896 Service KLIM6 C:\Windows\system32\DRIVERS\klim6.sys **LOCKED** 5
22:32:46.928 Service klmouflt C:\Windows\system32\DRIVERS\klmouflt.sys **LOCKED** 5
22:32:48.478 Modules scanning
22:32:48.485 Disk 0 trace - called modules:
22:32:48.501 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa80021e7334]<<
22:32:48.506 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80021ba790]
22:32:48.515 3 CLASSPNP.SYS[fffff8800160143f] -> nt!IofCallDriver -> \Device\0000005a[0xfffffa80017379c0]
22:32:48.524 \Driver\viamrx64[0xfffffa800172c7f0] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xfffffa80021e7334
22:32:48.531 Scan finished successfully
22:33:36.544 Disk 0 MBR has been saved successfully to "\\MAXTORDRIVE\Videos\MBR.dat"
22:33:36.560 The log file has been saved successfully to "\\MAXTORDRIVE\Videos\aswMBR.txt"

Share this post


Link to post
Share on other sites
Please visit this webpage for download links, and instructions for running ComboFix tool:

[url]http://www.bleepingcomputer.com/combofix/how-to-use-combofix[/url]

[COLOR=Blue]Please ensure you read this guide carefully first.[/COLOR]

Please continue as follows:

[LIST=1]
[*][b]Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix[/b], [url=http://www.bleepingcomputer.com/forums/topic114351.html]link[/url]
Remember to re-enable them afterwards.


[*]Click [B]Yes[/B] to allow ComboFix to continue scanning for malware.
[/LIST]

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

[B]C:\ComboFix.txt
New dds log.[/B]

[COLOR=#ff0000][B]A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.[/B][/COLOR]

Share this post


Link to post
Share on other sites
ComboFix 11-11-15.06 - trojan 11/15/2011 23:43:05.1.1 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.1023.431 [GMT -8:00]
Running from: c:\users\trojan\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}
FW: Kaspersky Internet Security *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}
SP: Kaspersky Internet Security *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-10-16 to 2011-11-16 )))))))))))))))))))))))))))))))
.
.
2011-11-16 08:15 . 2011-11-16 08:15 -------- d-----w- c:\users\postgres\AppData\Local\temp
2011-11-16 08:15 . 2011-11-16 08:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-16 04:12 . 2011-11-10 00:09 18744 ----a-w- c:\windows\system32\roboot64.exe
2011-11-16 04:12 . 2010-10-06 20:25 16896 ----a-w- c:\windows\system32\sasnative64.exe
2011-11-16 04:11 . 2011-11-16 04:12 -------- d-----w- c:\program files (x86)\Advanced System Optimizer 3
2011-11-15 03:26 . 2011-11-15 03:26 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5DB27C78-721E-47DF-A058-E2AF26913B90}\offreg.dll
2011-11-14 03:35 . 2011-11-14 03:34 55384 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-11-14 03:28 . 2011-11-15 03:10 -------- d-----w- c:\programdata\Lavasoft
2011-11-14 03:17 . 2011-11-14 03:17 388096 ----a-r- c:\users\trojan\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-11-14 03:17 . 2011-11-14 03:17 -------- d-----w- c:\program files (x86)\Trend Micro
2011-11-12 07:46 . 2011-11-12 07:47 -------- d-----w- c:\program files\CCleaner
2011-11-12 07:44 . 2011-11-14 02:46 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy
2011-11-12 07:44 . 2011-11-14 02:46 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-11-12 07:42 . 2011-11-14 15:22 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-11-11 12:02 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5DB27C78-721E-47DF-A058-E2AF26913B90}\mpengine.dll
2011-11-09 21:29 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2011-11-09 21:29 . 2011-10-01 04:37 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2011-11-09 21:29 . 2011-09-29 16:29 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-11-09 21:29 . 2011-09-29 04:03 3144704 ----a-w- c:\windows\system32\win32k.sys
2011-11-06 09:44 . 2011-11-10 03:25 -------- d-----w- c:\program files (x86)\Seagate
2011-11-06 09:10 . 2011-11-10 03:25 -------- d-----w- c:\programdata\PCPitstop
2011-11-06 08:35 . 2011-11-06 08:36 -------- d-----w- c:\users\trojan\AppData\Roaming\QuickScan
2011-11-04 05:46 . 2011-11-04 05:46 -------- d-----w- c:\users\trojan\AppData\Local\AIM Toolbar
2011-10-18 10:06 . 2011-10-18 10:06 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-14 00:53 . 2010-08-09 01:10 1664 ----a-w- c:\windows\system32\ASOROSet.bin
2011-10-01 03:25 . 2011-10-12 13:58 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-10-01 02:42 . 2011-10-12 13:58 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-08-31 06:05 . 2011-08-31 06:05 96104 ----a-w- c:\windows\system32\dns-sd.exe
2011-08-31 06:05 . 2011-08-31 06:05 85864 ----a-w- c:\windows\system32\dnssd.dll
2011-08-31 06:05 . 2011-08-31 06:05 83816 ----a-w- c:\windows\SysWow64\dns-sd.exe
2011-08-31 06:05 . 2011-08-31 06:05 73064 ----a-w- c:\windows\SysWow64\dnssd.dll
2011-08-27 05:37 . 2011-10-12 13:57 861696 ----a-w- c:\windows\system32\oleaut32.dll
2011-08-27 05:37 . 2011-10-12 13:57 331776 ----a-w- c:\windows\system32\oleacc.dll
2011-08-27 04:26 . 2011-10-12 13:57 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2011-08-27 04:26 . 2011-10-12 13:57 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-08-20 05:37 . 2011-10-12 13:59 1188864 ----a-w- c:\windows\system32\wininet.dll
2011-08-20 04:31 . 2011-10-12 13:59 981504 ----a-w- c:\windows\SysWow64\wininet.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MSSOverlay]
@="{b75ab0c8-03d5-4592-9821-a48d54d66b14}"
[HKEY_CLASSES_ROOT\CLSID\{b75ab0c8-03d5-4592-9821-a48d54d66b14}]
8/26/2005 17:31 57344 ----a-w- c:\windows\System32\MssShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
msnmsgr="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]
MusicManager="c:\users\trojan\AppData\Local\Programs\Google\MusicManager\MusicManager.exe" [2011-06-15 12817920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
mxomssmenu="c:\program files (x86)\Maxtor\OneTouch Status\maxmenumgr.exe" [2005-10-06 57344]
mssSort="c:\program files (x86)\Maxtor\Maxtor Quick Start\msssort.exe" [2005-07-15 1335296]
AppleSyncNotifier="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240]
BCSSync="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
AVP="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe" [2010-12-11 352976]
APSDaemon="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
iTunesHelper="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-10 421736]
Adobe Reader Speed Launcher="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
ConsentPromptBehaviorAdmin= 0 (0x0)
ConsentPromptBehaviorUser= 3 (0x3)
EnableUIADesktopToggle= 0 (0x0)
PromptOnSecureDesktop= 0 (0x0)
.

[HKEY_L

Share this post


Link to post
Share on other sites
Hi,

Please attach the logs as files if you have difficulties to get them copy-pasted.

Share this post


Link to post
Share on other sites
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
AppInit_DLLs=c:\progra~2\KASPER~1\KASPER~2\mzvkbd3.dll c:\progra~2\KASPER~1\KASPER~2\sbhook.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
aux=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
TkBellExe="c:\program files (x86)\Common Files\Real\Update_OB\realsched.exe" -osboot
Adobe Reader Speed Launcher="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
Adobe ARM="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
QuickTime Task="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
iTunesHelper="c:\program files (x86)\iTunes\iTunesHelper.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
DisableMonitoring=dword:00000001
.
R2 ASO3DiskOptimizer;ASO3DiskOptimizer;c:\program files (x86)\Advanced System Optimizer 3\ASO3DefragSrv64.exe [2011-11-10 263480]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-20 136176]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-20 136176]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 viamrx64;viamrx64;c:\windows\system32\DRIVERS\viamrx64.sys [x]
S0 videX64;videX64;c:\windows\system32\DRIVERS\videX64.sys [x]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - ASWMBR
*Deregistered* - aswMBR
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-16 c:\windows\Tasks\ASO-AutoCheckUpdate7Days.job
- c:\program files (x86)\Advanced System Optimizer 3\CheckUpdate.exe [2011-11-16 00:08]
.
2011-11-15 c:\windows\Tasks\Google Software Updater.job
- c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-07-20 14:51]
.
2011-11-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-20 22:58]
.
2011-11-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-07-20 22:58]
.
2011-11-16 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1159727113-3215902153-4262205293-1000Core.job

- c:\users\trojan\AppData\Local\Google\Update\GoogleUpdate.exe [2010-07-20 22:47]

Share this post


Link to post
Share on other sites
Hi,

That ComboFix log isn't complete one. Please attach complete log as a file attachment if you can't copy-paste whole contents.

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this