1. TechSpot is dedicated to computer enthusiasts and power users. Ask a question and give support. Join the community here.
    TechSpot is dedicated to computer enthusiasts and power users.
    Ask a question and give support.
    Join the community here, it only takes a minute.
    Dismiss Notice

DNS redirect problem

By Kendra Owen · 4 replies
Jun 20, 2012
  1. ok here are the logs. (Note I will be starting another post on my own computer, mine is just sort of scheduled maintenance, this is my kids computer)

    MBAM log:

    Malwarebytes Anti-Malware (Trial)
    Database version: v2012.06.20.05
    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Chattanooga ChooChoo :: CHATTANOOGACHOO [administrator]
    Protection: Enabled
    6/20/2012 1:30:37 PM
    mbam-log-2012-06-20 (13-30-37).txt
    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 206789
    Time elapsed: 3 minute(s), 1 second(s)
    Memory Processes Detected: 1
    C:\Users\Chattanooga ChooChoo\AppData\Roaming\KB00166847.exe (Trojan.Agent.Gen) -> 3644 -> Delete on reboot.
    Memory Modules Detected: 1
    C:\Users\Chattanooga ChooChoo\AppData\Local\Apple\Adobe\mgxtn.dll (Trojan.Happili.XGen) -> Delete on reboot.
    Registry Keys Detected: 0
    (No malicious items detected)
    Registry Values Detected: 2
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Adobe (Trojan.Happili.XGen) -> Data: rundll32.exe "C:\Users\Chattanooga ChooChoo\AppData\Local\Apple\Adobe\mgxtn.dll",DllRegisterServer -> Quarantined and deleted successfully.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|KB00166847.exe (Trojan.Agent.Gen) -> Data: "C:\Users\Chattanooga ChooChoo\AppData\Roaming\KB00166847.exe" -> Quarantined and deleted successfully.
    Registry Data Items Detected: 0
    (No malicious items detected)
    Folders Detected: 0
    (No malicious items detected)
    Files Detected: 5
    C:\Users\Chattanooga ChooChoo\AppData\Local\Apple\Adobe\mgxtn.dll (Trojan.Happili.XGen) -> Delete on reboot.
    C:\Users\Chattanooga ChooChoo\AppData\Local\Temp\0.5048551764769318 (Trojan.Happili) -> Quarantined and deleted successfully.
    C:\Users\Chattanooga ChooChoo\AppData\Local\Temp\nsy7572.tmp\mgxtn.dll (Trojan.Happili.XGen) -> Quarantined and deleted successfully.
    C:\Users\Chattanooga ChooChoo\Local Settings\Temporary Internet Files\Content.IE5\DRNE1450\PDFReaderSetup_V3.exe (PUP.Adware.InstallCore) -> Quarantined and deleted successfully.
    C:\Users\Chattanooga ChooChoo\AppData\Roaming\KB00166847.exe (Trojan.Agent.Gen) -> Delete on reboot.
  2. Kendra Owen

    Kendra Owen TS Rookie Topic Starter

    No log generated by GMER
  3. Kendra Owen

    Kendra Owen TS Rookie Topic Starter


    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421
    Run by Chattanooga ChooChoo at 14:13:50 on 2012-06-20
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3894.2199 [GMT -5:00]
    AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    ============== Running Processes ===============
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Program Files\IDT\WDM\STacSV64.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
    C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files (x86)\Norton Internet Security\Engine\\ccSvcHst.exe
    C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe
    C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files (x86)\Norton Internet Security\Engine\\ccSvcHst.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\IDT\WDM\sttray64.exe
    C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
    C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
    C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
    C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    ============== Pseudo HJT Report ===============
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Engine\\coIEPlg.dll
    BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Engine\\IPS\IPSBHO.DLL
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Zoominto.IEPlugin.ZoomintoMain: {acdf77a9-9eda-407f-969f-b3bcbe3217d0} - mscoree.dll
    BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Engine\\coIEPlg.dll
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    uRun: [Facebook Update] "C:\Users\Chattanooga ChooChoo\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
    mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
    mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
    mRun: [<NO NAME>]
    mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
    mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
    mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    mRun: [ImgTask] C:\Windows\Imgtask.exe
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    StartupFolder: C:\Users\CHATTA~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-explorer: EnableShellExecuteHooks = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: HideFastUserSwitching = 0 (0x0)
    IE: Zoom Into - C:\Program Files (x86)\zoomintoIE\image.htm
    IE: Zoom Into\Contexts - 2 (0x2)
    IE: Zoom Into\Flags - 1 (0x1)
    IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    TCP: DhcpNameServer =
    TCP: Interfaces\{8CB6A3F3-E2D9-4BB7-99CA-82D482A4B2FE} : DhcpNameServer =
    TCP: Interfaces\{8CB6A3F3-E2D9-4BB7-99CA-82D482A4B2FE}\140707E414373702E45647 : DhcpNameServer =
    TCP: Interfaces\{8CB6A3F3-E2D9-4BB7-99CA-82D482A4B2FE}\A4A4654563 : DhcpNameServer =
    TCP: Interfaces\{8CB6A3F3-E2D9-4BB7-99CA-82D482A4B2FE}\E4544574541425 : DhcpNameServer =
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\\coIEPlg.dll
    BHO-X64: Symantec NCO BHO - No File
    BHO-X64: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\\IPS\IPSBHO.DLL
    BHO-X64: Symantec Intrusion Prevention - No File
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO-X64: Zoominto.IEPlugin.ZoomintoMain: {ACDF77A9-9EDA-407f-969F-B3BCBE3217D0} - mscoree.dll
    BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO-X64: SkypeIEPluginBHO - No File
    BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\\coIEPlg.dll
    TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    mRun-x64: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun-x64: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
    mRun-x64: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
    mRun-x64: [(Default)]
    mRun-x64: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
    mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
    mRun-x64: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    mRun-x64: [ImgTask] C:\Windows\Imgtask.exe
    mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
    ============= SERVICES / DRIVERS ===============
    R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1207020.003\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1207020.003\SYMDS64.SYS [?]
    R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1207020.003\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1207020.003\SYMEFA64.SYS [?]
    R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20120215.001\BHDrvx64.sys [2012-2-16 1157240]
    R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20120223.002\IDSviA64.sys [2012-2-25 488568]
    R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1207020.003\Ironx64.SYS [?]
    R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\NISx64\1207020.003\SYMNETS.SYS --> C:\Windows\system32\Drivers\NISx64\1207020.003\SYMNETS.SYS [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
    R2 ezSharedSvc;Easybits Services for Windows;C:\Windows\System32\ezSharedSvcHost.exe [2011-5-14 514232]
    R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-9-9 86072]
    R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-5 291896]
    R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-9-1 227896]
    R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-9 26680]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-12-30 13592]
    R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-12-30 2372096]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-6-20 654408]
    R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\\ccsvchst.exe [2012-6-11 130008]
    R2 RoxioNow Service;RoxioNow Service;C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe [2010-11-26 399344]
    R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-12-30 2320920]
    R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-2-5 138360]
    R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
    R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
    R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
    R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
    R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-25 136176]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-6 257696]
    S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-2 183560]
    S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-12-25 136176]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
    S3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\system32\DRIVERS\RtsPStor.sys --> C:\Windows\system32\DRIVERS\RtsPStor.sys [?]
    S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
    S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
    S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    =============== Created Last 30 ================
    2012-06-20 18:29:32 -------- d-----w- C:\Users\Chattanooga ChooChoo\AppData\Roaming\Malwarebytes
    2012-06-20 18:29:22 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-06-20 18:29:22 -------- d-----w- C:\ProgramData\Malwarebytes
    2012-06-20 18:29:22 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-06-19 20:44:31 -------- d--h--w- C:\Users\Chattanooga ChooChoo\AppData\Roaming\A7153A3A
    2012-06-19 14:07:21 2622464 ----a-w- C:\Windows\System32\wucltux.dll
    2012-06-19 14:06:55 99840 ----a-w- C:\Windows\System32\wudriver.dll
    2012-06-19 14:06:40 36864 ----a-w- C:\Windows\System32\wuapp.exe
    2012-06-19 14:06:40 186752 ----a-w- C:\Windows\System32\wuwebv.dll
    2012-06-16 02:16:27 -------- d-----w- C:\.jagex_cache_32
    2012-06-13 20:59:24 -------- d-----w- C:\Users\Chattanooga ChooChoo\AppData\Local\{1526BCF2-C1BF-4F5C-ABDF-100FABF73FE0}
    2012-06-13 20:59:14 -------- d-----w- C:\Users\Chattanooga ChooChoo\AppData\Local\{B62AB9BD-EA8E-47D4-86FB-21FA9AAD0B8E}
    2012-06-12 01:42:08 912504 ----a-w- C:\Windows\System32\drivers\NISx64\1207020.003\symefa64.sys
    2012-06-12 01:42:08 744568 ----a-w- C:\Windows\System32\drivers\NISx64\1207020.003\srtsp64.sys
    2012-06-12 01:42:08 450680 ----a-w- C:\Windows\System32\drivers\NISx64\1207020.003\symds64.sys
    2012-06-12 01:42:08 40568 ----a-w- C:\Windows\System32\drivers\NISx64\1207020.003\srtspx64.sys
    2012-06-12 01:42:08 386168 ----a-w- C:\Windows\System32\drivers\NISx64\1207020.003\symnets.sys
    2012-06-12 01:42:08 171128 ----a-w- C:\Windows\System32\drivers\NISx64\1207020.003\ironx64.sys
    2012-06-12 01:41:57 -------- d-----w- C:\Windows\System32\drivers\NISx64\1207020.003
    2012-06-02 22:56:34 -------- d-----w- C:\Users\Chattanooga ChooChoo\AppData\Local\{6F9F6BC9-0757-4E44-90C4-63BD89969AB2}
    2012-06-02 22:56:23 -------- d-----w- C:\Users\Chattanooga ChooChoo\AppData\Local\{A610CC8F-F651-4EBA-AA14-B04D7AF89B43}
    2012-05-25 17:08:26 -------- d-----w- C:\Users\Chattanooga ChooChoo\AppData\Local\{93AA77F9-3707-4871-A907-3C66C778F2B3}
    2012-05-25 17:08:16 -------- d-----w- C:\Users\Chattanooga ChooChoo\AppData\Local\{724AA0AF-7591-4295-903C-CBF684B79215}
    2012-05-21 20:57:41 -------- d-----w- C:\Users\Chattanooga ChooChoo\AppData\Local\{050981A3-8463-48D7-BF8E-C46A55ED68F0}
    2012-05-21 20:57:30 -------- d-----w- C:\Users\Chattanooga ChooChoo\AppData\Local\{ABB32854-397D-4F98-B7BA-0E69B853746F}
    ==================== Find3M ====================
    2012-05-18 02:06:48 2311680 ----a-w- C:\Windows\System32\jscript9.dll
    2012-05-18 01:59:14 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2012-05-18 01:58:39 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-05-18 01:55:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2012-05-18 01:51:30 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-05-17 22:45:37 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-05-17 22:35:47 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-05-17 22:35:39 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-05-17 22:29:45 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2012-05-17 22:24:45 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-05-15 01:32:33 3146752 ----a-w- C:\Windows\System32\win32k.sys
    2012-05-05 16:42:31 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-05-05 16:42:31 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-05-05 16:42:25 8769696 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
    2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2012-05-01 05:40:20 209920 ----a-w- C:\Windows\System32\profsvc.dll
    2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
    2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
    2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
    2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
    2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
    2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll
    2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll
    2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
    2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
    2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
    2012-04-07 12:31:40 3216384 ----a-w- C:\Windows\System32\msi.dll
    2012-04-07 11:26:29 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
    2012-03-30 11:35:47 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    ============= FINISH: 14:14:18.02 ===============
  4. Kendra Owen

    Kendra Owen TS Rookie Topic Starter


    DDS (Ver_2011-08-26.01)
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 12/25/2011 3:31:02 PM
    System Uptime: 6/20/2012 1:40:37 PM (1 hours ago)
    Motherboard: Hewlett-Packard | | 166A
    Processor: Intel(R) Core(TM) i3 CPU M 370 @ 2.40GHz | CPU | 1319/1066mhz
    ==== Disk Partitions =========================
    C: is FIXED (NTFS) - 452 GiB total, 395.754 GiB free.
    D: is FIXED (NTFS) - 14 GiB total, 1.551 GiB free.
    E: is CDROM ()
    ==== Disabled Device Manager Items =============
    ==== System Restore Points ===================
    RP46: 5/10/2012 8:42:06 PM - Scheduled Checkpoint
    RP47: 5/13/2012 9:56:52 AM - Windows Update
    RP48: 5/25/2012 5:53:26 PM - Scheduled Checkpoint
    RP49: 6/2/2012 8:33:58 PM - Scheduled Checkpoint
    RP50: 6/5/2012 3:00:13 AM - Windows Update
    RP51: 6/12/2012 10:38:20 AM - Scheduled Checkpoint
    RP53: 6/14/2012 9:07:40 AM - Windows Modules Installer
    RP54: 6/19/2012 9:06:18 AM - Windows Update
    ==== Installed Programs ======================
    Adobe Reader X (10.1.2) MUI
    Adobe Shockwave Player 11.6
    Agatha Christie - Peril at End House
    Apple Application Support
    Apple Software Update
    ArcSoft Print Creations
    ArcSoft Print Creations - Greeting Card
    Atheros Driver Installation Program
    Babysitting Mania
    Bejeweled 2 Deluxe
    Bejeweled 3
    Bing Bar
    Blackhawk Striker 2
    Blasterball 3
    Bounce Symphony
    Build-a-lot 2
    Cake Mania
    Chuzzle Deluxe
    Cisco EAP-FAST Module
    Cisco LEAP Module
    Cisco PEAP Module
    Cooking Academy
    Cooking Academy 2 - World Cuisine
    Crystal Maze
    CyberLink YouCam
    Daycare Nightmare Mini-Monsters
    Diner Dash 2 Restaurant Rescue
    Dora's World Adventure
    Dracula Twins
    Emerald City Confidential
    Energy Star Digital Logo
    ESU for Microsoft Windows 7 SP1
    Evernote v. 4.2.2
    Facebook Video Calling
    Farm Frenzy
    FATE - The Traitor Soul
    FATE: The Cursed King
    Garmin Communicator Plugin
    Garmin USB Drivers
    Google Chrome
    Google Earth
    Google Toolbar for Internet Explorer
    Google Update Helper
    Hewlett-Packard ACLM.NET v1.1.2.0
    House, MD
    HP Connection Manager
    HP Customer Experience Enhancements
    HP Deskjet 3050 J610 series Help
    HP Documentation
    HP Games
    HP MovieStore
    HP On Screen Display
    HP Photo Creations
    HP Power Manager
    HP Quick Launch
    HP Setup
    HP Setup Manager
    HP Software Framework
    HP Support Assistant
    HP Update
    IDT Audio
    Intel(R) Control Center
    Intel(R) Management Engine Components
    Intel(R) Processor Graphics
    Intel(R) Rapid Storage Technology
    Java Auto Updater
    Java(TM) 6 Update 22
    Java(TM) 6 Update 24
    Junk Mail filter update
    Mah Jong Medley
    Malwarebytes Anti-Malware version
    Matches and Matrimony
    McAfee Security Scan Plus
    Mesh Runtime
    Microsoft Office 2010
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft WSE 3.0 Runtime
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Mystery P.I. - Stolen in San Francisco
    Namco All-Stars PAC-MAN
    Nanny Mania
    Nanny Mania 2
    Norton Internet Security
    OpenOffice.org 3.3
    PDF Reader
    Penguins Arena
    Plants vs. Zombies - Game of the Year
    PlayReady PC Runtime x86
    Poker Superstars III
    Polar Bowler
    Polar Golfer
    Realtek Ethernet Controller Driver
    Realtek PCIE Card Reader
    Recovery Manager
    RollerCoaster Tycoon 3: Platinum
    RoxioNow Player
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Skype Click to Call
    Skype™ 5.5
    Slingo Supreme
    Super Granny
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update Installer for WildTangent Games App
    Virtual Families
    Virtual Villagers 2 - The Lost Children
    Virtual Villagers 4 - The Tree of Life
    Wedding Salon
    Wheel of Fortune 2
    WildTangent Games App (HP Games)
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Zuma Deluxe
    ==== Event Viewer Messages From Past Week ========
    6/20/2012 2:13:21 AM, Error: bowser [8003] - The master browser has received a server announcement from the computer OFFICEPC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{8CB6A3F3-E2D9-4BB7-99CA-82D482A4B2FE}. The master browser is stopping or an election is being forced.
    6/19/2012 11:20:15 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The machine-default permission settings do not grant Local Activation permission for the COM Server application with CLSID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} and APPID {9BA05972-F6A8-11CF-A442-00A0C90A8F39} to the user ChattanoogaChoo\Chattanooga ChooChoo SID (S-1-5-21-1741070854-1679116697-1677023947-1001) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
    6/17/2012 1:19:03 PM, Error: NetBT [4321] - The name "WORKGROUP :1d" could not be registered on the interface with IP address The computer with the IP address did not allow the name to be claimed by this computer.
    6/15/2012 11:36:52 AM, Error: Service Control Manager [7000] - The Google Update Service (gupdatem) service failed to start due to the following error: The pipe has been ended.
    6/15/2012 11:36:52 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "109" attempting to start the service gupdatem with arguments "/comsvc" in order to run the server: {E225E692-4B47-4777-9BED-4FD7FE257F0E}
    6/14/2012 9:07:32 AM, Error: volsnap [67] - The shadow copy of volume C: being created failed to install.
    ==== End Of File ===========================
  5. Broni

    Broni Malware Annihilator Posts: 53,287   +349

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.


    Download Bootkit Remover to your desktop.

    • Unzip downloaded file to your Desktop.
    • Double-click on boot_cleaner.exe to run the program (Vista/7 users,right click on boot_cleaner.exe and click Run As Administrator).
    • It will show a Black screen with some data on it.
    • Right click on the screen and click Select All.
    • Press CTRL+C
    • Open a Notepad and press CTRL+V
    • Post the output back here.


    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...