TechSpot

Firefox Redirects

Resolved
By Dougiebabe2003
Jul 21, 2011
  1. Hi,

    I'm an IT Engineer for a Uni and have been handed a laptop by a student.

    He came in showing me that google was telling him he had an infected PC and that it kept sending him to random pages.

    I have tried removing whatever virus/malware is on there using:

    Malwarebytes
    Spybot
    SUPERAnitSpyware
    HIs own Mcaffe program he already had

    I have tried running combofix but as the laptop is 64bit, won't run, nor will Sophos Anti-rootkit

    Malwarebytes found nothing, spybot found a couple of thigns (Cookies I believe) and SAS found 150 cookies but not the actual problem.

    It seems to only be happening in Firefox but I have only tried IE for a limited time.

    Any advice would be greatly recevied.

    Regards,

    Doug
     
  2. Dougiebabe2003

    Dougiebabe2003 TS Rookie Topic Starter

    Run 1 of Malware Bytes:

    Malwarebytes' Anti-Malware 1.51.1.1800
    www.malwarebytes.org

    Database version: 7219

    Windows 6.1.7601 Service Pack 1
    Internet Explorer 9.0.8112.16421

    21/07/2011 09:59:03
    mbam-log-2011-07-21 (09-59-03).txt

    Scan type: Full scan (C:\|)
    Objects scanned: 341661
    Time elapsed: 47 minute(s), 8 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)


    Run 2 in Safe Mode:

    Malwarebytes' Anti-Malware 1.51.1.1800
    www.malwarebytes.org

    Database version: 7219

    Windows 6.1.7601 Service Pack 1 (Safe Mode)
    Internet Explorer 9.0.8112.16421

    21/07/2011 10:35:31
    mbam-log-2011-07-21 (10-35-31).txt

    Scan type: Full scan (C:\|)
    Objects scanned: 340713
    Time elapsed: 26 minute(s), 39 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
     
  3. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Welcome to TechSpot! I do thank you for being up front- most member don't tell us the system belongs to someone else! Did the student give you any idea of the types of sites he is being directed to?
    ==================================================
    My Guidelines: please read and follow:
    • Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
    • Read my instructions carefully. If you don't understand or have a problem, ask me.
    • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
    • Follow the order of the tasks I give you. Order is crucial in cleaning process.
    • File sharing programs should be uninstalled or disabled during the cleaning process..
    • Observe these:
      [o] Don't use any other cleaning programs or scans while I'm helping you.
      [o] Don't use a Registry cleaner or make any changes in the Registry.
      [o] Don't download and install new programs- except those I give you.
    • Please let me know if there is any change in the system.
    If I have not replied for 2 days, you can send me a PM reminder. Include the URL of your thread. Please do not send me a PM to tell me your logs are up.
    If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
    =====================================
    Please follow the steps in the Preliminary Virus and Malware Removal thread HERE.

    NOTE: If you already have any of the scanning programs on the computer, please remove them and download the versions in these links.

    When you have finished, leave the logs for review in your next reply .
    NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.

    You do not have to run Mbam again.

    By the way, Combofix will run on a 64bit OS. And I will have you run it later. But we ask that you remove any of the programs we have you run and use our links instead.
     
  4. Dougiebabe2003

    Dougiebabe2003 TS Rookie Topic Starter

    No problem, you can help me more if I tell you exactly what has gone on!

    I have no idea what sites he has been too execpt for the few cookies that have been deleted while running SAS, quite a few where pron.

    I have just finsihed running gmer and dds so those log files are attached.

    I will delete the av/malware software now.

    The gmer and dds scans where NOT run in safe mode.

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2011-07-21 15:12:11
    Windows 6.1.7601 Service Pack 1
    Running: vt962i96.exe


    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\c0f8dafe3007
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\c0f8dafe3007 (not active ControlSet)

    ---- EOF - GMER 1.0.15 ----





    .
    DDS (Ver_11-05-19.01) - NTFSx86
    Internet Explorer: 9.0.8112.16421
    Run by jorge at 15:12:55 on 2011-07-21
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3895.2491 [GMT 1:00]
    .
    AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
    FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Program Files\IDT\WDM\STacSV64.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\WLANExt.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\IDT\WDM\AESTSr64.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Windows\system32\mfevtps.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
    C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Intel\WiFi\bin\EvtEng.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
    C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
    C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\IDT\WDM\sttray64.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Dell\QuickSet\quickset.exe
    C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
    C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe
    C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
    C:\Program Files\mcafee.com\agent\mcagent.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
    C:\Program Files (x86)\Dell Stage\Dell Stage\stage_secondary.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Users\jorge\Desktop\vt962i96.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Users\jorge\Desktop\dds.scr
    C:\Windows\SysWOW64\WSCRIPT.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = www.google.co.uk
    uInternet Settings,ProxyServer = http=127.0.0.1:25575
    mWinlogon: Userinit=userinit.exe
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110721091109.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
    TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
    uRun: [CreoLab] C:\ProgramData\ndhrywtzfontw\bwlpzqqnkr.exe
    uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
    uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
    mRun: [Dell Registration] C:\Program Files (x86)\System Registration\prodreg.exe /boot
    mRun: [<NO NAME>]
    mRun: [RoxWatchTray] "c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
    mRun: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
    mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
    mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
    mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
    mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
    mRunOnce: [DSUpdateLauncher] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate" /RUNAS "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe"
    mRunOnce: [STToasterLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL
    BHO-X64: McAfee Phishing Filter - No File
    BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110721091108.dll
    BHO-X64: scriptproxy - No File
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    mRun-x64: [IgfxTray] C:\Windows\system32\igfxtray.exe
    mRun-x64: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    mRun-x64: [Persistence] C:\Windows\system32\igfxpers.exe
    mRun-x64: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
    mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
    mRun-x64: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
    mRun-x64: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
    mRun-x64: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup
    IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    Hosts: 217.23.15.126 www.google.com.
    Hosts: 217.23.15.126 google.com.
    Hosts: 217.23.15.126 google.com.au.
    Hosts: 217.23.15.126 www.google.com.au.
    Hosts: 217.23.15.126 google.be.
    .
    Note: multiple HOSTS entries found. Please refer to Attach.txt
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\jorge\AppData\Roaming\Mozilla\Firefox\Profiles\h88pwnxf.default\
    FF - prefs.js: network.proxy.ftp - 127.0.0.1
    FF - prefs.js: network.proxy.ftp_port - 25575
    FF - prefs.js: network.proxy.http - 127.0.0.1
    FF - prefs.js: network.proxy.http_port - 25575
    FF - prefs.js: network.proxy.socks - 127.0.0.1
    FF - prefs.js: network.proxy.socks_port - 25575
    FF - prefs.js: network.proxy.ssl - 127.0.0.1
    FF - prefs.js: network.proxy.ssl_port - 25575
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
    FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
    R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
    R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
    R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
    R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-12 14928]
    R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-5-4 128384]
    R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
    R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-5-7 89600]
    R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-5-7 13336]
    R2 McMPFSvc;McAfee Personal Firewall Service;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [2010-3-10 355440]
    R2 McNaiAnn;McAfee VirusScan Announcer;"C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [2010-3-10 355440]
    R2 McProxy;McAfee Proxy Service;"C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [2010-3-10 355440]
    R2 McShield;McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2011-5-7 200056]
    R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2011-5-7 245352]
    R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]
    R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-7-21 1153368]
    R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-5-7 689472]
    R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
    R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
    R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
    R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
    R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
    R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
    R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
    R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
    R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
    S3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys --> C:\Windows\system32\drivers\btusbflt.sys [?]
    S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
    S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-7-15 1038088]
    S3 McAWFwk;McAfee Activation Service;C:\PROGRA~1\mcafee\msc\mcawfwk.exe [2011-5-7 220528]
    S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
    S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-3-5 340240]
    S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
    S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
    S4 McOobeSv;McAfee OOBE Service;"C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [2010-3-10 355440]
    .
    =============== Created Last 30 ================
    .
    2011-07-21 13:29:12 -------- d-----w- C:\Users\jorge\AppData\Local\Diagnostics
    2011-07-21 12:39:41 -------- d-----w- C:\Users\jorge\AppData\Roaming\SUPERAntiSpyware.com
    2011-07-21 12:39:41 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
    2011-07-21 12:39:39 -------- d-----w- C:\ProgramData\!SASCORE
    2011-07-21 12:39:37 -------- d-----w- C:\Program Files\SUPERAntiSpyware
    2011-07-21 12:29:59 -------- d-----w- C:\Program Files (x86)\Sophos
    2011-07-21 11:05:36 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
    2011-07-21 11:05:36 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
    2011-07-21 08:08:05 -------- d-----w- C:\Users\jorge\AppData\Roaming\Malwarebytes
    2011-07-21 08:08:02 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    2011-07-21 08:08:01 -------- d-----w- C:\ProgramData\Malwarebytes
    2011-07-21 08:07:58 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2011-07-21 08:07:58 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2011-07-21 03:55:30 -------- d-----w- C:\Windows\System32\SPReview
    2011-07-21 03:55:01 -------- d-----w- C:\Windows\System32\EventProviders
    2011-07-20 21:36:59 605696 ----a-w- C:\Windows\System32\wmpeffects.dll
    2011-07-20 21:35:59 45568 ----a-w- C:\Windows\SysWow64\g711codc.ax
    2011-07-20 21:33:00 529408 ----a-w- C:\Windows\System32\wbemcomn.dll
    2011-07-20 21:33:00 1225216 ----a-w- C:\Windows\System32\wbem\wbemcore.dll
    2011-07-20 21:32:59 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll
    2011-07-20 21:32:49 933376 ----a-w- C:\Windows\System32\SmiEngine.dll
    2011-07-20 21:32:41 199168 ----a-w- C:\Windows\System32\PkgMgr.exe
    2011-07-20 21:32:11 422912 ----a-w- C:\Windows\System32\drvstore.dll
    2011-07-20 21:32:10 399872 ----a-w- C:\Windows\System32\dpx.dll
    2011-07-20 17:24:03 80384 ----a-w- C:\Windows\System32\drivers\BTHUSB.SYS
    2011-07-20 17:24:03 552960 ----a-w- C:\Windows\System32\drivers\bthport.sys
    2011-07-20 17:24:03 229376 ----a-w- C:\Windows\System32\fsquirt.exe
    2011-07-20 04:12:19 -------- d-----w- C:\Windows\SysWow64\Wat
    2011-07-20 04:12:19 -------- d-----w- C:\Windows\System32\Wat
    2011-07-20 04:05:57 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
    2011-07-20 04:04:56 294912 ----a-w- C:\Windows\System32\browserchoice.exe
    2011-07-19 20:00:31 24376 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\Scriptff.dll
    2011-07-19 18:09:54 974336 ----a-w- C:\Windows\System32\WFS.exe
    2011-07-19 18:09:54 267776 ----a-w- C:\Windows\System32\FXSCOVER.exe
    2011-07-19 18:08:32 142336 ----a-w- C:\Windows\System32\poqexec.exe
    2011-07-19 18:08:32 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
    2011-07-19 18:08:14 2871808 ----a-w- C:\Windows\explorer.exe
    2011-07-19 18:08:14 2616320 ----a-w- C:\Windows\SysWow64\explorer.exe
    2011-07-19 18:08:04 961024 ----a-w- C:\Windows\System32\CPFilters.dll
    2011-07-19 18:08:04 723968 ----a-w- C:\Windows\System32\EncDec.dll
    2011-07-19 18:08:04 642048 ----a-w- C:\Windows\SysWow64\CPFilters.dll
    2011-07-19 18:08:04 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
    2011-07-19 18:08:04 1118720 ----a-w- C:\Windows\System32\sbe.dll
    2011-07-19 18:08:03 850944 ----a-w- C:\Windows\SysWow64\sbe.dll
    2011-07-19 18:08:03 259072 ----a-w- C:\Windows\System32\mpg2splt.ax
    2011-07-19 18:08:03 199680 ----a-w- C:\Windows\SysWow64\mpg2splt.ax
    2011-07-19 18:03:40 870912 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
    2011-07-19 18:03:40 1465344 ----a-w- C:\Windows\System32\XpsPrint.dll
    2011-07-19 18:02:58 1359872 ----a-w- C:\Windows\System32\mfc42u.dll
    2011-07-19 18:02:57 1395712 ----a-w- C:\Windows\System32\mfc42.dll
    2011-07-19 18:02:57 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll
    2011-07-19 18:02:57 1137664 ----a-w- C:\Windows\SysWow64\mfc42.dll
    2011-07-19 17:58:21 367616 ----a-w- C:\Windows\System32\atmfd.dll
    2011-07-19 17:58:21 294912 ----a-w- C:\Windows\SysWow64\atmfd.dll
    2011-07-19 17:58:20 46080 ----a-w- C:\Windows\System32\atmlib.dll
    2011-07-19 17:58:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
    2011-07-19 17:58:07 27520 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
    2011-07-19 17:54:03 183296 ----a-w- C:\Windows\System32\dnsrslvr.dll
    2011-07-19 17:54:02 30208 ----a-w- C:\Windows\System32\dnscacheugc.exe
    2011-07-19 17:54:02 28672 ----a-w- C:\Windows\SysWow64\dnscacheugc.exe
    2011-07-19 17:53:54 404480 ----a-w- C:\Windows\System32\umpnpmgr.dll
    2011-07-19 17:53:54 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe
    2011-07-19 17:53:54 207872 ----a-w- C:\Windows\System32\cfgmgr32.dll
    2011-07-19 17:53:54 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll
    2011-07-19 17:53:53 64512 ----a-w- C:\Windows\SysWow64\devobj.dll
    2011-07-19 17:53:53 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll
    2011-07-19 17:53:46 861696 ----a-w- C:\Windows\System32\oleaut32.dll
    2011-07-19 17:53:46 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
    2011-07-19 17:53:01 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys
    2011-07-19 17:51:49 605552 ----a-w- C:\Windows\System32\winload.exe
    2011-07-19 17:51:48 642944 ----a-w- C:\Windows\System32\winload.efi
    2011-07-19 17:51:48 63488 ----a-w- C:\Windows\System32\setbcdlocale.dll
    2011-07-19 17:51:48 566208 ----a-w- C:\Windows\System32\winresume.efi
    2011-07-19 17:51:48 518672 ----a-w- C:\Windows\System32\winresume.exe
    2011-07-19 17:51:48 20352 ----a-w- C:\Windows\System32\kdusb.dll
    2011-07-19 17:51:48 19328 ----a-w- C:\Windows\System32\kd1394.dll
    2011-07-19 17:51:48 17792 ----a-w- C:\Windows\System32\kdcom.dll
    2011-07-19 17:51:30 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe
    2011-07-19 17:51:30 31232 ----a-w- C:\Windows\System32\prevhost.exe
    2011-07-19 17:51:26 3137536 ----a-w- C:\Windows\System32\win32k.sys
    2011-07-19 17:51:11 976896 ----a-w- C:\Windows\System32\inetcomm.dll
    2011-07-19 17:51:11 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll
    2011-07-16 23:02:09 -------- d-----w- C:\ProgramData\ndhrywtzfontw
    2011-07-16 23:01:54 -------- d-----w- C:\ProgramData\2f9b9f
    2011-07-15 13:08:54 -------- d-----w- C:\Windows\SysWow64\spool
    2011-07-15 13:06:27 -------- d-----w- C:\Program Files\Common Files\Macrovision Shared
    2011-07-15 13:06:24 -------- d-----w- C:\Program Files (x86)\Common Files\Macrovision Shared
    2011-07-14 20:03:57 -------- d-----w- C:\Users\jorge\AppData\Local\Adobe
    2011-07-13 16:41:07 -------- d-----w- C:\Users\jorge\AppData\Local\ArcSoft
    2011-07-13 15:46:32 -------- d-----w- C:\Users\jorge\My Backup Files
    2011-07-13 15:32:02 -------- d-sh--w- C:\System Recovery
    2011-07-13 15:31:31 -------- d-----w- C:\Users\jorge\AppData\Local\Dell
    2011-07-13 15:30:57 -------- d-----w- C:\Users\jorge\AppData\Roaming\Dell
    2011-07-13 15:30:53 -------- d-----w- C:\Users\jorge\AppData\Roaming\Dell Touch Zone
    2011-07-13 15:30:50 -------- d-----w- C:\Users\jorge\AppData\Roaming\Intel Corporation
    2011-07-13 15:30:50 -------- d-----w- C:\Users\jorge\AppData\Local\Broadcom
    2011-07-13 15:30:48 -------- d-----w- C:\Users\jorge\AppData\Roaming\Intel
    2011-07-13 15:30:01 -------- d-----w- C:\Users\jorge\AppData\Local\VirtualStore
    2011-07-13 15:29:54 -------- d-----w- C:\Users\jorge\AppData\Local\SoftThinks
    .
    ==================== Find3M ====================
    .
    2011-07-21 04:04:10 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
    2011-07-21 04:04:09 175616 ----a-w- C:\Windows\System32\msclmd.dll
    2011-06-03 06:57:45 362496 ----a-w- C:\Windows\System32\wow64win.dll
    2011-06-03 06:57:45 243200 ----a-w- C:\Windows\System32\wow64.dll
    2011-06-03 06:57:45 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
    2011-06-03 06:57:44 214528 ----a-w- C:\Windows\System32\winsrv.dll
    2011-06-03 06:57:38 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
    2011-06-03 06:56:38 421888 ----a-w- C:\Windows\System32\KernelBase.dll
    2011-06-03 06:53:33 338944 ----a-w- C:\Windows\System32\conhost.exe
    2011-06-03 06:00:53 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
    2011-06-03 05:57:52 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
    2011-06-03 05:57:33 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
    2011-06-03 05:56:12 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
    2011-06-03 05:56:11 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
    2011-06-03 03:53:31 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
    2011-06-03 03:53:31 2048 ----a-w- C:\Windows\SysWow64\user.exe
    2011-06-03 03:48:32 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    2011-06-03 03:48:31 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    2011-06-03 03:48:31 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    2011-06-03 03:48:31 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    2011-05-07 18:31:57 74 --sh--r- C:\Windows\CT4CET.bin
    2011-05-07 18:27:26 521448 ----a-w- C:\Windows\System32\deployJava1.dll
    2011-05-04 05:25:03 2315776 ----a-w- C:\Windows\System32\tquery.dll
    2011-05-04 05:22:25 778752 ----a-w- C:\Windows\System32\mssvp.dll
    2011-05-04 05:22:25 2223616 ----a-w- C:\Windows\System32\mssrch.dll
    2011-05-04 05:22:24 75264 ----a-w- C:\Windows\System32\msscntrs.dll
    2011-05-04 05:22:24 491520 ----a-w- C:\Windows\System32\mssph.dll
    2011-05-04 05:22:24 288256 ----a-w- C:\Windows\System32\mssphtb.dll
    2011-05-04 05:19:28 591872 ----a-w- C:\Windows\System32\SearchIndexer.exe
    2011-05-04 05:19:28 249856 ----a-w- C:\Windows\System32\SearchProtocolHost.exe
    2011-05-04 05:19:28 113664 ----a-w- C:\Windows\System32\SearchFilterHost.exe
    2011-05-04 04:34:43 1549312 ----a-w- C:\Windows\SysWow64\tquery.dll
    2011-05-04 04:32:02 666624 ----a-w- C:\Windows\SysWow64\mssvp.dll
    2011-05-04 04:32:01 337408 ----a-w- C:\Windows\SysWow64\mssph.dll
    2011-05-04 04:32:01 197120 ----a-w- C:\Windows\SysWow64\mssphtb.dll
    2011-05-04 04:32:01 1401344 ----a-w- C:\Windows\SysWow64\mssrch.dll
    2011-05-04 04:32:00 59392 ----a-w- C:\Windows\SysWow64\msscntrs.dll
    2011-05-04 04:28:31 86528 ----a-w- C:\Windows\SysWow64\SearchFilterHost.exe
    2011-05-04 04:28:31 427520 ----a-w- C:\Windows\SysWow64\SearchIndexer.exe
    2011-05-04 04:28:31 164352 ----a-w- C:\Windows\SysWow64\SearchProtocolHost.exe
    2011-04-29 03:06:10 467456 ----a-w- C:\Windows\System32\drivers\srv.sys
    2011-04-29 03:05:49 410112 ----a-w- C:\Windows\System32\drivers\srv2.sys
    2011-04-29 03:05:37 168448 ----a-w- C:\Windows\System32\drivers\srvnet.sys
    2011-04-27 02:40:40 158208 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
    2011-04-27 02:39:40 289280 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
    2011-04-27 02:39:37 128000 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
    2011-04-25 05:33:51 1923968 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2011-04-25 02:34:03 499200 ----a-w- C:\Windows\System32\drivers\afd.sys
    .
    ============= FINISH: 15:14:14.52 ===============
     
  5. Dougiebabe2003

    Dougiebabe2003 TS Rookie Topic Starter

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_11-05-19.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 13/07/2011 16:26:51
    System Uptime: 21/07/2011 14:18:09 (1 hours ago)
    .
    Motherboard: Dell Inc. | | 0WXY9J
    Processor: Intel(R) Core(TM) i5 CPU M 480 @ 2.67GHz | CPU 1 | 2661/533mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 451 GiB total, 415.485 GiB free.
    D: is CDROM ()
    E: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP1: 13/07/2011 19:14:00 - Scheduled Checkpoint
    RP2: 20/07/2011 05:02:39 - Windows Update
    RP3: 20/07/2011 05:10:49 - Windows Update
    RP4: 20/07/2011 22:57:56 - Windows Update
    RP5: 21/07/2011 04:54:28 - Windows Update
    .
    ==== Hosts File Hijack ======================
    .
    Hosts: 217.23.15.126 www.google.com.
    Hosts: 217.23.15.126 google.com.
    Hosts: 217.23.15.126 google.com.au.
    Hosts: 217.23.15.126 www.google.com.au.
    Hosts: 217.23.15.126 google.be.
    Hosts: 217.23.15.126 www.google.be.
    Hosts: 217.23.15.126 google.com.br.
    Hosts: 217.23.15.126 www.google.com.br.
    Hosts: 217.23.15.126 google.ca.
    Hosts: 217.23.15.126 www.google.ca.
    Hosts: 217.23.15.126 google.ch.
    Hosts: 217.23.15.126 www.google.ch.
    Hosts: 217.23.15.126 google.de.
    Hosts: 217.23.15.126 www.google.de.
    Hosts: 217.23.15.126 google.dk.
    Hosts: 217.23.15.126 www.google.dk.
    Hosts: 217.23.15.126 google.fr.
    Hosts: 217.23.15.126 www.google.fr.
    Hosts: 217.23.15.126 google.ie.
    Hosts: 217.23.15.126 www.google.ie.
    Hosts: 217.23.15.126 google.it.
    Hosts: 217.23.15.126 www.google.it.
    Hosts: 217.23.15.126 google.co.jp.
    Hosts: 217.23.15.126 www.google.co.jp.
    Hosts: 217.23.15.126 google.nl.
    Hosts: 217.23.15.126 www.google.nl.
    Hosts: 217.23.15.126 google.no.
    Hosts: 217.23.15.126 www.google.no.
    Hosts: 217.23.15.126 google.co.nz.
    Hosts: 217.23.15.126 www.google.co.nz.
    Hosts: 217.23.15.126 google.pl.
    Hosts: 217.23.15.126 www.google.pl.
    Hosts: 217.23.15.126 google.se.
    Hosts: 217.23.15.126 www.google.se.
    Hosts: 217.23.15.126 google.co.uk.
    Hosts: 217.23.15.126 www.google.co.uk.
    Hosts: 217.23.15.126 google.co.za.
    Hosts: 217.23.15.126 www.google.co.za.
    Hosts: 217.23.15.126 www.google-analytics.com.
    Hosts: 217.23.15.126 www.bing.com.
    Hosts: 217.23.15.126 search.yahoo.com.
    Hosts: 217.23.15.126 www.search.yahoo.com.
    Hosts: 217.23.15.126 uk.search.yahoo.com.
    Hosts: 217.23.15.126 ca.search.yahoo.com.
    Hosts: 217.23.15.126 de.search.yahoo.com.
    Hosts: 217.23.15.126 fr.search.yahoo.com.
    Hosts: 217.23.15.126 au.search.yahoo.com.
    .
    ==== Installed Programs ======================
    .
    Adobe AIR
    Adobe Anchor Service CS4
    Adobe Bridge CS4
    Adobe CMaps CS4
    Adobe Color - Photoshop Specific CS4
    Adobe Color EU Extra Settings CS4
    Adobe Color JA Extra Settings CS4
    Adobe Color NA Recommended Settings CS4
    Adobe Color Video Profiles CS CS4
    Adobe CSI CS4
    Adobe Default Language CS4
    Adobe Device Central CS4
    Adobe Drive CS4
    Adobe ExtendScript Toolkit CS4
    Adobe Extension Manager CS4
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Fonts All
    Adobe Linguistics CS4
    Adobe Media Player
    Adobe Output Module
    Adobe PDF Library Files CS4
    Adobe Photoshop CS4
    Adobe Photoshop CS4 Support
    Adobe Reader X (10.1.0) MUI
    Adobe Search for Help
    Adobe Service Manager Extension
    Adobe Setup
    Adobe Type Support CS4
    Adobe Update Manager CS4
    Adobe WinSoft Linguistics Plugin
    Adobe XMP Panels CS4
    AdobeColorCommonSetCMYK
    AdobeColorCommonSetRGB
    Advanced Audio FX Engine
    Bing Bar
    Bing Bar Platform
    Bing Rewards Client Installer
    Connect
    D3DX10
    Dell DataSafe Local Backup
    Dell DataSafe Local Backup - Support Software
    Dell Getting Started Guide
    Dell MusicStage
    Dell PhotoStage
    Dell Product Registration
    Dell Stage
    Dell VideoStage
    Dell Webcam Central
    DirectX 9 Runtime
    eBay
    IDT Audio
    Intel(R) Control Center
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) Management Engine Components
    Intel(R) Rapid Storage Technology
    Junk Mail filter update
    kuler
    Live! Cam Avatar Creator
    Malwarebytes' Anti-Malware version 1.51.1.1800
    McAfee SecurityCenter
    Mesh Runtime
    Messenger Companion
    Microsoft Default Manager
    Microsoft Office 2010
    Microsoft Search Enhancement Pack
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 Redistributable
    Mozilla Firefox 5.0 (x86 en-GB)
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    PDF Settings CS4
    Photoshop Camera Raw
    PhotoShowExpress
    Realtek USB 2.0 Card Reader
    Roxio Activation Module
    Roxio BackOnTrack
    Roxio Burn
    Roxio Creator Starter
    Roxio Express Labeler 3
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Skype Toolbars
    Skype™ 4.2
    Sonic CinePlayer Decoder Pack
    Sophos Anti-Rootkit 1.3.1
    Spybot - Search & Destroy
    Suite Shared Configuration CS4
    WildTangent Games
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Mail
    Windows Live Mesh
    Windows Live Mesh ActiveX Control for Remote Connections
    Windows Live Messenger
    Windows Live Messenger Companion Core
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    .
    ==== Event Viewer Messages From Past Week ========
    .
    21/07/2011 14:17:40, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    21/07/2011 13:43:03, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
    21/07/2011 13:13:33, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
    21/07/2011 12:33:29, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}
    21/07/2011 12:29:38, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\IWMSSvc.dll Error Code: 21
    21/07/2011 12:29:37, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    21/07/2011 12:29:37, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    21/07/2011 12:29:34, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    21/07/2011 12:29:27, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache spldr Wanarpv6
    21/07/2011 12:29:27, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    21/07/2011 12:05:28, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    21/07/2011 10:07:11, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    21/07/2011 10:07:11, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    21/07/2011 10:06:53, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache mfehidk mfenlfk NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf
    21/07/2011 10:06:53, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    21/07/2011 10:06:53, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    21/07/2011 10:06:53, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    21/07/2011 10:06:53, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    21/07/2011 10:06:53, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    21/07/2011 10:06:53, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
    21/07/2011 10:06:53, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    21/07/2011 10:06:53, Error: Service Control Manager [7001] - The McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.
    21/07/2011 10:06:53, Error: Service Control Manager [7001] - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error: A device attached to the system is not functioning.
    21/07/2011 10:06:53, Error: Service Control Manager [7001] - The McAfee Proxy Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
    21/07/2011 10:06:53, Error: Service Control Manager [7001] - The McAfee Personal Firewall Service service depends on the Windows Firewall service which failed to start because of the following error: The dependency service or group failed to start.
    21/07/2011 10:06:53, Error: Service Control Manager [7001] - The McAfee Firewall Core Service service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.
    21/07/2011 10:06:53, Error: Service Control Manager [7001] - The McAfee Anti-Spam Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
    21/07/2011 10:06:53, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    21/07/2011 10:06:53, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    21/07/2011 10:06:53, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    21/07/2011 07:27:09, Error: Service Control Manager [7023] - The Intel(R) Management & Security Application User Notification Service service terminated with the following error: %%-2147467243
    21/07/2011 07:23:57, Error: VDS Basic Provider [1] - Unexpected failure. Error code: D@01010004
    21/07/2011 07:21:23, Error: BTHUSB [17] - The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
    21/07/2011 07:21:18, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the McNASvc service.
    20/07/2011 14:00:21, Error: Service Control Manager [7023] -
    19/07/2011 05:15:22, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.
    15/07/2011 21:45:31, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
    .
    ==== End Of File ===========================


    Again, many thanks.
     
  6. Dougiebabe2003

    Dougiebabe2003 TS Rookie Topic Starter

    Just found Super Anti-Spyware log:

    SUPERAntiSpyware Scan Log
    http://www.superantispyware.com

    Generated 07/21/2011 at 02:16 PM

    Application Version : 4.55.1000

    Core Rules Database Version : 7437
    Trace Rules Database Version: 5249

    Scan type : Complete Scan
    Total Scan Time : 00:34:38

    Memory items scanned : 471
    Memory threats detected : 0
    Registry items scanned : 13793
    Registry threats detected : 0
    File items scanned : 35747
    File threats detected : 167

    Adware.Tracking Cookie
    C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\jorge@serving-sys[1].txt
    C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\jorge@msnportal.112.2o7[1].txt
    C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\jorge@realteeniegfs[1].txt
    C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\jorge@bs.serving-sys[1].txt
    C:\Users\jorge\AppData\Local\Temp\Low\Cookies\jorge@ad.yieldmanager[2].txt
    C:\Users\jorge\AppData\Local\Temp\Low\Cookies\jorge@atdmt[2].txt
    C:\Users\jorge\AppData\Local\Temp\Low\Cookies\jorge@doubleclick[1].txt
    C:\Users\jorge\AppData\Local\Temp\Low\Cookies\jorge@revsci[1].txt
    C:\Users\jorge\AppData\Local\Temp\Low\Cookies\jorge@2o7[1].txt
    C:\Users\jorge\AppData\Local\Temp\Low\Cookies\jorge@content.yieldmanager[1].txt
    cdn1.static1.pornrabbit.com [ C:\Users\jorge\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\BSBH9TX2 ]
    pornforsex.com [ C:\Users\jorge\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\BSBH9TX2 ]
    porno-teens-free.com [ C:\Users\jorge\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\BSBH9TX2 ]
    secure-uk.imrworldwide.com [ C:\Users\jorge\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\BSBH9TX2 ]
    secure-us.imrworldwide.com [ C:\Users\jorge\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\BSBH9TX2 ]
    serving-sys.com [ C:\Users\jorge\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\BSBH9TX2 ]
    vidii.hardsextube.com [ C:\Users\jorge\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\BSBH9TX2 ]
    vidii.hardsextube.com.co [ C:\Users\jorge\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\BSBH9TX2 ]
    www.pornerbros.com [ C:\Users\jorge\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\BSBH9TX2 ]
    www.pornhub.com [ C:\Users\jorge\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\BSBH9TX2 ]
    www.porntube.com [ C:\Users\jorge\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\BSBH9TX2 ]
    www.russianporntube.com [ C:\Users\jorge\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\BSBH9TX2 ]
    wwwstatic.megaporn.com [ C:\Users\jorge\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\BSBH9TX2 ]
    C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@streamsex[2].txt
    C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@moviepornshop[2].txt
    C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@ero-advertising[2].txt
    C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@weborama[1].txt
    C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@go.trafficshop[2].txt
    C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@youramateurporn[1].txt
    C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@bridge1.admarketplace[1].txt
    C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@imrworldwide[2].txt
    C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@www.tubeporndiet[2].txt
    C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@tradedoubler[1].txt
    C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@teen-porno-videos[1].txt
    C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@tmadx[1].txt
    C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@advertising[2].txt
    C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@pro-market[1].txt
    C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@ads.zeusclicks[1].txt
    C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@mm.chitika[2].txt
    C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@rudefinder[1].txt
    C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@ads2.zeusclicks[1].txt
    C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@sexogreen[1].txt
    C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@www.yoursexmovies[1].txt
    C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@bravoteens[1].txt
    C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@www.teeniefiles[1].txt
    C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@pornhub[2].txt
    C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@www.bibporn[2].txt
    C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@www.pornhub[1].txt
    C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@teeniefiles[1].txt
    C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@serving-sys[2].txt
    C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@platinum-tube-porn[2].txt
    C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@porno-teens-free[1].txt
    C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@adbrite[2].txt
    C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@www.porntube[3].txt
    C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@tubeporndiet[1].txt
    C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@tns-counter[1].txt
    C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@www.finalteens[2].txt
    C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@teensexdream[2].txt
    C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@h2porn[2].txt
    C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@ads.fling[2].txt
    C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@eighteenpix[1].txt
    C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@toplist.pornhost[1].txt
    C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@www.googleadservices[1].txt
    C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@teeniesxxx[2].txt
    C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@worldsex[2].txt
    C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@jazztelespaa.solution.weborama[2].txt
    C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@www.pornorama[2].txt
    C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@media6degrees[1].txt
    C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@www.teeninmovies[1].txt
    C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@teenboat[1].txt
    C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@doubleclick[2].txt
    C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@teensexmania[1].txt
    C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@c.gigcount[1].txt
    C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@zedo[2].txt
    C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@www.rudefinder[2].txt
    C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@sexobr.com[2].txt
    C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@ru4[1].txt
    C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@hot-sex-tube[1].txt
    C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@rts.pgmediaserve[1].txt
    C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@hardsextube[2].txt
    C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@invitemedia[1].txt
    C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@apmebf[2].txt
    C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@microsoftsto.112.2o7[1].txt
    C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@counter3.sextracker[1].txt
    C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@sexy.iwantuonline[1].txt
    C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@euroteenmovs[1].txt
    C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@www.bravoteens[1].txt
    C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@philstraffic[2].txt
    C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@adxpansion[1].txt
    C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@revsci[1].txt
    C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@galleries.teensexmania[1].txt
    C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@ad.wsod[2].txt
    C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@insightexpressai[1].txt
    C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@porntubewatch[2].txt
    C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@viewablemedia[1].txt
    C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@counter6.sextracker[1].txt
    C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@ads.traffikings[1].txt
    C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@www.onlyteen****[2].txt
    C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@ads.dothads[1].txt
    C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@ads.premiumaccounts[2].txt
    C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@www.teenboat[2].txt
    C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@admarketplace[1].txt
    C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@pornsexhotel[1].txt
    C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@www.teeniesxxx[2].txt
    C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@adform[1].txt
    C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@www.sexobr.com[2].txt
    C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@www.xxxvideosfinder[1].txt
    C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@ads.crakmedia[1].txt
    C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@xiti[1].txt
    C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@bravoporn[1].txt
    C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@rb4.worldsex[1].txt
    C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@adserver.adtechus[1].txt
    C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@adserver.hardsextube[1].txt
    C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@porncare[2].txt
    C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@ads.staticyonkis[2].txt
    C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@www.teen-porno-videos[2].txt
    C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@dev.hardsextube[2].txt
    C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@www.pornhost[1].txt
    C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@amateurpornoclips[1].txt
    C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@specificclick[1].txt
    C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@macromedia[2].txt
    C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@finalteens[1].txt
    C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@tribalfusion[2].txt
    C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@www.hardsextube[2].txt
    C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@www.streamsex[2].txt
    C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@click.iwantuonline[1].txt
    C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@megaporn[3].txt
    C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@pornforsex[2].txt
    C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@adxpose[1].txt
    C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@porntube[2].txt
    C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@ads.adk2[1].txt
    C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@teenmodelsex[1].txt
    C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@clickbank[1].txt
    C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@www.porntube[1].txt
    C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@pornografish[1].txt
    C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@www.teensboss[2].txt
    C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@microsoftwllivemkt.112.2o7[1].txt
    C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@www.bravoteens[3].txt
    C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@xxxvintagemiss[1].txt
    C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@prisacom.112.2o7[1].txt
    C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@track.adform[2].txt
    C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@content.yieldmanager[3].txt
    C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@supertubeporn[2].txt
    C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@atdmt[1].txt
    C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@www.porn[2].txt
    C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@mediaplex[2].txt
    C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@trafficholder[1].txt
    C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@www.porntube[2].txt
    C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@counter14.sextracker[1].txt
    C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@xxxtubexxx[2].txt
    C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@niceyoungteens[1].txt
    C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@questionmarket[2].txt
    C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@sexlog.com[2].txt
    C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@newsexbook[1].txt
    C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@videooporno[2].txt
    C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@www.teenporni[2].txt
    C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@teenmodelsex[3].txt
    C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@bigentertainmentfinder[1].txt
    C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@sextracker[1].txt
    C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@media.carpediem[1].txt
    C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@richmedia.yahoo[2].txt
    C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@allofadult[1].txt
    C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@teenshomeclip[1].txt
    C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@stats.ilivid[2].txt
    C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@content.yieldmanager[1].txt
    C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@interclick[1].txt
    C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@microsoftwlsearchcrm.112.2o7[1].txt
     
  7. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Okay then: Main infection is Cleanup Antivirus, a rogue from the same family as Virus Doctor. This rogue is promoted through the use of Trojans and fake online anti-malware scanners. When installed Cleanup Antivirus will be configured to start automatically when you log into Windows. When Cleanup Antivirus is installed it will also create numerous fake malware that will be detected as malware when the program scans your computer.

    About the sites visited in SAS: if he is going to the pron sites while I'm trying to clean the system, it will be a waste of time. So let's do this and see if it handled the Tracking Cookie:
    Reset Cookies

    For Internet Explorer: Internet Options (through Tools or Control Panel) Privacy tab> Advanced button> CHECK 'override automatic Cookie handling'> CHECK 'accept first party Cookies'> CHECK 'Block third party Cookies'> CHECK 'allow per session Cookies'> Apply> OK.

    For Firefox: Tools> Options> Privacy> Cookies> CHECK ‘accept Cookies from Sites’> UNCHECK 'accept third party Cookies'> Set Keep until 'they expire'. This will allow you to keep Cookies for registered sites and prevent or remove others. (Note: for Firefox v3.5, after Privacy click on 'use custom settings for History.')

    I suggest using the following two add-on for Firefox. They will prevent the Tracking Cookies that come from ads and banners and other sources:
    AdBlock Plus
    Easy List

    For Chrome: Tools> Options> Under The Hood> Privacy Section> CHECK 'Restrict how third party Cookies can be used'> Close.
    (First-party and third-party cookies can be set by the website you're visiting and websites that have items embedded in the website you're visiting. But when you next visit the website, only first-party cookie information is sent to the website. Third-party cookie information isn't sent back to the websites that originally set the third-party cookies.)
    =====================================
    The run HijackThis. Download HijackThis and save to your desktop.
    • Extract it to a directory on your hard drive called c:\HijackThis.
    • Then navigate to that directory and double-click on the hijackthis.exe file.
    • When started click on the Scan button and then the Save Log button to create a log of your information.
    • The log file and then the log will open in notepad. Be sure to click on Format> Uncheck Word Wrap when you open Notepad
    • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log. Save it to the desktop.
    --------------------------------
    You will see a listing in the 01 Host files.

    Reopen HijackThis to 'do system scan only'. Check each of the following:
    Hosts: 217.23.15.126 www.google.com.
    Hosts: 217.23.15.126 google.com.
    Hosts: 217.23.15.126 google.com.au.
    Hosts: 217.23.15.126 www.google.com.au.
    Hosts: 217.23.15.126 google.be.
    Hosts: 217.23.15.126 www.google.be.
    Hosts: 217.23.15.126 google.com.br.
    Hosts: 217.23.15.126 www.google.com.br.
    Hosts: 217.23.15.126 google.ca.
    Hosts: 217.23.15.126 www.google.ca.
    Hosts: 217.23.15.126 google.ch.
    Hosts: 217.23.15.126 www.google.ch.
    Hosts: 217.23.15.126 google.de.
    Hosts: 217.23.15.126 www.google.de.
    Hosts: 217.23.15.126 google.dk.
    Hosts: 217.23.15.126 www.google.dk.
    Hosts: 217.23.15.126 google.fr.
    Hosts: 217.23.15.126 www.google.fr.
    Hosts: 217.23.15.126 google.ie.
    Hosts: 217.23.15.126 www.google.ie.
    Hosts: 217.23.15.126 google.it.
    Hosts: 217.23.15.126 www.google.it.
    Hosts: 217.23.15.126 google.co.jp.
    Hosts: 217.23.15.126 www.google.co.jp.
    Hosts: 217.23.15.126 google.nl.
    Hosts: 217.23.15.126 www.google.nl.
    Hosts: 217.23.15.126 google.no.
    Hosts: 217.23.15.126 www.google.no.
    Hosts: 217.23.15.126 google.co.nz.
    Hosts: 217.23.15.126 www.google.co.nz.
    Hosts: 217.23.15.126 google.pl.
    Hosts: 217.23.15.126 www.google.pl.
    Hosts: 217.23.15.126 google.se.
    Hosts: 217.23.15.126 www.google.se.
    Hosts: 217.23.15.126 google.co.uk.
    Hosts: 217.23.15.126 www.google.co.uk.
    Hosts: 217.23.15.126 google.co.za.
    Hosts: 217.23.15.126 www.google.co.za.
    Hosts: 217.23.15.126 www.google-analytics.com.
    Hosts: 217.23.15.126 www.bing.com.
    Hosts: 217.23.15.126 search.yahoo.com.
    Hosts: 217.23.15.126 www.search.yahoo.com.
    Hosts: 217.23.15.126 uk.search.yahoo.com.
    Hosts: 217.23.15.126 ca.search.yahoo.com.
    Hosts: 217.23.15.126 de.search.yahoo.com.
    Hosts: 217.23.15.126 fr.search.yahoo.com.
    Hosts: 217.23.15.126 au.search.yahoo.com.


    Close all Windows except HijackThis and click on "Fix Checked."
    ==================================================
    Please note: If you have Combofix on the desktop already, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    --------------------------------------
    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe & follow the prompts.
    • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
      **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
      [​IMG]
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • .Close any open browsers.
    • .Double click combofix.exe[​IMG] & follow the prompts to run.
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.

    Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
    Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
    Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    Note 5: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart computer to fix the issue.
    =======================================
    • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
      ESETOnlineScan
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      [o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
      [o] Double click on the [​IMG]on your desktop.
    • Check 'Yes I accept terms of use.'
    • Click Start button
    • Accept any security warnings from your browser.
      [​IMG]
    • Uncheck 'Remove found threats'
    • Check 'Scan archives/
    • Leave remaining settings as is.
    • Press the Start button.
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
    • When the scan completes, press List of found threats
    • Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
    • Push the Back button
    • Push Finish

    NOTE: If no malware is found then no log will be produced. Let me know if this is the case.

    I'll set up some script to run through Combofix after I get the logs.
     
  8. Dougiebabe2003

    Dougiebabe2003 TS Rookie Topic Starter

    Hi Bobbye,

    Thank you for your help!

    I had last Friday off and had left work before you had given your response.

    I have come in today and there was no laptop in sight and no one has come in all day looking for it so I can only guess that the student has taken their laptop.

    Not sure if the problem got resolved by out of hours support but there isn't a lot more I can do without the laptop!

    Thanks again for you help and if it's OK I might be coming back if I have other Virus's/Malware that I cannot get rid of!

    Cheers,

    Doug
     
  9. Bobbye

    Bobbye Helper on the Fringe Posts: 16,392   +36

    Thanks for the update. Your student isn't going to get very far with that hijack on the system.
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.