Resolved Firefox Redirects

Status
Not open for further replies.

Dougiebabe2003

Posts: 9   +0
Hi,

I'm an IT Engineer for a Uni and have been handed a laptop by a student.

He came in showing me that google was telling him he had an infected PC and that it kept sending him to random pages.

I have tried removing whatever virus/malware is on there using:

Malwarebytes
Spybot
SUPERAnitSpyware
HIs own Mcaffe program he already had

I have tried running combofix but as the laptop is 64bit, won't run, nor will Sophos Anti-rootkit

Malwarebytes found nothing, spybot found a couple of thigns (Cookies I believe) and SAS found 150 cookies but not the actual problem.

It seems to only be happening in Firefox but I have only tried IE for a limited time.

Any advice would be greatly recevied.

Regards,

Doug
 
Run 1 of Malware Bytes:

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7219

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

21/07/2011 09:59:03
mbam-log-2011-07-21 (09-59-03).txt

Scan type: Full scan (C:\|)
Objects scanned: 341661
Time elapsed: 47 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Run 2 in Safe Mode:

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7219

Windows 6.1.7601 Service Pack 1 (Safe Mode)
Internet Explorer 9.0.8112.16421

21/07/2011 10:35:31
mbam-log-2011-07-21 (10-35-31).txt

Scan type: Full scan (C:\|)
Objects scanned: 340713
Time elapsed: 26 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
 
Welcome to TechSpot! I do thank you for being up front- most member don't tell us the system belongs to someone else! Did the student give you any idea of the types of sites he is being directed to?
==================================================
My Guidelines: please read and follow:
  • Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
  • Read my instructions carefully. If you don't understand or have a problem, ask me.
  • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
  • Follow the order of the tasks I give you. Order is crucial in cleaning process.
  • File sharing programs should be uninstalled or disabled during the cleaning process..
  • Observe these:
    [o] Don't use any other cleaning programs or scans while I'm helping you.
    [o] Don't use a Registry cleaner or make any changes in the Registry.
    [o] Don't download and install new programs- except those I give you.
  • Please let me know if there is any change in the system.
If I have not replied for 2 days, you can send me a PM reminder. Include the URL of your thread. Please do not send me a PM to tell me your logs are up.
If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
=====================================
Please follow the steps in the Preliminary Virus and Malware Removal thread HERE.

NOTE: If you already have any of the scanning programs on the computer, please remove them and download the versions in these links.

When you have finished, leave the logs for review in your next reply .
NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.

You do not have to run Mbam again.

By the way, Combofix will run on a 64bit OS. And I will have you run it later. But we ask that you remove any of the programs we have you run and use our links instead.
 
No problem, you can help me more if I tell you exactly what has gone on!

I have no idea what sites he has been too execpt for the few cookies that have been deleted while running SAS, quite a few where pron.

I have just finsihed running gmer and dds so those log files are attached.

I will delete the av/malware software now.

The gmer and dds scans where NOT run in safe mode.

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-07-21 15:12:11
Windows 6.1.7601 Service Pack 1
Running: vt962i96.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\c0f8dafe3007
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\c0f8dafe3007 (not active ControlSet)

---- EOF - GMER 1.0.15 ----





.
DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 9.0.8112.16421
Run by jorge at 15:12:55 on 2011-07-21
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3895.2491 [GMT 1:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
C:\Program Files\mcafee.com\agent\mcagent.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\Dell Stage\Dell Stage\stage_secondary.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Users\jorge\Desktop\vt962i96.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\jorge\Desktop\dds.scr
C:\Windows\SysWOW64\WSCRIPT.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = www.google.co.uk
uInternet Settings,ProxyServer = http=127.0.0.1:25575
mWinlogon: Userinit=userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20110721091109.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
uRun: [CreoLab] C:\ProgramData\ndhrywtzfontw\bwlpzqqnkr.exe
uRun: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
mRun: [Dell Registration] C:\Program Files (x86)\System Registration\prodreg.exe /boot
mRun: [<NO NAME>]
mRun: [RoxWatchTray] "c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"
mRun: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"
mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe
mRunOnce: [DSUpdateLauncher] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe" /NOCONSOLE /D="C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate" /RUNAS "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe"
mRunOnce: [STToasterLauncher] C:\Program Files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: McAfee Phishing Filter: {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL
BHO-X64: McAfee Phishing Filter - No File
BHO-X64: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110721091108.dll
BHO-X64: scriptproxy - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
mRun-x64: [IgfxTray] C:\Windows\system32\igfxtray.exe
mRun-x64: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
mRun-x64: [Persistence] C:\Windows\system32\igfxpers.exe
mRun-x64: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun-x64: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
mRun-x64: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray
mRun-x64: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Hosts: 217.23.15.126 www.google.com.
Hosts: 217.23.15.126 google.com.
Hosts: 217.23.15.126 google.com.au.
Hosts: 217.23.15.126 www.google.com.au.
Hosts: 217.23.15.126 google.be.
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\jorge\AppData\Roaming\Mozilla\Firefox\Profiles\h88pwnxf.default\
FF - prefs.js: network.proxy.ftp - 127.0.0.1
FF - prefs.js: network.proxy.ftp_port - 25575
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 25575
FF - prefs.js: network.proxy.socks - 127.0.0.1
FF - prefs.js: network.proxy.socks_port - 25575
FF - prefs.js: network.proxy.ssl - 127.0.0.1
FF - prefs.js: network.proxy.ssl_port - 25575
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?]
R0 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\system32\drivers\mfewfpk.sys --> C:\Windows\system32\drivers\mfewfpk.sys [?]
R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
R1 mfenlfk;McAfee NDIS Light Filter;C:\Windows\system32\DRIVERS\mfenlfk.sys --> C:\Windows\system32\DRIVERS\mfenlfk.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-12 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-5-4 128384]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-6-6 64952]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-5-7 89600]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-5-7 13336]
R2 McMPFSvc;McAfee Personal Firewall Service;"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [2010-3-10 355440]
R2 McNaiAnn;McAfee VirusScan Announcer;"C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [2010-3-10 355440]
R2 McProxy;McAfee Proxy Service;"C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [2010-3-10 355440]
R2 McShield;McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2011-5-7 200056]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2011-5-7 245352]
R2 mfevtp;McAfee Validation Trust Protection Service;"C:\Windows\system32\mfevtps.exe" --> C:\Windows\system32\mfevtps.exe [?]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2011-7-21 1153368]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-5-7 689472]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\system32\drivers\cfwids.sys --> C:\Windows\system32\drivers\cfwids.sys [?]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?]
R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 Impcd;Impcd;C:\Windows\system32\DRIVERS\Impcd.sys --> C:\Windows\system32\DRIVERS\Impcd.sys [?]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\system32\drivers\mfefirek.sys --> C:\Windows\system32\drivers\mfefirek.sys [?]
R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETw5s64.sys --> C:\Windows\system32\DRIVERS\NETw5s64.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys --> C:\Windows\system32\drivers\btusbflt.sys [?]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-7-15 1038088]
S3 McAWFwk;McAfee Activation Service;C:\PROGRA~1\mcafee\msc\mcawfwk.exe [2011-5-7 220528]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\system32\drivers\mferkdet.sys --> C:\Windows\system32\drivers\mferkdet.sys [?]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-3-5 340240]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
S4 McOobeSv;McAfee OOBE Service;"C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [2010-3-10 355440]
.
=============== Created Last 30 ================
.
2011-07-21 13:29:12 -------- d-----w- C:\Users\jorge\AppData\Local\Diagnostics
2011-07-21 12:39:41 -------- d-----w- C:\Users\jorge\AppData\Roaming\SUPERAntiSpyware.com
2011-07-21 12:39:41 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com
2011-07-21 12:39:39 -------- d-----w- C:\ProgramData\!SASCORE
2011-07-21 12:39:37 -------- d-----w- C:\Program Files\SUPERAntiSpyware
2011-07-21 12:29:59 -------- d-----w- C:\Program Files (x86)\Sophos
2011-07-21 11:05:36 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2011-07-21 11:05:36 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2011-07-21 08:08:05 -------- d-----w- C:\Users\jorge\AppData\Roaming\Malwarebytes
2011-07-21 08:08:02 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
2011-07-21 08:08:01 -------- d-----w- C:\ProgramData\Malwarebytes
2011-07-21 08:07:58 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys
2011-07-21 08:07:58 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-07-21 03:55:30 -------- d-----w- C:\Windows\System32\SPReview
2011-07-21 03:55:01 -------- d-----w- C:\Windows\System32\EventProviders
2011-07-20 21:36:59 605696 ----a-w- C:\Windows\System32\wmpeffects.dll
2011-07-20 21:35:59 45568 ----a-w- C:\Windows\SysWow64\g711codc.ax
2011-07-20 21:33:00 529408 ----a-w- C:\Windows\System32\wbemcomn.dll
2011-07-20 21:33:00 1225216 ----a-w- C:\Windows\System32\wbem\wbemcore.dll
2011-07-20 21:32:59 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll
2011-07-20 21:32:49 933376 ----a-w- C:\Windows\System32\SmiEngine.dll
2011-07-20 21:32:41 199168 ----a-w- C:\Windows\System32\PkgMgr.exe
2011-07-20 21:32:11 422912 ----a-w- C:\Windows\System32\drvstore.dll
2011-07-20 21:32:10 399872 ----a-w- C:\Windows\System32\dpx.dll
2011-07-20 17:24:03 80384 ----a-w- C:\Windows\System32\drivers\BTHUSB.SYS
2011-07-20 17:24:03 552960 ----a-w- C:\Windows\System32\drivers\bthport.sys
2011-07-20 17:24:03 229376 ----a-w- C:\Windows\System32\fsquirt.exe
2011-07-20 04:12:19 -------- d-----w- C:\Windows\SysWow64\Wat
2011-07-20 04:12:19 -------- d-----w- C:\Windows\System32\Wat
2011-07-20 04:05:57 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2011-07-20 04:04:56 294912 ----a-w- C:\Windows\System32\browserchoice.exe
2011-07-19 20:00:31 24376 ----a-w- C:\Program Files (x86)\Mozilla Firefox\components\Scriptff.dll
2011-07-19 18:09:54 974336 ----a-w- C:\Windows\System32\WFS.exe
2011-07-19 18:09:54 267776 ----a-w- C:\Windows\System32\FXSCOVER.exe
2011-07-19 18:08:32 142336 ----a-w- C:\Windows\System32\poqexec.exe
2011-07-19 18:08:32 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
2011-07-19 18:08:14 2871808 ----a-w- C:\Windows\explorer.exe
2011-07-19 18:08:14 2616320 ----a-w- C:\Windows\SysWow64\explorer.exe
2011-07-19 18:08:04 961024 ----a-w- C:\Windows\System32\CPFilters.dll
2011-07-19 18:08:04 723968 ----a-w- C:\Windows\System32\EncDec.dll
2011-07-19 18:08:04 642048 ----a-w- C:\Windows\SysWow64\CPFilters.dll
2011-07-19 18:08:04 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
2011-07-19 18:08:04 1118720 ----a-w- C:\Windows\System32\sbe.dll
2011-07-19 18:08:03 850944 ----a-w- C:\Windows\SysWow64\sbe.dll
2011-07-19 18:08:03 259072 ----a-w- C:\Windows\System32\mpg2splt.ax
2011-07-19 18:08:03 199680 ----a-w- C:\Windows\SysWow64\mpg2splt.ax
2011-07-19 18:03:40 870912 ----a-w- C:\Windows\SysWow64\XpsPrint.dll
2011-07-19 18:03:40 1465344 ----a-w- C:\Windows\System32\XpsPrint.dll
2011-07-19 18:02:58 1359872 ----a-w- C:\Windows\System32\mfc42u.dll
2011-07-19 18:02:57 1395712 ----a-w- C:\Windows\System32\mfc42.dll
2011-07-19 18:02:57 1164288 ----a-w- C:\Windows\SysWow64\mfc42u.dll
2011-07-19 18:02:57 1137664 ----a-w- C:\Windows\SysWow64\mfc42.dll
2011-07-19 17:58:21 367616 ----a-w- C:\Windows\System32\atmfd.dll
2011-07-19 17:58:21 294912 ----a-w- C:\Windows\SysWow64\atmfd.dll
2011-07-19 17:58:20 46080 ----a-w- C:\Windows\System32\atmlib.dll
2011-07-19 17:58:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2011-07-19 17:58:07 27520 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2011-07-19 17:54:03 183296 ----a-w- C:\Windows\System32\dnsrslvr.dll
2011-07-19 17:54:02 30208 ----a-w- C:\Windows\System32\dnscacheugc.exe
2011-07-19 17:54:02 28672 ----a-w- C:\Windows\SysWow64\dnscacheugc.exe
2011-07-19 17:53:54 404480 ----a-w- C:\Windows\System32\umpnpmgr.dll
2011-07-19 17:53:54 252928 ----a-w- C:\Windows\SysWow64\drvinst.exe
2011-07-19 17:53:54 207872 ----a-w- C:\Windows\System32\cfgmgr32.dll
2011-07-19 17:53:54 145920 ----a-w- C:\Windows\SysWow64\cfgmgr32.dll
2011-07-19 17:53:53 64512 ----a-w- C:\Windows\SysWow64\devobj.dll
2011-07-19 17:53:53 44544 ----a-w- C:\Windows\SysWow64\devrtl.dll
2011-07-19 17:53:46 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2011-07-19 17:53:46 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2011-07-19 17:53:01 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys
2011-07-19 17:51:49 605552 ----a-w- C:\Windows\System32\winload.exe
2011-07-19 17:51:48 642944 ----a-w- C:\Windows\System32\winload.efi
2011-07-19 17:51:48 63488 ----a-w- C:\Windows\System32\setbcdlocale.dll
2011-07-19 17:51:48 566208 ----a-w- C:\Windows\System32\winresume.efi
2011-07-19 17:51:48 518672 ----a-w- C:\Windows\System32\winresume.exe
2011-07-19 17:51:48 20352 ----a-w- C:\Windows\System32\kdusb.dll
2011-07-19 17:51:48 19328 ----a-w- C:\Windows\System32\kd1394.dll
2011-07-19 17:51:48 17792 ----a-w- C:\Windows\System32\kdcom.dll
2011-07-19 17:51:30 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe
2011-07-19 17:51:30 31232 ----a-w- C:\Windows\System32\prevhost.exe
2011-07-19 17:51:26 3137536 ----a-w- C:\Windows\System32\win32k.sys
2011-07-19 17:51:11 976896 ----a-w- C:\Windows\System32\inetcomm.dll
2011-07-19 17:51:11 741376 ----a-w- C:\Windows\SysWow64\inetcomm.dll
2011-07-16 23:02:09 -------- d-----w- C:\ProgramData\ndhrywtzfontw
2011-07-16 23:01:54 -------- d-----w- C:\ProgramData\2f9b9f
2011-07-15 13:08:54 -------- d-----w- C:\Windows\SysWow64\spool
2011-07-15 13:06:27 -------- d-----w- C:\Program Files\Common Files\Macrovision Shared
2011-07-15 13:06:24 -------- d-----w- C:\Program Files (x86)\Common Files\Macrovision Shared
2011-07-14 20:03:57 -------- d-----w- C:\Users\jorge\AppData\Local\Adobe
2011-07-13 16:41:07 -------- d-----w- C:\Users\jorge\AppData\Local\ArcSoft
2011-07-13 15:46:32 -------- d-----w- C:\Users\jorge\My Backup Files
2011-07-13 15:32:02 -------- d-sh--w- C:\System Recovery
2011-07-13 15:31:31 -------- d-----w- C:\Users\jorge\AppData\Local\Dell
2011-07-13 15:30:57 -------- d-----w- C:\Users\jorge\AppData\Roaming\Dell
2011-07-13 15:30:53 -------- d-----w- C:\Users\jorge\AppData\Roaming\Dell Touch Zone
2011-07-13 15:30:50 -------- d-----w- C:\Users\jorge\AppData\Roaming\Intel Corporation
2011-07-13 15:30:50 -------- d-----w- C:\Users\jorge\AppData\Local\Broadcom
2011-07-13 15:30:48 -------- d-----w- C:\Users\jorge\AppData\Roaming\Intel
2011-07-13 15:30:01 -------- d-----w- C:\Users\jorge\AppData\Local\VirtualStore
2011-07-13 15:29:54 -------- d-----w- C:\Users\jorge\AppData\Local\SoftThinks
.
==================== Find3M ====================
.
2011-07-21 04:04:10 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-07-21 04:04:09 175616 ----a-w- C:\Windows\System32\msclmd.dll
2011-06-03 06:57:45 362496 ----a-w- C:\Windows\System32\wow64win.dll
2011-06-03 06:57:45 243200 ----a-w- C:\Windows\System32\wow64.dll
2011-06-03 06:57:45 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2011-06-03 06:57:44 214528 ----a-w- C:\Windows\System32\winsrv.dll
2011-06-03 06:57:38 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2011-06-03 06:56:38 421888 ----a-w- C:\Windows\System32\KernelBase.dll
2011-06-03 06:53:33 338944 ----a-w- C:\Windows\System32\conhost.exe
2011-06-03 06:00:53 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2011-06-03 05:57:52 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2011-06-03 05:57:33 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2011-06-03 05:56:12 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2011-06-03 05:56:11 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2011-06-03 03:53:31 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2011-06-03 03:53:31 2048 ----a-w- C:\Windows\SysWow64\user.exe
2011-06-03 03:48:32 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2011-06-03 03:48:31 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2011-06-03 03:48:31 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2011-06-03 03:48:31 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2011-05-07 18:31:57 74 --sh--r- C:\Windows\CT4CET.bin
2011-05-07 18:27:26 521448 ----a-w- C:\Windows\System32\deployJava1.dll
2011-05-04 05:25:03 2315776 ----a-w- C:\Windows\System32\tquery.dll
2011-05-04 05:22:25 778752 ----a-w- C:\Windows\System32\mssvp.dll
2011-05-04 05:22:25 2223616 ----a-w- C:\Windows\System32\mssrch.dll
2011-05-04 05:22:24 75264 ----a-w- C:\Windows\System32\msscntrs.dll
2011-05-04 05:22:24 491520 ----a-w- C:\Windows\System32\mssph.dll
2011-05-04 05:22:24 288256 ----a-w- C:\Windows\System32\mssphtb.dll
2011-05-04 05:19:28 591872 ----a-w- C:\Windows\System32\SearchIndexer.exe
2011-05-04 05:19:28 249856 ----a-w- C:\Windows\System32\SearchProtocolHost.exe
2011-05-04 05:19:28 113664 ----a-w- C:\Windows\System32\SearchFilterHost.exe
2011-05-04 04:34:43 1549312 ----a-w- C:\Windows\SysWow64\tquery.dll
2011-05-04 04:32:02 666624 ----a-w- C:\Windows\SysWow64\mssvp.dll
2011-05-04 04:32:01 337408 ----a-w- C:\Windows\SysWow64\mssph.dll
2011-05-04 04:32:01 197120 ----a-w- C:\Windows\SysWow64\mssphtb.dll
2011-05-04 04:32:01 1401344 ----a-w- C:\Windows\SysWow64\mssrch.dll
2011-05-04 04:32:00 59392 ----a-w- C:\Windows\SysWow64\msscntrs.dll
2011-05-04 04:28:31 86528 ----a-w- C:\Windows\SysWow64\SearchFilterHost.exe
2011-05-04 04:28:31 427520 ----a-w- C:\Windows\SysWow64\SearchIndexer.exe
2011-05-04 04:28:31 164352 ----a-w- C:\Windows\SysWow64\SearchProtocolHost.exe
2011-04-29 03:06:10 467456 ----a-w- C:\Windows\System32\drivers\srv.sys
2011-04-29 03:05:49 410112 ----a-w- C:\Windows\System32\drivers\srv2.sys
2011-04-29 03:05:37 168448 ----a-w- C:\Windows\System32\drivers\srvnet.sys
2011-04-27 02:40:40 158208 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2011-04-27 02:39:40 289280 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2011-04-27 02:39:37 128000 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys
2011-04-25 05:33:51 1923968 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-04-25 02:34:03 499200 ----a-w- C:\Windows\System32\drivers\afd.sys
.
============= FINISH: 15:14:14.52 ===============
 
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-05-19.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 13/07/2011 16:26:51
System Uptime: 21/07/2011 14:18:09 (1 hours ago)
.
Motherboard: Dell Inc. | | 0WXY9J
Processor: Intel(R) Core(TM) i5 CPU M 480 @ 2.67GHz | CPU 1 | 2661/533mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 451 GiB total, 415.485 GiB free.
D: is CDROM ()
E: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1: 13/07/2011 19:14:00 - Scheduled Checkpoint
RP2: 20/07/2011 05:02:39 - Windows Update
RP3: 20/07/2011 05:10:49 - Windows Update
RP4: 20/07/2011 22:57:56 - Windows Update
RP5: 21/07/2011 04:54:28 - Windows Update
.
==== Hosts File Hijack ======================
.
Hosts: 217.23.15.126 www.google.com.
Hosts: 217.23.15.126 google.com.
Hosts: 217.23.15.126 google.com.au.
Hosts: 217.23.15.126 www.google.com.au.
Hosts: 217.23.15.126 google.be.
Hosts: 217.23.15.126 www.google.be.
Hosts: 217.23.15.126 google.com.br.
Hosts: 217.23.15.126 www.google.com.br.
Hosts: 217.23.15.126 google.ca.
Hosts: 217.23.15.126 www.google.ca.
Hosts: 217.23.15.126 google.ch.
Hosts: 217.23.15.126 www.google.ch.
Hosts: 217.23.15.126 google.de.
Hosts: 217.23.15.126 www.google.de.
Hosts: 217.23.15.126 google.dk.
Hosts: 217.23.15.126 www.google.dk.
Hosts: 217.23.15.126 google.fr.
Hosts: 217.23.15.126 www.google.fr.
Hosts: 217.23.15.126 google.ie.
Hosts: 217.23.15.126 www.google.ie.
Hosts: 217.23.15.126 google.it.
Hosts: 217.23.15.126 www.google.it.
Hosts: 217.23.15.126 google.co.jp.
Hosts: 217.23.15.126 www.google.co.jp.
Hosts: 217.23.15.126 google.nl.
Hosts: 217.23.15.126 www.google.nl.
Hosts: 217.23.15.126 google.no.
Hosts: 217.23.15.126 www.google.no.
Hosts: 217.23.15.126 google.co.nz.
Hosts: 217.23.15.126 www.google.co.nz.
Hosts: 217.23.15.126 google.pl.
Hosts: 217.23.15.126 www.google.pl.
Hosts: 217.23.15.126 google.se.
Hosts: 217.23.15.126 www.google.se.
Hosts: 217.23.15.126 google.co.uk.
Hosts: 217.23.15.126 www.google.co.uk.
Hosts: 217.23.15.126 google.co.za.
Hosts: 217.23.15.126 www.google.co.za.
Hosts: 217.23.15.126 www.google-analytics.com.
Hosts: 217.23.15.126 www.bing.com.
Hosts: 217.23.15.126 search.yahoo.com.
Hosts: 217.23.15.126 www.search.yahoo.com.
Hosts: 217.23.15.126 uk.search.yahoo.com.
Hosts: 217.23.15.126 ca.search.yahoo.com.
Hosts: 217.23.15.126 de.search.yahoo.com.
Hosts: 217.23.15.126 fr.search.yahoo.com.
Hosts: 217.23.15.126 au.search.yahoo.com.
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Drive CS4
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Linguistics CS4
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Reader X (10.1.0) MUI
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Advanced Audio FX Engine
Bing Bar
Bing Bar Platform
Bing Rewards Client Installer
Connect
D3DX10
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell Getting Started Guide
Dell MusicStage
Dell PhotoStage
Dell Product Registration
Dell Stage
Dell VideoStage
Dell Webcam Central
DirectX 9 Runtime
eBay
IDT Audio
Intel(R) Control Center
Intel(R) Graphics Media Accelerator Driver
Intel(R) Management Engine Components
Intel(R) Rapid Storage Technology
Junk Mail filter update
kuler
Live! Cam Avatar Creator
Malwarebytes' Anti-Malware version 1.51.1.1800
McAfee SecurityCenter
Mesh Runtime
Messenger Companion
Microsoft Default Manager
Microsoft Office 2010
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox 5.0 (x86 en-GB)
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
PDF Settings CS4
Photoshop Camera Raw
PhotoShowExpress
Realtek USB 2.0 Card Reader
Roxio Activation Module
Roxio BackOnTrack
Roxio Burn
Roxio Creator Starter
Roxio Express Labeler 3
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Skype Toolbars
Skype™ 4.2
Sonic CinePlayer Decoder Pack
Sophos Anti-Rootkit 1.3.1
Spybot - Search & Destroy
Suite Shared Configuration CS4
WildTangent Games
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
.
==== Event Viewer Messages From Past Week ========
.
21/07/2011 14:17:40, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
21/07/2011 13:43:03, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
21/07/2011 13:13:33, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
21/07/2011 12:33:29, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service McNaiAnn with arguments "" in order to run the server: {DC7EF8E1-824F-4110-AB43-1604DA9B4F40}
21/07/2011 12:29:38, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\System32\IWMSSvc.dll Error Code: 21
21/07/2011 12:29:37, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
21/07/2011 12:29:37, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
21/07/2011 12:29:34, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
21/07/2011 12:29:27, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache spldr Wanarpv6
21/07/2011 12:29:27, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
21/07/2011 12:05:28, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
21/07/2011 10:07:11, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
21/07/2011 10:07:11, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
21/07/2011 10:06:53, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache mfehidk mfenlfk NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf
21/07/2011 10:06:53, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
21/07/2011 10:06:53, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
21/07/2011 10:06:53, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
21/07/2011 10:06:53, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
21/07/2011 10:06:53, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
21/07/2011 10:06:53, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
21/07/2011 10:06:53, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
21/07/2011 10:06:53, Error: Service Control Manager [7001] - The McShield service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.
21/07/2011 10:06:53, Error: Service Control Manager [7001] - The McAfee Validation Trust Protection Service service depends on the McAfee Inc. mfehidk service which failed to start because of the following error: A device attached to the system is not functioning.
21/07/2011 10:06:53, Error: Service Control Manager [7001] - The McAfee Proxy Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
21/07/2011 10:06:53, Error: Service Control Manager [7001] - The McAfee Personal Firewall Service service depends on the Windows Firewall service which failed to start because of the following error: The dependency service or group failed to start.
21/07/2011 10:06:53, Error: Service Control Manager [7001] - The McAfee Firewall Core Service service depends on the McAfee Validation Trust Protection Service service which failed to start because of the following error: The dependency service or group failed to start.
21/07/2011 10:06:53, Error: Service Control Manager [7001] - The McAfee Anti-Spam Service service depends on the McAfee Firewall Core Service service which failed to start because of the following error: The dependency service or group failed to start.
21/07/2011 10:06:53, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
21/07/2011 10:06:53, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
21/07/2011 10:06:53, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
21/07/2011 07:27:09, Error: Service Control Manager [7023] - The Intel(R) Management & Security Application User Notification Service service terminated with the following error: %%-2147467243
21/07/2011 07:23:57, Error: VDS Basic Provider [1] - Unexpected failure. Error code: D@01010004
21/07/2011 07:21:23, Error: BTHUSB [17] - The local Bluetooth adapter has failed in an undetermined manner and will not be used. The driver has been unloaded.
21/07/2011 07:21:18, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the McNASvc service.
20/07/2011 14:00:21, Error: Service Control Manager [7023] -
19/07/2011 05:15:22, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.
15/07/2011 21:45:31, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1.
.
==== End Of File ===========================


Again, many thanks.
 
Just found Super Anti-Spyware log:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/21/2011 at 02:16 PM

Application Version : 4.55.1000

Core Rules Database Version : 7437
Trace Rules Database Version: 5249

Scan type : Complete Scan
Total Scan Time : 00:34:38

Memory items scanned : 471
Memory threats detected : 0
Registry items scanned : 13793
Registry threats detected : 0
File items scanned : 35747
File threats detected : 167

Adware.Tracking Cookie
C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\jorge@serving-sys[1].txt
C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\jorge@msnportal.112.2o7[1].txt
C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\jorge@realteeniegfs[1].txt
C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\jorge@bs.serving-sys[1].txt
C:\Users\jorge\AppData\Local\Temp\Low\Cookies\jorge@ad.yieldmanager[2].txt
C:\Users\jorge\AppData\Local\Temp\Low\Cookies\jorge@atdmt[2].txt
C:\Users\jorge\AppData\Local\Temp\Low\Cookies\jorge@doubleclick[1].txt
C:\Users\jorge\AppData\Local\Temp\Low\Cookies\jorge@revsci[1].txt
C:\Users\jorge\AppData\Local\Temp\Low\Cookies\jorge@2o7[1].txt
C:\Users\jorge\AppData\Local\Temp\Low\Cookies\jorge@content.yieldmanager[1].txt
cdn1.static1.pornrabbit.com [ C:\Users\jorge\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\BSBH9TX2 ]
pornforsex.com [ C:\Users\jorge\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\BSBH9TX2 ]
porno-teens-free.com [ C:\Users\jorge\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\BSBH9TX2 ]
secure-uk.imrworldwide.com [ C:\Users\jorge\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\BSBH9TX2 ]
secure-us.imrworldwide.com [ C:\Users\jorge\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\BSBH9TX2 ]
serving-sys.com [ C:\Users\jorge\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\BSBH9TX2 ]
vidii.hardsextube.com [ C:\Users\jorge\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\BSBH9TX2 ]
vidii.hardsextube.com.co [ C:\Users\jorge\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\BSBH9TX2 ]
www.pornerbros.com [ C:\Users\jorge\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\BSBH9TX2 ]
www.pornhub.com [ C:\Users\jorge\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\BSBH9TX2 ]
www.porntube.com [ C:\Users\jorge\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\BSBH9TX2 ]
www.russianporntube.com [ C:\Users\jorge\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\BSBH9TX2 ]
wwwstatic.megaporn.com [ C:\Users\jorge\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\BSBH9TX2 ]
C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@streamsex[2].txt
C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@moviepornshop[2].txt
C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@ero-advertising[2].txt
C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@weborama[1].txt
C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@go.trafficshop[2].txt
C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@youramateurporn[1].txt
C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@bridge1.admarketplace[1].txt
C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@imrworldwide[2].txt
C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@www.tubeporndiet[2].txt
C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@tradedoubler[1].txt
C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@teen-porno-videos[1].txt
C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@tmadx[1].txt
C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@advertising[2].txt
C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@pro-market[1].txt
C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@ads.zeusclicks[1].txt
C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@mm.chitika[2].txt
C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@rudefinder[1].txt
C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@ads2.zeusclicks[1].txt
C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@sexogreen[1].txt
C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@www.yoursexmovies[1].txt
C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@bravoteens[1].txt
C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@www.teeniefiles[1].txt
C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@pornhub[2].txt
C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@www.bibporn[2].txt
C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@www.pornhub[1].txt
C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@teeniefiles[1].txt
C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@serving-sys[2].txt
C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@platinum-tube-porn[2].txt
C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@porno-teens-free[1].txt
C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@adbrite[2].txt
C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@www.porntube[3].txt
C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@tubeporndiet[1].txt
C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@tns-counter[1].txt
C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@www.finalteens[2].txt
C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@teensexdream[2].txt
C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@h2porn[2].txt
C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@ads.fling[2].txt
C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@eighteenpix[1].txt
C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@toplist.pornhost[1].txt
C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@www.googleadservices[1].txt
C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@teeniesxxx[2].txt
C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@worldsex[2].txt
C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@jazztelespaa.solution.weborama[2].txt
C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@www.pornorama[2].txt
C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@media6degrees[1].txt
C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@www.teeninmovies[1].txt
C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@teenboat[1].txt
C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@doubleclick[2].txt
C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@teensexmania[1].txt
C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@c.gigcount[1].txt
C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@zedo[2].txt
C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@www.rudefinder[2].txt
C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@sexobr.com[2].txt
C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@ru4[1].txt
C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@hot-sex-tube[1].txt
C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@rts.pgmediaserve[1].txt
C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@hardsextube[2].txt
C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@invitemedia[1].txt
C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@apmebf[2].txt
C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@microsoftsto.112.2o7[1].txt
C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@counter3.sextracker[1].txt
C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@sexy.iwantuonline[1].txt
C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@euroteenmovs[1].txt
C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@www.bravoteens[1].txt
C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@philstraffic[2].txt
C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@adxpansion[1].txt
C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@revsci[1].txt
C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@galleries.teensexmania[1].txt
C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@ad.wsod[2].txt
C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@insightexpressai[1].txt
C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@porntubewatch[2].txt
C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@viewablemedia[1].txt
C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@counter6.sextracker[1].txt
C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@ads.traffikings[1].txt
C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@www.onlyteen****[2].txt
C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@ads.dothads[1].txt
C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@ads.premiumaccounts[2].txt
C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@www.teenboat[2].txt
C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@admarketplace[1].txt
C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@pornsexhotel[1].txt
C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@www.teeniesxxx[2].txt
C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@adform[1].txt
C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@www.sexobr.com[2].txt
C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@www.xxxvideosfinder[1].txt
C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@ads.crakmedia[1].txt
C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@xiti[1].txt
C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@bravoporn[1].txt
C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@rb4.worldsex[1].txt
C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@adserver.adtechus[1].txt
C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@adserver.hardsextube[1].txt
C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@porncare[2].txt
C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@ads.staticyonkis[2].txt
C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@www.teen-porno-videos[2].txt
C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@dev.hardsextube[2].txt
C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@www.pornhost[1].txt
C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@amateurpornoclips[1].txt
C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@specificclick[1].txt
C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@macromedia[2].txt
C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@finalteens[1].txt
C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@tribalfusion[2].txt
C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@www.hardsextube[2].txt
C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@www.streamsex[2].txt
C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@click.iwantuonline[1].txt
C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@megaporn[3].txt
C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@pornforsex[2].txt
C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@adxpose[1].txt
C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@porntube[2].txt
C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@ads.adk2[1].txt
C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@teenmodelsex[1].txt
C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@clickbank[1].txt
C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@www.porntube[1].txt
C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@pornografish[1].txt
C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@www.teensboss[2].txt
C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@microsoftwllivemkt.112.2o7[1].txt
C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@www.bravoteens[3].txt
C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@xxxvintagemiss[1].txt
C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@prisacom.112.2o7[1].txt
C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@track.adform[2].txt
C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@content.yieldmanager[3].txt
C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@supertubeporn[2].txt
C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@atdmt[1].txt
C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@www.porn[2].txt
C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@mediaplex[2].txt
C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@trafficholder[1].txt
C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@www.porntube[2].txt
C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@counter14.sextracker[1].txt
C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@xxxtubexxx[2].txt
C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@niceyoungteens[1].txt
C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@questionmarket[2].txt
C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@sexlog.com[2].txt
C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@newsexbook[1].txt
C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@videooporno[2].txt
C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@www.teenporni[2].txt
C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@teenmodelsex[3].txt
C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@bigentertainmentfinder[1].txt
C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@sextracker[1].txt
C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@media.carpediem[1].txt
C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@richmedia.yahoo[2].txt
C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@allofadult[1].txt
C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@teenshomeclip[1].txt
C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@stats.ilivid[2].txt
C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@content.yieldmanager[1].txt
C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@interclick[1].txt
C:\Users\jorge\AppData\Roaming\Microsoft\Windows\Cookies\Low\jorge@microsoftwlsearchcrm.112.2o7[1].txt
 
Okay then: Main infection is Cleanup Antivirus, a rogue from the same family as Virus Doctor. This rogue is promoted through the use of Trojans and fake online anti-malware scanners. When installed Cleanup Antivirus will be configured to start automatically when you log into Windows. When Cleanup Antivirus is installed it will also create numerous fake malware that will be detected as malware when the program scans your computer.

About the sites visited in SAS: if he is going to the pron sites while I'm trying to clean the system, it will be a waste of time. So let's do this and see if it handled the Tracking Cookie:
Reset Cookies

For Internet Explorer: Internet Options (through Tools or Control Panel) Privacy tab> Advanced button> CHECK 'override automatic Cookie handling'> CHECK 'accept first party Cookies'> CHECK 'Block third party Cookies'> CHECK 'allow per session Cookies'> Apply> OK.

For Firefox: Tools> Options> Privacy> Cookies> CHECK ‘accept Cookies from Sites’> UNCHECK 'accept third party Cookies'> Set Keep until 'they expire'. This will allow you to keep Cookies for registered sites and prevent or remove others. (Note: for Firefox v3.5, after Privacy click on 'use custom settings for History.')

I suggest using the following two add-on for Firefox. They will prevent the Tracking Cookies that come from ads and banners and other sources:
AdBlock Plus
Easy List

For Chrome: Tools> Options> Under The Hood> Privacy Section> CHECK 'Restrict how third party Cookies can be used'> Close.
(First-party and third-party cookies can be set by the website you're visiting and websites that have items embedded in the website you're visiting. But when you next visit the website, only first-party cookie information is sent to the website. Third-party cookie information isn't sent back to the websites that originally set the third-party cookies.)
=====================================
The run HijackThis. Download HijackThis http://download.bleepingcomputer.com/hijackthis/HijackThis.zipand save to your desktop.
  • Extract it to a directory on your hard drive called c:\HijackThis.
  • Then navigate to that directory and double-click on the hijackthis.exe file.
  • When started click on the Scan button and then the Save Log button to create a log of your information.
  • The log file and then the log will open in notepad. Be sure to click on Format> Uncheck Word Wrap when you open Notepad
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log. Save it to the desktop.
--------------------------------
You will see a listing in the 01 Host files.

Reopen HijackThis to 'do system scan only'. Check each of the following:
Hosts: 217.23.15.126 www.google.com.
Hosts: 217.23.15.126 google.com.
Hosts: 217.23.15.126 google.com.au.
Hosts: 217.23.15.126 www.google.com.au.
Hosts: 217.23.15.126 google.be.
Hosts: 217.23.15.126 www.google.be.
Hosts: 217.23.15.126 google.com.br.
Hosts: 217.23.15.126 www.google.com.br.
Hosts: 217.23.15.126 google.ca.
Hosts: 217.23.15.126 www.google.ca.
Hosts: 217.23.15.126 google.ch.
Hosts: 217.23.15.126 www.google.ch.
Hosts: 217.23.15.126 google.de.
Hosts: 217.23.15.126 www.google.de.
Hosts: 217.23.15.126 google.dk.
Hosts: 217.23.15.126 www.google.dk.
Hosts: 217.23.15.126 google.fr.
Hosts: 217.23.15.126 www.google.fr.
Hosts: 217.23.15.126 google.ie.
Hosts: 217.23.15.126 www.google.ie.
Hosts: 217.23.15.126 google.it.
Hosts: 217.23.15.126 www.google.it.
Hosts: 217.23.15.126 google.co.jp.
Hosts: 217.23.15.126 www.google.co.jp.
Hosts: 217.23.15.126 google.nl.
Hosts: 217.23.15.126 www.google.nl.
Hosts: 217.23.15.126 google.no.
Hosts: 217.23.15.126 www.google.no.
Hosts: 217.23.15.126 google.co.nz.
Hosts: 217.23.15.126 www.google.co.nz.
Hosts: 217.23.15.126 google.pl.
Hosts: 217.23.15.126 www.google.pl.
Hosts: 217.23.15.126 google.se.
Hosts: 217.23.15.126 www.google.se.
Hosts: 217.23.15.126 google.co.uk.
Hosts: 217.23.15.126 www.google.co.uk.
Hosts: 217.23.15.126 google.co.za.
Hosts: 217.23.15.126 www.google.co.za.
Hosts: 217.23.15.126 www.google-analytics.com.
Hosts: 217.23.15.126 www.bing.com.
Hosts: 217.23.15.126 search.yahoo.com.
Hosts: 217.23.15.126 www.search.yahoo.com.
Hosts: 217.23.15.126 uk.search.yahoo.com.
Hosts: 217.23.15.126 ca.search.yahoo.com.
Hosts: 217.23.15.126 de.search.yahoo.com.
Hosts: 217.23.15.126 fr.search.yahoo.com.
Hosts: 217.23.15.126 au.search.yahoo.com.


Close all Windows except HijackThis and click on "Fix Checked."
==================================================
Please note: If you have Combofix on the desktop already, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
  • Click START> then RUN
  • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
--------------------------------------
Download Combofix from HERE or HEREhttp://www.forospyware.com/sUBs/ComboFix.exe and save to the desktop
  • Double click combofix.exe & follow the prompts.
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
    whatnext.png
  • .Click on Yes, to continue scanning for malware
  • .If Combofix asks you to update the program, allow
  • .Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • .Close any open browsers.
  • .Double click combofix.exe
    cf-icon.jpg
    & follow the prompts to run.
  • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
Re-enable your Antivirus software.

Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
Note 2: ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
Note 3: Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
Note 4: CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Note 5: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart computer to fix the issue.
=======================================
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESETOnlineScan
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    [o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    [o] Double click on the
    esetSmartInstallDesktopIcon.png
    on your desktop.
  • Check 'Yes I accept terms of use.'
  • Click Start button
  • Accept any security warnings from your browser.
    esetonlinescannersettings_thumb.jpg
  • Uncheck 'Remove found threats'
  • Check 'Scan archives/
  • Leave remaining settings as is.
  • Press the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
  • When the scan completes, press List of found threats
  • Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
  • Push the Back button
  • Push Finish

NOTE: If no malware is found then no log will be produced. Let me know if this is the case.

I'll set up some script to run through Combofix after I get the logs.
 
Hi Bobbye,

Thank you for your help!

I had last Friday off and had left work before you had given your response.

I have come in today and there was no laptop in sight and no one has come in all day looking for it so I can only guess that the student has taken their laptop.

Not sure if the problem got resolved by out of hours support but there isn't a lot more I can do without the laptop!

Thanks again for you help and if it's OK I might be coming back if I have other Virus's/Malware that I cannot get rid of!

Cheers,

Doug
 
Thanks for the update. Your student isn't going to get very far with that hijack on the system.
 
Status
Not open for further replies.
Back