TechSpot

Internet redirecting to unknown sites

By dalego
Jan 18, 2012
  1. Hi there,

    Whilst using Google Chrome, I can access internet sites that are saved in 'my favourites', however, when i am typing in a new web page it automatically redirects to an advertisment page called get-answers-fast.com. Please could you help remove this redirect. Thanking you in advance.

    regards,
     
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Dale, I helped you with a redirect 2 weeks ago. Since you've been through this before, you should know to follow this: (It doesn't matter if it's the same computer or different- we still start out the same way.

    Note on the Malwarebytes download link: They have put a box on the download site offering a trial instead of just this free scan. Please click on Decline when you see that and go on with the scan when the box closes.

    If you would like us to check the system for malware, please follow these steps: Preliminary Virus and Malware Removal.

    NOTE: If you already have any of the scanning programs on the computer, please remove them and download the versions in these links.

    When you have finished, leave the logs for review in your next reply .
    NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.
    ===================================
    My Guidelines: please read and follow:
    • Be patient. Malware cleaning takes time and I am also working with other members while I am helping you.
    • Read my instructions carefully. If you don't understand or have a problem, ask me.
    • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
    • Follow the order of the tasks I give you. Order is crucial in cleaning process.
    • File sharing programs should be uninstalled or disabled during the cleaning process..
    • Observe these:
      [o] Don't use any other cleaning programs or scans while I'm helping you.
      [o] Don't use a Registry cleaner or make any changes in the Registry.
      [o] Don't download and install new programs- except those I give you.
    • Please let me know if there is any change in the system.
    If I don't get a reply from you in 5 days, the thread will be closed. If your problem persist, you can send a PM to reopen it.
    =====================================
     
  3. dalego

    dalego TS Rookie Topic Starter Posts: 33

    Malwarebytes Anti-Malware 1.60.0.1800
    www.malwarebytes.org

    Database version: v2012.01.22.03

    Windows 7 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Anthony :: ANTHONY-VAIO [administrator]

    22/01/2012 19:17:21
    mbam-log-2012-01-22 (19-17-21).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 190054
    Time elapsed: 6 minute(s), 20 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 1
    HKCR\.exe| (PUM.HijackExefiles) -> Bad: (iw) Good: (exefile) -> Quarantined and repaired successfully.

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
     
  4. dalego

    dalego TS Rookie Topic Starter Posts: 33

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2012-01-22 20:27:17
    Windows 6.1.7600
    Running: z375pmim.exe


    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0024337512d0
    Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00264341a570
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0024337512d0 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00264341a570 (not active ControlSet)

    ---- Files - GMER 1.0.15 ----

    File C:\## aswSnx private storage 0 bytes
    File C:\## aswSnx private storage\snx_rhive 262144 bytes
    File C:\## aswSnx private storage\snx_rhive.LOG1 74752 bytes
    File C:\## aswSnx private storage\snx_rhive.LOG2 0 bytes
    File C:\## aswSnx private storage\snx_rhive{50dba287-19f3-11e1-8a76-00264341a570}.TM.blf 65536 bytes
    File C:\## aswSnx private storage\snx_rhive{50dba287-19f3-11e1-8a76-00264341a570}.TMContainer00000000000000000001.regtrans-ms 524288 bytes
    File C:\## aswSnx private storage\snx_rhive{50dba287-19f3-11e1-8a76-00264341a570}.TMContainer00000000000000000002.regtrans-ms 524288 bytes
    File C:\## aswSnx private storage\webStorage 0 bytes
    File C:\## aswSnx private storage\webStorage\attrib 0 bytes
    File C:\## aswSnx private storage\webStorage\image 0 bytes
    File C:\## aswSnx private storage\webStorage\image\Windows 0 bytes
    File C:\## aswSnx private storage\webStorage\image\Windows\Prefetch 0 bytes
    File C:\## aswSnx private storage\webStorage\image\Windows\Prefetch\CONHOST.EXE-0C6456FB.pf 16100 bytes
    File C:\## aswSnx private storage\webStorage\image\Windows\Prefetch\PEV.3XE-BBB04023.pf 16326 bytes
    File C:\## aswSnx private storage\webStorage\snx_fs.dat 602 bytes
    File C:\Windows\temp\_avast_\unp101268529.tmp 0 bytes

    ---- EOF - GMER 1.0.15 ----
     
  5. dalego

    dalego TS Rookie Topic Starter Posts: 33

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421
    Run by Anthony at 20:29:48 on 2012-01-22
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.3935.2163 [GMT 0:00]
    .
    AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    svchost.exe
    svchost.exe
    svchost.exe
    svchost.exe
    svchost.exe
    svchost.exe
    svchost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Apoint\Apoint.exe
    C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Windows\WindowsMobile\wmdc.exe
    C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
    C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    C:\Program Files (x86)\uTorrent\uTorrent.exe
    C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
    C:\Program Files (x86)\Sony\Marketing Tools\MarketingTools.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Windows\system32\taskhost.exe
    svchost.exe
    svchost.exe
    svchost.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe
    svchost.exe
    C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
    svchost.exe
    svchost.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
    C:\Program Files\Apoint\ApMsgFwd.exe
    C:\Program Files\Apoint\Apntex.exe
    C:\Program Files\Apoint\Apvfb.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    svchost.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\REGSVR32.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.co.uk/
    uInternet Settings,ProxyOverride = *.local
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
    uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
    uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
    uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
    mRun: [MarketingTools] C:\Program Files (x86)\Sony\Marketing Tools\MarketingTools.exe
    mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
    uPolicies-explorer: RestrictRun = 0 (0x0)
    mPolicies-explorer: RestrictRun = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
    IE: Free YouTube to MP3 Converter - C:\Users\Anthony\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
    IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
    IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
    IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{0D65A3FC-58BD-4E8E-AE0A-A127594F9639} : NameServer = 192.168.0.1
    TCP: Interfaces\{0D65A3FC-58BD-4E8E-AE0A-A127594F9639} : DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{0D65A3FC-58BD-4E8E-AE0A-A127594F9639}\051425B484F44554C4 : NameServer = 192.168.0.1
    TCP: Interfaces\{0D65A3FC-58BD-4E8E-AE0A-A127594F9639}\051425B484F44554C4 : DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{0D65A3FC-58BD-4E8E-AE0A-A127594F9639}\244564F4E4 : NameServer = 192.168.0.1
    TCP: Interfaces\{0D65A3FC-58BD-4E8E-AE0A-A127594F9639}\244564F4E4 : DhcpNameServer = 192.168.22.22 192.168.22.23
    TCP: Interfaces\{0D65A3FC-58BD-4E8E-AE0A-A127594F9639}\35B4950313338393 : NameServer = 192.168.0.1
    TCP: Interfaces\{0D65A3FC-58BD-4E8E-AE0A-A127594F9639}\35B4950313338393 : DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{0D65A3FC-58BD-4E8E-AE0A-A127594F9639}\4514C4B44514C4B4D2735423030364 : NameServer = 192.168.0.1
    TCP: Interfaces\{0D65A3FC-58BD-4E8E-AE0A-A127594F9639}\4514C4B44514C4B4D2735423030364 : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{0D65A3FC-58BD-4E8E-AE0A-A127594F9639}\46C696E6B6 : NameServer = 192.168.0.1
    TCP: Interfaces\{0D65A3FC-58BD-4E8E-AE0A-A127594F9639}\46C696E6B6 : DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{AACBF180-8AE6-44BB-BAFF-02CC6CABAB17} : DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{FA755E85-4291-4A98-8B88-F8E2972AA7F6} : DhcpNameServer = 192.168.0.1
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Notify: VESWinlogon - VESWinlogon.dll
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    BHO-X64: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO-X64: SkypeIEPluginBHO - No File
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [ISBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
    mRun-x64: [MarketingTools] C:\Program Files (x86)\Sony\Marketing Tools\MarketingTools.exe
    mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun-x64: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
    IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\6rdh5gm3.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/firefox
    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Veetle\Player\npvlc.dll
    FF - plugin: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
    FF - plugin: C:\Users\Anthony\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
    FF - plugin: C:\Users\Anthony\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
    R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
    R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
    R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
    R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
    R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-12-7 44768]
    R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2009-8-17 189984]
    R2 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2009-12-10 104960]
    R2 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2009-12-10 411496]
    R2 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2009-7-22 642920]
    R2 VSNService;VSNService;C:\Program Files\Sony\VAIO Smart Network\VSNService.exe [2009-12-10 522240]
    R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys --> C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys [?]
    R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
    R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?]
    R3 SFEP;Sony Firmware Extension Parser;C:\Windows\system32\DRIVERS\SFEP.sys --> C:\Windows\system32\DRIVERS\SFEP.sys [?]
    R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-12-10 133104]
    S2 HsfXAudioService;HsfXAudioService;C:\Windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]
    S2 Roxio Upnp Server 10;Roxio Upnp Server 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-6-26 362992]
    S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-12-10 133104]
    S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;C:\Windows\system32\drivers\IntcHdmi.sys --> C:\Windows\system32\drivers\IntcHdmi.sys [?]
    S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-6-26 313840]
    S3 SOHCImp;VAIO Media plus Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2009-12-10 120104]
    S3 SOHDBSvr;VAIO Media plus Database Manager;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [2009-12-10 70952]
    S3 SOHDms;VAIO Media plus Digital Media Server;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2009-12-10 427304]
    S3 SOHDs;VAIO Media plus Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2009-12-10 75048]
    S3 SOHPlMgr;VAIO Media plus Playlist Manager;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [2009-12-10 91432]
    S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?]
    S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?]
    S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
    S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2009-12-10 468264]
    S3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2009-12-10 357672]
    S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2009-12-10 110888]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    .
    =============== Created Last 30 ================
    .
    2012-01-22 13:55:28 8602168 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{FEE05607-22CE-48B4-9F78-55D3FD35C430}\mpengine.dll
    2012-01-17 19:50:17 -------- d-----w- C:\Users\Anthony\AppData\Roaming\Raa
    2012-01-15 21:00:42 1328640 ----a-w- C:\Windows\SysWow64\quartz.dll
    2012-01-15 21:00:41 1572864 ----a-w- C:\Windows\System32\quartz.dll
    2012-01-15 21:00:40 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll
    2012-01-15 21:00:40 366592 ----a-w- C:\Windows\System32\qdvd.dll
    2012-01-15 21:00:36 1739160 ----a-w- C:\Windows\System32\ntdll.dll
    2012-01-15 21:00:35 1292592 ----a-w- C:\Windows\SysWow64\ntdll.dll
    2012-01-15 21:00:29 77312 ----a-w- C:\Windows\System32\packager.dll
    2012-01-15 21:00:29 67072 ----a-w- C:\Windows\SysWow64\packager.dll
    2012-01-07 21:26:00 -------- d-s---w- C:\ComboFix
    2011-12-31 11:35:01 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2011-12-31 11:35:01 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2011-12-31 11:35:00 174392 ----a-w- C:\Program Files\Internet Explorer\sqmapi.dll
    2011-12-31 11:35:00 141112 ----a-w- C:\Program Files (x86)\Internet Explorer\sqmapi.dll
    2011-12-30 17:26:29 43520 ----a-w- C:\Windows\System32\csrsrv.dll
    2011-12-30 17:26:22 3141632 ----a-w- C:\Windows\System32\win32k.sys
    2011-12-30 17:26:17 723456 ----a-w- C:\Windows\System32\EncDec.dll
    2011-12-30 17:26:17 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
    2011-12-30 17:25:51 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2011-12-30 17:25:51 2048 ----a-w- C:\Windows\System32\tzres.dll
    .
    ==================== Find3M ====================
    .
    2011-11-28 19:04:55 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-11-28 18:01:25 41184 ----a-w- C:\Windows\avastSS.scr
    2011-11-28 17:54:06 591192 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
    2011-11-28 17:52:11 66904 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
    2011-11-22 23:37:59 76800 ----a-w- C:\Windows\System32\tdc.ocx
    2011-11-22 23:37:59 48640 ----a-w- C:\Windows\System32\mshtmler.dll
    2011-11-22 23:37:59 111616 ----a-w- C:\Windows\System32\iesysprep.dll
    2011-11-22 23:37:58 448512 ----a-w- C:\Windows\System32\html.iec
    2011-11-22 23:37:57 85504 ----a-w- C:\Windows\System32\iesetup.dll
    2011-11-22 23:37:56 30720 ----a-w- C:\Windows\System32\licmgr10.dll
    2011-11-22 23:37:56 165888 ----a-w- C:\Windows\System32\iexpress.exe
    2011-11-22 23:37:56 160256 ----a-w- C:\Windows\System32\wextract.exe
    2011-11-22 23:37:55 603648 ----a-w- C:\Windows\System32\vbscript.dll
    2011-11-15 14:29:56 270720 ------w- C:\Windows\System32\MpSigStub.exe
    2011-11-04 01:53:39 2309120 ----a-w- C:\Windows\System32\jscript9.dll
    2011-11-04 01:44:47 1390080 ----a-w- C:\Windows\System32\wininet.dll
    2011-11-04 01:44:21 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
    2011-11-03 22:47:42 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2011-11-03 22:40:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2011-11-03 22:39:47 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
    .
    ============= FINISH: 20:42:26.89 ===============
     
  6. dalego

    dalego TS Rookie Topic Starter Posts: 33

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 03/01/2010 11:27:16
    System Uptime: 22/01/2012 18:41:41 (2 hours ago)
    .
    Motherboard: Sony Corporation | | VAIO
    Processor: Pentium(R) Dual-Core CPU T4300 @ 2.10GHz | N/A | 2100/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 289 GiB total, 196.202 GiB free.
    E: is Removable
    F: is Removable
    G: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP143: 07/01/2012 21:27:05 - Restore Point
    RP144: 15/01/2012 20:55:58 - Windows Update
    RP145: 15/01/2012 22:34:09 - Windows Update
    RP146: 16/01/2012 18:30:15 - Windows Update
    RP147: 17/01/2012 16:48:11 - Windows Update
    RP148: 22/01/2012 13:54:46 - Windows Update
    .
    ==== Installed Programs ======================
    .
    .
    Update for Microsoft Office 2007 (KB2508958)
    Adobe AIR
    Adobe Flash Player 10 Plugin
    Adobe Reader X
    Apple Application Support
    Apple Software Update
    ArcSoft Magic-i Visual Effects 2
    ArcSoft WebCam Companion 3
    µTorrent
    avast! Free Antivirus
    Click to Disc
    Click to Disc Editor
    Compatibility Pack for the 2007 Office system
    Facebook Plug-In
    Free Audio CD Burner version 1.4.7
    Free YouTube to MP3 Converter version 3.9.35.324
    Google Chrome
    Google Toolbar for Internet Explorer
    Google Update Helper
    HiJackThis
    Java Auto Updater
    Java(TM) 6 Update 29
    Malwarebytes Anti-Malware version 1.60.0.1800
    Microsoft Choice Guard
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office File Validation Add-In
    Microsoft Office Home and Student 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Suite Activation Assistant
    Microsoft Office Word MUI (English) 2007
    Microsoft SQL Server Compact 3.5 SP1 English
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
    Microsoft Works
    Mozilla Firefox 8.0.1 (x86 en-GB)
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Music Transfer
    MusicStation
    Norton Online Backup
    Primo
    QuickTime
    Realtek High Definition Audio Driver
    Roxio Central Audio
    Roxio Central Copy
    Roxio Central Core
    Roxio Central Data
    Roxio Central Tools
    Roxio Easy Media Creator 10 LJ
    Roxio Easy Media Creator Home
    Runtime
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB2553089)
    Security Update for 2007 Microsoft Office System (KB2553090)
    Security Update for 2007 Microsoft Office System (KB2584063)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
    Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Setting Utility Series
    Skype Click to Call
    Skype™ 5.5
    Sony Home Network Library
    Sony Picture Utility
    SopCast 3.2.4
    Uninstall 1.0.0.1
    Unity Web Player
    Update for 2007 Microsoft Office System (KB2284654)
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition
    Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition
    Update for Microsoft Office 2007 System (KB2539530)
    Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    VAIO Content Metadata Intelligent Analyzing Manager
    VAIO Content Metadata Intelligent Network Service Manager
    VAIO Content Metadata Manager Settings
    VAIO Content Metadata XML Interface Library
    VAIO Content Monitoring Settings
    VAIO Control Center
    VAIO Data Restore Tool
    VAIO DVD Menu Data Basic
    VAIO Entertainment Platform
    VAIO Event Service
    VAIO Gate
    VAIO Marketing Tools
    VAIO Media plus
    VAIO Media plus Opening Movie
    VAIO Movie Story
    VAIO Movie Story Template Data
    VAIO NW screensaver
    VAIO Original Function Settings
    VAIO Power Management
    VAIO Premium Partners 1.00
    VAIO Presentation Support
    VAIO Quick Web Access
    VAIO Smart Network
    VAIO Transfer Support
    VAIO Update 4
    VAIO Wallpaper Contents
    Veetle TV 0.9.18
    Visual Studio 2008 x64 Redistributables
    VoiceOver Kit
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Messenger
    Windows Live Sign-in Assistant
    Windows Live Upload Tool
    .
    ==== Event Viewer Messages From Past Week ========
    .
    22/01/2012 19:13:38, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Roxio Upnp Server 10 service to connect.
    22/01/2012 19:13:36, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the HsfXAudioService service to connect.
    22/01/2012 19:13:36, Error: Service Control Manager [7000] - The HsfXAudioService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    .
    ==== End Of File ===========================
     
  7. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Logs are looking pretty good. I'd like you to go ahead with the following:

    1. Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    --------------------------------------
    Expect these- they are normal:
    1. If asked to install or or update the Recovery Console, allow. (you will need internet connection for this)
    2. Before you run the Combofix scan, please disable any security software you have running.
    3. Combofix may need to reboot your computer more than once to do its job this is normal.

    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe [​IMG]& follow the prompts.
    • If prompted for Recovery Console, please allow.
    • Once installed, you should see a blue screen prompt that says:
      • The Recovery Console was successfully installed.[/b]
      • Note: If Combofix was downloaded to a flash drive, the Recovery Console will not install- just bypass and go on.[/b]
      • Note: No query will be made if the Recovery Console is already on the system.
    • .Close/disable all anti virus and anti malware programs
      (If you need help with this, please see HERE)
    • .Close any open browsers.
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.
    Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    Note 2:If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart the computer.
    Note 3:CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    ==============================================
    2. Download Security Check by screen317 and save to the desktop
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt please
    • Post the contents of that document.
    =========================================
    3. Download CKScanner and save to your desktop.
    • Doubleclick CKScanner.exe and click Search For Files.
    • When the cursor hourglass disappears, click Save List To File.
    • A message box will verify that the file is saved.
    • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.
    =====================================
    4.To run the Eset Online Virus Scan:
    If you use Internet Explorer:
    1. Open the ESETOnlineScan
    2. Skip to #4 to "Continue with the directions"

      If you are using a browser other than Internet Explorer
    3. Open Eset Smart Installer
      [o] Click on the esetsmartinstaller_enu.exelink and save to the desktop.
      [o] Double click on the desktop icon to run.
      [o] After successful installation of the ESET Smart Installer, the ESET Online Scanner will be launched in a new Window
    4. Continue with the directions.
    5. Check 'Yes I accept terms of use.'
    6. Click Start button
    7. Accept any security warnings from your browser.
      [​IMG]
    8. Uncheck 'Remove found threats'
    9. Check 'Scan archives/
    10. Leave remaining settings as is.
    11. Press the Start button.
    12. ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
    13. When the scan completes, press List of found threats
    14. Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
    15. Push the Back button, then Finish
    NOTE: If no malware is found then no log will be produced. Let me know if this is the case.

    All logs in next reply please.
     
  8. dalego

    dalego TS Rookie Topic Starter Posts: 33

    ComboFix 12-01-23.02 - Anthony 24/01/2012 19:23:43.3.2 - x64
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.3935.2256 [GMT 0:00]
    Running from: c:\users\Anthony\Downloads\ComboFix.exe
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\system32\java.exe
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-12-24 to 2012-01-24 )))))))))))))))))))))))))))))))
    .
    .
    2012-01-24 19:56 . 2012-01-24 19:56 -------- d-----w- c:\users\Public\AppData\Local\temp
    2012-01-24 19:56 . 2012-01-24 19:56 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-01-24 19:03 . 2012-01-24 19:03 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C44BA394-4C61-4B53-82F0-205B11AC0AF3}\offreg.dll
    2012-01-24 16:29 . 2012-01-06 05:15 8602168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C44BA394-4C61-4B53-82F0-205B11AC0AF3}\mpengine.dll
    2012-01-17 19:50 . 2012-01-17 19:50 -------- d-----w- c:\users\Anthony\AppData\Roaming\Raa
    2012-01-15 21:00 . 2011-10-26 04:28 1328640 ----a-w- c:\windows\SysWow64\quartz.dll
    2012-01-15 21:00 . 2011-10-26 05:22 1572864 ----a-w- c:\windows\system32\quartz.dll
    2012-01-15 21:00 . 2011-10-26 05:22 366592 ----a-w- c:\windows\system32\qdvd.dll
    2012-01-15 21:00 . 2011-10-26 04:28 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
    2012-01-15 21:00 . 2011-11-17 07:14 1739160 ----a-w- c:\windows\system32\ntdll.dll
    2012-01-15 21:00 . 2011-11-17 05:41 1292592 ----a-w- c:\windows\SysWow64\ntdll.dll
    2012-01-15 21:00 . 2011-11-19 15:07 77312 ----a-w- c:\windows\system32\packager.dll
    2012-01-15 21:00 . 2011-11-19 14:06 67072 ----a-w- c:\windows\SysWow64\packager.dll
    2011-12-31 11:35 . 2011-11-04 01:34 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2011-12-31 11:35 . 2011-11-03 22:31 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
    2011-12-31 11:35 . 2011-11-04 02:44 174392 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
    2011-12-31 11:35 . 2011-11-03 23:16 141112 ----a-w- c:\program files (x86)\Internet Explorer\sqmapi.dll
    2011-12-30 17:26 . 2011-10-26 05:19 43520 ----a-w- c:\windows\system32\csrsrv.dll
    2011-12-30 17:26 . 2011-11-24 05:00 3141632 ----a-w- c:\windows\system32\win32k.sys
    2011-12-30 17:26 . 2011-10-15 06:25 723456 ----a-w- c:\windows\system32\EncDec.dll
    2011-12-30 17:26 . 2011-10-15 05:48 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
    2011-12-30 17:25 . 2011-11-05 05:17 2048 ----a-w- c:\windows\system32\tzres.dll
    2011-12-30 17:25 . 2011-11-05 04:30 2048 ----a-w- c:\windows\SysWow64\tzres.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-11-28 19:04 . 2011-10-08 15:38 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-11-28 18:01 . 2011-11-28 18:56 256960 ----a-w- c:\windows\system32\aswBoot.exe
    2011-11-23 17:10 . 2011-11-23 17:10 388096 ----a-r- c:\users\Anthony\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    2011-11-22 23:38 . 2011-11-22 23:38 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
    2011-11-22 23:38 . 2011-11-22 23:38 161792 ----a-w- c:\windows\SysWow64\msls31.dll
    2011-11-22 23:38 . 2011-11-22 23:38 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
    2011-11-22 23:38 . 2011-11-22 23:38 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
    2011-11-22 23:38 . 2011-11-22 23:38 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
    2011-11-22 23:38 . 2011-11-22 23:38 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
    2011-11-22 23:38 . 2011-11-22 23:38 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
    2011-11-22 23:38 . 2011-11-22 23:38 367104 ----a-w- c:\windows\SysWow64\html.iec
    2011-11-22 23:38 . 2011-11-22 23:38 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
    2011-11-22 23:38 . 2011-11-22 23:38 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
    2011-11-22 23:38 . 2011-11-22 23:38 152064 ----a-w- c:\windows\SysWow64\wextract.exe
    2011-11-22 23:38 . 2011-11-22 23:38 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
    2011-11-22 23:38 . 2011-11-22 23:38 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
    2011-11-22 23:38 . 2011-11-22 23:38 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
    2011-11-22 23:38 . 2011-11-22 23:38 11776 ----a-w- c:\windows\SysWow64\mshta.exe
    2011-11-22 23:38 . 2011-11-22 23:38 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
    2011-11-22 23:38 . 2011-11-22 23:38 101888 ----a-w- c:\windows\SysWow64\admparse.dll
    2011-11-22 23:38 . 2011-11-22 23:38 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
    2011-11-22 23:38 . 2011-11-22 23:38 222208 ----a-w- c:\windows\system32\msls31.dll
    2011-11-22 23:38 . 2011-11-22 23:38 173056 ----a-w- c:\windows\system32\ieUnatt.exe
    2011-11-22 23:38 . 2011-11-22 23:38 12288 ----a-w- c:\windows\system32\mshta.exe
    2011-11-22 23:38 . 2011-11-22 23:38 114176 ----a-w- c:\windows\system32\admparse.dll
    2011-11-22 23:38 . 2011-11-22 23:38 49664 ----a-w- c:\windows\system32\imgutil.dll
    2011-11-22 23:38 . 2011-11-22 23:38 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
    2011-11-22 23:38 . 2011-11-22 23:38 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
    2011-11-22 23:37 . 2011-11-22 23:37 76800 ----a-w- c:\windows\system32\tdc.ocx
    2011-11-22 23:37 . 2011-11-22 23:37 48640 ----a-w- c:\windows\system32\mshtmler.dll
    2011-11-22 23:37 . 2011-11-22 23:37 111616 ----a-w- c:\windows\system32\iesysprep.dll
    2011-11-22 23:37 . 2011-11-22 23:37 448512 ----a-w- c:\windows\system32\html.iec
    2011-11-22 23:37 . 2011-11-22 23:37 85504 ----a-w- c:\windows\system32\iesetup.dll
    2011-11-22 23:37 . 2011-11-22 23:37 30720 ----a-w- c:\windows\system32\licmgr10.dll
    2011-11-22 23:37 . 2011-11-22 23:37 165888 ----a-w- c:\windows\system32\iexpress.exe
    2011-11-22 23:37 . 2011-11-22 23:37 160256 ----a-w- c:\windows\system32\wextract.exe
    2011-11-22 23:37 . 2011-11-22 23:37 603648 ----a-w- c:\windows\system32\vbscript.dll
    2011-11-15 14:29 . 2011-11-22 17:59 270720 ------w- c:\windows\system32\MpSigStub.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2011-10-06 59240]
    "ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2011-09-29 59240]
    "uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2011-12-23 735608]
    "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-12-10 39408]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    "ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2009-05-26 317288]
    "MarketingTools"="c:\program files (x86)\Sony\Marketing Tools\MarketingTools.exe" [2009-12-10 26624]
    "AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-10-09 421736]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-2 1079584]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
    2009-07-01 19:49 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
    .
    S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [x]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-01-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-10 03:34]
    .
    2012-01-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-10 03:34]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-05 165912]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-05 387608]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-05 365592]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-07-24 7938080]
    "Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-07-24 1833504]
    "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-17 171520]
    "Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.co.uk/
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
    IE: Free YouTube to MP3 Converter - c:\users\Anthony\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
    IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
    IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
    IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    TCP: DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{0D65A3FC-58BD-4E8E-AE0A-A127594F9639}: NameServer = 192.168.0.1
    TCP: Interfaces\{0D65A3FC-58BD-4E8E-AE0A-A127594F9639}\051425B484F44554C4: NameServer = 192.168.0.1
    TCP: Interfaces\{0D65A3FC-58BD-4E8E-AE0A-A127594F9639}\244564F4E4: NameServer = 192.168.0.1
    TCP: Interfaces\{0D65A3FC-58BD-4E8E-AE0A-A127594F9639}\35B4950313338393: NameServer = 192.168.0.1
    TCP: Interfaces\{0D65A3FC-58BD-4E8E-AE0A-A127594F9639}\4514C4B44514C4B4D2735423030364: NameServer = 192.168.0.1
    TCP: Interfaces\{0D65A3FC-58BD-4E8E-AE0A-A127594F9639}\46C696E6B6: NameServer = 192.168.0.1
    FF - ProfilePath - c:\users\Anthony\AppData\Roaming\Mozilla\Firefox\Profiles\6rdh5gm3.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/firefox
    .
    - - - - ORPHANS REMOVED - - - -
    .
    ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
    ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
    ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
    ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
    HKLM-Run-Apoint - c:\program files (x86)\Apoint\Apoint.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
    "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2012-01-24 20:16:13
    ComboFix-quarantined-files.txt 2012-01-24 20:16
    ComboFix2.txt 2011-12-06 22:29
    .
    Pre-Run: 213,127,569,408 bytes free
    Post-Run: 213,632,753,664 bytes free
    .
    - - End Of File - - A2F40F529FECB1D9A0634B584E16DAAA
     
  9. dalego

    dalego TS Rookie Topic Starter Posts: 33

    Results of screen317's Security Check version 0.99.30
    Windows 7 x64 (UAC is enabled)
    Internet Explorer 9
    ``````````````````````````````
    Antivirus/Firewall Check:

    Windows Firewall Enabled!
    WMI entry may not exist for antivirus; attempting automatic update.
    ```````````````````````````````
    Anti-malware/Other Utilities Check:

    Java(TM) 6 Update 29
    Java version out of date!
    Adobe Flash Player 10.0.12.36 Flash Player out of Date!
    Mozilla Firefox 8.0.1 Firefox out of Date!
    ````````````````````````````````
    Process Check:
    objlist.exe by Laurent

    ``````````End of Log````````````
     
  10. dalego

    dalego TS Rookie Topic Starter Posts: 33

    CKScanner - Additional Security Risks - These are not necessarily bad
    scanner sequence 3.RP.11.OQDDVU
    ----- EOF -----
     
  11. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

  12. dalego

    dalego TS Rookie Topic Starter Posts: 33

    C:\ProgramData\nlsRes.exe a variant of Win32/Kryptik.ZLB trojan
    C:\Users\All Users\nlsRes.exe a variant of Win32/Kryptik.ZLB trojan
    C:\Users\Anthony\AppData\Local\dplaysvr.exe a variant of Win32/Kryptik.ZLB trojan
    C:\Users\Anthony\AppData\Local\dplayx.dll a variant of Win32/Kryptik.ZLB trojan
    C:\Users\Anthony\AppData\Local\Temp\jar_cache3367578882701998115.tmp a variant of Java/TrojanDownloader.OpenStream.NBX trojan
    C:\Users\Anthony\AppData\Local\Temp\jgfhtdt.exe a variant of Win32/Kryptik.ZLB trojan
    C:\Users\Anthony\AppData\Local\Temp\mbmbnbqp.exe a variant of Win32/Kryptik.ZML trojan
    C:\Users\Anthony\AppData\Local\Temp\msimg32.dll a variant of Win32/Kryptik.ZKW trojan
    C:\Users\Anthony\AppData\Local\Temp\UIdxp.exe a variant of Win32/Kryptik.ZLB trojan
    C:\Users\Anthony\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\40680856-18d73ff1 a variant of Java/Exploit.CVE-2011-3544.N trojan
    C:\Users\Anthony\AppData\Roaming\getRes.exe a variant of Win32/Kryptik.ZLB trojan
    C:\Users\Anthony\AppData\Roaming\Miheda\exvexi.exe a variant of Win32/Kryptik.ZMG trojan
    Operating memory multiple threats
     
  13. dalego

    dalego TS Rookie Topic Starter Posts: 33

    Bobbye,

    I am on vacation as from Sunday 29th Jan until Sunday 5th February. Please do not close the post. I will respond to your next query next Sunday when I am back.

    Thankyou.
     
  14. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Okay, thanks for letting me know. If you happen to take a peek, or as soon as you get back, please run the following for the Eset entries:

    Please download OTMovit by Old Timer and save to your desktop.
    • Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
    • Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
      Code:
      :Files 
      C:\ProgramData\nlsRes.exe 
      C:\Users\All Users\nlsRes.exe 
      C:\Users\Anthony\AppData\Local\dplaysvr.exe 
      C:\Users\Anthony\AppData\Local\dplayx.dll 
      C:\Users\Anthony\AppData\Local\Temp\jar_cache3367578882701998115.tmp 
      C:\Users\Anthony\AppData\Local\Temp\jgfhtdt.exe 
      C:\Users\Anthony\AppData\Local\Temp\mbmbnbqp.exe 
      C:\Users\Anthony\AppData\Local\Temp\msimg32.dll 
      C:\Users\Anthony\AppData\Local\Temp\UIdxp.exe 
      C:\Users\Anthony\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\40680856-18d73ff1 
      C:\Users\Anthony\AppData\Roaming\getRes.exe 
      C:\Users\Anthony\AppData\Roaming\Miheda\exvexi.exe 
      :Commands
      [purity]
      [emptytemp]
      [start explorer]
      [Reboot]
    • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window and choose Paste.
    • Click the red Moveit! button.
    • A log of files and folders moved will be created in the c:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
    • Close OTMoveIt3
    If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.
    ====================================
    Looks like I missed Avast on the system- sorry about that!
    ====================================
    This has another update:
    Please update Java: Java Updates . Uninstall any earlier versions in Add/Remove Programs as they are vulnerabilities for the system.

    Be sure to check all download screens for any pre-check toolbars or BHO> if found, remove the check before the download.
    ====================================
    Please run this Custom CFScript:

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad> click on Format> Uncheck 'Word Wrap> and copy/paste the text in the code below into it:
    Code:
    File::
    c:\users\Anthony\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
    Folder::
    c:\users\Anthony\AppData\Roaming\Raa
    Registry::
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "uTorrent"=-
    RegLock::
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
    DDS::
    uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    Clearjavacache::
    
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste into to your next reply.
    ====================
    The script removed entry for HighjackThis. You can uninstall what you have now and if we run it later, I will have you set up the directory or it first, then download again.
    ===================
    These are based on the current logs. Please let me know if the redirect has been resolved and/or if there are any other malware related problems.
     
  15. dalego

    dalego TS Rookie Topic Starter Posts: 33

    All processes killed
    ========== FILES ==========
    C:\ProgramData\nlsRes.exe moved successfully.
    File/Folder C:\Users\All Users\nlsRes.exe not found.
    C:\Users\Anthony\AppData\Local\dplaysvr.exe moved successfully.
    DllUnregisterServer procedure not found in C:\Users\Anthony\AppData\Local\dplayx.dll
    C:\Users\Anthony\AppData\Local\dplayx.dll moved successfully.
    C:\Users\Anthony\AppData\Local\Temp\jar_cache3367578882701998115.tmp moved successfully.
    C:\Users\Anthony\AppData\Local\Temp\jgfhtdt.exe moved successfully.
    C:\Users\Anthony\AppData\Local\Temp\mbmbnbqp.exe moved successfully.
    File/Folder C:\Users\Anthony\AppData\Local\Temp\msimg32.dll not found.
    C:\Users\Anthony\AppData\Local\Temp\UIdxp.exe moved successfully.
    C:\Users\Anthony\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22\40680856-18d73ff1 moved successfully.
    C:\Users\Anthony\AppData\Roaming\getRes.exe moved successfully.
    C:\Users\Anthony\AppData\Roaming\Miheda\exvexi.exe moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Anthony
    ->Temp folder emptied: 4664347 bytes
    ->Temporary Internet Files folder emptied: 125074658 bytes
    ->Java cache emptied: 6559 bytes
    ->FireFox cache emptied: 202161818 bytes
    ->Google Chrome cache emptied: 391489781 bytes
    ->Apple Safari cache emptied: 4797440 bytes
    ->Flash cache emptied: 8210459 bytes

    User: Default
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 67 bytes
    ->Flash cache emptied: 56502 bytes

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes
    ->Flash cache emptied: 0 bytes

    User: Public
    ->Temp folder emptied: 0 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32 (64bit) .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 795608 bytes
    %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33974 bytes
    RecycleBin emptied: 2278059300 bytes

    Total Files Cleaned = 2,876.00 mb


    OTM by OldTimer - Version 3.1.19.0 log created on 02062012_092353

    Files moved on Reboot...
    File C:\Users\Anthony\AppData\Local\Temp\etilqs_DHeguEfJUPuNInz not found!
    File C:\Users\Anthony\AppData\Local\Temp\etilqs_gcV3YSChq3qxw2n not found!
    File C:\Users\Anthony\AppData\Local\Temp\etilqs_oHyqCpip7uyFeWx not found!
    C:\Users\Anthony\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
    C:\Windows\temp\vyajky\setup.exe moved successfully.
    File C:\Windows\temp\fla3E5D.tmp not found!
    File C:\Windows\temp\fla4C1F.tmp not found!
    File C:\Windows\temp\fla6520.tmp not found!
    File C:\Windows\temp\fla652C.tmp not found!
    File C:\Windows\temp\fla986D.tmp not found!
    File C:\Windows\temp\fla9A16.tmp not found!
    File C:\Windows\temp\flaA3AE.tmp not found!
    File C:\Windows\temp\flaD5EB.tmp not found!

    Registry entries deleted on Reboot...
     
  16. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Okay, the only user on the system is Anthony> from OTM> Total Files Cleaned = 2,876.00 mb!!!!!

    Good grief! Does the system move at all with all these files? Do you do regular (ANY) maintenance on the system?
     
  17. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    I'm ready to close the thread. Please reply if you still have malware problems.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...