TechSpot

Random pop ups and search links redirect (using firefox)

By MaxS
Nov 15, 2010
  1. Hello!

    I've been getting these random pop ups lately while using Firefox that send me to these terrible shopping websites that are pure garbage. More recently, it seems as though when I search in Google and click on a link it will automatically redirect me to another of these same garbage websites :(

    I've run through the preliminary instructions to complete before posting on here and so here are the 4 logs that should be included:

    [Thanks in advance for anyone who can help me! I really appreciate it :D]

    MBAM Log:

    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 5121

    Windows 6.1.7600
    Internet Explorer 8.0.7600.16385

    15-Nov-10 2:46:03 PM
    mbam-log-2010-11-15 (14-46-03).txt

    Scan type: Quick scan
    Objects scanned: 148827
    Time elapsed: 5 minute(s), 22 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)


    GMER log:

    GMER 1.0.15.15530 - http://www.gmer.net
    Rootkit scan 2010-11-15 15:16:26
    Windows 6.1.7600
    Running: mbi57hvu.exe


    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s1 771343423
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@s2 285507792
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg@h0 1
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xDF 0xFE 0x79 0x9A ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xC5 0x50 0xFC 0xD1 ...
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
    Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x8F 0xDB 0x69 0x59 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xDF 0xFE 0x79 0x9A ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xC5 0x50 0xFC 0xD1 ...
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x8F 0xDB 0x69 0x59 ...

    ---- EOF - GMER 1.0.15 ----



    DDS logs:

    DDS.txt


    DDS (Ver_10-11-10.01) - NTFS_AMD64
    Run by Max at 15:04:55.34 on 15-Nov-10
    Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_21
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3764.2313 [GMT -5:00]


    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    c:\Program Files\Microsoft Security Essentials\MsMpEng.exe
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\SYSTEM32\WISPTIS.EXE
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Launch Manager\dsiwmis.exe
    C:\Windows\SYSTEM32\WISPTIS.EXE
    C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe
    C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Microsoft Security Essentials\msseces.exe
    C:\Users\Max\Downloads\TwoFingerScroll.exe
    C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\Launch Manager\LManager.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
    C:\Program Files (x86)\Launch Manager\LMworker.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
    C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    C:\Users\Max\Desktop\mbi57hvu.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Users\Max\Desktop\dds.scr
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    mWinlogon: Userinit=userinit.exe
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: CIEDownload Object: {67bcf957-85fc-4036-8dc4-d4d80e00a77b} - C:\Program Files (x86)\SMART Technologies\Notebook Software\NotebookPlugin.dll
    BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    uRun: [TwoFingerScroll] C:\Users\Max\Downloads\TwoFingerScroll.exe
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
    mRunOnce: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    StartupFolder: C:\Users\Max\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
    IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
    BHO-X64: URLRedirectionBHO - No File
    mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
    mRun-x64: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /FORPCEE3
    mRun-x64: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
    mRun-x64: [IgfxTray] C:\Windows\system32\igfxtray.exe
    mRun-x64: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    mRun-x64: [Persistence] C:\Windows\system32\igfxpers.exe
    mRun-x64: [MSSE] "c:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey

    ================= FIREFOX ===================

    FF - ProfilePath - C:\Users\Max\AppData\Roaming\Mozilla\Firefox\Profiles\5hejxiiz.default\
    FF - prefs.js: browser.startup.homepage - google.ca
    FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
    FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    FF - HiddenExtension: Java Console: No Registry Reference - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----
    C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
    C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
    C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
    C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
    C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
    C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
    C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
    C:\Program Files (x86)\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

    ============= SERVICES / DRIVERS ===============

    R1 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2010-3-25 173984]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904]
    R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-4-21 202752]
    R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2010-4-8 312400]
    R2 SSPORT;SSPORT;C:\Windows\System32\drivers\SSPORT.SYS [2010-9-17 11576]
    R2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-9-16 2320920]
    R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atipmdag.sys [2010-4-21 6406144]
    R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2010-4-21 188928]
    R3 HECIx64;Intel(R) Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-9-17 56344]
    R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2009-10-26 151936]
    R3 intelkmd;intelkmd;C:\Windows\System32\drivers\igdpmd64.sys [2010-4-21 10322848]
    R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2010-9-16 74280]
    R3 MpNWMon;Microsoft Malware Protection Network Driver;C:\Windows\System32\drivers\MpNWMon.sys [2010-3-25 40832]
    R3 SMARTMouseFilterx64;HID-compliant mouse;C:\Windows\System32\drivers\SMARTMouseFilterx64.sys [2008-7-30 12584]
    R3 SMARTVHidMiniVistaAmd64;SMART HID Device;C:\Windows\System32\drivers\SMARTVHidMiniVistaAmd64.sys [2008-7-30 15784]
    R3 SMARTVTabletPCx64;SMART Virtual TabletPC;C:\Windows\System32\drivers\SMARTVTabletPCx64.sys [2008-7-30 17832]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-9-18 1255736]

    =============== Created Last 30 ================

    2010-11-15 20:03:16 8006480 ----a-w- C:\PROGRA~3\Microsoft\Microsoft Antimalware\Definition Updates\{5C4666E2-3FD8-485C-A83D-7CD81F2363D4}\mpengine.dll
    2010-11-15 19:38:04 -------- d-----w- C:\Users\Max\AppData\Roaming\Malwarebytes
    2010-11-15 19:37:53 38224 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
    2010-11-15 19:37:51 24664 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2010-11-15 19:37:51 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2010-11-15 19:37:51 -------- d-----w- C:\PROGRA~3\Malwarebytes
    2010-11-08 23:07:44 -------- d-----w- C:\Users\Max\AppData\Roaming\KompoZer
    2010-10-27 01:36:09 961024 ----a-w- C:\Windows\System32\CPFilters.dll
    2010-10-27 01:36:09 641536 ----a-w- C:\Windows\SysWow64\CPFilters.dll
    2010-10-27 01:36:09 552960 ----a-w- C:\Windows\System32\msdri.dll
    2010-10-27 01:36:08 288256 ----a-w- C:\Windows\System32\MSNP.ax
    2010-10-27 01:36:08 258560 ----a-w- C:\Windows\System32\mpg2splt.ax
    2010-10-27 01:36:08 204288 ----a-w- C:\Windows\SysWow64\MSNP.ax
    2010-10-27 01:36:08 199680 ----a-w- C:\Windows\SysWow64\mpg2splt.ax
    2010-10-27 01:35:17 27008 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
    2010-10-19 15:39:42 -------- d-----w- C:\PROGRA~3\IObit
    2010-10-19 15:39:36 -------- d-----w- C:\Program Files (x86)\IObit
    2010-10-19 04:46:50 14336 ----a-w- C:\Windows\System32\drivers\sffp_sd.sys

    ==================== Find3M ====================

    2010-10-19 20:51:33 270720 ------w- C:\Windows\System32\MpSigStub.exe
    2010-09-21 13:11:55 423656 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2010-09-17 05:16:51 0 ----a-w- C:\Windows\ativpsrm.bin
    2010-09-10 05:35:44 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
    2010-09-10 05:35:43 347648 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
    2010-09-08 05:36:17 1192960 ----a-w- C:\Windows\System32\wininet.dll
    2010-09-08 05:34:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll
    2010-09-08 04:30:04 978432 ----a-w- C:\Windows\SysWow64\wininet.dll
    2010-09-08 04:28:15 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll
    2010-09-08 04:16:38 482816 ----a-w- C:\Windows\System32\html.iec
    2010-09-08 03:35:30 1638912 ----a-w- C:\Windows\System32\mshtml.tlb
    2010-09-08 03:22:31 386048 ----a-w- C:\Windows\SysWow64\html.iec
    2010-09-08 02:48:16 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2010-09-01 05:12:09 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
    2010-09-01 04:23:49 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
    2010-09-01 02:58:34 3123712 ----a-w- C:\Windows\System32\win32k.sys
    2010-08-31 04:32:30 954752 ----a-w- C:\Windows\SysWow64\mfc40.dll
    2010-08-31 04:32:30 954288 ----a-w- C:\Windows\SysWow64\mfc40u.dll
    2010-08-27 06:14:02 236032 ----a-w- C:\Windows\System32\srvsvc.dll
    2010-08-27 05:46:48 9728 ----a-w- C:\Windows\SysWow64\sscore.dll
    2010-08-27 03:38:04 463360 ----a-w- C:\Windows\System32\drivers\srv.sys
    2010-08-27 03:37:48 402944 ----a-w- C:\Windows\System32\drivers\srv2.sys
    2010-08-27 03:37:26 161792 ----a-w- C:\Windows\System32\drivers\srvnet.sys
    2010-08-26 05:27:28 148992 ----a-w- C:\Windows\System32\t2embed.dll
    2010-08-26 04:39:58 109056 ----a-w- C:\Windows\SysWow64\t2embed.dll
    2010-08-21 06:38:47 1024512 ----a-w- C:\Windows\System32\wmpmde.dll
    2010-08-21 06:36:49 340992 ----a-w- C:\Windows\System32\schannel.dll
    2010-08-21 06:31:06 633856 ----a-w- C:\Windows\System32\comctl32.dll
    2010-08-21 06:29:47 558592 ----a-w- C:\Windows\System32\spoolsv.exe
    2010-08-21 05:36:33 738816 ----a-w- C:\Windows\SysWow64\wmpmde.dll
    2010-08-21 05:36:24 224256 ----a-w- C:\Windows\SysWow64\schannel.dll
    2010-08-21 05:33:24 530432 ----a-w- C:\Windows\SysWow64\comctl32.dll

    ============= FINISH: 15:05:42.92 ===============


    Attach.txt


    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-11-10.01)

    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 17-Sep-10 12:41:47 AM
    System Uptime: 15-Nov-10 2:32:11 PM (1 hours ago)

    Motherboard: Acer | | Aspire 3820
    Processor: Intel(R) Core(TM) i5 CPU M 430 @ 2.27GHz | CPU 1 | 1314/133mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 466 GiB total, 400.118 GiB free.
    E: is CDROM ()

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================

    RP71: 07-Nov-10 1:33:07 PM - Windows Update
    RP72: 08-Nov-10 4:05:20 PM - Windows Update
    RP73: 09-Nov-10 5:13:26 PM - Windows Update
    RP74: 10-Nov-10 10:10:45 PM - Windows Update
    RP75: 11-Nov-10 3:00:16 AM - Windows Update
    RP76: 11-Nov-10 11:25:25 PM - Windows Update
    RP77: 14-Nov-10 8:05:42 PM - Windows Update

    ==== Installed Programs ======================

    µTorrent
    Adobe AIR
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Reader 9.4.0
    Alcor Micro USB Card Reader
    Alien Swarm
    Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
    Atheros Driver Installation Program
    Catalyst Control Center Graphics Previews Vista
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    ccc-core-static
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    Definition update for Microsoft Office 2010 (KB982726)
    DivX Web Player
    FileZilla Client 3.3.4.1
    Half-Life 2
    Inspiration 9 IE
    Intel(R) Management Engine Components
    Intel(R) Turbo Boost Technology Driver
    Java Auto Updater
    Java(TM) 6 Update 21
    Launch Manager
    Malwarebytes' Anti-Malware
    MediaMonkey 3.2
    Microsoft Office Access MUI (English) 2010
    Microsoft Office Access Setup Metadata MUI (English) 2010
    Microsoft Office Excel MUI (English) 2010
    Microsoft Office Groove MUI (English) 2010
    Microsoft Office InfoPath MUI (English) 2010
    Microsoft Office OneNote MUI (English) 2010
    Microsoft Office Outlook MUI (English) 2010
    Microsoft Office PowerPoint MUI (English) 2010
    Microsoft Office Professional Plus 2010
    Microsoft Office Proof (English) 2010
    Microsoft Office Proof (French) 2010
    Microsoft Office Proof (Spanish) 2010
    Microsoft Office Proofing (English) 2010
    Microsoft Office Publisher MUI (English) 2010
    Microsoft Office Shared MUI (English) 2010
    Microsoft Office Shared Setup Metadata MUI (English) 2010
    Microsoft Office Word MUI (English) 2010
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Mozilla Firefox (3.6.12)
    Notebook Software
    PX Profile Update
    Realtek High Definition Audio Driver
    Samsung ML-1710 Series
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Skype Toolbars
    Skype™ 4.2
    SMART Board Drivers
    Steam
    Torchlight Demo
    VC80CRTRedist - 8.0.50727.762
    VLC media player 1.1.4

    ==== Event Viewer Messages From Past Week ========

    15-Nov-10 2:33:04 PM, Error: Service Control Manager [7000] - The DgiVecp service failed to start due to the following error: The system cannot find the device specified.
    15-Nov-10 2:33:02 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000] - WLAN Extensibility Module has failed to start. Module Path: C:\Windows\system32\athExt.dll Error Code: 126
    15-Nov-10 2:32:48 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    12-Nov-10 1:20:40 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
    09-Nov-10 1:03:04 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
    09-Nov-10 1:01:04 PM, Error: Service Control Manager [7034] - The Application Information service terminated unexpectedly. It has done this 1 time(s).
    09-Nov-10 1:01:04 PM, Error: Service Control Manager [7031] - The Windows Update service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    09-Nov-10 1:01:04 PM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    09-Nov-10 1:01:04 PM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    09-Nov-10 1:01:04 PM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    09-Nov-10 1:01:04 PM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    09-Nov-10 1:01:04 PM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    09-Nov-10 1:01:04 PM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    09-Nov-10 1:01:04 PM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    09-Nov-10 1:01:04 PM, Error: Service Control Manager [7031] - The Remote Desktop Configuration service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    09-Nov-10 1:01:04 PM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    09-Nov-10 1:01:04 PM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    09-Nov-10 1:01:04 PM, Error: Service Control Manager [7031] - The Group Policy Client service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    09-Nov-10 1:01:04 PM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    09-Nov-10 1:01:04 PM, Error: Service Control Manager [7031] - The Certificate Propagation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
    09-Nov-10 1:01:04 PM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
    09-Nov-10 1:01:04 PM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

    ==== End Of File ===========================
     
  2. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running tools or applying updates other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =====================================================================

    Can you check, if IE is having same issue?

    ======================================================================

    Download MBRCheck to your desktop

    Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
    It will show a black screen with some data on it.
    Enter N to exit.
    A report called MBRcheckxxxx.txt will be on your desktop
    Open this report and post its content in your next reply.
     
  3. MaxS

    MaxS TS Rookie Topic Starter Posts: 18

    MBRCheck report

    MBRCheck, version 1.2.3
    (c) 2010, AD

    Command-line:
    Windows Version: Windows 7 Home Premium Edition
    Windows Information: (build 7600), 64-bit
    Base Board Manufacturer: Acer
    BIOS Manufacturer: Phoenix Technologies LTD
    System Manufacturer: Acer
    System Product Name: Aspire 3820
    Logical Drives Mask: 0x00000014

    Kernel Drivers (total 196):
    0x02C5C000 \SystemRoot\system32\ntoskrnl.exe
    0x02C13000 \SystemRoot\system32\hal.dll
    0x00B9E000 \SystemRoot\system32\kdcom.dll
    0x00C10000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
    0x00C54000 \SystemRoot\system32\PSHED.dll
    0x00C68000 \SystemRoot\system32\CLFS.SYS
    0x00CC6000 \SystemRoot\system32\CI.dll
    0x00E5C000 \SystemRoot\system32\drivers\Wdf01000.sys
    0x00F00000 \SystemRoot\system32\drivers\WDFLDR.SYS
    0x0101E000 \SystemRoot\System32\Drivers\spbk.sys
    0x01144000 \SystemRoot\System32\Drivers\WMILIB.SYS
    0x0114D000 \SystemRoot\System32\Drivers\SCSIPORT.SYS
    0x0117C000 \SystemRoot\system32\DRIVERS\ACPI.sys
    0x011D3000 \SystemRoot\system32\DRIVERS\msisadrv.sys
    0x011DD000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
    0x00F0F000 \SystemRoot\system32\DRIVERS\pci.sys
    0x011EA000 \SystemRoot\System32\drivers\partmgr.sys
    0x01000000 \SystemRoot\system32\DRIVERS\compbatt.sys
    0x01009000 \SystemRoot\system32\DRIVERS\BATTC.SYS
    0x00F42000 \SystemRoot\system32\DRIVERS\volmgr.sys
    0x00F57000 \SystemRoot\System32\drivers\volmgrx.sys
    0x00FB3000 \SystemRoot\System32\drivers\mountmgr.sys
    0x01015000 \SystemRoot\system32\DRIVERS\atapi.sys
    0x00FCD000 \SystemRoot\system32\DRIVERS\ataport.SYS
    0x00E00000 \SystemRoot\system32\DRIVERS\msahci.sys
    0x00E0B000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
    0x00E1B000 \SystemRoot\system32\DRIVERS\amdxata.sys
    0x00D86000 \SystemRoot\system32\drivers\fltmgr.sys
    0x00E26000 \SystemRoot\system32\drivers\fileinfo.sys
    0x01237000 \SystemRoot\System32\Drivers\Ntfs.sys
    0x0148D000 \SystemRoot\System32\Drivers\msrpc.sys
    0x014EB000 \SystemRoot\System32\Drivers\ksecdd.sys
    0x01505000 \SystemRoot\System32\Drivers\cng.sys
    0x01578000 \SystemRoot\System32\drivers\pcw.sys
    0x01589000 \SystemRoot\System32\Drivers\Fs_Rec.sys
    0x01623000 \SystemRoot\system32\drivers\ndis.sys
    0x01715000 \SystemRoot\system32\drivers\NETIO.SYS
    0x01775000 \SystemRoot\System32\Drivers\ksecpkg.sys
    0x01800000 \SystemRoot\System32\drivers\tcpip.sys
    0x017A0000 \SystemRoot\System32\drivers\fwpkclnt.sys
    0x01593000 \SystemRoot\system32\DRIVERS\volsnap.sys
    0x017EA000 \SystemRoot\System32\Drivers\spldr.sys
    0x01400000 \SystemRoot\System32\drivers\rdyboost.sys
    0x01600000 \SystemRoot\System32\Drivers\mup.sys
    0x01612000 \SystemRoot\System32\drivers\hwpolicy.sys
    0x0143A000 \SystemRoot\System32\DRIVERS\fvevol.sys
    0x01474000 \SystemRoot\system32\DRIVERS\disk.sys
    0x01200000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
    0x00DD2000 \SystemRoot\system32\DRIVERS\MpFilter.sys
    0x015F6000 \SystemRoot\System32\Drivers\Null.SYS
    0x0161B000 \SystemRoot\System32\Drivers\Beep.SYS
    0x013ED000 \SystemRoot\System32\drivers\vga.sys
    0x02C92000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
    0x02CB7000 \SystemRoot\System32\drivers\watchdog.sys
    0x02CC7000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
    0x02CD0000 \SystemRoot\system32\drivers\rdpencdd.sys
    0x02CD9000 \SystemRoot\system32\drivers\rdprefmp.sys
    0x02CE2000 \SystemRoot\System32\Drivers\Msfs.SYS
    0x02CED000 \SystemRoot\System32\Drivers\Npfs.SYS
    0x02CFE000 \SystemRoot\system32\DRIVERS\tdx.sys
    0x02D1C000 \SystemRoot\system32\DRIVERS\TDI.SYS
    0x02D29000 \SystemRoot\system32\drivers\afd.sys
    0x02DB3000 \SystemRoot\System32\DRIVERS\netbt.sys
    0x02C00000 \SystemRoot\system32\DRIVERS\wfplwf.sys
    0x02C09000 \SystemRoot\system32\DRIVERS\pacer.sys
    0x02C2F000 \SystemRoot\system32\DRIVERS\vwififlt.sys
    0x02C45000 \SystemRoot\system32\DRIVERS\netbios.sys
    0x02C54000 \SystemRoot\system32\DRIVERS\wanarp.sys
    0x02C6F000 \SystemRoot\system32\DRIVERS\termdd.sys
    0x03A7F000 \SystemRoot\system32\DRIVERS\rdbss.sys
    0x03AD0000 \SystemRoot\system32\drivers\nsiproxy.sys
    0x03ADC000 \SystemRoot\system32\DRIVERS\mssmbios.sys
    0x03AE7000 \SystemRoot\System32\drivers\discache.sys
    0x03AF6000 \SystemRoot\System32\Drivers\dfsc.sys
    0x03B14000 \SystemRoot\system32\DRIVERS\blbdrive.sys
    0x03B25000 \SystemRoot\system32\DRIVERS\tunnel.sys
    0x03B4B000 \SystemRoot\system32\DRIVERS\atikmpag.sys
    0x04811000 \SystemRoot\system32\DRIVERS\atipmdag.sys
    0x05619000 \SystemRoot\system32\DRIVERS\igdpmd64.sys
    0x04E80000 \SystemRoot\System32\drivers\dxgkrnl.sys
    0x04F74000 \SystemRoot\System32\drivers\dxgmms1.sys
    0x05600000 \SystemRoot\system32\DRIVERS\HECIx64.sys
    0x04FBA000 \SystemRoot\system32\DRIVERS\usbehci.sys
    0x03B7F000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
    0x04FCB000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
    0x03BD5000 \SystemRoot\system32\DRIVERS\L1C62x64.sys
    0x04291000 \SystemRoot\system32\DRIVERS\athrx.sys
    0x044B5000 \SystemRoot\system32\DRIVERS\vwifibus.sys
    0x044C2000 \SystemRoot\system32\DRIVERS\CmBatt.sys
    0x044C7000 \SystemRoot\system32\DRIVERS\i8042prt.sys
    0x044E5000 \SystemRoot\system32\DRIVERS\kbdclass.sys
    0x044F4000 \SystemRoot\system32\DRIVERS\SynTP.sys
    0x04541000 \SystemRoot\system32\DRIVERS\USBD.SYS
    0x04543000 \SystemRoot\system32\DRIVERS\mouclass.sys
    0x04552000 \SystemRoot\system32\DRIVERS\Impcd.sys
    0x04578000 \SystemRoot\System32\Drivers\avt40w1m.SYS
    0x045BD000 \SystemRoot\system32\DRIVERS\intelppm.sys
    0x045D3000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
    0x045DC000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
    0x045EC000 \SystemRoot\system32\DRIVERS\SMARTVHidMiniVistaAmd64.sys
    0x04200000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
    0x04219000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
    0x04222000 \SystemRoot\system32\DRIVERS\SMARTVTabletPCx64.sys
    0x04226000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
    0x0423C000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
    0x04260000 \SystemRoot\system32\DRIVERS\ndistapi.sys
    0x03A00000 \SystemRoot\system32\DRIVERS\ndiswan.sys
    0x0426C000 \SystemRoot\system32\DRIVERS\raspppoe.sys
    0x03A2F000 \SystemRoot\system32\DRIVERS\raspptp.sys
    0x03A50000 \SystemRoot\system32\DRIVERS\rassstp.sys
    0x04287000 \SystemRoot\system32\DRIVERS\swenum.sys
    0x03CE5000 \SystemRoot\system32\DRIVERS\ks.sys
    0x03D28000 \SystemRoot\system32\DRIVERS\umbus.sys
    0x03D3A000 \SystemRoot\system32\DRIVERS\usbhub.sys
    0x03D94000 \SystemRoot\system32\DRIVERS\mouhid.sys
    0x03DA1000 \SystemRoot\system32\DRIVERS\SMARTMouseFilterx64.sys
    0x03DA9000 \SystemRoot\System32\Drivers\NDProxy.SYS
    0x0649B000 \SystemRoot\system32\drivers\RTKVHD64.sys
    0x066BD000 \SystemRoot\system32\drivers\portcls.sys
    0x066FA000 \SystemRoot\system32\drivers\drmk.sys
    0x0671C000 \SystemRoot\system32\drivers\ksthunk.sys
    0x06722000 \SystemRoot\system32\DRIVERS\cdrom.sys
    0x0674C000 \SystemRoot\System32\Drivers\crashdmp.sys
    0x0675A000 \SystemRoot\System32\Drivers\dump_dumpata.sys
    0x06766000 \SystemRoot\System32\Drivers\dump_msahci.sys
    0x06771000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
    0x00030000 \SystemRoot\System32\win32k.sys
    0x06784000 \SystemRoot\System32\drivers\Dxapi.sys
    0x06790000 \SystemRoot\system32\DRIVERS\usbccgp.sys
    0x067AD000 \SystemRoot\System32\Drivers\usbvideo.sys
    0x067DB000 \SystemRoot\system32\DRIVERS\monitor.sys
    0x00480000 \SystemRoot\System32\TSDDD.dll
    0x00770000 \SystemRoot\System32\cdd.dll
    0x06400000 \SystemRoot\system32\drivers\luafv.sys
    0x06423000 \SystemRoot\system32\drivers\WudfPf.sys
    0x06444000 \SystemRoot\system32\DRIVERS\lltdio.sys
    0x03C00000 \SystemRoot\system32\DRIVERS\nwifi.sys
    0x06459000 \SystemRoot\system32\DRIVERS\ndisuio.sys
    0x0646C000 \SystemRoot\system32\DRIVERS\rspndr.sys
    0x02AF9000 \SystemRoot\system32\drivers\HTTP.sys
    0x02BC1000 \SystemRoot\system32\DRIVERS\bowser.sys
    0x02BDF000 \SystemRoot\System32\drivers\mpsdrv.sys
    0x02A00000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
    0x02A2D000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
    0x02A7B000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
    0x06224000 \SystemRoot\system32\drivers\peauth.sys
    0x062CA000 \SystemRoot\System32\Drivers\secdrv.SYS
    0x062D5000 \SystemRoot\System32\DRIVERS\srvnet.sys
    0x06302000 \??\C:\Windows\system32\Drivers\SSPORT.sys
    0x0630A000 \SystemRoot\System32\drivers\tcpipreg.sys
    0x0631C000 \SystemRoot\System32\DRIVERS\srv2.sys
    0x078DF000 \SystemRoot\System32\DRIVERS\srv.sys
    0x07975000 \SystemRoot\system32\drivers\tdtcp.sys
    0x07980000 \SystemRoot\System32\DRIVERS\tssecsrv.sys
    0x0798F000 \SystemRoot\System32\Drivers\RDPWD.SYS
    0x07871000 \SystemRoot\system32\DRIVERS\asyncmac.sys
    0x0787C000 \SystemRoot\system32\DRIVERS\MpNWMon.sys
    0x770F0000 \Windows\System32\ntdll.dll
    0x484C0000 \Windows\System32\smss.exe
    0xFF410000 \Windows\System32\apisetschema.dll
    0xFF4A0000 \Windows\System32\autochk.exe
    0xFF2D0000 \Windows\System32\wininet.dll
    0xFF1C0000 \Windows\System32\msctf.dll
    0xFF140000 \Windows\System32\difxapi.dll
    0xFEFC0000 \Windows\System32\urlmon.dll
    0xFEDE0000 \Windows\System32\setupapi.dll
    0xFED40000 \Windows\System32\clbcatq.dll
    0xFECD0000 \Windows\System32\gdi32.dll
    0x772C0000 \Windows\System32\psapi.dll
    0xFEA70000 \Windows\System32\iertutil.dll
    0xFEA50000 \Windows\System32\sechost.dll
    0xFE920000 \Windows\System32\rpcrt4.dll
    0xFE850000 \Windows\System32\usp10.dll
    0xFE7B0000 \Windows\System32\comdlg32.dll
    0xFE730000 \Windows\System32\shlwapi.dll
    0x76FD0000 \Windows\System32\kernel32.dll
    0xFE700000 \Windows\System32\imm32.dll
    0xFD970000 \Windows\System32\shell32.dll
    0xFD920000 \Windows\System32\ws2_32.dll
    0xFD900000 \Windows\System32\imagehlp.dll
    0xFD8B0000 \Windows\System32\Wldap32.dll
    0xFD6A0000 \Windows\System32\ole32.dll
    0xFD5C0000 \Windows\System32\advapi32.dll
    0xFD5B0000 \Windows\System32\lpk.dll
    0xFD510000 \Windows\System32\msvcrt.dll
    0xFD500000 \Windows\System32\nsi.dll
    0xFD420000 \Windows\System32\oleaut32.dll
    0x76ED0000 \Windows\System32\user32.dll
    0x772B0000 \Windows\System32\normaliz.dll
    0xFD400000 \Windows\System32\devobj.dll
    0xFD3C0000 \Windows\System32\cfgmgr32.dll
    0xFD380000 \Windows\System32\wintrust.dll
    0xFD310000 \Windows\System32\KernelBase.dll
    0xFD270000 \Windows\System32\comctl32.dll
    0xFD100000 \Windows\System32\crypt32.dll
    0xFD0F0000 \Windows\System32\msasn1.dll

    Processes (total 67):
    0 System Idle Process
    4 System
    304 C:\Windows\System32\smss.exe
    420 csrss.exe
    484 C:\Windows\System32\wininit.exe
    504 csrss.exe
    556 C:\Windows\System32\services.exe
    576 C:\Windows\System32\lsass.exe
    584 C:\Windows\System32\lsm.exe
    608 C:\Windows\System32\winlogon.exe
    720 C:\Windows\System32\svchost.exe
    856 C:\Windows\System32\svchost.exe
    916 C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
    1008 C:\Windows\System32\atiesrxx.exe
    444 C:\Windows\System32\svchost.exe
    632 C:\Windows\System32\svchost.exe
    736 C:\Windows\System32\svchost.exe
    1116 C:\Windows\System32\svchost.exe
    1144 C:\Windows\System32\atieclxx.exe
    1316 C:\Windows\System32\wisptis.exe
    1344 C:\Windows\System32\svchost.exe
    1696 C:\Windows\System32\spoolsv.exe
    1812 C:\Windows\System32\svchost.exe
    1336 C:\Program Files (x86)\Launch Manager\dsiwmis.exe
    1208 C:\Windows\System32\wisptis.exe
    1204 C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe
    1764 C:\Program Files (x86)\Common Files\microsoft shared\ink\TabTip32.exe
    1732 C:\Windows\System32\taskhost.exe
    1848 C:\Windows\explorer.exe
    1872 C:\Windows\System32\dwm.exe
    1920 C:\Windows\System32\svchost.exe
    1232 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    2336 C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    2344 C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    2352 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    2360 C:\Windows\System32\igfxtray.exe
    2372 C:\Windows\System32\hkcmd.exe
    2380 C:\Windows\System32\igfxpers.exe
    2452 C:\Program Files\Microsoft Security Essentials\msseces.exe
    2464 C:\Users\Max\Downloads\TwoFingerScroll.exe
    2488 C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
    356 C:\Windows\System32\SearchIndexer.exe
    3128 C:\Program Files (x86)\Launch Manager\LManager.exe
    3316 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    3556 C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
    3592 C:\Program Files (x86)\Launch Manager\LMworker.exe
    3664 C:\Windows\System32\wbem\unsecapp.exe
    3816 C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    3884 C:\Program Files\Windows Media Player\wmpnetwk.exe
    3904 WmiPrvSE.exe
    4032 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    3476 C:\Windows\System32\svchost.exe
    4160 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    4552 C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    4680 C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
    3760 C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    3168 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    428 C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    4604 C:\Windows\System32\audiodg.exe
    1864 C:\Windows\System32\svchost.exe
    4460 taskhost.exe
    3372 C:\Windows\System32\SearchProtocolHost.exe
    4140 C:\Windows\System32\SearchFilterHost.exe
    2068 C:\Windows\System32\SearchProtocolHost.exe
    1840 C:\Users\Max\Desktop\MBRCheck.exe
    4660 C:\Windows\System32\conhost.exe
    5112 C:\Windows\System32\dllhost.exe

    \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`06500000 (NTFS)

    PhysicalDrive0 Model Number: WDCWD5000BEVT-22A0RT0, Rev: 01.01A01

    Size Device Name MBR Status
    --------------------------------------------
    465 GB \\.\PhysicalDrive0 MBR Code Faked!
    SHA1: 1BB72AA843C54C64E74C9F6C9BD22FA2AFA08966


    Found non-standard or infected MBR.
    Enter 'Y' and hit ENTER for more options, or 'N' to exit:

    Done!
     
  4. Broni

    Broni Malware Annihilator Posts: 52,895   +344

     
  5. MaxS

    MaxS TS Rookie Topic Starter Posts: 18

    Oops, sorry about that. I had checked before posting, just forgot to mention it =/
    I opened IE and sure enough Google links do redirect, however, I didn't keep it open or browse long enough to notice if I had pop ups. I don't really use IE tbh....
     
  6. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    Ok, we have to fix your MBR first.

    Please download NTBR by noahdfear and save it to your Desktop.
    File size: 2.44 MB (2,565,432 bytes)

    • Place a blank CD in your CD drive.
    • Double click on NTBR_CD.exe file and a folder of the same name will appear.
    • Open the folder and double click on BurnItCD.cmd file. If your CD drive will open, simply close it back.
    • Follow the prompts to burn the CD.
    • Now you will need to set the CD-Rom as first boot device if it isn't already (if you don't know how to do it, see HERE)
    • If you have any questions about this step, ask before you proceed. If you enter the BIOS and are unsure if you have carried out the step correctly, there should be an option to exit without keeping changes, so you won't do any harm.
    • Insert the newly created CD into your infected PC and reboot your computer.
    • Once you have rebooted please press Enter when prompted to continue booting from CD - you have a whole 15 seconds to do this!
    • Read the warning and then continue as prompted.
    • You first need to select your keyboard layout - press Enter for English.
    • Next you want to select the appropriate tool. Enter 1 to choose 1. MBRWORK
    • On the following screen enter 5 to select Install Standard MBR code.
    • Enter 2 to overwrite the infected MBR Code with the Windows 7 MBR code.
    • When asked to confirm please do so.
    • Afterwards, please enter E to leave MBRWORK, then 6 to leave the bootable CD.
    • Eject the disc and then press ctrl+alt+del to reboot the PC.
    Once rebooted, run MBRCheck again and post its log.
     
  7. MaxS

    MaxS TS Rookie Topic Starter Posts: 18

    I have no CD rom drive (thin and light laptop). Can I load this file onto a USB drive and have it boot off of that? Please let me know if there are additional steps to be taken. I think that's going to be it for me for tonight, but I will continue with this tomorrow.

    Thanks!
     
  8. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    1. Create Vista/7 Recovery Disc.

    Windows 7 from USB: http://www.intowindows.com/how-to-r...h-drive-repair-without-installation-dvd-disc/

    2. Boot from created USB.

    Vista users. At first screen click on Repair your computer:
    [​IMG]

    Windows 7 users. At first screen click on Install now:
    [​IMG]
    Select your language and click next:
    [​IMG]
    Click the button for "Use recovery tools":
    [​IMG]

    The following applies to both, Vista and Windows 7 users.

    This will bring you to a new screen where the repair process will look for all Windows Vista/7 installations on your computer. When done you will be presented with the System Recovery Options dialog box:
    [​IMG]
    After this, it will present you with a list of options including startup repair, system restore and command prompt:
    [​IMG]
    Select Command Prompt

    Type in:
    bootrec /FixMbr (<--- there is a "space" after "bootrec")
    and then press Enter

    Once completed then type Exit, press Enter and restart computer.

    Post fresh MBRCheck log.
     
  9. MaxS

    MaxS TS Rookie Topic Starter Posts: 18

    So I ran the repair and now my computer doesn't seem to want to start up... It gets to the windows logo and then I see a flash of a BSOD and it restarts again. It's now running Startup Repair to see what it can do...

    Not sure what went wrong here =\
     
  10. MaxS

    MaxS TS Rookie Topic Starter Posts: 18

    Start up repair has been running for a good 10 minutes now and hasn't done anything =\

    Help! =\
     
  11. MaxS

    MaxS TS Rookie Topic Starter Posts: 18

    Startup Repair cannot repair this computer automatically

    Sending more information can help Microsoft create solutions.

    Send information about this problem (recommended)
    Don't send

    Show problem:

    Problem signature:
    -Problem Signature 01: StartupRepairOffline
    -Problem Signature 02: 6.1.7600.16385
    -Problem Signature 03: 6.1.7600.16385
    -Problem Signature 04: unknown
    -Problem Signature 05: 21200755
    -Problem Signature 05: AutoFailover
    -Problem Signature 06: 2
    -Problem Signature 07: NoRootCause
    -OS Version: 6.1.7600.2.0.0.256.1
    -Locale ID: 1033

    Read our privacy statement online:
    http://go.microsoft.com/fwlink/>linkid=104288&clcid=0x0409

    If the online privacy statement is not available, please read our privacy statement offline:
    X:\windows\system32\en-US\erofflps.txt
     
  12. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    Run MBR fix one more time please.
     
  13. MaxS

    MaxS TS Rookie Topic Starter Posts: 18

    I'm unable to boot into windows....
    As I said, when I try to boot up, it goes to the windows logo, spins for a second and then a quick BSOD and then it recommends I boot up with Launch Startup Repair....
     
  14. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    Re-run procedure from my reply #8.
     
  15. MaxS

    MaxS TS Rookie Topic Starter Posts: 18

    Once I exit I want to change to boot drive to the hard drive correct? If that's the case, then it's not working. I get the windows logo, it freezes and then quick BSOD and a reboot. =\
     
  16. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    No, you don't have too change anything.
    Did you retry a whole procedure?
     
  17. MaxS

    MaxS TS Rookie Topic Starter Posts: 18

    Yes I retried the whole procedure from step 8. It doesn't seem to work and in fact seems to have made things worse :(
     
  18. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    Let's try something else.
    Since you don't have CD drive, adjust the manual listed below by reading here: http://forums.majorgeeks.com/showthread.php?t=216844 (how to create OTLPE on USB drive).

    Let's see, if we can look at your computer booting from an external source.

    Please download OTLPE (filesize 120,9 MB)

    • When downloaded double click on OTLPENet.exe and make sure there is a blank CD in your CD drive. This will automatically create a bootable CD.
    • Reboot your system using the boot CD you just created.
      • Note : If you do not know how to set your computer to boot from CD follow the steps here
    • Your system should now display a REATOGO-X-PE desktop.
    • Depending on your type of internet connection, you should be able to get online as well so you can access this topic more easily.
    • Double-click on the OTLPE icon.
    • When asked Do you wish to load the remote registry, select Yes
    • When asked Do you wish to load remote user profile(s) for scanning, select Yes
    • Ensure the box Automatically Load All Remaining Users" is checked and press OK
    • OTL should now start.
    • Press Run Scan to start the scan.
    • When finished, the file will be saved in drive C:\OTL.txt
    • Copy this file to your USB drive if you do not have internet connection on this system
    • Please post the contents of the OTL.txt file in your reply.
     
  19. MaxS

    MaxS TS Rookie Topic Starter Posts: 18

    One question, before I proceed. You linked me to OTLPENet.exe where as in the thread on how to create OTLPE on USB drive, they're talking about OTLPEStd. Should I just follow the steps, but use the program you linked?
     
  20. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    Way to go :)
    Always ask, if in doubt.
    Follow instructions from my link first to create bootable USB.

    Then, boot from the USB and follow MY instructions, starting with this line:
     
  21. MaxS

    MaxS TS Rookie Topic Starter Posts: 18

    I'm running into an error when using PeToUSB. When I try to start the program it gives me an error: FormatEx Error[11]: An Error Occured Formating the Drive.

    From what I've read I believe it's because the version of PeToUSB linked in that post is version 3.0.0.7 and it doesn't support usb drives bigger than 2gb. Unfortunatly, all I have is an 8 Gb drive. What do I do now? =\
     
  22. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    We really don't have too many options here...
    You'll need to get smaller drive. You should be able to get 2GB drive for maybe 10 bucks.
     
  23. MaxS

    MaxS TS Rookie Topic Starter Posts: 18

    You don't have any software that can substitute PeToUSB, or maybe software that will allow me to partition my USB drive so that it has a 2gb partition, thus "fooling" the software?
     
  24. Broni

    Broni Malware Annihilator Posts: 52,895   +344

    Not really.
    Maybe you can get hold on external USB CD drive?
     
  25. MaxS

    MaxS TS Rookie Topic Starter Posts: 18

    I have a cable to connect my pc's dvd drive via usb to my laptop. I suppose I can do that. I assume I'll follow the instructions in your previous post, however using OTLPEStd?
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...