TechSpot

When I click on a Google link I get redirected

By shahed92
Feb 27, 2012
  1. Hi,
    basically whenever i click a link on google i get redirected to an advertisement or something, i have looked at other posts and i think it is malware or something, can anyone please help me to fix this problem?

    Thank you
     
  2. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Welcome to TechSpot! I will help but need information first:

    Pease follow these steps: Preliminary Virus and Malware Removal.

    NOTE: If you already have any of the scanning programs on the computer, please remove them and download the versions in these links.

    When you have finished, leave the logs for review in your next reply .
    NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.
    ===============================
    My Guidelines: please read and follow:
    • Be patient. Malware cleaning takes time. I am also working with other members while I am helping you.
    • Read my instructions carefully. If you don't understand or have a problem, ask me. Follow the order of the tasks I give you. Order is crucial in cleaning process.
    • If you have questions, or if a program doesn't work, stop and tell me about it. Don't try to get around it yourself.
    • File sharing programs should be uninstalled or disabled during the cleaning process..
    • Observe these:
      [o] Don't follow directions given to someone else
      [o] Don't use any other cleaning programs or scans while I'm helping you.
      [o] Don't use a Registry cleaner or make any changes in the Registry.
      [o] Don't download and install new programs- except those I give you.

    If I haven't replied back to you within 48 hours, you can send a PM with your thread link in it as a reminder. Do not include technical problems from your thread. Support is given only in the forum.
    Threads are closed after 5 days if there is no reply.
     
  3. shahed92

    shahed92 TS Rookie Topic Starter

    Logs

    Here are the logs:

    Malwarebytes Anti-Malware log:

    Malwarebytes Anti-Malware (Trial) 1.60.1.1000
    www.malwarebytes.org

    Database version: v2012.02.27.01

    Windows 7 x86 NTFS
    Internet Explorer 9.0.8112.16421
    sal :: SAL-PC [administrator]

    Protection: Enabled

    27/02/2012 14:51:48
    mbam-log-2012-02-27 (14-51-48).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 180305
    Time elapsed: 12 minute(s), 36 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 1
    C:\Windows\System32\se45mdfl.dll (RootKit.0Access.H) -> Delete on reboot.

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 1
    C:\Recycle.Bin (Trojan.Spyeyes) -> Quarantined and deleted successfully.

    Files Detected: 1
    C:\Windows\System32\se45mdfl.dll (RootKit.0Access.H) -> Delete on reboot.

    (end)


    GMER log:

    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit quick scan 2012-02-27 16:26:36
    Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.FG00
    Running: tgotqr68.exe; Driver: C:\Users\sal\AppData\Local\Temp\uwldypow.sys


    ---- Devices - GMER 1.0.15 ----

    AttachedDevice \Driver\tdx \Device\Ip SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\tdx \Device\Tcp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\tdx \Device\Udp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\tdx \Device\RawIp SYMTDIV.SYS (Network Dispatch Driver/Symantec Corporation)
    AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)
    AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)

    ---- Processes - GMER 1.0.15 ----

    Process PING.EXE (*** hidden *** ) 2100

    ---- EOF - GMER 1.0.15 ----


    DDS logs: DDS.txt:
    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 9.0.8112.16421
    Run by sal at 16:28:14 on 2012-02-27
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.3005.1656 [GMT 0:00]
    .
    AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    .
    ============== Running Processes ===============
    .
    C:\windows\system32\wininit.exe
    C:\windows\system32\lsm.exe
    C:\windows\system32\svchost.exe -k DcomLaunch
    C:\windows\system32\svchost.exe -k RPCSS
    C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\windows\system32\svchost.exe -k netsvcs
    C:\windows\system32\svchost.exe -k LocalService
    C:\windows\system32\svchost.exe -k NetworkService
    C:\windows\System32\spoolsv.exe
    C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
    C:\windows\System32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe
    C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe
    C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    C:\windows\system32\svchost.exe -k imgsvc
    C:\windows\system32\SearchIndexer.exe
    C:\windows\system32\taskhost.exe
    C:\Program Files\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe
    C:\windows\system32\Dwm.exe
    C:\windows\Explorer.EXE
    C:\windows\system32\taskeng.exe
    C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
    C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe
    C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
    C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    \\.\globalroot\SystemRoot\system32\svchost.exe -k netsvcs
    C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\windows\system32\igfxext.exe
    C:\windows\system32\igfxsrvc.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\windows\system32\igfxsrvc.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\windows\system32\wuauclt.exe
    C:\windows\system32\Macromed\Flash\FlashUtil11f_ActiveX.exe
    C:\windows\system32\svchost.exe -k SDRSVC
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\windows\system32\conhost.exe
    C:\windows\system32\SearchProtocolHost.exe
    C:\windows\system32\SearchFilterHost.exe
    C:\windows\system32\conhost.exe
    C:\windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/ig
    uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\17.9.0.12\coIEPlg.dll
    BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\17.9.0.12\IPSBHO.DLL
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7227.1100\swg.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\17.9.0.12\coIEPlg.dll
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
    mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [UCam_Menu] "c:\program files\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\youcam" updatewithcreateonce "software\cyberlink\youcam\2.0"
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49}
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_03\bin\npjpi150_03.dll
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    LSP: mswsock.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
    DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
    DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{CB2C547C-EA3E-4DE4-9B10-6041D05DE8C2} : DhcpNameServer = 192.168.1.1
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GRA32A~1.DLL
    Notify: igfxcui - igfxdev.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1109000.00c\symds.sys [2012-1-12 328752]
    R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1109000.00c\symefa.sys [2012-1-12 173176]
    R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.0.0.136\definitions\bashdefs\20120215.001\BHDrvx86.sys [2012-2-16 820344]
    R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1109000.00c\cchpx86.sys [2012-1-12 485512]
    R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012-1-13 232512]
    R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_17.0.0.136\definitions\ipsdefs\20120224.002\IDSvix86.sys [2012-2-25 368248]
    R1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\drivers\SABI.sys [2009-9-17 10752]
    R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1109000.00c\ironx86.sys [2012-1-12 116784]
    R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\nis\1109000.00c\symtdiv.sys [2012-1-12 340088]
    R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-1-10 652360]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-2-4 106104]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-2-27 20464]
    R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-9-17 187392]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-1-10 135664]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2010-5-2 54632]
    S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-1-10 135664]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
    .
    =============== Created Last 30 ================
    .
    2012-02-27 14:49:11 -------- d-----w- c:\users\sal\appdata\roaming\Malwarebytes
    2012-02-27 14:48:59 -------- d-----w- c:\programdata\Malwarebytes
    2012-02-27 14:48:57 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-02-24 12:23:15 162664 ----a-w- c:\programdata\microsoft\windows\sqm\manifest\Sqm10140.bin
    2012-02-19 22:24:28 -------- d-----w- c:\users\sal\appdata\local\NPE
    2012-02-19 22:19:08 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
    2012-02-19 19:51:23 -------- d-----w- c:\users\sal\appdata\roaming\GetRightToGo
    2012-02-17 14:57:02 19416 ----a-w- c:\program files\mozilla firefox\AccessibleMarshal.dll
    2012-02-17 14:57:01 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
    2012-02-17 14:57:00 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
    2012-02-17 14:57:00 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    2012-02-17 14:57:00 125912 ----a-w- c:\program files\mozilla firefox\crashreporter.exe
    2012-02-16 12:35:37 442880 ----a-w- c:\windows\system32\ntshrui.dll
    2012-02-16 12:32:23 478208 ----a-w- c:\windows\system32\timedate.cpl
    2012-02-16 12:32:05 690688 ----a-w- c:\windows\system32\msvcrt.dll
    2012-02-16 11:27:49 2340864 ----a-w- c:\windows\system32\win32k.sys
    .
    ==================== Find3M ====================
    .
    2012-02-25 16:16:05 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-02-20 11:44:29 74240 ----a-w- c:\windows\system32\drivers\tdx.sys
    2012-01-13 17:42:39 232512 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
    2012-01-11 09:53:23 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
    2011-12-14 03:04:54 1798656 ----a-w- c:\windows\system32\jscript9.dll
    2011-12-14 02:57:18 1127424 ----a-w- c:\windows\system32\wininet.dll
    2011-12-14 02:56:58 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
    2011-12-14 02:50:04 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2001-09-28 18:00:28 164864 ----a-w- c:\program files\UNWISE.EXE
    .
    ============= FINISH: 16:29:32.10 ===============


    DDS logs: Attach.txt:

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 02/05/2010 14:48:22
    System Uptime: 27/02/2012 15:07:25 (1 hours ago)
    .
    Motherboard: SAMSUNG ELECTRONICS CO., LTD. | | R519/R719
    Processor: Pentium(R) Dual-Core CPU T4400 @ 2.20GHz | U2E1 | 1188/mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 109 GiB total, 2.731 GiB free.
    D: is FIXED (NTFS) - 109 GiB total, 78.647 GiB free.
    E: is CDROM ()
    F: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    No restore point in system.
    .
    ==== Installed Programs ======================
    .
    2007 Microsoft Office system
    Accelrys License Pack
    ACD/Labs Software in C:\Program Files\ACDFREE12\
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader 9.1
    Alice Greenfingers
    AnyPC Client
    Atheros Client Installation Program
    Avogadro
    BatteryLifeExtender
    Business Contact Manager for Outlook 2007 SP1
    CambridgeSoft Activation Client
    CambridgeSoft BioAssay 12.0
    CambridgeSoft ChemBioOffice Ultra 2010
    CambridgeSoft ChemDraw ActiveX Enterprise Constant 12.0
    CambridgeSoft ChemScript 12.0
    CambridgeSoft Desktop Inventory 12.0
    CambridgeSoft ENotebook 12.02
    CTC Instrument Control Redist 1.4.0.1
    Cubist-demo 2.07
    CyberLink YouCam
    Dairy Dash
    Easy Display Manager
    Easy Network Manager
    Easy SpeedUp Manager
    EasyBatteryManager
    EPSON PhotoQuicker3.2
    EPSON PRINT Image Framer Tool1.1
    EPSON Printer Software
    Farm Frenzy 2
    FIFA 12 (c) EA version 1
    Game Pack
    Go-Go Gourmet
    Google Toolbar for Internet Explorer
    Google Update Helper
    Intel(R) Graphics Media Accelerator Driver
    Intel® Matrix Storage Manager
    J2SE Runtime Environment 5.0 Update 3
    Java 3D 1.3.1 (OpenGL) Runtime
    Junk Mail filter update
    Malwarebytes Anti-Malware version 1.60.1.1000
    McAfee Security Scan Plus
    MestReNova LITE 5.2.5-5780
    Micromass MassLynx V4.1
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Office 2003 Web Components
    Microsoft Office 2007 Primary Interop Assemblies
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office Live Add-in 1.3
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook Connector
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Professional Hybrid 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Small Business Connectivity Components
    Microsoft Office Suite Activation Assistant
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft SQL Server 2005
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
    Microsoft SQL Server Native Client
    Microsoft SQL Server Setup Support Files (English)
    Microsoft SQL Server VSS Writer
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Mozilla Firefox 10.0.2 (x86 en-US)
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Norton Internet Security
    Python 2.5
    Python 2.7.1
    Realtek Ethernet Controller Driver
    Realtek High Definition Audio Driver
    REBOL/View
    Samsung Recovery Solution 4
    Samsung Support Center
    Samsung Update Plus
    SamsungMovie
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Shared Add-in Support Update for Microsoft .NET Framework 2.0 (KB908002)
    SpinWorks_3
    STATISTICA 8.0.725.0 CS
    STATISTICA CambridgeSoft Integration
    STATNOVAPDF (novaPDF Professional Server 5.4 printer)
    Synaptics Pointing Device Driver
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update for Microsoft Office Word 2007 (KB974631)
    Update for Office 2007 (KB934528)
    Update for Office System 2007 Setup (KB929722)
    User Guide
    VEGA ZZ 2.4.0
    VMD 1.9.1
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Family Safety
    Windows Live Mail
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Upload Tool
    Windows Live Writer
    WinRAR 4.10 beta 5 (32-bit)
    .
    ==== Event Viewer Messages From Past Week ========
    .
    27/02/2012 16:27:44, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
    27/02/2012 15:07:53, Error: Service Control Manager [7023] - The Ati2mtaa service terminated with the following error: The specified module could not be found.
    27/02/2012 15:07:53, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
    27/02/2012 15:07:49, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
    27/02/2012 15:07:49, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
    25/02/2012 17:56:33, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0xbae4f5d8, 0x00000002, 0x00000000, 0x82e9f6fd). A dump was saved in: C:\windows\MEMORY.DMP. Report Id: 022512-39000-01.
    24/02/2012 17:16:41, Error: Microsoft-Windows-Application-Experience [205] - The Program Compatibility Assistant service failed to perform the phase two initialization.
    24/02/2012 11:56:24, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
    21/02/2012 16:02:01, Error: Service Control Manager [7030] - The AMService service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
    20/02/2012 11:39:52, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: tdx
    20/02/2012 11:39:18, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    20/02/2012 11:39:18, Error: Service Control Manager [7001] - The DHCP Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    20/02/2012 08:24:05, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
    .
    ==== End Of File ===========================
     
  4. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    I'm very sorry- I did not get the email feeback of your reply. I thought I had found all of the affected threads.

    I'd like you to temporarily disable the CD Emulation program Daemon Tools:
    To disable CD Emulation programs using DeFogger please perform these steps:
    1. . Please download DeFogger to your desktop.
    2. . Double-click on the DeFogger icon to start the tool.
    3. . The application window will> appear> click on the Disable button to disable your CD Emulation drivers
    4. . At prompt to continue> click on the Yes button to continue
    5. . When the program has completed you will see a Finished! message. Click on the OK button to exit the program.
    DeFogger will now ask you to reboot the machine. Please allow it to do so by clicking on the OK button.
    ---------------------------
    The following can be done when we're finished:
    =======================================
    Follow with> Please note: If you have previously run Combofix and it's still on the system, please uninstall it. Then download the current version and do the scan: Uninstall directions, if needed
    • Click START> then RUN
    • Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    --------------------------------------
    Before you run the Combofix scan, please disable any security software you have running.

    Download Combofix from HERE or HERE and save to the desktop
    • Double click combofix.exe [​IMG]& follow the prompts.
    • If prompted for Recovery Console, please allow.
    • Once installed, you should see a blue screen prompt that says:
      • The Recovery Console was successfully installed.[/b]
      • Note: If Combofix was downloaded to a flash drive, the Recovery Console will not install- just bypass and go on.[/b]
      • Note: No query will be made if the Recovery Console is already on the system.
    • .Close/disable all anti virus and anti malware programs
      (If you need help with this, please see HERE)
    • .Close any open browsers.
    • .Click on Yes, to continue scanning for malware
    • .If Combofix asks you to update the program, allow
    • When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..
    Re-enable your Antivirus software.
    Note 1:Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    Note 2:If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion", restart the computer.
    Note 3:CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
    ===============================
    Please let me know if you are still being redirected and/or if you are having any other, new system problems.
     
  5. shahed92

    shahed92 TS Rookie Topic Starter

    ComboFix Report

    here is the report:

    ComboFix 12-02-25.02 - sal 03/03/2012 15:20:00.1.2 - x86
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.3005.2031 [GMT 0:00]
    Running from: c:\users\sal\Desktop\ComboFix.exe
    AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    - REDUCED FUNCTIONALITY MODE -
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files\INSTALL.LOG
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-02-03 to 2012-03-03 )))))))))))))))))))))))))))))))
    .
    .
    2012-03-03 15:21 . 2012-03-03 15:26 -------- d-----w- c:\users\sal\AppData\Local\temp
    2012-03-03 15:21 . 2012-03-03 15:21 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-02-27 14:49 . 2012-02-27 14:49 -------- d-----w- c:\users\sal\AppData\Roaming\Malwarebytes
    2012-02-27 14:48 . 2012-02-27 14:48 -------- d-----w- c:\programdata\Malwarebytes
    2012-02-27 14:48 . 2011-12-10 15:24 20464 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-02-24 12:23 . 2012-02-24 12:23 162664 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10140.bin
    2012-02-20 13:48 . 2012-02-28 08:33 -------- d-----w- c:\windows\Sun
    2012-02-19 22:24 . 2012-02-20 11:48 -------- d-----w- c:\users\sal\AppData\Local\NPE
    2012-02-19 22:19 . 2012-03-03 15:23 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
    2012-02-19 19:51 . 2012-02-19 19:52 -------- d-----w- c:\users\sal\AppData\Roaming\GetRightToGo
    2012-02-17 18:14 . 2012-02-17 18:14 -------- d-----w- c:\users\Public\CyberLink
    2012-02-17 14:57 . 2012-02-19 22:21 19416 ----a-w- c:\program files\Mozilla Firefox\AccessibleMarshal.dll
    2012-02-17 14:57 . 2012-02-17 14:57 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
    2012-02-17 14:57 . 2012-02-19 22:21 134104 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
    2012-02-17 14:57 . 2012-02-19 22:21 125912 ----a-w- c:\program files\Mozilla Firefox\crashreporter.exe
    2012-02-17 14:57 . 2012-02-17 14:57 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
    2012-02-16 15:22 . 2011-12-14 03:32 141112 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
    2012-02-16 12:35 . 2012-01-04 09:03 442880 ----a-w- c:\windows\system32\ntshrui.dll
    2012-02-16 12:32 . 2012-01-03 05:44 478208 ----a-w- c:\windows\system32\timedate.cpl
    2012-02-16 12:32 . 2011-12-16 07:59 690688 ----a-w- c:\windows\system32\msvcrt.dll
    2012-02-16 11:27 . 2012-01-14 03:48 2340864 ----a-w- c:\windows\system32\win32k.sys
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-02-25 16:16 . 2012-01-11 08:35 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-02-20 11:44 . 2009-07-13 23:12 74240 ----a-w- c:\windows\system32\drivers\tdx.sys
    2012-01-17 19:54 . 2012-01-17 19:54 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
    2012-01-17 19:54 . 2012-01-17 19:54 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
    2012-01-17 19:54 . 2012-01-17 19:54 48640 ----a-w- c:\windows\system32\mshtmler.dll
    2012-01-17 19:54 . 2012-01-17 19:54 161792 ----a-w- c:\windows\system32\msls31.dll
    2012-01-17 19:54 . 2012-01-17 19:54 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
    2012-01-17 19:54 . 2012-01-17 19:54 86528 ----a-w- c:\windows\system32\iesysprep.dll
    2012-01-17 19:54 . 2012-01-17 19:54 63488 ----a-w- c:\windows\system32\tdc.ocx
    2012-01-17 19:54 . 2012-01-17 19:54 367104 ----a-w- c:\windows\system32\html.iec
    2012-01-17 19:54 . 2012-01-17 19:54 74752 ----a-w- c:\windows\system32\iesetup.dll
    2012-01-17 19:54 . 2012-01-17 19:54 23552 ----a-w- c:\windows\system32\licmgr10.dll
    2012-01-17 19:54 . 2012-01-17 19:54 152064 ----a-w- c:\windows\system32\wextract.exe
    2012-01-17 19:54 . 2012-01-17 19:54 150528 ----a-w- c:\windows\system32\iexpress.exe
    2012-01-17 19:54 . 2012-01-17 19:54 420864 ----a-w- c:\windows\system32\vbscript.dll
    2012-01-17 19:54 . 2012-01-17 19:54 35840 ----a-w- c:\windows\system32\imgutil.dll
    2012-01-17 19:54 . 2012-01-17 19:54 142848 ----a-w- c:\windows\system32\ieUnatt.exe
    2012-01-17 19:54 . 2012-01-17 19:54 11776 ----a-w- c:\windows\system32\mshta.exe
    2012-01-17 19:54 . 2012-01-17 19:54 101888 ----a-w- c:\windows\system32\admparse.dll
    2012-01-13 17:42 . 2012-01-13 17:42 232512 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
    2012-01-11 09:53 . 2012-01-11 09:53 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
    2012-01-10 19:29 . 2012-01-10 19:29 45056 ----a-r- c:\users\sal\AppData\Roaming\Microsoft\Installer\{AC0F06C8-865D-4EC4-99CB-0714E2800880}\vmd.exe_ACB45EC7E21F469AA1111BD96CD51ACF.exe
    2001-09-28 18:00 . 2012-01-10 20:10 164864 ----a-w- c:\program files\UNWISE.EXE
    2012-02-19 22:21 . 2012-02-17 14:57 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-03 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-03 174104]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-03 151064]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-08-19 7711264]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-14 1541416]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
    "UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    2009-07-26 15:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2012-01-10 135664]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2012-01-10 135664]
    R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-12 1343400]
    S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1109000.00C\SYMDS.SYS [2009-08-30 328752]
    S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1109000.00C\SYMEFA.SYS [2011-08-22 173176]
    S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20120215.001\BHDrvx86.sys [2011-12-23 820344]
    S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1109000.00C\ccHPx86.sys [2011-08-04 485512]
    S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-01-13 232512]
    S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20120303.003\IDSvix86.sys [2011-12-15 368248]
    S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2009-05-28 10752]
    S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1109000.00C\Ironx86.SYS [2010-04-29 116784]
    S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\NIS\1109000.00C\SYMTDIV.SYS [2011-08-22 340088]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
    S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
    S2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe [2011-08-04 126400]
    S2 OberonGameConsoleService;Oberon Media Game Console service;c:\program files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe [2009-08-13 44312]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-04 106104]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-10 20464]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-31 187392]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - WS2IFSL
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    SE26mdfl
    bc_ip_f
    websensedcagent
    bgmainsvc
    crystalaps
    hpconfig
    mgisvr
    atimtag
    oracle_load_balancer_60_server-forms6i
    btfirst
    BRGSp50
    nimdbgk
    i81x
    Packet
    dlabmfsm
    ipcsvc
    crauto
    pdlndoem
    hpqwmi
    sbservice
    procdd
    ipodservice
    DMUSBUSBDCam
    point32
    se44unic
    wtwservice
    smserial
    iAimFP5
    TClass2k
    cdr4_2k
    hpqwmiex
    padfsvr
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-03-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2012-01-10 20:04]
    .
    2012-03-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2012-01-10 20:04]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/ig
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    LSP: mswsock.dll
    TCP: DhcpNameServer = 192.168.1.1
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    SafeBoot-mcmscsvc
    SafeBoot-MCODS
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
    "ImagePath"="\"c:\program files\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\17.9.0.12\diMaster.dll\" /prefetch:1"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
    @Denied: (2) (LocalSystem)
    "{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
    27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
    "{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=hex:51,66,7a,6c,4c,1d,38,12,8d,ec,f8,
    7b,2b,25,27,06,e7,c4,bc,f0,98,15,0d,de
    "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
    1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
    "{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}"=hex:51,66,7a,6c,4c,1d,38,12,60,d8,39,
    64,cd,04,79,07,f5,b7,d6,9a,c1,81,e0,1c
    "{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40,
    69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18
    "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
    94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
    "{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
    ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
    "{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}"=hex:51,66,7a,6c,4c,1d,38,12,2d,dd,7a,
    ab,6a,33,56,03,c9,ec,8d,26,b0,f3,64,49
    "{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
    2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
    "{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
    fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
    "{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
    b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
    @Denied: (2) (LocalSystem)
    "Timestamp"=hex:31,ff,96,ab,55,f1,cc,01
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (LocalSystem)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,aa,54,3c,40,f8,a7,c2,45,bc,9f,1d,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,aa,54,3c,40,f8,a7,c2,45,bc,9f,1d,\
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'lsass.exe'(584)
    c:\windows\system32\mswsock.dll
    mswsock.dll 75440000 245760 \\.\globalroot\systemroot\system32\mswsock.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
    c:\windows\system32\taskhost.exe
    c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    c:\windows\system32\WUDFHost.exe
    c:\program files\Samsung\Samsung Update Plus\SUPBackground.exe
    c:\program files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
    c:\program files\Samsung\Samsung Support Center\SSCKbdHk.exe
    c:\windows\System32\rundll32.exe
    c:\windows\system32\conhost.exe
    c:\windows\system32\igfxext.exe
    c:\windows\system32\igfxsrvc.exe
    c:\windows\system32\igfxsrvc.exe
    c:\program files\Synaptics\SynTP\SynTPHelper.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    c:\windows\system32\sppsvc.exe
    .
    **************************************************************************
    .
    Completion time: 2012-03-03 15:31:18 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-03-03 15:31
    .
    Pre-Run: 2,350,895,104 bytes free
    Post-Run: 2,284,724,224 bytes free
    .
    - - End Of File - - 0E5A404F89A2426CA4C3BB1C0214D31C
     
  6. shahed92

    shahed92 TS Rookie Topic Starter

    i have done everything that you said but i am still getting redirected, is there something else i need to do?
     
  7. Bobbye

    Bobbye Helper on the Fringe Posts: 16,335   +36

    Per Combofix directions:
    You had these enabled:
    .Which is most likely why you had to run Combofix in:
    - REDUCED FUNCTIONALITY MODE -

    Please disconnect from the internet, disable the security and run the following with the security off:

    Custom CFScript

    • [1]. Close any open browsers.
      [2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      [3]. Open notepad> click on Format> Uncheck 'Word Wrap> and copy/paste the text in the code below into it:
    Code:
    FileLook::
    C:\windows\system32\conhost.exe
    C:\windows\system32\conhost.exe
    
    Save this as CFScript.txt, in the same location as ComboFix.exe
    [​IMG]

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it will produce a log for you at C:\ComboFix.txt . Please paste into to your next reply.
    ====================
    Next this online virus scan:
    To run the Eset Online Virus Scan:
    If you use Internet Explorer:
    1. Open the ESETOnlineScan
    2. Skip to #4 to "Continue with the directions"

      If you are using a browser other than Internet Explorer
    3. Open Eset Smart Installer
      [o] Click on the esetsmartinstaller_enu.exelink and save to the desktop.
      [o] Double click on the desktop icon to run.
      [o] After successful installation of the ESET Smart Installer, the ESET Online Scanner will be launched in a new Window
    4. Continue with the directions.
    5. Check 'Yes I accept terms of use.'
    6. Click Start button
    7. Accept any security warnings from your browser.
      [​IMG]
    8. Uncheck 'Remove found threats'
    9. Check 'Scan archives/
    10. Leave remaining settings as is.
    11. Press the Start button.
    12. ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
    13. When the scan completes, press List of found threats
    14. Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
    15. Push the Back button, then Finish
    NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
    ========================================
    Please leave logs in next reply.
    ======================================
    Comment: I note that Windows 7 Home Premium has Install Date: 02/05/2010
    But there are No restore point in system.
    Updates show only for .NET Frmework

    Why is this?

    Net Framework updates nly
     
  8. shahed92

    shahed92 TS Rookie Topic Starter

    Logs

    Ok i have disabled the antivirus and done what you said, here are the logs:

    ComboFix Log:

    ComboFix 12-02-25.02 - sal 04/03/2012 15:16:57.2.2 - x86
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.3005.2133 [GMT 0:00]
    Running from: c:\users\sal\Desktop\ComboFix.exe
    Command switches used :: c:\users\sal\Desktop\CFScript.txt
    AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
    FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
    SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    * Created a new restore point
    .
    - REDUCED FUNCTIONALITY MODE -
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-02-04 to 2012-03-04 )))))))))))))))))))))))))))))))
    .
    .
    2012-03-04 15:19 . 2012-03-04 15:19 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-03-03 15:21 . 2012-03-04 15:23 -------- d-----w- c:\users\sal\AppData\Local\temp
    2012-02-27 14:49 . 2012-02-27 14:49 -------- d-----w- c:\users\sal\AppData\Roaming\Malwarebytes
    2012-02-27 14:48 . 2012-02-27 14:48 -------- d-----w- c:\programdata\Malwarebytes
    2012-02-24 12:23 . 2012-02-24 12:23 162664 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10140.bin
    2012-02-20 13:48 . 2012-02-28 08:33 -------- d-----w- c:\windows\Sun
    2012-02-19 22:24 . 2012-02-20 11:48 -------- d-----w- c:\users\sal\AppData\Local\NPE
    2012-02-19 22:19 . 2012-03-04 15:21 0 --sha-w- c:\windows\system32\dds_trash_log.cmd
    2012-02-19 19:51 . 2012-02-19 19:52 -------- d-----w- c:\users\sal\AppData\Roaming\GetRightToGo
    2012-02-17 18:14 . 2012-02-17 18:14 -------- d-----w- c:\users\Public\CyberLink
    2012-02-17 14:57 . 2012-02-19 22:21 19416 ----a-w- c:\program files\Mozilla Firefox\AccessibleMarshal.dll
    2012-02-17 14:57 . 2012-02-17 14:57 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll
    2012-02-17 14:57 . 2012-02-19 22:21 134104 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
    2012-02-17 14:57 . 2012-02-19 22:21 125912 ----a-w- c:\program files\Mozilla Firefox\crashreporter.exe
    2012-02-17 14:57 . 2012-02-17 14:57 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll
    2012-02-16 15:22 . 2011-12-14 03:32 141112 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
    2012-02-16 12:35 . 2012-01-04 09:03 442880 ----a-w- c:\windows\system32\ntshrui.dll
    2012-02-16 12:32 . 2012-01-03 05:44 478208 ----a-w- c:\windows\system32\timedate.cpl
    2012-02-16 12:32 . 2011-12-16 07:59 690688 ----a-w- c:\windows\system32\msvcrt.dll
    2012-02-16 11:27 . 2012-01-14 03:48 2340864 ----a-w- c:\windows\system32\win32k.sys
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-02-25 16:16 . 2012-01-11 08:35 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-02-20 11:44 . 2009-07-13 23:12 74240 ----a-w- c:\windows\system32\drivers\tdx.sys
    2012-01-17 19:54 . 2012-01-17 19:54 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
    2012-01-17 19:54 . 2012-01-17 19:54 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
    2012-01-17 19:54 . 2012-01-17 19:54 48640 ----a-w- c:\windows\system32\mshtmler.dll
    2012-01-17 19:54 . 2012-01-17 19:54 161792 ----a-w- c:\windows\system32\msls31.dll
    2012-01-17 19:54 . 2012-01-17 19:54 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
    2012-01-17 19:54 . 2012-01-17 19:54 86528 ----a-w- c:\windows\system32\iesysprep.dll
    2012-01-17 19:54 . 2012-01-17 19:54 63488 ----a-w- c:\windows\system32\tdc.ocx
    2012-01-17 19:54 . 2012-01-17 19:54 367104 ----a-w- c:\windows\system32\html.iec
    2012-01-17 19:54 . 2012-01-17 19:54 74752 ----a-w- c:\windows\system32\iesetup.dll
    2012-01-17 19:54 . 2012-01-17 19:54 23552 ----a-w- c:\windows\system32\licmgr10.dll
    2012-01-17 19:54 . 2012-01-17 19:54 152064 ----a-w- c:\windows\system32\wextract.exe
    2012-01-17 19:54 . 2012-01-17 19:54 150528 ----a-w- c:\windows\system32\iexpress.exe
    2012-01-17 19:54 . 2012-01-17 19:54 420864 ----a-w- c:\windows\system32\vbscript.dll
    2012-01-17 19:54 . 2012-01-17 19:54 35840 ----a-w- c:\windows\system32\imgutil.dll
    2012-01-17 19:54 . 2012-01-17 19:54 142848 ----a-w- c:\windows\system32\ieUnatt.exe
    2012-01-17 19:54 . 2012-01-17 19:54 11776 ----a-w- c:\windows\system32\mshta.exe
    2012-01-17 19:54 . 2012-01-17 19:54 101888 ----a-w- c:\windows\system32\admparse.dll
    2012-01-13 17:42 . 2012-01-13 17:42 232512 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
    2012-01-11 09:53 . 2012-01-11 09:53 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
    2012-01-10 19:29 . 2012-01-10 19:29 45056 ----a-r- c:\users\sal\AppData\Roaming\Microsoft\Installer\{AC0F06C8-865D-4EC4-99CB-0714E2800880}\vmd.exe_ACB45EC7E21F469AA1111BD96CD51ACF.exe
    2001-09-28 18:00 . 2012-01-10 20:10 164864 ----a-w- c:\program files\UNWISE.EXE
    2012-02-19 22:21 . 2012-02-17 14:57 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    (((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    --- c:\windows\system32\conhost.exe ---
    Company: Microsoft Corporation
    File Description: Console Window Host
    File Version: 6.1.7600.16385 (win7_rtm.090713-1255)
    Product Name: Microsoft® Windows® Operating System
    Copyright: © Microsoft Corporation. All rights reserved.
    Original Filename: CONHOST.EXE.MUI
    File size: 271360
    Created time: 2012-01-11 11:44
    Modified time: 2011-07-16 04:31
    MD5: B5C8881951776ECD34ED2929B1AF975D
    SHA1: 2F88215FF7E59160F15E52F2EE3FD1FC4277E663
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-03 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-03 174104]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-03 151064]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-08-19 7711264]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-14 1541416]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
    "UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
    2009-07-26 15:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
    .
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2012-01-10 135664]
    R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2012-01-10 135664]
    R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-01-12 1343400]
    S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NIS\1109000.00C\SYMDS.SYS [2009-08-30 328752]
    S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NIS\1109000.00C\SYMEFA.SYS [2011-08-22 173176]
    S1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\BASHDefs\20120215.001\BHDrvx86.sys [2011-12-23 820344]
    S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\NIS\1109000.00C\ccHPx86.sys [2011-08-04 485512]
    S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-01-13 232512]
    S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_17.0.0.136\Definitions\IPSDefs\20120303.003\IDSvix86.sys [2011-12-15 368248]
    S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [2009-05-28 10752]
    S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NIS\1109000.00C\Ironx86.SYS [2010-04-29 116784]
    S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\System32\Drivers\NIS\1109000.00C\SYMTDIV.SYS [2011-08-22 340088]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
    S2 NIS;Norton Internet Security;c:\program files\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe [2011-08-04 126400]
    S2 OberonGameConsoleService;Oberon Media Game Console service;c:\program files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe [2009-08-13 44312]
    S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-02-04 106104]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-31 187392]
    .
    .
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    SE26mdfl
    bc_ip_f
    websensedcagent
    bgmainsvc
    crystalaps
    hpconfig
    mgisvr
    atimtag
    oracle_load_balancer_60_server-forms6i
    btfirst
    BRGSp50
    nimdbgk
    i81x
    Packet
    dlabmfsm
    ipcsvc
    crauto
    pdlndoem
    hpqwmi
    sbservice
    procdd
    ipodservice
    DMUSBUSBDCam
    point32
    se44unic
    wtwservice
    smserial
    iAimFP5
    TClass2k
    cdr4_2k
    hpqwmiex
    padfsvr
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-03-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2012-01-10 20:04]
    .
    2012-03-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2012-01-10 20:04]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.com/ig
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    LSP: mswsock.dll
    TCP: DhcpNameServer = 192.168.1.1
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
    "ImagePath"="\"c:\program files\Norton Internet Security\Engine\17.9.0.12\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files\Norton Internet Security\Engine\17.9.0.12\diMaster.dll\" /prefetch:1"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
    @Denied: (2) (LocalSystem)
    "{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
    27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
    "{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}"=hex:51,66,7a,6c,4c,1d,38,12,8d,ec,f8,
    7b,2b,25,27,06,e7,c4,bc,f0,98,15,0d,de
    "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
    1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
    "{602ADB0E-4AFF-4217-8AA1-95DAC4DFA408}"=hex:51,66,7a,6c,4c,1d,38,12,60,d8,39,
    64,cd,04,79,07,f5,b7,d6,9a,c1,81,e0,1c
    "{6D53EC84-6AAE-4787-AEEE-F4628F01010C}"=hex:51,66,7a,6c,4c,1d,38,12,ea,ef,40,
    69,9c,24,e9,02,d1,f8,b7,22,8a,5f,45,18
    "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
    94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
    "{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
    ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
    "{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}"=hex:51,66,7a,6c,4c,1d,38,12,2d,dd,7a,
    ab,6a,33,56,03,c9,ec,8d,26,b0,f3,64,49
    "{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
    2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
    "{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
    fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
    "{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
    b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
    @Denied: (2) (LocalSystem)
    "Timestamp"=hex:31,ff,96,ab,55,f1,cc,01
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (LocalSystem)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,aa,54,3c,40,f8,a7,c2,45,bc,9f,1d,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,aa,54,3c,40,f8,a7,c2,45,bc,9f,1d,\
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'lsass.exe'(584)
    c:\windows\system32\mswsock.dll
    mswsock.dll 74bf0000 245760 \\.\globalroot\systemroot\system32\mswsock.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
    c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
    c:\windows\system32\taskhost.exe
    c:\program files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
    c:\program files\Samsung\Samsung Support Center\SSCKbdHk.exe
    c:\windows\system32\igfxext.exe
    c:\windows\system32\igfxsrvc.exe
    c:\windows\system32\conhost.exe
    c:\windows\system32\igfxsrvc.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    c:\program files\Synaptics\SynTP\SynTPHelper.exe
    c:\windows\system32\sppsvc.exe
    .
    **************************************************************************
    .
    Completion time: 2012-03-04 15:28:41 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-03-04 15:28
    ComboFix2.txt 2012-03-03 15:31
    .
    Pre-Run: 2,206,941,184 bytes free
    Post-Run: 2,536,235,008 bytes free
    .
    - - End Of File - - 260D11F5BCC26F4FB2BDCF75D667CB5C

    And here is the ESET Log:

    C:\Users\sal\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized\C\Users\sal\AppData\Roaming\Sun\Java\Deployment\cache\javapi\v1.0\jar\jav2.jar-34f22789-3539d81c.zip Java/Exploit.CVE-2011-3544.AV trojan
    C:\Windows\$NtUninstallKB20903$\systemprofile\AppData\Roaming\Sun\Java\Deployment\cache\javapi\v1.0\jar\jav2.jar-2d8cfad4-64b55814.zip Java/Exploit.CVE-2011-3544.AU trojan
    C:\Windows\$NtUninstallKB20903$\systemprofile\AppData\Roaming\Sun\Java\Deployment\cache\javapi\v1.0\jar\jav2.jar-477e2791-40765a6a.zip Java/Exploit.CVE-2011-3544.AV trojan
    C:\Windows\System32\AsDsm.dll probably a variant of Win32/Sirefef.ER trojan
    C:\Windows\System32\usbcm.dll probably a variant of Win32/Sirefef.ER trojan
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Sun\Java\Deployment\cache\javapi\v1.0\jar\jav2.jar-2d8cfad4-64b55814.zip Java/Exploit.CVE-2011-3544.AU trojan
    C:\Windows\System32\config\systemprofile\AppData\Roaming\Sun\Java\Deployment\cache\javapi\v1.0\jar\jav2.jar-477e2791-40765a6a.zip Java/Exploit.CVE-2011-3544.AV trojan
    C:\Windows\System32\drivers\afd.sys a variant of Win32/Sirefef.DA trojan
    C:\Windows\winsxs\x86_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16802_none_d81220b5bf827af7\afd.sys a variant of Win32/Sirefef.DA trojan
    Operating memory Win32/Sirefef.DN trojan
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...