Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

virus radio playing in background and redirecting websites

(New)
(!)

mimisee's Avatar
mimisee mimisee is offline
Computer Specs
Junior Member with 17 posts.
THREAD STARTER
 
Join Date: Oct 2011
Experience: Beginner
24-Oct-2011, 12:46 AM #1
Red face virus radio playing in background and redirecting websites
Hello and Thank You for being here!! I have some virus that was playing music in the background and I couldn't find a player to turn off, more recently my computer is running really really slow, and I am redirected to spam sites on the internet.

Here is the HiJack This log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 9:51:24 PM, on 10/23/2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16869)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\explorer.exe
C:\Users\mi\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\mi\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\mi\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\mi\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\mi\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\mi\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\mi\Downloads\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cool-itv.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.ro
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.ro
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.ro
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.ro
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.google.ro
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.ro
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Google Update] "C:\Users\mi\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: RescueTime.lnk = C:\Program Files\RescueTime\RescueTime.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Realtek11nSU - Realtek - C:\Program Files\Hawking\11n USB Wireless LAN Utility\RtlService.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: WlanWpsSvc - Unknown owner - C:\Program Files\D-Link\DWA-130 revE\WlanWpsSvc.exe

--
End of file - 8127 bytes

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_20
Run by mi at 21:54:30 on 2011-10-23
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2038.527 [GMT -7:00]
.
AV: AVG Anti-Virus Free *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Windows\system32\lsm.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Hawking\11n USB Wireless LAN Utility\RtlService.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\D-Link\DWA-130 revE\WlanWpsSvc.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\explorer.exe
C:\Users\mi\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\mi\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\mi\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Users\mi\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\mi\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://cool-itv.net
mDefault_Search_URL = hxxp://www.google.ro
mSearch Page = hxxp://www.google.ro
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.ro
mSearchAssistant = hxxp://www.google.ro
mCustomizeSearch = hxxp://www.google.ro
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [Google Update] "c:\users\mi\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\users\mi\appdata\roaming\micros~1\windows\startm~1\programs\startup\resc ue~1.lnk - c:\program files\rescuetime\RescueTime.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.254
TCP: Interfaces\{76C77F95-8235-48B2-A5A9-7E9A90A1A5F5} : DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
TCP: Interfaces\{7CB4A924-AD03-4A8A-8D42-D8E1D7833833} : DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
TCP: Interfaces\{7CB4A924-AD03-4A8A-8D42-D8E1D7833833}\C696E6B6379737 : DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
TCP: Interfaces\{AFF9ABAE-20ED-472E-B33E-94A36922504E} : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{AFF9ABAE-20ED-472E-B33E-94A36922504E}\05947454F4E402B494E474 : DhcpNameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{AFF9ABAE-20ED-472E-B33E-94A36922504E}\362637023716C6F6E6 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{AFF9ABAE-20ED-472E-B33E-94A36922504E}\365627562627F6723702E6564777F627B6 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{AFF9ABAE-20ED-472E-B33E-94A36922504E}\374607C6 : DhcpNameServer = 192.168.0.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: avgrsstx.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\mi\appdata\roaming\mozilla\firefox\profiles\wfl12ia5.default\
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\users\mi\appdata\local\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\users\mi\appdata\roaming\move networks\plugins\npqmp071505000011.dll
FF - plugin: c:\users\mi\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\mi\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
.
============= SERVICES / DRIVERS ===============
.
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-1-22 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-1-22 29584]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-1-22 243152]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
R4 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-10-23 41272]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 MRV6X32U;Marvell TOPDOG 802.11n WLAN Driver for Vista x86 (USB8x);c:\windows\system32\drivers\MRVW24B.sys [2008-3-19 310016]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\rtl8192su.sys [2010-9-8 583680]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
.
=============== Created Last 30 ================
.
2011-10-24 04:02:49 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-10-21 00:40:15 54016 ----a-w- c:\windows\system32\drivers\slvuw.sys
2011-10-20 21:45:58 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-10-20 20:56:34 -------- d-----w- c:\windows\system32\appmgmt
2011-10-20 20:42:41 -------- d-s---w- C:\ComboFix
2011-10-20 19:27:34 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-10-20 19:27:33 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2011-10-20 19:27:33 773080 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
2011-10-20 19:27:33 478168 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
2011-10-20 19:27:33 1833944 ----a-w- c:\program files\mozilla firefox\mozjs.dll
2011-10-20 19:27:33 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
2011-10-20 19:27:32 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2011-10-20 19:27:32 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
2011-10-15 21:01:14 75776 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-15 21:01:14 465408 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-15 21:01:14 204288 ----a-w- c:\windows\system32\MSNP.ax
2011-10-15 21:01:13 72704 ----a-w- c:\windows\system32\Mpeg2Data.ax
2011-10-15 21:01:13 59904 ----a-w- c:\windows\system32\MSDvbNP.ax
2011-10-15 21:01:09 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-15 21:01:09 233472 ----a-w- c:\windows\system32\oleacc.dll
2011-10-15 21:01:03 2332672 ----a-w- c:\windows\system32\win32k.sys
2011-09-29 04:08:54 -------- d-----w- c:\users\mi\appdata\local\ElevatedDiagnostics
.
==================== Find3M ====================
.
2011-10-01 02:59:14 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-09-10 03:20:36 75938 ----a-w- c:\windows\system32\Uninstall-TvPlugin-5.4
2011-08-21 08:12:43 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-20 04:38:10 981504 ----a-w- c:\windows\system32\wininet.dll
2011-08-20 04:35:20 44544 ----a-w- c:\windows\system32\licmgr10.dll
2011-08-20 03:26:38 386048 ----a-w- c:\windows\system32\html.iec
.
============= FINISH: 22:05:30.99 ===============


GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-10-23 23:09:20
Windows 6.1.7600
Running: mxhq3dbe.exe; Driver: C:\Users\mi\AppData\Local\Temp\pxldypoc.sys


---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsBackup\ScheduleParams @BackupFlags 268435457

---- Files - GMER 1.0.15 ----

File C:\Users\mi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MWRP84J2\PortalServe[1].htm 0 bytes
File C:\Users\mi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MWRP84J2\programguide[1].htm 0 bytes
File C:\Users\mi\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6ESX5SUB\www.casb.uscourts.gov.\html 0 bytes
File C:\Users\mi\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6ESX5SUB\www.casb.uscourts.gov.\html\cmecf 0 bytes
File C:\Users\mi\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6ESX5SUB\www.casb.uscourts.gov.\html\cmecf\Captivate 0 bytes
File C:\Users\mi\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6ESX5SUB\http://www.casb.uscourts.gov.\html\c...ivate\E_Orders 0 bytes
File C:\Users\mi\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6ESX5SUB\http://www.casb.uscourts.gov.\html\c...s\E_Orders.swf 0 bytes
File C:\Users\mi\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6ESX5SUB\http://www.casb.uscourts.gov.\html\c...stanceInfo.sol 145 bytes
File C:\Users\mi\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6ESX5SUB\http://www.casb.uscourts.gov.\html\c...ivate\MotionRS 0 bytes
File C:\Users\mi\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6ESX5SUB\http://www.casb.uscourts.gov.\html\c...S\MotionRS.swf 0 bytes
File C:\Users\mi\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6ESX5SUB\http://www.casb.uscourts.gov.\html\c...stanceInfo.sol 120 bytes
File C:\Users\mi\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.casb.uscourts.gov.\settings.sol 92 bytes

---- EOF - GMER 1.0.15 ----

Last edited by mimisee; 24-Oct-2011 at 01:14 AM..
mimisee's Avatar
mimisee mimisee is offline
Computer Specs
Junior Member with 17 posts.
THREAD STARTER
 
Join Date: Oct 2011
Experience: Beginner
24-Oct-2011, 01:16 AM #2
I have attached the attach.txt file
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
mimisee's Avatar
mimisee mimisee is offline
Computer Specs
Junior Member with 17 posts.
THREAD STARTER
 
Join Date: Oct 2011
Experience: Beginner
04-Nov-2011, 12:22 AM #3
Virus deleted all restore points!
Can I please have some help? I hope someone is available
Larusso's Avatar
Larusso Larusso is offline Larusso is authorized to help remove malware.
Malware Removal Specialist with 808 posts.
 
Join Date: Aug 2011
Location: Austria
Experience: learning every day
04-Nov-2011, 10:57 AM #4
Hi and welcome to TSG.

I am reviewing your logs and will respond with a reply as soon as I can.

Please note that all my replies are reviewed by a qualified Analyst before I post. This ensures that you will continue to receive quality expert assistance.

Thank you for your patience.
Larusso's Avatar
Larusso Larusso is offline Larusso is authorized to help remove malware.
Malware Removal Specialist with 808 posts.
 
Join Date: Aug 2011
Location: Austria
Experience: learning every day
04-Nov-2011, 03:59 PM #5
Hy
my name is Daniel and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully.
  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, I will have to unsubscribe from this thread and move on to assist someone else.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.



Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.exe and save it to your desktop
  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Cure. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt

Please post the contents of that log in your next reply.



Please launch DDS
  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt
  • Save both reports to your desktop and post both in your next reply



Please post in your next reply
TDSSKiller Log
dds.txt
attach.txt
mimisee's Avatar
mimisee mimisee is offline
Computer Specs
Junior Member with 17 posts.
THREAD STARTER
 
Join Date: Oct 2011
Experience: Beginner
05-Nov-2011, 04:13 PM #6
Thanks for your help Daniel - I am trying to run tdsskiller and it's being blocked.
mimisee's Avatar
mimisee mimisee is offline
Computer Specs
Junior Member with 17 posts.
THREAD STARTER
 
Join Date: Oct 2011
Experience: Beginner
05-Nov-2011, 04:42 PM #7
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 1/22/2010 9:30:22 PM
System Uptime: 11/5/2011 1:48:17 PM (1 hours ago)
.
Motherboard: Hewlett-Packard | | 30D9
Processor: Intel(R) Pentium(R) Dual CPU T2370 @ 1.73GHz | CPU | 1317/533mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 221 GiB total, 88.194 GiB free.
D: is FIXED (NTFS) - 12 GiB total, 1.973 GiB free.
E: is CDROM ()
F: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET\0000
Service: CVirtA
.
==== System Restore Points ===================
.
RP149: 6/28/2011 11:02:17 PM - Windows Update
RP150: 7/7/2011 8:58:21 PM - Scheduled Checkpoint
RP151: 7/13/2011 3:01:01 AM - Windows Update
RP152: 7/23/2011 6:58:34 PM - Scheduled Checkpoint
RP153: 7/23/2011 7:07:21 PM - Restore Operation
RP154: 7/26/2011 3:00:21 AM - Windows Update
RP155: 8/5/2011 9:53:11 PM - Scheduled Checkpoint
RP156: 8/12/2011 3:00:50 AM - Windows Update
RP157: 8/14/2011 11:49:49 AM - Installed PDFill PDF Editor with FREE Writer and FREE Tools
RP158: 8/26/2011 3:00:35 AM - Windows Update
RP159: 9/9/2011 3:00:50 AM - Windows Update
RP160: 9/18/2011 3:00:44 AM - Windows Update
RP161: 9/29/2011 5:37:03 PM - Scheduled Checkpoint
RP162: 10/3/2011 3:00:19 AM - Windows Update
RP163: 10/15/2011 9:13:47 PM - Scheduled Checkpoint
RP164: 10/16/2011 3:00:36 AM - Windows Update
RP166: 10/20/2011 1:55:42 PM - Removed Nitro PDF Reader 2
RP168: 10/20/2011 2:29:51 PM - Removed Microsoft Visual C++ 2005 Redistributable
RP169: 10/23/2011 9:37:45 PM - Removed PDFill PDF Editor with FREE Writer and FREE Tools
RP170: 10/23/2011 9:48:30 PM - Windows Backup
RP171: 10/31/2011 8:08:05 PM - Scheduled Checkpoint
RP172: 11/3/2011 10:30:15 PM - Restore Operation
RP173: 11/3/2011 11:26:33 PM - Windows Update
RP174: 11/5/2011 1:15:48 PM - Restore Operation
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop 7.0
Adobe Reader 9.3
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Audible Download Manager
AVG Free 9.0
BitTorrent
Bonjour
CCleaner
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Cisco Systems VPN Client 5.0.07.0290
Conexant HD Audio
CutePDF Writer 2.8
D-Link DWA-130 Wireless N USB Adapter
DivX Plus Web Player
FREEzeFlip
Google Chrome
Google Talk Plugin
Hawking HWDN2 Hi-Gain Wireless-N USB Dish Adapter Driver and Utility
HDAUDIO Soft Data Fax Modem with SmartCP
Intel(R) Graphics Media Accelerator Driver
Intel(R) TV Wizard
iTunes
Java Auto Updater
Java(TM) 6 Update 20
Liberty Court Player 5.1 (build 249)
LightScribe System Software
Linksys Wireless-N USB Network Adapter WUSB300N
Malwarebytes' Anti-Malware version 1.51.1.1800
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Save as PDF Add-in for 2007 Microsoft Office programs
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
MobileMe Control Panel
Move Media Player
Mozilla Firefox (3.6.20)
Nitro PDF Reader 2
OGA Notifier 2.0.0048.0
PDFCreator
PDFill PDF Editor with FREE Writer and FREE Tools
PrimoPDF -- brought to you by Nitro PDF Software
QuickTime
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2509488)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft Office 2007 System (KB2541012)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2541007)
Security Update for Microsoft Office Groove 2007 (KB2494047)
Security Update for Microsoft Office InfoPath 2007 (KB2510061)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Skype Toolbars
Skype™ 5.0
Spybot - Search & Destroy
Touch Pad Driver
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2509470)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2586924)
VC80CRTRedist - 8.0.50727.4053
Video Booth
VLC media player 1.1.5
WinRAR archiver
.
==== Event Viewer Messages From Past Week ========
.
11/5/2011 1:54:29 PM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
10/31/2011 8:44:46 PM, Error: Microsoft-Windows-HAL [12] - The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.
10/31/2011 11:26:52 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AudioEndpointBuilder service.
.
==== End Of File ===========================


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_20
Run by mi at 14:09:00 on 2011-11-05
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2038.710 [GMT -7:00]
.
AV: AVG Anti-Virus Free *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe
C:\Program Files\Hawking\11n USB Wireless LAN Utility\RtlService.exe
C:\Program Files\Hawking\11n USB Wireless LAN Utility\RtWlan.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files\D-Link\DWA-130 revE\WlanWpsSvc.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Apoint2K\ApMsgFwd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wuauclt.exe
C:\Users\mi\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
C:\Program Files\D-Link\DWA-130 revE\wirelesscm.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\AVG\AVG9\avgscanx.exe
C:\Windows\system32\conhost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Users\mi\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\mi\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\mi\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\mi\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Users\mi\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [Google Update] "c:\users\mi\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [FREEzeFlipSA] "c:\program files\freezeflip\bin\2.0.3.0\FREEzeFlipSA.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\audibl~1.lnk - c:\program files\audible\bin\AudibleDownloadHelper.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{b0bf7057-6869-4e4b-920c-ea2a58da07f0}\Icon3E5562ED7.ico
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\wirele~1.lnk - c:\program files\d-link\dwa-130 reve\wirelesscm.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {FB858B22-55E2-413f-87F5-30ADC5552151} - c:\program files\plotsoft\pdfill\DownloadPDF.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
TCP: DhcpNameServer = 172.16.42.1
TCP: Interfaces\{76C77F95-8235-48B2-A5A9-7E9A90A1A5F5} : DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
TCP: Interfaces\{7CB4A924-AD03-4A8A-8D42-D8E1D7833833} : DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
TCP: Interfaces\{7CB4A924-AD03-4A8A-8D42-D8E1D7833833}\C696E6B6379737 : DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
TCP: Interfaces\{AFF9ABAE-20ED-472E-B33E-94A36922504E} : DhcpNameServer = 172.16.42.1
TCP: Interfaces\{AFF9ABAE-20ED-472E-B33E-94A36922504E}\05947454F4E402B494E474 : DhcpNameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{AFF9ABAE-20ED-472E-B33E-94A36922504E}\362637023716C6F6E6 : DhcpNameServer = 192.168.1.254
TCP: Interfaces\{AFF9ABAE-20ED-472E-B33E-94A36922504E}\365627562627F6723702E6564777F627B6 : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{AFF9ABAE-20ED-472E-B33E-94A36922504E}\374607C6 : DhcpNameServer = 192.168.0.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: avgrsstx.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\mi\appdata\roaming\mozilla\firefox\profiles\wfl12ia5.default\
FF - prefs.js: network.proxy.type - 4
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\users\mi\appdata\local\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\users\mi\appdata\roaming\move networks\plugins\npqmp071505000011.dll
FF - plugin: c:\users\mi\appdata\roaming\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\users\mi\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
.
============= SERVICES / DRIVERS ===============
.
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-1-22 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-1-22 29584]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-1-22 243152]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 MRV6X32U;Marvell TOPDOG 802.11n WLAN Driver for Vista x86 (USB8x);c:\windows\system32\drivers\MRVW24B.sys [2008-3-19 310016]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\rtl8192su.sys [2010-9-8 583680]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
.
=============== Created Last 30 ================
.
2011-11-04 05:58:23 571904 ------w- c:\windows\system32\oleaut32.dll
2011-11-04 05:58:23 233472 ------w- c:\windows\system32\oleacc.dll
2011-11-04 05:56:17 981504 ------w- c:\windows\system32\wininet.dll
2011-10-20 20:56:34 -------- d-----w- c:\windows\system32\appmgmt
2011-10-20 20:42:41 -------- d-----w- C:\ComboFix
.
==================== Find3M ====================
.
2011-08-21 08:12:43 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
============= FINISH: 14:20:01.31 ===============
Larusso's Avatar
Larusso Larusso is offline Larusso is authorized to help remove malware.
Malware Removal Specialist with 808 posts.
 
Join Date: Aug 2011
Location: Austria
Experience: learning every day
05-Nov-2011, 07:51 PM #8
Hy there,

Lets try to rename TDSSKiller.exe. First we need to change some systemsettings.


Go to My Computer > Organize > Folder and Search Options and open the View tab.
Untick Hide extensions from known file types.
Click Apply and OK.

Right- click on the TDSSKiller.exe --> Rename and type Larusso.com

Try to run TDSSKiller again as instructed above.
If it still wont run, please post me the exact error message.



Please download aswMBR.exe and save it to your desktop.
  • Double click aswMBR.exe to start the tool.
    Vista/Windows 7 users: Right click to "Run as Administrator"

  • The tool may ask you
    Quote:
    This application can use AVAST! Free Antivirus to scanning
    Would you like to download latest AVAST! virus definitions ?
    Please click No

  • Click Scan
  • Upon completion of the scan, click Save log and save it to your desktop, and post the aswmbr.txt in your next reply for review. Note - do NOT attempt any Fix yet.
  • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.



Please post in your next reply
TDSSKiller Log
aswmbr.txt
mimisee's Avatar
mimisee mimisee is offline
Computer Specs
Junior Member with 17 posts.
THREAD STARTER
 
Join Date: Oct 2011
Experience: Beginner
06-Nov-2011, 02:38 PM #9
HI Daniel

Still not working.. I don't receive any error message. A window pops up asking: "Do you want to allow the following program to make changes to this computer?" - I click 'yes' and nothing happens.

The aswmbr is also not working. i tried giving a .com extension and still no.
Larusso's Avatar
Larusso Larusso is offline Larusso is authorized to help remove malware.
Malware Removal Specialist with 808 posts.
 
Join Date: Aug 2011
Location: Austria
Experience: learning every day
06-Nov-2011, 05:13 PM #10
Looks like a funny one Lets try a different tool.


Please download and scan with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/comb...o-use-combofix

Note: Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
You can use this thread as a guide.

Please include the C:\ComboFix.txt in your next reply for further review.



Please post in your next reply
Combofix.txt
mimisee's Avatar
mimisee mimisee is offline
Computer Specs
Junior Member with 17 posts.
THREAD STARTER
 
Join Date: Oct 2011
Experience: Beginner
06-Nov-2011, 10:24 PM #11
Daniel,

You're not going to believe this! Combofix won't run either. When I double click it I click 'run' and then one screen pops up showing that the program is initializing and then it disappears and nothing happens. grrrr.....

Thanks for your help all the way from Austria and for being patient...
mimisee's Avatar
mimisee mimisee is offline
Computer Specs
Junior Member with 17 posts.
THREAD STARTER
 
Join Date: Oct 2011
Experience: Beginner
06-Nov-2011, 10:25 PM #12
I followed the directions exactly and also disabled my anti-virus...
mimisee's Avatar
mimisee mimisee is offline
Computer Specs
Junior Member with 17 posts.
THREAD STARTER
 
Join Date: Oct 2011
Experience: Beginner
06-Nov-2011, 10:30 PM #13
wow ok it's running now
mimisee's Avatar
mimisee mimisee is offline
Computer Specs
Junior Member with 17 posts.
THREAD STARTER
 
Join Date: Oct 2011
Experience: Beginner
07-Nov-2011, 12:06 AM #14
ComboFix 11-11-06.02 - mi 11/06/2011 19:40:30.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2038.1021 [GMT -8:00]
Running from: c:\users\mi\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *Disabled/Outdated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Anti-Virus Free *Disabled/Outdated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\mi\AppData\Roaming\8C53.504
c:\users\mi\AppData\Roaming\Adobe\plugs
c:\users\mi\AppData\Roaming\Adobe\shed
c:\users\mi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Repair
c:\users\mi\Documents\~WRL0353.tmp
.
.
((((((((((((((((((((((((( Files Created from 2011-10-07 to 2011-11-07 )))))))))))))))))))))))))))))))
.
.
2011-11-07 04:24 . 2011-11-07 04:24 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-11-05 23:29 . 2011-11-05 23:29 -------- d-----w- c:\users\mi\AppData\Roaming\SUPERAntiSpyware.com
2011-11-05 23:29 . 2011-11-05 23:29 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-11-05 23:29 . 2011-11-05 23:29 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-11-05 21:11 . 2011-07-09 04:30 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-05 21:08 . 2011-08-17 04:26 465408 ----a-w- c:\windows\system32\psisdecd.dll
2011-11-05 21:08 . 2011-08-17 04:22 75776 ----a-w- c:\windows\system32\psisrndr.ax
2011-11-05 21:08 . 2011-08-17 04:22 204288 ----a-w- c:\windows\system32\MSNP.ax
2011-11-05 21:08 . 2011-08-17 04:22 72704 ----a-w- c:\windows\system32\Mpeg2Data.ax
2011-11-05 21:08 . 2011-08-17 04:22 59904 ----a-w- c:\windows\system32\MSDvbNP.ax
2011-11-05 21:06 . 2011-08-27 04:43 571904 ----a-w- c:\windows\system32\oleaut32.dll
2011-11-05 21:06 . 2011-08-27 04:43 233472 ----a-w- c:\windows\system32\oleacc.dll
2011-11-05 21:05 . 2011-09-06 02:38 2332672 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-01 02:47 . 2011-04-14 02:09 159080 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10138.bin
2011-08-21 08:12 . 2011-06-28 01:39 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-07-21 2736128]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2011-03-15 2071904]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-24 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-24 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-24 150552]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-22 47904]
"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-10-25 212992]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-14 421160]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-07-07 1047656]
"FREEzeFlipSA"="c:\program files\FREEzeFlip\bin\2.0.3.0\FREEzeFlipSA.exe" [2011-08-11 707584]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-12-12 113664]
Audible Download Manager.lnk - c:\program files\Audible\Bin\AudibleDownloadHelper.exe [2010-10-19 1795488]
VPN Client.lnk - c:\windows\Installer\{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}\Icon3E5562ED7.ico [2010-6-16 6144]
Wireless Connection Manager.lnk - c:\program files\D-Link\DWA-130 revE\wirelesscm.exe [2010-9-8 496896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\Shell ExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCO RE]
@=""
.
R3 MRV6X32U;Marvell TOPDOG 802.11n WLAN Driver for Vista x86 (USB8x);c:\windows\system32\DRIVERS\MRVW24B.sys [2008-03-19 310016]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2009-11-27 583680]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-27 1343400]
S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-07-18 216400]
S1 AvgTdiX;AVG Free Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2011-05-06 243152]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
S2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2010-07-28 921952]
S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-07-18 308136]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 20992]
S2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\progra m files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe [2011-06-22 196912]
S2 Realtek11nSU;Realtek11nSU;c:\program files\Hawking\11n USB Wireless LAN Utility\RtlService.exe [2009-07-10 36864]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 WlanWpsSvc;WlanWpsSvc;c:\program files\D-Link\DWA-130 revE\WlanWpsSvc.exe [2008-06-27 167936]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HsfXAudioService REG_MULTI_SZ HsfXAudioService
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-07-21 19:20 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-11-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2739252426-524843077-1949025162-1000Core.job
- c:\users\mi\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-23 05:48]
.
2011-11-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2739252426-524843077-1949025162-1000UA.job
- c:\users\mi\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-23 05:48]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\mi\AppData\Roaming\Mozilla\Firefox\Profiles\wfl12ia5.default\
FF - prefs.js: network.proxy.type - 4
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-11-06 20:45:09
ComboFix-quarantined-files.txt 2011-11-07 04:45
.
Pre-Run: 93,501,739,008 bytes free
Post-Run: 93,478,916,096 bytes free
.
- - End Of File - - 621DAE6A9FE674006D0741C3EBB74C62
Larusso's Avatar
Larusso Larusso is offline Larusso is authorized to help remove malware.
Malware Removal Specialist with 808 posts.
 
Join Date: Aug 2011
Location: Austria
Experience: learning every day
07-Nov-2011, 04:15 PM #15
You are welcome.

How is your system behaving now ?
Let us try TDSSKIller again. Please delete the current Version Larusso.com

I also see you are using Spybot.
While TeaTimer is an excellent tool for the prevention of spyware, it can sometimes interfere our fixes
Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated when we are done here.
  • Open Spybot Search & Destroy.
  • In the Mode menu click "Advanced mode" if not already selected.
  • Choose "Yes" at the Warning prompt.
  • Expand the "Tools" menu.
  • Click "Resident".
  • Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
  • In the File menu click "Exit" to exit Spybot Search & Destroy.



Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.exe and save it to your desktop
  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Cure. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt

Please post the contents of that log in your next reply.



Please post in your next reply
TDSSKIller Log
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑

Content Relevant URLs by vBSEO 3.3.2