1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Google Redirect Virus HELP Please!

Discussion in 'Virus & Other Malware Removal' started by gimmextra, Apr 4, 2012.

Thread Status:
Not open for further replies.
Advertisement
  1. gimmextra

    gimmextra Thread Starter

    Joined:
    Apr 4, 2012
    Messages:
    54
    Recently i have gotten the google redirect virus. Yesterday i had the gimmeanswers one and i ran things like malwarebytes,tddskiller, and fixtdds and got rid of anything they detected or it might have not detected anything. I can't remember specifically. It seemed to be gone but now, this morning i wake up to google redirecting me to Happili. So far those are the only two sites i have been redirected to. May you please help me get rid of these viruses? I'm currently using a 64bit os so i can't run gmer.

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 11:04:25 AM, on 4/4/2012
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18639)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\ASUS\AASP\1.00.82\aaCenter.exe
    C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
    C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
    C:\Program Files (x86)\RocketDock\RocketDock.exe
    C:\Users\Eugene\Local Settings\Apps\F.lux\flux.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Users\Eugene\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;127.0.0.1:9421;
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe,
    O1 - Hosts: ::1 localhost127.0.0.1 practivate.adobe.com
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll (file missing)
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
    O4 - HKCU\..\Run: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe"
    O4 - HKCU\..\Run: [F.lux] "C:\Users\Eugene\Local Settings\Apps\F.lux\flux.exe" /noshow
    O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-21-2913236317-814230174-4002188810-1001\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'UpdatusUser')
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra button: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files (x86)\Fiddler2\Fiddler.exe" (file missing)
    O9 - Extra 'Tools' menuitem: Fiddler2 - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files (x86)\Fiddler2\Fiddler.exe" (file missing)
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
    O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
    O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
    O23 - Service: IHA_MessageCenter - Unknown owner - C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe (file missing)
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
    O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
    O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files (x86)\Common Files\iS3\Anti-Spyware\SZServer.exe
    O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 9328 bytes

    _______________________________________________________________________________________
    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_24
    Run by Eugene at 11:14:02 on 2012-04-04
    Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.8190.5843 [GMT -4:00]
    .
    AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\PROGRA~2\AVG\AVG2012\avgrsa.exe
    C:\Program Files (x86)\AVG\AVG2012\avgcsrva.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Program Files (x86)\Common Files\iS3\Anti-Spyware\SZServer.exe
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files (x86)\ASUS\AASP\1.00.82\aaCenter.exe
    C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
    C:\Program Files\Microsoft LifeCam\MSCamS64.exe
    C:\Windows\SysWOW64\PnkBstrA.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files (x86)\AVG\AVG2012\avgnsa.exe
    C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
    C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files (x86)\RocketDock\RocketDock.exe
    C:\Users\Eugene\Local Settings\Apps\F.lux\flux.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\regedit.exe
    C:\Windows\system32\taskmgr.exe
    C:\Users\Eugene\Desktop\HijackThis.exe
    C:\Windows\SysWOW64\NOTEPAD.EXE
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\SysWOW64\cscript.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;
    mWinlogon: Userinit=userinit.exe,
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll
    TB: {724D43A0-0D85-11D4-9908-00400523E39A} - No File
    uRun: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe"
    uRun: [F.lux] "C:\Users\Eugene\Local Settings\Apps\F.lux\flux.exe" /noshow
    uRun: [AdobeBridge]
    uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files (x86)\Fiddler2\Fiddler.exe"
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{6BEFA00E-8A4C-4393-BA36-E7F11AC1A886} : DhcpNameServer = 192.168.1.1 68.237.161.12
    TCP: Interfaces\{8FB02647-45FD-4B43-B5F5-5B9831FA5700} : DhcpNameServer = 192.168.1.1
    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    BHO-X64: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    BHO-X64: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll
    BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File
    BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    BHO-X64: URLRedirectionBHO - No File
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    BHO-X64: Yontoo Layers: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers Runtime\YontooIEClient.dll
    BHO-X64: Yontoo Layers - No File
    TB-X64: {724D43A0-0D85-11D4-9908-00400523E39A} - No File
    mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun-x64: [AVG_TRAY] "C:\Program Files (x86)\AVG\AVG2012\avgtray.exe"
    IE-X64: {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "C:\Program Files (x86)\Fiddler2\Fiddler.exe"
    SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Eugene\AppData\Roaming\Mozilla\Firefox\Profiles\tryg8wpz.default\
    FF - prefs.js: browser.startup.homepage - www.yahoo.com
    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
    FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
    FF - plugin: C:\Users\Eugene\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSEH;AVGIDSEH;C:\Windows\system32\DRIVERS\AVGIDSEH.Sys --> C:\Windows\system32\DRIVERS\AVGIDSEH.Sys [?]
    R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
    R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?]
    R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
    R1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
    R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
    R1 SBRE;SBRE;\??\C:\Windows\system32\drivers\SBREdrv.sys --> C:\Windows\system32\drivers\SBREdrv.sys [?]
    R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe [2011-10-12 4433248]
    R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe [2011-8-2 192776]
    R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-2-28 2343816]
    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-4-2 652360]
    R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-7-2 2214504]
    R2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-9-17 2358656]
    R3 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys --> C:\Windows\system32\DRIVERS\AVGIDSDriver.Sys [?]
    R3 AVGIDSFilter;AVGIDSFilter;C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys --> C:\Windows\system32\DRIVERS\AVGIDSFilter.Sys [?]
    R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
    R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\Windows\system32\Drivers\nx6000.sys --> C:\Windows\system32\Drivers\nx6000.sys [?]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;C:\Windows\system32\drivers\nvhda64v.sys --> C:\Windows\system32\drivers\nvhda64v.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 IHA_MessageCenter;IHA_MessageCenter;"C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe" --> C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [?]
    S3 Arctosa;Arctosa Keyboard;C:\Windows\system32\drivers\Arctosa.sys --> C:\Windows\system32\drivers\Arctosa.sys [?]
    S3 Gun;Gun;C:\Game\SoftnyxGame\GunboundIS\Gun64.sys [2011-9-20 45176]
    S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-1-21 30963576]
    S3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;C:\Windows\system32\DRIVERS\netr28x.sys --> C:\Windows\system32\DRIVERS\netr28x.sys [?]
    S3 NPF;NetGroup Packet Filter Driver;C:\Windows\system32\drivers\npf.sys --> C:\Windows\system32\drivers\npf.sys [?]
    S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?]
    S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    S3 PerfHost;Performance Counter DLL Host;C:\Windows\SysWOW64\perfhost.exe [2008-1-20 19968]
    S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
    S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-3-18 1020768]
    S4 clr_optimization_v2.0.50727_64;Microsoft .NET Framework NGEN v2.0.50727_X64;C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [2010-12-2 93184]
    .
    =============== Created Last 30 ================
    .
    2012-04-03 03:37:43 -------- d-----w- C:\Users\Eugene\AppData\Local\PackageAware
    2012-04-03 00:42:42 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-04-02 23:48:48 57976 ----a-r- C:\Windows\System32\drivers\SBREDrv.sys
    2012-04-02 23:48:44 -------- d-----w- C:\ProgramData\STOPzilla!
    2012-04-02 23:48:44 -------- d-----w- C:\Program Files (x86)\STOPzilla!
    2012-04-02 23:48:44 -------- d-----w- C:\Program Files (x86)\Common Files\iS3
    2012-04-02 23:02:17 -------- d-----w- C:\Users\Eugene\AppData\Roaming\Malwarebytes
    2012-04-02 23:02:12 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys
    2012-04-02 23:02:12 -------- d-----w- C:\ProgramData\Malwarebytes
    2012-04-02 23:02:12 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
    2012-03-31 21:05:56 -------- d-----w- C:\Users\Eugene\AppData\Local\{5804B2D4-7B75-11E1-826D-B8AC6F996F26}
    2012-03-31 20:50:42 -------- d-----w- C:\Users\Eugene\AppData\Local\TrinityEntertainmentNetwo
    2012-03-29 20:59:36 23376 ----a-r- C:\Windows\SysWow64\SZIO5.dll
    2012-03-29 20:59:24 546640 ----a-r- C:\Windows\SysWow64\SZComp5.dll
    2012-03-29 20:59:18 481104 ----a-r- C:\Windows\SysWow64\SZBase5.dll
    2012-03-25 02:05:57 592824 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll
    2012-03-25 02:05:57 44472 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
    2012-03-12 22:15:45 29696 ----a-w- C:\Windows\System32\drivers\tunnel.sys
    2012-03-12 22:15:45 224256 ----a-w- C:\Windows\System32\iphlpsvc.dll
    2012-03-11 18:01:08 -------- d-----w- C:\Nexon
    2012-03-10 21:49:41 -------- d-----w- C:\Perfect World Entertainment
    2012-03-10 21:48:20 -------- d-----w- C:\Windows\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP
    2012-03-10 21:48:04 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
    2012-03-10 21:46:59 2582888 ----a-w- C:\Windows\System32\D3DCompiler_42.dll
    2012-03-10 13:40:19 -------- d-----w- C:\Program Files (x86)\NirSoft
    2012-03-10 04:14:51 -------- d-----w- C:\Users\Eugene\AppData\Local\LogMeIn Hamachi
    2012-03-10 04:14:09 -------- d-----w- C:\Program Files (x86)\LogMeIn Hamachi
    .
    ==================== Find3M ====================
    .
    2012-03-16 00:41:51 298016 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
    2012-03-16 00:41:51 298016 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
    2012-03-16 00:41:10 281408 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
    2012-03-10 22:17:05 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
    2012-02-23 18:09:44 29008 ----a-r- C:\Windows\SysWow64\IS3XDat5.dll
    2012-02-23 18:09:42 390992 ----a-r- C:\Windows\SysWow64\IS3UI5.dll
    2012-02-23 18:09:42 231248 ----a-r- C:\Windows\SysWow64\IS3Win325.dll
    2012-02-23 18:09:40 100176 ----a-r- C:\Windows\SysWow64\IS3Svc5.dll
    2012-02-23 18:09:34 132944 ----a-r- C:\Windows\SysWow64\IS3HTUI5.dll
    2012-02-23 18:09:34 104272 ----a-r- C:\Windows\SysWow64\IS3Inet5.dll
    2012-02-23 18:09:32 67408 ----a-r- C:\Windows\SysWow64\IS3Hks5.dll
    2012-02-23 18:09:32 456528 ----a-r- C:\Windows\SysWow64\IS3DBA5.dll
    2012-02-23 18:09:30 808784 ----a-r- C:\Windows\SysWow64\IS3Base5.dll
    2012-02-18 02:30:13 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-01-19 14:22:08 45936 ----a-r- C:\Windows\System32\SBBD.EXE
    .
    ============= FINISH: 11:14:32.61 ===============
     

    Attached Files:

  2. gimmextra

    gimmextra Thread Starter

    Joined:
    Apr 4, 2012
    Messages:
    54
    can someone help with this? If the virus is still in my system i don't want it to taking personal information.
     
  3. gimmextra

    gimmextra Thread Starter

    Joined:
    Apr 4, 2012
    Messages:
    54
  4. gimmextra

    gimmextra Thread Starter

    Joined:
    Apr 4, 2012
    Messages:
    54
  5. Deejay100six

    Deejay100six

    Joined:
    Sep 27, 2011
    Messages:
    496
    Hi and welcome to TSG.

    I am reviewing your logs and will respond with a reply as soon as I can.

    Please note that all my replies are reviewed by a qualified Analyst before I post. This ensures that you will continue to receive quality expert assistance.

    Thank you for your patience.
     
  6. gimmextra

    gimmextra Thread Starter

    Joined:
    Apr 4, 2012
    Messages:
    54
    alright thank you
     
  7. Deejay100six

    Deejay100six

    Joined:
    Sep 27, 2011
    Messages:
    496
    You're welcome.

    The business of researching logs is very time consuming, as I'm sure you can imagine. Also, after I create a fix, I have to wait for it to be reviewed by my teachers. They are not online 24hrs a day so it could be anything up to 24hrs before I have a response.

    Thankyou for you patience.
     
  8. Deejay100six

    Deejay100six

    Joined:
    Sep 27, 2011
    Messages:
    496
    Hi, my name is Dave and I will be helping you to clean any malware which may be present on your system.

    Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers or live internet connections when you are following the procedures below.



    • Note that the fix may take several posts. Please continue to respond to my instructions until I confirm that your logs are clean. Remember that although your symptoms may vanish, this does NOT mean that your system is clean.
    • If there is anything you don't understand, please ask BEFORE proceeding with the fixes.
    • Please ensure that you follow the instructions in the order I have them listed.
    • Please do not install or uninstall any programmes, or run any other scanners or software, unless I specifically ask you to do so. Also please copy and paste logs into your thread. If the logs are too big to post in one reply, please feel free to use more posts. Do NOT add them as attachments unless specifically instructed.
    • If I don't hear from you within 3 days from this initial or any subsequent post, I will have to unsubscribe from this thread, which means I will not recieve notifications of any further replies and will move on to assist someone else.


    ------------------------------------------------------------------------------------------------------

    I would urge you to remove StopZilla and refrain from visiting their website. Read more here.

    You can uninstall it via Control Panel >> Programs and Features >> Uninstall a Program.

    ------------------------------------------------------------------------------------------------------

    I see you have P2P software (µTorrent) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation.

    Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

    References for the risk of these programs are here,
    here and here.

    I would strongly recommend that you uninstall it, however that choice is up to you. If you choose to remove this program, you can do so via Control Panel >> Programs and Features >> Uninstall a Program.

    Note; If you choose not to uninstall, please refrain from using such programs until after your system has been declared clean.

    ------------------------------------------------------------------------------------------------------

    Combofix

    We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

    http://www.bleepingcomputer.com/combofix/how-to-use-combofix

    Please read all the information carefully!

    You MUST disable your AntiVirus and AntiSpyware applications - please read this thread as a guide. They may otherwise interfere with our tools and interrupt the cleansing process.

    Please include the log C:\ComboFix.txt in your next reply for further review.

    Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.
     
  9. gimmextra

    gimmextra Thread Starter

    Joined:
    Apr 4, 2012
    Messages:
    54
    Thank you for your reply. I have already removed stopzilla beforehand as i found it quite useless and annoying. As for the P2P software, when i do use it, i usually double check to make sure whatever files being shared is generally safe from previous comments but i will be more careful from now on. Here is the combofix log you wanted:

    ComboFix 12-04-10.02 - Eugene 04/10/2012 15:43:39.1.4 - x64
    Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.8190.6383 [GMT -4:00]
    Running from: c:\users\Eugene\Desktop\ComboFix.exe
    AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\Eugene\AppData\Roaming\Love
    c:\users\Eugene\AppData\Roaming\Love\mari0\mappacks\custom_mappack_1\settings.txt
    c:\users\Eugene\AppData\Roaming\Love\mari0\options.txt
    c:\users\Eugene\AppData\Roaming\Love\not_tetris_2\highscoresA.txt
    c:\users\Eugene\AppData\Roaming\Love\not_tetris_2\highscoresB.txt
    c:\users\Eugene\AppData\Roaming\Love\not_tetris_2\options.txt
    c:\users\Eugene\AppData\Roaming\Love\ortho_robot\save.txt
    .
    c:\windows\System32\bitsadmin.exe . . . is infected!!
    .
    c:\windows\SysWOW64\bitsadmin.exe . . . is infected!!
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-03-10 to 2012-04-10 )))))))))))))))))))))))))))))))
    .
    .
    2012-04-10 20:55 . 2012-04-10 20:57 -------- d-----w- c:\users\Eugene\AppData\Local\temp
    2012-04-10 20:55 . 2012-04-10 20:55 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
    2012-04-10 20:55 . 2012-04-10 20:55 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-04-07 19:31 . 2012-04-07 19:31 -------- d-----w- c:\program files (x86)\Hide Wizard
    2012-04-07 19:29 . 2012-04-07 19:38 -------- d-----w- c:\program files (x86)\AC Tool
    2012-04-06 15:15 . 2012-04-06 15:15 8767136 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
    2012-04-06 14:57 . 2012-04-06 15:15 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-04-04 19:41 . 2012-04-08 00:04 -------- d--h--w- c:\users\Eugene\AppData\Roaming\ijjigame
    2012-04-04 19:39 . 2012-04-08 00:15 -------- d-----w- c:\program files (x86)\REACTOR
    2012-04-04 15:30 . 2012-03-20 07:51 8669240 ------w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FB8E177A-2E86-4597-8A90-7D4ED40AF6C9}\mpengine.dll
    2012-04-03 03:37 . 2012-04-03 03:37 -------- d-----w- c:\users\Eugene\AppData\Local\PackageAware
    2012-04-03 00:42 . 2012-04-03 00:42 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-04-02 23:48 . 2012-01-12 13:28 57976 ----a-r- c:\windows\system32\drivers\SBREDrv.sys
    2012-04-02 23:48 . 2012-04-10 18:14 -------- d-----w- c:\programdata\STOPzilla!
    2012-04-02 23:48 . 2012-04-02 23:48 -------- d-----w- c:\program files (x86)\Common Files\iS3
    2012-04-02 23:02 . 2012-04-02 23:02 -------- d-----w- c:\users\Eugene\AppData\Roaming\Malwarebytes
    2012-04-02 23:02 . 2012-04-02 23:02 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-04-02 23:02 . 2012-04-02 23:02 -------- d-----w- c:\programdata\Malwarebytes
    2012-04-02 23:02 . 2011-12-10 19:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-03-31 21:05 . 2012-03-31 21:05 -------- d-----w- c:\users\Eugene\AppData\Local\{5804B2D4-7B75-11E1-826D-B8AC6F996F26}
    2012-03-31 20:50 . 2012-03-31 20:50 -------- d-----w- c:\users\Eugene\AppData\Local\TrinityEntertainmentNetwo
    2012-03-29 20:59 . 2012-03-29 20:59 23376 ----a-r- c:\windows\SysWow64\SZIO5.dll
    2012-03-29 20:59 . 2012-03-29 20:59 546640 ----a-r- c:\windows\SysWow64\SZComp5.dll
    2012-03-29 20:59 . 2012-03-29 20:59 481104 ----a-r- c:\windows\SysWow64\SZBase5.dll
    2012-03-25 02:05 . 2012-03-25 02:05 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
    2012-03-25 02:05 . 2012-03-25 02:05 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
    2012-03-12 22:15 . 2010-02-18 14:21 224256 ----a-w- c:\windows\system32\iphlpsvc.dll
    2012-03-12 22:15 . 2010-02-18 12:15 29696 ----a-w- c:\windows\system32\drivers\tunnel.sys
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-04-06 15:15 . 2011-05-15 13:33 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-03-16 00:41 . 2011-07-03 00:22 298016 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
    2012-03-16 00:41 . 2011-07-03 00:20 298016 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
    2012-03-16 00:41 . 2011-07-03 00:20 281408 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
    2012-03-10 22:17 . 2011-07-03 00:19 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
    2012-02-23 18:09 . 2012-02-23 18:09 29008 ----a-r- c:\windows\SysWow64\IS3XDat5.dll
    2012-02-23 18:09 . 2012-02-23 18:09 390992 ----a-r- c:\windows\SysWow64\IS3UI5.dll
    2012-02-23 18:09 . 2012-02-23 18:09 231248 ----a-r- c:\windows\SysWow64\IS3Win325.dll
    2012-02-23 18:09 . 2012-02-23 18:09 100176 ----a-r- c:\windows\SysWow64\IS3Svc5.dll
    2012-02-23 18:09 . 2012-02-23 18:09 132944 ----a-r- c:\windows\SysWow64\IS3HTUI5.dll
    2012-02-23 18:09 . 2012-02-23 18:09 104272 ----a-r- c:\windows\SysWow64\IS3Inet5.dll
    2012-02-23 18:09 . 2012-02-23 18:09 67408 ----a-r- c:\windows\SysWow64\IS3Hks5.dll
    2012-02-23 18:09 . 2012-02-23 18:09 456528 ----a-r- c:\windows\SysWow64\IS3DBA5.dll
    2012-02-23 18:09 . 2012-02-23 18:09 808784 ----a-r- c:\windows\SysWow64\IS3Base5.dll
    2012-02-23 14:18 . 2010-12-01 08:38 279656 ------w- c:\windows\system32\MpSigStub.exe
    2012-01-19 14:22 . 2012-01-19 14:22 45936 ----a-r- c:\windows\system32\SBBD.EXE
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
    "F.lux"="c:\users\Eugene\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656]
    "Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-08-20 3077528]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]
    "AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
    @="Service"
    .
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 253600]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    Akamai REG_MULTI_SZ Akamai
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-04-10 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 15:15]
    .
    2012-04-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2913236317-814230174-4002188810-1000Core.job
    - c:\users\Eugene\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-01 08:35]
    .
    2012-04-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2913236317-814230174-4002188810-1000UA.job
    - c:\users\Eugene\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-01 08:35]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-02-03 6975520]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = %SystemRoot%\system32\blank.htm
    uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;
    TCP: DhcpNameServer = 192.168.1.1
    CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
    FF - ProfilePath - c:\users\Eugene\AppData\Roaming\Mozilla\Firefox\Profiles\tryg8wpz.default\
    FF - prefs.js: browser.startup.homepage - www.yahoo.com
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Wow6432Node-HKCU-Run-AdobeBridge - (no file)
    SafeBoot-24601906.sys
    AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_blr.exe
    .
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
    "ImagePath"="c:\windows\system32\GameMon.des -service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\X6va005]
    "ImagePath"="\??\c:\users\Eugene\AppData\Local\Temp\0056E37.tmp"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
    "Version"=hex:7e,3b,03,06,95,ba,b5,99,27,30,93,d3,bc,b4,f9,d3,23,5f,31,1c,f5,
    14,6e,10,08,e4,e6,3e,d7,cc,ab,23,21,8e,13,38,ed,3c,dc,f6,96,46,1e,f3,ef,ab,\
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
    @="Shockwave Flash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
    @Denied: (A 2) (Everyone)
    @=""
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
    @="FlashBroker"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
    "Version"=hex:7e,3b,03,06,95,ba,b5,99,27,30,93,d3,bc,b4,f9,d3,23,5f,31,1c,f5,
    14,6e,10,08,e4,e6,3e,d7,cc,ab,23,21,8e,13,38,ed,3c,dc,f6,96,46,1e,f3,ef,ab,\
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\ASUS\AASP\1.00.82\aaCenter.exe
    c:\program files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
    c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe
    c:\windows\SysWOW64\PnkBstrA.exe
    c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
    c:\program files (x86)\AVG\AVG2012\AVGIDSAgent.exe
    c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    .
    **************************************************************************
    .
    Completion time: 2012-04-10 17:05:12 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-04-10 21:05
    .
    Pre-Run: 150,982,234,112 bytes free
    Post-Run: 149,854,498,816 bytes free
    .
    - - End Of File - - 5580ACA0C5B23B65D354AABFA27BEB1D
     
  10. gimmextra

    gimmextra Thread Starter

    Joined:
    Apr 4, 2012
    Messages:
    54
    the redirects had stopped for awhile but they seem to have appeared again directing me to happili,infomash,etc. Just an update
     
  11. Deejay100six

    Deejay100six

    Joined:
    Sep 27, 2011
    Messages:
    496
    Hi,

    Apologies for the delay. Our teachers are a bit thin on the ground at the moment.

    LogMeIn and TeamViewer 7 - This kind of software is designed to enable a remote connection to your PC from another. Some of our tools will remove these programs as a matter of course because they are often installed without the users knowledge by malware. If you installed these programs intentionally and would prefer to keep them, make a note of any settings and as they are free downloads, you can reinstall them after we are done. If you didn't install them intentionally and wish me to remove them, please let me know.

    ---------------------------------------------------------------------------------------------

    Please read these instructions carefully and then print out or copy this page to Notepad in order to assist you when carrying out the fix. You should not have any open browsers or live internet connections when you are following the procedures below.

    1. Close any open browsers.

    2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    3. Open notepad and copy/paste the text in the box below into it:

    Code:
    DDS::
    uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;
    
    Folder::
    c:\programdata\STOPzilla!
    c:\program files (x86)\Common Files\iS3
    Save this as CFScript.txt, in the same location as ComboFix.exe


    [​IMG]


    Refering to the picture above, drag CFScript into ComboFix.exe

    Very Important! --> If you receive a prompt saying there is an updated version of ComboFix available, please allow it to update.

    Do not mouseclick combofix's window whilst it's running. This may cause it to stall.

    When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

    ----------------------------------------------------------------------------------

    Please download SystemLook from one of the links below and save it to your Desktop.

    Download Mirror #1
    Download Mirror #2



    • Double-click SystemLook.exe to run it.
    • Copy the contents of the following codebox into the main textfield:

      Code:
      :filefind
      bitsadmin.exe
    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The log can also be found on your Desktop entitled SystemLook.txt
     
  12. gimmextra

    gimmextra Thread Starter

    Joined:
    Apr 4, 2012
    Messages:
    54
    I did download logmein and teamviewer myself but i uninstalled them just incase. Here is the Combofix and systemlook logs:


    ComboFix 12-04-10.02 - Eugene 04/12/2012 12:07:21.2.4 - x64
    Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.8190.6258 [GMT -4:00]
    Running from: c:\users\Eugene\Desktop\ComboFix.exe
    Command switches used :: c:\users\Eugene\Desktop\CFScript.txt.txt
    AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\program files (x86)\Common Files\iS3
    c:\program files (x86)\Common Files\iS3\Anti-Spyware\DeskMetrics.dll
    c:\program files (x86)\Common Files\iS3\Anti-Spyware\detoured.dll
    c:\program files (x86)\Common Files\iS3\Anti-Spyware\Drivers\amd64\SBBD.EXE
    c:\program files (x86)\Common Files\iS3\Anti-Spyware\Drivers\amd64\SBREDrv.sys
    c:\program files (x86)\Common Files\iS3\Anti-Spyware\Drivers\i386\SBBD.EXE
    c:\program files (x86)\Common Files\iS3\Anti-Spyware\Drivers\i386\SBREDrv.sys
    c:\program files (x86)\Common Files\iS3\Anti-Spyware\FSSC.dat
    c:\program files (x86)\Common Files\iS3\Anti-Spyware\fullupd.rsf
    c:\program files (x86)\Common Files\iS3\Anti-Spyware\IncompatiblePrograms.dll
    c:\program files (x86)\Common Files\iS3\Anti-Spyware\Incompats.dat
    c:\program files (x86)\Common Files\iS3\Anti-Spyware\iS3lsp.dll
    c:\program files (x86)\Common Files\iS3\Anti-Spyware\iS3SiteBlocker.dll
    c:\program files (x86)\Common Files\iS3\Anti-Spyware\iS3SploitChecker.dll
    c:\program files (x86)\Common Files\iS3\Anti-Spyware\IS3Updater.exe
    c:\program files (x86)\Common Files\iS3\Anti-Spyware\sbrc.exe
    c:\program files (x86)\Common Files\iS3\Anti-Spyware\sbre.dll
    c:\program files (x86)\Common Files\iS3\Anti-Spyware\sbte.dll
    c:\program files (x86)\Common Files\iS3\Anti-Spyware\SpursDownload.dll
    c:\program files (x86)\Common Files\iS3\Anti-Spyware\SZBrCom.dll
    c:\program files (x86)\Common Files\iS3\Anti-Spyware\SZCfgSvc.dll
    c:\program files (x86)\Common Files\iS3\Anti-Spyware\SZClientCom.dll
    c:\program files (x86)\Common Files\iS3\Anti-Spyware\SZClLic.dll
    c:\program files (x86)\Common Files\iS3\Anti-Spyware\SZEngine.dll
    c:\program files (x86)\Common Files\iS3\Anti-Spyware\SZEXIT.dll
    c:\program files (x86)\Common Files\iS3\Anti-Spyware\SZExtrSS.dll
    c:\program files (x86)\Common Files\iS3\Anti-Spyware\SZHistory.dll
    c:\program files (x86)\Common Files\iS3\Anti-Spyware\SZJustice.dll
    c:\program files (x86)\Common Files\iS3\Anti-Spyware\SZPAHost.dll
    c:\program files (x86)\Common Files\iS3\Anti-Spyware\SZQrntn.dll
    c:\program files (x86)\Common Files\iS3\Anti-Spyware\SZScanner.exe
    c:\program files (x86)\Common Files\iS3\Anti-Spyware\SZSchSvc.dll
    c:\program files (x86)\Common Files\iS3\Anti-Spyware\SZScnSvc.dll
    c:\program files (x86)\Common Files\iS3\Anti-Spyware\SZServer.exe
    c:\program files (x86)\Common Files\iS3\Anti-Spyware\SZSnsrSv.dll
    c:\program files (x86)\Common Files\iS3\Anti-Spyware\SZSvcHost.dll
    c:\program files (x86)\Common Files\iS3\Anti-Spyware\SZTargetUpdate.Exe
    c:\program files (x86)\Common Files\iS3\Anti-Spyware\SZTrgSS.dll
    c:\program files (x86)\Common Files\iS3\Anti-Spyware\SZUniTrg.dll
    c:\program files (x86)\Common Files\iS3\Anti-Spyware\vipre.dll
    c:\programdata\STOPzilla!
    c:\programdata\STOPzilla!\modules_scanned.db
    c:\programdata\STOPzilla!\modules_scanned.db.bak
    c:\programdata\STOPzilla!\sb.dat
    c:\programdata\STOPzilla!\sc.dat
    c:\programdata\STOPzilla!\sztrgwc.db
    c:\programdata\STOPzilla!\Target.Log
    c:\programdata\STOPzilla!\targets.db
    c:\programdata\STOPzilla!\userdata.db
    c:\programdata\STOPzilla!\VIPRE\CSC39-EN-11739-F.sbr.sgn
    c:\programdata\STOPzilla!\zilla5.log
    .
    c:\windows\System32\bitsadmin.exe . . . is infected!!
    .
    c:\windows\SysWOW64\bitsadmin.exe . . . is infected!!
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Service_szserver
    -------\Service_szserver
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-03-12 to 2012-04-12 )))))))))))))))))))))))))))))))
    .
    .
    2012-04-12 17:25 . 2012-04-12 17:37 -------- d-----w- c:\users\Eugene\AppData\Local\temp
    2012-04-12 17:25 . 2012-04-12 17:25 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
    2012-04-12 17:25 . 2012-04-12 17:25 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-04-11 20:02 . 2012-03-20 07:51 8669240 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BDA4F617-34BA-4715-AA44-20D6ADD9297D}\mpengine.dll
    2012-04-07 19:29 . 2012-04-07 19:38 -------- d-----w- c:\program files (x86)\AC Tool
    2012-04-06 15:15 . 2012-04-06 15:15 8767136 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
    2012-04-06 14:57 . 2012-04-06 15:15 418464 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-04-04 19:41 . 2012-04-08 00:04 -------- d--h--w- c:\users\Eugene\AppData\Roaming\ijjigame
    2012-04-04 19:39 . 2012-04-08 00:15 -------- d-----w- c:\program files (x86)\REACTOR
    2012-04-03 03:37 . 2012-04-03 03:37 -------- d-----w- c:\users\Eugene\AppData\Local\PackageAware
    2012-04-03 00:42 . 2012-04-03 00:42 -------- d-----w- C:\TDSSKiller_Quarantine
    2012-04-02 23:48 . 2012-01-12 13:28 57976 ----a-r- c:\windows\system32\drivers\SBREDrv.sys
    2012-04-02 23:02 . 2012-04-02 23:02 -------- d-----w- c:\users\Eugene\AppData\Roaming\Malwarebytes
    2012-04-02 23:02 . 2012-04-12 13:57 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-04-02 23:02 . 2012-04-04 19:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-04-02 23:02 . 2012-04-02 23:02 -------- d-----w- c:\programdata\Malwarebytes
    2012-03-31 21:05 . 2012-03-31 21:05 -------- d-----w- c:\users\Eugene\AppData\Local\{5804B2D4-7B75-11E1-826D-B8AC6F996F26}
    2012-03-31 20:50 . 2012-03-31 20:50 -------- d-----w- c:\users\Eugene\AppData\Local\TrinityEntertainmentNetwo
    2012-03-29 20:59 . 2012-03-29 20:59 23376 ----a-r- c:\windows\SysWow64\SZIO5.dll
    2012-03-29 20:59 . 2012-03-29 20:59 546640 ----a-r- c:\windows\SysWow64\SZComp5.dll
    2012-03-29 20:59 . 2012-03-29 20:59 481104 ----a-r- c:\windows\SysWow64\SZBase5.dll
    2012-03-25 02:05 . 2012-03-25 02:05 592824 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
    2012-03-25 02:05 . 2012-03-25 02:05 44472 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-04-06 15:15 . 2011-05-15 13:33 70304 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-03-16 00:41 . 2011-07-03 00:22 298016 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
    2012-03-16 00:41 . 2011-07-03 00:20 298016 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
    2012-03-16 00:41 . 2011-07-03 00:20 281408 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
    2012-03-10 22:17 . 2011-07-03 00:19 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
    2012-02-23 18:09 . 2012-02-23 18:09 29008 ----a-r- c:\windows\SysWow64\IS3XDat5.dll
    2012-02-23 18:09 . 2012-02-23 18:09 390992 ----a-r- c:\windows\SysWow64\IS3UI5.dll
    2012-02-23 18:09 . 2012-02-23 18:09 231248 ----a-r- c:\windows\SysWow64\IS3Win325.dll
    2012-02-23 18:09 . 2012-02-23 18:09 100176 ----a-r- c:\windows\SysWow64\IS3Svc5.dll
    2012-02-23 18:09 . 2012-02-23 18:09 132944 ----a-r- c:\windows\SysWow64\IS3HTUI5.dll
    2012-02-23 18:09 . 2012-02-23 18:09 104272 ----a-r- c:\windows\SysWow64\IS3Inet5.dll
    2012-02-23 18:09 . 2012-02-23 18:09 67408 ----a-r- c:\windows\SysWow64\IS3Hks5.dll
    2012-02-23 18:09 . 2012-02-23 18:09 456528 ----a-r- c:\windows\SysWow64\IS3DBA5.dll
    2012-02-23 18:09 . 2012-02-23 18:09 808784 ----a-r- c:\windows\SysWow64\IS3Base5.dll
    2012-02-23 14:18 . 2010-12-01 08:38 279656 ------w- c:\windows\system32\MpSigStub.exe
    2012-01-19 14:22 . 2012-01-19 14:22 45936 ----a-r- c:\windows\system32\SBBD.EXE
    .
    .
    ((((((((((((((((((((((((((((( SnapShot@2012-04-10_20.57.22 )))))))))))))))))))))))))))))))))))))))))
    .
    + 2008-01-21 03:20 . 2012-04-12 14:10 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2008-01-21 03:20 . 2012-04-08 22:39 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2008-01-21 03:20 . 2012-04-08 22:39 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2008-01-21 03:20 . 2012-04-12 14:10 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2008-01-21 03:20 . 2012-04-08 22:39 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2008-01-21 03:20 . 2012-04-12 14:10 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2008-01-21 02:23 . 2012-04-12 14:00 63298 c:\windows\system32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
    + 2010-12-01 08:08 . 2012-04-12 17:35 13046 c:\windows\system32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2913236317-814230174-4002188810-1000_UserData.bin
    + 2010-12-01 08:03 . 2012-04-12 17:34 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2010-12-01 08:03 . 2012-04-10 17:28 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    - 2010-12-01 08:03 . 2012-04-10 17:28 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    + 2010-12-01 08:03 . 2012-04-12 17:34 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
    - 2010-12-01 08:03 . 2012-04-10 17:28 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    + 2010-12-01 08:03 . 2012-04-12 17:34 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2010-12-03 02:29 . 2012-04-10 17:24 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2010-12-03 02:29 . 2012-04-12 17:33 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
    + 2010-12-03 02:29 . 2012-04-12 17:33 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2010-12-03 02:29 . 2012-04-10 17:24 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
    - 2011-01-11 20:59 . 2012-03-14 03:26 34144 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\oisicon.exe
    + 2011-01-11 20:59 . 2012-04-12 05:17 34144 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\oisicon.exe
    + 2011-01-11 20:59 . 2012-04-12 05:17 42848 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\msouc.exe
    - 2011-01-11 20:59 . 2012-03-14 03:26 42848 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\msouc.exe
    + 2011-01-11 20:59 . 2012-04-12 05:17 19296 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\cagicon.exe
    - 2011-01-11 20:59 . 2012-03-14 03:26 19296 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\cagicon.exe
    - 2010-12-01 08:08 . 2010-12-15 04:33 25214 c:\windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\MSWorks.exe
    + 2010-12-01 08:08 . 2012-04-12 05:17 25214 c:\windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\MSWorks.exe
    + 2012-04-12 17:17 . 2012-04-12 17:17 2000 c:\windows\SoftwareDistribution\EventCache\{A04A895E-CA20-4406-8B31-37EBE583C2EA}.bin
    + 2012-04-12 17:33 . 2012-04-12 17:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    - 2012-04-10 20:57 . 2012-04-10 20:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
    + 2012-04-12 17:33 . 2012-04-12 17:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    - 2012-04-10 20:57 . 2012-04-10 20:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
    + 2006-11-02 15:45 . 2012-04-12 17:35 101284 c:\windows\system32\WDI\BootPerformanceDiagnostics_SystemData.bin
    + 2006-11-02 12:46 . 2012-04-12 14:11 607168 c:\windows\system32\perfh009.dat
    - 2006-11-02 12:46 . 2012-04-10 17:30 607168 c:\windows\system32\perfh009.dat
    + 2006-11-02 12:46 . 2012-04-12 14:11 104808 c:\windows\system32\perfc009.dat
    - 2006-11-02 12:46 . 2012-04-10 17:30 104808 c:\windows\system32\perfc009.dat
    - 2011-01-11 20:59 . 2012-03-14 03:26 415584 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pubs.exe
    + 2011-01-11 20:59 . 2012-04-12 05:17 415584 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pubs.exe
    - 2011-01-11 20:59 . 2012-03-14 03:26 303456 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\outicon.exe
    + 2011-01-11 20:59 . 2012-04-12 05:17 303456 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\outicon.exe
    - 2011-01-11 20:59 . 2012-03-14 03:26 571232 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\misc.exe
    + 2011-01-11 20:59 . 2012-04-12 05:17 571232 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\misc.exe
    - 2011-01-11 20:59 . 2012-03-14 03:26 326496 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\joticon.exe
    + 2011-01-11 20:59 . 2012-04-12 05:17 326496 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\joticon.exe
    + 2011-01-11 20:59 . 2012-04-12 05:17 469856 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\inficon.exe
    - 2011-01-11 20:59 . 2012-03-14 03:26 469856 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\inficon.exe
    + 2011-01-11 20:59 . 2012-04-12 05:17 178528 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\grvicons.exe
    - 2011-01-11 20:59 . 2012-03-14 03:26 178528 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\grvicons.exe
    + 2010-12-01 08:08 . 2012-04-12 05:17 693600 c:\windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\WksWP.exe
    - 2010-12-01 08:08 . 2010-12-15 04:33 693600 c:\windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\WksWP.exe
    - 2010-12-01 08:08 . 2010-12-15 04:33 947552 c:\windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\wksss.exe
    + 2010-12-01 08:08 . 2012-04-12 05:17 947552 c:\windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\wksss.exe
    - 2010-12-01 08:08 . 2010-12-15 04:33 709984 c:\windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\WksCal.exe
    + 2010-12-01 08:08 . 2012-04-12 05:17 709984 c:\windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\WksCal.exe
    + 2012-02-22 19:17 . 2012-02-22 19:17 2221568 c:\windows\Installer\298ccb4.msp
    + 2012-04-01 20:27 . 2012-04-01 20:27 3463168 c:\windows\Installer\298cca4.msp
    - 2011-01-11 20:59 . 2012-03-14 03:26 1479520 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\xlicons.exe
    + 2011-01-11 20:59 . 2012-04-12 05:17 1479520 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\xlicons.exe
    + 2011-01-11 20:59 . 2012-04-12 05:17 1858400 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\wordicon.exe
    - 2011-01-11 20:59 . 2012-03-14 03:26 1858400 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\wordicon.exe
    + 2011-01-11 20:59 . 2012-04-12 05:17 3792736 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pptico.exe
    - 2011-01-11 20:59 . 2012-03-14 03:26 3792736 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pptico.exe
    + 2011-01-11 20:59 . 2012-04-12 05:17 1449312 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\accicons.exe
    - 2011-01-11 20:59 . 2012-03-14 03:26 1449312 c:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\accicons.exe
    - 2010-12-01 08:08 . 2010-12-15 04:33 1099104 c:\windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\WksSb.exe
    + 2010-12-01 08:08 . 2012-04-12 05:17 1099104 c:\windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\WksSb.exe
    - 2010-12-01 08:08 . 2010-12-15 04:33 1242464 c:\windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\wksdb.exe
    + 2010-12-01 08:08 . 2012-04-12 05:17 1242464 c:\windows\Installer\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}\wksdb.exe
    .
    -- Snapshot reset to current date --
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
    "F.lux"="c:\users\Eugene\Local Settings\Apps\F.lux\flux.exe" [2009-08-29 966656]
    "Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-08-20 3077528]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-12-08 421736]
    "AVG_TRAY"="c:\program files (x86)\AVG\AVG2012\avgtray.exe" [2012-01-24 2416480]
    "Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~2\AVG\AVG2012\avgrsa.exe /sync /restart
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
    @="Service"
    .
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 253600]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
    Akamai REG_MULTI_SZ Akamai
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-04-12 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 15:15]
    .
    2012-04-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2913236317-814230174-4002188810-1000Core.job
    - c:\users\Eugene\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-01 08:35]
    .
    2012-04-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2913236317-814230174-4002188810-1000UA.job
    - c:\users\Eugene\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-01 08:35]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-02-03 6975520]
    "combofix"="c:\combofix\CF25518.3XE" [2008-01-21 363008]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = %SystemRoot%\system32\blank.htm
    TCP: DhcpNameServer = 192.168.1.1
    CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
    FF - ProfilePath - c:\users\Eugene\AppData\Roaming\Mozilla\Firefox\Profiles\tryg8wpz.default\
    FF - prefs.js: browser.startup.homepage - www.yahoo.com
    .
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npggsvc]
    "ImagePath"="c:\windows\system32\GameMon.des -service"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\X6va005]
    "ImagePath"="\??\c:\users\Eugene\AppData\Local\Temp\0056E37.tmp"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
    "Version"=hex:7e,3b,03,06,95,ba,b5,99,27,30,93,d3,bc,b4,f9,d3,23,5f,31,1c,f5,
    14,6e,10,08,e4,e6,3e,d7,cc,ab,23,21,8e,13,38,ed,3c,dc,f6,96,46,1e,f3,ef,ab,\
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
    @="Shockwave Flash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
    @Denied: (A 2) (Everyone)
    @=""
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
    @="FlashBroker"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
    "Version"=hex:7e,3b,03,06,95,ba,b5,99,27,30,93,d3,bc,b4,f9,d3,23,5f,31,1c,f5,
    14,6e,10,08,e4,e6,3e,d7,cc,ab,23,21,8e,13,38,ed,3c,dc,f6,96,46,1e,f3,ef,ab,\
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
    "SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
    00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\ASUS\AASP\1.00.82\aaCenter.exe
    c:\program files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    c:\program files (x86)\AVG\AVG2012\avgwdsvc.exe
    c:\windows\SysWOW64\PnkBstrA.exe
    c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
    c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
    .
    **************************************************************************
    .
    Completion time: 2012-04-12 13:41:50 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-04-12 17:41
    .
    Pre-Run: 147,960,127,488 bytes free
    Post-Run: 147,662,082,048 bytes free
    .
    - - End Of File - - 9999BF389559C06FF660D20C068C8987

    ____________________________________________________________________________________


    SystemLook 30.07.11 by jpshortstuff
    Log created at 13:43 on 12/04/2012 by Eugene
    Administrator - Elevation successful
    WARNING: SystemLook running under WOW64. Use SystemLook_x64 for accurate results.

    ========== filefind ==========

    Searching for "bitsadmin.exe"
    C:\Windows\System32\bitsadmin.exe --a---- 192000 bytes [02:48 21/01/2008] [02:48 21/01/2008] E2954DDABA3FA4D53AEC2F51AFB488C0
    C:\Windows\SysWOW64\bitsadmin.exe --a---- 192000 bytes [02:48 21/01/2008] [02:48 21/01/2008] E2954DDABA3FA4D53AEC2F51AFB488C0
    C:\Windows\winsxs\amd64_microsoft-windows-bits-bitsadmin_31bf3856ad364e35_6.0.6001.18000_none_a9302c85c4c97d34\bitsadmin.exe --a---- 240128 bytes [02:50 21/01/2008] [02:50 21/01/2008] DDAC8EA4B885EE17B6ACE0B2167721AC
    C:\Windows\winsxs\x86_microsoft-windows-bits-bitsadmin_31bf3856ad364e35_6.0.6001.18000_none_4d1191020c6c0bfe\bitsadmin.exe --a---- 192000 bytes [02:48 21/01/2008] [02:48 21/01/2008] E2954DDABA3FA4D53AEC2F51AFB488C0

    -= EOF =-
     
  13. gimmextra

    gimmextra Thread Starter

    Joined:
    Apr 4, 2012
    Messages:
    54
    i found that both times after the combofix the redirect virus would reappear upon my first google searches then hide itself again.
     
  14. Deejay100six

    Deejay100six

    Joined:
    Sep 27, 2011
    Messages:
    496
    Hi,

    Sorry, it looks like I gave you links for 32 bit SystemLook. Please delete your copy and run the scan again, this time with the x64 version.

    ----------------------------------------------------------------------------------

    Please download SystemLook from one of the links below and save it to your Desktop.

    Download Mirror #1
    Download Mirror #2



    • Double-click SystemLook.exe to run it.
    • Copy the contents of the following codebox into the main textfield:

      Code:
      :filefind
      bitsadmin.exe
    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    Note: The log can also be found on your Desktop entitled SystemLook.txt
     
  15. gimmextra

    gimmextra Thread Starter

    Joined:
    Apr 4, 2012
    Messages:
    54
    SystemLook 30.07.11 by jpshortstuff
    Log created at 12:40 on 14/04/2012 by Eugene
    Administrator - Elevation successful

    ========== filefind ==========

    Searching for "bitsadmin.exe"
    C:\Windows\System32\bitsadmin.exe --a---- 240128 bytes [02:50 21/01/2008] [02:50 21/01/2008] DDAC8EA4B885EE17B6ACE0B2167721AC
    C:\Windows\SysWOW64\bitsadmin.exe --a---- 192000 bytes [02:48 21/01/2008] [02:48 21/01/2008] E2954DDABA3FA4D53AEC2F51AFB488C0
    C:\Windows\winsxs\amd64_microsoft-windows-bits-bitsadmin_31bf3856ad364e35_6.0.6001.18000_none_a9302c85c4c97d34\bitsadmin.exe --a---- 240128 bytes [02:50 21/01/2008] [02:50 21/01/2008] DDAC8EA4B885EE17B6ACE0B2167721AC
    C:\Windows\winsxs\x86_microsoft-windows-bits-bitsadmin_31bf3856ad364e35_6.0.6001.18000_none_4d1191020c6c0bfe\bitsadmin.exe --a---- 192000 bytes [02:48 21/01/2008] [02:48 21/01/2008] E2954DDABA3FA4D53AEC2F51AFB488C0

    -= EOF =-
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1047935