1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

google redirect virus

Discussion in 'Virus & Other Malware Removal' started by bongsmoka420, Oct 21, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. bongsmoka420

    bongsmoka420 Thread Starter

    Joined:
    Aug 31, 2011
    Messages:
    13
    so I went to go show my mom something online on her computer and searched it through google and got redirected and told my mom she had virus. she told me she did notice somethings have been acting funny on her computer but a virus hadn't crossed her mind. so I asked her and she told me the only symptoms she's noticed is the search engine redirecting and a Java popup coming up randomly. I assume the java thing is legit but I'm not sure cause it hasn't come up while I've been on it.

    here's the HiJackThis and DDS Logs:

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 8:43:59 PM, on 10/21/2011
    Platform: Windows 7 (WinNT 6.00.3504)
    MSIE: Internet Explorer v8.00 (8.00.7600.16869)
    Boot mode: Normal
    Running processes:
    C:\Program Files (x86)\Dell 968 AIO Printer\dldomon.exe
    C:\Program Files (x86)\Dell 968 AIO Printer\memcard.exe
    C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe
    C:\windows\SysWOW64\rundll32.exe
    C:\windows\SysWOW64\rundll32.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
    C:\Program Files (x86)\TightVNC\tvnserver.exe
    C:\Program Files (x86)\QuickTime\qttask.exe
    C:\windows\SysWOW64\rundll32.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Users\Jolanta\Desktop\HijackThis.exe
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://toolbar.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - {D3D233D5-9F6D-436C-B6C7-E63F77503B30} - (no file)
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: (no name) - {016413C1-5FE4-4C8C-9190-9600E83F588e} - C:\Users\Jolanta\AppData\Local\SecurityWOW64.dll
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
    O2 - BHO: MediaBar - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\PROGRA~2\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O3 - Toolbar: MediaBar - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\PROGRA~2\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [VMM Mode Selection] C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
    O4 - HKLM\..\Run: [tvncontrol] "C:\Program Files (x86)\TightVNC\tvnserver.exe" -controlservice -slave
    O4 - HKCU\..\Run: [Advanced SystemCare 4] C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe
    O4 - HKCU\..\Run: [SmartRAM] "C:\Program Files (x86)\IObit\Advanced SystemCare 4\Suo10_SmartRAM.exe" /m
    O4 - HKCU\..\Run: [MicrosoftTrayManager] rundll32.exe "C:\ProgramData\MicrosoftTrayManager.dll",DllRegisterServer
    O4 - HKCU\..\Run: [CeQuadrat Update] rundll32 "C:\Users\Jolanta\AppData\Local\Windows Live Writer\WindowsUpdate\Windowsupdt32.DLL",DllRegisterServer
    O4 - HKCU\..\Run: [Macromedia Update] rundll32 "C:\Users\Jolanta\AppData\Local\Google\GoogleUpdate\Googleupdt32.DLL",DllRegisterServer
    O4 - HKCU\..\Run: [winupd] \\.\globalroot\Device\HarddiskVolume2\Users\Jolanta\AppData\Local\Temp\winupd.exe
    O4 - HKCU\..\Run: [0.8126846723007871] \\.\globalroot\Device\HarddiskVolume2\Users\Jolanta\Desktop\0.8126846723007871.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - Startup: 0.8126846723007871
    O4 - Startup: winupd.lnk = C:\Users\Jolanta\AppData\Local\Temp\winupd.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: Advanced SystemCare Service (AdvancedSystemCareService) - IObit - C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
    O23 - Service: dldoCATSCustConnectService - Unknown owner - C:\windows\system32\spool\DRIVERS\x64\3\\dldoserv.exe
    O23 - Service: dldo_device - - C:\windows\system32\dldocoms.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
    O23 - Service: IMF Service (IMFservice) - IObit - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
    O23 - Service: McciCMService - Alcatel-Lucent - C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
    O23 - Service: McciCMService64 - Alcatel-Lucent - C:\Program Files\Common Files\Motive\McciCMService.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
    O23 - Service: TightVNC Server (tvnserver) - GlavSoft LLC. - C:\Program Files (x86)\TightVNC\tvnserver.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
    --
    End of file - 8803 bytes



    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 8.0.7600.16385
    Run by Jolanta at 20:45:01 on 2011-10-21
    Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3964.2761 [GMT -7:00]
    .
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\windows\system32\wininit.exe
    C:\windows\system32\lsm.exe
    C:\windows\system32\svchost.exe -k DcomLaunch
    C:\windows\system32\svchost.exe -k RPCSS
    C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\windows\system32\svchost.exe -k netsvcs
    C:\windows\system32\svchost.exe -k LocalService
    C:\windows\system32\svchost.exe -k NetworkService
    C:\windows\System32\spoolsv.exe
    C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
    C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe
    C:\windows\system32\dldocoms.exe
    C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
    C:\Program Files\Common Files\Motive\McciCMService.exe
    C:\Program Files (x86)\TightVNC\tvnserver.exe
    C:\windows\system32\SearchIndexer.exe
    C:\windows\System32\svchost.exe -k secsvcs
    C:\windows\system32\taskhost.exe
    C:\windows\system32\Dwm.exe
    C:\windows\Explorer.EXE
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files (x86)\Dell 968 AIO Printer\dldomon.exe
    C:\Program Files (x86)\Dell 968 AIO Printer\memcard.exe
    C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe
    C:\windows\SysWOW64\rundll32.exe
    C:\windows\SysWOW64\rundll32.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\windows\system32\igfxsrvc.exe
    C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
    C:\Program Files (x86)\TightVNC\tvnserver.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files (x86)\QuickTime\qttask.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\windows\system32\wuauclt.exe
    C:\windows\SysWOW64\rundll32.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\windows\system32\wbem\wmiprvse.exe
    C:\windows\system32\wbem\wmiprvse.exe
    C:\windows\system32\SearchProtocolHost.exe
    C:\windows\system32\SearchFilterHost.exe
    C:\windows\system32\taskhost.exe
    C:\windows\system32\taskeng.exe
    C:\windows\system32\svchost.exe -k SDRSVC
    C:\windows\system32\DllHost.exe
    C:\windows\system32\DllHost.exe
    C:\windows\SysWOW64\cmd.exe
    C:\windows\system32\conhost.exe
    C:\windows\SysWOW64\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com/
    uDefault_Page_URL = hxxp://www.google.com/ig?brand=TSNA&bmod=TSNA
    uSearch Bar = hxxp://toolbar.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language
    mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
    mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=TSNA&bmod=TSNA
    uURLSearchHooks: H - No File
    mWinlogon: Userinit=userinit.exe
    BHO: {016413c1-5fe4-4c8c-9190-9600e83f588e} - C:\Users\Jolanta\AppData\Local\SecurityWOW64.dll
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: MediaBar: {0974ba1e-64ec-11de-b2a5-e43756d89593} - C:\PROGRA~2\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB: MediaBar: {0974ba1e-64ec-11de-b2a5-e43756d89593} - C:\PROGRA~2\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll
    TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
    TB: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
    uRun: [Advanced SystemCare 4] C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe
    uRun: [SmartRAM] "C:\Program Files (x86)\IObit\Advanced SystemCare 4\Suo10_SmartRAM.exe" /m
    uRun: [MicrosoftTrayManager] rundll32.exe "C:\ProgramData\MicrosoftTrayManager.dll",DllRegisterServer
    uRun: [CeQuadrat Update] rundll32 "C:\Users\Jolanta\AppData\Local\Windows Live Writer\WindowsUpdate\Windowsupdt32.DLL",DllRegisterServer
    uRun: [Macromedia Update] rundll32 "C:\Users\Jolanta\AppData\Local\Google\GoogleUpdate\Googleupdt32.DLL",DllRegisterServer
    uRun: [winupd] \\.\globalroot\Device\HarddiskVolume2\Users\Jolanta\AppData\Local\Temp\winupd.exe
    uRun: [0.8126846723007871] \\.\globalroot\Device\HarddiskVolume2\Users\Jolanta\Desktop\0.8126846723007871.exe
    mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    mRun: [VMM Mode Selection] C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
    mRun: [tvncontrol] "C:\Program Files (x86)\TightVNC\tvnserver.exe" -controlservice -slave
    StartupFolder: C:\Users\Jolanta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.8126846723007871
    StartupFolder: C:\Users\Jolanta\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\winupd.lnk - C:\Users\Jolanta\AppData\Local\Temp\winupd.exe
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: SoftwareSASGeneration = 1 (0x1)
    IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
    TCP: DhcpNameServer = 192.168.0.1
    TCP: Interfaces\{1C8A5761-6AF4-466F-8289-CAA80CF46C19} : DhcpNameServer = 192.168.0.1
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    C:\Users\Jolanta\AppData\Local\SecurityWOW64.dll
    BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO-X64: 0x1 - No File
    BHO-X64: MediaBar: {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\PROGRA~2\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll
    BHO-X64: MediaBar - No File
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    TB-X64: MediaBar: {0974BA1E-64EC-11DE-B2A5-E43756D89593} - C:\PROGRA~2\BEARSH~1\MediaBar\ToolBar\BearshareMediabarDx.dll
    TB-X64: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
    TB-X64: {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
    mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
    mRun-x64: [VMM Mode Selection] C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
    mRun-x64: [tvncontrol] "C:\Program Files (x86)\TightVNC\tvnserver.exe" -controlservice -slave
    SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 tos_sps64;TOSHIBA tos_sps64 Service;C:\windows\system32\DRIVERS\tos_sps64.sys --> C:\windows\system32\DRIVERS\tos_sps64.sys [?]
    R1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys --> C:\windows\system32\DRIVERS\vwififlt.sys [?]
    R2 AdvancedSystemCareService;Advanced SystemCare Service;C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe [2011-6-23 353168]
    R2 dldo_device;dldo_device;C:\windows\system32\dldocoms.exe -service --> C:\windows\system32\dldocoms.exe -service [?]
    R2 IMFservice;IMF Service;C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2011-6-23 820568]
    R2 McciCMService64;McciCMService64;C:\Program Files\Common Files\Motive\McciCMService.exe [2011-10-8 517632]
    R2 tvnserver;TightVNC Server;C:\Program Files (x86)\TightVNC\tvnserver.exe [2011-8-3 828944]
    R3 appliandMP;appliandMP;C:\windows\system32\DRIVERS\appliand.sys --> C:\windows\system32\DRIVERS\appliand.sys [?]
    R3 FwLnk;FwLnk Driver;C:\windows\system32\DRIVERS\FwLnk.sys --> C:\windows\system32\DRIVERS\FwLnk.sys [?]
    R3 RTL8167;Realtek 8167 NT Driver;C:\windows\system32\DRIVERS\Rt64win7.sys --> C:\windows\system32\DRIVERS\Rt64win7.sys [?]
    R3 RTL8187B;Realtek RTL8187B Wireless 802.11bg 54Mbps USB 2.0 Network Adapter;C:\windows\system32\DRIVERS\RTL8187B.sys --> C:\windows\system32\DRIVERS\RTL8187B.sys [?]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 dldoCATSCustConnectService;dldoCATSCustConnectService;C:\Windows\System32\spool\DRIVERS\x64\3\dldoserv.exe [2007-10-5 34032]
    S3 appliand;Applian Network Service;C:\windows\system32\DRIVERS\appliand.sys --> C:\windows\system32\DRIVERS\appliand.sys [?]
    S3 FileMonitor;FileMonitor;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2011-8-3 20336]
    S3 RegFilter;RegFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys [2011-8-3 33184]
    S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\system32\Drivers\RtsUStor.sys --> C:\windows\system32\Drivers\RtsUStor.sys [?]
    S3 UrlFilter;UrlFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys [2011-8-3 21328]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\system32\Wat\WatAdminSvc.exe --> C:\windows\system32\Wat\WatAdminSvc.exe [?]
    .
    =============== Created Last 30 ================
    .
    2011-10-22 03:23:22 -------- d-----w- C:\Users\Jolanta\AppData\Roaming\Malwarebytes
    2011-10-21 23:46:25 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{889321DC-B023-4E5D-A133-F53A7FA56ECD}\offreg.dll
    2011-10-21 23:46:23 8570192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{889321DC-B023-4E5D-A133-F53A7FA56ECD}\mpengine.dll
    2011-10-21 02:43:23 258048 ----a-w- C:\Users\Jolanta\AppData\Local\SecurityWOW64.dll
    2011-10-21 02:43:21 90112 ----a-w- C:\windows\SysWow64\srrstr.dll
    2011-10-21 02:43:20 90112 ----a-w- C:\ProgramData\MicrosoftTrayManager.dll
    2011-10-13 22:25:59 3134976 ----a-w- C:\windows\System32\win32k.sys
    2011-10-09 05:06:43 -------- d-----w- C:\Users\Jolanta\AppData\Roaming\TightVNC
    2011-10-09 05:05:52 -------- d-----w- C:\Program Files (x86)\TightVNC
    2011-10-09 01:50:17 -------- d-----w- C:\Program Files (x86)\WinSCP
    2011-10-08 07:28:19 -------- d-----w- C:\Program Files\ATT-HSI
    2011-10-08 07:27:56 -------- d-----w- C:\Program Files (x86)\ATT-HSI
    2011-10-08 07:27:41 -------- d-----w- C:\Program Files (x86)\Common Files\Motive
    2011-10-08 07:27:39 -------- d-----w- C:\Program Files\Common Files\Motive
    2011-10-04 18:15:16 414368 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
    .
    ==================== Find3M ====================
    .
    2011-10-01 03:21:20 1638912 ----a-w- C:\windows\System32\mshtml.tlb
    2011-10-01 02:59:14 1638912 ----a-w- C:\windows\SysWow64\mshtml.tlb
    2011-08-27 05:40:28 861184 ----a-w- C:\windows\System32\oleaut32.dll
    2011-08-27 05:40:28 331776 ----a-w- C:\windows\System32\oleacc.dll
    2011-08-27 04:43:07 571904 ----a-w- C:\windows\SysWow64\oleaut32.dll
    2011-08-27 04:43:06 233472 ----a-w- C:\windows\SysWow64\oleacc.dll
    2011-08-20 05:45:20 1197568 ----a-w- C:\windows\System32\wininet.dll
    2011-08-20 05:41:16 57856 ----a-w- C:\windows\System32\licmgr10.dll
    2011-08-20 04:38:10 981504 ----a-w- C:\windows\SysWow64\wininet.dll
    2011-08-20 04:35:20 44544 ----a-w- C:\windows\SysWow64\licmgr10.dll
    2011-08-20 04:20:23 482816 ----a-w- C:\windows\System32\html.iec
    2011-08-20 03:26:38 386048 ----a-w- C:\windows\SysWow64\html.iec
    2011-08-17 05:32:24 613888 ----a-w- C:\windows\System32\psisdecd.dll
    2011-08-17 05:27:46 75776 ----a-w- C:\windows\System32\MSDvbNP.ax
    2011-08-17 05:27:46 288256 ----a-w- C:\windows\System32\MSNP.ax
    2011-08-17 05:27:46 108032 ----a-w- C:\windows\System32\psisrndr.ax
    2011-08-17 05:27:46 104960 ----a-w- C:\windows\System32\Mpeg2Data.ax
    2011-08-17 04:26:02 465408 ----a-w- C:\windows\SysWow64\psisdecd.dll
    2011-08-17 04:22:23 75776 ----a-w- C:\windows\SysWow64\psisrndr.ax
    2011-08-17 04:22:23 72704 ----a-w- C:\windows\SysWow64\Mpeg2Data.ax
    2011-08-17 04:22:23 59904 ----a-w- C:\windows\SysWow64\MSDvbNP.ax
    2011-08-17 04:22:23 204288 ----a-w- C:\windows\SysWow64\MSNP.ax
    .
    ============= FINISH: 20:45:48.48 ===============




    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 5/10/2010 6:39:06 PM
    System Uptime: 10/21/2011 8:09:20 PM (0 hours ago)
    .
    Motherboard: TOSHIBA | | Portable PC
    Processor: Pentium(R) Dual-Core CPU T4400 @ 2.20GHz | CPU | 2200/800mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 222 GiB total, 164.002 GiB free.
    D: is CDROM (CDFS)
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP230: 9/17/2011 10:15:09 PM - Windows Update
    RP231: 9/20/2011 7:08:50 PM - Windows Update
    RP232: 9/23/2011 3:00:42 PM - Windows Update
    RP233: 9/27/2011 2:39:52 PM - Windows Update
    RP234: 9/27/2011 8:18:19 PM - Windows Update
    RP235: 9/29/2011 6:20:40 PM - Restore Operation
    RP236: 9/29/2011 11:07:55 PM - Windows Update
    RP237: 9/30/2011 4:57:47 PM - Windows Update
    RP238: 10/4/2011 6:55:47 PM - Windows Update
    RP239: 10/7/2011 8:07:54 PM - Windows Update
    RP240: 10/13/2011 3:25:58 PM - Windows Update
    RP241: 10/13/2011 9:24:15 PM - Windows Update
    RP242: 10/14/2011 5:22:46 PM - Windows Update
    RP243: 10/18/2011 3:26:31 PM - Windows Update
    RP244: 10/21/2011 4:45:36 PM - Windows Update
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    µTorrent
    Adobe Flash Player 10 Plugin
    Adobe Flash Player 11 ActiveX
    Adobe Reader 9.1
    Advanced SystemCare 4
    Bejeweled 2 Deluxe
    Bejeweled 2 Deluxe 1.0
    Compatibility Pack for the 2007 Office system
    FaxRedist
    Gadu-Gadu 10
    IObit Malware Fighter
    ipla 2.3.3
    Java(TM) 6 Update 14
    Junk Mail filter update
    Label@Once 1.0
    Malwarebytes' Anti-Malware
    MediaBar
    Microsoft Choice Guard
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Reader
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Works
    MSVCRT
    PlayReady PC Runtime x86
    QuickTime
    Realtek Ethernet Controller Driver
    Realtek High Definition Audio Driver
    Realtek USB 2.0 Card Reader
    Realtek WLAN Driver
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB2553074)
    Security Update for 2007 Microsoft Office System (KB2553089)
    Security Update for 2007 Microsoft Office System (KB2553090)
    Security Update for 2007 Microsoft Office System (KB2584063)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft Office Access 2007 (KB979440)
    Security Update for Microsoft Office Excel 2007 (KB2553073)
    Security Update for Microsoft Office Groove 2007 (KB2552997)
    Security Update for Microsoft Office InfoPath 2007 (KB2510061)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
    Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
    Security Update for Microsoft Office Publisher 2007 (KB2284697)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Siglos Karaoke Professional
    Skype™ 5.1
    Smart Defrag
    The Cat in the Hat
    TightVNC 2.0.4
    ToshibaRegistration
    Update for 2007 Microsoft Office System (KB2284654)
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 System (KB2539530)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 (KB2583910)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update for Outlook 2007 Junk Email Filter (KB2596560)
    VLC media player 0.9.2
    WildTangent Games
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Mail
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Upload Tool
    Windows Live Writer
    WinRAR archiver
    WinSCP 4.3.5
    WModem Driver Installer
    .
    ==== Event Viewer Messages From Past Week ========
    .
    10/21/2011 8:09:52 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the dldoCATSCustConnectService service to connect.
    10/21/2011 8:09:52 PM, Error: Service Control Manager [7000] - The dldoCATSCustConnectService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    10/21/2011 8:09:49 PM, Error: volmgr [46] - Crash dump initialization failed!
    10/18/2011 9:36:35 PM, Error: Schannel [36888] - The following fatal alert was generated: 40. The internal error state is 107.
    10/18/2011 9:36:35 PM, Error: Schannel [36874] - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
    10/16/2011 10:04:19 PM, Error: Service Control Manager [7038] - The upnphost service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error: The request is not supported. To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
    10/16/2011 10:04:19 PM, Error: Service Control Manager [7000] - The UPnP Device Host service failed to start due to the following error: The service did not start due to a logon failure.
    10/16/2011 10:04:19 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1069" attempting to start the service upnphost with arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}
    .
    ==== End Of File ===========================
     
  2. bongsmoka420

    bongsmoka420 Thread Starter

    Joined:
    Aug 31, 2011
    Messages:
    13
  3. bongsmoka420

    bongsmoka420 Thread Starter

    Joined:
    Aug 31, 2011
    Messages:
    13
  4. bongsmoka420

    bongsmoka420 Thread Starter

    Joined:
    Aug 31, 2011
    Messages:
    13
  5. bongsmoka420

    bongsmoka420 Thread Starter

    Joined:
    Aug 31, 2011
    Messages:
    13
    refresh.

    Somebody please help me!
    I've been running malwarebytes over and over again since I first posted the thread but it can't seem to get rid of the is infection.
     
  6. bongsmoka420

    bongsmoka420 Thread Starter

    Joined:
    Aug 31, 2011
    Messages:
    13
  7. Ried

    Ried Malware Specialist

    Joined:
    Jan 18, 2009
    Messages:
    121
    Hello bongsmoka420 and our apologies for overlooking your thread.

    If you still need assistance, I'd like for you to run one more scanning tool before we begin the cleaning process. It should only take a couple of minutes.

    Please download aswMBR.exe and save it to your desktop.

    Double click aswMBR.exe to start the tool. At this time, select No when prompted to download the Avast database.
    • Click Scan
    • Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
    • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.
     
  8. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1023401