1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Randomish Website redirects, can't edit hosts or turn on firewall

Discussion in 'Virus & Other Malware Removal' started by CandiedMicrobe, Dec 8, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. CandiedMicrobe

    CandiedMicrobe Thread Starter

    Joined:
    Dec 8, 2011
    Messages:
    4
    Hi! I recently bought a used computer that had no anti-anything or even a working firewall.

    1) I noticed redirects and thought I would try turning on the firewall, but its not allowing it. Here is my hijackthis, DDS, and attach logs.
    2) I noticed at the end of the hijackthis log there seems to be a lot of things missing. I have been having trouble trying to add this computer to my home network and wondered if this might have anything to do with it also.

    Please advise me.

    Hijackthis:

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 12:26:14 AM, on 08/12/2011
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16421)
    Boot mode: Normal

    Running processes:
    C:\Users\Mar\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
    C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
    C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe
    C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\STOPzilla!\STOPzilla.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
    C:\Users\Mar\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Mar\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Mar\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Users\Mar\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\STOPzilla!\SZOptionsFlash.exe
    C:\Users\Mar\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Mar\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Mar\Desktop\HijackThis (1).exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe,
    O1 - Hosts: ::1 localhost
    O1 - Hosts: 217.23.4.166 www.google-analytics.com.
    O1 - Hosts: 217.23.4.166 ad-emea.doubleclick.net.
    O1 - Hosts: 217.23.4.166 www.statcounter.com.
    O1 - Hosts: 178.250.45.15 www.google-analytics.com.
    O1 - Hosts: 178.250.45.15 ad-emea.doubleclick.net.
    O1 - Hosts: 178.250.45.15 www.statcounter.com.
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O4 - HKLM\..\Run: [BCWipeTM Startup] "C:\Program Files (x86)\Jetico\BCWipe\BCWipeTM.exe" startup
    O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe" /tray
    O4 - HKLM\..\Run: [Reader Library Launcher] C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\RunOnce: [GrpConv] grpconv -o
    O4 - HKLM\..\RunOnce: [Wrapper] runonce
    O4 - HKCU\..\Run: [Google Update] "C:\Users\Mar\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe
    O4 - HKCU\..\Run: [CC0DF10333AD7B3D3CC627C7A3A1581B112A78B9._service_run] "C:\Users\Mar\AppData\Local\Google\Chrome\Application\chrome.exe" --type=service
    O4 - HKCU\..\RunOnce: [Shockwave Updater] "C:\Windows\SysWOW64\Adobe\Shockwave 11\SwHelper_1161629.exe" -Update
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - Startup: OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
    O4 - Startup: _uninst_98312821.lnk = Mar\AppData\Local\Temp\_uninst_98312821.bat
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Unknown owner - C:\Windows\system32\AEADISRV.EXE (file missing)
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files (x86)\Common Files\iS3\Anti-Spyware\SZServer.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 9485 bytes


    DDS:
    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
    Run by Mar at 0:27:49 on 2011-12-08
    .
    ============== Running Processes ===============
    .
    C:\Program Files (x86)\Common Files\iS3\Anti-Spyware\SZServer.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Users\Mar\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
    C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
    C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe
    C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\STOPzilla!\STOPzilla.exe
    C:\Users\Mar\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Mar\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Mar\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\SysWOW64\rundll32.exe
    C:\Users\Mar\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\STOPzilla!\SZOptionsFlash.exe
    C:\Users\Mar\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Mar\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\Mar\Desktop\HijackThis (1).exe
    C:\Windows\SysWOW64\NOTEPAD.EXE
    C:\Users\Mar\Desktop\dds.com
    .
    ============== Pseudo HJT Report ===============
    .
    uInternet Settings,ProxyOverride = *.local
    mWinlogon: Userinit=userinit.exe,
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    uRun: [Google Update] "C:\Users\Mar\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe
    uRun: [CC0DF10333AD7B3D3CC627C7A3A1581B112A78B9._service_run] "C:\Users\Mar\AppData\Local\Google\Chrome\Application\chrome.exe" --type=service
    uRunOnce: [Shockwave Updater] "C:\Windows\SysWOW64\Adobe\Shockwave 11\SwHelper_1161629.exe" -Update
    mRun: [BCWipeTM Startup] "C:\Program Files (x86)\Jetico\BCWipe\BCWipeTM.exe" startup
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
    mRun: [SoundMAX] "C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe" /tray
    mRun: [Reader Library Launcher] C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRunOnce: [GrpConv] grpconv -o
    mRunOnce: [Wrapper] runonce
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 0 (0x0)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    TCP: DhcpNameServer = 208.67.222.222 208.67.220.220
    TCP: Interfaces\{B22BD763-4DA0-4868-B67A-545CFECF5ABD} : DhcpNameServer = 208.67.222.222 208.67.220.220
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    mRun-x64: [BCWipeTM Startup] "C:\Program Files (x86)\Jetico\BCWipe\BCWipeTM.exe" startup
    mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun-x64: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
    mRun-x64: [SoundMAX] "C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe" /tray
    mRun-x64: [Reader Library Launcher] C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
    mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mRunOnce-x64: [GrpConv] grpconv -o
    mRunOnce-x64: [Wrapper] runonce
    Hosts: 217.23.4.166 www.google-analytics.com.
    Hosts: 217.23.4.166 ad-emea.doubleclick.net.
    Hosts: 217.23.4.166 www.statcounter.com.
    Hosts: 178.250.45.15 www.google-analytics.com.
    Hosts: 178.250.45.15 ad-emea.doubleclick.net.
    .
    Note: multiple HOSTS entries found. Please refer to Attach.txt
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Mar\AppData\Roaming\Mozilla\Firefox\Profiles\4ytkpio3.default\
    FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\components\dwmxpcom.dll
    FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\components\coolirisstub.dll
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Sony\Reader\Data\bin\npebldetectmoz.dll
    FF - plugin: C:\Program Files (x86)\Win7codecs\rm\browser\plugins\nppl3260.dll
    FF - plugin: C:\Program Files (x86)\Win7codecs\rm\browser\plugins\nprpjplug.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Users\Mar\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
    FF - plugin: C:\Users\Mar\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
    FF - plugin: C:\Users\Mar\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R? BCSWAP;BCSWAP
    R? is3srv;is3srv
    R? RdpVideoMiniport;Remote Desktop Video Miniport Driver
    R? Synth3dVsc;Synth3dVsc
    R? TsUsbFlt;TsUsbFlt
    R? tsusbhub;tsusbhub
    R? USBAAPL64;Apple Mobile USB Driver
    R? VGPU;VGPU
    R? WatAdminSvc;Windows Activation Technologies Service
    S? 09486821;09486821
    S? 10871510;10871510
    S? 1422311drv;1422311drv
    S? 20306433;20306433
    S? 7179322drv;7179322drv
    S? AMD External Events Utility;AMD External Events Utility
    S? amdkmdag;amdkmdag
    S? amdkmdap;amdkmdap
    S? AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller
    S? AtiHDAudioService;ATI Function Driver for HD Audio Service
    S? cpuz132;cpuz132
    S? szkg5;szkg5
    S? WSDPrintDevice;WSD Print Support via UMB
    .
    =============== Created Last 30 ================
    .
    2011-12-06 14:23:40 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E824875A-DD1E-4B20-A85E-85DEEF85DA44}\offreg.dll
    2011-12-06 14:23:24 8822856 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E824875A-DD1E-4B20-A85E-85DEEF85DA44}\mpengine.dll
    2011-12-06 13:17:21 460888 ----a-w- C:\Windows\System32\drivers\09486821.sys
    2011-12-05 05:19:10 -------- d-----w- C:\ProgramData\Kaspersky Lab
    2011-12-04 06:40:07 -------- d-----w- C:\Program Files (x86)\Comical
    2011-12-03 02:31:55 -------- d-----w- C:\Program Files (x86)\STOPzilla!
    2011-12-03 02:31:54 -------- d-----w- C:\ProgramData\STOPzilla!
    2011-12-03 02:31:54 -------- d-----w- C:\Program Files (x86)\Common Files\iS3
    2011-12-01 00:45:38 547880 ----a-r- C:\Windows\SysWow64\SZComp5.dll
    2011-12-01 00:45:38 24616 ----a-r- C:\Windows\SysWow64\SZIO5.dll
    2011-12-01 00:45:38 134184 ----a-r- C:\Windows\SysWow64\IS3HTUI5.dll
    2011-12-01 00:45:36 68648 ----a-r- C:\Windows\SysWow64\IS3Hks5.dll
    2011-12-01 00:45:36 482344 ----a-r- C:\Windows\SysWow64\SZBase5.dll
    2011-12-01 00:45:36 457768 ----a-r- C:\Windows\SysWow64\IS3DBA5.dll
    2011-12-01 00:45:36 392232 ----a-r- C:\Windows\SysWow64\IS3UI5.dll
    2011-12-01 00:45:36 30248 ----a-r- C:\Windows\SysWow64\IS3XDat5.dll
    2011-12-01 00:45:36 232488 ----a-r- C:\Windows\SysWow64\IS3Win325.dll
    2011-12-01 00:45:36 105512 ----a-r- C:\Windows\SysWow64\IS3Inet5.dll
    2011-12-01 00:45:36 101416 ----a-r- C:\Windows\SysWow64\IS3Svc5.dll
    2011-12-01 00:45:34 740392 ----a-r- C:\Windows\SysWow64\IS3Base5.dll
    2011-11-27 07:10:52 -------- d-----w- C:\Users\Mar\AppData\Local\{85442D8A-D45E-4D2E-A5F9-6B8A3ED23697}
    2011-11-27 07:10:32 -------- d-----w- C:\Users\Mar\AppData\Local\{C01113D0-BCEE-49D3-B51B-CB7ECAAD34AC}
    2011-11-27 07:10:32 -------- d-----w- C:\Users\Mar\AppData\Local\{B09B2D15-B914-44EA-A042-21F17C84E20A}
    2011-11-23 02:17:52 -------- d-----w- C:\Users\Mar\AppData\Local\{FBF896F9-E316-48C0-8A97-9CFD60BC5E81}
    2011-11-23 02:17:42 -------- d-----w- C:\Users\Mar\AppData\Local\{06E9CF13-AF90-4DEC-A588-242A1D5FE862}
    2011-11-23 02:15:56 -------- d-----w- C:\Windows\en
    2011-11-23 02:14:17 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
    2011-11-23 02:13:11 -------- d-----w- C:\Windows\PCHEALTH
    2011-11-23 02:12:31 69464 ----a-w- C:\Windows\SysWow64\XAPOFX1_3.dll
    2011-11-23 02:12:31 523088 ----a-w- C:\Windows\System32\d3dx10_42.dll
    2011-11-23 02:12:31 515416 ----a-w- C:\Windows\SysWow64\XAudio2_5.dll
    2011-11-23 02:12:31 453456 ----a-w- C:\Windows\SysWow64\d3dx10_42.dll
    2011-11-23 02:12:08 4398360 ----a-w- C:\Windows\System32\d3dx9_32.dll
    2011-11-23 02:12:08 3426072 ----a-w- C:\Windows\SysWow64\d3dx9_32.dll
    2011-11-23 02:11:49 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\41cabf2c1cca98518\DSETUP.dll
    2011-11-23 02:11:49 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\41cabf2c1cca98518\DXSETUP.exe
    2011-11-23 02:11:49 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\41cabf2c1cca98518\dsetup32.dll
    2011-11-23 02:11:43 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\3d5db7851cca98517\DSETUP.dll
    2011-11-23 02:11:43 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\3d5db7851cca98517\DXSETUP.exe
    2011-11-23 02:11:43 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\3d5db7851cca98517\dsetup32.dll
    2011-11-23 02:07:18 -------- d-----w- C:\Users\Mar\AppData\Local\Windows Live
    2011-11-23 02:07:16 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live
    2011-11-16 02:40:32 -------- d-----w- C:\Program Files\iTunes
    2011-11-16 02:40:32 -------- d-----w- C:\Program Files\iPod
    2011-11-16 02:40:32 -------- d-----w- C:\Program Files (x86)\iTunes
    2011-11-09 05:36:01 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll
    2011-11-09 05:36:01 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
    2011-11-09 05:36:00 3144704 ----a-w- C:\Windows\System32\win32k.sys
    2011-11-09 05:36:00 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    .
    ==================== Find3M ====================
    .
    2011-11-28 20:41:46 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-10-30 20:07:01 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
    2011-10-30 20:07:00 175616 ----a-w- C:\Windows\System32\msclmd.dll
    2011-10-24 19:29:02 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
    2011-10-24 19:29:02 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
    2011-10-03 10:06:03 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
    2011-09-26 16:21:26 74768 ----a-r- C:\Windows\SysWow64\drivers\SZKG64.sys
    2011-09-26 16:21:26 74768 ----a-r- C:\Windows\SysWow64\drivers\is3srv64.sys
    2011-09-26 13:22:40 431104 ----a-w- C:\Windows\System32\wrap_oal.dll
    2011-09-26 13:22:40 409600 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
    2011-09-26 13:22:40 136192 ----a-w- C:\Windows\System32\OpenAL32.dll
    2011-09-26 13:22:40 114688 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
    2011-09-25 14:09:00 0 ----a-w- C:\Windows\ativpsrm.bin
    .
    ============= FINISH: 0:28:42.03 ===============


    Attach:
    .
    ==== Hosts File Hijack ======================
    .
    Hosts: 217.23.4.166 www.google-analytics.com.
    Hosts: 217.23.4.166 ad-emea.doubleclick.net.
    Hosts: 217.23.4.166 www.statcounter.com.
    Hosts: 178.250.45.15 www.google-analytics.com.
    Hosts: 178.250.45.15 ad-emea.doubleclick.net.
    Hosts: 178.250.45.15 www.statcounter.com.
    .
    ==== Installed Programs ======================
    .
    Adobe Flash Player 10 ActiveX
    Adobe Reader 9.4.6
    Adobe Shockwave Player 11.6
    Apple Application Support
    Apple Software Update
    µTorrent
    BCWipe 3.0
    Catalyst Control Center
    Catalyst Control Center - Branding
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    Comical 0.8
    D3DX10
    EVEREST Ultimate Edition
    Google Chrome
    Google Talk Plugin
    Host OpenAL (ADI)
    HydraVision
    ImgBurn
    IrfanView (remove only)
    Java Auto Updater
    Java(TM) 6 Update 29
    Malwarebytes' Anti-Malware version 1.51.2.1300
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Mozilla Firefox 7.0.1 (x86 en-US)
    MSVCRT
    OpenOffice.org 3.3
    QuickPar 0.9
    QuickTime
    Reader Library by Sony
    SoundMAX
    Spelling Dictionaries Support For Adobe Reader 9
    STOPzilla
    swMSM
    UltraISO Premium V9.35
    Universal Extractor 1.6
    VLC media player 1.0.1
    Win7codecs
    Winamp
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Xvid Video Codec
    .
    ==== End Of File ===========================
     
  2. CandiedMicrobe

    CandiedMicrobe Thread Starter

    Joined:
    Dec 8, 2011
    Messages:
    4
    Hello? Anyone there?
     
  3. Blade81

    Blade81 Malware Specialist

    Joined:
    Oct 27, 2006
    Messages:
    924
    Hi,

    Sorry for delayed response. Forums have been really busy. If you still need help with this post fresh dds logs, please.
     
  4. CandiedMicrobe

    CandiedMicrobe Thread Starter

    Joined:
    Dec 8, 2011
    Messages:
    4
    DDS

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
    Run by Mar at 10:55:11 on 2012-01-02
    .
    ============== Running Processes ===============
    .
    C:\Program Files (x86)\Common Files\iS3\Anti-Spyware\SZServer.exe
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\Common Files\iS3\Anti-Spyware\SZScanner.exe
    C:\Program Files (x86)\STOPzilla!\STOPzilla.exe
    C:\Users\Mar\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
    C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe
    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
    C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe
    C:\Users\Mar\Desktop\dds.com
    .
    ============== Pseudo HJT Report ===============
    .
    uInternet Settings,ProxyOverride = *.local
    mWinlogon: Userinit=userinit.exe,
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    uRun: [Google Update] "C:\Users\Mar\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    uRun: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe
    uRun: [CC0DF10333AD7B3D3CC627C7A3A1581B112A78B9._service_run] "C:\Users\Mar\AppData\Local\Google\Chrome\Application\chrome.exe" --type=service
    mRun: [BCWipeTM Startup] "C:\Program Files (x86)\Jetico\BCWipe\BCWipeTM.exe" startup
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
    mRun: [SoundMAX] "C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe" /tray
    mRun: [Reader Library Launcher] C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    TCP: DhcpNameServer = 208.67.222.222 208.67.220.220
    TCP: Interfaces\{B22BD763-4DA0-4868-B67A-545CFECF5ABD} : DhcpNameServer = 208.67.222.222 208.67.220.220
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    mRun-x64: [BCWipeTM Startup] "C:\Program Files (x86)\Jetico\BCWipe\BCWipeTM.exe" startup
    mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun-x64: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
    mRun-x64: [SoundMAX] "C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe" /tray
    mRun-x64: [Reader Library Launcher] C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
    mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    Hosts: 217.23.4.166 www.google-analytics.com.
    Hosts: 217.23.4.166 ad-emea.doubleclick.net.
    Hosts: 217.23.4.166 www.statcounter.com.
    Hosts: 178.250.45.15 www.google-analytics.com.
    Hosts: 178.250.45.15 ad-emea.doubleclick.net.
    .
    Note: multiple HOSTS entries found. Please refer to Attach.txt
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Mar\AppData\Roaming\Mozilla\Firefox\Profiles\4ytkpio3.default\
    FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\components\dwmxpcom.dll
    FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\components\coolirisstub.dll
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Sony\Reader\Data\bin\npebldetectmoz.dll
    FF - plugin: C:\Program Files (x86)\Win7codecs\rm\browser\plugins\nppl3260.dll
    FF - plugin: C:\Program Files (x86)\Win7codecs\rm\browser\plugins\nprpjplug.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Users\Mar\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
    FF - plugin: C:\Users\Mar\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
    FF - plugin: C:\Users\Mar\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R? BCSWAP;BCSWAP
    R? is3srv;is3srv
    R? RdpVideoMiniport;Remote Desktop Video Miniport Driver
    R? Synth3dVsc;Synth3dVsc
    R? TsUsbFlt;TsUsbFlt
    R? tsusbhub;tsusbhub
    R? USBAAPL64;Apple Mobile USB Driver
    R? VGPU;VGPU
    R? WatAdminSvc;Windows Activation Technologies Service
    S? 09486821;09486821
    S? AMD External Events Utility;AMD External Events Utility
    S? amdkmdag;amdkmdag
    S? amdkmdap;amdkmdap
    S? AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller
    S? AtiHDAudioService;ATI Function Driver for HD Audio Service
    S? cpuz132;cpuz132
    S? szkg5;szkg5
    S? WSDPrintDevice;WSD Print Support via UMB
    .
    =============== Created Last 30 ================
    .
    2012-01-02 15:49:03 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2C0F6C0B-DB02-40CA-8E31-1045B592A818}\offreg.dll
    2012-01-02 15:48:59 8822856 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2C0F6C0B-DB02-40CA-8E31-1045B592A818}\mpengine.dll
    2011-12-15 12:30:25 -------- d-----w- C:\Users\Mar\AppData\Local\VirtualStore
    2011-12-15 03:02:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll
    2011-12-15 02:57:53 3145216 ----a-w- C:\Windows\System32\win32k.sys
    2011-12-15 02:57:52 723456 ----a-w- C:\Windows\System32\EncDec.dll
    2011-12-15 02:57:51 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
    2011-12-15 02:57:49 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2011-12-15 02:57:49 2048 ----a-w- C:\Windows\System32\tzres.dll
    2011-12-06 13:17:21 460888 ----a-w- C:\Windows\System32\drivers\09486821.sys
    2011-12-05 05:19:10 -------- d-----w- C:\ProgramData\Kaspersky Lab
    2011-12-04 06:40:07 -------- d-----w- C:\Program Files (x86)\Comical
    .
    ==================== Find3M ====================
    .
    2011-12-01 00:45:38 547880 ----a-r- C:\Windows\SysWow64\SZComp5.dll
    2011-12-01 00:45:38 24616 ----a-r- C:\Windows\SysWow64\SZIO5.dll
    2011-12-01 00:45:38 134184 ----a-r- C:\Windows\SysWow64\IS3HTUI5.dll
    2011-12-01 00:45:36 68648 ----a-r- C:\Windows\SysWow64\IS3Hks5.dll
    2011-12-01 00:45:36 482344 ----a-r- C:\Windows\SysWow64\SZBase5.dll
    2011-12-01 00:45:36 457768 ----a-r- C:\Windows\SysWow64\IS3DBA5.dll
    2011-12-01 00:45:36 392232 ----a-r- C:\Windows\SysWow64\IS3UI5.dll
    2011-12-01 00:45:36 30248 ----a-r- C:\Windows\SysWow64\IS3XDat5.dll
    2011-12-01 00:45:36 232488 ----a-r- C:\Windows\SysWow64\IS3Win325.dll
    2011-12-01 00:45:36 105512 ----a-r- C:\Windows\SysWow64\IS3Inet5.dll
    2011-12-01 00:45:36 101416 ----a-r- C:\Windows\SysWow64\IS3Svc5.dll
    2011-12-01 00:45:34 740392 ----a-r- C:\Windows\SysWow64\IS3Base5.dll
    2011-11-28 20:41:46 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-11-15 19:29:56 270720 ------w- C:\Windows\System32\MpSigStub.exe
    2011-11-04 01:53:39 2309120 ----a-w- C:\Windows\System32\jscript9.dll
    2011-11-04 01:44:47 1390080 ----a-w- C:\Windows\System32\wininet.dll
    2011-11-04 01:44:21 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
    2011-11-04 01:34:43 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2011-11-03 22:47:42 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2011-11-03 22:40:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2011-11-03 22:39:47 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
    2011-11-03 22:31:57 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2011-10-30 20:07:01 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
    2011-10-30 20:07:00 175616 ----a-w- C:\Windows\System32\msclmd.dll
    2011-10-24 19:29:02 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
    2011-10-24 19:29:02 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
    .
    ============= FINISH: 10:55:42.21 ===============


    Attach
    .
    ==== Hosts File Hijack ======================
    .
    Hosts: 217.23.4.166 www.google-analytics.com.
    Hosts: 217.23.4.166 ad-emea.doubleclick.net.
    Hosts: 217.23.4.166 www.statcounter.com.
    Hosts: 178.250.45.15 www.google-analytics.com.
    Hosts: 178.250.45.15 ad-emea.doubleclick.net.
    Hosts: 178.250.45.15 www.statcounter.com.
    .
    ==== Installed Programs ======================
    .
    Adobe Flash Player 10 ActiveX
    Adobe Reader 9.4.6
    Adobe Shockwave Player 11.6
    Apple Application Support
    Apple Software Update
    µTorrent
    BCWipe 3.0
    Catalyst Control Center
    Catalyst Control Center - Branding
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    Comical 0.8
    D3DX10
    EVEREST Ultimate Edition
    Google Chrome
    Google Talk Plugin
    Host OpenAL (ADI)
    HydraVision
    ImgBurn
    IrfanView (remove only)
    Java Auto Updater
    Java(TM) 6 Update 29
    Malwarebytes' Anti-Malware version 1.51.2.1300
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Mozilla Firefox 7.0.1 (x86 en-US)
    MSVCRT
    OpenOffice.org 3.3
    QuickPar 0.9
    QuickTime
    Reader Library by Sony
    SoundMAX
    Spelling Dictionaries Support For Adobe Reader 9
    STOPzilla
    swMSM
    UltraISO Premium V9.35
    Universal Extractor 1.6
    VLC media player 1.0.1
    Win7codecs
    Winamp
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Xvid Video Codec
    .
    ==== End Of File ===========================
     
  5. Blade81

    Blade81 Malware Specialist

    Joined:
    Oct 27, 2006
    Messages:
    924
    uTorrent

    Above listed ones are P2P file sharing programs. P2P downloads are nowadays one of those things that most likely bring infection into the system. My recommendation is to uninstall these (and other if present) P2P file sharing programs.


    Please visit this webpage for download links, and instructions for running ComboFix tool:

    http://www.bleepingcomputer.com/combofix/how-to-use-combofix

    Please ensure you read this guide carefully first.

    Please continue as follows:

    1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
      Remember to re-enable them afterwards.

    2. Click Yes to allow ComboFix to continue scanning for malware.

    When the tool is finished, it will produce a report for you.

    Please include the following reports for further review, and so we may continue cleansing the system:

    C:\ComboFix.txt
    New dds log.


    A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
     
  6. CandiedMicrobe

    CandiedMicrobe Thread Starter

    Joined:
    Dec 8, 2011
    Messages:
    4
    ComboFix 12-01-02.01 - Mar 02/01/2012 14:24:28.2.2 - x64
    Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.2047.1223 [GMT -5:00]
    Running from: c:\users\Mar\Desktop\ComboFix.exe
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    ---- Previous Run -------
    .
    c:\windows\assembly\temp\@
    c:\windows\assembly\temp\bckfg.tmp
    c:\windows\assembly\temp\cfg.ini
    c:\windows\security\Database\tmp.edb
    c:\windows\system32\drivers\etc\hosts1
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-12-02 to 2012-01-02 )))))))))))))))))))))))))))))))
    .
    .
    2012-01-02 19:28 . 2012-01-02 19:28 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-01-02 15:48 . 2011-11-21 11:40 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2C0F6C0B-DB02-40CA-8E31-1045B592A818}\mpengine.dll
    2011-12-15 12:30 . 2011-12-15 12:30 -------- d-----w- c:\users\Mar\AppData\Local\VirtualStore
    2011-12-15 03:02 . 2011-10-26 05:21 43520 ----a-w- c:\windows\system32\csrsrv.dll
    2011-12-15 02:57 . 2011-11-24 04:52 3145216 ----a-w- c:\windows\system32\win32k.sys
    2011-12-15 02:57 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll
    2011-12-15 02:57 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
    2011-12-15 02:57 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll
    2011-12-15 02:57 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll
    2011-12-06 13:17 . 2011-12-05 13:19 460888 ----a-w- c:\windows\system32\drivers\09486821.sys
    2011-12-05 05:36 . 2011-12-05 05:36 -------- d-----w- c:\program files (x86)\Common Files\Java
    2011-12-05 05:19 . 2011-12-05 05:19 -------- d-----w- c:\programdata\Kaspersky Lab
    2011-12-04 06:40 . 2011-12-04 06:40 -------- d-----w- c:\program files (x86)\Comical
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-11-28 20:41 . 2011-10-04 19:01 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-11-23 02:13 . 2011-03-28 23:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
    2011-11-15 19:29 . 2011-09-25 05:07 270720 ------w- c:\windows\system32\MpSigStub.exe
    2011-10-30 20:11 . 2011-10-30 20:11 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
    2011-10-30 20:11 . 2011-10-30 20:11 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
    2011-10-30 20:11 . 2011-10-30 20:11 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
    2011-10-30 20:11 . 2011-10-30 20:11 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
    2011-10-30 20:11 . 2011-10-30 20:11 161792 ----a-w- c:\windows\SysWow64\msls31.dll
    2011-10-30 20:11 . 2011-10-30 20:11 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
    2011-10-30 20:11 . 2011-10-30 20:11 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
    2011-10-30 20:11 . 2011-10-30 20:11 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
    2011-10-30 20:11 . 2011-10-30 20:11 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
    2011-10-30 20:11 . 2011-10-30 20:11 367104 ----a-w- c:\windows\SysWow64\html.iec
    2011-10-30 20:11 . 2011-10-30 20:11 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
    2011-10-30 20:11 . 2011-10-30 20:11 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
    2011-10-30 20:11 . 2011-10-30 20:11 152064 ----a-w- c:\windows\SysWow64\wextract.exe
    2011-10-30 20:11 . 2011-10-30 20:11 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
    2011-10-30 20:11 . 2011-10-30 20:11 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
    2011-10-30 20:11 . 2011-10-30 20:11 11776 ----a-w- c:\windows\SysWow64\mshta.exe
    2011-10-30 20:11 . 2011-10-30 20:11 101888 ----a-w- c:\windows\SysWow64\admparse.dll
    2011-10-30 20:11 . 2011-10-30 20:11 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
    2011-10-30 20:11 . 2011-10-30 20:11 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
    2011-10-30 20:11 . 2011-10-30 20:11 76800 ----a-w- c:\windows\system32\tdc.ocx
    2011-10-30 20:11 . 2011-10-30 20:11 49664 ----a-w- c:\windows\system32\imgutil.dll
    2011-10-30 20:11 . 2011-10-30 20:11 48640 ----a-w- c:\windows\system32\mshtmler.dll
    2011-10-30 20:11 . 2011-10-30 20:11 448512 ----a-w- c:\windows\system32\html.iec
    2011-10-30 20:11 . 2011-10-30 20:11 222208 ----a-w- c:\windows\system32\msls31.dll
    2011-10-30 20:11 . 2011-10-30 20:11 173056 ----a-w- c:\windows\system32\ieUnatt.exe
    2011-10-30 20:11 . 2011-10-30 20:11 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
    2011-10-30 20:11 . 2011-10-30 20:11 12288 ----a-w- c:\windows\system32\mshta.exe
    2011-10-30 20:11 . 2011-10-30 20:11 114176 ----a-w- c:\windows\system32\admparse.dll
    2011-10-30 20:11 . 2011-10-30 20:11 111616 ----a-w- c:\windows\system32\iesysprep.dll
    2011-10-30 20:11 . 2011-10-30 20:11 85504 ----a-w- c:\windows\system32\iesetup.dll
    2011-10-30 20:11 . 2011-10-30 20:11 603648 ----a-w- c:\windows\system32\vbscript.dll
    2011-10-30 20:11 . 2011-10-30 20:11 30720 ----a-w- c:\windows\system32\licmgr10.dll
    2011-10-30 20:11 . 2011-10-30 20:11 165888 ----a-w- c:\windows\system32\iexpress.exe
    2011-10-30 20:11 . 2011-10-30 20:11 160256 ----a-w- c:\windows\system32\wextract.exe
    2011-10-30 20:07 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
    2011-10-30 20:07 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
    2011-10-24 19:29 . 2011-10-24 19:29 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
    2011-10-24 19:29 . 2011-10-24 19:29 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Xvid"="c:\program files (x86)\Xvid\CheckUpdate.exe" [2011-01-17 8192]
    "CC0DF10333AD7B3D3CC627C7A3A1581B112A78B9._service_run"="c:\users\Mar\AppData\Local\Google\Chrome\Application\chrome.exe" [2011-12-07 1047096]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "BCWipeTM Startup"="c:\program files (x86)\Jetico\BCWipe\BCWipeTM.exe" [2008-09-04 545520]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-05-25 336384]
    "SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2008-01-02 1302528]
    "Reader Library Launcher"="c:\program files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe" [2010-07-13 906648]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
    "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-11-13 421736]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
    .
    c:\users\Mar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
    _uninst_98312821.lnk - c:\users\Mar\AppData\Local\Temp\_uninst_98312821.bat [N/A]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
    R4 BCSWAP;BCSWAP; [x]
    S0 09486821;09486821;c:\windows\system32\DRIVERS\09486821.sys [x]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
    S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\l160x64.sys [x]
    S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
    S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-12-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3140147951-3475380347-583160475-1000Core.job
    - c:\users\Mar\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-25 14:14]
    .
    2012-01-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3140147951-3475380347-583160475-1000UA.job
    - c:\users\Mar\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-25 14:14]
    .
    .
    --------- x86-64 -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "LoadAppInit_DLLs"=0x0
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    TCP: DhcpNameServer = 208.67.222.222 208.67.220.220
    FF - ProfilePath - c:\users\Mar\AppData\Roaming\Mozilla\Firefox\Profiles\4ytkpio3.default\
    .
    - - - - ORPHANS REMOVED - - - -
    .
    AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.10"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker3"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    .
    **************************************************************************
    .
    Completion time: 2012-01-02 14:32:27 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-01-02 19:32
    .
    Pre-Run: 62,620,364,800 bytes free
    Post-Run: 62,202,802,176 bytes free
    .
    - - End Of File - - 6BE28610A447D2DF55A0B37623D47D13

    DDS

    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
    Run by Mar at 14:39:18 on 2012-01-02
    .
    ============== Running Processes ===============
    .
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Users\Mar\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
    C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
    C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
    C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
    C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Users\Mar\Desktop\dds.com
    .
    ============== Pseudo HJT Report ===============
    .
    uInternet Settings,ProxyOverride = *.local
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    uRun: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe
    uRun: [CC0DF10333AD7B3D3CC627C7A3A1581B112A78B9._service_run] "C:\Users\Mar\AppData\Local\Google\Chrome\Application\chrome.exe" --type=service
    mRun: [BCWipeTM Startup] "C:\Program Files (x86)\Jetico\BCWipe\BCWipeTM.exe" startup
    mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
    mRun: [Reader Library Launcher] C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    TCP: DhcpNameServer = 208.67.222.222 208.67.220.220
    TCP: Interfaces\{B22BD763-4DA0-4868-B67A-545CFECF5ABD} : DhcpNameServer = 208.67.222.222 208.67.220.220
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    mRun-x64: [BCWipeTM Startup] "C:\Program Files (x86)\Jetico\BCWipe\BCWipeTM.exe" startup
    mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    mRun-x64: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
    mRun-x64: [Reader Library Launcher] C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
    mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    Hosts: 217.23.4.166 www.google-analytics.com.
    Hosts: 217.23.4.166 ad-emea.doubleclick.net.
    Hosts: 217.23.4.166 www.statcounter.com.
    Hosts: 178.250.45.15 www.google-analytics.com.
    Hosts: 178.250.45.15 ad-emea.doubleclick.net.
    .
    Note: multiple HOSTS entries found. Please refer to Attach.txt
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - C:\Users\Mar\AppData\Roaming\Mozilla\Firefox\Profiles\4ytkpio3.default\
    FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
    FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
    FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
    FF - plugin: C:\Program Files (x86)\Sony\Reader\Data\bin\npebldetectmoz.dll
    FF - plugin: C:\Program Files (x86)\Win7codecs\rm\browser\plugins\nppl3260.dll
    FF - plugin: C:\Program Files (x86)\Win7codecs\rm\browser\plugins\nprpjplug.dll
    FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
    FF - plugin: C:\Users\Mar\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
    FF - plugin: C:\Users\Mar\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
    FF - plugin: C:\Users\Mar\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
    FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R? BCSWAP;BCSWAP
    R? RdpVideoMiniport;Remote Desktop Video Miniport Driver
    R? Synth3dVsc;Synth3dVsc
    R? TsUsbFlt;TsUsbFlt
    R? tsusbhub;tsusbhub
    R? USBAAPL64;Apple Mobile USB Driver
    R? VGPU;VGPU
    R? WatAdminSvc;Windows Activation Technologies Service
    R? WSDPrintDevice;WSD Print Support via UMB
    S? 09486821;09486821
    S? AMD External Events Utility;AMD External Events Utility
    S? amdkmdag;amdkmdag
    S? amdkmdap;amdkmdap
    S? AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller
    S? AtiHDAudioService;ATI Function Driver for HD Audio Service
    S? cpuz132;cpuz132
    .
    =============== Created Last 30 ================
    .
    2012-01-02 19:29:24 -------- d-----w- C:\$RECYCLE.BIN
    2012-01-02 16:56:10 98816 ----a-w- C:\Windows\sed.exe
    2012-01-02 16:56:10 518144 ----a-w- C:\Windows\SWREG.exe
    2012-01-02 16:56:10 256000 ----a-w- C:\Windows\PEV.exe
    2012-01-02 16:56:10 208896 ----a-w- C:\Windows\MBR.exe
    2012-01-02 15:48:59 8822856 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2C0F6C0B-DB02-40CA-8E31-1045B592A818}\mpengine.dll
    2011-12-15 12:30:25 -------- d-----w- C:\Users\Mar\AppData\Local\VirtualStore
    2011-12-15 03:02:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll
    2011-12-15 02:57:53 3145216 ----a-w- C:\Windows\System32\win32k.sys
    2011-12-15 02:57:52 723456 ----a-w- C:\Windows\System32\EncDec.dll
    2011-12-15 02:57:51 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
    2011-12-15 02:57:49 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2011-12-15 02:57:49 2048 ----a-w- C:\Windows\System32\tzres.dll
    2011-12-06 13:17:21 460888 ----a-w- C:\Windows\System32\drivers\09486821.sys
    2011-12-05 05:19:10 -------- d-----w- C:\ProgramData\Kaspersky Lab
    2011-12-04 06:40:07 -------- d-----w- C:\Program Files (x86)\Comical
    .
    ==================== Find3M ====================
    .
    2011-11-28 20:41:46 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2011-11-15 19:29:56 270720 ------w- C:\Windows\System32\MpSigStub.exe
    2011-11-04 01:53:39 2309120 ----a-w- C:\Windows\System32\jscript9.dll
    2011-11-04 01:44:47 1390080 ----a-w- C:\Windows\System32\wininet.dll
    2011-11-04 01:44:21 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
    2011-11-04 01:34:43 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2011-11-03 22:47:42 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2011-11-03 22:40:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2011-11-03 22:39:47 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
    2011-11-03 22:31:57 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2011-10-30 20:07:01 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
    2011-10-30 20:07:00 175616 ----a-w- C:\Windows\System32\msclmd.dll
    2011-10-24 19:29:02 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
    2011-10-24 19:29:02 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
    .
    ============= FINISH: 14:39:55.84 ===============

    Attach

    .
    ==== Hosts File Hijack ======================
    .
    Hosts: 217.23.4.166 www.google-analytics.com.
    Hosts: 217.23.4.166 ad-emea.doubleclick.net.
    Hosts: 217.23.4.166 www.statcounter.com.
    Hosts: 178.250.45.15 www.google-analytics.com.
    Hosts: 178.250.45.15 ad-emea.doubleclick.net.
    Hosts: 178.250.45.15 www.statcounter.com.
    .
    ==== Installed Programs ======================
    .
    Adobe Flash Player 10 ActiveX
    Adobe Reader 9.4.6
    Adobe Shockwave Player 11.6
    Apple Application Support
    Apple Software Update
    µTorrent
    BCWipe 3.0
    Catalyst Control Center
    Catalyst Control Center - Branding
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    Comical 0.8
    D3DX10
    EVEREST Ultimate Edition
    Google Chrome
    Google Talk Plugin
    Host OpenAL (ADI)
    HydraVision
    ImgBurn
    IrfanView (remove only)
    Java Auto Updater
    Java(TM) 6 Update 29
    Malwarebytes' Anti-Malware version 1.51.2.1300
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Mozilla Firefox 7.0.1 (x86 en-US)
    MSVCRT
    OpenOffice.org 3.3
    QuickPar 0.9
    QuickTime
    Reader Library by Sony
    SoundMAX
    Spelling Dictionaries Support For Adobe Reader 9
    swMSM
    UltraISO Premium V9.35
    Universal Extractor 1.6
    VLC media player 1.0.1
    Win7codecs
    Winamp
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Xvid Video Codec
    .
    ==== End Of File ===========================
     
  7. Blade81

    Blade81 Malware Specialist

    Joined:
    Oct 27, 2006
    Messages:
    924
    Hi again,


    Open notepad and copy/paste the text in the quotebox below into it:

    Code:
    File::
    c:\windows\system32\drivers\etc\HOSTS
    c:\users\Mar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_98312821.lnk
    

    Save this as
    CFScript

    A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

    [​IMG]

    Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe (let the tool to update itself if prompted).
    Then post the resultant log.


    Uninstall old Adobe Reader versions and get the latest one (Adobe Reader 10.1 and separate 10.1.1 update for it) here or get Foxit Reader here. Make sure you don't (unless you want to) install toolbar if choose Foxit Reader! You may also check free readers introduced here.


    Uninstall vulnerable Flash versions by following instructions here. Fresh version can be obtained here.


    * Go here to run an online scanner from ESET.
    • Note: You will need to use Internet explorer for this scan
    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the activex control to install
    • Click Start
    • Make sure that the option Remove found threats is UNchecked and the option Scan unwanted applications is checkmarked.
    • Click Scan
    • Wait for the scan to finish.

    Post back its report, fresh dds logs and above mentioned ComboFix resultant log.
     
  8. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1030258

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice