Randomish Website redirects, can't edit hosts or turn on firewall

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

CandiedMicrobe

Thread Starter
Joined
Dec 8, 2011
Messages
4
Hi! I recently bought a used computer that had no anti-anything or even a working firewall.

1) I noticed redirects and thought I would try turning on the firewall, but its not allowing it. Here is my hijackthis, DDS, and attach logs.
2) I noticed at the end of the hijackthis log there seems to be a lot of things missing. I have been having trouble trying to add this computer to my home network and wondered if this might have anything to do with it also.

Please advise me.

Hijackthis:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:26:14 AM, on 08/12/2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Users\Mar\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe
C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\STOPzilla!\STOPzilla.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Users\Mar\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mar\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mar\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Mar\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\STOPzilla!\SZOptionsFlash.exe
C:\Users\Mar\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mar\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mar\Desktop\HijackThis (1).exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: ::1 localhost
O1 - Hosts: 217.23.4.166 www.google-analytics.com.
O1 - Hosts: 217.23.4.166 ad-emea.doubleclick.net.
O1 - Hosts: 217.23.4.166 www.statcounter.com.
O1 - Hosts: 178.250.45.15 www.google-analytics.com.
O1 - Hosts: 178.250.45.15 ad-emea.doubleclick.net.
O1 - Hosts: 178.250.45.15 www.statcounter.com.
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [BCWipeTM Startup] "C:\Program Files (x86)\Jetico\BCWipe\BCWipeTM.exe" startup
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe" /tray
O4 - HKLM\..\Run: [Reader Library Launcher] C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\RunOnce: [GrpConv] grpconv -o
O4 - HKLM\..\RunOnce: [Wrapper] runonce
O4 - HKCU\..\Run: [Google Update] "C:\Users\Mar\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe
O4 - HKCU\..\Run: [CC0DF10333AD7B3D3CC627C7A3A1581B112A78B9._service_run] "C:\Users\Mar\AppData\Local\Google\Chrome\Application\chrome.exe" --type=service
O4 - HKCU\..\RunOnce: [Shockwave Updater] "C:\Windows\SysWOW64\Adobe\Shockwave 11\SwHelper_1161629.exe" -Update
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
O4 - Startup: _uninst_98312821.lnk = Mar\AppData\Local\Temp\_uninst_98312821.bat
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Unknown owner - C:\Windows\system32\AEADISRV.EXE (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files (x86)\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - C:\Program Files (x86)\Common Files\iS3\Anti-Spyware\SZServer.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9485 bytes


DDS:
.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by Mar at 0:27:49 on 2011-12-08
.
============== Running Processes ===============
.
C:\Program Files (x86)\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Users\Mar\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe
C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\STOPzilla!\STOPzilla.exe
C:\Users\Mar\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mar\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mar\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Mar\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\STOPzilla!\SZOptionsFlash.exe
C:\Users\Mar\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mar\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Mar\Desktop\HijackThis (1).exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Users\Mar\Desktop\dds.com
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [Google Update] "C:\Users\Mar\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe
uRun: [CC0DF10333AD7B3D3CC627C7A3A1581B112A78B9._service_run] "C:\Users\Mar\AppData\Local\Google\Chrome\Application\chrome.exe" --type=service
uRunOnce: [Shockwave Updater] "C:\Windows\SysWOW64\Adobe\Shockwave 11\SwHelper_1161629.exe" -Update
mRun: [BCWipeTM Startup] "C:\Program Files (x86)\Jetico\BCWipe\BCWipeTM.exe" startup
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
mRun: [SoundMAX] "C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe" /tray
mRun: [Reader Library Launcher] C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRunOnce: [GrpConv] grpconv -o
mRunOnce: [Wrapper] runonce
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 208.67.222.222 208.67.220.220
TCP: Interfaces\{B22BD763-4DA0-4868-B67A-545CFECF5ABD} : DhcpNameServer = 208.67.222.222 208.67.220.220
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun-x64: [BCWipeTM Startup] "C:\Program Files (x86)\Jetico\BCWipe\BCWipeTM.exe" startup
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
mRun-x64: [SoundMAX] "C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe" /tray
mRun-x64: [Reader Library Launcher] C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRunOnce-x64: [GrpConv] grpconv -o
mRunOnce-x64: [Wrapper] runonce
Hosts: 217.23.4.166 www.google-analytics.com.
Hosts: 217.23.4.166 ad-emea.doubleclick.net.
Hosts: 217.23.4.166 www.statcounter.com.
Hosts: 178.250.45.15 www.google-analytics.com.
Hosts: 178.250.45.15 ad-emea.doubleclick.net.
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Mar\AppData\Roaming\Mozilla\Firefox\Profiles\4ytkpio3.default\
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\components\dwmxpcom.dll
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\components\coolirisstub.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Sony\Reader\Data\bin\npebldetectmoz.dll
FF - plugin: C:\Program Files (x86)\Win7codecs\rm\browser\plugins\nppl3260.dll
FF - plugin: C:\Program Files (x86)\Win7codecs\rm\browser\plugins\nprpjplug.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Mar\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Users\Mar\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Mar\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R? BCSWAP;BCSWAP
R? is3srv;is3srv
R? RdpVideoMiniport;Remote Desktop Video Miniport Driver
R? Synth3dVsc;Synth3dVsc
R? TsUsbFlt;TsUsbFlt
R? tsusbhub;tsusbhub
R? USBAAPL64;Apple Mobile USB Driver
R? VGPU;VGPU
R? WatAdminSvc;Windows Activation Technologies Service
S? 09486821;09486821
S? 10871510;10871510
S? 1422311drv;1422311drv
S? 20306433;20306433
S? 7179322drv;7179322drv
S? AMD External Events Utility;AMD External Events Utility
S? amdkmdag;amdkmdag
S? amdkmdap;amdkmdap
S? AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller
S? AtiHDAudioService;ATI Function Driver for HD Audio Service
S? cpuz132;cpuz132
S? szkg5;szkg5
S? WSDPrintDevice;WSD Print Support via UMB
.
=============== Created Last 30 ================
.
2011-12-06 14:23:40 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E824875A-DD1E-4B20-A85E-85DEEF85DA44}\offreg.dll
2011-12-06 14:23:24 8822856 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E824875A-DD1E-4B20-A85E-85DEEF85DA44}\mpengine.dll
2011-12-06 13:17:21 460888 ----a-w- C:\Windows\System32\drivers\09486821.sys
2011-12-05 05:19:10 -------- d-----w- C:\ProgramData\Kaspersky Lab
2011-12-04 06:40:07 -------- d-----w- C:\Program Files (x86)\Comical
2011-12-03 02:31:55 -------- d-----w- C:\Program Files (x86)\STOPzilla!
2011-12-03 02:31:54 -------- d-----w- C:\ProgramData\STOPzilla!
2011-12-03 02:31:54 -------- d-----w- C:\Program Files (x86)\Common Files\iS3
2011-12-01 00:45:38 547880 ----a-r- C:\Windows\SysWow64\SZComp5.dll
2011-12-01 00:45:38 24616 ----a-r- C:\Windows\SysWow64\SZIO5.dll
2011-12-01 00:45:38 134184 ----a-r- C:\Windows\SysWow64\IS3HTUI5.dll
2011-12-01 00:45:36 68648 ----a-r- C:\Windows\SysWow64\IS3Hks5.dll
2011-12-01 00:45:36 482344 ----a-r- C:\Windows\SysWow64\SZBase5.dll
2011-12-01 00:45:36 457768 ----a-r- C:\Windows\SysWow64\IS3DBA5.dll
2011-12-01 00:45:36 392232 ----a-r- C:\Windows\SysWow64\IS3UI5.dll
2011-12-01 00:45:36 30248 ----a-r- C:\Windows\SysWow64\IS3XDat5.dll
2011-12-01 00:45:36 232488 ----a-r- C:\Windows\SysWow64\IS3Win325.dll
2011-12-01 00:45:36 105512 ----a-r- C:\Windows\SysWow64\IS3Inet5.dll
2011-12-01 00:45:36 101416 ----a-r- C:\Windows\SysWow64\IS3Svc5.dll
2011-12-01 00:45:34 740392 ----a-r- C:\Windows\SysWow64\IS3Base5.dll
2011-11-27 07:10:52 -------- d-----w- C:\Users\Mar\AppData\Local\{85442D8A-D45E-4D2E-A5F9-6B8A3ED23697}
2011-11-27 07:10:32 -------- d-----w- C:\Users\Mar\AppData\Local\{C01113D0-BCEE-49D3-B51B-CB7ECAAD34AC}
2011-11-27 07:10:32 -------- d-----w- C:\Users\Mar\AppData\Local\{B09B2D15-B914-44EA-A042-21F17C84E20A}
2011-11-23 02:17:52 -------- d-----w- C:\Users\Mar\AppData\Local\{FBF896F9-E316-48C0-8A97-9CFD60BC5E81}
2011-11-23 02:17:42 -------- d-----w- C:\Users\Mar\AppData\Local\{06E9CF13-AF90-4DEC-A588-242A1D5FE862}
2011-11-23 02:15:56 -------- d-----w- C:\Windows\en
2011-11-23 02:14:17 -------- d-----w- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2011-11-23 02:13:11 -------- d-----w- C:\Windows\PCHEALTH
2011-11-23 02:12:31 69464 ----a-w- C:\Windows\SysWow64\XAPOFX1_3.dll
2011-11-23 02:12:31 523088 ----a-w- C:\Windows\System32\d3dx10_42.dll
2011-11-23 02:12:31 515416 ----a-w- C:\Windows\SysWow64\XAudio2_5.dll
2011-11-23 02:12:31 453456 ----a-w- C:\Windows\SysWow64\d3dx10_42.dll
2011-11-23 02:12:08 4398360 ----a-w- C:\Windows\System32\d3dx9_32.dll
2011-11-23 02:12:08 3426072 ----a-w- C:\Windows\SysWow64\d3dx9_32.dll
2011-11-23 02:11:49 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\41cabf2c1cca98518\DSETUP.dll
2011-11-23 02:11:49 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\41cabf2c1cca98518\DXSETUP.exe
2011-11-23 02:11:49 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\41cabf2c1cca98518\dsetup32.dll
2011-11-23 02:11:43 94040 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\3d5db7851cca98517\DSETUP.dll
2011-11-23 02:11:43 525656 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\3d5db7851cca98517\DXSETUP.exe
2011-11-23 02:11:43 1691480 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\3d5db7851cca98517\dsetup32.dll
2011-11-23 02:07:18 -------- d-----w- C:\Users\Mar\AppData\Local\Windows Live
2011-11-23 02:07:16 -------- d-----w- C:\Program Files (x86)\Common Files\Windows Live
2011-11-16 02:40:32 -------- d-----w- C:\Program Files\iTunes
2011-11-16 02:40:32 -------- d-----w- C:\Program Files\iPod
2011-11-16 02:40:32 -------- d-----w- C:\Program Files (x86)\iTunes
2011-11-09 05:36:01 886784 ----a-w- C:\Program Files\Common Files\System\wab32.dll
2011-11-09 05:36:01 708608 ----a-w- C:\Program Files (x86)\Common Files\System\wab32.dll
2011-11-09 05:36:00 3144704 ----a-w- C:\Windows\System32\win32k.sys
2011-11-09 05:36:00 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys
.
==================== Find3M ====================
.
2011-11-28 20:41:46 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-10-30 20:07:01 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-10-30 20:07:00 175616 ----a-w- C:\Windows\System32\msclmd.dll
2011-10-24 19:29:02 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2011-10-24 19:29:02 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
2011-10-03 10:06:03 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2011-09-26 16:21:26 74768 ----a-r- C:\Windows\SysWow64\drivers\SZKG64.sys
2011-09-26 16:21:26 74768 ----a-r- C:\Windows\SysWow64\drivers\is3srv64.sys
2011-09-26 13:22:40 431104 ----a-w- C:\Windows\System32\wrap_oal.dll
2011-09-26 13:22:40 409600 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2011-09-26 13:22:40 136192 ----a-w- C:\Windows\System32\OpenAL32.dll
2011-09-26 13:22:40 114688 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2011-09-25 14:09:00 0 ----a-w- C:\Windows\ativpsrm.bin
.
============= FINISH: 0:28:42.03 ===============


Attach:
.
==== Hosts File Hijack ======================
.
Hosts: 217.23.4.166 www.google-analytics.com.
Hosts: 217.23.4.166 ad-emea.doubleclick.net.
Hosts: 217.23.4.166 www.statcounter.com.
Hosts: 178.250.45.15 www.google-analytics.com.
Hosts: 178.250.45.15 ad-emea.doubleclick.net.
Hosts: 178.250.45.15 www.statcounter.com.
.
==== Installed Programs ======================
.
Adobe Flash Player 10 ActiveX
Adobe Reader 9.4.6
Adobe Shockwave Player 11.6
Apple Application Support
Apple Software Update
µTorrent
BCWipe 3.0
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Comical 0.8
D3DX10
EVEREST Ultimate Edition
Google Chrome
Google Talk Plugin
Host OpenAL (ADI)
HydraVision
ImgBurn
IrfanView (remove only)
Java Auto Updater
Java(TM) 6 Update 29
Malwarebytes' Anti-Malware version 1.51.2.1300
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 7.0.1 (x86 en-US)
MSVCRT
OpenOffice.org 3.3
QuickPar 0.9
QuickTime
Reader Library by Sony
SoundMAX
Spelling Dictionaries Support For Adobe Reader 9
STOPzilla
swMSM
UltraISO Premium V9.35
Universal Extractor 1.6
VLC media player 1.0.1
Win7codecs
Winamp
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Xvid Video Codec
.
==== End Of File ===========================
 

Blade81

Malware Specialist
Joined
Oct 27, 2006
Messages
924
Hi,

Sorry for delayed response. Forums have been really busy. If you still need help with this post fresh dds logs, please.
 

CandiedMicrobe

Thread Starter
Joined
Dec 8, 2011
Messages
4
DDS

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by Mar at 10:55:11 on 2012-01-02
.
============== Running Processes ===============
.
C:\Program Files (x86)\Common Files\iS3\Anti-Spyware\SZServer.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Common Files\iS3\Anti-Spyware\SZScanner.exe
C:\Program Files (x86)\STOPzilla!\STOPzilla.exe
C:\Users\Mar\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe
C:\Users\Mar\Desktop\dds.com
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [Google Update] "C:\Users\Mar\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe
uRun: [CC0DF10333AD7B3D3CC627C7A3A1581B112A78B9._service_run] "C:\Users\Mar\AppData\Local\Google\Chrome\Application\chrome.exe" --type=service
mRun: [BCWipeTM Startup] "C:\Program Files (x86)\Jetico\BCWipe\BCWipeTM.exe" startup
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
mRun: [SoundMAX] "C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe" /tray
mRun: [Reader Library Launcher] C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 208.67.222.222 208.67.220.220
TCP: Interfaces\{B22BD763-4DA0-4868-B67A-545CFECF5ABD} : DhcpNameServer = 208.67.222.222 208.67.220.220
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun-x64: [BCWipeTM Startup] "C:\Program Files (x86)\Jetico\BCWipe\BCWipeTM.exe" startup
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
mRun-x64: [SoundMAX] "C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe" /tray
mRun-x64: [Reader Library Launcher] C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
Hosts: 217.23.4.166 www.google-analytics.com.
Hosts: 217.23.4.166 ad-emea.doubleclick.net.
Hosts: 217.23.4.166 www.statcounter.com.
Hosts: 178.250.45.15 www.google-analytics.com.
Hosts: 178.250.45.15 ad-emea.doubleclick.net.
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Mar\AppData\Roaming\Mozilla\Firefox\Profiles\4ytkpio3.default\
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\components\dwmxpcom.dll
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]\components\coolirisstub.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Sony\Reader\Data\bin\npebldetectmoz.dll
FF - plugin: C:\Program Files (x86)\Win7codecs\rm\browser\plugins\nppl3260.dll
FF - plugin: C:\Program Files (x86)\Win7codecs\rm\browser\plugins\nprpjplug.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Mar\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Users\Mar\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Mar\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R? BCSWAP;BCSWAP
R? is3srv;is3srv
R? RdpVideoMiniport;Remote Desktop Video Miniport Driver
R? Synth3dVsc;Synth3dVsc
R? TsUsbFlt;TsUsbFlt
R? tsusbhub;tsusbhub
R? USBAAPL64;Apple Mobile USB Driver
R? VGPU;VGPU
R? WatAdminSvc;Windows Activation Technologies Service
S? 09486821;09486821
S? AMD External Events Utility;AMD External Events Utility
S? amdkmdag;amdkmdag
S? amdkmdap;amdkmdap
S? AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller
S? AtiHDAudioService;ATI Function Driver for HD Audio Service
S? cpuz132;cpuz132
S? szkg5;szkg5
S? WSDPrintDevice;WSD Print Support via UMB
.
=============== Created Last 30 ================
.
2012-01-02 15:49:03 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2C0F6C0B-DB02-40CA-8E31-1045B592A818}\offreg.dll
2012-01-02 15:48:59 8822856 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2C0F6C0B-DB02-40CA-8E31-1045B592A818}\mpengine.dll
2011-12-15 12:30:25 -------- d-----w- C:\Users\Mar\AppData\Local\VirtualStore
2011-12-15 03:02:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2011-12-15 02:57:53 3145216 ----a-w- C:\Windows\System32\win32k.sys
2011-12-15 02:57:52 723456 ----a-w- C:\Windows\System32\EncDec.dll
2011-12-15 02:57:51 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
2011-12-15 02:57:49 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-12-15 02:57:49 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-12-06 13:17:21 460888 ----a-w- C:\Windows\System32\drivers\09486821.sys
2011-12-05 05:19:10 -------- d-----w- C:\ProgramData\Kaspersky Lab
2011-12-04 06:40:07 -------- d-----w- C:\Program Files (x86)\Comical
.
==================== Find3M ====================
.
2011-12-01 00:45:38 547880 ----a-r- C:\Windows\SysWow64\SZComp5.dll
2011-12-01 00:45:38 24616 ----a-r- C:\Windows\SysWow64\SZIO5.dll
2011-12-01 00:45:38 134184 ----a-r- C:\Windows\SysWow64\IS3HTUI5.dll
2011-12-01 00:45:36 68648 ----a-r- C:\Windows\SysWow64\IS3Hks5.dll
2011-12-01 00:45:36 482344 ----a-r- C:\Windows\SysWow64\SZBase5.dll
2011-12-01 00:45:36 457768 ----a-r- C:\Windows\SysWow64\IS3DBA5.dll
2011-12-01 00:45:36 392232 ----a-r- C:\Windows\SysWow64\IS3UI5.dll
2011-12-01 00:45:36 30248 ----a-r- C:\Windows\SysWow64\IS3XDat5.dll
2011-12-01 00:45:36 232488 ----a-r- C:\Windows\SysWow64\IS3Win325.dll
2011-12-01 00:45:36 105512 ----a-r- C:\Windows\SysWow64\IS3Inet5.dll
2011-12-01 00:45:36 101416 ----a-r- C:\Windows\SysWow64\IS3Svc5.dll
2011-12-01 00:45:34 740392 ----a-r- C:\Windows\SysWow64\IS3Base5.dll
2011-11-28 20:41:46 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-15 19:29:56 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-11-04 01:53:39 2309120 ----a-w- C:\Windows\System32\jscript9.dll
2011-11-04 01:44:47 1390080 ----a-w- C:\Windows\System32\wininet.dll
2011-11-04 01:44:21 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2011-11-04 01:34:43 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-11-03 22:47:42 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-11-03 22:40:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2011-11-03 22:39:47 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-11-03 22:31:57 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-10-30 20:07:01 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-10-30 20:07:00 175616 ----a-w- C:\Windows\System32\msclmd.dll
2011-10-24 19:29:02 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2011-10-24 19:29:02 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
.
============= FINISH: 10:55:42.21 ===============


Attach
.
==== Hosts File Hijack ======================
.
Hosts: 217.23.4.166 www.google-analytics.com.
Hosts: 217.23.4.166 ad-emea.doubleclick.net.
Hosts: 217.23.4.166 www.statcounter.com.
Hosts: 178.250.45.15 www.google-analytics.com.
Hosts: 178.250.45.15 ad-emea.doubleclick.net.
Hosts: 178.250.45.15 www.statcounter.com.
.
==== Installed Programs ======================
.
Adobe Flash Player 10 ActiveX
Adobe Reader 9.4.6
Adobe Shockwave Player 11.6
Apple Application Support
Apple Software Update
µTorrent
BCWipe 3.0
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Comical 0.8
D3DX10
EVEREST Ultimate Edition
Google Chrome
Google Talk Plugin
Host OpenAL (ADI)
HydraVision
ImgBurn
IrfanView (remove only)
Java Auto Updater
Java(TM) 6 Update 29
Malwarebytes' Anti-Malware version 1.51.2.1300
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 7.0.1 (x86 en-US)
MSVCRT
OpenOffice.org 3.3
QuickPar 0.9
QuickTime
Reader Library by Sony
SoundMAX
Spelling Dictionaries Support For Adobe Reader 9
STOPzilla
swMSM
UltraISO Premium V9.35
Universal Extractor 1.6
VLC media player 1.0.1
Win7codecs
Winamp
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Xvid Video Codec
.
==== End Of File ===========================
 

Blade81

Malware Specialist
Joined
Oct 27, 2006
Messages
924
uTorrent

Above listed ones are P2P file sharing programs. P2P downloads are nowadays one of those things that most likely bring infection into the system. My recommendation is to uninstall these (and other if present) P2P file sharing programs.


Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully first.

Please continue as follows:

  1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
    Remember to re-enable them afterwards.

  2. Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds log.


A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
 

CandiedMicrobe

Thread Starter
Joined
Dec 8, 2011
Messages
4
ComboFix 12-01-02.01 - Mar 02/01/2012 14:24:28.2.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.44.1033.18.2047.1223 [GMT -5:00]
Running from: c:\users\Mar\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\windows\assembly\temp\@
c:\windows\assembly\temp\bckfg.tmp
c:\windows\assembly\temp\cfg.ini
c:\windows\security\Database\tmp.edb
c:\windows\system32\drivers\etc\hosts1
.
.
((((((((((((((((((((((((( Files Created from 2011-12-02 to 2012-01-02 )))))))))))))))))))))))))))))))
.
.
2012-01-02 19:28 . 2012-01-02 19:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-02 15:48 . 2011-11-21 11:40 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2C0F6C0B-DB02-40CA-8E31-1045B592A818}\mpengine.dll
2011-12-15 12:30 . 2011-12-15 12:30 -------- d-----w- c:\users\Mar\AppData\Local\VirtualStore
2011-12-15 03:02 . 2011-10-26 05:21 43520 ----a-w- c:\windows\system32\csrsrv.dll
2011-12-15 02:57 . 2011-11-24 04:52 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-12-15 02:57 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll
2011-12-15 02:57 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2011-12-15 02:57 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll
2011-12-15 02:57 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-12-06 13:17 . 2011-12-05 13:19 460888 ----a-w- c:\windows\system32\drivers\09486821.sys
2011-12-05 05:36 . 2011-12-05 05:36 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-12-05 05:19 . 2011-12-05 05:19 -------- d-----w- c:\programdata\Kaspersky Lab
2011-12-04 06:40 . 2011-12-04 06:40 -------- d-----w- c:\program files (x86)\Comical
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-28 20:41 . 2011-10-04 19:01 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-23 02:13 . 2011-03-28 23:36 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-11-15 19:29 . 2011-09-25 05:07 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-10-30 20:11 . 2011-10-30 20:11 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-10-30 20:11 . 2011-10-30 20:11 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-10-30 20:11 . 2011-10-30 20:11 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-10-30 20:11 . 2011-10-30 20:11 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-10-30 20:11 . 2011-10-30 20:11 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-10-30 20:11 . 2011-10-30 20:11 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-10-30 20:11 . 2011-10-30 20:11 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-10-30 20:11 . 2011-10-30 20:11 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-10-30 20:11 . 2011-10-30 20:11 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-10-30 20:11 . 2011-10-30 20:11 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-10-30 20:11 . 2011-10-30 20:11 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-10-30 20:11 . 2011-10-30 20:11 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-10-30 20:11 . 2011-10-30 20:11 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-10-30 20:11 . 2011-10-30 20:11 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-10-30 20:11 . 2011-10-30 20:11 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-10-30 20:11 . 2011-10-30 20:11 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-10-30 20:11 . 2011-10-30 20:11 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-10-30 20:11 . 2011-10-30 20:11 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-10-30 20:11 . 2011-10-30 20:11 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-10-30 20:11 . 2011-10-30 20:11 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-10-30 20:11 . 2011-10-30 20:11 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-10-30 20:11 . 2011-10-30 20:11 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-10-30 20:11 . 2011-10-30 20:11 448512 ----a-w- c:\windows\system32\html.iec
2011-10-30 20:11 . 2011-10-30 20:11 222208 ----a-w- c:\windows\system32\msls31.dll
2011-10-30 20:11 . 2011-10-30 20:11 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-10-30 20:11 . 2011-10-30 20:11 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-10-30 20:11 . 2011-10-30 20:11 12288 ----a-w- c:\windows\system32\mshta.exe
2011-10-30 20:11 . 2011-10-30 20:11 114176 ----a-w- c:\windows\system32\admparse.dll
2011-10-30 20:11 . 2011-10-30 20:11 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-10-30 20:11 . 2011-10-30 20:11 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-10-30 20:11 . 2011-10-30 20:11 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-10-30 20:11 . 2011-10-30 20:11 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-10-30 20:11 . 2011-10-30 20:11 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-10-30 20:11 . 2011-10-30 20:11 160256 ----a-w- c:\windows\system32\wextract.exe
2011-10-30 20:07 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-10-30 20:07 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-10-24 19:29 . 2011-10-24 19:29 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2011-10-24 19:29 . 2011-10-24 19:29 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Xvid"="c:\program files (x86)\Xvid\CheckUpdate.exe" [2011-01-17 8192]
"CC0DF10333AD7B3D3CC627C7A3A1581B112A78B9._service_run"="c:\users\Mar\AppData\Local\Google\Chrome\Application\chrome.exe" [2011-12-07 1047096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BCWipeTM Startup"="c:\program files (x86)\Jetico\BCWipe\BCWipeTM.exe" [2008-09-04 545520]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-05-25 336384]
"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2008-01-02 1302528]
"Reader Library Launcher"="c:\program files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe" [2010-07-13 906648]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2011-11-13 421736]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
.
c:\users\Mar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
_uninst_98312821.lnk - c:\users\Mar\AppData\Local\Temp\_uninst_98312821.bat [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 BCSWAP;BCSWAP; [x]
S0 09486821;09486821;c:\windows\system32\DRIVERS\09486821.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\l160x64.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3140147951-3475380347-583160475-1000Core.job
- c:\users\Mar\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-25 14:14]
.
2012-01-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3140147951-3475380347-583160475-1000UA.job
- c:\users\Mar\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-25 14:14]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 208.67.222.222 208.67.220.220
FF - ProfilePath - c:\users\Mar\AppData\Roaming\Mozilla\Firefox\Profiles\4ytkpio3.default\
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
.
**************************************************************************
.
Completion time: 2012-01-02 14:32:27 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-02 19:32
.
Pre-Run: 62,620,364,800 bytes free
Post-Run: 62,202,802,176 bytes free
.
- - End Of File - - 6BE28610A447D2DF55A0B37623D47D13

DDS

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by Mar at 14:39:18 on 2012-01-02
.
============== Running Processes ===============
.
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Users\Mar\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Mar\Desktop\dds.com
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
uRun: [Xvid] C:\Program Files (x86)\Xvid\CheckUpdate.exe
uRun: [CC0DF10333AD7B3D3CC627C7A3A1581B112A78B9._service_run] "C:\Users\Mar\AppData\Local\Google\Chrome\Application\chrome.exe" --type=service
mRun: [BCWipeTM Startup] "C:\Program Files (x86)\Jetico\BCWipe\BCWipeTM.exe" startup
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
mRun: [Reader Library Launcher] C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 208.67.222.222 208.67.220.220
TCP: Interfaces\{B22BD763-4DA0-4868-B67A-545CFECF5ABD} : DhcpNameServer = 208.67.222.222 208.67.220.220
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun-x64: [BCWipeTM Startup] "C:\Program Files (x86)\Jetico\BCWipe\BCWipeTM.exe" startup
mRun-x64: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun-x64: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
mRun-x64: [Reader Library Launcher] C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
Hosts: 217.23.4.166 www.google-analytics.com.
Hosts: 217.23.4.166 ad-emea.doubleclick.net.
Hosts: 217.23.4.166 www.statcounter.com.
Hosts: 178.250.45.15 www.google-analytics.com.
Hosts: 178.250.45.15 ad-emea.doubleclick.net.
.
Note: multiple HOSTS entries found. Please refer to Attach.txt
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Mar\AppData\Roaming\Mozilla\Firefox\Profiles\4ytkpio3.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Sony\Reader\Data\bin\npebldetectmoz.dll
FF - plugin: C:\Program Files (x86)\Win7codecs\rm\browser\plugins\nppl3260.dll
FF - plugin: C:\Program Files (x86)\Win7codecs\rm\browser\plugins\nprpjplug.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Mar\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Users\Mar\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
FF - plugin: C:\Users\Mar\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R? BCSWAP;BCSWAP
R? RdpVideoMiniport;Remote Desktop Video Miniport Driver
R? Synth3dVsc;Synth3dVsc
R? TsUsbFlt;TsUsbFlt
R? tsusbhub;tsusbhub
R? USBAAPL64;Apple Mobile USB Driver
R? VGPU;VGPU
R? WatAdminSvc;Windows Activation Technologies Service
R? WSDPrintDevice;WSD Print Support via UMB
S? 09486821;09486821
S? AMD External Events Utility;AMD External Events Utility
S? amdkmdag;amdkmdag
S? amdkmdap;amdkmdap
S? AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller
S? AtiHDAudioService;ATI Function Driver for HD Audio Service
S? cpuz132;cpuz132
.
=============== Created Last 30 ================
.
2012-01-02 19:29:24 -------- d-----w- C:\$RECYCLE.BIN
2012-01-02 16:56:10 98816 ----a-w- C:\Windows\sed.exe
2012-01-02 16:56:10 518144 ----a-w- C:\Windows\SWREG.exe
2012-01-02 16:56:10 256000 ----a-w- C:\Windows\PEV.exe
2012-01-02 16:56:10 208896 ----a-w- C:\Windows\MBR.exe
2012-01-02 15:48:59 8822856 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2C0F6C0B-DB02-40CA-8E31-1045B592A818}\mpengine.dll
2011-12-15 12:30:25 -------- d-----w- C:\Users\Mar\AppData\Local\VirtualStore
2011-12-15 03:02:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2011-12-15 02:57:53 3145216 ----a-w- C:\Windows\System32\win32k.sys
2011-12-15 02:57:52 723456 ----a-w- C:\Windows\System32\EncDec.dll
2011-12-15 02:57:51 534528 ----a-w- C:\Windows\SysWow64\EncDec.dll
2011-12-15 02:57:49 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2011-12-15 02:57:49 2048 ----a-w- C:\Windows\System32\tzres.dll
2011-12-06 13:17:21 460888 ----a-w- C:\Windows\System32\drivers\09486821.sys
2011-12-05 05:19:10 -------- d-----w- C:\ProgramData\Kaspersky Lab
2011-12-04 06:40:07 -------- d-----w- C:\Program Files (x86)\Comical
.
==================== Find3M ====================
.
2011-11-28 20:41:46 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-15 19:29:56 270720 ------w- C:\Windows\System32\MpSigStub.exe
2011-11-04 01:53:39 2309120 ----a-w- C:\Windows\System32\jscript9.dll
2011-11-04 01:44:47 1390080 ----a-w- C:\Windows\System32\wininet.dll
2011-11-04 01:44:21 1493504 ----a-w- C:\Windows\System32\inetcpl.cpl
2011-11-04 01:34:43 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2011-11-03 22:47:42 1798144 ----a-w- C:\Windows\SysWow64\jscript9.dll
2011-11-03 22:40:21 1427456 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2011-11-03 22:39:47 1127424 ----a-w- C:\Windows\SysWow64\wininet.dll
2011-11-03 22:31:57 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2011-10-30 20:07:01 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-10-30 20:07:00 175616 ----a-w- C:\Windows\System32\msclmd.dll
2011-10-24 19:29:02 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2011-10-24 19:29:02 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
.
============= FINISH: 14:39:55.84 ===============

Attach

.
==== Hosts File Hijack ======================
.
Hosts: 217.23.4.166 www.google-analytics.com.
Hosts: 217.23.4.166 ad-emea.doubleclick.net.
Hosts: 217.23.4.166 www.statcounter.com.
Hosts: 178.250.45.15 www.google-analytics.com.
Hosts: 178.250.45.15 ad-emea.doubleclick.net.
Hosts: 178.250.45.15 www.statcounter.com.
.
==== Installed Programs ======================
.
Adobe Flash Player 10 ActiveX
Adobe Reader 9.4.6
Adobe Shockwave Player 11.6
Apple Application Support
Apple Software Update
µTorrent
BCWipe 3.0
Catalyst Control Center
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Comical 0.8
D3DX10
EVEREST Ultimate Edition
Google Chrome
Google Talk Plugin
Host OpenAL (ADI)
HydraVision
ImgBurn
IrfanView (remove only)
Java Auto Updater
Java(TM) 6 Update 29
Malwarebytes' Anti-Malware version 1.51.2.1300
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 7.0.1 (x86 en-US)
MSVCRT
OpenOffice.org 3.3
QuickPar 0.9
QuickTime
Reader Library by Sony
SoundMAX
Spelling Dictionaries Support For Adobe Reader 9
swMSM
UltraISO Premium V9.35
Universal Extractor 1.6
VLC media player 1.0.1
Win7codecs
Winamp
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Xvid Video Codec
.
==== End Of File ===========================
 

Blade81

Malware Specialist
Joined
Oct 27, 2006
Messages
924
Hi again,


Open notepad and copy/paste the text in the quotebox below into it:

Code:
File::
c:\windows\system32\drivers\etc\HOSTS
c:\users\Mar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_98312821.lnk

Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.



Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe (let the tool to update itself if prompted).
Then post the resultant log.


Uninstall old Adobe Reader versions and get the latest one (Adobe Reader 10.1 and separate 10.1.1 update for it) here or get Foxit Reader here. Make sure you don't (unless you want to) install toolbar if choose Foxit Reader! You may also check free readers introduced here.


Uninstall vulnerable Flash versions by following instructions here. Fresh version can be obtained here.


* Go here to run an online scanner from ESET.
  • Note: You will need to use Internet explorer for this scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is UNchecked and the option Scan unwanted applications is checkmarked.
  • Click Scan
  • Wait for the scan to finish.

Post back its report, fresh dds logs and above mentioned ComboFix resultant log.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top