1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

virus radio playing in background and redirecting websites

Discussion in 'Virus & Other Malware Removal' started by mimisee, Oct 24, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. mimisee

    mimisee Thread Starter

    Joined:
    Oct 24, 2011
    Messages:
    17
    Hello :) and Thank You for being here!! I have some virus that was playing music in the background and I couldn't find a player to turn off, more recently my computer is running really really slow, and I am redirected to spam sites on the internet.

    Here is the HiJack This log:

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 9:51:24 PM, on 10/23/2011
    Platform: Windows 7 (WinNT 6.00.3504)
    MSIE: Internet Explorer v8.00 (8.00.7600.16869)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files\AVG\AVG9\avgtray.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Apoint2K\ApMsgFwd.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
    C:\Windows\explorer.exe
    C:\Users\mi\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\mi\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\mi\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\mi\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\rundll32.exe
    C:\Users\mi\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\mi\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\mi\Downloads\HijackThis.exe
    C:\Windows\system32\SearchFilterHost.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://cool-itv.net
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.ro
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.ro
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.ro
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.ro
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.google.ro
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.ro
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
    O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
    O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    O4 - HKCU\..\Run: [Google Update] "C:\Users\mi\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - Startup: RescueTime.lnk = C:\Program Files\RescueTime\RescueTime.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
    O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - AppInit_DLLs: avgrsstx.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
    O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: Realtek11nSU - Realtek - C:\Program Files\Hawking\11n USB Wireless LAN Utility\RtlService.exe
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: WlanWpsSvc - Unknown owner - C:\Program Files\D-Link\DWA-130 revE\WlanWpsSvc.exe

    --
    End of file - 8127 bytes

    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_20
    Run by mi at 21:54:30 on 2011-10-23
    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2038.527 [GMT -7:00]
    .
    AV: AVG Anti-Virus Free *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Program Files\AVG\AVG9\avgchsvx.exe
    C:\Program Files\AVG\AVG9\avgrsx.exe
    C:\Windows\system32\lsm.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\AVG\AVG9\avgwdsvc.exe
    C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    C:\Windows\system32\svchost.exe -k HsfXAudioService
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Hawking\11n USB Wireless LAN Utility\RtlService.exe
    C:\Windows\system32\sppsvc.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\D-Link\DWA-130 revE\WlanWpsSvc.exe
    C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    C:\Program Files\AVG\AVG9\avgemc.exe
    C:\Program Files\AVG\AVG9\avgnsx.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files\AVG\AVG9\avgtray.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Apoint2K\ApMsgFwd.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
    C:\Windows\explorer.exe
    C:\Users\mi\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\mi\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\mi\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\svchost.exe -k SDRSVC
    C:\Windows\system32\vssvc.exe
    C:\Windows\System32\svchost.exe -k swprv
    C:\Users\mi\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\rundll32.exe
    C:\Users\mi\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\rundll32.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://cool-itv.net
    mDefault_Search_URL = hxxp://www.google.ro
    mSearch Page = hxxp://www.google.ro
    uInternet Settings,ProxyOverride = *.local
    uSearchURL,(Default) = hxxp://www.google.ro
    mSearchAssistant = hxxp://www.google.ro
    mCustomizeSearch = hxxp://www.google.ro
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    uRun: [Google Update] "c:\users\mi\appdata\local\google\update\GoogleUpdate.exe" /c
    uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
    uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
    mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
    mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
    mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
    mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
    StartupFolder: c:\users\mi\appdata\roaming\micros~1\windows\startm~1\programs\startup\rescue~1.lnk - c:\program files\rescuetime\RescueTime.exe
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    TCP: DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{76C77F95-8235-48B2-A5A9-7E9A90A1A5F5} : DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
    TCP: Interfaces\{7CB4A924-AD03-4A8A-8D42-D8E1D7833833} : DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
    TCP: Interfaces\{7CB4A924-AD03-4A8A-8D42-D8E1D7833833}\C696E6B6379737 : DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
    TCP: Interfaces\{AFF9ABAE-20ED-472E-B33E-94A36922504E} : DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{AFF9ABAE-20ED-472E-B33E-94A36922504E}\05947454F4E402B494E474 : DhcpNameServer = 192.168.2.1 192.168.2.1
    TCP: Interfaces\{AFF9ABAE-20ED-472E-B33E-94A36922504E}\362637023716C6F6E6 : DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{AFF9ABAE-20ED-472E-B33E-94A36922504E}\365627562627F6723702E6564777F627B6 : DhcpNameServer = 192.168.2.1
    TCP: Interfaces\{AFF9ABAE-20ED-472E-B33E-94A36922504E}\374607C6 : DhcpNameServer = 192.168.0.1
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: igfxcui - igfxdev.dll
    AppInit_DLLs: avgrsstx.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\mi\appdata\roaming\mozilla\firefox\profiles\wfl12ia5.default\
    FF - prefs.js: network.proxy.type - 4
    FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
    FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\users\mi\appdata\local\google\update\1.3.21.79\npGoogleUpdate3.dll
    FF - plugin: c:\users\mi\appdata\roaming\move networks\plugins\npqmp071505000011.dll
    FF - plugin: c:\users\mi\appdata\roaming\mozilla\plugins\npgoogletalk.dll
    FF - plugin: c:\users\mi\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-1-22 216400]
    R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-1-22 29584]
    R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-1-22 243152]
    R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
    R4 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-10-23 41272]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    S3 MRV6X32U;Marvell TOPDOG 802.11n WLAN Driver for Vista x86 (USB8x);c:\windows\system32\drivers\MRVW24B.sys [2008-3-19 310016]
    S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\rtl8192su.sys [2010-9-8 583680]
    S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
    S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
    S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
    .
    =============== Created Last 30 ================
    .
    2011-10-24 04:02:49 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-10-21 00:40:15 54016 ----a-w- c:\windows\system32\drivers\slvuw.sys
    2011-10-20 21:45:58 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-10-20 20:56:34 -------- d-----w- c:\windows\system32\appmgmt
    2011-10-20 20:42:41 -------- d-s---w- C:\ComboFix
    2011-10-20 19:27:34 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    2011-10-20 19:27:33 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll
    2011-10-20 19:27:33 773080 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
    2011-10-20 19:27:33 478168 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
    2011-10-20 19:27:33 1833944 ----a-w- c:\program files\mozilla firefox\mozjs.dll
    2011-10-20 19:27:33 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
    2011-10-20 19:27:32 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
    2011-10-20 19:27:32 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
    2011-10-15 21:01:14 75776 ----a-w- c:\windows\system32\psisrndr.ax
    2011-10-15 21:01:14 465408 ----a-w- c:\windows\system32\psisdecd.dll
    2011-10-15 21:01:14 204288 ----a-w- c:\windows\system32\MSNP.ax
    2011-10-15 21:01:13 72704 ----a-w- c:\windows\system32\Mpeg2Data.ax
    2011-10-15 21:01:13 59904 ----a-w- c:\windows\system32\MSDvbNP.ax
    2011-10-15 21:01:09 571904 ----a-w- c:\windows\system32\oleaut32.dll
    2011-10-15 21:01:09 233472 ----a-w- c:\windows\system32\oleacc.dll
    2011-10-15 21:01:03 2332672 ----a-w- c:\windows\system32\win32k.sys
    2011-09-29 04:08:54 -------- d-----w- c:\users\mi\appdata\local\ElevatedDiagnostics
    .
    ==================== Find3M ====================
    .
    2011-10-01 02:59:14 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2011-09-10 03:20:36 75938 ----a-w- c:\windows\system32\Uninstall-TvPlugin-5.4
    2011-08-21 08:12:43 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2011-08-20 04:38:10 981504 ----a-w- c:\windows\system32\wininet.dll
    2011-08-20 04:35:20 44544 ----a-w- c:\windows\system32\licmgr10.dll
    2011-08-20 03:26:38 386048 ----a-w- c:\windows\system32\html.iec
    .
    ============= FINISH: 22:05:30.99 ===============


    GMER 1.0.15.15641 - http://www.gmer.net
    Rootkit scan 2011-10-23 23:09:20
    Windows 6.1.7600
    Running: mxhq3dbe.exe; Driver: C:\Users\mi\AppData\Local\Temp\pxldypoc.sys


    ---- Registry - GMER 1.0.15 ----

    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsBackup\ScheduleParams@BackupFlags 268435457

    ---- Files - GMER 1.0.15 ----

    File C:\Users\mi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MWRP84J2\PortalServe[1].htm 0 bytes
    File C:\Users\mi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MWRP84J2\programguide[1].htm 0 bytes
    File C:\Users\mi\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6ESX5SUB\www.casb.uscourts.gov.\html 0 bytes
    File C:\Users\mi\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6ESX5SUB\www.casb.uscourts.gov.\html\cmecf 0 bytes
    File C:\Users\mi\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6ESX5SUB\www.casb.uscourts.gov.\html\cmecf\Captivate 0 bytes
    File C:\Users\mi\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6ESX5SUB\www.casb.uscourts.gov.\html\cmecf\Captivate\E_Orders 0 bytes
    File C:\Users\mi\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6ESX5SUB\www.casb.uscourts.gov.\html\cmecf\Captivate\E_Orders\E_Orders.swf 0 bytes
    File C:\Users\mi\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6ESX5SUB\www.casb.uscourts.gov.\html\cmecf\Captivate\E_Orders\E_Orders.swf\persistanceInfo.sol 145 bytes
    File C:\Users\mi\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6ESX5SUB\www.casb.uscourts.gov.\html\cmecf\Captivate\MotionRS 0 bytes
    File C:\Users\mi\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6ESX5SUB\www.casb.uscourts.gov.\html\cmecf\Captivate\MotionRS\MotionRS.swf 0 bytes
    File C:\Users\mi\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\6ESX5SUB\www.casb.uscourts.gov.\html\cmecf\Captivate\MotionRS\MotionRS.swf\persistanceInfo.sol 120 bytes
    File C:\Users\mi\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.casb.uscourts.gov.\settings.sol 92 bytes

    ---- EOF - GMER 1.0.15 ----
     
  2. mimisee

    mimisee Thread Starter

    Joined:
    Oct 24, 2011
    Messages:
    17
    I have attached the attach.txt file
     

    Attached Files:

  3. mimisee

    mimisee Thread Starter

    Joined:
    Oct 24, 2011
    Messages:
    17
    Can I please have some help? I hope someone is available
     
  4. Larusso

    Larusso Malware Specialist

    Joined:
    Aug 9, 2011
    Messages:
    808
    Hi and welcome to TSG.

    I am reviewing your logs and will respond with a reply as soon as I can.

    Please note that all my replies are reviewed by a qualified Analyst before I post. This ensures that you will continue to receive quality expert assistance.

    Thank you for your patience.
     
  5. Larusso

    Larusso Malware Specialist

    Joined:
    Aug 9, 2011
    Messages:
    808
    Hy
    my name is Daniel and I will be assisting you with your Malware related problems.

    Before we move on, please read the following points carefully.
    • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
    • Perform everything in the correct order. Sometimes one step requires the previous one.
    • If you have any problems while you are following my instructions, Stop there and tell me the exact nature of your problem.
    • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
    • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
    • If I don't hear from you within 3 days from this initial or any subsequent post, I will have to unsubscribe from this thread and move on to assist someone else.
    • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
    • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.



    Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

    Download TDSSKiller.exe and save it to your desktop
    • Execute TDSSKiller.exe by doubleclicking on it.
    • Press Start Scan
    • If Malicious objects are found, do NOT select Cure. Change the action to Skip, and save the log.
    • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt

    Please post the contents of that log in your next reply.



    Please launch DDS
    • When done, DDS will open two (2) logs:
      1. DDS.txt
      2. Attach.txt
    • Save both reports to your desktop and post both in your next reply



    Please post in your next reply
    TDSSKiller Log
    dds.txt
    attach.txt
     
  6. mimisee

    mimisee Thread Starter

    Joined:
    Oct 24, 2011
    Messages:
    17
    Thanks for your help Daniel - I am trying to run tdsskiller and it's being blocked.
     
  7. mimisee

    mimisee Thread Starter

    Joined:
    Oct 24, 2011
    Messages:
    17
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Ultimate
    Boot Device: \Device\HarddiskVolume1
    Install Date: 1/22/2010 9:30:22 PM
    System Uptime: 11/5/2011 1:48:17 PM (1 hours ago)
    .
    Motherboard: Hewlett-Packard | | 30D9
    Processor: Intel(R) Pentium(R) Dual CPU T2370 @ 1.73GHz | CPU | 1317/533mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 221 GiB total, 88.194 GiB free.
    D: is FIXED (NTFS) - 12 GiB total, 1.973 GiB free.
    E: is CDROM ()
    F: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
    Description: Cisco Systems VPN Adapter
    Device ID: ROOT\NET\0000
    Manufacturer: Cisco Systems
    Name: Cisco Systems VPN Adapter
    PNP Device ID: ROOT\NET\0000
    Service: CVirtA
    .
    ==== System Restore Points ===================
    .
    RP149: 6/28/2011 11:02:17 PM - Windows Update
    RP150: 7/7/2011 8:58:21 PM - Scheduled Checkpoint
    RP151: 7/13/2011 3:01:01 AM - Windows Update
    RP152: 7/23/2011 6:58:34 PM - Scheduled Checkpoint
    RP153: 7/23/2011 7:07:21 PM - Restore Operation
    RP154: 7/26/2011 3:00:21 AM - Windows Update
    RP155: 8/5/2011 9:53:11 PM - Scheduled Checkpoint
    RP156: 8/12/2011 3:00:50 AM - Windows Update
    RP157: 8/14/2011 11:49:49 AM - Installed PDFill PDF Editor with FREE Writer and FREE Tools
    RP158: 8/26/2011 3:00:35 AM - Windows Update
    RP159: 9/9/2011 3:00:50 AM - Windows Update
    RP160: 9/18/2011 3:00:44 AM - Windows Update
    RP161: 9/29/2011 5:37:03 PM - Scheduled Checkpoint
    RP162: 10/3/2011 3:00:19 AM - Windows Update
    RP163: 10/15/2011 9:13:47 PM - Scheduled Checkpoint
    RP164: 10/16/2011 3:00:36 AM - Windows Update
    RP166: 10/20/2011 1:55:42 PM - Removed Nitro PDF Reader 2
    RP168: 10/20/2011 2:29:51 PM - Removed Microsoft Visual C++ 2005 Redistributable
    RP169: 10/23/2011 9:37:45 PM - Removed PDFill PDF Editor with FREE Writer and FREE Tools
    RP170: 10/23/2011 9:48:30 PM - Windows Backup
    RP171: 10/31/2011 8:08:05 PM - Scheduled Checkpoint
    RP172: 11/3/2011 10:30:15 PM - Restore Operation
    RP173: 11/3/2011 11:26:33 PM - Windows Update
    RP174: 11/5/2011 1:15:48 PM - Restore Operation
    .
    ==== Installed Programs ======================
    .
    Update for Microsoft Office 2007 (KB2508958)
    Adobe Flash Player 10 ActiveX
    Adobe Flash Player 10 Plugin
    Adobe Photoshop 7.0
    Adobe Reader 9.3
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Audible Download Manager
    AVG Free 9.0
    BitTorrent
    Bonjour
    CCleaner
    Cisco EAP-FAST Module
    Cisco LEAP Module
    Cisco PEAP Module
    Cisco Systems VPN Client 5.0.07.0290
    Conexant HD Audio
    CutePDF Writer 2.8
    D-Link DWA-130 Wireless N USB Adapter
    DivX Plus Web Player
    FREEzeFlip
    Google Chrome
    Google Talk Plugin
    Hawking HWDN2 Hi-Gain Wireless-N USB Dish Adapter Driver and Utility
    HDAUDIO Soft Data Fax Modem with SmartCP
    Intel(R) Graphics Media Accelerator Driver
    Intel(R) TV Wizard
    iTunes
    Java Auto Updater
    Java(TM) 6 Update 20
    Liberty Court Player 5.1 (build 249)
    LightScribe System Software
    Linksys Wireless-N USB Network Adapter WUSB300N
    Malwarebytes' Anti-Malware version 1.51.1.1800
    Microsoft Office 2007 Service Pack 2 (SP2)
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Save as PDF Add-in for 2007 Microsoft Office programs
    Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
    Microsoft Silverlight
    Microsoft Visual C++ 2005 Redistributable
    MobileMe Control Panel
    Move Media Player
    Mozilla Firefox (3.6.20)
    Nitro PDF Reader 2
    OGA Notifier 2.0.0048.0
    PDFCreator
    PDFill PDF Editor with FREE Writer and FREE Tools
    PrimoPDF -- brought to you by Nitro PDF Software
    QuickTime
    Security Update for 2007 Microsoft Office System (KB2288621)
    Security Update for 2007 Microsoft Office System (KB2288931)
    Security Update for 2007 Microsoft Office System (KB2345043)
    Security Update for 2007 Microsoft Office System (KB2509488)
    Security Update for 2007 Microsoft Office System (KB969559)
    Security Update for 2007 Microsoft Office System (KB976321)
    Security Update for Microsoft Office 2007 System (KB2541012)
    Security Update for Microsoft Office Access 2007 (KB979440)
    Security Update for Microsoft Office Excel 2007 (KB2541007)
    Security Update for Microsoft Office Groove 2007 (KB2494047)
    Security Update for Microsoft Office InfoPath 2007 (KB2510061)
    Security Update for Microsoft Office InfoPath 2007 (KB979441)
    Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
    Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
    Security Update for Microsoft Office Publisher 2007 (KB2284697)
    Security Update for Microsoft Office system 2007 (972581)
    Security Update for Microsoft Office system 2007 (KB974234)
    Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
    Security Update for Microsoft Office Word 2007 (KB2344993)
    Skype Toolbars
    Skype&#8482; 5.0
    Spybot - Search & Destroy
    Touch Pad Driver
    Update for 2007 Microsoft Office System (KB967642)
    Update for Microsoft Office 2007 Help for Common Features (KB963673)
    Update for Microsoft Office 2007 System (KB2539530)
    Update for Microsoft Office Access 2007 Help (KB963663)
    Update for Microsoft Office Excel 2007 Help (KB963678)
    Update for Microsoft Office Infopath 2007 Help (KB963662)
    Update for Microsoft Office OneNote 2007 (KB980729)
    Update for Microsoft Office OneNote 2007 Help (KB963670)
    Update for Microsoft Office Outlook 2007 (KB2509470)
    Update for Microsoft Office Outlook 2007 Help (KB963677)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669)
    Update for Microsoft Office Publisher 2007 Help (KB963667)
    Update for Microsoft Office Script Editor Help (KB963671)
    Update for Microsoft Office Word 2007 Help (KB963665)
    Update for Outlook 2007 Junk Email Filter (KB2586924)
    VC80CRTRedist - 8.0.50727.4053
    Video Booth
    VLC media player 1.1.5
    WinRAR archiver
    .
    ==== Event Viewer Messages From Past Week ========
    .
    11/5/2011 1:54:29 PM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
    10/31/2011 8:44:46 PM, Error: Microsoft-Windows-HAL [12] - The platform firmware has corrupted memory across the previous system power transition. Please check for updated firmware for your system.
    10/31/2011 11:26:52 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AudioEndpointBuilder service.
    .
    ==== End Of File ===========================


    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_20
    Run by mi at 14:09:00 on 2011-11-05
    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2038.710 [GMT -7:00]
    .
    AV: AVG Anti-Virus Free *Enabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free *Enabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Program Files\AVG\AVG9\avgchsvx.exe
    C:\Program Files\AVG\AVG9\avgrsx.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\AUDIODG.EXE
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\AVG\AVG9\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
    C:\Windows\system32\svchost.exe -k HsfXAudioService
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe
    C:\Program Files\Hawking\11n USB Wireless LAN Utility\RtlService.exe
    C:\Program Files\Hawking\11n USB Wireless LAN Utility\RtWlan.exe
    C:\Windows\system32\sppsvc.exe
    C:\Program Files\D-Link\DWA-130 revE\WlanWpsSvc.exe
    C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    C:\Program Files\AVG\AVG9\avgemc.exe
    C:\Program Files\AVG\AVG9\avgnsx.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\AVG\AVG9\avgtray.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Windows\System32\igfxtray.exe
    C:\Windows\System32\hkcmd.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Apoint2K\ApMsgFwd.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wuauclt.exe
    C:\Users\mi\AppData\Local\Google\Update\GoogleUpdate.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
    C:\Program Files\Audible\Bin\AudibleDownloadHelper.exe
    C:\Program Files\D-Link\DWA-130 revE\wirelesscm.exe
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Program Files\AVG\AVG9\avgscanx.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\Program Files\Common Files\Java\Java Update\jucheck.exe
    C:\Users\mi\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\mi\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\rundll32.exe
    C:\Users\mi\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Users\mi\AppData\Local\Google\Update\GoogleUpdate.exe
    C:\Users\mi\AppData\Local\Google\Update\GoogleUpdate.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uInternet Settings,ProxyOverride = *.local
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    uRun: [Google Update] "c:\users\mi\appdata\local\google\update\GoogleUpdate.exe" /c
    uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
    uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
    mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
    mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
    mRun: [Apoint] c:\program files\apoint2k\Apoint.exe
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
    mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
    mRun: [FREEzeFlipSA] "c:\program files\freezeflip\bin\2.0.3.0\FREEzeFlipSA.exe"
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\audibl~1.lnk - c:\program files\audible\bin\AudibleDownloadHelper.exe
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{b0bf7057-6869-4e4b-920c-ea2a58da07f0}\Icon3E5562ED7.ico
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\wirele~1.lnk - c:\program files\d-link\dwa-130 reve\wirelesscm.exe
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
    IE: {FB858B22-55E2-413f-87F5-30ADC5552151} - c:\program files\plotsoft\pdfill\DownloadPDF.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    TCP: DhcpNameServer = 172.16.42.1
    TCP: Interfaces\{76C77F95-8235-48B2-A5A9-7E9A90A1A5F5} : DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
    TCP: Interfaces\{7CB4A924-AD03-4A8A-8D42-D8E1D7833833} : DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
    TCP: Interfaces\{7CB4A924-AD03-4A8A-8D42-D8E1D7833833}\C696E6B6379737 : DhcpNameServer = 68.105.28.12 68.105.29.12 68.105.28.11
    TCP: Interfaces\{AFF9ABAE-20ED-472E-B33E-94A36922504E} : DhcpNameServer = 172.16.42.1
    TCP: Interfaces\{AFF9ABAE-20ED-472E-B33E-94A36922504E}\05947454F4E402B494E474 : DhcpNameServer = 192.168.2.1 192.168.2.1
    TCP: Interfaces\{AFF9ABAE-20ED-472E-B33E-94A36922504E}\362637023716C6F6E6 : DhcpNameServer = 192.168.1.254
    TCP: Interfaces\{AFF9ABAE-20ED-472E-B33E-94A36922504E}\365627562627F6723702E6564777F627B6 : DhcpNameServer = 192.168.2.1
    TCP: Interfaces\{AFF9ABAE-20ED-472E-B33E-94A36922504E}\374607C6 : DhcpNameServer = 192.168.0.1
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: igfxcui - igfxdev.dll
    AppInit_DLLs: avgrsstx.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\mi\appdata\roaming\mozilla\firefox\profiles\wfl12ia5.default\
    FF - prefs.js: network.proxy.type - 4
    FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
    FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\users\mi\appdata\local\google\update\1.3.21.79\npGoogleUpdate3.dll
    FF - plugin: c:\users\mi\appdata\roaming\move networks\plugins\npqmp071505000011.dll
    FF - plugin: c:\users\mi\appdata\roaming\mozilla\plugins\npgoogletalk.dll
    FF - plugin: c:\users\mi\appdata\roaming\mozilla\plugins\npgtpo3dautoplugin.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-1-22 216400]
    R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-1-22 29584]
    R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-1-22 243152]
    R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]
    R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    S3 MRV6X32U;Marvell TOPDOG 802.11n WLAN Driver for Vista x86 (USB8x);c:\windows\system32\drivers\MRVW24B.sys [2008-3-19 310016]
    S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\rtl8192su.sys [2010-9-8 583680]
    S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
    S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
    S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
    .
    =============== Created Last 30 ================
    .
    2011-11-04 05:58:23 571904 ------w- c:\windows\system32\oleaut32.dll
    2011-11-04 05:58:23 233472 ------w- c:\windows\system32\oleacc.dll
    2011-11-04 05:56:17 981504 ------w- c:\windows\system32\wininet.dll
    2011-10-20 20:56:34 -------- d-----w- c:\windows\system32\appmgmt
    2011-10-20 20:42:41 -------- d-----w- C:\ComboFix
    .
    ==================== Find3M ====================
    .
    2011-08-21 08:12:43 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    .
    ============= FINISH: 14:20:01.31 ===============
     
  8. Larusso

    Larusso Malware Specialist

    Joined:
    Aug 9, 2011
    Messages:
    808
    Hy there,

    Lets try to rename TDSSKiller.exe. First we need to change some systemsettings.


    Go to My Computer > Organize > Folder and Search Options and open the View tab.
    Untick Hide extensions from known file types.
    Click Apply and OK.

    Right- click on the TDSSKiller.exe --> Rename and type Larusso.com

    Try to run TDSSKiller again as instructed above.
    If it still wont run, please post me the exact error message.



    Please download aswMBR.exe and save it to your desktop.
    • Double click aswMBR.exe to start the tool.
      Vista/Windows 7 users: Right click to "Run as Administrator"

    • The tool may ask you
      Please click No

    • Click Scan
    • Upon completion of the scan, click Save log and save it to your desktop, and post the aswmbr.txt in your next reply for review. Note - do NOT attempt any Fix yet.
    • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.



    Please post in your next reply
    TDSSKiller Log
    aswmbr.txt
     
  9. mimisee

    mimisee Thread Starter

    Joined:
    Oct 24, 2011
    Messages:
    17
    HI Daniel

    Still not working.. I don't receive any error message. A window pops up asking: "Do you want to allow the following program to make changes to this computer?" - I click 'yes' and nothing happens.

    The aswmbr is also not working. i tried giving a .com extension and still no.
     
  10. Larusso

    Larusso Malware Specialist

    Joined:
    Aug 9, 2011
    Messages:
    808
    Looks like a funny one :) Lets try a different tool.


    Please download and scan with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

    http://www.bleepingcomputer.com/combofix/how-to-use-combofix

    Note: Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    You can use this thread as a guide.

    Please include the C:\ComboFix.txt in your next reply for further review.



    Please post in your next reply
    Combofix.txt
     
  11. mimisee

    mimisee Thread Starter

    Joined:
    Oct 24, 2011
    Messages:
    17
    Daniel,

    You're not going to believe this! Combofix won't run either. When I double click it I click 'run' and then one screen pops up showing that the program is initializing and then it disappears and nothing happens. grrrr.....

    Thanks for your help all the way from Austria and for being patient...
     
  12. mimisee

    mimisee Thread Starter

    Joined:
    Oct 24, 2011
    Messages:
    17
    I followed the directions exactly and also disabled my anti-virus...
     
  13. mimisee

    mimisee Thread Starter

    Joined:
    Oct 24, 2011
    Messages:
    17
    wow ok it's running now
     
  14. mimisee

    mimisee Thread Starter

    Joined:
    Oct 24, 2011
    Messages:
    17
    ComboFix 11-11-06.02 - mi 11/06/2011 19:40:30.1.2 - x86
    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2038.1021 [GMT -8:00]
    Running from: c:\users\mi\Desktop\ComboFix.exe
    AV: AVG Anti-Virus Free *Disabled/Outdated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
    SP: AVG Anti-Virus Free *Disabled/Outdated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\users\mi\AppData\Roaming\8C53.504
    c:\users\mi\AppData\Roaming\Adobe\plugs
    c:\users\mi\AppData\Roaming\Adobe\shed
    c:\users\mi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows 7 Repair
    c:\users\mi\Documents\~WRL0353.tmp
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-10-07 to 2011-11-07 )))))))))))))))))))))))))))))))
    .
    .
    2011-11-07 04:24 . 2011-11-07 04:24 -------- d-----w- c:\users\Default\AppData\Local\temp
    2011-11-05 23:29 . 2011-11-05 23:29 -------- d-----w- c:\users\mi\AppData\Roaming\SUPERAntiSpyware.com
    2011-11-05 23:29 . 2011-11-05 23:29 -------- d-----w- c:\program files\SUPERAntiSpyware
    2011-11-05 23:29 . 2011-11-05 23:29 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
    2011-11-05 21:11 . 2011-07-09 04:30 2048 ----a-w- c:\windows\system32\tzres.dll
    2011-11-05 21:08 . 2011-08-17 04:26 465408 ----a-w- c:\windows\system32\psisdecd.dll
    2011-11-05 21:08 . 2011-08-17 04:22 75776 ----a-w- c:\windows\system32\psisrndr.ax
    2011-11-05 21:08 . 2011-08-17 04:22 204288 ----a-w- c:\windows\system32\MSNP.ax
    2011-11-05 21:08 . 2011-08-17 04:22 72704 ----a-w- c:\windows\system32\Mpeg2Data.ax
    2011-11-05 21:08 . 2011-08-17 04:22 59904 ----a-w- c:\windows\system32\MSDvbNP.ax
    2011-11-05 21:06 . 2011-08-27 04:43 571904 ----a-w- c:\windows\system32\oleaut32.dll
    2011-11-05 21:06 . 2011-08-27 04:43 233472 ----a-w- c:\windows\system32\oleacc.dll
    2011-11-05 21:05 . 2011-09-06 02:38 2332672 ----a-w- c:\windows\system32\win32k.sys
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-11-01 02:47 . 2011-04-14 02:09 159080 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10138.bin
    2011-08-21 08:12 . 2011-06-28 01:39 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
    "LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-07-21 2736128]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2011-03-15 2071904]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-24 141848]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-24 173592]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-24 150552]
    "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-09-22 47904]
    "Apoint"="c:\program files\Apoint2K\Apoint.exe" [2007-10-25 212992]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-30 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-14 421160]
    "Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-07-07 1047656]
    "FREEzeFlipSA"="c:\program files\FREEzeFlip\bin\2.0.3.0\FREEzeFlipSA.exe" [2011-08-11 707584]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-12-12 113664]
    Audible Download Manager.lnk - c:\program files\Audible\Bin\AudibleDownloadHelper.exe [2010-10-19 1795488]
    VPN Client.lnk - c:\windows\Installer\{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}\Icon3E5562ED7.ico [2010-6-16 6144]
    Wireless Connection Manager.lnk - c:\program files\D-Link\DWA-130 revE\wirelesscm.exe [2010-9-8 496896]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
    2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
    "AppInit_DLLs"=c:\windows\System32\avgrsstx.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
    @=""
    .
    R3 MRV6X32U;Marvell TOPDOG 802.11n WLAN Driver for Vista x86 (USB8x);c:\windows\system32\DRIVERS\MRVW24B.sys [2008-03-19 310016]
    R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2009-11-27 583680]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-27 1343400]
    S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-07-18 216400]
    S1 AvgTdiX;AVG Free Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2011-05-06 243152]
    S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
    S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
    S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [2011-08-11 116608]
    S2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2010-07-28 921952]
    S2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-07-18 308136]
    S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 20992]
    S2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe [2011-06-22 196912]
    S2 Realtek11nSU;Realtek11nSU;c:\program files\Hawking\11n USB Wireless LAN Utility\RtlService.exe [2009-07-10 36864]
    S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
    S2 WlanWpsSvc;WlanWpsSvc;c:\program files\D-Link\DWA-130 revE\WlanWpsSvc.exe [2008-06-27 167936]
    S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-13 14336]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HsfXAudioService REG_MULTI_SZ HsfXAudioService
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
    2010-07-21 19:20 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-11-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2739252426-524843077-1949025162-1000Core.job
    - c:\users\mi\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-23 05:48]
    .
    2011-11-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2739252426-524843077-1949025162-1000UA.job
    - c:\users\mi\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-23 05:48]
    .
    .
    ------- Supplementary Scan -------
    .
    uInternet Settings,ProxyOverride = *.local
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    TCP: DhcpNameServer = 192.168.1.254
    FF - ProfilePath - c:\users\mi\AppData\Roaming\Mozilla\Firefox\Profiles\wfl12ia5.default\
    FF - prefs.js: network.proxy.type - 4
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2011-11-06 20:45:09
    ComboFix-quarantined-files.txt 2011-11-07 04:45
    .
    Pre-Run: 93,501,739,008 bytes free
    Post-Run: 93,478,916,096 bytes free
    .
    - - End Of File - - 621DAE6A9FE674006D0741C3EBB74C62
     
  15. Larusso

    Larusso Malware Specialist

    Joined:
    Aug 9, 2011
    Messages:
    808
    You are welcome.

    How is your system behaving now ?
    Let us try TDSSKIller again. Please delete the current Version Larusso.com

    I also see you are using Spybot.
    While TeaTimer is an excellent tool for the prevention of spyware, it can sometimes interfere our fixes
    Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated when we are done here.
    • Open Spybot Search & Destroy.
    • In the Mode menu click "Advanced mode" if not already selected.
    • Choose "Yes" at the Warning prompt.
    • Expand the "Tools" menu.
    • Click "Resident".
    • Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
    • In the File menu click "Exit" to exit Spybot Search & Destroy.



    Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

    Download TDSSKiller.exe and save it to your desktop
    • Execute TDSSKiller.exe by doubleclicking on it.
    • Press Start Scan
    • If Malicious objects are found, do NOT select Cure. Change the action to Skip, and save the log.
    • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt

    Please post the contents of that log in your next reply.



    Please post in your next reply
    TDSSKIller Log
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1023734