Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

results5.google redirect, virus spread from windows to ubuntu


  • Please log in to reply

#1
ZackB_258

ZackB_258

    New Member

  • Member
  • Pip
  • 3 posts
Hi. I'm really hoping you guys can help me. I have a dual boot lap top with Windows Vista amd ubuntu also installed. This virus re-directs my browser, both IE and firefox and in both Windows and Ubuntu. It also spread across my wireless network to my roomates computer. I think it must download multiple other viruses after it takes root because we have had symptoms of multiple. I have been able to stop all symptoms (fake virus alerts, programs not being able to be opened, unable to download MBAM,etc.) but my browsers still re-direct so I know Im still infected. Here is the OTL log: Thanks!!!!!

OTL logfile created on: 6/29/2010 10:59:08 PM - Run 1
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Users\Zack\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 49.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 231.42 Gb Total Space | 176.90 Gb Free Space | 76.44% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ZACK-PC
Current User Name: Zack
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/06/29 22:49:04 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Zack\Desktop\OTL.exe
PRC - [2010/06/29 21:17:19 | 000,396,288 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
PRC - [2010/06/28 23:15:44 | 000,014,808 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
PRC - [2010/06/28 23:15:43 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/06/07 13:13:53 | 002,403,568 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2010/01/15 08:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009/10/22 05:44:24 | 000,395,824 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnat.exe
PRC - [2009/10/22 05:44:18 | 000,113,200 | ---- | M] (VMware, Inc.) -- C:\Program Files\VMware\VMware Player\vmware-authd.exe
PRC - [2009/10/22 05:44:08 | 000,334,384 | ---- | M] (VMware, Inc.) -- C:\Windows\System32\vmnetdhcp.exe
PRC - [2009/10/22 04:47:54 | 000,563,760 | ---- | M] (VMware, Inc.) -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
PRC - [2009/04/11 02:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/04/11 02:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2008/04/24 21:35:46 | 000,073,728 | ---- | M] (Toshiba) -- C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe
PRC - [2008/04/17 03:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2008/04/11 03:51:58 | 000,083,312 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe
PRC - [2008/02/06 16:52:40 | 000,431,456 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
PRC - [2007/12/03 20:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
PRC - [2007/11/21 20:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2007/10/23 19:27:16 | 000,066,928 | ---- | M] () -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
PRC - [2007/01/25 21:47:50 | 000,136,816 | ---- | M] () -- C:\TOSHIBA\IVP\ISM\pinger.exe
PRC - [2007/01/25 21:45:42 | 000,468,600 | ---- | M] (TOSHIBA Corporation) -- C:\TOSHIBA\IVP\ISM\Ivpsvmgr.exe
PRC - [2006/10/05 15:10:12 | 000,009,216 | ---- | M] (Agere Systems) -- C:\Windows\System32\agrsmsvc.exe


========== Modules (SafeList) ==========

MOD - [2010/06/29 22:49:04 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Zack\Desktop\OTL.exe
MOD - [2009/04/11 02:21:38 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll
MOD - [2008/01/20 22:24:37 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (WRConsumerService)
SRV - File not found [Auto | Stopped] -- -- (WebrootSpySweeperService)
SRV - File not found [Auto | Stopped] -- -- (StarWindServiceAE)
SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/01/15 08:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/10/22 05:44:24 | 000,395,824 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\System32\vmnat.exe -- (VMware NAT Service)
SRV - [2009/10/22 05:44:18 | 000,113,200 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\VMware\VMware Player\vmware-authd.exe -- (VMAuthdService)
SRV - [2009/10/22 05:44:08 | 000,334,384 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\System32\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2009/10/22 04:47:54 | 000,563,760 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
SRV - [2009/10/12 15:32:24 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files\VMware\VMware Player\vmware-ufad.exe -- (ufad-ws60)
SRV - [2009/09/24 21:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2008/04/24 21:35:46 | 000,073,728 | ---- | M] (Toshiba) [On_Demand | Running] -- C:\Program Files\TOSHIBA\SmartFaceV\SmartFaceVWatchSrv.exe -- (SmartFaceVWatchSrv)
SRV - [2008/04/17 03:19:48 | 000,040,960 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)
SRV - [2008/04/16 18:53:00 | 000,954,368 | ---- | M] (Atheros Communications, Inc.) [On_Demand | Stopped] -- C:\Program Files\Jumpstart\jswpsapi.exe -- (jswpsapi)
SRV - [2008/04/11 03:51:58 | 000,083,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\TOSHIBA DVD PLAYER\TNaviSrv.exe -- (TNaviSrv)
SRV - [2008/02/06 16:52:40 | 000,431,456 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2008/01/29 13:09:58 | 000,165,416 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2008/01/20 22:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007/12/03 20:03:52 | 000,126,976 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe -- (TOSHIBA SMART Log Service)
SRV - [2007/11/21 20:23:32 | 000,129,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2007/10/23 19:27:16 | 000,066,928 | ---- | M] () [Auto | Running] -- c:\TOSHIBA\IVP\swupdate\swupdtmr.exe -- (Swupdtmr)
SRV - [2007/01/25 21:47:50 | 000,136,816 | ---- | M] () [Auto | Running] -- C:\TOSHIBA\IVP\ISM\pinger.exe -- (pinger)
SRV - [2006/10/05 15:10:12 | 000,009,216 | ---- | M] (Agere Systems) [Auto | Running] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2005/11/14 04:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - [2010/06/08 00:17:21 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/05/26 10:45:04 | 000,018,816 | ---- | M] (Sophos Plc) [Kernel | System | Running] -- C:\Windows\System32\SAVRKBootTasks.sys -- (SAVRKBootTasks)
DRV - [2010/05/10 14:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 14:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/11/06 12:00:36 | 000,176,752 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\ssidrv.sys -- (ssidrv)
DRV - [2009/11/06 12:00:36 | 000,023,152 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\sshrmd.sys -- (sshrmd)
DRV - [2009/11/06 12:00:34 | 000,029,808 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\ssfs0bbc.sys -- (ssfs0bbc)
DRV - [2009/10/22 05:45:02 | 000,853,936 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmx86.sys -- (vmx86)
DRV - [2009/10/22 05:45:00 | 000,070,704 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmci.sys -- (vmci)
DRV - [2009/10/22 05:45:00 | 000,023,216 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VMkbd.sys -- (vmkbd)
DRV - [2009/10/22 05:44:58 | 000,026,288 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV - [2009/10/22 04:47:52 | 000,032,304 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\hcmon.sys -- (hcmon)
DRV - [2009/10/22 01:13:32 | 000,036,400 | R--- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV - [2009/10/22 01:13:32 | 000,016,560 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV - [2009/10/12 15:31:52 | 000,022,448 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files\VMware\VMware Player\vstor2-ws60.sys -- (vstor2-ws60)
DRV - [2009/09/28 19:34:48 | 000,083,288 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\System32\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV - [2008/08/11 12:41:00 | 000,047,640 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\System32\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV - [2008/04/28 19:59:18 | 000,020,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\jswpslwf.sys -- (jswpslwf)
DRV - [2008/04/23 03:36:32 | 003,551,232 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2008/04/18 03:54:16 | 000,909,824 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/04/15 13:05:08 | 000,118,784 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2008/04/11 00:25:30 | 000,285,184 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\tos_sps32.sys -- (tos_sps32)
DRV - [2008/04/09 21:00:04 | 002,095,512 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/04/02 20:26:08 | 000,062,976 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTSTOR.sys -- (RTSTOR)
DRV - [2008/01/20 22:23:27 | 000,386,616 | ---- | M] (LSI Corporation, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasr.sys -- (MegaSR)
DRV - [2008/01/20 22:23:27 | 000,149,560 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2008/01/20 22:23:27 | 000,031,288 | ---- | M] (LSI Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2008/01/20 22:23:26 | 000,101,432 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2008/01/20 22:23:26 | 000,074,808 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2008/01/20 22:23:26 | 000,040,504 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2008/01/20 22:23:25 | 000,300,600 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2008/01/20 22:23:25 | 000,089,656 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2008/01/20 22:23:24 | 001,122,360 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2008/01/20 22:23:24 | 000,118,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel®
DRV - [2008/01/20 22:23:24 | 000,079,928 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2008/01/20 22:23:23 | 000,235,064 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2008/01/20 22:23:23 | 000,130,616 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2008/01/20 22:23:23 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2008/01/20 22:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2008/01/20 22:23:23 | 000,096,312 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2008/01/20 22:23:23 | 000,079,416 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2008/01/20 22:23:22 | 000,342,584 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2008/01/20 22:23:21 | 000,422,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2008/01/20 22:23:21 | 000,102,968 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2008/01/20 22:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2008/01/20 22:23:20 | 000,238,648 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2008/01/20 22:23:00 | 000,020,024 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2008/01/20 22:23:00 | 000,019,000 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2008/01/20 22:23:00 | 000,017,464 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2008/01/18 12:22:00 | 000,009,216 | ---- | M] (Inventec Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\sysprep\PEDRV.SYS -- (SVRPEDRV)
DRV - [2007/12/17 14:45:20 | 000,018,432 | ---- | M] (Chicony Electronics Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UVCFTR_S.SYS -- (UVCFTR)
DRV - [2007/12/14 14:53:24 | 000,024,200 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2007/12/06 21:12:48 | 000,196,400 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2007/11/09 17:00:52 | 000,023,640 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2006/11/28 18:11:00 | 001,161,888 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2006/11/20 17:11:14 | 000,007,168 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk)
DRV - [2006/11/09 02:32:00 | 000,219,264 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10i.sys -- (KR10I)
DRV - [2006/11/09 02:31:00 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\kr10n.sys -- (KR10N)
DRV - [2006/11/02 05:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 05:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 05:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 05:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 05:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 05:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 05:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 05:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 05:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 05:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 05:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 04:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 04:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 04:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 04:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 04:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 04:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 03:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/10/30 14:23:12 | 000,007,680 | ---- | M] (ATI Technologies Inc.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) ATI PCI Express (3GIO)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:49615

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedengine: "Ask.com"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.search.usedbfororder: true
FF - prefs.js..browser.startup.homepage: "http://en-US.start3....en-US:official"
FF - prefs.js..extensions.enabledItems: {AE93811A-5C9A-4d34-8462-F7B864FC4696}:3.64
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 49615
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/28 23:15:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/28 23:15:45 | 000,000,000 | ---D | M]

[2010/06/04 19:06:18 | 000,000,000 | ---D | M] -- C:\Users\Zack\AppData\Roaming\Mozilla\Extensions
[2009/10/05 18:50:31 | 000,000,000 | ---D | M] -- C:\Users\Zack\AppData\Roaming\Mozilla\Extensions\[email protected]
[2010/06/29 21:24:06 | 000,000,000 | ---D | M] -- C:\Users\Zack\AppData\Roaming\Mozilla\Firefox\Profiles\cvwhxi0c.default\extensions
[2010/06/08 19:25:44 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Zack\AppData\Roaming\Mozilla\Firefox\Profiles\cvwhxi0c.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/06/11 20:06:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Zack\AppData\Roaming\Mozilla\Firefox\Profiles\cvwhxi0c.default\extensions\{AE93811A-5C9A-4d34-8462-F7B864FC4696}
[2010/06/04 19:04:57 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2010/06/25 22:22:01 | 000,000,210 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 http://bestladysites.com/
O1 - Hosts: 127.0.0.1 http://www.google-analytics.com/
O1 - Hosts: 127.0.0.1 http://google-analytics.com/
O1 - Hosts: 127.0.0.1 http://results5.google.com
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll File not found
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll File not found
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll File not found
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Users\Zack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe File not found
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\VMware\VMware Player\vsocklib.dll (VMware, Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ent/swflash.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 213.109.64.53
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Zack\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Zack\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O30 - LSA: Security Packages - (0420-2752171513-1000) - File not found
O30 - LSA: Security Packages - (&) - File not found
O30 - LSA: Security Packages - (쏶) - File not found
O30 - LSA: Security Packages - () - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 17:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/06/29 22:49:04 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Users\Zack\Desktop\OTL.exe
[2010/06/29 21:26:57 | 000,998,736 | ---- | C] (Kaspersky Lab) -- C:\Users\Zack\Desktop\tdsskiller.exe
[2010/06/29 21:17:19 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2010/06/29 21:17:04 | 000,812,344 | ---- | C] (Trend Micro Inc.) -- C:\Users\Zack\Desktop\HJTInstall.exe
[2010/06/26 14:10:01 | 000,000,000 | ---D | C] -- C:\Users\Zack\AppData\Local\Apple
[2010/06/26 03:05:27 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe
[2010/06/26 03:05:27 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll
[2010/06/26 03:05:27 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll
[2010/06/26 03:03:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2010/06/26 00:10:54 | 000,000,000 | ---D | C] -- C:\Users\Zack\AppData\Roaming\SUPERAntiSpyware.com
[2010/06/26 00:10:54 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2010/06/26 00:10:46 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2010/06/25 23:26:21 | 000,000,000 | ---D | C] -- C:\Users\Zack\Desktop\Plugins
[2010/06/25 23:26:21 | 000,000,000 | ---D | C] -- C:\Users\Zack\Desktop\Language
[2010/06/25 23:25:20 | 008,776,240 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\Zack\Desktop\SUPERAntiSpyware.exe
[2010/06/25 22:10:09 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/06/25 22:09:55 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Users\Zack\Desktop\erunt-setup.exe
[2010/06/25 22:02:56 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Users\Zack\Desktop\ATF-Cleaner.exe
[2010/06/25 19:54:35 | 000,000,000 | ---D | C] -- C:\Users\Zack\Desktop\bd_rem_tool
[2010/06/25 19:30:04 | 000,000,000 | ---D | C] -- C:\Users\Zack\Desktop\GooredFix Backups
[2010/06/25 19:28:32 | 000,070,858 | ---- | C] (jpshortstuff) -- C:\Users\Zack\Desktop\GooredFix.exe
[2010/06/25 18:31:23 | 000,289,792 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2010/06/25 18:31:22 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2010/06/25 18:31:14 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Apphlpdm.dll
[2010/06/25 18:31:13 | 004,240,384 | ---- | C] (Microsoft) -- C:\Windows\System32\GameUXLegacyGDFs.dll
[2010/06/25 18:31:10 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\asycfilt.dll
[2010/06/25 18:31:00 | 002,037,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010/06/25 00:38:11 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan
[2010/06/25 00:38:11 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2010/06/25 00:38:06 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee Security Scan
[2010/06/25 00:24:39 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2010/06/25 00:24:34 | 000,000,000 | ---D | C] -- C:\Users\Zack\AppData\Local\temp
[2010/06/24 23:51:11 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/06/24 23:51:11 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/06/24 23:51:11 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2010/06/24 23:50:55 | 000,000,000 | ---D | C] -- C:\ComboFix
[2010/06/24 23:50:17 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/06/24 23:49:49 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2010/06/24 23:49:03 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/06/24 23:26:11 | 000,018,816 | ---- | C] (Sophos Plc) -- C:\Windows\System32\SAVRKBootTasks.sys
[2010/06/24 21:19:11 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2010/06/23 20:08:43 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/06/09 19:23:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Update
[2010/06/08 20:20:03 | 000,000,000 | ---D | C] -- C:\Users\Zack\AppData\Local\My Games
[2010/06/08 20:08:34 | 000,000,000 | ---D | C] -- C:\Program Files\2K Games
[2010/06/08 20:07:53 | 000,000,000 | ---D | C] -- C:\Users\Zack\AppData\Roaming\InstallShield
[2010/06/08 19:16:48 | 000,101,832 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\Zack\Desktop\SASUNINST.EXE
[2010/06/08 00:17:21 | 000,691,696 | ---- | C] (Duplex Secure Ltd.) -- C:\Windows\System32\drivers\sptd.sys
[2010/06/07 23:28:34 | 000,000,000 | ---D | C] -- C:\Users\Zack\AppData\Roaming\WinRAR
[2010/06/07 23:28:19 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2010/06/07 23:16:24 | 000,000,000 | ---D | C] -- C:\Users\Zack\AppData\Roaming\BitTorrent
[2010/06/07 23:16:10 | 000,000,000 | ---D | C] -- C:\Program Files\BitTorrent
[2010/06/07 21:44:53 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010/06/07 21:22:30 | 000,000,000 | ---D | C] -- C:\Users\Zack\AppData\Roaming\Malwarebytes
[2010/06/07 21:22:18 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/06/07 21:22:16 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/06/07 21:22:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/06/07 19:45:59 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2010/06/07 14:39:35 | 000,356,352 | ---- | C] (eSellerate Inc.) -- C:\Windows\eSellerateEngine.dll
[2010/06/07 14:39:34 | 000,081,920 | ---- | C] (eSellerate Inc.) -- C:\Windows\eSellerateControl350.dll
[2010/06/07 13:13:51 | 000,256,752 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\Zack\Desktop\SSUpdate.exe
[2010/06/07 13:02:20 | 000,111,104 | ---- | C] (SUPERAntiSpyware.com) -- C:\Users\Zack\Desktop\SASCore.exe
[2010/06/04 19:05:58 | 000,000,000 | ---D | C] -- C:\Users\Zack\AppData\Local\Mozilla
[2010/06/04 19:04:52 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/06/04 19:03:07 | 008,354,440 | ---- | C] (Mozilla) -- C:\Users\Zack\Desktop\Firefox Setup 3.6.3.exe
[2010/06/04 00:03:59 | 000,000,000 | ---D | C] -- C:\Program Files\MSSOAP
[2010/06/04 00:03:58 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2010/06/04 00:03:18 | 001,563,008 | ---- | C] (Webroot Software, Inc.) -- C:\Windows\WRSetup.dll
[2010/06/04 00:03:18 | 000,000,000 | ---D | C] -- C:\Users\Zack\AppData\Roaming\Webroot
[2010/06/04 00:03:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Webroot
[2010/06/04 00:01:54 | 042,060,008 | ---- | C] (Webroot Software, Inc. ) -- C:\Users\Zack\Desktop\SpySweeperRegSetup_EN.exe
[2010/06/03 23:46:42 | 016,409,960 | ---- | C] (Safer Networking Limited ) -- C:\Users\Zack\Desktop\spybotsd162.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/06/29 22:59:59 | 000,000,420 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{97DEB203-C32D-444E-8D76-D8D622B57CEB}.job
[2010/06/29 22:49:51 | 002,621,440 | -HS- | M] () -- C:\Users\Zack\ntuser.dat
[2010/06/29 22:49:04 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Zack\Desktop\OTL.exe
[2010/06/29 22:12:00 | 080,398,104 | ---- | M] () -- C:\Users\Zack\Desktop\jdk-6u20-windows-i586.exe
[2010/06/29 21:33:16 | 070,481,176 | ---- | M] () -- C:\Users\Zack\Desktop\jdk-6u20-windows-x64.exe
[2010/06/29 21:26:57 | 000,998,736 | ---- | M] (Kaspersky Lab) -- C:\Users\Zack\Desktop\tdsskiller.exe
[2010/06/29 21:17:57 | 000,707,536 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010/06/29 21:17:57 | 000,607,186 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/06/29 21:17:57 | 000,105,380 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/06/29 21:17:20 | 000,001,885 | ---- | M] () -- C:\Users\Zack\Desktop\HijackThis.lnk
[2010/06/29 21:17:05 | 000,812,344 | ---- | M] (Trend Micro Inc.) -- C:\Users\Zack\Desktop\HJTInstall.exe
[2010/06/29 21:12:40 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/06/29 21:12:40 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/06/29 21:12:34 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010/06/29 21:12:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/06/29 21:12:21 | 1874,714,624 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/29 18:44:02 | 000,524,288 | -HS- | M] () -- C:\Users\Zack\NTUSER.DAT{8ade302c-fa05-11dd-b497-001e3354efa6}.TMContainer00000000000000000001.regtrans-ms
[2010/06/29 18:44:02 | 000,065,536 | -HS- | M] () -- C:\Users\Zack\NTUSER.DAT{8ade302c-fa05-11dd-b497-001e3354efa6}.TM.blf
[2010/06/28 23:36:00 | 000,001,356 | ---- | M] () -- C:\Users\Zack\AppData\Local\d3d9caps.dat
[2010/06/26 03:37:52 | 000,371,120 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/06/26 00:10:50 | 000,001,811 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/06/25 23:28:25 | 008,776,240 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\Zack\Desktop\SUPERAntiSpyware.exe
[2010/06/25 22:22:01 | 000,000,210 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/06/25 22:15:17 | 000,077,312 | ---- | M] () -- C:\Users\Zack\Desktop\mbr.exe
[2010/06/25 22:10:12 | 000,000,924 | ---- | M] () -- C:\Users\Zack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/06/25 22:10:10 | 000,000,744 | ---- | M] () -- C:\Users\Zack\Desktop\NTREGOPT.lnk
[2010/06/25 22:09:55 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Users\Zack\Desktop\erunt-setup.exe
[2010/06/25 22:02:57 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Users\Zack\Desktop\ATF-Cleaner.exe
[2010/06/25 20:04:09 | 000,000,127 | ---- | M] () -- C:\Users\Zack\Desktop\noauto.reg
[2010/06/25 20:00:54 | 000,426,668 | ---- | M] () -- C:\Users\Zack\Desktop\Windows6.0-KB958644-x86.msu
[2010/06/25 19:54:26 | 002,418,880 | ---- | M] () -- C:\Users\Zack\Desktop\bd_rem_tool.zip
[2010/06/25 19:28:32 | 000,070,858 | ---- | M] (jpshortstuff) -- C:\Users\Zack\Desktop\GooredFix.exe
[2010/06/25 00:38:09 | 000,001,719 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2010/06/25 00:38:09 | 000,001,717 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2010/06/25 00:19:26 | 000,000,215 | ---- | M] () -- C:\Windows\system.ini
[2010/06/24 23:50:07 | 003,719,852 | R--- | M] () -- C:\Users\Zack\Desktop\ComboFix.exe
[2010/06/24 21:18:42 | 001,376,832 | ---- | M] () -- C:\Users\Zack\Desktop\sar_15_sfx.exe
[2010/06/24 20:51:37 | 000,231,390 | ---- | M] () -- C:\Users\Zack\Desktop\RootkitRevealer.zip
[2010/06/24 19:00:03 | 000,293,376 | ---- | M] () -- C:\Users\Zack\Desktop\ildy4ks3.exe
[2010/06/24 18:51:08 | 000,525,824 | ---- | M] () -- C:\Users\Zack\Desktop\dds.scr
[2010/06/24 18:49:59 | 000,002,838 | ---- | M] () -- C:\Windows\machine.ver
[2010/06/24 18:40:38 | 000,000,204 | ---- | M] () -- C:\Users\Zack\defogger_reenable
[2010/06/23 20:08:55 | 000,000,829 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/15 23:36:33 | 000,088,171 | ---- | M] () -- C:\wubildr
[2010/06/14 12:12:23 | 210,823,999 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/06/11 20:56:46 | 000,001,744 | -H-- | M] () -- C:\Users\Zack\Documents\Default.rdp
[2010/06/10 06:15:23 | 001,474,074 | ---- | M] () -- C:\Users\Zack\Desktop\PROCESSLISTRELATED.DB
[2010/06/10 06:15:20 | 027,213,372 | ---- | M] () -- C:\Users\Zack\Desktop\PROCESSLIST.DB
[2010/06/09 19:25:35 | 000,000,000 | ---- | M] () -- C:\Users\Zack\AppData\Local\Wkiyeviwep.bin
[2010/06/09 00:44:28 | 000,152,760 | ---- | M] () -- C:\Users\Zack\Desktop\0609100043-00.jpg
[2010/06/08 19:16:48 | 000,101,832 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\Zack\Desktop\SASUNINST.EXE
[2010/06/08 19:16:48 | 000,000,984 | ---- | M] () -- C:\Users\Public\Desktop\Alcohol 120%.lnk
[2010/06/08 00:17:21 | 000,691,696 | ---- | M] (Duplex Secure Ltd.) -- C:\Windows\System32\drivers\sptd.sys
[2010/06/07 23:16:23 | 000,000,861 | ---- | M] () -- C:\Users\Public\Desktop\BitTorrent.lnk
[2010/06/07 13:13:51 | 000,256,752 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\Zack\Desktop\SSUpdate.exe
[2010/06/07 13:02:20 | 000,111,104 | ---- | M] (SUPERAntiSpyware.com) -- C:\Users\Zack\Desktop\SASCore.exe
[2010/06/04 19:05:03 | 000,001,759 | ---- | M] () -- C:\Users\Zack\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/06/04 19:05:03 | 000,001,735 | ---- | M] () -- C:\Users\Public\Desktop\HijacH.lnk
[2010/06/04 19:04:28 | 008,354,440 | ---- | M] (Mozilla) -- C:\Users\Zack\Desktop\Firefox Setup 3.6.3.exe
[2010/06/04 18:07:53 | 000,000,120 | ---- | M] () -- C:\Users\Zack\AppData\Local\Fcoxoziyij.dat
[2010/06/04 00:04:43 | 000,001,820 | ---- | M] () -- C:\Users\Public\Desktop\Spy Sweeper.lnk
[2010/06/04 00:01:59 | 042,060,008 | ---- | M] (Webroot Software, Inc. ) -- C:\Users\Zack\Desktop\SpySweeperRegSetup_EN.exe
[2010/06/03 23:46:58 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Users\Zack\Desktop\spybotsd162.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/06/29 22:01:30 | 080,398,104 | ---- | C] () -- C:\Users\Zack\Desktop\jdk-6u20-windows-i586.exe
[2010/06/29 21:30:58 | 070,481,176 | ---- | C] () -- C:\Users\Zack\Desktop\jdk-6u20-windows-x64.exe
[2010/06/29 21:17:20 | 000,001,885 | ---- | C] () -- C:\Users\Zack\Desktop\HijackThis.lnk
[2010/06/29 21:12:21 | 1874,714,624 | -HS- | C] () -- C:\hiberfil.sys
[2010/06/26 00:10:50 | 000,001,811 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2010/06/25 22:15:20 | 000,000,195 | ---- | C] () -- C:\Users\Zack\mbr.log
[2010/06/25 22:15:16 | 000,077,312 | ---- | C] () -- C:\Users\Zack\Desktop\mbr.exe
[2010/06/25 22:10:12 | 000,000,924 | ---- | C] () -- C:\Users\Zack\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/06/25 22:10:10 | 000,000,744 | ---- | C] () -- C:\Users\Zack\Desktop\NTREGOPT.lnk
[2010/06/25 20:04:07 | 000,000,127 | ---- | C] () -- C:\Users\Zack\Desktop\noauto.reg
[2010/06/25 20:00:53 | 000,426,668 | ---- | C] () -- C:\Users\Zack\Desktop\Windows6.0-KB958644-x86.msu
[2010/06/25 19:54:24 | 002,418,880 | ---- | C] () -- C:\Users\Zack\Desktop\bd_rem_tool.zip
[2010/06/25 00:38:09 | 000,001,719 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
[2010/06/25 00:38:09 | 000,001,717 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
[2010/06/24 23:51:11 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/06/24 23:51:11 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/06/24 23:51:11 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/06/24 23:51:11 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/06/24 23:51:11 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/06/24 21:18:42 | 001,376,832 | ---- | C] () -- C:\Users\Zack\Desktop\sar_15_sfx.exe
[2010/06/24 20:51:29 | 000,231,390 | ---- | C] () -- C:\Users\Zack\Desktop\RootkitRevealer.zip
[2010/06/24 19:00:02 | 000,293,376 | ---- | C] () -- C:\Users\Zack\Desktop\ildy4ks3.exe
[2010/06/24 18:51:06 | 000,525,824 | ---- | C] () -- C:\Users\Zack\Desktop\dds.scr
[2010/06/24 18:40:05 | 000,000,204 | ---- | C] () -- C:\Users\Zack\defogger_reenable
[2010/06/23 21:23:12 | 003,719,852 | R--- | C] () -- C:\Users\Zack\Desktop\ComboFix.exe
[2010/06/23 20:08:55 | 000,000,829 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/15 23:36:33 | 000,088,171 | ---- | C] () -- C:\wubildr
[2010/06/10 06:15:23 | 001,474,074 | ---- | C] () -- C:\Users\Zack\Desktop\PROCESSLISTRELATED.DB
[2010/06/10 06:15:20 | 027,213,372 | ---- | C] () -- C:\Users\Zack\Desktop\PROCESSLIST.DB
[2010/06/09 00:44:27 | 000,152,760 | ---- | C] () -- C:\Users\Zack\Desktop\0609100043-00.jpg
[2010/06/08 19:16:48 | 000,000,984 | ---- | C] () -- C:\Users\Public\Desktop\Alcohol 120%.lnk
[2010/06/07 23:16:23 | 000,000,861 | ---- | C] () -- C:\Users\Public\Desktop\BitTorrent.lnk
[2010/06/04 19:05:03 | 000,001,759 | ---- | C] () -- C:\Users\Zack\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/06/04 19:05:03 | 000,001,735 | ---- | C] () -- C:\Users\Public\Desktop\HijacH.lnk
[2010/06/04 00:04:43 | 000,001,820 | ---- | C] () -- C:\Users\Public\Desktop\Spy Sweeper.lnk
[2010/06/03 23:24:37 | 000,000,120 | ---- | C] () -- C:\Users\Zack\AppData\Local\Fcoxoziyij.dat
[2010/06/03 23:24:37 | 000,000,000 | ---- | C] () -- C:\Users\Zack\AppData\Local\Wkiyeviwep.bin
[2010/01/01 20:26:01 | 000,000,575 | ---- | C] () -- C:\Windows\hostmon.INI
[2009/09/26 13:52:43 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2008/08/19 22:15:53 | 000,000,067 | ---- | C] () -- C:\Windows\swupdate.INI
[2008/08/17 16:10:33 | 000,000,014 | RHS- | C] () -- C:\Windows\System32\drivers\fbd.sys
[2008/08/17 16:10:33 | 000,000,004 | RHS- | C] () -- C:\Windows\System32\drivers\taishop.sys
[2008/07/27 01:42:39 | 000,128,113 | ---- | C] () -- C:\Windows\System32\csellang.ini
[2008/07/27 01:42:39 | 000,045,056 | ---- | C] () -- C:\Windows\System32\csellang.dll
[2008/07/27 01:42:39 | 000,010,150 | ---- | C] () -- C:\Windows\System32\tosmreg.ini
[2008/07/27 01:42:39 | 000,007,671 | ---- | C] () -- C:\Windows\System32\cseltbl.ini
[2008/05/05 14:41:42 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI
[2008/04/24 21:43:50 | 000,057,344 | ---- | C] () -- C:\Windows\System32\SmartFaceVCapt.dll
[2008/04/24 21:42:44 | 000,479,232 | ---- | C] () -- C:\Windows\System32\SmartFaceVCP.dll
[2008/04/24 21:25:46 | 006,701,056 | ---- | C] () -- C:\Windows\System32\FaceHI.dll
[2008/04/24 21:25:46 | 000,995,328 | ---- | C] () -- C:\Windows\System32\FaceRec.dll
[2008/04/24 21:25:46 | 000,126,976 | ---- | C] () -- C:\Windows\System32\SmartFaceVCtrl.dll
[2008/04/24 21:23:58 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IppLib.dll
[2008/04/23 01:05:08 | 000,159,744 | ---- | C] () -- C:\Windows\System32\atitmmxx.dll
[2006/11/02 08:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 03:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/03/09 12:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2006/01/30 08:42:22 | 000,000,270 | ---- | C] () -- C:\Windows\System32\lxczcoin.ini
[2002/11/13 03:40:22 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxczvs.dll
< End of report >
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,715 posts
  • MVP
Your router is infected. There should be a button on it to RESET it to factory specs. Hold it down for 10 seconds or so. If you have wireless and are using encryption you will have to redo that. Logon to your router and tell me what DNS it is now using. Change the router's password so it can't happen again. Email the password to yourself so you won't forget it.

Uninstall the Ask toolbar.

Then you can clean up a few things with OTL:


Copy the text between the lines of stars by highlighting and Ctrl + c
********************************************************************************

:OTL
SRV - File not found [Auto | Stopped] -- -- (WRConsumerService)
SRV - File not found [Auto | Stopped] -- -- (WebrootSpySweeperService)
SRV - File not found [Auto | Stopped] -- -- (StarWindServiceAE)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:49615
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 49615
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll File not found
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll File not found
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ent/swflash.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 213.109.64.53
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O30 - LSA: Security Packages - (0420-2752171513-1000) - File not found
O30 - LSA: Security Packages - (&) - File not found
O30 - LSA: Security Packages - (쏶) - File not found
O30 - LSA: Security Packages - () - File not found

:Files
C:\Users\Zack\AppData\Local\Wkiyeviwep.bin

:Commands
[RESETHOSTS]
[purity]
[emptytemp]
[Reboot]

*******************************************************************

then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done.

Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Run Malwarebytes' Anti-Malware

* Once the program has loaded, select Perform full scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.



Download but do not yet run ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html


Download and Rename this file -- (call it george.exe ) to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on george to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Re-activate your protection programs at this time :!:

  • Go to this page and Download TDSSKiller.zip to your Desktop.
  • Extract its contents to your desktop and drag TDSSKiller.exe on the desktop, not in the folder.
  • Vista Start logo >All Programs> Accessories> RIGHT-click on Command Prompt and Select Run As Administrator. Copy/paste the following bolded command and hit Enter.

    "%userprofile%\Desktop\TDSSKiller.exe" -l C:\TDSSKiller.txt -v
  • If TDSSKiller alerts you that the system needs to reboot, please consent.
  • When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.

Post Back (copy/paste the .txt files, do not use attachments)
After following the above, post back with:

OTL Log
MBAM log
Combofix log
TDSSKiller log

Ron

Edited by RKinner, 30 June 2010 - 10:59 AM.

  • 0

#3
ZackB_258

ZackB_258

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Thanks Ron, I just got home from work and will begin following your instructions. I really appreciate the help!
  • 0

#4
ZackB_258

ZackB_258

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Ron,

Sorry for the delay in getting back to you. I think I am clean now and have managed to rid the router of the infection. I ran the OTL cleaner and posted the code you provided, however when I restarted my computer I could no longer connect to my wireless router (I think I accidentally messed up some of the settings on there when I was changing my PW, etc.) I ended up connecting the modem directly to my comp and fixing the router though and no longer have the browser re-direct or any other symptoms as of yet. That OTL tool really gets the job done. I'm running malware bytes right now and will post the scan when it is done..Is there anything else I should include? Thanks again for your help.

Zack
  • 0

#5
RKinner

RKinner

    Malware Expert

  • Expert
  • 23,715 posts
  • MVP
OTL is very good at showing us what is going on and it is very good at fixing things if we tell it what to fix. Certainly makes our life a lot easier.

Still waiting on TDSSKiller and Combofix. They should go a lot faster than MBAM.

I usually recommend a free BitDefender online scan as a final check.
http://www.bitdefend...nline/free.html

I'm particularly interested in any files that it says it can't scan or that are missing.

Ron
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP