Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Google Redirect Virus-NOT tdss

Started by catttreanor , Aug 10 2011 04:51 PM

  • This topic is locked This topic is locked

#16
maliprog
Posted 12 August 2011 - 03:09 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
That's why I sad test your system :). OK. Let's see what's left.

Download ComboFix here :

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you don't know how to disable them then just continue on.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Posted Image
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\\ComboFix.txt log in your next reply.
  • 0

Advertisements

#17
catttreanor
Posted 12 August 2011 - 04:37 PM

catttreanor

    Member

  • Topic Starter
  • Member
  • PipPip
  • 67 posts
Any time I try to run the program it crashes my computer with the blue screen of death, only the wording on the blue screen of death is way to the left, so I can't really read it. When it restarts itself windows tells me that these are the problem details
Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.1.7600.2.0.0.768.3
Locale ID: 1033

Additional information about the problem:
BCCode: 7a
BCP1: C043F8A8
BCP2: C0000185
BCP3: 38EA1860
BCP4: 87F159C4
OS Version: 6_1_7600
Service Pack: 0_0
Product: 768_1

Files that help describe the problem:
C:\Windows\Minidump\081211-109684-01.dmp
C:\Users\catt\AppData\Local\Temp\WER-129933-0.sysdata.xml

Read our privacy statement online:
http://go.microsoft....88&clcid=0x0409

If the online privacy statement is not available, please read our privacy statement offline:
C:\windows\system32\en-US\erofflps.txt
  • 0

#18
maliprog
Posted 13 August 2011 - 09:38 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi catttreanor,

Please try to run Combofix from safe mode.

To restart in safe mode:
  • If the computer is running, shut down Windows, and then turn off the power
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.

  • 0

#19
catttreanor
Posted 13 August 2011 - 10:13 AM

catttreanor

    Member

  • Topic Starter
  • Member
  • PipPip
  • 67 posts
I was able to run it that way, but there was no way to shut off the avira in Safe mode. I tried turning it off in regular mode and restarting in safe mode, hoping it'd still be off but it stayed on. Here is the log.




ComboFix 11-08-12.01 - catt 08/13/2011 11:01:26.2.2 - x86 MINIMAL
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.1790.861 [GMT -5:00]
Running from: c:\users\catt\Downloads\ComboFix.exe
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {9FF26384-70D4-CE6B-3ECB-E759A6A40116}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Lavasoft Ad-Watch Live! *Enabled/Updated* {24938260-56EE-C1E5-047B-DC2BDD234BAB}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\catt\AppData\Roaming\Mozilla\Firefox\Profiles\o4u9oc9m.default\extensions\{14756d36-f4d8-473e-8386-8ad7a5e6a093}
c:\users\catt\AppData\Roaming\Mozilla\Firefox\Profiles\o4u9oc9m.default\extensions\{14756d36-f4d8-473e-8386-8ad7a5e6a093}\chrome.manifest
c:\users\catt\AppData\Roaming\Mozilla\Firefox\Profiles\o4u9oc9m.default\extensions\{14756d36-f4d8-473e-8386-8ad7a5e6a093}\chrome\xulcache.jar
c:\users\catt\AppData\Roaming\Mozilla\Firefox\Profiles\o4u9oc9m.default\extensions\{14756d36-f4d8-473e-8386-8ad7a5e6a093}\defaults\preferences\xulcache.js
c:\users\catt\AppData\Roaming\Mozilla\Firefox\Profiles\o4u9oc9m.default\extensions\{14756d36-f4d8-473e-8386-8ad7a5e6a093}\install.rdf
.
.
((((((((((((((((((((((((( Files Created from 2011-07-13 to 2011-08-13 )))))))))))))))))))))))))))))))
.
.
2011-08-13 16:05 . 2011-08-13 16:05 -------- d-----w- c:\users\catt\AppData\Local\temp
2011-08-13 16:05 . 2011-08-13 16:05 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-12 21:03 . 2011-07-13 03:39 6881616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8BDD9C7A-E96B-4757-A717-2F1C09B708C5}\mpengine.dll
2011-08-12 20:25 . 2011-08-12 20:25 -------- d-----w- c:\program files\Common Files\Java
2011-08-12 16:36 . 2011-08-12 16:36 -------- d-----w- C:\_OTL
2011-08-11 14:49 . 2011-08-11 14:49 302592 ----a-w- C:\f6hj8o6f.exe
2011-08-11 08:03 . 2011-08-11 08:03 -------- d-sh--w- c:\windows\system32\%APPDATA%
2011-08-10 22:38 . 2011-06-15 09:04 86016 ----a-w- c:\windows\system32\odbccu32.dll
2011-08-10 22:38 . 2011-06-15 09:04 81920 ----a-w- c:\windows\system32\odbccr32.dll
2011-08-10 22:38 . 2011-06-15 09:04 319488 ----a-w- c:\windows\system32\odbcjt32.dll
2011-08-10 22:38 . 2011-06-15 09:04 122880 ----a-w- c:\windows\system32\odbccp32.dll
2011-08-10 22:38 . 2011-06-15 09:04 94208 ----a-w- c:\program files\Common Files\System\Ole DB\msdaosp.dll
2011-08-10 22:03 . 2011-08-10 22:03 23624 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2011-08-10 22:02 . 2011-08-10 22:02 -------- d-----w- c:\programdata\Hitman Pro
2011-08-10 21:11 . 2011-08-10 21:25 -------- d-----w- c:\users\catt\AppData\Local\NPE
2011-08-03 21:42 . 2011-08-04 00:30 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2011-08-03 21:42 . 2011-08-03 21:42 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-07-29 07:48 . 2011-07-29 05:23 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-07-29 05:23 . 2011-07-29 05:23 101720 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-07-29 04:56 . 2011-07-29 04:56 -------- dc----w- c:\windows\system32\DRVSTORE
2011-07-29 04:56 . 2011-07-21 19:59 64512 ----a-w- c:\windows\system32\drivers\Lbd.sys
2011-07-29 04:56 . 2011-07-29 04:56 -------- d-----w- c:\programdata\Lavasoft
2011-07-29 04:56 . 2011-07-29 04:56 -------- d-----w- c:\program files\Lavasoft
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-07 00:52 . 2010-12-10 00:31 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-07 00:52 . 2010-12-10 00:31 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-28 17:28 . 2010-11-01 15:29 66616 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-06-28 17:28 . 2010-11-01 15:29 138192 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-06-27 06:56 . 2011-06-27 06:56 489672 ----a-w- c:\users\catt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Catalina Marketing Corp\UninstallCouponActivator.exe
2011-06-11 02:37 . 2011-07-13 03:52 2332672 ----a-w- c:\windows\system32\win32k.sys
2011-05-25 00:14 . 2010-11-04 17:35 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-24 10:35 . 2011-06-29 00:41 294912 ----a-w- c:\windows\system32\umpnpmgr.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BitTorrent"="c:\program files\BitTorrent\BitTorrent.exe" [2010-11-01 2988400]
"Weather"="c:\program files\AWS\WeatherBug\Weather.exe" [2010-10-28 1652736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LenovoFSC"="c:\program files\Lenovo\FanSpeedControl\LenovoFSC.exe" [2009-07-29 49152]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-10 98304]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-10-13 7830048]
"Healthcare"="c:\program files\Lenovo\HealthCare\HealthCare.exe" [2009-09-28 827392]
"CLMLServer"="c:\program files\Lenovo\Power2Go\CLMLSvc.exe" [2009-06-04 103720]
"UpdateP2GoShortCut"="c:\program files\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"IdeaNotesUser"="c:\program files\DDNI\Lenovo Idea Notes\DDNIMSGUser.exe" [2009-08-24 221872]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-11-07 281768]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-07-07 1047656]
"SearchSettings"="c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe" [2011-06-24 534880]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-04-08 254696]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WLStart"="c:\program files\Windows Live\Installer\wlstart.exe" [2009-07-26 768336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-10 176128]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2011-04-27 136360]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [2011-06-24 393112]
R2 DDNIMSGService;DDNIMSGService;c:\program files\DDNI\Lenovo Idea Notes\DDNIMSGService.exe [2010-07-20 171872]
R2 DDNIService;DDNIService;c:\program files\DDNI\DIBS\DDNIService.exe [2010-07-23 163680]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-01-28 136176]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2011-07-21 2151640]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 WinI2C-DDC;WinI2C-DDC Kernel Mode Driver;c:\windows\system32\drivers\DDCDrv.sys [2009-03-02 16200]
R3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-01-28 136176]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [2011-07-21 15232]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-05-22 167936]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-11-04 1343400]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2009-07-22 81704]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-13 311296]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [2011-07-21 64512]
S3 SuperIO;Lenovo ASD HWM Driver;c:\windows\system32\DRIVERS\spio.sys [2009-06-06 11720]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-13 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-07-21 19:59]
.
2011-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-28 06:46]
.
2011-08-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-28 06:46]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://lenovo.msn.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 68.87.85.102 68.87.69.150 0.0.0.0
FF - ProfilePath - c:\users\catt\AppData\Roaming\Mozilla\Firefox\Profiles\o4u9oc9m.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://leftaction.com/|http://www.google.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=723823&p=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=723823&p=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-08-13 11:06:24
ComboFix-quarantined-files.txt 2011-08-13 16:06
.
Pre-Run: 67,838,136,320 bytes free
Post-Run: 67,824,398,336 bytes free
.
- - End Of File - - 9A97AA19293C8223783692CA7AD733FA
  • 0

#20
maliprog
Posted 15 August 2011 - 11:36 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi catttreanor,

Please close all running programs and Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL

    :Files
    ipconfig /flushdns /c
    ipconfig /all /c
    nslookup google.com /c
    nslookup yahoo.com /c
    ping -n 2 google.com /c
    ping -n 2 yahoo.com /c
    route print /c

    :Commands
    [purity]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the fix log it produces in your next reply or you can find it in C:\_OTL\MovedFiles

  • 0

#21
catttreanor
Posted 15 August 2011 - 09:00 PM

catttreanor

    Member

  • Topic Starter
  • Member
  • PipPip
  • 67 posts
========== OTL ==========
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\catt\Downloads\cmd.bat deleted successfully.
C:\Users\catt\Downloads\cmd.txt deleted successfully.
< ipconfig /all /c >
Windows IP Configuration
Host Name . . . . . . . . . . . . : betsy
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
Physical Address. . . . . . . . . : 44-87-FC-92-EA-C7
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::206d:d1f5:7ac1:eddf%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.0.100(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Saturday, August 13, 2011 11:10:19 AM
Lease Expires . . . . . . . . . . : Saturday, August 20, 2011 11:10:19 AM
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.1
DHCPv6 IAID . . . . . . . . . . . : 239372284
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-6B-24-A3-44-87-FC-92-EA-C7
DNS Servers . . . . . . . . . . . : 68.87.85.102
68.87.69.150
0.0.0.0
NetBIOS over Tcpip. . . . . . . . : Enabled
Tunnel adapter isatap.{BC3054F0-C6F0-4F36-8132-BBDB287D3BA5}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Teredo Tunneling Pseudo-Interface:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:34c9:2036:9d3b:ca1c(Preferred)
Link-local IPv6 Address . . . . . : fe80::34c9:2036:9d3b:ca1c%12(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
C:\Users\catt\Downloads\cmd.bat deleted successfully.
C:\Users\catt\Downloads\cmd.txt deleted successfully.
< nslookup google.com /c >
Server: cns.cmc.co.denver.comcast.net
Address: 68.87.85.102
Name: google.com
Addresses: 74.125.73.105
74.125.73.99
74.125.73.106
74.125.73.147
74.125.73.104
74.125.73.103
C:\Users\catt\Downloads\cmd.bat deleted successfully.
C:\Users\catt\Downloads\cmd.txt deleted successfully.
< nslookup yahoo.com /c >
DNS request timed out.
timeout was 2 seconds.
Server: UnKnown
Address: 68.87.85.102
Name: yahoo.com
Addresses: 209.191.122.70
67.195.160.76
69.147.125.65
72.30.2.43
98.137.149.56
C:\Users\catt\Downloads\cmd.bat deleted successfully.
C:\Users\catt\Downloads\cmd.txt deleted successfully.
< ping -n 2 google.com /c >
Pinging google.com [74.125.73.104] with 32 bytes of data:
Reply from 74.125.73.104: bytes=32 time=41ms TTL=50
Reply from 74.125.73.104: bytes=32 time=43ms TTL=50
Ping statistics for 74.125.73.104:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 41ms, Maximum = 43ms, Average = 42ms
C:\Users\catt\Downloads\cmd.bat deleted successfully.
C:\Users\catt\Downloads\cmd.txt deleted successfully.
< ping -n 2 yahoo.com /c >
Pinging yahoo.com [69.147.125.65] with 32 bytes of data:
Reply from 69.147.125.65: bytes=32 time=47ms TTL=51
Reply from 69.147.125.65: bytes=32 time=46ms TTL=51
Ping statistics for 69.147.125.65:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 46ms, Maximum = 47ms, Average = 46ms
C:\Users\catt\Downloads\cmd.bat deleted successfully.
C:\Users\catt\Downloads\cmd.txt deleted successfully.
< route print /c >
===========================================================================
Interface List
11...44 87 fc 92 ea c7 ......Realtek PCIe FE Family Controller
1...........................Software Loopback Interface 1
14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
12...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.100 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.0.0 255.255.255.0 On-link 192.168.0.100 276
192.168.0.100 255.255.255.255 On-link 192.168.0.100 276
192.168.0.255 255.255.255.255 On-link 192.168.0.100 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.0.100 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.0.100 276
===========================================================================
Persistent Routes:
None
IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
12 58 ::/0 On-link
1 306 ::1/128 On-link
12 58 2001::/32 On-link
12 306 2001:0:4137:9e76:34c9:2036:9d3b:ca1c/128
On-link
11 276 fe80::/64 On-link
12 306 fe80::/64 On-link
11 276 fe80::206d:d1f5:7ac1:eddf/128
On-link
12 306 fe80::34c9:2036:9d3b:ca1c/128
On-link
1 306 ff00::/8 On-link
12 306 ff00::/8 On-link
11 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
C:\Users\catt\Downloads\cmd.bat deleted successfully.
C:\Users\catt\Downloads\cmd.txt deleted successfully.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.26.1 log created on 08152011_173929
  • 0

#22
maliprog
Posted 15 August 2011 - 11:36 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
OK. How is your system now? Do you get redirected? If you do, does it happens in all browsers you use or this redirection only effect one browser?

  • Run OTL.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open notepad window. OTL.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of this file, and post it with your next reply.

  • 0

#23
catttreanor
Posted 17 August 2011 - 09:36 AM

catttreanor

    Member

  • Topic Starter
  • Member
  • PipPip
  • 67 posts
It only ever seemed to happen with firefox. It seems to have stopped now, I have tried clicking over 100 links and no redirect. Hopefully it is gone for good! Here is the OTL log anyway.

OTL logfile created on: 8/17/2011 10:25:10 AM - Run 3
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\catt\Downloads
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.75 Gb Total Physical Memory | 0.84 Gb Available Physical Memory | 48.07% Memory free
3.50 Gb Paging File | 2.03 Gb Available in Paging File | 58.06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 272.92 Gb Total Space | 60.21 Gb Free Space | 22.06% Space Free | Partition Type: NTFS

Computer Name: BETSY | User Name: catt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/08/16 22:17:59 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/08/11 09:34:29 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\catt\Downloads\OTL.scr
PRC - [2011/07/21 14:59:06 | 002,151,640 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2011/07/21 14:59:06 | 001,191,216 | ---- | M] (Lavasoft Limited) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011/07/15 23:31:12 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/06/28 12:28:42 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2011/06/24 18:22:40 | 000,534,880 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
PRC - [2011/06/24 17:30:48 | 000,393,112 | ---- | M] (Spigot, Inc.) -- C:\Program Files\Application Updater\ApplicationUpdater.exe
PRC - [2011/04/27 03:25:58 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/11/07 03:20:39 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/11/01 09:47:13 | 002,988,400 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\BitTorrent\BitTorrent.exe
PRC - [2010/10/28 09:33:50 | 001,652,736 | R--- | M] (AWS Convergence Technologies, Inc.) -- C:\Program Files\AWS\WeatherBug\Weather.exe
PRC - [2010/07/23 09:31:54 | 000,163,680 | ---- | M] (Digital Delivery Networks, Inc.) -- C:\Program Files\DDNI\DIBS\DDNIService.exe
PRC - [2010/07/20 11:04:24 | 000,171,872 | ---- | M] (Digital Delivery Networks, Inc.) -- C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGService.exe
PRC - [2010/01/14 22:11:00 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/10/31 00:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/09/28 13:09:06 | 000,827,392 | ---- | M] (Lenovo) -- C:\Program Files\Lenovo\HealthCare\HealthCare.exe
PRC - [2009/08/24 08:15:32 | 000,221,872 | ---- | M] (Digital Delivery Networks, Inc.) -- C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGUser.exe
PRC - [2009/07/29 17:01:10 | 000,049,152 | ---- | M] (Lenovo (Shenzhen) Electronic Co., Ltd.) -- C:\Program Files\Lenovo\FanSpeedControl\LenovoFSC.exe
PRC - [2009/07/13 20:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/10 11:04:58 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009/07/10 11:04:28 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009/06/03 22:59:02 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files\Lenovo\Power2Go\CLMLSvc.exe
PRC - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008/01/11 19:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe


========== Modules (SafeList) ==========

MOD - [2011/08/11 09:34:29 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\catt\Downloads\OTL.scr
MOD - [2010/08/21 00:21:32 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/07/21 14:59:06 | 002,151,640 | ---- | M] (Lavasoft Limited) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2011/06/28 12:28:42 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011/06/24 17:30:48 | 000,393,112 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files\Application Updater\ApplicationUpdater.exe -- (Application Updater)
SRV - [2011/04/27 03:25:58 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010/11/04 03:00:44 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/07/23 09:31:54 | 000,163,680 | ---- | M] (Digital Delivery Networks, Inc.) [Auto | Running] -- C:\Program Files\DDNI\DIBS\DDNIService.exe -- (DDNIService)
SRV - [2010/07/20 11:04:24 | 000,171,872 | ---- | M] (Digital Delivery Networks, Inc.) [Auto | Running] -- C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGService.exe -- (DDNIMSGService)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/10 11:04:28 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/01/26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/01/11 19:50:16 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc)


========== Driver Services (SafeList) ==========

DRV - [2011/07/21 14:59:08 | 000,064,512 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\windows\system32\DRIVERS\Lbd.sys -- (Lbd)
DRV - [2011/07/21 14:59:08 | 000,015,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\Lavasoft\Ad-Aware\kernexplorer.sys -- (Lavasoft Kernexplorer)
DRV - [2011/06/28 12:28:43 | 000,138,192 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2011/06/28 12:28:43 | 000,066,616 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/07/21 23:14:58 | 000,081,704 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wsvd.sys -- (wsvd)
DRV - [2009/07/13 18:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 17:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009/07/10 11:40:00 | 004,994,048 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/06/05 19:18:08 | 000,011,720 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\spio.sys -- (SuperIO)
DRV - [2009/05/11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/05/04 23:30:28 | 000,014,392 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)
DRV - [2009/03/02 13:00:32 | 000,016,200 | ---- | M] (Nicomsoft Ltd.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\ddcdrv.sys -- (WinI2C-DDC)
DRV - [2008/08/06 14:34:16 | 000,128,104 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://lenovo.msn.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=723823"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://leftaction.co...en-US:official"
FF - prefs.js..extensions.enabledItems: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100908
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: [email protected]:4.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..keyword.URL: "http://search.yahoo....type=723823&p="
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://search.yahoo....type=723823&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=723823"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.20\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/08/16 22:17:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.20\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/08/16 22:17:59 | 000,000,000 | ---D | M]

[2010/11/01 09:45:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\catt\AppData\Roaming\Mozilla\Extensions
[2011/08/16 13:39:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\catt\AppData\Roaming\Mozilla\Firefox\Profiles\o4u9oc9m.default\extensions
[2010/11/17 19:22:25 | 000,000,000 | ---D | M] (WOT) -- C:\Users\catt\AppData\Roaming\Mozilla\Firefox\Profiles\o4u9oc9m.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011/08/12 15:25:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/11/20 18:33:15 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/08/12 15:25:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2011/07/08 21:57:07 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM
[2011/06/27 01:56:16 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol400.dll
[2011/03/18 13:32:12 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/05/04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/03/18 13:32:14 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2009/07/02 12:19:28 | 000,102,400 | ---- | M] (Zylom) -- C:\Program Files\mozilla firefox\plugins\npzylomgamesplayer.dll

O1 HOSTS File: ([2011/08/13 11:05:15 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Lenovo\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [Healthcare] C:\Program Files\Lenovo\HealthCare\HealthCare.exe (Lenovo)
O4 - HKLM..\Run: [IdeaNotesUser] C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGUser.exe (Digital Delivery Networks, Inc.)
O4 - HKLM..\Run: [LenovoFSC] C:\Program Files\Lenovo\FanSpeedControl\LenovoFSC.exe (Lenovo (Shenzhen) Electronic Co., Ltd.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [BitTorrent] C:\Program Files\BitTorrent\BitTorrent.exe (BitTorrent, Inc.)
O4 - HKCU..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe (AWS Convergence Technologies, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.85.102 68.87.69.150 0.0.0.0
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\windows\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/13 11:06:27 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011/08/13 11:06:26 | 000,000,000 | ---D | C] -- C:\windows\temp
[2011/08/13 11:06:26 | 000,000,000 | ---D | C] -- C:\Users\catt\AppData\Local\temp
[2011/08/12 15:25:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/08/12 11:36:26 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/08/11 03:03:52 | 000,000,000 | -HSD | C] -- C:\windows\System32\%APPDATA%
[2011/08/10 17:41:48 | 000,000,000 | ---D | C] -- C:\Users\catt\Documents\tdsskiller
[2011/08/10 17:22:05 | 000,000,000 | ---D | C] -- C:\windows\Minidump
[2011/08/10 17:16:08 | 000,518,144 | ---- | C] (SteelWerX) -- C:\windows\SWREG.exe
[2011/08/10 17:16:08 | 000,406,528 | ---- | C] (SteelWerX) -- C:\windows\SWSC.exe
[2011/08/10 17:16:08 | 000,060,416 | ---- | C] (NirSoft) -- C:\windows\NIRCMD.exe
[2011/08/10 17:16:03 | 000,000,000 | ---D | C] -- C:\windows\ERDNT
[2011/08/10 17:14:57 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/08/10 17:02:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2011/08/10 16:11:57 | 000,000,000 | ---D | C] -- C:\Users\catt\AppData\Local\NPE
[2011/08/03 16:42:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011/08/03 16:42:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011/08/03 16:42:22 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/07/29 00:23:50 | 000,101,720 | ---- | C] (Sunbelt Software) -- C:\windows\System32\drivers\SBREDrv.sys
[2011/07/28 23:56:13 | 000,064,512 | ---- | C] (Lavasoft AB) -- C:\windows\System32\drivers\Lbd.sys
[2011/07/28 23:56:13 | 000,000,000 | ---D | C] -- C:\windows\System32\DRVSTORE
[2011/07/28 23:56:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
[2011/07/28 23:56:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft
[2011/07/28 23:56:09 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2010/04/29 06:40:04 | 001,914,000 | ---- | C] (Adobe Systems Incorporated) -- C:\ProgramData\flashax10.exe

========== Files - Modified Within 30 Days ==========

[2011/08/17 09:32:03 | 000,000,882 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/17 06:32:00 | 000,000,878 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/15 17:51:01 | 000,014,240 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011/08/15 17:51:01 | 000,014,240 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011/08/15 17:48:40 | 000,661,830 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2011/08/15 17:48:40 | 000,121,018 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2011/08/15 17:43:44 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011/08/15 17:42:09 | 1407,746,048 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/14 23:57:39 | 000,000,064 | ---- | M] () -- C:\windows\System32\rp_stats.dat
[2011/08/14 23:57:39 | 000,000,044 | ---- | M] () -- C:\windows\System32\rp_rules.dat
[2011/08/14 15:20:20 | 000,543,070 | ---- | M] () -- C:\Users\catt\Desktop\alldogsgotoheaven-e1276285992777.jpg
[2011/08/14 11:16:50 | 000,057,391 | ---- | M] () -- C:\Users\catt\Desktop\188605_207653599260644_100000480161460_831510_3253946_n.jpg
[2011/08/13 11:05:15 | 000,000,027 | ---- | M] () -- C:\windows\System32\drivers\etc\hosts
[2011/08/12 17:32:37 | 213,555,143 | ---- | M] () -- C:\windows\MEMORY.DMP
[2011/08/11 09:49:35 | 000,302,592 | ---- | M] () -- C:\f6hj8o6f.exe
[2011/08/10 17:03:00 | 000,023,624 | ---- | M] () -- C:\windows\System32\drivers\hitmanpro35.sys
[2011/08/09 21:33:31 | 000,002,286 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011/08/03 16:42:27 | 000,001,216 | ---- | M] () -- C:\Users\catt\Desktop\Spybot - Search & Destroy.lnk
[2011/07/30 13:29:51 | 000,078,803 | ---- | M] () -- C:\Users\catt\Desktop\205204_531175998935_205400838_31257127_3861580_n.jpg
[2011/07/29 00:23:50 | 000,101,720 | ---- | M] (Sunbelt Software) -- C:\windows\System32\drivers\SBREDrv.sys
[2011/07/29 00:23:44 | 000,016,432 | ---- | M] () -- C:\windows\System32\lsdelete.exe
[2011/07/28 23:56:14 | 000,001,030 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011/07/27 20:45:17 | 000,000,000 | -H-- | M] () -- C:\windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2011/07/25 22:27:06 | 000,036,954 | ---- | M] () -- C:\Users\catt\Desktop\247998_2079921275408_1166320178_32565373_3613350_n.jpg
[2011/07/25 22:26:46 | 000,028,389 | ---- | M] () -- C:\Users\catt\Desktop\252312_2088290444632_1166320178_32575899_2758903_n.jpg
[2011/07/25 22:26:34 | 000,052,831 | ---- | M] () -- C:\Users\catt\Desktop\250148_2096606812536_1166320178_32589449_6162324_n.jpg
[2011/07/21 14:59:08 | 000,064,512 | ---- | M] (Lavasoft AB) -- C:\windows\System32\drivers\Lbd.sys

========== Files Created - No Company Name ==========

[2011/08/14 15:20:17 | 000,543,070 | ---- | C] () -- C:\Users\catt\Desktop\alldogsgotoheaven-e1276285992777.jpg
[2011/08/14 11:16:40 | 000,057,391 | ---- | C] () -- C:\Users\catt\Desktop\188605_207653599260644_100000480161460_831510_3253946_n.jpg
[2011/08/11 09:49:26 | 000,302,592 | ---- | C] () -- C:\f6hj8o6f.exe
[2011/08/10 17:20:29 | 213,555,143 | ---- | C] () -- C:\windows\MEMORY.DMP
[2011/08/10 17:16:08 | 000,256,000 | ---- | C] () -- C:\windows\PEV.exe
[2011/08/10 17:16:08 | 000,208,896 | ---- | C] () -- C:\windows\MBR.exe
[2011/08/10 17:16:08 | 000,098,816 | ---- | C] () -- C:\windows\sed.exe
[2011/08/10 17:16:08 | 000,080,412 | ---- | C] () -- C:\windows\grep.exe
[2011/08/10 17:16:08 | 000,068,096 | ---- | C] () -- C:\windows\zip.exe
[2011/08/10 17:03:00 | 000,023,624 | ---- | C] () -- C:\windows\System32\drivers\hitmanpro35.sys
[2011/08/03 16:42:27 | 000,001,216 | ---- | C] () -- C:\Users\catt\Desktop\Spybot - Search & Destroy.lnk
[2011/07/31 23:58:10 | 000,000,064 | ---- | C] () -- C:\windows\System32\rp_stats.dat
[2011/07/31 23:58:10 | 000,000,044 | ---- | C] () -- C:\windows\System32\rp_rules.dat
[2011/07/30 13:29:50 | 000,078,803 | ---- | C] () -- C:\Users\catt\Desktop\205204_531175998935_205400838_31257127_3861580_n.jpg
[2011/07/29 02:48:32 | 000,016,432 | ---- | C] () -- C:\windows\System32\lsdelete.exe
[2011/07/28 23:56:14 | 000,001,030 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk
[2011/07/27 20:45:17 | 000,000,000 | -H-- | C] () -- C:\windows\System32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2011/07/25 22:31:39 | 002,475,074 | ---- | C] () -- C:\Users\catt\Desktop\45 days 040 (2).jpg
[2011/07/25 22:31:18 | 003,125,865 | ---- | C] () -- C:\Users\catt\Desktop\45 days 030 (2).jpg
[2011/07/25 22:28:08 | 002,989,229 | ---- | C] () -- C:\Users\catt\Desktop\austin kittens 274 (2).jpg
[2011/07/25 22:27:05 | 000,036,954 | ---- | C] () -- C:\Users\catt\Desktop\247998_2079921275408_1166320178_32565373_3613350_n.jpg
[2011/07/25 22:26:45 | 000,028,389 | ---- | C] () -- C:\Users\catt\Desktop\252312_2088290444632_1166320178_32575899_2758903_n.jpg
[2011/07/25 22:26:31 | 000,052,831 | ---- | C] () -- C:\Users\catt\Desktop\250148_2096606812536_1166320178_32589449_6162324_n.jpg
[2010/11/03 21:53:06 | 000,136,489 | ---- | C] () -- C:\windows\hphins33.dat
[2010/11/03 21:53:06 | 000,000,512 | ---- | C] () -- C:\windows\hphmdl33.dat
[2010/04/29 07:20:41 | 000,201,728 | ---- | C] () -- C:\windows\SetDrive.exe
[2010/04/29 07:20:41 | 000,036,864 | ---- | C] () -- C:\windows\WinWait.exe
[2010/04/29 06:29:18 | 000,073,728 | ---- | C] () -- C:\windows\System32\RtNicProp32.dll
[2009/08/19 02:04:16 | 000,294,912 | ---- | C] () -- C:\windows\System32\ATIODE.exe
[2009/08/19 02:04:16 | 000,197,654 | ---- | C] () -- C:\windows\System32\atiicdxx.dat
[2009/08/19 02:04:16 | 000,045,056 | ---- | C] () -- C:\windows\System32\ATIODCLI.exe
[2009/07/26 20:24:14 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2009/07/13 23:57:37 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/13 23:33:53 | 000,424,888 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT
[2009/07/13 21:05:48 | 000,661,830 | ---- | C] () -- C:\windows\System32\perfh009.dat
[2009/07/13 21:05:48 | 000,291,294 | ---- | C] () -- C:\windows\System32\perfi009.dat
[2009/07/13 21:05:48 | 000,121,018 | ---- | C] () -- C:\windows\System32\perfc009.dat
[2009/07/13 21:05:48 | 000,031,548 | ---- | C] () -- C:\windows\System32\perfd009.dat
[2009/07/13 21:05:05 | 000,000,741 | ---- | C] () -- C:\windows\System32\NOISE.DAT
[2009/07/13 21:04:11 | 000,215,943 | ---- | C] () -- C:\windows\System32\dssec.dat
[2009/07/13 18:55:01 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat
[2009/06/05 19:18:08 | 000,011,720 | ---- | C] () -- C:\windows\System32\drivers\spio.sys

========== LOP Check ==========

[2011/08/17 10:24:25 | 000,000,000 | ---D | M] -- C:\Users\catt\AppData\Roaming\BitTorrent
[2011/06/27 01:56:16 | 000,000,000 | ---D | M] -- C:\Users\catt\AppData\Roaming\Catalina Marketing Corp
[2010/11/03 21:23:58 | 000,000,000 | ---D | M] -- C:\Users\catt\AppData\Roaming\WeatherBug
[2009/07/13 23:53:46 | 000,016,624 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

#24
maliprog
Posted 17 August 2011 - 10:55 PM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi catttreanor,

It's nice to hear that. Last OTL log is clean too. I'm glad we fix up your computer. We need to clean up your PC from programs we used.

Step 1

Please start OTL one more time and click CleanUp button. OTL will restart your system at the end. Remove all other application we used to clean your PC.

General recommendations

Here are some recommendations you should follow to minimize infection risk in the future:

1. Enable Windows Update
  • Click Start, click Run, type sysdm.cpl, and then press ENTER.
  • Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them option.
  • Click OK button

2. Delete Temp files

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

3. Make Backups of Important Files

Please read this article Home Computer Data Backup.


4. Regularly update your software

To eliminate design flaws and security vulnerabilities, all software needs to be updated to the latest version or the vendor’s patch installed.

You should download Update Checker from here. The program will automaticly check for newer version of software installed on your system.
  • 0

#25
maliprog
Posted 21 August 2011 - 04:27 AM

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP