Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Win 32.Cycbot.b, win32/fareit.gen!C, and other nasties


  • Please log in to reply

#1
ohthreealstare

ohthreealstare

    New Member

  • Member
  • Pip
  • 2 posts
Good evening ladies and gentlemen. First and foremost, thank you in advance for having a look at my problem.

A little background: This is my husband's laptop. Nothing special. Toshiba Satellite L455D-S5976 with Windows 7 Home Premium. Running Microsoft Security Essentials. My husband primarily uses this computer to access the internet, some pic management. Every now and then, a doc or two. Mostly for ebay - he's a seller. Sometimes, though, he gets bored and does some very hazardous browsing....and then....well, then he comes to me for help. Which is precisely what brings me here today.

This isn't my first time repairing this sort of problem. *sigh* Sorry guys, but sometimes you really DO need to listen to your wife; stop clicking around, find a safe site and stick with it, for cryin' out loud. *end soapbox rant*

Normally, I am pretty good at research and repair, but I'm simply at a loss right now.

One day last week (not sure of the exact date) he complained of BSOD shortly after startup. He said he ran a virus scan after the first BSOD and it came up clean, so he thought it was just a one-time thing. Unfortunately, it kept recurring after startup, essentially rendering the laptop useless. Couple days later, the laptop comes to me.

Since he said he ran the scan - and since he's supposed to be familiar with MSE and all of the nasty things on the web - AND since we've had problems with viruses before - I trusted this information. I immediately thought hardware or driver failure. This is, after all, a laptop purchased from Wal-Mart. I researched the stop error codes but had no luck pinpointing anything specific. Startup in normal mode just resulted in BSOD within 5 mins or so. Did a sfc, nothing. Startup in safe mode was fine, which led me to think driver or virus. I tried updating the virus definitions but discovered that the last scan was several weeks prior, not recently as I was led to believe. That meant that his virus scan wasn't one - I have no idea what he thought he 'scanned', but I immediately thought of the AVG antivirus virus. Startup in safe mode went fine, but I couldn't get the Security Essentials to connect for real-time protection. Quick scan had no results. Restarted in normal, ran an immediate scan which popped up the infected files. It found some adware - pornpop something - low risk which it allowed. It also had Win32.Cycbot.B, identifed as severe, which it also allowed even though it shouldn't have(baffling). I then battled BSOD again. I re-ran the scan in safe mode; this time, it was able to identify it, indicated it cleaned it, but still would not connect to the internet and still no luck on normal restart - more BSOD. So, I repeated the scan, it popped up the infection again. My research told me that this one was a pretty treacherous virus and that it dropped copies of itself in startup and MSE didn't always clean it completely. No wonder it kept recurring. And, it constantly reset my IE as a proxy server (which explained my connectivity issue). I kept resetting the proxy server so I could connect to the internet. Tried to dload Microsoft Antimalware but it kept locking up before it would complete and I even got the BSOD in safe mode. I dloaded Piriform CCleaner to help with removal; it indicated it removed it, but it didn't completely. I thought I had it, as a scan in safe mode came back clean, but as soon as I re-started in normal mode, it would recur. I was able to determine that AB6.ese, shell32.dll, and lvvm.exe were all part of the problem (in addition to several others). Researching these file names, I found my way to Malwarebytes Anti-malware. Dloaded, followed instructions to run. Low and behold, miracle upon miracles, it removed my trojan. Much relief. There were a total of 17 items found infected or something like that.

Startup in normal mode, no more BSOD. Yay! Re-ran the CCleaner, eliminated some temp files just in case. Now, I realize that IE isn't a great browser, but it's what my husband knows and likes. My intention was to dload google chrome or firefox and instruct him on one of those, but when I tried google, it would re-direct to http:/// (3rd forward slash is not a typo) and couldn't display the page. I thought maybe IE was damaged with the virus or ccleaner; so I dloaded IE 9. Same error. I remember seeing a nearly identical problem before with a fake anti-virus trojan on a computer at my workplace and recall using something with a hijackthis file to fix, but not only was that a while ago, that was a total cake walk compared to this process. Anyway, I could visit some sites, microsoft...yahoo...ebay...eventually got firefox...but anything google or any browser search with google won't function either on IE or with Firefox.

I ran a full scan with Malwarebytes (for 5 hours) and it found nothing. Same with MSE...everything came back good. Ran sfc, too - nothing. There is obviously some piece of code hanging out there somewhere still screwing up my browser functionality with Google applications. Normal mode is functioning well, no more BSOD, no problems with MSE and no word from Malwarebytes except for a link it didn't like and thus rejected. Just having a problem with the redirect; the research of which brought me here. I have dloaded and ran the OTL and the results are pasted below. I am suspicious of the IE files; anything with 'proxy server' and 'redirects' when I know it doesn't belong is a red flag....I just don't have a clue how to fix it. And, my brain hurts at this point. I sell houses for a living. This is pretty far out of my realm.

Again, thank you in advance for your consideration. Any and all input is incredibly appreciated. Thanks!

ohthreealstare
Sharon


OTL logfile created on: 2/13/2012 8:42:22 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Brian\Downloads
Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.75 Gb Total Physical Memory | 0.79 Gb Available Physical Memory | 45.16% Memory free
3.50 Gb Paging File | 2.38 Gb Available in Paging File | 67.93% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 223.33 Gb Total Space | 187.34 Gb Free Space | 83.89% Space Free | Partition Type: NTFS

Computer Name: LAPTOP | User Name: Brian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/02/13 20:40:57 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Brian\Downloads\OTL.exe
PRC - [2012/02/13 20:37:46 | 015,795,360 | ---- | M] (Mozilla) -- C:\Users\Brian\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PK8I0UT0\Firefox Setup 10.0.1.exe
PRC - [2012/02/08 15:13:49 | 000,622,480 | ---- | M] (Mozilla Corporation) -- C:\Users\Brian\AppData\Local\Temp\7zS5023.tmp\setup.exe
PRC - [2012/01/24 13:15:00 | 002,716,992 | ---- | M] (Piriform Ltd) -- C:\Program Files\CCleaner\CCleaner.exe
PRC - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/01/13 14:53:18 | 000,460,872 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/07/15 23:31:12 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/06/15 14:16:48 | 000,997,920 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2011/04/27 14:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
PRC - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2011/02/26 00:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/08/10 21:55:46 | 000,185,712 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe
PRC - [2009/08/05 16:18:50 | 000,464,224 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
PRC - [2009/07/30 01:54:38 | 000,348,160 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2009/07/30 01:54:10 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2009/07/28 22:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSwMgr.exe
PRC - [2009/07/28 17:43:04 | 000,128,344 | ---- | M] (TOSHIBA Corporation) -- C:\Windows\System32\TODDSrv.exe
PRC - [2009/07/13 20:14:42 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/07/13 20:14:37 | 000,035,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\sfc.exe
PRC - [2009/07/13 20:14:15 | 000,301,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\cmd.exe
PRC - [2009/07/13 17:24:00 | 000,304,496 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
PRC - [2009/03/10 20:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
PRC - [2009/02/02 21:07:18 | 000,240,544 | R--- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10b.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/13 20:40:04 | 000,015,360 | ---- | M] () -- C:\Users\Brian\AppData\Local\Temp\nst4136.tmp\InstallOptions.dll
MOD - [2012/02/13 20:39:56 | 000,018,432 | ---- | M] () -- C:\Users\Brian\AppData\Local\Temp\nst4136.tmp\UAC.dll
MOD - [2012/02/13 20:39:56 | 000,009,728 | ---- | M] () -- C:\Users\Brian\AppData\Local\Temp\nst4136.tmp\System.dll
MOD - [2012/02/13 20:38:17 | 000,018,432 | ---- | M] () -- C:\Users\Brian\AppData\Local\Temp\nsiBA5B.tmp\UAC.dll


========== Win32 Services (SafeList) ==========

SRV - [2012/01/13 14:53:18 | 000,652,360 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011/04/27 14:39:26 | 000,208,944 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe -- (NisSrv)
SRV - [2011/04/27 14:39:26 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/07/07 01:02:22 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009/08/17 12:48:42 | 000,051,512 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo)
SRV - [2009/08/10 21:55:46 | 000,185,712 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFIWmxSvcs.exe -- (cfWiMAXService)
SRV - [2009/08/05 16:18:50 | 000,464,224 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv)
SRV - [2009/08/03 20:16:32 | 000,111,960 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service)
SRV - [2009/07/30 01:54:10 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009/07/28 17:43:04 | 000,128,344 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\System32\TODDSrv.exe -- (TODDSrv)
SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/13 20:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/05/22 13:02:20 | 000,250,616 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA Games\TOSHIBA Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2009/03/10 20:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service)


========== Driver Services (SafeList) ==========

DRV - [2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/04/27 14:25:24 | 000,065,024 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/04/18 12:18:50 | 000,043,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\MpNWMon.sys -- (MpNWMon)
DRV - [2010/07/01 16:52:18 | 000,044,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dc3d.sys -- (dc3d)
DRV - [2009/08/13 10:18:22 | 000,372,736 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8187Se.sys -- (RTL8187Se)
DRV - [2009/07/30 19:45:56 | 000,022,912 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tdcmdpst.sys -- (tdcmdpst)
DRV - [2009/07/30 14:06:30 | 004,994,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009/07/14 17:28:42 | 000,023,512 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\TVALZ_O.SYS -- (TVALZ)
DRV - [2009/07/13 18:51:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/13 17:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009/07/02 16:55:36 | 000,036,208 | ---- | M] (COMPAL ELECTRONIC INC.) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\LPCFilter.sys -- (LPCFilter)
DRV - [2009/05/05 02:30:28 | 000,014,392 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=TSNA&bmod=TSNA
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=TSNA&bmod=TSNA

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=TSNA&bmod=TSNA
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:60990

========== FireFox ==========


FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/08/29 13:33:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/02/13 20:43:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/08/29 13:33:30 | 000,000,000 | ---D | M]

[2012/02/13 20:46:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Brian\AppData\Roaming\Mozilla\Extensions
[2012/02/13 20:43:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/02/08 15:13:49 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/02/08 12:12:58 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/08 12:12:58 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2012/02/13 13:06:33 | 000,000,761 | RHS- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5C11A71A-40C2-494D-9DEA-ED11AE533FDF}: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9A2C832A-3E88-42DB-8D70-FFA7F014AFC6}: DhcpNameServer = 100.100.0.101
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) -C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2012/02/13 20:44:59 | 000,000,000 | ---D | C] -- C:\Users\Brian\AppData\Roaming\Mozilla
[2012/02/13 20:44:59 | 000,000,000 | ---D | C] -- C:\Users\Brian\AppData\Local\Mozilla
[2012/02/13 20:43:06 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/02/13 15:00:19 | 000,000,000 | ---D | C] -- C:\Users\Brian\Desktop\Unused Desktop Icons
[2012/02/13 13:45:18 | 000,000,000 | ---D | C] -- C:\Users\Brian\AppData\Roaming\Malwarebytes
[2012/02/13 13:45:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/02/13 13:45:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/02/13 13:45:09 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2012/02/13 13:45:09 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/02/12 22:34:21 | 000,000,000 | ---D | C] -- C:\bb51f7aee2755c9129191644
[2012/02/12 19:46:03 | 000,000,000 | ---D | C] -- C:\Users\Brian\AppData\Roaming\E36FD
[2012/02/12 19:45:28 | 000,000,000 | ---D | C] -- C:\Users\Brian\AppData\Roaming\BAAE3
[2012/02/12 19:21:37 | 000,000,000 | ---D | C] -- C:\Program Files\E36FD
[2012/02/12 19:20:21 | 000,000,000 | ---D | C] -- C:\Program Files\LP
[2012/02/12 19:19:29 | 000,000,000 | ---D | C] -- C:\windows\Sun
[2012/02/09 21:07:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012/02/09 21:07:15 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012/02/08 23:03:31 | 000,000,000 | ---D | C] -- C:\windows\Minidump
[2012/02/04 15:46:31 | 000,000,000 | ---D | C] -- C:\Users\Brian\AppData\Local\{A617E081-76C1-492C-8AA0-8CCC45BCAF11}
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/02/13 20:44:12 | 000,001,099 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/02/13 19:49:58 | 000,001,836 | ---- | M] () -- C:\Users\Brian\Desktop\cc_20120213_194902 registry changes 2-13-2012 749pm.reg
[2012/02/13 19:16:22 | 000,016,304 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/02/13 19:16:22 | 000,016,304 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/02/13 19:14:44 | 000,626,278 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2012/02/13 19:14:44 | 000,107,522 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2012/02/13 19:09:50 | 000,001,418 | ---- | M] () -- C:\Users\Brian\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2012/02/13 19:08:21 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/02/13 19:08:12 | 1408,032,768 | -HS- | M] () -- C:\hiberfil.sys
[2012/02/13 16:03:59 | 000,072,822 | ---- | M] () -- C:\windows\System32\ieuinit.inf
[2012/02/13 13:06:33 | 000,000,761 | RHS- | M] () -- C:\windows\System32\drivers\etc\hosts
[2012/02/12 21:58:44 | 000,001,400 | ---- | M] () -- C:\Users\Brian\Desktop\Internet Explorer.lnk
[2012/02/12 11:12:59 | 000,000,000 | ---- | M] () -- C:\Users\Brian\AppData\Local\{AB0AC7EC-F797-4564-894D-F9F61D7B1BEA}
[2012/02/09 20:36:43 | 000,003,552 | ---- | M] () -- C:\bootsqm.dat
[2012/02/09 19:07:10 | 000,000,000 | ---- | M] () -- C:\Users\Brian\AppData\Local\{77B4AF0E-6A39-4FF7-B230-73FB3E71D34D}
[2012/02/09 18:47:56 | 000,000,017 | ---- | M] () -- C:\Users\Brian\AppData\Local\resmon.resmoncfg
[1 C:\windows\*.tmp files -> C:\windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/02/13 20:44:12 | 000,001,099 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/02/13 20:44:10 | 000,001,111 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/02/13 19:49:37 | 000,001,836 | ---- | C] () -- C:\Users\Brian\Desktop\cc_20120213_194902 registry changes 2-13-2012 749pm.reg
[2012/02/13 16:03:59 | 000,072,822 | ---- | C] () -- C:\windows\System32\ieuinit.inf
[2012/02/12 21:58:44 | 000,001,400 | ---- | C] () -- C:\Users\Brian\Desktop\Internet Explorer.lnk
[2012/02/12 11:12:59 | 000,000,000 | ---- | C] () -- C:\Users\Brian\AppData\Local\{AB0AC7EC-F797-4564-894D-F9F61D7B1BEA}
[2012/02/09 20:36:43 | 000,003,552 | ---- | C] () -- C:\bootsqm.dat
[2012/02/09 19:07:10 | 000,000,000 | ---- | C] () -- C:\Users\Brian\AppData\Local\{77B4AF0E-6A39-4FF7-B230-73FB3E71D34D}
[2012/02/09 18:47:56 | 000,000,017 | ---- | C] () -- C:\Users\Brian\AppData\Local\resmon.resmoncfg
[2011/11/21 23:12:59 | 000,000,532 | ---- | C] () -- C:\windows\hpomdl46.dat.temp
[2010/12/05 16:57:16 | 000,002,168 | ---- | C] () -- C:\Users\Brian\AppData\Roaming\wklnhst.dat
[2010/08/29 13:17:56 | 000,206,122 | ---- | C] () -- C:\windows\hpoins46.dat
[2010/07/05 10:08:25 | 000,000,013 | RHS- | C] () -- C:\windows\System32\drivers\fbd.sys
[2010/05/04 23:31:25 | 000,000,000 | ---- | C] () -- C:\windows\NDSTray.INI
[2010/05/04 23:12:39 | 000,045,056 | ---- | C] () -- C:\windows\System32\HWS_Ctrl.dll
[2010/05/04 23:07:21 | 000,073,728 | ---- | C] () -- C:\windows\System32\RtNicProp32.dll
[2010/05/04 23:06:04 | 000,000,520 | ---- | C] () -- C:\windows\System32\drivers\RTEQEX1.dat
[2010/05/04 23:06:04 | 000,000,520 | ---- | C] () -- C:\windows\System32\drivers\RTEQEX0.dat
[2010/05/04 23:01:40 | 000,197,654 | ---- | C] () -- C:\windows\System32\atiicdxx.dat
[2010/05/04 22:36:03 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin
[2010/01/29 16:21:20 | 000,000,532 | ---- | C] () -- C:\windows\hpomdl46.dat
[2009/07/13 23:57:37 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009/07/13 21:05:48 | 000,626,278 | ---- | C] () -- C:\windows\System32\perfh009.dat
[2009/07/13 21:05:48 | 000,291,294 | ---- | C] () -- C:\windows\System32\perfi009.dat
[2009/07/13 21:05:48 | 000,107,522 | ---- | C] () -- C:\windows\System32\perfc009.dat
[2009/07/13 21:05:48 | 000,031,548 | ---- | C] () -- C:\windows\System32\perfd009.dat
[2009/07/13 21:05:05 | 000,000,741 | ---- | C] () -- C:\windows\System32\NOISE.DAT
[2009/07/13 21:04:11 | 000,215,943 | ---- | C] () -- C:\windows\System32\dssec.dat
[2009/07/13 18:55:01 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat
[2009/04/28 06:37:00 | 000,028,672 | ---- | C] () -- C:\windows\System32\SPCtl.dll

========== LOP Check ==========

[2012/02/13 13:53:13 | 000,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\BAAE3
[2012/02/13 13:52:01 | 000,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\E36FD
[2010/12/05 16:57:18 | 000,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\Template
[2010/07/05 10:07:51 | 000,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\WinBatch
[2012/02/04 15:47:36 | 000,000,000 | ---D | M] -- C:\Users\Brian\AppData\Roaming\Windows Live Writer
[2011/12/06 22:36:15 | 000,032,622 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



< End of report >
  • 0

Advertisements


#2
ohthreealstare

ohthreealstare

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts
I followed the instructions from Rorschach112 to fix the google redirect; it worked like a charm and so far all is good with no more BSOD and virus-free. Also read the article on malware and safe computing; awesome information and I am installing KeyScrambler as an added precaution for the future. Lastly, browsing is going to be strictly with Firefox or, my fave, Chrome. Thanks to anyone who may have reviewed my issue. This thread can be closed. :thumbsup:
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP