Inactive-A Win 7 Redirect Trojan

Romdon · 2011/12/14

[Inactive-A] Win 7 Redirect Trojan

Hello, long time browser 1st time poster. I seem to have a redirect problem. After running RKill along with Malwarebytes it finds 6-7 infected items, after the quarantine / removal step and a restart they still pop up in new scans with Malwarebytes. Any insight into this issue would be greatly appreciated, a huge thank you in advance.

Thanks,
Rom

Below I will post the requested logs from the "READ THIS" section.

Romdon · 2011/12/14

Malwarebytes Log:

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8365

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

12/14/2011 7:04:39 AM
mbam-log-2011-12-14 (07-04-39).txt

Scan type: Quick scan
Objects scanned: 255389
Time elapsed: 9 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{96AFBE69-C3B0-4b00-8578-D933D2896EE2} (TrojanProxy.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\sp (TrojanProxy.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SPService (TrojanProxy.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\jchapman\AppData\Local\Temp\rpeujxzarb (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\jchapman\AppData\Local\Temp\way.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\Users\jchapman\AppData\Local\Temp\760.5771.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Romdon · 2011/12/14

GMER Log:

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-12-14 07:31:59
Windows 6.1.7600 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 SAMSUNG_HD321HJ rev.1AC01116
Running: syrccc05.exe; Driver: C:\Users\jchapman\AppData\Local\Temp\ugloypod.sys

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!ZwSaveKeyEx + 13AD 82C4F539 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82C74092 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\system32\svchost.exe[952] ntdll.dll!NtProtectVirtualMemory 770B51C0 5 Bytes JMP 002D000A
.text C:\Windows\system32\svchost.exe[952] ntdll.dll!NtWriteVirtualMemory 770B5D40 5 Bytes JMP 002E000A
.text C:\Windows\system32\svchost.exe[952] ntdll.dll!KiUserExceptionDispatcher 770B6298 5 Bytes JMP 0013000A
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[1920] ntdll.dll!NtProtectVirtualMemory 770B51C0 5 Bytes JMP 007A000A
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[1920] ntdll.dll!NtWriteVirtualMemory 770B5D40 5 Bytes JMP 007F000A
.text c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe[1920] ntdll.dll!KiUserExceptionDispatcher 770B6298 5 Bytes JMP 0063000A
.text C:\Windows\System32\ping.exe[2208] ntdll.dll!NtCreateProcess 770B4940 5 Bytes JMP 0029000A
.text C:\Windows\System32\ping.exe[2208] ntdll.dll!NtCreateProcessEx 770B4950 5 Bytes JMP 002A000A
.text C:\Windows\System32\ping.exe[2208] ntdll.dll!NtCreateUserProcess 770B4A20 5 Bytes JMP 0059000A
.text C:\Windows\System32\ping.exe[2208] ntdll.dll!NtProtectVirtualMemory 770B51C0 5 Bytes JMP 0014000A
.text C:\Windows\System32\ping.exe[2208] ntdll.dll!NtWriteVirtualMemory 770B5D40 5 Bytes JMP 0024000A
.text C:\Windows\System32\ping.exe[2208] ntdll.dll!KiUserExceptionDispatcher 770B6298 5 Bytes JMP 0013000A
.text C:\Windows\System32\ping.exe[2208] USER32.dll!GetCursorPos 758DC198 5 Bytes JMP 005C000A
.text C:\Windows\System32\ping.exe[2208] USER32.dll!GetForegroundWindow 758E565D 5 Bytes JMP 005E000A
.text C:\Windows\System32\ping.exe[2208] USER32.dll!WindowFromPoint 75906D0C 5 Bytes JMP 005D000A
.text C:\Windows\System32\ping.exe[2208] ole32.dll!CoCreateInstance 756C590C 5 Bytes JMP 005B000A
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5104] ntdll.dll!NtCreateFile + 6 770B4876 4 Bytes [28, 00, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5104] ntdll.dll!NtCreateFile + B 770B487B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5104] ntdll.dll!NtMapViewOfSection + 6 770B4ED6 1 Byte [28]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5104] ntdll.dll!NtMapViewOfSection + 6 770B4ED6 4 Bytes [28, 03, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5104] ntdll.dll!NtMapViewOfSection + B 770B4EDB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5104] ntdll.dll!NtOpenFile + 6 770B4F86 4 Bytes [68, 00, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5104] ntdll.dll!NtOpenFile + B 770B4F8B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5104] ntdll.dll!NtOpenProcess + 6 770B5036 4 Bytes [A8, 01, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5104] ntdll.dll!NtOpenProcess + B 770B503B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5104] ntdll.dll!NtOpenProcessToken + B 770B504B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5104] ntdll.dll!NtOpenProcessTokenEx + 6 770B5056 4 Bytes [A8, 02, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5104] ntdll.dll!NtOpenProcessTokenEx + B 770B505B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5104] ntdll.dll!NtOpenThread + 6 770B50B6 4 Bytes [68, 01, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5104] ntdll.dll!NtOpenThread + B 770B50BB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5104] ntdll.dll!NtOpenThreadToken + 6 770B50C6 4 Bytes [68, 02, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5104] ntdll.dll!NtOpenThreadToken + B 770B50CB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5104] ntdll.dll!NtOpenThreadTokenEx + B 770B50DB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5104] ntdll.dll!NtQueryAttributesFile + 6 770B51E6 4 Bytes [A8, 00, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5104] ntdll.dll!NtQueryAttributesFile + B 770B51EB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5104] ntdll.dll!NtQueryFullAttributesFile + B 770B529B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5104] ntdll.dll!NtSetInformationFile + 6 770B58E6 4 Bytes [28, 01, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5104] ntdll.dll!NtSetInformationFile + B 770B58EB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5104] ntdll.dll!NtSetInformationThread + 6 770B5946 4 Bytes [28, 02, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5104] ntdll.dll!NtSetInformationThread + B 770B594B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5104] ntdll.dll!NtUnmapViewOfSection + 6 770B5C66 1 Byte [68]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5104] ntdll.dll!NtUnmapViewOfSection + 6 770B5C66 4 Bytes [68, 03, 17, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5104] ntdll.dll!NtUnmapViewOfSection + B 770B5C6B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5520] ntdll.dll!NtCreateFile + 6 770B4876 4 Bytes [28, 00, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5520] ntdll.dll!NtCreateFile + B 770B487B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5520] ntdll.dll!NtMapViewOfSection + 6 770B4ED6 1 Byte [28]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5520] ntdll.dll!NtMapViewOfSection + 6 770B4ED6 4 Bytes [28, 03, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5520] ntdll.dll!NtMapViewOfSection + B 770B4EDB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5520] ntdll.dll!NtOpenFile + 6 770B4F86 4 Bytes [68, 00, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5520] ntdll.dll!NtOpenFile + B 770B4F8B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5520] ntdll.dll!NtOpenProcess + 6 770B5036 4 Bytes [A8, 01, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5520] ntdll.dll!NtOpenProcess + B 770B503B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5520] ntdll.dll!NtOpenProcessToken + B 770B504B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5520] ntdll.dll!NtOpenProcessTokenEx + 6 770B5056 4 Bytes [A8, 02, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5520] ntdll.dll!NtOpenProcessTokenEx + B 770B505B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5520] ntdll.dll!NtOpenThread + 6 770B50B6 4 Bytes [68, 01, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5520] ntdll.dll!NtOpenThread + B 770B50BB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5520] ntdll.dll!NtOpenThreadToken + 6 770B50C6 4 Bytes [68, 02, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5520] ntdll.dll!NtOpenThreadToken + B 770B50CB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5520] ntdll.dll!NtOpenThreadTokenEx + B 770B50DB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5520] ntdll.dll!NtQueryAttributesFile + 6 770B51E6 4 Bytes [A8, 00, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5520] ntdll.dll!NtQueryAttributesFile + B 770B51EB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5520] ntdll.dll!NtQueryFullAttributesFile + B 770B529B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5520] ntdll.dll!NtSetInformationFile + 6 770B58E6 4 Bytes [28, 01, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5520] ntdll.dll!NtSetInformationFile + B 770B58EB 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5520] ntdll.dll!NtSetInformationThread + 6 770B5946 4 Bytes [28, 02, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5520] ntdll.dll!NtSetInformationThread + B 770B594B 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5520] ntdll.dll!NtUnmapViewOfSection + 6 770B5C66 1 Byte [68]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5520] ntdll.dll!NtUnmapViewOfSection + 6 770B5C66 4 Bytes [68, 03, 07, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[5520] ntdll.dll!NtUnmapViewOfSection + B 770B5C6B 1 Byte [E2]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\System32\rundll32.exe[2888] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75115E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[2888] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75115E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[2888] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75115E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Windows\System32\rundll32.exe[2888] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75115E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe[3344] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75115E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe[3344] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75115E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe[3344] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75115E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe[3344] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75115E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT c:\Program Files\Lenovo\System Update\SUService.exe[3776] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [75115E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT c:\Program Files\Lenovo\System Update\SUService.exe[3776] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [75115E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT c:\Program Files\Lenovo\System Update\SUService.exe[3776] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [75115E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT c:\Program Files\Lenovo\System Update\SUService.exe[3776] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [75115E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT c:\Program Files\Lenovo\System Update\SUService.exe[3776] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [75115E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)
IAT c:\Program Files\Lenovo\System Update\SUService.exe[3776] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [75115E25] C:\Windows\system32\apphelp.dll (Application Compatibility Client Library/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \Driver\ACPI_HAL \Device\00000046 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

---- Modules - GMER 1.0.15 ----

Module (noname) (*** hidden *** ) 8FF5D000-8FF73000 (90112 bytes)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\001f3ad3f68b
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\001f3ad3f68b (not active ControlSet)

---- Files - GMER 1.0.15 ----

File C:\Windows\$NtUninstallKB25387$\2435314188 0 bytes
File C:\Windows\$NtUninstallKB25387$\2435314188\@ 2048 bytes
File C:\Windows\$NtUninstallKB25387$\2435314188\bckfg.tmp 850 bytes
File C:\Windows\$NtUninstallKB25387$\2435314188\cfg.ini 206 bytes
File C:\Windows\$NtUninstallKB25387$\2435314188\Desktop.ini 4608 bytes
File C:\Windows\$NtUninstallKB25387$\2435314188\keywords 150 bytes
File C:\Windows\$NtUninstallKB25387$\2435314188\kwrd.dll 223744 bytes
File C:\Windows\$NtUninstallKB25387$\2435314188\L 0 bytes
File C:\Windows\$NtUninstallKB25387$\2435314188\L\xadqgnnk 83456 bytes
File C:\Windows\$NtUninstallKB25387$\2435314188\lsflt7.ver 5176 bytes
File C:\Windows\$NtUninstallKB25387$\2435314188\U 0 bytes
File C:\Windows\$NtUninstallKB25387$\2435314188\U\00000001.@ 2048 bytes
File C:\Windows\$NtUninstallKB25387$\2435314188\U\00000002.@ 224768 bytes
File C:\Windows\$NtUninstallKB25387$\2435314188\U\00000004.@ 1024 bytes
File C:\Windows\$NtUninstallKB25387$\2435314188\U\80000000.@ 1024 bytes
File C:\Windows\$NtUninstallKB25387$\2435314188\U\80000004.@ 12800 bytes
File C:\Windows\$NtUninstallKB25387$\2435314188\U\80000032.@ 98304 bytes
File C:\Windows\$NtUninstallKB25387$\3578191071 0 bytes

---- EOF - GMER 1.0.15 ----

Romdon · 2011/12/14

ASWMBR:

aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-12-14 07:35:54
-----------------------------
07:35:54.049 OS Version: Windows 6.1.7600
07:35:54.049 Number of processors: 2 586 0x170A
07:35:54.065 ComputerName: MERCH-01 UserName: jchapman
07:35:55.562 Initialize success
07:37:51.232 AVAST engine defs: 11121401
07:39:23.799 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
07:39:23.801 Disk 0 Vendor: SAMSUNG_HD321HJ 1AC01116 Size: 305245MB BusType: 3
07:39:26.033 Disk 0 MBR read successfully
07:39:26.038 Disk 0 MBR scan
07:39:26.054 Disk 0 unknown MBR code
07:39:26.133 Disk 0 scanning sectors +625139712
07:39:26.501 Disk 0 scanning C:\Windows\system32\drivers
07:41:02.791 File: C:\Windows\system32\drivers\serial.sys **INFECTED** Win32:Alureon-AOT [Rtk]
07:41:38.679 Service scanning
07:41:42.002 Modules scanning
07:42:47.213 Module: C:\Windows\system32\DRIVERS\serial.sys **SUSPICIOUS**
07:44:18.751 Disk 0 trace - called modules:
07:44:18.845 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x85f1ff10]<<
07:44:19.344 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85a4d498]
07:44:19.344 3 CLASSPNP.SYS[88f9b59e] -> nt!IofCallDriver -> [0x85e56250]
07:44:19.344 \Driver\00001397[0x85e681b0] -> IRP_MJ_CREATE -> 0x85f1ff10
07:44:22.495 AVAST engine scan C:\Windows
07:47:09.138 AVAST engine scan C:\Windows\system32
08:02:08.103 AVAST engine scan C:\Windows\system32\drivers
08:02:16.012 File: C:\Windows\system32\drivers\serial.sys **INFECTED** Win32:Alureon-AOT [Rtk]
08:02:19.569 AVAST engine scan C:\Users\jchapman
08:06:37.652 File: C:\Users\jchapman\AppData\Local\Temp\Low\fzpzwrad.exe **INFECTED** Win32:Malware-gen
08:06:37.777 File: C:\Users\jchapman\AppData\Local\Temp\Low\wpbt0.dll **INFECTED** Win32:Rootkit-gen [Rtk]
08:15:02.498 AVAST engine scan C:\ProgramData
08:21:08.526 Scan finished successfully
08:37:18.659 Disk 0 MBR has been saved successfully to "C:\Users\jchapman\Desktop\IT\MBR.dat "
08:37:18.659 The log file has been saved successfully to "C:\Users\jchapman\Desktop\IT\aswMBR.txt "

Romdon · 2011/12/14

DDS:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_29
Run by jchapman at 8:40:23 on 2011-12-14
Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.2047.713 [GMT -5:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
C:\Windows\System32\svchost.exe -k Akamai
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe
C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Citrix\GoToMyPC\g2svc.exe
C:\Program Files\Citrix\GoToMyPC\g2comm.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\Program Files\ThinkPad\Utilities\PWMDBSVC.EXE
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Citrix\GoToMyPC\g2pre.exe
C:\Program Files\Citrix\GoToMyPC\g2tray.exe
C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGService.exe
C:\Program Files\DDNI\DIBS\DDNIService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\Program Files\Lenovo\System Update\SUService.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe
C:\Program Files\DDNI\Lenovo Idea Notes\DDNIMSGUser.exe
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Lenovo\Mouse Suite\FSRremoS.EXE
C:\Program Files\ThinkPad\Utilities\SCHTASK.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\vssvc.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\ping.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uDefault_Page_URL = hxxp://lenovo.msn.com
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: pdfforge Toolbar: {b922d405-6d13-4a2b-ae89-08a030da4402} - c:\program files\pdfforge toolbar\ie\4.7\pdfforgeToolbarIE.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: pdfforge Toolbar: {b922d405-6d13-4a2b-ae89-08a030da4402} - c:\program files\pdfforge toolbar\ie\4.7\pdfforgeToolbarIE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: {9D425283-D487-4337-BAB6-AB8354A81457} - No File
TB: pdfforge Toolbar: {b922d405-6d13-4a2b-ae89-08a030da4402} - c:\program files\pdfforge toolbar\ie\4.7\pdfforgeToolbarIE.dll
EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Aim] "c:\program files\aim\aim.exe" /d locale=en-US
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [Akamai NetSession Interface] c:\users\jchapman\appdata\local\akamai\netsession_win.exe
mRun: [LenovoFSC] c:\program files\lenovo\fanspeedcontrol\LenovoFSC.exe
mRun: [Mouse Suite 98 Daemon] c:\program files\lenovo\mouse suite\ICO.EXE
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [PWMTRV] rundll32 c:\progra~1\thinkpad\utilit~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
mRun: [Power Manager Power Agenda] c:\progra~1\thinkpad\utilit~1\DPMHost.exe
mRun: [Message Center Plus] c:\program files\lenovo\message center plus\MCPLaunch.exe /start
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\10.0\sharedcom\RoxWatchTray10.exe "
mRun: [IdeaNotesUser] c:\program files\ddni\lenovo idea notes\DDNIMSGUser.exe
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe "
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe "
mRun: [TaskTray]
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [<NO NAME>]
mRun: [SearchSettings] "c:\program files\common files\spigot\search settings\SearchSettings.exe "
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe "
mRun: [Carbonite Backup] c:\program files\carbonite\carbonite backup\CarboniteUI.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe "
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\users\jchapman\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\jchapman\appdata\roaming\dropbox\bin\Dropbox.exe
StartupFolder: c:\users\jchapman\appdata\roaming\micros~1\windows\startm~1\programs\startup\phonem~1.lnk - c:\program files\avaya\ip office\phone manager\PhoneManager.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
LSP: mswsock.dll
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 192.168.230.1
TCP: Interfaces\{4B4AEC42-F317-4905-ADBD-CD217C70CAB6} : DhcpNameServer = 192.168.230.1
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Notify: igfxcui - igfxdev.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\jchapman\appdata\roaming\mozilla\firefox\profiles\ubsiuh8o.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=302398&p=
FF - component: c:\program files\common files\spigot\wtxpcom\components\WidgiToolbarFF.dll
FF - component: c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\jchapman\appdata\roaming\mozilla\plugins\npatgpc.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false);user_pref(yahoo.homepage.dontask, true);user_pref(network.protocol-handler.warn-external.dnupdate, false
============= SERVICES / DRIVERS ===============
.
R2 AdobeActiveFileMonitor;Adobe Active File Monitor;c:\program files\adobe\photoshop elements 3.0\PhotoshopElementsFileAgent.exe [2004-10-4 98304]
R2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files\adobe\elements 9 organizer\PhotoshopElementsFileAgent.exe [2010-9-30 169408]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2009-7-13 20992]
R2 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2011-9-27 745880]
R2 DDNIMSGService;DDNIMSGService;c:\program files\ddni\lenovo idea notes\DDNIMSGService.exe [2010-7-20 171872]
R2 DDNIService;DDNIService;c:\program files\ddni\dibs\DDNIService.exe [2010-7-23 163680]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-4-1 366152]
R2 PhotoshopElementsDeviceConnect;Photoshop Elements Device Connect;c:\program files\adobe\photoshop elements 3.0\PhotoshopElementsDeviceConnect.exe [2004-10-4 118784]
R2 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2010-2-18 72256]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2009-9-27 240232]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-4-1 22216]
R3 SuperIO;Lenovo ASD HWM Driver;c:\windows\system32\drivers\spio.sys [2009-6-5 11720]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2010-2-18 314368]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1cb081443a2bcf3;Google Update Service (gupdate1cb081443a2bcf3);c:\program files\google\update\GoogleUpdate.exe [2010-6-9 133104]
S2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files\roxio\digital home 10\RoxioUpnpService10.exe [2009-8-5 362992]
S2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxLiveShare10.exe [2009-8-5 309744]
S2 RoxWatch10;Roxio Hard Drive Watcher 10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxWatch10.exe [2009-8-5 166384]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-3-10 1153368]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-6-9 133104]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files\roxio\digital home 10\RoxioUPnPRenderer10.exe [2009-8-5 313840]
S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2009-8-5 1124848]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-4-22 1343400]
SUnknown SPService;SPService; [x]
.
=============== Created Last 30 ================
.
2011-12-14 12:08:51 54016 ----a-w- c:\windows\system32\drivers\skil.sys
2011-12-09 18:38:24 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll
2011-12-09 18:38:24 478168 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll
2011-12-09 18:38:24 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll
2011-12-09 18:38:24 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll
2011-12-09 18:38:24 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll
2011-12-09 18:38:24 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2011-12-09 18:38:23 801752 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll
2011-12-09 18:38:23 1989592 ----a-w- c:\program files\mozilla firefox\mozjs.dll
2011-12-09 15:03:00 6823496 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{94f43bc3-8e15-4d1b-bff7-1a5c3bf44353}\mpengine.dll
2011-12-05 15:08:14 -------- d-----w- c:\program files\iPod
2011-12-05 15:08:12 -------- d-----w- c:\program files\iTunes
2011-11-14 18:50:59 -------- d-----w- c:\programdata\Carbonite
2011-11-14 18:50:59 -------- d-----w- c:\program files\Carbonite
.
==================== Find3M ====================
.
2011-10-24 19:29:02 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-10-24 19:29:02 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-10-03 10:06:03 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-10-01 02:59:14 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-09-29 15:43:37 1285488 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-09-29 04:20:25 2339840 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 8:41:26.92 ===============

DDS(2):
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 3/4/2010 7:47:35 PM
System Uptime: 12/14/2011 6:18:54 AM (2 hours ago)
.
Motherboard: LENOVO | | To be filled by O.E.M.
Processor: Pentium(R) Dual-Core CPU E5300 @ 2.60GHz | CPU 1 | 1197/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 287 GiB total, 201.303 GiB free.
E: is CDROM ()
Q: is FIXED (NTFS) - 10 GiB total, 3.862 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP251: 11/25/2011 8:08:56 AM - Windows Update
RP252: 11/29/2011 4:54:15 AM - Windows Update
RP253: 12/2/2011 4:54:43 AM - Windows Update
RP254: 12/6/2011 3:23:56 AM - Windows Update
RP255: 12/8/2011 5:41:35 AM - Windows Update
RP256: 12/9/2011 10:02:35 AM - Windows Update
RP257: 12/9/2011 5:02:12 PM - Installed Java(TM) 6 Update 29
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
2007 Microsoft Office system
Access Help
Adobe Acrobat 8 Standard
Adobe Acrobat 8.1.3 Standard
Adobe AIR
Adobe Community Help
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop Elements 3.0
Adobe Photoshop Elements 9
Adobe Photoshop.com Inspiration Browser
Adobe Reader 9.1
AIM 7
Akamai NetSession Interface
Akamai NetSession Interface Service
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Belarc Advisor 8.1
Bonjour
Business Contact Manager for Outlook 2007 SP2
Carbonite
CoffeeCup HTML Editor
Create Recovery Media
DHTML Editing Component
DIBS
DirectX 9 Runtime
DoubleCAD XT Pro 3
Download Updater (AOL LLC)
Driver Performer
Dropbox
Elements 9 Organizer
Elements STI Installer
FanSpeedControl
FileZilla Client 3.5.2
Google Chrome
Google Update Helper
GoToMyPC
Intel(R) Graphics Media Accelerator Driver
Intel(R) TV Wizard
iTunes
Java Auto Updater
Java(TM) 6 Update 29
Junk Mail filter update
jZip
Lenovo Central
Lenovo Idea Notes
Lenovo ThinkVantage Toolbox
Lenovo Welcome
Malwarebytes' Anti-Malware version 1.51.2.1300
Marvell Miniport Driver
Message Center Plus
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Live Meeting 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Hybrid 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Search Enhancement Pack
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_CRT_x86
Mouse Suite
Mozilla Firefox 8.0.1 (x86 en-US)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NVIDIA Drivers
NVIDIA Stereoscopic 3D Driver
PDFCreator
pdfforge Toolbar v4.7
PhoneManager
QuickTime
Realtek High Definition Audio Driver
Rescue and Recovery
Roxio Activation Module
Roxio Central Audio
Roxio Central Copy
Roxio Central Core
Roxio Central Data
Roxio Central Tools
Roxio Creator Small Business Edition
Roxio Express Labeler 3
RTC Client API v1.2
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2288931)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB2553074)
Security Update for 2007 Microsoft Office System (KB2553089)
Security Update for 2007 Microsoft Office System (KB2553090)
Security Update for 2007 Microsoft Office System (KB2584063)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2553073)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)
Security Update for Microsoft Office Publisher 2007 (KB2284697)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Skype Click to Call
Skype™ 5.5
Sonic CinePlayer Decoder Pack
Sonic Icons for Lenovo
Spybot - Search & Destroy
System Update
ThinkVantage Power Manager
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 System (KB2539530)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 (KB2583910)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (KB2596560)
WebEx
Windows Driver Package - Intel Corporation (igfx) Display (07/28/2009 8.15.10.1855)
Windows Driver Package - Marvell (yukonw7) Net (05/20/2009 11.10.5.3)
Windows Driver Package - Realtek Semiconductor Corp. HD Audio Driver (08/05/2009 6.0.1.5911)
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
.
==== Event Viewer Messages From Past Week ========
.
12/9/2011 4:19:05 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments " " in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
12/9/2011 4:19:05 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments " " in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
12/9/2011 4:19:04 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
12/9/2011 4:19:00 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service CarboniteService with arguments " " in order to run the server: {36471C67-6A93-4434-92CC-4C614CD06666}
12/9/2011 4:18:58 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments " " in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
12/9/2011 4:18:47 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache spldr Wanarpv6
12/9/2011 4:18:46 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
12/9/2011 3:35:05 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
12/9/2011 3:35:03 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments " " in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
12/9/2011 3:35:03 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments " " in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
12/9/2011 3:34:48 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD CSC DfsC discache NetBIOS NetBT nsiproxy Psched rdbss spldr tdx Wanarpv6 WfpLwf
12/9/2011 3:34:48 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
12/9/2011 3:34:48 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
12/9/2011 3:34:48 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
12/9/2011 3:34:48 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
12/9/2011 3:34:48 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
12/9/2011 3:34:48 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
12/9/2011 3:34:48 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
12/9/2011 3:34:48 PM, Error: Service Control Manager [7001] - The Netlogon service depends on the Workstation service which failed to start because of the following error: The dependency service or group failed to start.
12/9/2011 3:34:48 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
12/9/2011 3:34:48 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
12/14/2011 8:13:47 AM, Error: Microsoft-Windows-DNS-Client [1012] - There was an error while attempting to read the local hosts file.
12/14/2011 7:12:58 AM, Error: Ntfs [55] - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume Windows7_OS.
12/14/2011 6:19:35 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SPService service to connect.
12/14/2011 6:19:35 AM, Error: Service Control Manager [7003] - The SBSD Security Center Service service depends the following service: wscsvc. This service might not be installed.
12/14/2011 6:19:35 AM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
12/14/2011 6:19:35 AM, Error: Service Control Manager [7000] - The SPService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/14/2011 6:19:34 AM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
12/14/2011 6:19:34 AM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
12/14/2011 6:19:32 AM, Error: Microsoft-Windows-GroupPolicy [1055] - The processing of Group Policy failed. Windows could not resolve the computer name. This could be caused by one of more of the following: a) Name Resolution failure on the current domain controller. b) Active Directory Replication Latency (an account created on another domain controller has not replicated to the current domain controller).
12/14/2011 6:19:30 AM, Error: NETLOGON [5719] - This computer was not able to set up a secure session with a domain controller in domain LUXE due to the following: There are currently no logon servers available to service the logon request. This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. ADDITIONAL INFO If this computer is a domain controller for the specified domain, it sets up the secure session to the primary domain controller emulator in the specified domain. Otherwise, this computer sets up the secure session to any domain controller in the specified domain.
12/14/2011 6:19:27 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0xbe84f008, 0x00000002, 0x00000000, 0x82e963e4). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 121411-30888-01.
12/13/2011 8:04:19 PM, Error: Schannel [36888] - The following fatal alert was generated: 40. The internal error state is 107.
12/13/2011 8:04:19 PM, Error: Schannel [36874] - An SSL 3.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.
12/13/2011 12:19:57 PM, Error: Microsoft-Windows-GroupPolicy [1129] - The processing of Group Policy failed because of lack of network connectivity to a domain controller. This may be a transient condition. A success message would be generated once the machine gets connected to the domain controller and Group Policy has succesfully processed. If you do not see a success message for several hours, then contact your administrator.
12/13/2011 12:18:55 PM, Error: Service Control Manager [7016] - The NVIDIA Display Driver Service service has reported an invalid current state 32.
12/11/2011 10:41:32 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000000a (0xa777e6c0, 0x00000002, 0x00000000, 0x82ea53e4). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 121111-21294-01.
.
==== End Of File ===========================

broni · 2011/12/14

Welcome aboard

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.

If you're stuck, or you're not sure about certain step, always ask before doing anything else.

Please refrain from running tools or applying updates other than those I suggest.

Never run more than one scan at a time.

Keep updating me regarding your computer behavior, good, or bad.

The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.

If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.

I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=============================================================

You're not running any AV program.
Install one of these:
- Avast! free antivirus: http://www.avast.com/eng/download-avast-home.html
- free Microsoft Security Essentials: http://windows.microsoft.com/en-GB/windows/products/security-essentials
- free Comodo Antivirus: http://www.comodo.com/home/internet-security/antivirus.php
Update, run full scan, report on any findings.

Then...

Download TDSSKiller and save it to your desktop.

Doubleclick on TDSSKiller.exe to run the application, then on Start Scan.

If an infected file is detected, the default action will be Cure, click on Continue.

If a suspicious file is detected, the default action will be Skip, click on Continue.

It may ask you to reboot the computer to complete the process. Click on Reboot Now.

If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.

If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.

Log in or Sign up

Inactive-A Win 7 Redirect Trojan

Romdon Inactive Thread Starter

Romdon Inactive Thread Starter

Romdon Inactive Thread Starter

Romdon Inactive Thread Starter

Romdon Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Inactive-A Win 7 Redirect Trojan

Romdon Inactive Thread Starter

Romdon Inactive Thread Starter

Romdon Inactive Thread Starter

Romdon Inactive Thread Starter

Romdon Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches