Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 92208 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Browser acting strange, Virus?


  • This topic is locked This topic is locked
10 replies to this topic

#1 TFT

TFT

    New Member

  • Authentic Member
  • Pip
  • 13 posts

Posted 23 May 2011 - 07:33 AM

My pc that is running vista is acting strange, when i open Firefox and do a search in google the links apear but wont connect when i click on them. I have tried running it without the add ons but it still wont open.
I have tried IE and running IE without add ons but its still the same.

I have two pc's connected to the same router, so i know its not the router.
I have tried it with the firewall turned on and off and the antivirus on and off.
I have run malware bytes, but it cant download the latest definitions as it cant connect.
Have installed the latest Java manually, and tried lots of other things from various forums.

Any ideas as its driving me nuts.

Thanks

Jamey

Here is my HJT log

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 09:51:04, on 24/05/2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.19048)
Boot mode: Normal

Running processes:
C:Windowssystem32taskeng.exe
C:Windowssystem32Dwm.exe
C:WindowsExplorer.EXE
C:Program FilesWindows DefenderMSASCui.exe
C:WindowsSystem32igfxtray.exe
C:WindowsSystem32hkcmd.exe
C:WindowsSystem32igfxpers.exe
C:Program FilesRealtekAudioHDARtHDVCpl.exe
C:Program FilesScanSoftPaperPortpptd40nt.exe
C:WindowsSystem32NILaunch.exe
C:Program FilesAviraAntiVir Desktopavgnt.exe
C:Program FilesiTunesiTunesHelper.exe
C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe
C:Program FilesCommon FilesJavaJava Updatejusched.exe
C:Windowssystem32wbemunsecapp.exe
C:Program FilesWindows Sidebarsidebar.exe
C:Windowsehomeehtray.exe
C:Program FilesWindows Media Playerwmpnscfg.exe
C:Program FilesWinZipWZQKPICK.EXE
C:Program FilesOpenOffice.org 3programsoffice.exe
C:Windowssystem32igfxsrvc.exe
C:Program FilesBrotherControlCenter3brccMCtl.exe
C:Windowsehomeehmsas.exe
C:Program FilesOpenOffice.org 3programsoffice.bin
C:Program FilesCommon FilesAdobeOOBEPDAppUWAAAM Updates Notifier.exe
C:Windowssystem32SearchFilterHost.exe
C:Windowssystem32SearchProtocolHost.exe
C:Program FilesCommon FilesMicrosoft SharedVirtualization HandlerCVH.EXE
C:Program FilesCommon Filesmicrosoft sharedvirtualization handlerVirtualSearchProtocolHost.exe
C:Program FilesCommon Filesmicrosoft sharedvirtualization handlerOfficeVirt.exe
C:UsersTFTDesktopHiJackThis.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page = http://www.google.co.uk/
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,SearchAssistant =
R0 - HKLMSoftwareMicrosoftInternet ExplorerSearch,CustomizeSearch =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:Program FilesCommon FilesAdobeAcrobatActiveXAcroIEHelperShim.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:Program FilesCommon FilesMicrosoft SharedWindows LiveWindowsLiveLogin.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:Program FilesMicrosoftBingBarBingExt.dll" (file missing)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:Program FilesJavajre6binjp2ssv.dll
O4 - HKLM..Run: [Windows Defender] %ProgramFiles%Windows DefenderMSASCui.exe -hide
O4 - HKLM..Run: [IgfxTray] C:Windowssystem32igfxtray.exe
O4 - HKLM..Run: [HotKeysCmds] C:Windowssystem32hkcmd.exe
O4 - HKLM..Run: [Persistence] C:Windowssystem32igfxpers.exe
O4 - HKLM..Run: [RtHDVCpl] C:Program FilesRealtekAudioHDARtHDVCpl.exe
O4 - HKLM..Run: [SSBkgdUpdate] "C:Program FilesCommon FilesScansoft SharedSSBkgdUpdateSSBkgdupdate.exe" -Embedding -boot
O4 - HKLM..Run: [PaperPort PTD] C:Program FilesScanSoftPaperPortpptd40nt.exe
O4 - HKLM..Run: [IndexSearch] C:Program FilesScanSoftPaperPortIndexSearch.exe
O4 - HKLM..Run: [BrMfcWnd] C:Program FilesBrotherBrmfcmonBrMfcWnd.exe /AUTORUN
O4 - HKLM..Run: [ControlCenter3] C:Program FilesBrotherControlCenter3brctrcen.exe /autorun
O4 - HKLM..Run: [Net-It Launcher] C:Windowssystem32NILaunch.exe
O4 - HKLM..Run: [avgnt] "C:Program FilesAviraAntiVir Desktopavgnt.exe" /min
O4 - HKLM..Run: [Malwarebytes Anti-Malware (reboot)] "C:Program FilesMalwarebytes' Anti-Malwarembam.exe" /runcleanupscript
O4 - HKLM..Run: [Skytel] C:Program FilesRealtekAudioHDASkytel.exe
O4 - HKLM..Run: [QuickTime Task] "C:Program FilesQuickTimeQTTask.exe" -atboottime
O4 - HKLM..Run: [iTunesHelper] "C:Program FilesiTunesiTunesHelper.exe"
O4 - HKLM..Run: [AdobeAAMUpdater-1.0] "C:Program FilesCommon FilesAdobeOOBEPDAppUWAUpdaterStartupUtility.exe"
O4 - HKLM..Run: [Adobe Reader Speed Launcher] "C:Program FilesAdobeReader 9.0ReaderReader_sl.exe"
O4 - HKLM..Run: [Adobe ARM] "C:Program FilesCommon FilesAdobeARM1.0AdobeARM.exe"
O4 - HKLM..Run: [SunJavaUpdateSched] "C:Program FilesCommon FilesJavaJava Updatejusched.exe"
O4 - HKCU..Run: [Sidebar] C:Program FilesWindows Sidebarsidebar.exe /autoRun
O4 - HKCU..Run: [ehTray.exe] C:WindowsehomeehTray.exe
O4 - HKCU..Run: [WMPNSCFG] C:Program FilesWindows Media PlayerWMPNSCFG.exe
O4 - HKCU..Run: [Skype] "C:Program FilesSkypePhoneSkype.exe" /nosplash /minimized
O4 - HKUSS-1-5-19..Run: [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUSS-1-5-19..Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUSS-1-5-20..Run: [Sidebar] %ProgramFiles%Windows SidebarSidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: OpenOffice.org 3.1.lnk = C:Program FilesOpenOffice.org 3programquickstart.exe
O4 - Global Startup: Lotus QuickStart.lnk = C:lotuswordproltsstart.exe
O4 - Global Startup: Microsoft Office.lnk = C:Program FilesMicrosoft OfficeOfficeOSA9.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:Program FilesWinZipWZQKPICK.EXE
O9 - Extra button: @C:Program FilesWindows LiveWriterWindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:Program FilesWindows LiveWriterWriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:Program FilesWindows LiveWriterWindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:Program FilesWindows LiveWriterWriterBrowserExtension.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:Program FilesWindows LivePhoto GalleryAlbumDownloadProtocolHandler.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:Windowssystem32browseui.dll
O23 - Service: Adobe Active File Monitor V9 (AdobeActiveFileMonitor9.0) - Adobe Systems Incorporated - C:Program FilesAdobeElements 9 OrganizerPhotoshopElementsFileAgent.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:Program FilesAviraAntiVir Desktopsched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:Program FilesAviraAntiVir Desktopavguard.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:Program FilesCommon FilesAppleMobile Device SupportAppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:Program FilesBonjourmDNSResponder.exe
O23 - Service: Defragmentation-Service (DfSdkS) - mst software GmbH, Germany - C:Program FilesAshampooAshampoo WinOptimizer 2010 AdvancedDfsdks.exe
O23 - Service: iPod Service - Apple Inc. - C:Program FilesiPodbiniPodService.exe

--
End of file - 6940 bytes

    Advertisements

Register to Remove


#2 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,200 posts

Posted 25 May 2011 - 10:01 AM

Hi TFT,

:welcome:

My name is Tomk. I would be glad to take a look at your log and help you with solving any malware problems. Logs can take a while to research, so please be patient and I'd be grateful if you would note the following:

  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.

I'm not seeing anything obvious in your HijackThis log.

Let's get a deeper look at things.

Please download DDS by sUBs from one of the following links and save it to your desktop.
  • Disable any script blocking protection (How to Disable your Security Programs)
  • Double click DDS icon to run the tool (may take up to 3 minutes to run)
  • When done, DDS.txt will open.
  • After a few moments, attach.txt will open in a second window.
  • Save both reports to your desktop.
---------------------------------------------------
  • Post the contents of the DDS.txt report in your next reply
  • Attach the Attach.txt report to your post by scroling down to the Attachments area and then clicking Browse. Browse to where you saved the file, and click Open and the click UPLOAD.

Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif



WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png

#3 TFT

TFT

    New Member

  • Authentic Member
  • Pip
  • 13 posts

Posted 26 May 2011 - 12:17 AM

Thanks TomK, Heres the files. DDS (Ver_11-05-19.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_25 Run by TFT at 6:59:46 on 2011-05-26 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.1014.162 [GMT 1:00] . AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160} AV: AntiVir Desktop *Disabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7} SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: AntiVir Desktop *Disabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalService C:\Windows\System32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe C:\Windows\System32\svchost.exe -k Akamai C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Windows Live\Family Safety\fsssvc.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Microsoft\BingBar\SeaPort.EXE C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Windows\system32\SearchIndexer.exe C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\System32\igfxtray.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\Windows\System32\NILaunch.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\Program Files\OpenOffice.org 3\program\soffice.exe C:\Program Files\Brother\ControlCenter3\brccMCtl.exe C:\Windows\ehome\ehmsas.exe C:\Program Files\OpenOffice.org 3\program\soffice.bin C:\Windows\system32\taskeng.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVH.EXE C:\Program Files\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe C:\Windows\system32\taskeng.exe C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Windows\system32\taskeng.exe C:\Windows\servicing\TrustedInstaller.exe C:\Windows\system32\wuauclt.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Users\TFT\Desktop\dds.pif C:\Windows\system32\WSCRIPT.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uSearch Bar = Preserve uStart Page = hxxp://www.google.co.uk/ uInternet Settings,ProxyOverride = <local> BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll" BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File TB: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide mRun: [IgfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot mRun: [PaperPort PTD] c:\program files\scansoft\paperport\pptd40nt.exe mRun: [IndexSearch] c:\program files\scansoft\paperport\IndexSearch.exe mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun mRun: [Net-It Launcher] c:\windows\system32\NILaunch.exe mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript mRun: [Skytel] c:\program files\realtek\audio\hda\Skytel.exe mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe" mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey StartupFolder: c:\users\tft\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\lotusq~1.lnk - c:\lotus\wordpro\ltsstart.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\microsoft office.lnk - c:\program files\microsoft office\office\OSA9.EXE StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\winzip quick pick.lnk - c:\program files\winzip\WZQKPICK.EXE mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-explorer: NoResolveTrack = 1 (0x1) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll Notify: igfxcui - igfxdev.dll mASetup: {B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC} - c:\program files\pixiepack codec pack\InstallerHelper.exe . ============= SERVICES / DRIVERS =============== . R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-10-29 11608] R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264] R1 MpKsl0c4a682d;MpKsl0c4a682d;c:\programdata\microsoft\microsoft antimalware\definition updates\{537a00cd-0c76-4c22-ada5-be271e92832f}\MpKsl0c4a682d.sys [2011-5-25 28752] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656] R2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files\adobe\elements 9 organizer\PhotoshopElementsFileAgent.exe [2010-9-30 169408] R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-1-21 21504] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-10-29 108289] R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-10-29 185089] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-10-29 56816] R2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2010-2-28 821664] R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504] R2 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352] R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2008-6-1 34064] R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2010-4-24 483688] R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2010-10-24 43392] R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfslh.sys [2010-4-24 550760] R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplaylh.sys [2010-4-24 195944] R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2010-4-24 21864] R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvollh.sys [2010-4-24 19304] R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2010-4-24 209768] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560] S3 DrmRAudio;DrmRAudio;c:\windows\system32\drivers\DrmRAudio.sys [2010-5-26 23096] S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-10-21 39272] S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 54144] S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2010-11-11 206360] S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] . =============== Created Last 30 ================ . 2011-05-25 12:53:32 -------- d-----w- c:\users\tft\appdata\local\{B45DB02A-73D5-40CF-A53D-F14C3223C9CD} 2011-05-25 12:52:46 -------- d-----w- c:\users\tft\appdata\local\{FD517ADE-BB96-45A0-BA60-93FED05EB9EA} 2011-05-25 12:52:32 -------- d-----w- c:\users\tft\appdata\roaming\Windows Live Writer 2011-05-25 12:52:32 -------- d-----w- c:\users\tft\appdata\local\Windows Live Writer 2011-05-25 12:32:08 -------- d-----w- c:\program files\trend micro 2011-05-25 10:28:36 -------- d-----w- c:\users\tft\appdata\local\{1FDA6AEB-E411-4B6E-B9A5-E26AE6E2DCDD} 2011-05-25 10:21:26 -------- d-----w- c:\users\tft\appdata\local\Chromium 2011-05-25 10:06:38 28752 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{537a00cd-0c76-4c22-ada5-be271e92832f}\MpKsl0c4a682d.sys 2011-05-25 10:06:23 6962000 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{537a00cd-0c76-4c22-ada5-be271e92832f}\mpengine.dll 2011-05-25 09:44:58 -------- d-----w- c:\program files\Microsoft Security Client 2011-05-25 09:43:07 -------- d-----w- C:\0e2e87075e7c622eebfb91c66dfc1e 2011-05-25 08:23:07 -------- d-----w- c:\users\tft\appdata\local\{849ADCB0-A78A-4E7B-8064-7BCC15D4718A} 2011-05-24 11:59:53 107008 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2011-05-24 11:59:51 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2011-05-24 10:49:37 -------- d-----w- c:\users\tft\CD95F661A5C444F5A6AAECDD91C240BD.TMP 2011-05-24 09:15:37 -------- d-----w- c:\users\tft\appdata\local\Google 2011-05-20 10:30:22 -------- d-----w- c:\program files\SUPERAntiSpyware 2011-05-17 08:02:38 7071056 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{30edcdc2-8b7f-4fa9-b837-485385b35cfe}\mpengine.dll 2011-05-11 08:19:16 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat 2011-05-03 10:04:14 -------- d-----w- c:\windows\Internet Logs 2011-04-28 08:15:09 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll 2011-04-28 08:15:09 28672 ----a-w- c:\windows\system32\Apphlpdm.dll 2011-04-28 08:14:56 876032 ----a-w- c:\windows\system32\XpsPrint.dll . ==================== Find3M ==================== . 2011-05-23 11:37:02 472808 ----a-w- c:\windows\system32\deployJava1.dll 2011-03-10 17:03:51 1162240 ----a-w- c:\windows\system32\mfc42u.dll 2011-03-10 17:03:51 1136640 ----a-w- c:\windows\system32\mfc42.dll 2011-03-03 15:42:03 739328 ----a-w- c:\windows\system32\inetcomm.dll 2011-03-03 15:40:07 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll 2011-03-03 15:40:05 542720 ----a-w- c:\windows\apppatch\AcLayers.dll 2011-03-03 15:40:05 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2011-03-03 15:40:04 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll 2011-03-03 13:25:11 2041856 ----a-w- c:\windows\system32\win32k.sys 2011-03-02 15:44:27 86528 ----a-w- c:\windows\system32\dnsrslvr.dll . ============= FINISH: 7:00:41.70 ===============

Attached Files



#4 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,200 posts

Posted 26 May 2011 - 09:16 AM

TFT,

Not seeing alot there.

One thing that can cause you trouble is two Anti-virus programs running. Avira is out of date so I suggest that you uninstall it and keep Microsoft Security Essentials.

Let's try a different tool.

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link --> http://forums.whatth...ams_t96260.html

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.


Notes:

1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
3. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
4. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
5. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif



WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png

#5 TFT

TFT

    New Member

  • Authentic Member
  • Pip
  • 13 posts

Posted 27 May 2011 - 02:07 AM

Here is the log.

After i ran combofix i deleted the old Avira.
It still has the same problem, none of the programs can update, you can search on google but cant click the links.
However emails still get through and i can send them? So its not a connection problem?

ComboFix 11-05-26.02 - TFT 27/05/2011 8:01.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.1014.212 [GMT 1:00]
Running from: c:\users\TFT\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Outdated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: AntiVir Desktop *Disabled/Outdated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\TFT\AppData\Local\Microsoft\Windows\Temporary Internet Files\3l77b6T4.jpg
c:\users\TFT\AppData\Local\Microsoft\Windows\Temporary Internet Files\dKjye.jpg
c:\users\TFT\AppData\Local\Microsoft\Windows\Temporary Internet Files\dpD1Pj.jpg
c:\users\TFT\AppData\Local\Microsoft\Windows\Temporary Internet Files\JxAdwOT.jpg
c:\users\TFT\AppData\Roaming\l0wsec
c:\users\TFT\AppData\Roaming\l0wsec\l0cal.ds
c:\users\TFT\AppData\Roaming\l0wsec\us3r.ds
c:\users\TFT\AppData\Roaming\Maax
c:\users\TFT\AppData\Roaming\Maax\ytipu.noy
c:\users\TFT\AppData\Roaming\Maax\ytipu.tmp
c:\windows\system32\spool\prtprocs\w32x86\ppbiPr.dll
c:\windows\system32\system
c:\windows\winhelp.ini
.
.
((((((((((((((((((((((((( Files Created from 2011-04-27 to 2011-05-27 )))))))))))))))))))))))))))))))
.
.
2011-05-27 07:09 . 2011-05-27 07:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-25 12:53 . 2011-05-25 12:53 -------- d-----w- c:\users\TFT\AppData\Local\{B45DB02A-73D5-40CF-A53D-F14C3223C9CD}
2011-05-25 12:52 . 2011-05-25 12:52 -------- d-----w- c:\users\TFT\AppData\Local\{FD517ADE-BB96-45A0-BA60-93FED05EB9EA}
2011-05-25 12:52 . 2011-05-25 12:52 -------- d-----w- c:\users\TFT\AppData\Local\Windows Live Writer
2011-05-25 12:52 . 2011-05-25 12:52 -------- d-----w- c:\users\TFT\AppData\Roaming\Windows Live Writer
2011-05-25 12:32 . 2011-05-25 12:32 -------- d-----w- C:\rsit
2011-05-25 12:32 . 2011-05-25 12:32 -------- d-----w- c:\program files\trend micro
2011-05-25 10:28 . 2011-05-25 10:28 -------- d-----w- c:\users\TFT\AppData\Local\{1FDA6AEB-E411-4B6E-B9A5-E26AE6E2DCDD}
2011-05-25 10:21 . 2011-05-25 10:21 -------- d-----w- c:\users\TFT\AppData\Local\Chromium
2011-05-25 10:06 . 2011-05-25 10:06 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{537A00CD-0C76-4C22-ADA5-BE271E92832F}\MpKsl0c4a682d.sys
2011-05-25 10:06 . 2011-05-18 11:37 6962000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{537A00CD-0C76-4C22-ADA5-BE271E92832F}\mpengine.dll
2011-05-25 09:44 . 2011-05-25 09:45 -------- d-----w- c:\program files\Microsoft Security Client
2011-05-25 09:43 . 2011-05-25 09:45 -------- d-----w- C:\0e2e87075e7c622eebfb91c66dfc1e
2011-05-25 08:23 . 2011-05-25 08:23 -------- d-----w- c:\users\TFT\AppData\Local\{849ADCB0-A78A-4E7B-8064-7BCC15D4718A}
2011-05-24 11:59 . 2009-03-08 11:33 107008 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-05-24 11:59 . 2009-03-08 11:34 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-05-24 10:49 . 2011-05-24 10:49 -------- d-----w- c:\users\TFT\CD95F661A5C444F5A6AAECDD91C240BD.TMP
2011-05-24 09:15 . 2011-05-25 10:20 -------- d-----w- c:\users\TFT\AppData\Local\Google
2011-05-23 11:38 . 2011-05-23 11:38 -------- d-----w- c:\program files\Common Files\Java
2011-05-20 10:30 . 2011-05-20 11:41 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-05-17 08:02 . 2011-04-11 07:04 7071056 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{30EDCDC2-8B7F-4FA9-B837-485385B35CFE}\mpengine.dll
2011-05-11 08:19 . 2011-04-07 12:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-05-06 10:43 . 2011-05-24 10:33 -------- d-----w- c:\users\TFT\AppData\Roaming\Skype
2011-05-03 10:04 . 2011-05-03 10:04 -------- d-----w- c:\windows\Internet Logs
2011-04-28 08:15 . 2011-03-03 15:40 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-04-28 08:15 . 2011-03-03 13:35 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-04-28 08:14 . 2011-03-12 21:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-23 11:37 . 2010-04-29 07:52 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-04-01 07:58 . 2010-06-24 10:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-03-10 17:03 . 2011-04-15 13:38 1162240 ----a-w- c:\windows\system32\mfc42u.dll
2011-03-10 17:03 . 2011-04-15 13:38 1136640 ----a-w- c:\windows\system32\mfc42.dll
2011-03-03 15:42 . 2011-04-15 13:38 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-03 15:40 . 2011-04-28 08:15 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2011-03-03 15:40 . 2011-04-28 08:15 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2011-03-03 15:40 . 2011-04-28 08:15 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2011-03-03 15:40 . 2011-04-28 08:15 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2011-03-03 13:25 . 2011-04-15 13:38 2041856 ----a-w- c:\windows\system32\win32k.sys
2011-03-02 15:44 . 2011-04-15 13:38 86528 ----a-w- c:\windows\system32\dnsrslvr.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-09-09 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-09-09 178712]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-09-09 154136]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2008-10-31 6609440]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 155648]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2004-04-14 57393]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2004-04-14 40960]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-12-18 622592]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-07-19 65536]
"Net-It Launcher"="c:\windows\system32\NILaunch.exe" [1998-02-05 24576]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2008-10-31 1833504]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-07-29 497648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
.
c:\users\TFT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Lotus QuickStart.lnk - c:\lotus\wordpro\ltsstart.exe [1997-5-14 25600]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-5-12 65588]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2010-4-6 494920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 DrmRAudio;DrmRAudio;c:\windows\system32\drivers\DrmRAudio.sys [2010-05-21 23096]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-24 54144]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 206360]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S1 MpKsl0c4a682d;MpKsl0c4a682d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{537A00CD-0C76-4C22-ADA5-BE271E92832F}\MpKsl0c4a682d.sys [2011-05-25 28752]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-09-30 169408]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2008-01-21 21504]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
S2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2008-06-01 34064]
S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [2010-04-24 483688]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-10-24 43392]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2010-04-24 550760]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2010-04-24 195944]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2010-04-24 21864]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2010-04-24 19304]
S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [2010-04-24 209768]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPFILTER
*NewlyCreated* - MPKSL0C4A682D
*NewlyCreated* - MPNWMON
*NewlyCreated* - NISDRV
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
Akamai REG_MULTI_SZ Akamai
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}]
2008-06-18 14:04 8192 ----a-w- c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = <local>
TCP: DhcpNameServer = 192.168.16.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-27 08:09
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-05-27 08:11:48
ComboFix-quarantined-files.txt 2011-05-27 07:11
.
Pre-Run: 220,313,513,984 bytes free
Post-Run: 224,074,129,408 bytes free
.
- - End Of File - - 33EDD1E1C64B048A5D03D7D3D12AABF8

#6 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,200 posts

Posted 27 May 2011 - 10:09 AM

TFT,

I'm just not seeing the cause of your problem.

Let's get an online scan and then if I can't find anything... I'll have you post over in the windows forum and see if the Tech Team can help resolve this.

ESET Online Scanner:

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Vista users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

  • Please go here then click on: Posted Image

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!
Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif



WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png

#7 TFT

TFT

    New Member

  • Authentic Member
  • Pip
  • 13 posts

Posted 27 May 2011 - 01:21 PM

Hello TomK,

I cant use the online scanner as it wont connect.

I have tried to run IE with no add-on, i have tried the pc in safe mode with networking.

I can open http://www.google.com and do a search, the search displays but when i click on the links it just hangs and times out.

The pc is connected as i can recieve and send emails, even emails with attachments.

I have tried alsorts of things, flushing dns and pinging sites at the cmd prompt.

Im nearlly at the point of reformating, as its driving me nuts :pullhair:

If you think anyone else can help then pass me over, thanks for all the time you have put in so far.

Jamey

#8 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,200 posts

Posted 27 May 2011 - 02:58 PM

TFT,

I don't think this is malware related. I suggest you give the Tech Team a shot by posting in the Browser Forum.. Just post there and explain your problem again (no logs) and provide a link there back to this topic so that they can see the information you've posted here.

But first... we need to clean up a little.

Time for some housekeeping
  • Click START then RUN
  • Now type Combofix /Uninstall in the runbox and click OK
  • Note the space between the X and the U, it needs to be there.
The above procedure will:
  • Implement some cleanup procedures.
  • Reset System Restore.

Please re-enable any security that was disabled.


The following is my standard advice for the future. Use what you can and pat yourself on the back for what you're already doing.

Please take time to read Preventing Malware - Tools and Practices for Safe Computing. Very important information for your consideration is contained therein.

I would also suggest you read this:
So how did I get infected in the first place?
by Tony Klein


Also: "How to prevent malware"
by miekiemoes

Please respond back that you understand the above and let me know if you have any questions. Otherwise, this thread will be closed Resolved (at least as far as malware goes). :thumbup:
Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif



WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png

#9 TFT

TFT

    New Member

  • Authentic Member
  • Pip
  • 13 posts

Posted 27 May 2011 - 04:09 PM

Thanks TomK, I have started a new topic in the browser section, hopefully someone will hit the problem before i hit the pc :lol: Thanks once again for your help, i will read the guides and hopefully not get infected.

#10 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,200 posts

Posted 27 May 2011 - 04:51 PM

Your welcome. Wish I could have come up with a solution. Good luck and be well. :thumbup:
Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif



WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png

#11 Tomk

Tomk

    Beguilement Monitor

  • Classroom Admin
  • 20,200 posts

Posted 27 May 2011 - 04:52 PM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could be of assistance.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please follow the instructions here http://forums.whatth...ed_t106388.html
and start a New Topic.
Tomk
------------------------------------------------------------

mvplogo1_zpsea7gtc7e.gif



WTT-Grad1.jpg

Topics are closed after 5 days without response
unite_blue_zpsbfd3cd98.png

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users