browser goes to random sites and sometimes plays random radio stations

View previous topic View next topic Go down

browser goes to random sites and sometimes plays random radio stations

Post by pat287 on Tue 29 Nov 2011, 10:12 pm

I have fairly new to computing and I am fairly ancient. I have tried everything to try and fix this computer I have tried all the anti-malware you can get and I even paid for a program called on un hack me all to no avail. When ever I go on Internet Explorer or Firefox and type in a site it sends me to a completely different site, sometimes it plays random radio stations. I am at my wits end. I hope I have followed your instructions correctly. I have taken my PC back to factory condition two or three times but this did not solve the problem.

Regards Peter

pat287

Newbie Surfer
Newbie Surfer

Posts : 12
Joined : 2011-11-29
Operating System : windows 7

View user profile

Back to top Go down

Re: browser goes to random sites and sometimes plays random radio stations

Post by Superdave on Wed 30 Nov 2011, 10:22 am

Hello and welcome to GeekPolice.Net My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*****************************************************************

Let's run a few scans to see what turns up.

Please download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it



Click the "Scan" button to start scan

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives



On completion of the scan click save log, save it to your desktop and post in your next reply

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: browser goes to random sites and sometimes plays random radio stations

Post by pat287 on Thu 01 Dec 2011, 8:20 am

Thank you for your help, I hope I have sent this to you the right way.aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-11-30 21:07:04
-----------------------------
21:07:04.035 OS Version: Windows x64 6.1.7601 Service Pack 1
21:07:04.035 Number of processors: 4 586 0x502
21:07:04.037 ComputerName: GOD-PC UserName: GOD
21:07:05.705 Initialize success
21:07:06.243 AVAST engine defs: 11113001
21:07:44.796 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005b
21:07:44.800 Disk 0 Vendor: WDC_WD50 05.0 Size: 476940MB BusType: 3
21:07:46.811 Disk 0 MBR read successfully
21:07:46.815 Disk 0 MBR scan
21:07:46.820 Disk 0 Windows 7 default MBR code
21:07:46.823 Service scanning
21:07:48.845 Modules scanning
21:07:48.849 Disk 0 trace - called modules:
21:07:48.861 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa8003452254]<<
21:07:48.865 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800343d060]
21:07:48.870 3 CLASSPNP.SYS[fffff8800198143f] -> nt!IofCallDriver -> [0xfffffa80021dd920]
21:07:48.873 5 ACPI.sys[fffff88000ee37a1] -> nt!IofCallDriver -> \Device\0000005b[0xfffffa8002faa060]
21:07:48.877 \Driver\nvstor[0xfffffa800213fe70] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xfffffa8003452254
21:07:50.257 AVAST engine scan C:\Windows
21:07:51.837 AVAST engine scan C:\Windows\system32
21:09:00.581 AVAST engine scan C:\Windows\system32\drivers
21:09:08.038 AVAST engine scan C:\Users\GOD
21:10:27.613 Disk 0 MBR has been saved successfully to "C:\Users\GOD\Documents\MBR.dat"
21:10:27.620 The log file has been saved successfully to "C:\Users\GOD\Documents\aswMBR.txt"
21:10:53.996 AVAST engine scan C:\ProgramData
21:11:15.255 Scan finished successfully
21:11:30.561 Disk 0 MBR has been saved successfully to "C:\Users\GOD\Documents\MBR.dat"
21:11:30.566 The log file has been saved successfully to "C:\Users\GOD\Documents\aswMBR.txt"



pat287

Newbie Surfer
Newbie Surfer

Posts : 12
Joined : 2011-11-29
Operating System : windows 7

View user profile

Back to top Go down

Re: browser goes to random sites and sometimes plays random radio stations

Post by Superdave on Thu 01 Dec 2011, 10:19 am

SUPERAntiSpyware

If you already have SUPERAntiSpyware be sure to check for updates before scanning!


Download SuperAntispyware Free Edition (SAS)
* Double-click the icon on your desktop to run the installer.
* When asked to Update the program definitions, click Yes
* If you encounter any problems while downloading the updates, manually download and unzip them from here
* Next click the Preferences button.

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts
* Click the Scanning Control tab.
* Under Scanner Options make sure only the following are checked:

•Close browsers before scanning
•Scan for tracking cookies
•Terminate memory threats before quarantining
Please leave the others unchecked

•Click the Close button to leave the control center screen.

* On the main screen click Scan your computer
* On the left check the box for the drive you are scanning.
* On the right choose Perform Complete Scan
* Click Next to start the scan. Please be patient while it scans your computer.
* After the scan is complete a summary box will appear. Click OK
* Make sure everything in the white box has a check next to it, then click Next
* It will quarantine what it found and if it asks if you want to reboot, click Yes

•To retrieve the removal information please do the following:
•After reboot, double-click the SUPERAntiSpyware icon on your desktop.
•Click Preferences. Click the Statistics/Logs tab.

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

•It will open in your default text editor (preferably Notepad).
•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

* Save the log somewhere you can easily find it. (normally the desktop)
* Click close and close again to exit the program.
*Copy and Paste the log in your post.
*********************************************
Please download Malwarebytes Anti-Malware from here.
Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
***********************************************
Download DDS from HERE or HERE and save it to your desktop.

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.
* Save both reports to your desktop.
* The instructions here ask you to attach the Attach.txt.



1) DDS.txt
2) Attach.txt
Instead of attaching, please copy/past both logs into your Thread

Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copying and pasting it into the reply.

•Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run.
After downloading the tool, disconnect from the internet and disable all antivirus protection.
Run the scan, enable your A/V and reconnect to the internet.
Information on A/V control HERE .Then post your DDS logs. (DDS.txt and Attach.txt )

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: browser goes to random sites and sometimes plays random radio stations

Post by pat287 on Thu 01 Dec 2011, 9:35 pm

PERAntiSpyware Scan Log
[You must be registered and logged in to see this link.]

Generated 12/01/2011 at 09:51 AM

Application Version : 5.0.1136

Core Rules Database Version : 8003
Trace Rules Database Version: 5815

Scan type : Complete Scan
Total Scan Time : 00:36:50

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned : 533
Memory threats detected : 0
Registry items scanned : 68986
Registry threats detected : 0
File items scanned : 141673
File threats detected : 133

Adware.Tracking Cookie
C:\Users\GOD\AppData\Roaming\Microsoft\Windows\Cookies\C60XJFKU.txt [ /adultfriendfinder.com ]
C:\Users\GOD\AppData\Roaming\Microsoft\Windows\Cookies\F6I8JPL0.txt [ /www.googleadservices.com ]
C:\Users\GOD\AppData\Roaming\Microsoft\Windows\Cookies\F85T5916.txt [ /liveperson.net ]
C:\Users\GOD\AppData\Roaming\Microsoft\Windows\Cookies\7MHG2IPZ.txt [ /accounts.google.com ]
C:\Users\GOD\AppData\Roaming\Microsoft\Windows\Cookies\BY5SX98W.txt [ /collective-media.net ]
C:\Users\GOD\AppData\Roaming\Microsoft\Windows\Cookies\R1EDK18K.txt [ /gostats.com ]
C:\Users\GOD\AppData\Roaming\Microsoft\Windows\Cookies\S6I6OR65.txt [ /statcounter.com ]
C:\Users\GOD\AppData\Roaming\Microsoft\Windows\Cookies\EIUPU8M1.txt [ /burstnet.com ]
C:\Users\GOD\AppData\Roaming\Microsoft\Windows\Cookies\8EUIGGS9.txt [ /ad.zanox.com ]
C:\Users\GOD\AppData\Roaming\Microsoft\Windows\Cookies\J29BLOR8.txt [ /ad.360yield.com ]
C:\Users\GOD\AppData\Roaming\Microsoft\Windows\Cookies\9F9N3EMI.txt [ /eas.apm.emediate.eu ]
C:\Users\GOD\AppData\Roaming\Microsoft\Windows\Cookies\4RK7W380.txt [ /lucidmedia.com ]
C:\Users\GOD\AppData\Roaming\Microsoft\Windows\Cookies\I0WPDFL9.txt [ /adfarm1.adition.com ]
C:\Users\GOD\AppData\Roaming\Microsoft\Windows\Cookies\AA1UHYIN.txt [ /cdn.jemamedia.com ]
C:\Users\GOD\AppData\Roaming\Microsoft\Windows\Cookies\HLKVK6DK.txt [ /media6degrees.com ]
C:\Users\GOD\AppData\Roaming\Microsoft\Windows\Cookies\0PCY9NZ8.txt [ /invitemedia.com ]
C:\Users\GOD\AppData\Roaming\Microsoft\Windows\Cookies\0A91LJL7.txt [ /ad2.adfarm1.adition.com ]
C:\Users\GOD\AppData\Roaming\Microsoft\Windows\Cookies\1NUGYEWX.txt [ /zanox.com ]
C:\Users\GOD\AppData\Roaming\Microsoft\Windows\Cookies\TI50Y0R1.txt [ /adserver.adtechus.com ]
C:\Users\GOD\AppData\Roaming\Microsoft\Windows\Cookies\7G7GKJC6.txt [ /yieldmanager.net ]
C:\Users\GOD\AppData\Roaming\Microsoft\Windows\Cookies\SMAM4CXA.txt [ /baa.solution.weborama.fr ]
C:\Users\GOD\AppData\Roaming\Microsoft\Windows\Cookies\BE86GC2Z.txt [ /adxpose.com ]
C:\Users\GOD\AppData\Roaming\Microsoft\Windows\Cookies\2V7Q4YHE.txt [ /eas4.emediate.eu ]
C:\Users\GOD\AppData\Roaming\Microsoft\Windows\Cookies\PLNOGW83.txt [ /weborama.fr ]
C:\USERS\GOD\Cookies\C60XJFKU.txt [ Cookie:god@adultfriendfinder.com/ ]
C:\USERS\GOD\Cookies\F6I8JPL0.txt [ Cookie:god@[You must be registered and logged in to see this link.] ]
C:\USERS\GOD\Cookies\F85T5916.txt [ Cookie:god@liveperson.net/ ]
C:\USERS\GOD\Cookies\7MHG2IPZ.txt [ Cookie:god@accounts.google.com/ ]
C:\USERS\GOD\Cookies\BY5SX98W.txt [ Cookie:god@collective-media.net/ ]
C:\USERS\GOD\Cookies\R1EDK18K.txt [ Cookie:god@gostats.com/ ]
C:\USERS\GOD\Cookies\S6I6OR65.txt [ Cookie:god@statcounter.com/ ]
C:\USERS\GOD\Cookies\EIUPU8M1.txt [ Cookie:god@burstnet.com/ ]
C:\USERS\GOD\Cookies\8EUIGGS9.txt [ Cookie:god@ad.zanox.com/ ]
C:\USERS\GOD\Cookies\9F9N3EMI.txt [ Cookie:god@eas.apm.emediate.eu/ ]
C:\USERS\GOD\Cookies\I0WPDFL9.txt [ Cookie:god@adfarm1.adition.com/ ]
C:\USERS\GOD\Cookies\AA1UHYIN.txt [ Cookie:god@cdn.jemamedia.com/ ]
C:\USERS\GOD\Cookies\HLKVK6DK.txt [ Cookie:god@media6degrees.com/ ]
C:\USERS\GOD\Cookies\0A91LJL7.txt [ Cookie:god@ad2.adfarm1.adition.com/ ]
C:\USERS\GOD\Cookies\TI50Y0R1.txt [ Cookie:god@adserver.adtechus.com/ ]
C:\USERS\GOD\Cookies\SMAM4CXA.txt [ Cookie:god@baa.solution.weborama.fr/ ]
C:\USERS\GOD\Cookies\BE86GC2Z.txt [ Cookie:god@adxpose.com/ ]
C:\USERS\GOD\Cookies\2V7Q4YHE.txt [ Cookie:god@eas4.emediate.eu/ ]
C:\USERS\GOD\Cookies\PLNOGW83.txt [ Cookie:god@weborama.fr/ ]
accounts.google.com [ C:\USERS\GOD\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ]
media.flixfacts.com [ C:\USERS\GOD\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\R8KRKGH2 ]
.microsoftsto.112.2o7.net [ C:\USERS\GOD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XYXDE1PT.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\GOD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XYXDE1PT.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\GOD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XYXDE1PT.DEFAULT\COOKIES.SQLITE ]
.imrworldwide.com [ C:\USERS\GOD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XYXDE1PT.DEFAULT\COOKIES.SQLITE ]
accounts.google.com [ C:\USERS\GOD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XYXDE1PT.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\GOD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XYXDE1PT.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\GOD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XYXDE1PT.DEFAULT\COOKIES.SQLITE ]
.lucidmedia.com [ C:\USERS\GOD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XYXDE1PT.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\GOD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XYXDE1PT.DEFAULT\COOKIES.SQLITE ]
.trinitymirror.112.2o7.net [ C:\USERS\GOD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XYXDE1PT.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\GOD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XYXDE1PT.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\GOD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XYXDE1PT.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\GOD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XYXDE1PT.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\GOD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XYXDE1PT.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\GOD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XYXDE1PT.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\GOD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XYXDE1PT.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\GOD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XYXDE1PT.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\GOD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XYXDE1PT.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\GOD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XYXDE1PT.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\GOD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XYXDE1PT.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\GOD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XYXDE1PT.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\GOD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XYXDE1PT.DEFAULT\COOKIES.SQLITE ]
dc.tremormedia.com [ C:\USERS\GOD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XYXDE1PT.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\GOD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XYXDE1PT.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\GOD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XYXDE1PT.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\GOD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XYXDE1PT.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\GOD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XYXDE1PT.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\GOD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XYXDE1PT.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\GOD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XYXDE1PT.DEFAULT\COOKIES.SQLITE ]
.casalemedia.com [ C:\USERS\GOD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XYXDE1PT.DEFAULT\COOKIES.SQLITE ]
.yieldmanager.net [ C:\USERS\GOD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XYXDE1PT.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\GOD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XYXDE1PT.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\GOD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XYXDE1PT.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\GOD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XYXDE1PT.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\GOD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XYXDE1PT.DEFAULT\COOKIES.SQLITE ]
[You must be registered and logged in to see this link.] [ C:\USERS\GOD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XYXDE1PT.DEFAULT\COOKIES.SQLITE ]
.advertise.com [ C:\USERS\GOD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XYXDE1PT.DEFAULT\COOKIES.SQLITE ]
.ww2.elitetele.com [ C:\USERS\GOD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XYXDE1PT.DEFAULT\COOKIES.SQLITE ]
.ww2.elitetele.com [ C:\USERS\GOD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XYXDE1PT.DEFAULT\COOKIES.SQLITE ]
.ww2.elitetele.com [ C:\USERS\GOD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XYXDE1PT.DEFAULT\COOKIES.SQLITE ]
[You must be registered and logged in to see this link.] [ C:\USERS\GOD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XYXDE1PT.DEFAULT\COOKIES.SQLITE ]
.192com.112.2o7.net [ C:\USERS\GOD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XYXDE1PT.DEFAULT\COOKIES.SQLITE ]
accounts.google.com [ C:\USERS\GOD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XYXDE1PT.DEFAULT\COOKIES.SQLITE ]
accounts.google.com [ C:\USERS\GOD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XYXDE1PT.DEFAULT\COOKIES.SQLITE ]
.accounts.google.com [ C:\USERS\GOD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XYXDE1PT.DEFAULT\COOKIES.SQLITE ]
.accounts.google.com [ C:\USERS\GOD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XYXDE1PT.DEFAULT\COOKIES.SQLITE ]
.accounts.google.com [ C:\USERS\GOD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XYXDE1PT.DEFAULT\COOKIES.SQLITE ]
.accounts.google.com [ C:\USERS\GOD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XYXDE1PT.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\USERS\GOD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XYXDE1PT.DEFAULT\COOKIES.SQLITE ]
.ar.atwola.com [ C:\USERS\GOD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XYXDE1PT.DEFAULT\COOKIES.SQLITE ]
.at.atwola.com [ C:\USERS\GOD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XYXDE1PT.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\USERS\GOD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XYXDE1PT.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\USERS\GOD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XYXDE1PT.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\USERS\GOD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XYXDE1PT.DEFAULT\COOKIES.SQLITE ]
.tacoda.at.atwola.com [ C:\USERS\GOD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XYXDE1PT.DEFAULT\COOKIES.SQLITE ]
.at.atwola.com [ C:\USERS\GOD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XYXDE1PT.DEFAULT\COOKIES.SQLITE ]
ie-stat.bmmetrix.com [ C:\USERS\GOD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XYXDE1PT.DEFAULT\COOKIES.SQLITE ]
.pro-market.net [ C:\USERS\GOD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XYXDE1PT.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\GOD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XYXDE1PT.DEFAULT\COOKIES.SQLITE ]
.serving-sys.com [ C:\USERS\GOD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XYXDE1PT.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\GOD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XYXDE1PT.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\GOD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XYXDE1PT.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\GOD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XYXDE1PT.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\GOD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XYXDE1PT.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\GOD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XYXDE1PT.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\GOD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XYXDE1PT.DEFAULT\COOKIES.SQLITE ]
.112.2o7.net [ C:\USERS\GOD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XYXDE1PT.DEFAULT\COOKIES.SQLITE ]
.clickfuse.com [ C:\USERS\GOD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XYXDE1PT.DEFAULT\COOKIES.SQLITE ]
.invitemedia.com [ C:\USERS\GOD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XYXDE1PT.DEFAULT\COOKIES.SQLITE ]
.traveladvertising.com [ C:\USERS\GOD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XYXDE1PT.DEFAULT\COOKIES.SQLITE ]
.traveladvertising.com [ C:\USERS\GOD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XYXDE1PT.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\GOD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XYXDE1PT.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\GOD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XYXDE1PT.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\GOD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XYXDE1PT.DEFAULT\COOKIES.SQLITE ]
.media6degrees.com [ C:\USERS\GOD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XYXDE1PT.DEFAULT\COOKIES.SQLITE ]
.dealtime.co.uk [ C:\USERS\GOD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XYXDE1PT.DEFAULT\COOKIES.SQLITE ]
stat.dealtime.com [ C:\USERS\GOD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XYXDE1PT.DEFAULT\COOKIES.SQLITE ]
.dealtime.co.uk [ C:\USERS\GOD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XYXDE1PT.DEFAULT\COOKIES.SQLITE ]
.dealtime.com [ C:\USERS\GOD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XYXDE1PT.DEFAULT\COOKIES.SQLITE ]
.dealtime.co.uk [ C:\USERS\GOD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XYXDE1PT.DEFAULT\COOKIES.SQLITE ]
tracking.dc-storm.com [ C:\USERS\GOD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XYXDE1PT.DEFAULT\COOKIES.SQLITE ]
[You must be registered and logged in to see this link.] [ C:\USERS\GOD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XYXDE1PT.DEFAULT\COOKIES.SQLITE ]
[You must be registered and logged in to see this link.] [ C:\USERS\GOD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XYXDE1PT.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\GOD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XYXDE1PT.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\GOD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XYXDE1PT.DEFAULT\COOKIES.SQLITE ]
.statcounter.com [ C:\USERS\GOD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XYXDE1PT.DEFAULT\COOKIES.SQLITE ]
.collective-media.net [ C:\USERS\GOD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XYXDE1PT.DEFAULT\COOKIES.SQLITE ]
.apmebf.com [ C:\USERS\GOD\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\XYXDE1PT.DEFAULT\COOKIES.SQLITE ]
ww.malwarebytes.org

Database version: 8282

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

01/12/2011 10:32:25
mbam-log-2011-12-01 (10-32-25).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 301697
Time elapsed: 22 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

pat287

Newbie Surfer
Newbie Surfer

Posts : 12
Joined : 2011-11-29
Operating System : windows 7

View user profile

Back to top Go down

Re: browser goes to random sites and sometimes plays random radio stations

Post by Superdave on Fri 02 Dec 2011, 7:11 am

And now the DDS logs, please.

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: browser goes to random sites and sometimes plays random radio stations

Post by pat287 on Fri 02 Dec 2011, 10:57 am

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421
Run by GOD at 23:43:20 on 2011-12-01
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.2815.1604 [GMT 0:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Eraser\Eraser.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Ashampoo\Ashampoo Office 2010\Smash.exe
C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
C:\Program Files (x86)\Packard Bell\Hotkey Utility\HotkeyUtility.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\StikyNot.exe
C:\Program Files (x86)\Ashampoo\Ashampoo Office 2010\PlanMaker.exe
C:\Windows\splwow64.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\REGSVR32.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = [You must be registered and logged in to see this link.]
uWindow Title = Internet Explorer, optimized for Bing and MSN
mDefault_Page_URL = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
mWinlogon: Userinit=userinit.exe
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Partner BHO Class: {83ff80f4-8c74-4b80-b5ba-c8ddd434e5c4} - C:\ProgramData\Partner\Partner.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [Advanced SystemCare 5] "C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [SMASH] "C:\Program Files (x86)\Ashampoo\Ashampoo Office 2010\smash.exe"
uRun: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe -scheduler
uRun: [RESTART_STICKY_NOTES] C:\Windows\system32\StikyNot.exe
mRun: [Hotkey Utility] C:\Program Files (x86)\Packard Bell\Hotkey Utility\HotkeyUtility.exe
mRun: [DNS7reminder] "C:\Program Files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking11\Ereg.ini"
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [EKIJ5000StatusMonitor] C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC}
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{13C00A54-3228-4A6E-BDBA-C43BCCE91A5E} : DhcpNameServer = 192.168.0.1
BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-X64: Partner BHO Class: {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll
BHO-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB-X64: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun-x64: [Hotkey Utility] C:\Program Files (x86)\Packard Bell\Hotkey Utility\HotkeyUtility.exe
mRun-x64: [DNS7reminder] "C:\Program Files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\NaturallySpeaking11\Ereg.ini"
mRun-x64: [EKIJ5000StatusMonitor] C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\GOD\AppData\Roaming\Mozilla\Firefox\Profiles\xyxde1pt.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;C:\Windows\system32\drivers\aswSnx.sys --> C:\Windows\system32\drivers\aswSnx.sys [?]
R1 aswSP;aswSP;C:\Windows\system32\drivers\aswSP.sys --> C:\Windows\system32\drivers\aswSP.sys [?]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 SBRE;SBRE;\??\C:\Windows\system32\drivers\SBREdrv.sys --> C:\Windows\system32\drivers\SBREdrv.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-11 140672]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5;C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2011-11-23 490840]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\drivers\aswFsBlk.sys --> C:\Windows\system32\drivers\aswFsBlk.sys [?]
R2 aswMonFlt;aswMonFlt;\??\C:\Windows\system32\drivers\aswMonFlt.sys --> C:\Windows\system32\drivers\aswMonFlt.sys [?]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-11-29 44768]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
R2 DragonSvc;Dragon Service;C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe [2011-6-5 296808]
R2 Greg_Service;GRegService;C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe [2009-8-28 1150496]
R2 Updater Service;Updater Service;C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2010-5-10 243232]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-23 136176]
S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2011-9-5 393648]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-11-23 136176]
S3 Partner Service;Partner Service;C:\ProgramData\Partner\Partner.exe [2010-5-10 332272]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
.
==================== Find3M ====================
.
2011-11-28 18:01:25 41184 ----a-w- C:\Windows\avastSS.scr
2011-11-28 17:54:06 591192 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2011-11-28 17:52:11 66904 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2011-11-27 01:12:41 24416 ----a-w- C:\Windows\SysWow64\drivers\regguard.sys
2011-11-24 12:57:20 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll
2011-11-24 12:57:19 175616 ----a-w- C:\Windows\System32\msclmd.dll
2011-11-24 11:58:15 414368 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-24 09:26:05 39192 ----a-w- C:\Windows\System32\Partizan.exe
2011-11-24 09:21:56 2 --shatr- C:\Windows\winstart.bat
2011-11-22 23:09:01 6 ----a-w- C:\Windows\System32\PLD_Framework.cmd
2011-10-19 23:10:14 22872 ----a-w- C:\Windows\System32\RegistryDefragBootTime.exe
2011-09-29 16:29:28 1923952 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2011-09-29 04:03:32 3144704 ----a-w- C:\Windows\System32\win32k.sys
2011-09-05 11:19:48 18744 ----a-w- C:\Windows\System32\roboot64.exe
.
============= FINISH: 23:51:50.40 ===============

pat287

Newbie Surfer
Newbie Surfer

Posts : 12
Joined : 2011-11-29
Operating System : windows 7

View user profile

Back to top Go down

Re: browser goes to random sites and sometimes plays random radio stations

Post by Superdave on Sat 03 Dec 2011, 6:19 am

Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1
Link 2

* Double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
**********************************************************

Download ComboFix by sUBs from one of the below links. Be sure to save it to the Desktop.

link # 1
Link # 2
If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

Close any open web browsers (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your anti-virus, and any anti-spyware real-time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Right-click combofix.exe and select Run as Administrator and follow the prompts.
When finished, ComboFix will produce a log for you.
Post the ComboFix login your next reply.

NOTE: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your anti-virus and anti-spyware protection when ComboFix is complete.

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: browser goes to random sites and sometimes plays random radio stations

Post by pat287 on Sat 03 Dec 2011, 9:45 pm

ComboFix 11-12-02.02 - GOD 03/12/2011 9:17.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.2815.1809 [GMT 0:00]
Running from: c:\users\GOD\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-11-03 to 2011-12-03 )))))))))))))))))))))))))))))))
.
.
2011-12-03 10:21 . 2011-12-03 10:21 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0848F0B6-9EBC-4652-AECD-AA43C7523D2E}\offreg.dll
2011-12-03 10:17 . 2011-12-03 10:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-02 13:18 . 2011-11-21 11:40 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0848F0B6-9EBC-4652-AECD-AA43C7523D2E}\mpengine.dll
2011-12-01 10:05 . 2011-12-01 10:06 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-11-29 15:03 . 2011-11-29 15:03 -------- d-----w- C:\_OTL
2011-11-27 11:10 . 2011-11-27 11:10 -------- d-----w- c:\program files (x86)\Common Files\IVA
2011-11-27 11:09 . 2011-11-27 11:10 -------- d-----w- c:\program files (x86)\Common Files\Nuance
2011-11-27 11:07 . 2011-11-27 11:07 -------- d-----w- c:\programdata\Nuance
2011-11-27 11:07 . 2011-11-27 11:07 -------- d-----w- c:\programdata\FLEXnet
2011-11-27 11:07 . 2011-11-27 11:07 -------- d-----w- c:\program files (x86)\Nuance
2011-11-27 10:16 . 2011-06-16 17:53 232960 ----a-w- c:\windows\system32\Spool\prtprocs\x64\EKIJ5000PPR.dll
2011-11-27 10:16 . 2011-11-27 10:16 -------- d-----w- c:\windows\system32\kodak
2011-11-27 10:12 . 2011-11-27 10:12 -------- d-----w- c:\windows\SysWow64\kodak
2011-11-27 10:10 . 2011-11-27 10:10 -------- d-----w- c:\windows\SysWow64\spool
2011-11-27 10:10 . 2011-11-27 10:10 -------- d-----w- c:\program files (x86)\Kodak
2011-11-27 10:09 . 2011-12-03 10:19 -------- d-----w- c:\programdata\Kodak
2011-11-26 09:35 . 2011-11-26 09:35 -------- d-----w- c:\program files (x86)\Ashampoo
2011-11-24 23:50 . 2011-10-19 23:10 22872 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2011-11-24 12:41 . 2011-11-24 12:41 -------- d-----w- C:\cc8f23cd96fb7d08746bf9609e
2011-11-24 12:27 . 2011-11-24 12:27 -------- d-----w- c:\windows\system32\SPReview
2011-11-24 12:26 . 2011-11-24 12:26 -------- d-----w- c:\windows\system32\EventProviders
2011-11-24 12:04 . 2010-11-20 13:33 273792 ----a-w- c:\windows\system32\drivers\msiscsi.sys
2011-11-24 12:03 . 2010-11-20 13:28 223248 ----a-w- c:\windows\system32\drivers\fvevol.sys
2011-11-24 12:02 . 2010-11-20 13:27 636416 ----a-w- c:\windows\system32\wmdrmdev.dll
2011-11-24 12:01 . 2010-11-20 12:21 363008 ----a-w- c:\windows\SysWow64\wbemcomn.dll
2011-11-24 12:01 . 2010-11-20 12:19 606208 ----a-w- c:\windows\SysWow64\wbem\fastprox.dll
2011-11-24 11:59 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll
2011-11-24 11:54 . 2011-11-25 13:50 -------- d-----w- c:\programdata\McAfee
2011-11-24 09:26 . 2011-11-24 09:26 39192 ----a-w- c:\windows\system32\Partizan.exe
2011-11-24 09:25 . 2011-11-27 01:12 24416 ----a-w- c:\windows\SysWow64\drivers\regguard.sys
2011-11-24 09:21 . 2011-11-24 09:21 2 --shatr- c:\windows\winstart.bat
2011-11-24 09:21 . 2011-11-24 09:21 -------- d-----w- c:\program files (x86)\Greatis
2011-11-23 20:15 . 2011-11-23 20:15 -------- d-----w- c:\programdata\NVIDIA Corporation
2011-11-23 19:59 . 2011-11-23 19:59 -------- d-----w- c:\program files\Microsoft IntelliPoint
2011-11-23 19:55 . 2011-11-23 19:55 -------- d-----w- c:\program files\Microsoft IntelliType Pro
2011-11-23 18:36 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll
2011-11-23 18:36 . 2011-02-19 12:04 1544192 ----a-w- c:\windows\system32\DWrite.dll
2011-11-23 18:36 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll
2011-11-23 18:36 . 2011-02-19 06:30 1076736 ----a-w- c:\windows\SysWow64\DWrite.dll
2011-11-23 18:36 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2011-11-23 12:56 . 2011-11-23 12:56 -------- d-----w- c:\program files (x86)\MSXML 4.0
2011-11-23 12:56 . 2011-11-23 12:56 -------- d-----w- c:\windows\SysWow64\Wat
2011-11-23 12:56 . 2011-11-23 12:56 -------- d-----w- c:\windows\system32\Wat
2011-11-23 12:50 . 2011-11-23 12:50 -------- d-----w- c:\programdata\Systweak
2011-11-23 12:36 . 2011-09-05 11:19 18744 ----a-w- c:\windows\system32\roboot64.exe
2011-11-23 12:36 . 2010-10-06 12:25 16896 ----a-w- c:\windows\system32\sasnative64.exe
2011-11-23 12:35 . 2011-11-23 13:06 -------- d-----w- c:\program files (x86)\Advanced System Optimizer 3
2011-11-23 12:32 . 2011-11-23 12:32 -------- d-----w- c:\program files (x86)\Common Files\Spigot
2011-11-23 12:32 . 2011-11-23 12:32 -------- d-----w- c:\programdata\IObit
2011-11-23 12:30 . 2011-11-23 12:30 -------- d-----w- c:\program files (x86)\IObit
2011-11-23 12:20 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe
2011-11-23 11:58 . 2011-07-09 05:26 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-23 11:58 . 2011-07-09 04:29 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-11-23 11:56 . 2011-02-24 06:15 476160 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-11-23 11:55 . 2011-03-03 06:24 183296 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-11-23 11:54 . 2011-02-18 10:51 31232 ----a-w- c:\windows\system32\prevhost.exe
2011-11-23 09:15 . 2011-11-23 12:29 -------- d--h--w- c:\windows\msdownld.tmp
2011-11-23 08:43 . 2011-11-23 08:43 -------- d-----w- c:\programdata\Malwarebytes
2011-11-23 08:42 . 2011-11-24 11:58 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-23 08:42 . 2011-11-23 08:42 -------- d-----w- c:\windows\system32\Macromed
2011-11-23 06:56 . 2011-11-23 06:56 -------- d-----w- c:\windows\NAPP_Dism_Log
2011-11-23 00:36 . 2011-11-23 00:36 -------- d-----w- c:\program files\CCleaner
2011-11-23 00:04 . 2011-11-23 00:04 -------- d-----w- c:\program files (x86)\VS Revo Group
2011-11-22 23:54 . 2011-05-24 18:14 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-11-22 23:49 . 2011-11-28 18:01 256960 ----a-w- c:\windows\system32\aswBoot.exe
2011-11-22 23:49 . 2011-12-03 08:57 -------- d-----w- c:\programdata\AVAST Software
2011-11-22 23:49 . 2011-11-22 23:49 -------- d-----w- c:\program files\AVAST Software
2011-11-22 23:42 . 2011-11-25 13:46 -------- d-----w- c:\programdata\Fighters
2011-11-22 23:37 . 2010-11-09 14:56 49752 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-11-22 23:37 . 2010-11-09 14:56 27472 ----a-w- c:\windows\system32\sbbd.exe
2011-11-22 23:37 . 2011-11-23 00:19 -------- d-----w- C:\VIPRERESCUE
2011-11-22 23:25 . 2006-11-29 13:06 4398360 ----a-w- c:\windows\system32\d3dx9_32.dll
2011-11-22 23:25 . 2006-11-29 13:06 3426072 ----a-w- c:\windows\SysWow64\d3dx9_32.dll
2011-11-22 23:24 . 2011-11-22 23:24 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2011-11-22 23:24 . 2011-11-22 23:24 -------- d-----w- c:\program files (x86)\Microsoft
2011-11-22 23:23 . 2011-11-22 23:23 -------- d-----w- c:\program files (x86)\Windows Live SkyDrive
2011-11-22 23:23 . 2011-11-22 23:23 -------- d-----w- c:\windows\PCHEALTH
2011-11-22 23:23 . 2011-11-22 23:23 -------- d-----w- c:\program files\Eraser
2011-11-22 23:21 . 2011-11-22 23:21 -------- d-----w- c:\program files (x86)\Common Files\Windows Live
2011-11-22 23:20 . 2011-11-22 23:20 -------- d-----w- c:\program files (x86)\Common Files\Macrovision Shared
2011-11-22 23:16 . 2011-11-22 23:16 -------- d---a-w- C:\book
2011-11-22 23:13 . 2011-11-22 23:13 -------- d-----w- c:\program files\PB Accessory Store
2011-11-22 23:13 . 2011-11-22 23:13 -------- d-----w- c:\users\Public\Symantec
2011-11-22 23:13 . 2011-12-02 12:40 -------- d-----w- c:\users\GOD
2011-11-22 23:12 . 2011-11-22 23:12 -------- d-----w- C:\Recovery
2011-11-22 23:07 . 2011-11-22 23:07 -------- d-----w- c:\windows\SysWow64\RTCOM
2011-11-22 23:07 . 2011-11-22 23:07 -------- d-----w- c:\program files\Realtek
2011-11-22 23:05 . 2011-11-23 23:01 -------- d-----w- c:\programdata\NVIDIA
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-24 12:57 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-11-24 12:57 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-11-22 23:09 . 2010-05-10 09:06 6 ----a-w- c:\windows\system32\PLD_Framework.cmd
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]
2010-05-10 09:10 433648 ----a-w- c:\programdata\Partner\Partner.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-05-10 39408]
"Advanced SystemCare 5"="c:\program files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" [2011-11-12 1647448]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"SMASH"="c:\program files (x86)\Ashampoo\Ashampoo Office 2010\smash.exe" [2009-10-30 229411]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2011-06-06 222496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Hotkey Utility"="c:\program files (x86)\Packard Bell\Hotkey Utility\HotkeyUtility.exe" [2010-08-04 611872]
"DNS7reminder"="c:\program files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" [2010-10-27 328992]
"EKIJ5000StatusMonitor"="c:\windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe" [2011-06-16 2922496]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0Partizan
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-23 136176]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-23 136176]
R3 Partner Service;Partner Service;c:\programdata\Partner\Partner.exe [2010-05-10 332272]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2011-11-10 490840]
S2 DragonSvc;Dragon Service;c:\program files (x86)\Common Files\Nuance\dgnsvc.exe [2011-06-05 296808]
S2 Greg_Service;GRegService;c:\program files (x86)\Packard Bell\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2011-09-05 393648]
S2 Updater Service;Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2010-01-28 243232]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-23 00:35]
.
2011-12-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-23 00:35]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]
2010-05-10 09:10 750064 ----a-w- c:\programdata\Partner\Partner64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-11-17 9608224]
"Eraser"="c:\progra~1\Eraser\Eraser.exe" [2010-11-04 980368]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1873256]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe" [2011-06-16 2922496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uLocal Page = c:\windows\system32\blank.htm
mStart Page = [You must be registered and logged in to see this link.]
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\GOD\AppData\Roaming\Mozilla\Firefox\Profiles\xyxde1pt.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-Conime - c:\windows\system32\conime.exe
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Internet Explorer\iexplore.exe
c:\program files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
.
**************************************************************************
.
Completion time: 2011-12-03 10:39:43 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-03 10:39
.
Pre-Run: 199,453,638,656 bytes free
Post-Run: 199,415,169,024 bytes free
.
- - End Of File - - 8C3FBDDEC025D7BA90797F49CBE15F52

pat287

Newbie Surfer
Newbie Surfer

Posts : 12
Joined : 2011-11-29
Operating System : windows 7

View user profile

Back to top Go down

Re: browser goes to random sites and sometimes plays random radio stations

Post by Superdave on Sun 04 Dec 2011, 6:37 am

ComboFix is running from the incorrect location. Please remove/uninstall it and download a new one to your desktop. Then run this script.
I would also like to see the log from Security Check.


Re-running ComboFix to remove infections:


  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open notepad and copy/paste the text in the quotebox below into it:

    KillAll::

    DirLook::
    C:\cc8f23cd96fb7d08746bf9609e

  • Save this as CFScript.txt, in the same location as ComboFix.exe



  • Referring to the picture above, drag CFScript into ComboFix.exe
  • When finished, it shall produce a log for you at C:\ComboFix.txt
  • Please post the contents of the log in your next reply.

*******************************************************

Please download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it



Click the "Scan" button to start scan

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives



On completion of the scan click save log, save it to your desktop and post in your next reply

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: browser goes to random sites and sometimes plays random radio stations

Post by pat287 on Mon 05 Dec 2011, 3:12 am

after I ran combo fix nothing worked until I restarted computer, so I could not save the log,my computer is running a lot better now.15:58:06.099 Scan finished successfully
15:58:21.543 Disk 0 MBR has been saved successfully to "C:\Users\GOD\Downloads\MBR.dat"
15:58:21.543 The log file has been saved successfully to "C:\Users\GOD\Downloads\aswMBR.txt"


aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-12-04 15:54:02
-----------------------------
15:54:02.277 OS Version: Windows x64 6.1.7601 Service Pack 1
15:54:02.277 Number of processors: 4 586 0x502
15:54:02.277 ComputerName: GOD-PC UserName: GOD
15:54:02.839 Initialize success
15:55:32.001 AVAST engine defs: 11120400
15:56:04.855 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000056
15:56:04.861 Disk 0 Vendor: WDC_WD50 05.0 Size: 476940MB BusType: 3
15:56:06.878 Disk 0 MBR read successfully
15:56:06.884 Disk 0 MBR scan
15:56:06.893 Disk 0 Windows 7 default MBR code
15:56:06.900 Service scanning
15:56:07.939 Modules scanning
15:56:07.947 Disk 0 trace - called modules:
15:56:07.956 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa8003455254]<<
15:56:07.964 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8003435060]
15:56:07.973 3 CLASSPNP.SYS[fffff8800161743f] -> nt!IofCallDriver -> [0xfffffa8002f99590]
15:56:07.977 5 ACPI.sys[fffff88000f2c7a1] -> nt!IofCallDriver -> \Device\00000056[0xfffffa8002f908b0]
15:56:07.981 \Driver\nvstor[0xfffffa8002af1cd0] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xfffffa8003455254
15:56:08.621 AVAST engine scan C:\Windows
15:56:10.214 AVAST engine scan C:\Windows\system32
15:57:21.342 AVAST engine scan C:\Windows\system32\drivers
15:57:27.910 AVAST engine scan C:\Users\GOD
15:57:52.043 AVAST engine scan C:\ProgramData
15:58:06.099 Scan finished successfully
15:58:21.543 Disk 0 MBR has been saved successfully to "C:\Users\GOD\Downloads\MBR.dat"
15:58:21.543 The log file has been saved successfully to "C:\Users\GOD\Downloads\aswMBR.txt"
15:59:44.008 Disk 0 MBR has been saved successfully to "C:\Users\GOD\Downloads\MBR.dat"
15:59:44.008 The log file has been saved successfully to "C:\Users\GOD\Downloads\aswMBR.txt"


aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-12-04 15:54:02
-----------------------------
15:54:02.277 OS Version: Windows x64 6.1.7601 Service Pack 1
15:54:02.277 Number of processors: 4 586 0x502
15:54:02.277 ComputerName: GOD-PC UserName: GOD
15:54:02.839 Initialize success
15:55:32.001 AVAST engine defs: 11120400
15:56:04.855 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000056
15:56:04.861 Disk 0 Vendor: WDC_WD50 05.0 Size: 476940MB BusType: 3
15:56:06.878 Disk 0 MBR read successfully
15:56:06.884 Disk 0 MBR scan
15:56:06.893 Disk 0 Windows 7 default MBR code
15:56:06.900 Service scanning
15:56:07.939 Modules scanning
15:56:07.947 Disk 0 trace - called modules:
15:56:07.956 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys >>UNKNOWN [0xfffffa8003455254]<<
15:56:07.964 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8003435060]
15:56:07.973 3 CLASSPNP.SYS[fffff8800161743f] -> nt!IofCallDriver -> [0xfffffa8002f99590]
15:56:07.977 5 ACPI.sys[fffff88000f2c7a1] -> nt!IofCallDriver -> \Device\00000056[0xfffffa8002f908b0]
15:56:07.981 \Driver\nvstor[0xfffffa8002af1cd0] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xfffffa8003455254
15:56:08.621 AVAST engine scan C:\Windows
15:56:10.214 AVAST engine scan C:\Windows\system32
15:57:21.342 AVAST engine scan C:\Windows\system32\drivers
15:57:27.910 AVAST engine scan C:\Users\GOD
15:57:52.043 AVAST engine scan C:\ProgramData
15:58:06.099 Scan finished successfully
15:58:21.543 Disk 0 MBR has been saved successfully to "C:\Users\GOD\Downloads\MBR.dat"
15:58:21.543 The log file has been saved successfully to "C:\Users\GOD\Downloads\aswMBR.txt"
15:59:44.008 Disk 0 MBR has been saved successfully to "C:\Users\GOD\Downloads\MBR.dat"
15:59:44.008 The log file has been saved successfully to "C:\Users\GOD\Downloads\aswMBR.txt"
16:05:22.057 Disk 0 MBR has been saved successfully to "C:\Users\GOD\Downloads\MBR.dat"
16:05:22.057 The log file has been saved successfully to "C:\Users\GOD\Downloads\aswMBR.txt"



pat287

Newbie Surfer
Newbie Surfer

Posts : 12
Joined : 2011-11-29
Operating System : windows 7

View user profile

Back to top Go down

Re: browser goes to random sites and sometimes plays random radio stations

Post by Superdave on Mon 05 Dec 2011, 5:25 am

so I could not save the log
The log can be found on your C drive under ComboFix.

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

  • Click on to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the icon on your desktop.

•Check
•Click the button.
•Accept any security warnings from your browser.
•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: browser goes to random sites and sometimes plays random radio stations

Post by pat287 on Mon 05 Dec 2011, 9:05 am

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=be08dd9eb87e144c8cd879fdb5005ffb
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-12-04 07:44:15
# local_time=2011-12-04 07:44:15 (+0000, GMT Standard Time)
# country="United Kingdom"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1024 16777215 100 0 12007 12007 0 0
# compatibility_mode=3588 16777214 85 19 1022274 68636685 0 0
# compatibility_mode=5893 16776574 100 94 17717 75490518 0 0
# compatibility_mode=8192 67108863 100 0 3796 3796 0 0
# scanned=85059
# found=1
# cleaned=1
# scan_time=2387
C:\Program Files (x86)\Common Files\Spigot\wtxpcom\components\WidgiToolbarFF.dll.5 a variant of Win32/Adware.Toolbar.Dealio application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=53251
omboFix 11-12-04.02 - GOD 04/12/2011 13:46:39.5.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.2815.1862 [GMT 0:00]
Running from: c:\users\GOD\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-11-04 to 2011-12-04 )))))))))))))))))))))))))))))))
.
.
2011-12-04 14:40 . 2011-12-04 14:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-12-04 14:40 . 2011-12-04 14:40 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2011-12-03 19:58 . 2011-12-03 19:58 59 ----a-w- C:\user.js
2011-12-03 19:58 . 2011-12-03 19:58 -------- d-----w- c:\program files (x86)\BabylonToolbar
2011-12-03 19:58 . 2011-12-03 19:58 -------- d-----w- c:\programdata\Babylon
2011-12-03 14:31 . 2011-12-03 14:31 -------- d-----w- c:\programdata\MacPaw
2011-12-03 14:30 . 2011-12-03 14:35 -------- d-----w- c:\program files\CleanMyPC
2011-12-02 13:18 . 2011-11-21 11:40 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0848F0B6-9EBC-4652-AECD-AA43C7523D2E}\mpengine.dll
2011-11-29 15:03 . 2011-11-29 15:03 -------- d-----w- C:\_OTL
2011-11-27 11:10 . 2011-11-27 11:10 -------- d-----w- c:\program files (x86)\Common Files\IVA
2011-11-27 11:09 . 2011-11-27 11:10 -------- d-----w- c:\program files (x86)\Common Files\Nuance
2011-11-27 11:07 . 2011-11-27 11:07 -------- d-----w- c:\programdata\Nuance
2011-11-27 11:07 . 2011-11-27 11:07 -------- d-----w- c:\programdata\FLEXnet
2011-11-27 11:07 . 2011-11-27 11:07 -------- d-----w- c:\program files (x86)\Nuance
2011-11-27 10:16 . 2011-06-16 17:53 232960 ----a-w- c:\windows\system32\Spool\prtprocs\x64\EKIJ5000PPR.dll
2011-11-27 10:16 . 2011-11-27 10:16 -------- d-----w- c:\windows\system32\kodak
2011-11-27 10:12 . 2011-11-27 10:12 -------- d-----w- c:\windows\SysWow64\kodak
2011-11-27 10:10 . 2011-11-27 10:10 -------- d-----w- c:\windows\SysWow64\spool
2011-11-27 10:10 . 2011-11-27 10:10 -------- d-----w- c:\program files (x86)\Kodak
2011-11-27 10:09 . 2011-12-04 14:42 -------- d-----w- c:\programdata\Kodak
2011-11-26 09:35 . 2011-11-26 09:35 -------- d-----w- c:\program files (x86)\Ashampoo
2011-11-24 23:50 . 2011-10-19 23:10 22872 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe
2011-11-24 12:41 . 2011-11-24 12:41 -------- d-----w- C:\cc8f23cd96fb7d08746bf9609e
2011-11-24 12:27 . 2011-11-24 12:27 -------- d-----w- c:\windows\system32\SPReview
2011-11-24 12:26 . 2011-11-24 12:26 -------- d-----w- c:\windows\system32\EventProviders
2011-11-24 12:04 . 2010-11-20 13:33 273792 ----a-w- c:\windows\system32\drivers\msiscsi.sys
2011-11-24 12:03 . 2010-11-20 13:28 223248 ----a-w- c:\windows\system32\drivers\fvevol.sys
2011-11-24 12:02 . 2010-11-20 13:27 636416 ----a-w- c:\windows\system32\wmdrmdev.dll
2011-11-24 12:01 . 2010-11-20 12:21 363008 ----a-w- c:\windows\SysWow64\wbemcomn.dll
2011-11-24 12:01 . 2010-11-20 12:19 606208 ----a-w- c:\windows\SysWow64\wbem\fastprox.dll
2011-11-24 11:59 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll
2011-11-24 11:54 . 2011-11-25 13:50 -------- d-----w- c:\programdata\McAfee
2011-11-24 09:26 . 2011-11-24 09:26 39192 ----a-w- c:\windows\system32\Partizan.exe
2011-11-24 09:25 . 2011-11-27 01:12 24416 ----a-w- c:\windows\SysWow64\drivers\regguard.sys
2011-11-24 09:21 . 2011-11-24 09:21 2 --shatr- c:\windows\winstart.bat
2011-11-24 09:21 . 2011-11-24 09:21 -------- d-----w- c:\program files (x86)\Greatis
2011-11-23 20:15 . 2011-11-23 20:15 -------- d-----w- c:\programdata\NVIDIA Corporation
2011-11-23 19:59 . 2011-11-23 19:59 -------- d-----w- c:\program files\Microsoft IntelliPoint
2011-11-23 19:55 . 2011-11-23 19:55 -------- d-----w- c:\program files\Microsoft IntelliType Pro
2011-11-23 18:36 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll
2011-11-23 18:36 . 2011-02-19 12:04 1544192 ----a-w- c:\windows\system32\DWrite.dll
2011-11-23 18:36 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll
2011-11-23 18:36 . 2011-02-19 06:30 1076736 ----a-w- c:\windows\SysWow64\DWrite.dll
2011-11-23 18:36 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2011-11-23 12:56 . 2011-11-23 12:56 -------- d-----w- c:\program files (x86)\MSXML 4.0
2011-11-23 12:56 . 2011-11-23 12:56 -------- d-----w- c:\windows\SysWow64\Wat
2011-11-23 12:56 . 2011-11-23 12:56 -------- d-----w- c:\windows\system32\Wat
2011-11-23 12:50 . 2011-11-23 12:50 -------- d-----w- c:\programdata\Systweak
2011-11-23 12:36 . 2011-07-07 13:26 18816 ----a-w- c:\windows\system32\roboot64.exe
2011-11-23 12:36 . 2010-10-06 12:25 16896 ----a-w- c:\windows\system32\sasnative64.exe
2011-11-23 12:35 . 2011-11-23 13:06 -------- d-----w- c:\program files (x86)\Advanced System Optimizer 3
2011-11-23 12:32 . 2011-11-23 12:32 -------- d-----w- c:\program files (x86)\Common Files\Spigot
2011-11-23 12:32 . 2011-11-23 12:32 -------- d-----w- c:\programdata\IObit
2011-11-23 12:30 . 2011-11-23 12:30 -------- d-----w- c:\program files (x86)\IObit
2011-11-23 12:20 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe
2011-11-23 11:58 . 2011-07-09 05:26 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-23 11:58 . 2011-07-09 04:29 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-11-23 11:56 . 2011-02-24 06:15 476160 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-11-23 11:55 . 2011-03-03 06:24 183296 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-11-23 11:54 . 2011-02-18 10:51 31232 ----a-w- c:\windows\system32\prevhost.exe
2011-11-23 09:15 . 2011-11-23 12:29 -------- d--h--w- c:\windows\msdownld.tmp
2011-11-23 08:43 . 2011-11-23 08:43 -------- d-----w- c:\programdata\Malwarebytes
2011-11-23 08:42 . 2011-11-24 11:58 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-11-23 08:42 . 2011-11-23 08:42 -------- d-----w- c:\windows\system32\Macromed
2011-11-23 06:56 . 2011-11-23 06:56 -------- d-----w- c:\windows\NAPP_Dism_Log
2011-11-23 00:36 . 2011-11-23 00:36 -------- d-----w- c:\program files\CCleaner
2011-11-23 00:04 . 2011-11-23 00:04 -------- d-----w- c:\program files (x86)\VS Revo Group
2011-11-22 23:54 . 2011-05-24 18:14 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-11-22 23:49 . 2011-11-28 18:01 256960 ----a-w- c:\windows\system32\aswBoot.exe
2011-11-22 23:49 . 2011-12-03 19:47 -------- d-----w- c:\programdata\AVAST Software
2011-11-22 23:49 . 2011-11-22 23:49 -------- d-----w- c:\program files\AVAST Software
2011-11-22 23:42 . 2011-11-25 13:46 -------- d-----w- c:\programdata\Fighters
2011-11-22 23:37 . 2010-11-09 14:56 49752 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-11-22 23:37 . 2010-11-09 14:56 27472 ----a-w- c:\windows\system32\sbbd.exe
2011-11-22 23:37 . 2011-11-23 00:19 -------- d-----w- C:\VIPRERESCUE
2011-11-22 23:25 . 2006-11-29 13:06 4398360 ----a-w- c:\windows\system32\d3dx9_32.dll
2011-11-22 23:25 . 2006-11-29 13:06 3426072 ----a-w- c:\windows\SysWow64\d3dx9_32.dll
2011-11-22 23:24 . 2011-11-22 23:24 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2011-11-22 23:24 . 2011-11-22 23:24 -------- d-----w- c:\program files (x86)\Microsoft
2011-11-22 23:23 . 2011-11-22 23:23 -------- d-----w- c:\program files (x86)\Windows Live SkyDrive
2011-11-22 23:23 . 2011-11-22 23:23 -------- d-----w- c:\windows\PCHEALTH
2011-11-22 23:23 . 2011-11-22 23:23 -------- d-----w- c:\program files\Eraser
2011-11-22 23:21 . 2011-11-22 23:21 -------- d-----w- c:\program files (x86)\Common Files\Windows Live
2011-11-22 23:20 . 2011-11-22 23:20 -------- d-----w- c:\program files (x86)\Common Files\Macrovision Shared
2011-11-22 23:16 . 2011-11-22 23:16 -------- d---a-w- C:\book
2011-11-22 23:13 . 2011-11-22 23:13 -------- d-----w- c:\program files\PB Accessory Store
2011-11-22 23:13 . 2011-11-22 23:13 -------- d-----w- c:\users\Public\Symantec
2011-11-22 23:13 . 2011-12-02 12:40 -------- d-----w- c:\users\GOD
2011-11-22 23:12 . 2011-11-22 23:12 -------- d-----w- C:\Recovery
2011-11-22 23:07 . 2011-11-22 23:07 -------- d-----w- c:\windows\SysWow64\RTCOM
2011-11-22 23:07 . 2011-11-22 23:07 -------- d-----w- c:\program files\Realtek
2011-11-22 23:05 . 2011-11-23 23:01 -------- d-----w- c:\programdata\NVIDIA
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-04 14:45 . 2011-12-04 14:45 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0848F0B6-9EBC-4652-AECD-AA43C7523D2E}\offreg.dll
2011-11-24 12:57 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-11-24 12:57 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-11-22 23:09 . 2010-05-10 09:06 6 ----a-w- c:\windows\system32\PLD_Framework.cmd
.
.
((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2011-12-03 08:48 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-12-03 19:15 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-12-03 08:48 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-12-03 19:15 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-12-03 08:48 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-12-03 19:15 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-05-10 08:45 . 2011-12-03 19:52 40402 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-12-04 11:02 31092 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2011-11-23 13:05 . 2011-11-30 12:50 5328 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2011-11-23 13:05 . 2011-12-03 16:57 5328 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2011-11-22 23:36 . 2011-12-04 11:02 6734 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-437603247-1892917397-2572452206-1000_UserData.bin
- 2011-12-03 10:19 . 2011-12-03 10:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-12-04 14:42 . 2011-12-04 14:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-12-04 14:42 . 2011-12-04 14:42 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-12-03 10:19 . 2011-12-03 10:19 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-11-23 11:41 . 2011-12-04 14:35 253520 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
- 2009-07-14 02:36 . 2011-12-03 09:03 628024 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-12-04 11:05 628024 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2011-12-03 09:03 110208 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2011-12-04 11:05 110208 c:\windows\system32\perfc009.dat
+ 2011-12-03 17:40 . 2011-12-04 14:42 149440 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2009-07-14 05:01 . 2011-12-04 14:42 244452 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2011-12-03 10:18 244452 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-11-23 09:16 . 2011-12-04 14:42 7234100 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-437603247-1892917397-2572452206-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]
2010-05-10 09:10 433648 ----a-w- c:\programdata\Partner\Partner.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-05-10 39408]
"Advanced SystemCare 5"="c:\program files (x86)\IObit\Advanced SystemCare 5\ASCTray.exe" [2011-11-12 1647448]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"SMASH"="c:\program files (x86)\Ashampoo\Ashampoo Office 2010\smash.exe" [2009-10-30 229411]
"ISUSPM"="c:\programdata\FLEXnet\Connect\11\ISUSPM.exe" [2011-06-06 222496]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Hotkey Utility"="c:\program files (x86)\Packard Bell\Hotkey Utility\HotkeyUtility.exe" [2010-08-04 611872]
"DNS7reminder"="c:\program files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe" [2010-10-27 328992]
"EKIJ5000StatusMonitor"="c:\windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe" [2011-06-16 2922496]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"Conime"="c:\windows\system32\conime.exe" [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0Partizan
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-23 136176]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-23 136176]
R3 Partner Service;Partner Service;c:\programdata\Partner\Partner.exe [2010-05-10 332272]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2011-11-10 490840]
S2 CleanMyPCService;CleanMyPC Watcher;c:\program files\CleanMyPC\CleanMyPCService.exe [2011-08-18 69424]
S2 DragonSvc;Dragon Service;c:\program files (x86)\Common Files\Nuance\dgnsvc.exe [2011-06-05 296808]
S2 Greg_Service;GRegService;c:\program files (x86)\Packard Bell\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2011-09-05 393648]
S2 Updater Service;Updater Service;c:\program files\Packard Bell\Packard Bell Updater\UpdaterService.exe [2010-01-28 243232]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [x]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-12-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-23 00:35]
.
2011-12-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-23 00:35]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]
2010-05-10 09:10 750064 ----a-w- c:\programdata\Partner\Partner64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-11-17 9608224]
"Eraser"="c:\progra~1\Eraser\Eraser.exe" [2010-11-04 980368]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1873256]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-08-01 2417032]
"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe" [2011-06-16 2922496]
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uLocal Page = c:\windows\system32\blank.htm
mStart Page = [You must be registered and logged in to see this link.]
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\GOD\AppData\Roaming\Mozilla\Firefox\Profiles\xyxde1pt.default\
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: keyword.URL - [You must be registered and logged in to see this link.]
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-12-04 15:01:34 - machine was rebooted
ComboFix-quarantined-files.txt 2011-12-04 15:01
ComboFix2.txt 2011-12-04 10:58
ComboFix3.txt 2011-12-03 23:00
ComboFix4.txt 2011-12-03 10:40
.
Pre-Run: 203,597,512,704 bytes free
Post-Run: 203,993,681,920 bytes free
.
- - End Of File - - E59331E97ECE9FBA76C7673C85C7CA9C

pat287

Newbie Surfer
Newbie Surfer

Posts : 12
Joined : 2011-11-29
Operating System : windows 7

View user profile

Back to top Go down

Re: browser goes to random sites and sometimes plays random radio stations

Post by Superdave on Mon 05 Dec 2011, 12:58 pm

That's not the correct ComboFix log. Please look for another one. It should read "ComboFix.exe/script" in the header. How's your computer running now? Any other issues?

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: browser goes to random sites and sometimes plays random radio stations

Post by pat287 on Mon 05 Dec 2011, 7:31 pm

could not find combo fix.exe/script. I have great difficulty in trying to drag notebook over to, combo fix. I appreciate the time you spent trying to help me as far as I can see PC ok, but now no sound.

Regards Peter

pat287

Newbie Surfer
Newbie Surfer

Posts : 12
Joined : 2011-11-29
Operating System : windows 7

View user profile

Back to top Go down

Re: browser goes to random sites and sometimes plays random radio stations

Post by Superdave on Tue 06 Dec 2011, 7:34 am

Are the re-directs still happening?

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: browser goes to random sites and sometimes plays random radio stations

Post by pat287 on Tue 06 Dec 2011, 8:06 am

yes but not as often as before

pat287

Newbie Surfer
Newbie Surfer

Posts : 12
Joined : 2011-11-29
Operating System : windows 7

View user profile

Back to top Go down

Re: browser goes to random sites and sometimes plays random radio stations

Post by Superdave on Tue 06 Dec 2011, 10:16 am

Save these instructions so you can have access to them while in Safe Mode.

Please click here to download AVP Tool by Kaspersky.

  • Save it to your desktop.
  • Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
  • Double click the setup file to run it.
  • Click Next to continue.
  • Accept the License agreement and click on next.
  • It will, by default, install it to your desktop folder. Click Next.
  • It will then open a box There will be a tab that says Automatic scan.
  • Under Automatic scan make sure these are checked.

  • Hidden Startup Objects
  • System Memory
  • Disk Boot Sectors.
  • My Computer.
  • Also any other drives (Removable that you may have)

Leave the rest of the settings as they appear as default.
•Then click on Scan at the to right hand Corner.
•It will automatically Neutralize any objects found.
•If some objects are left un-neutralized then click the button that says Neutralize all
•If it says it cannot be neutralized then choose the delete option when prompted.
•After that is done click on the reports button at the bottom and save it to file name it Kas.
•Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.

Note: This tool will self uninstall when you close it so please save the log before closing it.

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: browser goes to random sites and sometimes plays random radio stations

Post by pat287 on Tue 06 Dec 2011, 11:58 am

athering system information: completed 52 minutes ago (events: 26, time: 00:01:18)
06/12/2011 00:01:57 Task completed Gathering system information
06/12/2011 00:01:57 Main script of analysis
06/12/2011 00:01:57 Deleting service/driver: ujqyoduy
06/12/2011 00:01:57 Deleting service/driver: utqyoduy
06/12/2011 00:01:57 System Analysis - complete
06/12/2011 00:01:21 System Analysis in progress
06/12/2011 00:01:20 >> Windows Explorer - show extensions of known file types
06/12/2011 00:01:20 >> Disable removable media autorun
06/12/2011 00:01:20 >> Disable CD/DVD autorun
06/12/2011 00:01:20 >> Disable autorun from network drives
06/12/2011 00:01:19 >> Disable HDD autorun
06/12/2011 00:01:19 >> Service termination timeout is out of admissible values
06/12/2011 00:01:19 >> Process termination timeout is out of admissible values
06/12/2011 00:01:17 >> Security: sending Remote Assistant queries is enabled
06/12/2011 00:01:17 >> Security: anonymous user access is enabled
06/12/2011 00:01:17 >> Security: administrative shares (C$, D$ ...) are enabled
06/12/2011 00:01:17 >> Security: disk drives' autorun is enabled
06/12/2011 00:01:17 > Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)!
06/12/2011 00:01:17 >> Services: potentially dangerous service allowed: Schedule (@%SystemRoot%\system32\schedsvc.dll,-100)
06/12/2011 00:01:17 >> Services: potentially dangerous service allowed: SSDPSRV (@%systemroot%\system32\ssdpsrv.dll,-100)
06/12/2011 00:01:17 >> Services: potentially dangerous service allowed: TermService (@%SystemRoot%\System32\termsrv.dll,-268)
06/12/2011 00:00:39 System booted in Safe Mode
06/12/2011 00:00:39 System Restore: enabled
06/12/2011 00:00:39 Windows version: Windows 7 Home Premium, Build=7601, SP="Service Pack 1"
06/12/2011 00:00:39 Main script of analysis
06/12/2011 00:00:39 Task started Gathering system information
Gathering system information: completed 50 minutes ago (events: 26, time: 00:00:55)
06/12/2011 00:03:35 Task completed Gathering system information
06/12/2011 00:03:35 Main script of analysis
06/12/2011 00:03:35 Deleting service/driver: ujqyoduy
06/12/2011 00:03:35 Deleting service/driver: utqyoduy
06/12/2011 00:03:35 System Analysis - complete
06/12/2011 00:03:13 System Analysis in progress
06/12/2011 00:03:12 >> Windows Explorer - show extensions of known file types
06/12/2011 00:03:12 >> Disable removable media autorun
06/12/2011 00:03:12 >> Disable CD/DVD autorun
06/12/2011 00:03:12 >> Disable autorun from network drives
06/12/2011 00:03:12 >> Disable HDD autorun
06/12/2011 00:03:12 >> Service termination timeout is out of admissible values
06/12/2011 00:03:12 >> Process termination timeout is out of admissible values
06/12/2011 00:03:09 >> Security: sending Remote Assistant queries is enabled
06/12/2011 00:03:09 >> Security: anonymous user access is enabled
06/12/2011 00:03:09 >> Security: administrative shares (C$, D$ ...) are enabled
06/12/2011 00:03:09 >> Security: disk drives' autorun is enabled
06/12/2011 00:03:09 > Services: please bear in mind that the set of services depends on the use of the PC (home PC, office PC connected to corporate network, etc)!
06/12/2011 00:03:09 >> Services: potentially dangerous service allowed: Schedule (@%SystemRoot%\system32\schedsvc.dll,-100)
06/12/2011 00:03:09 >> Services: potentially dangerous service allowed: SSDPSRV (@%systemroot%\system32\ssdpsrv.dll,-100)
06/12/2011 00:03:09 >> Services: potentially dangerous service allowed: TermService (@%SystemRoot%\System32\termsrv.dll,-268)
06/12/2011 00:02:40 System booted in Safe Mode
06/12/2011 00:02:40 System Restore: enabled
06/12/2011 00:02:40 Windows version: Windows 7 Home Premium, Build=7601, SP="Service Pack 1"
06/12/2011 00:02:40 Main script of analysis

pat287

Newbie Surfer
Newbie Surfer

Posts : 12
Joined : 2011-11-29
Operating System : windows 7

View user profile

Back to top Go down

Re: browser goes to random sites and sometimes plays random radio stations

Post by Superdave on Wed 07 Dec 2011, 1:27 pm

Any change?

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: browser goes to random sites and sometimes plays random radio stations

Post by pat287 on Wed 07 Dec 2011, 9:10 pm

YES !!! YES!!! Thank you for your time,i have learnt a lot from you

Regards Peter


pat287

Newbie Surfer
Newbie Surfer

Posts : 12
Joined : 2011-11-29
Operating System : windows 7

View user profile

Back to top Go down

Re: browser goes to random sites and sometimes plays random radio stations

Post by Superdave on Thu 08 Dec 2011, 7:05 am

YES !!! YES!!! Thank you for your time,i have learnt a lot from you
You're welcome. Now, we should do some cleanup.

To uninstall ComboFix


  • Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
  • In the field, type in ComboFix /uninstall




(Note: Make sure there's a space between the word ComboFix and the forward-slash.)


  • Then, press Enter, or click OK.
  • This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.

If this doesn't remove ComboFix, please let me know.
****************************************************
Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
***************************************************
Looking over your log it seems you don't have any evidence of a third party firewall.

Firewalls protect against hackers and malicious intruders. You need to download a free firewall from one of these reliable vendors.

Remember only install ONE firewall

1) Comodo Personal Firewall (Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and uncheck any HopSurf and/or Ask.com options if you choose this one)
2) Online Armor
3) Agnitum Outpost
4) PC Tools Firewall Plus

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.
*****************************************************
Use the Secunia Software Inspector to check for out of date software.

•Click Start Now

•Check the box next to Enable thorough system inspection.

•Click Start

•Allow the scan to finish and scroll down to see if any updates are needed.
•Update anything listed.
.
----------

Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: browser goes to random sites and sometimes plays random radio stations

Post by pat287 on Fri 09 Dec 2011, 10:28 am

Everything is working,and i have done everything you said. Iwill keep all your notes and learn from them .AGAIN THANK YOU.


Regards Peter

pat287

Newbie Surfer
Newbie Surfer

Posts : 12
Joined : 2011-11-29
Operating System : windows 7

View user profile

Back to top Go down

Re: browser goes to random sites and sometimes plays random radio stations

Post by Superdave on Fri 09 Dec 2011, 10:35 am

You're welcome. Happy Holidays

Superdave
Tech Staff


Tech Staff

Posts : 4193
Joined : 2010-02-01
Operating System : Windows 8.1 and a dual-boot with XP Home SP3

View user profile

Back to top Go down

Re: browser goes to random sites and sometimes plays random radio stations

Post by Sponsored content Today at 2:49 am


Sponsored content


Back to top Go down

View previous topic View next topic Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum