Tech Support Forum banner
Cancel

Can't access popular sites 2.0

Jump to Latest Follow
Status
Not open for further replies.
1 - 3 of 3 Posts
R

· Registered
Joined
·
2 Posts
Discussion Starter · #1 ·
Attempt No 2 at the same problem. Hope I follow all necessary protocol this time around...

About 2 weeks ago popular site urls like yahoo.com, mail.yahoo.com and msn.com have started to open a random home page with ads in it. I was running Kaspersky 2011 when the problem first started. I realised this had to some virus activity and when Kaspersky refused to come up with any results on the scans I installed PC Tools Spyware Doctor 2011. Spy Doc revealed a few trojans and malwares as well as a rootkit infection in kernel. Everything else got cleaned but the rootkit infection kept popping up on several occasions. Yesterday I uninstaled both Kaspersky and Spy Doc and got myself Bitdefender 2012 but I've had absolutely no luck with this darn thing. Any help will be appreciated. I am attaching a screen shot of that random home page that opens all the time.

Thanks in advance


DDS Log is below:


.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_29
Run by Rachit at 1:22:11 on 2012-01-19
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.91.1033.18.2815.1405 [GMT 5.5:30]
.
AV: Bitdefender Antivirus *Enabled/Updated* {50909708-FF80-02AF-F814-B28405891E92}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Bitdefender Antispyware *Enabled/Updated* {EBF176EC-D9BA-0D21-C2A4-89F67E0E542F}
FW: Bitdefender Firewall *Disabled* {68AB162D-B5EF-03F7-D34B-1BB1FB5A59E9}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files\Bitdefender\Bitdefender 2012\vsserv.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
D:\Program Files\BurnAware Professional\NMSAccess32.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Bitdefender\Bitdefender 2012\updatesrv.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
C:\Program Files\Bitdefender\Bitdefender 2012\bdagent.exe
C:\Windows\system32\schtasks.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
D:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\system32\SearchIndexer.exe
D:\Program Files\Nero\Nero 10\Nero BackItUp\NBAgent.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe
C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
C:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
C:\Program Files\Nero\Update\NASvc.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Common Files\Nokia\NoA\nokiaaserver.exe
C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Rachit\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rachit\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rachit\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rachit\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rachit\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rachit\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rachit\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Rachit\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\Rachit\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local;192.168.*.*
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - d:\progra~1\micros~1\office14\GROOVEEX.DLL
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - d:\progra~1\micros~1\office14\URLREDIR.DLL
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File
uRun: [DAEMON Tools Lite] "d:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [NokiaOviSuite2] c:\program files\nokia\nokia ovi suite\NokiaOviSuite.exe -tray
uRun: [KiesHelper] c:\program files\samsung\kies\KiesHelper.exe /s
uRun: [KiesTrayAgent] c:\program files\samsung\kies\KiesTrayAgent.exe
uRun: [KiesPDLR] c:\program files\samsung\kies\external\firmwareupdate\KiesPDLR.exe
uRun: [AlcoholAutomount] "c:\program files\alcohol soft\alcohol 120\AxAutoMntSrv.exe" -automount
uRun: [AWC] "c:\program files\awc\AWC"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "d:\program files\itunes\iTunesHelper.exe"
mRun: [BCSSync] "d:\program files\microsoft office\office14\BCSSync.exe" /DelayServices
mRun: [Adobe Reader Speed Launcher] "d:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [NokiaMServer] c:\program files\common files\nokia\mplatform\NokiaMServer /watchfiles startup
mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
mRun: [NBAgent] "d:\program files\nero\nero 10\nero backitup\NBAgent.exe" /WinStart
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [BDAgent] "c:\program files\bitdefender\bitdefender 2012\bdagent.exe"
StartupFolder: c:\users\rachit\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - d:\program files\microsoft office\office14\ONENOTEM.EXE
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: E&xport to Microsoft Excel - d:\progra~1\micros~1\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - d:\progra~1\micros~1\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - d:\program files\microsoft office\office14\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - d:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
LSP: c:\program files\nvidia corporation\networkaccessmanager\bin32\nvLsp.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 109.74.196.50 109.74.196.50
TCP: Interfaces\{079DBFD1-8261-43EE-98FE-B57368528CAB} : DhcpNameServer = 109.74.196.50 109.74.196.50
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - d:\progra~1\micros~1\office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\rachit\appdata\roaming\mozilla\firefox\profiles\jc8b2ic8.default\
FF - component: c:\program files\nokia\nokia ovi suite\connectors\bookmarks connector\firefoxextension\components\FirefoxExtension.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\users\rachit\appdata\local\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: d:\progra~1\micros~1\office14\NPAUTHZ.DLL
FF - plugin: d:\progra~1\micros~1\office14\NPSPWRAP.DLL
FF - plugin: d:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: d:\program files\adobe\reader 9.0\reader\browser\nppdf32.dll
FF - plugin: d:\program files\itunes\mozilla plugins\npitunes.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
FF - Ext: Firefox Synchronisation Extension: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70} - c:\program files\nokia\nokia ovi suite\connectors\bookmarks connector\FirefoxExtension
.
============= SERVICES / DRIVERS ===============
.
R0 avc3;avc3;c:\windows\system32\drivers\avc3.sys [2011-11-25 604328]
R1 bdfwfpf;bdfwfpf;c:\program files\common files\bitdefender\bitdefender firewall\bdfwfpf.sys [2011-11-14 90704]
R1 BDVEDISK;BDVEDISK;c:\windows\system32\drivers\bdvedisk.sys [2010-1-19 85128]
R2 MotoHelper;MotoHelper Service;c:\program files\motorola\motohelper\MotoHelperService.exe [2010-12-3 218432]
R2 NAUpdate;Nero Update;c:\program files\nero\update\NASvc.exe [2010-2-18 462632]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\nvidia corporation\nvidia updatus\daemonu.exe [2011-7-6 2214504]
R2 UPDATESRV;BitDefender Desktop Update Service;c:\program files\bitdefender\bitdefender 2012\updatesrv.exe [2011-11-17 50128]
R3 avchv;avchv Function Driver;c:\windows\system32\drivers\avchv.sys [2011-11-25 240184]
R3 avckf;avckf;c:\windows\system32\drivers\avckf.sys [2011-11-28 446160]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2009-12-24 370688]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 bdsandbox;bdsandbox;c:\windows\system32\drivers\bdsandbox.sys [2011-9-29 63056]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\drivers\ssudbus.sys [2011-4-20 71624]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;d:\program files\microsoft office\office14\GROOVE.EXE [2010-1-21 30963576]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2010-7-26 137600]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2010-7-26 8576]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-2-26 15872]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\drivers\ssudmdm.sys [2011-6-7 180672]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-2-26 52224]
S3 Update Server;BitDefender Update Server v2;c:\program files\common files\bitdefender\bitdefender arrakis server\bin\arrakis3.exe [2011-10-14 307544]
.
=============== Created Last 30 ================
.
2012-01-17 21:39:18 414137 ----a-w- c:\programdata\1326835006.bdinstall.bin
2012-01-17 21:34:58 -------- d-----w- c:\users\rachit\appdata\roaming\Bitdefender
2012-01-17 21:34:50 -------- d-----w- c:\programdata\Bitdefender
2012-01-17 21:04:46 -------- d-sh--w- C:\$RECYCLE.BIN
2012-01-17 20:45:23 98816 ----a-w- c:\windows\sed.exe
2012-01-17 20:45:23 518144 ----a-w- c:\windows\SWREG.exe
2012-01-17 20:45:23 256000 ----a-w- c:\windows\PEV.exe
2012-01-17 20:45:23 208896 ----a-w- c:\windows\MBR.exe
2012-01-17 19:41:13 4472 ----a-w- c:\programdata\1326829263.5252.bin
2012-01-17 19:41:13 32675 ----a-w- c:\programdata\1326829263.5256.bin
2012-01-17 19:41:12 1670 ----a-w- c:\programdata\1326829263.5224.bin
2012-01-17 19:41:07 8843 ----a-w- c:\programdata\1326829263.5092.bin
2012-01-17 19:41:07 5070 ----a-w- c:\programdata\1326829263.5096.bin
2012-01-17 19:41:07 1698 ----a-w- c:\programdata\1326829263.5188.bin
2012-01-17 19:41:05 307025 ----a-w- c:\programdata\1326829263.5008.bin
2012-01-17 19:41:03 9203 ----a-w- c:\programdata\1326829263.4992.bin
2012-01-17 19:41:03 45610 ----a-w- c:\programdata\1326829263.4964.bin
2012-01-17 19:21:20 739 ----a-w- c:\programdata\1326828056.4372.bin
2012-01-17 19:21:11 1698 ----a-w- c:\programdata\1326828056.4128.bin
2012-01-17 19:21:06 783 ----a-w- c:\programdata\1326828056.4100.bin
2012-01-17 19:21:06 4455 ----a-w- c:\programdata\1326828056.2516.bin
2012-01-17 19:21:05 340624 ----a-w- c:\windows\system32\drivers\trufos.sys
2012-01-17 19:21:02 360976 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys
2012-01-17 19:21:00 9323 ----a-w- c:\programdata\1326828056.3532.bin
2012-01-17 19:21:00 4036 ----a-w- c:\programdata\1326828056.2380.bin
2012-01-17 19:20:58 67131 ----a-w- c:\programdata\1326828056.1728.bin
2012-01-17 19:20:57 6213 ----a-w- c:\programdata\1326828056.2800.bin
2012-01-17 19:20:56 45855 ----a-w- c:\programdata\1326828056.1956.bin
2012-01-17 19:03:49 28749 ----a-w- c:\programdata\1326823304.5060.bin
2012-01-17 18:01:55 4472 ----a-w- c:\programdata\1326823304.4592.bin
2012-01-17 18:01:55 32019 ----a-w- c:\programdata\1326823304.4596.bin
2012-01-17 18:01:54 739 ----a-w- c:\programdata\1326823304.4576.bin
2012-01-17 18:01:50 1698 ----a-w- c:\programdata\1326823304.4532.bin
2012-01-17 18:01:47 9323 ----a-w- c:\programdata\1326823304.4356.bin
2012-01-17 18:01:47 5072 ----a-w- c:\programdata\1326823304.4360.bin
2012-01-17 18:01:46 105318 ----a-w- c:\programdata\1326823304.4340.bin
2012-01-17 18:01:44 6188 ----a-w- c:\programdata\1326823304.4328.bin
2012-01-17 18:01:44 53311 ----a-w- c:\programdata\1326823304.4300.bin
2012-01-17 17:57:44 20831 ----a-w- c:\programdata\1326823059.bdinstall.bin
2012-01-17 17:56:45 287039 ----a-w- c:\programdata\1326821586.bdinstall.bin
2012-01-17 17:38:40 -------- d-----w- c:\users\rachit\appdata\roaming\QuickScan
2012-01-15 08:48:13 -------- d-----w- c:\program files\PC Tools
2012-01-15 08:08:32 185560 ----a-w- c:\windows\system32\drivers\PCTSD.sys
2012-01-15 08:08:32 -------- d-----w- c:\program files\common files\PC Tools
2012-01-15 08:05:51 -------- d-----w- c:\users\rachit\appdata\roaming\TestApp
2012-01-15 08:05:51 -------- d-----w- c:\programdata\PC Tools
2012-01-09 18:20:46 -------- d-----w- c:\users\rachit\appdata\roaming\Scrabble Plus
2012-01-07 21:06:18 2048 ----a-w- c:\windows\system32\tzres.dll
2012-01-07 21:06:09 534528 ----a-w- c:\windows\system32\EncDec.dll
2012-01-07 21:06:09 2342912 ----a-w- c:\windows\system32\win32k.sys
2012-01-07 21:05:41 38912 ----a-w- c:\windows\system32\csrsrv.dll
2012-01-07 21:05:39 3912560 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-01-07 21:05:38 3967856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-01-04 00:05:25 6823496 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{06a52282-5d47-4053-85ba-0de59cb28488}\mpengine.dll
.
==================== Find3M ====================
.
2011-11-28 12:04:00 446160 ----a-w- c:\windows\system32\drivers\avckf.sys
2011-11-25 08:29:40 240184 ----a-w- c:\windows\system32\drivers\avchv.sys
2011-11-25 08:26:36 604328 ----a-w- c:\windows\system32\drivers\avc3.sys
2011-11-19 14:01:00 67072 ----a-w- c:\windows\system32\packager.dll
2011-11-17 05:41:52 67440 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2011-11-17 05:41:51 134000 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2011-11-17 05:39:24 369352 ----a-w- c:\windows\system32\drivers\cng.sys
2011-11-17 05:38:39 1288472 ----a-w- c:\windows\system32\ntdll.dll
2011-11-17 05:35:02 314880 ----a-w- c:\windows\system32\webio.dll
2011-11-17 05:34:55 15872 ----a-w- c:\windows\system32\sspisrv.dll
2011-11-17 05:34:55 100352 ----a-w- c:\windows\system32\sspicli.dll
2011-11-17 05:34:52 224768 ----a-w- c:\windows\system32\schannel.dll
2011-11-17 05:34:52 22016 ----a-w- c:\windows\system32\secur32.dll
2011-11-17 05:32:51 1038848 ----a-w- c:\windows\system32\lsasrv.dll
2011-11-17 05:29:50 22528 ----a-w- c:\windows\system32\lsass.exe
2011-11-13 09:33:40 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-11-03 22:47:42 1798144 ----a-w- c:\windows\system32\jscript9.dll
2011-11-03 22:40:21 1427456 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-03 22:39:47 1127424 ----a-w- c:\windows\system32\wininet.dll
2011-11-03 22:31:57 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-10-26 04:32:11 514560 ----a-w- c:\windows\system32\qdvd.dll
2011-10-26 04:32:11 1328128 ----a-w- c:\windows\system32\quartz.dll
.
============= FINISH: 1:23:14.59 ===============


FURTHER....

Gmer scan resulted in a blue screen.

The report read:


Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.1.7601.2.1.0.256.1
Locale ID: 16393

Additional information about the problem:
BCCode: 50
BCP1: B1400008
BCP2: 00000000
BCP3: A06ED3CB
BCP4: 00000002
OS Version: 6_1_7601
Service Pack: 1_0
Product: 256_1

Files that help describe the problem:
C:\Windows\Minidump\011812-19000-01.dmp
C:\Users\Rachit\AppData\Local\Temp\WER-106735-0.sysdata.xml

Read our privacy statement online:
Windows 7 Privacy Statement - Microsoft Windows

If the online privacy statement is not available, please read our privacy statement offline:
C:\Windows\system32\en-US\erofflps.txt



For now keeping my fingers crossed...
 

Attachments

K27

· Registered
Joined
·
690 Posts
#2 ·
Hi,

Welcome to TSF.


I'm K27 and I am currently reviewing your log.

Please DO NOT run any scans/tools/fixes on your own as this will conflict with the tools we are going to use.

Please Print or Save to Notepad all instructions and please follow them carefully and if there's something you don't understand or that will not work please let me know and we will go through it together.

Please DO NOT use this system for anything apart from visiting this forum and other sites I direct you too, as this will only make the cleanup process all the more difficult.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed. This is to free up my time so as to continue to help others. If you need longer to reply, then that is fine, but please to let me know.


Before we continue can I ask you to please read all the information in the link's below as they contain information for Peer2Peer programs and cracked software.
Not only is it illegal to download from P2P and torrent sites it is also a breeding ground for malware and more than likely the reason you were infected.
It would be futile to try and remove any infection on your system all the time P2P programs are installed.

Perils of P2P File Sharing
Cracked (Illegal) Software

Then i need you to go to:
  • Start (windows icon bottom left corner of screen)
  • Control panel
  • Add/Remove programs
  • look for

uTorrent

  • Uninstall
  • Reboot PC

Then please uninstalll anything else running on the machine that may relate to P2P files sharing or cracked Software.


Then please check for additional security risks
  • Please download CKScanner© by askey127 and save to your desktop. Click here.
  • Double click on CKScanner.exe and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File. You will be prompted, click OK.
  • Post the contents of ckfiles.txt in your reply, it is located on your desktop.

Please post back the CKScanner report and a fresh set of DDS logs,

Thanks.
 
Save Share
1 - 3 of 3 Posts
Status
Not open for further replies.
About this Discussion
2 Replies
3 Participants
Last post:
amateur
Tech Support Forum
A forum community dedicated to tech experts and enthusiasts. Come join the discussion about articles, computer security, Mac, Microsoft, Linux, hardware, networking, gaming, reviews, accessories, and more!
Full Forum Listing
Explore Our Forums
Windows XP Support Windows 7 , Windows Vista Support Motherboards, Bios|UEFI & CPU Networking Support Laptop Support
Top