Author Topic: svchost.exe grabs CPU & memory; browser gets redirected (Read 22010 times)

SuperDave · « **Reply #15 on:** October 27, 2010, 01:31:16 PM »

Please download TDSSKiller from here and save it to your Desktop.

Doubleclick TDSSKiller.exe to run the tool
Click the Start Scan button (If prompted with a "hidden service warning" do go ahead and delete it.)
After the scan has finished, click the Close button
Click the Report button and copy/paste the contents of it into your next reply
Note:It will also create a log in the C:\ directory.

Billb114 · « **Reply #16 on:** October 27, 2010, 02:47:28 PM »

SuperDave -
I downloaded TDSSKiller and ran a scan as instructed. However when it finished I clicked on "continue" by mistake. It's now going to try to cure my PC after reboot. Sorry!
I've not rebooted yet - I will try to wait for your instructions (sometimes the PC bogs down from the malware and freezes up). Again, very sorry!

TDSSKiller log follows:

2010/10/27 16:39:58.0250   TDSS rootkit removing tool 2.4.5.1 Oct 26 2010 11:28:49
2010/10/27 16:39:58.0250   ================================================================================
2010/10/27 16:39:58.0250   SystemInfo:
2010/10/27 16:39:58.0250
2010/10/27 16:39:58.0250   OS Version: 5.1.2600 ServicePack: 2.0
2010/10/27 16:39:58.0250   Product type: Workstation
2010/10/27 16:39:58.0250   ComputerName: COMPUTERROOM
2010/10/27 16:39:58.0250   UserName: William Brophy
2010/10/27 16:39:58.0250   Windows directory: C:\WINDOWS
2010/10/27 16:39:58.0250   System windows directory: C:\WINDOWS
2010/10/27 16:39:58.0250   Processor architecture: Intel x86
2010/10/27 16:39:58.0250   Number of processors: 1
2010/10/27 16:39:58.0250   Page size: 0x1000
2010/10/27 16:39:58.0250   Boot type: Normal boot
2010/10/27 16:39:58.0250   ================================================================================
2010/10/27 16:39:58.0468   Initialize success
2010/10/27 16:40:09.0828   ================================================================================
2010/10/27 16:40:09.0828   Scan started
2010/10/27 16:40:09.0828   Mode: Manual;
2010/10/27 16:40:09.0828   ================================================================================
2010/10/27 16:40:10.0546   Aavmker4 (2ccfa74242741ca22a4267cce9b586f4) C:\WINDOWS\system32\drivers\Aavmker4.sys
2010/10/27 16:40:10.0718   ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2010/10/27 16:40:10.0796   ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2010/10/27 16:40:10.0937   aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
2010/10/27 16:40:11.0031   aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
2010/10/27 16:40:11.0171   AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
2010/10/27 16:40:11.0281   agp440 (2c428fa0c3e3a01ed93c9b2a27d8d4bb) C:\WINDOWS\system32\DRIVERS\agp440.sys
2010/10/27 16:40:11.0828   aswFsBlk (b4079a98f294a3e262872cb76f4849f0) C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys
2010/10/27 16:40:11.0953   aswMon2 (dbee7b5ecb50fc2cf9323f52cbf41141) C:\WINDOWS\system32\drivers\aswMon2.sys
2010/10/27 16:40:12.0062   aswRdr (8080d683489c99cbace813f6fa4069cc) C:\WINDOWS\system32\drivers\aswRdr.sys
2010/10/27 16:40:12.0203   aswSP (2e5a2ad5004b55df39b7606130a88142) C:\WINDOWS\system32\drivers\aswSP.sys
2010/10/27 16:40:12.0281   aswTdi (d4c83a37efadfa2c398362e0776e3773) C:\WINDOWS\system32\drivers\aswTdi.sys
2010/10/27 16:40:12.0406   AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2010/10/27 16:40:12.0500   atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2010/10/27 16:40:12.0687   Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2010/10/27 16:40:12.0781   audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2010/10/27 16:40:12.0906   BASFND (ce218c09caf41537ceb5a872a019a7e2) C:\WINDOWS\system32\Drivers\BASFND.sys
2010/10/27 16:40:13.0000   Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2010/10/27 16:40:13.0359   cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2010/10/27 16:40:13.0500   Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2010/10/27 16:40:13.0593   Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2010/10/27 16:40:13.0687   Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2010/10/27 16:40:14.0125   Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2010/10/27 16:40:14.0312   dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
2010/10/27 16:40:14.0484   dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
2010/10/27 16:40:14.0578   dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2010/10/27 16:40:14.0703   DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2010/10/27 16:40:14.0859   drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2010/10/27 16:40:14.0968   dsNcAdpt (b2c3f71b86e25c3df78339ddb40a7562) C:\WINDOWS\system32\DRIVERS\dsNcAdpt.sys
2010/10/27 16:40:15.0078   E100B (98ed0bea10477b0f252cca35eb50f838) C:\WINDOWS\system32\DRIVERS\e100b325.sys
2010/10/27 16:40:15.0218   Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2010/10/27 16:40:15.0343   Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
2010/10/27 16:40:15.0468   Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
2010/10/27 16:40:15.0578   Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2010/10/27 16:40:15.0671   FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2010/10/27 16:40:15.0765   Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2010/10/27 16:40:15.0859   Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2010/10/27 16:40:16.0062   FW1 (7441f96680ac1fad27ae34ff8076d594) C:\WINDOWS\system32\DRIVERS\fw.sys
2010/10/27 16:40:16.0250   Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2010/10/27 16:40:16.0437   hidusb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2010/10/27 16:40:16.0625   HSFHWBS2 (970178e8e003eb1481293830069624b9) C:\WINDOWS\system32\DRIVERS\HSFBS2S2.sys
2010/10/27 16:40:16.0796   HSF_DP (ebb354438a4c5a3327fb97306260714a) C:\WINDOWS\system32\DRIVERS\HSFDPSP2.sys
2010/10/27 16:40:17.0046   HTTP (cb77bb47e67e84deb17ba29632501730) C:\WINDOWS\system32\Drivers\HTTP.sys
2010/10/27 16:40:17.0234   i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2010/10/27 16:40:17.0375   Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2010/10/27 16:40:17.0500   IntelIde (2d722b2b54ab55b2fa475eb58d7b2aad) C:\WINDOWS\system32\DRIVERS\intelide.sys
2010/10/27 16:40:17.0546   intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2010/10/27 16:40:17.0640   Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2010/10/27 16:40:17.0734   IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2010/10/27 16:40:17.0828   IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2010/10/27 16:40:17.0921   IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2010/10/27 16:40:18.0031   IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2010/10/27 16:40:18.0156   IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2010/10/27 16:40:18.0250   isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2010/10/27 16:40:18.0375   Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2010/10/27 16:40:18.0484   kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2010/10/27 16:40:18.0593   kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
2010/10/27 16:40:18.0703   KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
2010/10/27 16:40:18.0906   mdmxsdk (195741aee20369980796b557358cd774) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2010/10/27 16:40:19.0031   mfeavfk (bafdd5e28baea99d7f4772af2f5ec7ee) C:\WINDOWS\system32\drivers\mfeavfk.sys
2010/10/27 16:40:19.0093   mfebopk (1d003e3056a43d881597d6763e83b943) C:\WINDOWS\system32\drivers\mfebopk.sys
2010/10/27 16:40:19.0218   mfehidk (3f138a1c8a0659f329f242d1e389b2cf) C:\WINDOWS\system32\drivers\mfehidk.sys
2010/10/27 16:40:19.0343   mferkdk (41fe2f288e05a6c8ab85dd56770ffbad) C:\WINDOWS\system32\drivers\mferkdk.sys
2010/10/27 16:40:19.0437   mfesmfk (096b52ea918aa909ba5903d79e129005) C:\WINDOWS\system32\drivers\mfesmfk.sys
2010/10/27 16:40:19.0546   mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2010/10/27 16:40:19.0671   Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
2010/10/27 16:40:19.0765   MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys
2010/10/27 16:40:19.0843   Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2010/10/27 16:40:19.0937   mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2010/10/27 16:40:20.0031   MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2010/10/27 16:40:20.0187   MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2010/10/27 16:40:20.0312   MRxSmb (6f2d483b97b395544e59749c47963c6a) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2010/10/27 16:40:20.0531   Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2010/10/27 16:40:20.0625   MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2010/10/27 16:40:20.0687   MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2010/10/27 16:40:20.0734   MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2010/10/27 16:40:20.0828   mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2010/10/27 16:40:20.0921   Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2010/10/27 16:40:21.0015   NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2010/10/27 16:40:21.0140   NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2010/10/27 16:40:21.0234   Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2010/10/27 16:40:21.0312   NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2010/10/27 16:40:21.0437   NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2010/10/27 16:40:21.0562   NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2010/10/27 16:40:21.0609   NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2010/10/27 16:40:21.0812   Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2010/10/27 16:40:21.0953   Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
2010/10/27 16:40:22.0093   Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2010/10/27 16:40:22.0281   nv (2b298519edbfcf451d43e0f1e8f1006d) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2010/10/27 16:40:22.0531   NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2010/10/27 16:40:22.0609   NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2010/10/27 16:40:22.0750   OADevice (f759e5266a91e6a9ab5dd7939c6560b6) C:\WINDOWS\system32\drivers\OADriver.sys
2010/10/27 16:40:22.0859   OAmon (fe6a66c9614de5e0f3e6b846a699fcae) C:\WINDOWS\system32\drivers\OAmon.sys
2010/10/27 16:40:22.0953   OAnet (44bff97b3704475194380e563180b64e) C:\WINDOWS\system32\drivers\OAnet.sys
2010/10/27 16:40:23.0031   OMCI (cec7e2c6c1fa00c7ab2f5434f848ae51) C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS
2010/10/27 16:40:23.0125   OMVA (73c74eb8b231974b7a961fddd878ae01) C:\WINDOWS\system32\DRIVERS\OMVA.sys
2010/10/27 16:40:23.0234   Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
2010/10/27 16:40:23.0343   PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2010/10/27 16:40:23.0484   ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2010/10/27 16:40:23.0578   PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
2010/10/27 16:40:23.0718   PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
2010/10/27 16:40:23.0843   Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
2010/10/27 16:40:24.0296   PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2010/10/27 16:40:24.0406   Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2010/10/27 16:40:24.0812   RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2010/10/27 16:40:24.0921   Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2010/10/27 16:40:25.0000   RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2010/10/27 16:40:25.0125   Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2010/10/27 16:40:25.0218   Rdbss (29d66245adba878fff574cd66abd2884) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2010/10/27 16:40:25.0343   RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2010/10/27 16:40:25.0468   RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
2010/10/27 16:40:25.0625   redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
2010/10/27 16:40:25.0843   SASDIFSV (a3281aec37e0720a2bc28034c2df2a56) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
2010/10/27 16:40:25.0875   SASKUTIL (61db0d0756a99506207fd724e3692b25) C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
2010/10/27 16:40:26.0000   Scap (8c3d61bb8f35264e14fb76856fefad62) C:\WINDOWS\system32\DRIVERS\Scap.sys
2010/10/27 16:40:26.0125   Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2010/10/27 16:40:26.0250   serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
2010/10/27 16:40:26.0343   Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
2010/10/27 16:40:26.0437   Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2010/10/27 16:40:26.0671   smwdm (70b8dd8707dbf6142530c106365df67d) C:\WINDOWS\system32\drivers\smwdm.sys
2010/10/27 16:40:26.0906   splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
2010/10/27 16:40:27.0031   sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
2010/10/27 16:40:27.0187   Srv (ab9c79ed12d65e800aaad3d72a04792f) C:\WINDOWS\system32\DRIVERS\srv.sys
2010/10/27 16:40:27.0421   swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2010/10/27 16:40:27.0562   swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2010/10/27 16:40:28.0265   sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2010/10/27 16:40:28.0640   SysProtDrv.sys (7d5b6655442dbcf5e3b86a134ab90584) C:\Documents and Settings\William Brophy\Desktop\SysProtDrv.sys
2010/10/27 16:40:28.0656   Suspicious file (Forged): C:\Documents and Settings\William Brophy\Desktop\SysProtDrv.sys. Real md5: 7d5b6655442dbcf5e3b86a134ab90584, Fake md5: c88b251b625e73c1feef21b61f4ce74d
2010/10/27 16:40:28.0671   SysProtDrv.sys - detected Forged file (1)
2010/10/27 16:40:29.0093   Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2010/10/27 16:40:29.0468   TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2010/10/27 16:40:29.0796   TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2010/10/27 16:40:30.0125   TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2010/10/27 16:40:30.0703   Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2010/10/27 16:40:31.0250   Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys
2010/10/27 16:40:31.0625   usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2010/10/27 16:40:31.0828   usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2010/10/27 16:40:32.0062   usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2010/10/27 16:40:32.0343   usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2010/10/27 16:40:32.0656   usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2010/10/27 16:40:32.0937   USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2010/10/27 16:40:33.0218   usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2010/10/27 16:40:33.0546   VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2010/10/27 16:40:34.0328   VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
2010/10/27 16:40:35.0000   VPN-1 (793b9aed2fc908fdfc93f0afa07f59cf) C:\WINDOWS\System32\drivers\vpn.sys
2010/10/27 16:40:35.0578   Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2010/10/27 16:40:35.0953   wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
2010/10/27 16:40:36.0468   winachsf (1225ebea76aac3c84df6c54fe5e5d8be) C:\WINDOWS\system32\DRIVERS\HSFCXTS2.sys
2010/10/27 16:40:37.0093   WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2010/10/27 16:40:37.0359   WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2010/10/27 16:40:37.0515   \HardDisk0\MBR - detected Rootkit.Win32.TDSS.tdl4 (0)
2010/10/27 16:40:37.0531   ================================================================================
2010/10/27 16:40:37.0531   Scan finished
2010/10/27 16:40:37.0531   ================================================================================
2010/10/27 16:40:37.0546   Detected object count: 2
2010/10/27 16:41:06.0609   Forged file(SysProtDrv.sys) - User select action: Skip
2010/10/27 16:41:06.0656   \HardDisk0\MBR - will be cured after reboot
2010/10/27 16:41:06.0656   Rootkit.Win32.TDSS.tdl4(\HardDisk0\MBR) - User select action: Cure
2010/10/27 16:42:23.0375   Deinitialize success

SuperDave · « **Reply #17 on:** October 27, 2010, 04:37:27 PM »

Quote

Again, very sorry!

Don't worry about it. Go ahead, reboot and please run ComboFix again and post the log.

Billb114 · « **Reply #18 on:** October 27, 2010, 06:09:27 PM »

Ran ComboFix - reported infection in master boot sector - I clicked "ok"
Then reported rootkit activity found and the PC rebooted.
ComboFix then finished, log follows:

ComboFix 10-10-26.04 - William Brophy 10/27/2010 19:43:09.9.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.767.448 [GMT -4:00]
Running from: c:\documents and settings\William Brophy\Desktop\commy.exe
AV: avast! antivirus 4.8.1368 [VPS 101027-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Online Armor Firewall *disabled* {B797DAA0-7E2E-4711-8BB3-D12744F1922A}
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2010-09-27 to 2010-10-27 )))))))))))))))))))))))))))))))
.

2010-10-26 23:23 . 2010-10-26 23:23   --------   d-----w-   c:\program files\7-Zip
2010-10-21 00:30 . 2010-10-21 01:00   --------   d-----w-   c:\documents and settings\William Brophy\Local Settings\Application Data\NOS
2010-10-16 13:53 . 2010-10-16 13:53   --------   d-----w-   C:\Avast_report
2010-10-16 01:16 . 2010-09-15 08:50   472808   ----a-w-   c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
2010-10-16 01:16 . 2010-09-15 08:50   472808   ----a-w-   c:\windows\system32\deployJava1.dll
2010-10-15 22:24 . 2010-10-15 22:24   --------   d-----w-   c:\program files\CCleaner
2010-10-15 17:03 . 2010-10-19 09:46   --------   d-----w-   c:\documents and settings\William Brophy\Application Data\OnlineArmor
2010-10-15 17:03 . 2010-10-15 20:31   --------   d-----w-   c:\documents and settings\All Users\Application Data\OnlineArmor
2010-10-15 17:02 . 2010-07-07 16:25   22600   ----a-w-   c:\windows\system32\drivers\OAmon.sys
2010-10-15 17:02 . 2010-07-07 16:25   28232   ----a-w-   c:\windows\system32\drivers\OAnet.sys
2010-10-15 17:02 . 2010-07-07 16:25   236104   ----a-w-   c:\windows\system32\drivers\OADriver.sys
2010-10-15 17:02 . 2010-10-15 17:02   --------   d-----w-   c:\program files\Emsisoft
2010-10-15 10:33 . 2010-10-15 10:33   --------   d-----w-   c:\program files\ESET
2010-10-15 05:20 . 2010-10-15 05:20   --------   d-----w-   c:\documents and settings\William Brophy\Application Data\SUPERAntiSpyware.com
2010-10-15 05:20 . 2010-10-15 23:01   --------   d-----w-   c:\program files\SUPERAntiSpyware
2010-10-15 04:39 . 2010-10-15 04:39   --------   d-----w-   c:\documents and settings\Administrator\Local Settings\Application Data\TSVNCache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-15 06:29 . 2009-03-28 20:49   73728   ----a-w-   c:\windows\system32\javacpl.cpl
2008-12-23 15:53 . 2009-04-16 16:10   232694   ----a-w-   c:\program files\Putty.reg
2004-09-09 14:48 . 2009-04-16 16:10   376832   ----a-r-   c:\program files\putty.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="c:\windows\system32\NVMCTRAY.DLL" [2003-10-06 49152]
"Aim6"="c:\program files\AIM6\aim6.exe" [2009-05-19 49968]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-29 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-10-06 5058560]
"nwiz"="nwiz.exe" [2003-10-06 741376]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816]
"Dell AIO Printer A920"="c:\program files\Dell AIO Printer A920\dlbkbmgr.exe" [2003-05-12 270336]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"@OnlineArmor GUI"="c:\program files\Emsisoft\Online Armor\oaui.exe" [2010-07-07 6854984]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Communicator"="c:\program files\Microsoft Office Communicator\Communicator.exe" [2005-05-12 4167376]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\Emsisoft\ONLINE~1\oaevent.dll" [2010-07-07 924488]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21   548352   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ckpNotify]
2005-03-02 03:49   24672   ----a-w-   c:\windows\system32\ckpNotify.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Microsoft Office Communicator\\communicator.exe"=
"c:\\DevSuiteHome_1\\BIN\\rwbuilder.exe"=
"c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_GUI.exe"=
"c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\scc.exe"=
"c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_Diagnostics.exe"=
"c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_SDS.exe"=
"c:\\Program Files\\CheckPoint\\SecuRemote\\bin\\SR_Service.exe"=
"c:\\Program Files\\Microsoft Office\\Live Meeting 8\\Console\\PWConsole.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [12/5/2009 1:58 PM 114768]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [10/15/2010 1:02 PM 236104]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [10/15/2010 1:02 PM 22600]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [10/15/2010 1:02 PM 28232]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 2:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 2:41 PM 67656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12/5/2009 1:58 PM 20560]
R2 OAcat;Online Armor Helper Service;c:\program files\Emsisoft\Online Armor\oacat.exe [10/15/2010 1:02 PM 1283400]
R2 Scap;SecureClient Application Policy Module;c:\windows\system32\drivers\scap.sys [1/31/2009 3:50 PM 17456]
R2 SvcOnlineArmor;Online Armor;c:\program files\Emsisoft\Online Armor\oasrv.exe [10/15/2010 1:02 PM 3364680]
R2 VPN-1;VPN-1 Module;c:\windows\system32\drivers\vpn.sys [1/31/2009 3:50 PM 670128]
R3 FW1;SecuRemote Miniport;c:\windows\system32\drivers\fw.sys [1/31/2009 3:50 PM 2041904]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [1/28/2010 7:37 PM 135664]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [8/12/2004 10:06 AM 14336]
S3 OMVA;VPN-1 SecureClient Adapter;c:\windows\system32\drivers\OMVA.sys [1/31/2009 3:50 PM 14924]
S3 SysProtDrv.sys;SysProtDrv.sys;c:\documents and settings\William Brophy\Desktop\SysProtDrv.sys [10/25/2010 11:10 PM 44288]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper   REG_MULTI_SZ     nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-10-04 c:\windows\Tasks\defragC.job
- c:\util\defragC.bat [2010-01-25 03:10]

2010-10-05 c:\windows\Tasks\defragF.job
- c:\util\defragF.bat [2010-01-25 03:10]

2010-10-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-28 23:37]

2010-10-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-28 23:37]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://secure.maine.gov/dana-cached/sc/JuniperSetupClient.cab
FF - ProfilePath - c:\documents and settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\
FF - prefs.js: browser.startup.homepage - hxxp://87.248.113.14/
FF - plugin: c:\documents and settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealOne Player\Netscape6\nprpjplug.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-10-27 19:58
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.0 by Gmer, http://www.gmer.net
Windows 5.1.2600

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe catchme.sys CLASSPNP.SYS disk.sys >>UNKNOWN [0x83B09566]<<
1 nt!IofCallDriver[0x804E37C5] -> \Device\Harddisk0\DR0[0x83B92AB8]
2 nt[0x804E37C5] -> CLASSPNP.SYS[0xF76F005B] -> \Device\Harddisk0\DR0[0x83B92AB8]
3 CLASSPNP[0xF76F005B] -> nt!IofCallDriver[0x804E37C5] -> [0x83BE1480]
\Driver\atapi[0x83BC9A48] -> IRP_MJ_CREATE -> 0x83B09566
4 nt[0x804E37C5] -> UNKNOWN[0x83B09569] -> [0x83BE1480]
kernel: MBR read successfully
detected hooks:
\Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskWDC_WD600BB-75CAA0______________________16.06V16#4457572d414d4638363139373939_030_0_0_0_0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
\Driver\Disk -> CLASSPNP.SYS @ 0xf76f3fc3
\Driver\ACPI -> ACPI.sys @ 0xf7666cb8
\Driver\atapi DriverStartIo -> 0x83B093B2
\Driver\atapi -> atapi.sys @ 0xf761e7b4
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0084
SecurityProcedure -> ntoskrnl.exe @ 0x8059baf0
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0084
SecurityProcedure -> ntoskrnl.exe @ 0x8059baf0
user != kernel MBR !!!
sectors 117187261 (+238): user != kernel

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(708)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
Completion time: 2010-10-27 20:04:01
ComboFix-quarantined-files.txt 2010-10-28 00:03
ComboFix2.txt 2010-10-25 21:45
ComboFix3.txt 2010-10-22 22:50
ComboFix4.txt 2010-10-19 02:43
ComboFix5.txt 2010-10-27 23:32

Pre-Run: 37,241,700,352 bytes free
Post-Run: 37,248,167,936 bytes free

- - End Of File - - B1F0543FF5706D3A3126560051C4330E

SuperDave · « **Reply #19 on:** October 29, 2010, 07:22:51 PM »

Could you please reset your modem either by hitting the reset button or unplugging the power for 30 seconds.

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the

button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

Click on to download the ESET Smart Installer. Save it to your desktop.
Double click on the icon on your desktop.

•Check

•Click the

button.
•Accept any security warnings from your browser.
•Check

•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push

•Push

, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the

button.
•Push

A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

Billb114 · « **Reply #20 on:** October 30, 2010, 03:46:39 PM »

I reset the cable modem.
Then I ran ESET online scan - took about 3 hours. No threats were found.

Log follows:

esets_scanner_update returned -1 esets_gle=0
# version=7
# iexplore.exe=7.00.5730.13 (longhorn(wmbla).070711-1130)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=45f1862a1738a94fa01acb67c80babe1
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2010-10-30 09:43:15
# local_time=2010-10-30 05:43:15 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 2
# compatibility_mode=512 16777215 100 0 3430487 3430487 0 0
# compatibility_mode=769 16775141 100 98 0 223823044 0 0
# compatibility_mode=6401 16777214 66 100 0 9020316 0 0
# compatibility_mode=8192 67108863 100 0 403056 403056 0 0
# scanned=143842
# found=0
# cleaned=0
# scan_time=11508

SuperDave · « **Reply #21 on:** October 30, 2010, 06:51:11 PM »

How's your computer running now? Any problems?

Billb114 · « **Reply #22 on:** October 31, 2010, 12:06:20 PM »

I appreciate your patience!!
I'm still getting redirects and one of the svchost.exe processes was at 99% CPU and 250,000k memory usage just now.

SuperDave · « **Reply #23 on:** November 01, 2010, 01:06:11 PM »

Please download [color="#FF0000"]GooredFix[/color] from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2

Ensure all Firefox windows are closed.
To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
When prompted to run the scan, click Yes.
GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).

Billb114 · « **Reply #24 on:** November 01, 2010, 02:28:37 PM »

Hi SuperDave
I downloaded and ran (with no other windows open).
Still having same symptoms.

Log follows:

GooredFix by jpshortstuff (03.07.10.1)
Log created at 16:24 on 01/11/2010 (William Brophy)
Firefox version 3.5.13 (en-US)

========== GooredScan ==========

========== GooredLog ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [19:43 31/01/2009]
{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [20:49 28/03/2009]
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [01:16 16/10/2010]

C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\extensions\
{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [00:29 21/10/2010]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"[email protected]"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [20:48 28/03/2009]

---------- Old Logs ----------

-=E.O.F=-

SuperDave · « **Reply #25 on:** November 02, 2010, 01:06:01 PM »

Does it always redirect to the same site?

Billb114 · « **Reply #26 on:** November 02, 2010, 01:36:20 PM »

No. Very random. Avast! network shield blocks many that it deems to be malicious sites. Some that it doesn't block appear to be random generic search sites - I close them quickly. Once every now and then - fairly rarely - it is a site with all sorts of pop up warnings that my PC is infected and I need to download their file to fix it. It doesn't allow me to exit the site so I close the browser...quickly. I'm guessing that that is the real intended target site and the rest of the redirects are to show me I have an infected PC.

Also with that svchost process randomly taking off the PC bogs down and freezes up periodically.

SuperDave · « **Reply #27 on:** November 02, 2010, 04:49:38 PM »

Please update and run SAS and MBAM again and post the logs.

Billb114 · « **Reply #28 on:** November 02, 2010, 08:28:43 PM »

Updated both SAS and MalwareBytes and ran each - as you see they didn't find anything except a few tracking cookies. I think some or all of those tracking cookies were from the redirect sites. I don't recognize them.
Still seeing redirects and the svchost thing.
Logs follow:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/02/2010 at 08:01 PM

Application Version : 4.45.1000

Core Rules Database Version : 5410
Trace Rules Database Version: 3222

Scan type : Complete Scan
Total Scan Time : 00:45:38

Memory items scanned : 438
Memory threats detected : 0
Registry items scanned : 6459
Registry threats detected : 0
File items scanned : 33907
File threats detected : 246

Adware.Tracking Cookie
   C:\Documents and Settings\William Brophy\Cookies\[email protected][1].txt
   C:\Documents and Settings\William Brophy\Cookies\william_brophy@hitbox[2].txt
   C:\Documents and Settings\William Brophy\Cookies\[email protected][1].txt
   C:\Documents and Settings\William Brophy\Cookies\william_brophy@doubleclick[1].txt
   C:\Documents and Settings\William Brophy\Cookies\william_brophy@yieldmanager[1].txt
   C:\Documents and Settings\William Brophy\Cookies\william_brophy@advertising[1].txt
   C:\Documents and Settings\William Brophy\Cookies\[email protected][1].txt
   C:\Documents and Settings\William Brophy\Cookies\william_brophy@atdmt[1].txt
   C:\Documents and Settings\William Brophy\Cookies\[email protected][1].txt
   C:\Documents and Settings\William Brophy\Cookies\william_brophy@tacoda[2].txt
   C:\Documents and Settings\William Brophy\Cookies\[email protected][2].txt
   C:\Documents and Settings\William Brophy\Cookies\william_brophy@atwola[2].txt
   media.mtvnservices.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\4PB8F3G2 ]
   media.scanscout.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\4PB8F3G2 ]
   media1.break.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\4PB8F3G2 ]
   secure-us.imrworldwide.com [ C:\Documents and Settings\LocalService\Application Data\Macromedia\Flash Player\#SharedObjects\4PB8F3G2 ]
   C:\Documents and Settings\LocalService\Cookies\[email protected][1].txt
   C:\Documents and Settings\LocalService\Cookies\[email protected][2].txt
   C:\Documents and Settings\LocalService\Cookies\system@myroitracking[1].txt
   media.mtvnservices.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\8R437E53 ]
   media.scanscout.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\8R437E53 ]
   media1.break.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\8R437E53 ]
   objects.tremormedia.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\8R437E53 ]
   secure-us.imrworldwide.com [ C:\Documents and Settings\NetworkService\Application Data\Macromedia\Flash Player\#SharedObjects\8R437E53 ]
   C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
   C:\Documents and Settings\NetworkService\Cookies\system@doubleclick[1].txt
   C:\Documents and Settings\NetworkService\Cookies\system@atdmt[1].txt
   C:\Documents and Settings\NetworkService\Cookies\system@interclick[1].txt
   C:\Documents and Settings\NetworkService\Cookies\system@advertise[2].txt
   C:\Documents and Settings\NetworkService\Cookies\system@burstnet[1].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
   C:\Documents and Settings\NetworkService\Cookies\system@insightexpressai[2].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
   C:\Documents and Settings\NetworkService\Cookies\system@casalemedia[2].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
   C:\Documents and Settings\NetworkService\Cookies\system@realmedia[2].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][3].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
   C:\Documents and Settings\NetworkService\Cookies\system@serving-sys[1].txt
   C:\Documents and Settings\NetworkService\Cookies\system@trafficmp[2].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][1].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
   C:\Documents and Settings\NetworkService\Cookies\system@collective-media[2].txt
   C:\Documents and Settings\NetworkService\Cookies\system@advertising[1].txt
   C:\Documents and Settings\NetworkService\Cookies\system@imrworldwide[2].txt
   C:\Documents and Settings\NetworkService\Cookies\[email protected][2].txt
   ia.media-imdb.com [ C:\Documents and Settings\William Brophy\Application Data\Macromedia\Flash Player\#SharedObjects\8SSRWP5M ]
   porn1.tubeland.com [ C:\Documents and Settings\William Brophy\Application Data\Macromedia\Flash Player\#SharedObjects\8SSRWP5M ]
   .advertise.com [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .doubleclick.net [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   ad.yieldmanager.com [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   ad.yieldmanager.com [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   ad.yieldmanager.com [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .interclick.com [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .questionmarket.com [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .advertising.com [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .advertising.com [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .advertising.com [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .advertising.com [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .content.yieldmanager.com [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   ad.yieldmanager.com [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .invitemedia.com [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .invitemedia.com [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .invitemedia.com [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .invitemedia.com [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .invitemedia.com [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .invitemedia.com [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .atdmt.com [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .atdmt.com [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .interclick.com [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .a1.interclick.com [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .a1.interclick.com [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .a1.interclick.com [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .interclick.com [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .edge.ru4.com [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .adbrite.com [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .adbrite.com [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .advertising.com [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .yieldmanager.net [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .bs.serving-sys.com [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .serving-sys.com [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .serving-sys.com [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .serving-sys.com [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .serving-sys.com [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .serving-sys.com [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .serving-sys.com [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .serving-sys.com [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   ad.yieldmanager.com [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .apmebf.com [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .fastclick.net [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .fastclick.net [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .fastclick.net [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .mediaplex.com [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .mediaplex.com [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .advertising.com [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .zedo.com [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .zedo.com [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .zedo.com [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .invitemedia.com [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .collective-media.net [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .collective-media.net [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .revsci.net [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .invitemedia.com [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .revsci.net [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .revsci.net [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .imrworldwide.com [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .imrworldwide.com [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .revsci.net [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   bridge1.admarketplace.net [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .admarketplace.net [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   banner.adchemy.com [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   banner.adchemy.com [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .tribalfusion.com [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .s.clickability.com [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .s.clickability.com [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .zedo.com [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .ads.pointroll.com [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .pointroll.com [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .pointroll.com [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .ads.pointroll.com [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .ads.pointroll.com [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .ads.pointroll.com [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .ads.pointroll.com [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .ads.pointroll.com [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .ads.pointroll.com [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .blethenmaine.112.2o7.net [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .media2.legacy.com [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .statcounter.com [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   statse.webtrendslive.com [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .casalemedia.com [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .casalemedia.com [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .casalemedia.com [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .casalemedia.com [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .adxpose.com [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .media6degrees.com [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .media6degrees.com [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .media6degrees.com [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .media6degrees.com [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .tacoda.net [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .tacoda.net [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .tacoda.net [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .advertising.com [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .at.atwola.com [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .at.atwola.com [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .kontera.com [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   counter.surfcounters.com [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .zedo.com [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .zedo.com [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   ad.yieldmanager.com [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .clickbank.net [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .sexyads.com [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .sexyads.com [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .sexyads.com [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   www.sexyads.com [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .adinterax.com [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .adinterax.com [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   www.trackimizer.com [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .trafficmp.com [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .trafficmp.com [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .trafficmp.com [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .trafficmp.com [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .trafficmp.com [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .invitemedia.com [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .tacoda.net [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .adecn.com [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .mediabrandsww.com [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .media6degrees.com [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .ru4.com [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .ru4.com [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   user.lucidmedia.com [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   www2.addfreestats.com [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .*adult URL* [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .*adult URL* [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .*adult URL* [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .*adult URL* [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .*adult URL* [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .*adult URL* [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .*adult URL* [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .*adult URL* [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .banners.facebookofsex.com [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .banners.facebookofsex.com [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .banners.facebookofsex.com [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .banners.facebookofsex.com [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .banners.facebookofsex.com [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .fhg.hornyeurosluts.com [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .fhg.hornyeurosluts.com [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .teensatwork.com [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .teensatwork.com [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   www.justteensite.com [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   www.justteensite.com [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   www.justteensite.com [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .justteensite.com [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .justteensite.com [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .a1.interclick.com [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .media6degrees.com [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .www.burstnet.com [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .burstnet.com [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   www.burstnet.com [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .burstnet.com [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .kontera.com [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .kontera.com [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .zedo.com [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .geobanner.facebookofsex.com [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .geobanner.facebookofsex.com [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .geobanner.facebookofsex.com [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .geobanner.facebookofsex.com [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .geobanner.facebookofsex.com [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   ad.yieldmanager.com [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .specificclick.net [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .revsci.net [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .revsci.net [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .revsci.net [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .specificclick.net [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .hitbox.com [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .ehg-eset.hitbox.com [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .hitbox.com [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .eset.122.2o7.net [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .casalemedia.com [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .a1.interclick.com [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .a1.interclick.com [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .a1.interclick.com [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .questionmarket.com [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .revsci.net [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .questionmarket.com [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   ad.yieldmanager.com [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   ad.yieldmanager.com [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .bizzclick.com [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   n-traffic.com [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .*adult URL* [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .*adult URL* [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   www.*censored*.com [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .*adult URL* [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .18eighteen.com [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .18eighteen.com [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .18eighteen.com [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   counter8.sextracker.com [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .sextracker.com [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .collective-media.net [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .collective-media.net [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .collective-media.net [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]
   .collective-media.net [ C:\Documents and Settings\William Brophy\Application Data\Mozilla\Firefox\Profiles\cwx7r6bq.default\cookies.sqlite ]

===================================
MBAM:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 5026

Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.13

11/2/2010 9:11:17 PM
mbam-log-2010-11-02 (21-11-17).txt

Scan type: Full scan (C:\|)
Objects scanned: 274943
Time elapsed: 59 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

SuperDave · « **Reply #29 on:** November 03, 2010, 01:15:29 PM »

Ok. Let's try this.

Delete the Firefox overlay.xul file.

The overlay.xul file can be found in:

C:/Program Files/Mozilla/Firefox/extentions/{xxxxxxxxxx}/chrome/content/overlay.xul

Note: {xxxxxxxxxx} represents random letters and numbers. The exact letters and numbers vary from one computer to another.

Computer Hope Forum

News:

Author Topic: svchost.exe grabs CPU & memory; browser gets redirected (Read 22010 times)

SuperDave

Re: svchost.exe grabs CPU & memory; browser gets redirected

Billb114

Re: svchost.exe grabs CPU & memory; browser gets redirected

SuperDave

Re: svchost.exe grabs CPU & memory; browser gets redirected

Billb114

Re: svchost.exe grabs CPU & memory; browser gets redirected

SuperDave

Re: svchost.exe grabs CPU & memory; browser gets redirected

Billb114

Re: svchost.exe grabs CPU & memory; browser gets redirected

SuperDave

Re: svchost.exe grabs CPU & memory; browser gets redirected

Billb114

Re: svchost.exe grabs CPU & memory; browser gets redirected

SuperDave

Re: svchost.exe grabs CPU & memory; browser gets redirected

Billb114

Re: svchost.exe grabs CPU & memory; browser gets redirected

SuperDave

Re: svchost.exe grabs CPU & memory; browser gets redirected

Billb114

Re: svchost.exe grabs CPU & memory; browser gets redirected

SuperDave

Re: svchost.exe grabs CPU & memory; browser gets redirected

Billb114

Re: svchost.exe grabs CPU & memory; browser gets redirected

SuperDave

Re: svchost.exe grabs CPU & memory; browser gets redirected