Google redirect virus

Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

BleepingComputer.com > Security > Virus, Trojan, Spyware, and Malware Removal Logs

Forum Guidelines

Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help

DO NOT RUN ComboFix unless requested to.

Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.

When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.

Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.

2 Pages

1 2 >

Google redirect virus

Options

shrimpboat View Member Profile	Dec 24 2009, 11:07 PM Post #1
New Member Group: Members Posts: 9 Joined: 24-December 09 Member No.: 423,221	Virus slows down Firefox and IE and redirects google searches, but Opera seems completely unaffected. Computer has blue screened a few times. avast!, Malwarebytes, and Spyware Search & Destroy haven't detected it. Ad-Aware seemed to take care of the redirecting part, but only for about a day. Here's my DDS log: DDS (Ver_09-12-01.01) - NTFSx86 Run by Shrimpboat at 20:18:14.55 on Thu 12/24/2009 Internet Explorer: 8.0.6001.18865 BrowserJavaVersion: 1.6.0_13 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1790.195 [GMT -7:00] AV: Lavasoft Ad-Watch Live! Anti-Virus On-access scanning disabled (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33} SP: Spybot - Search and Destroy disabled (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9} SP: Lavasoft Ad-Watch Live! disabled (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22} SP: Windows Defender enabled (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\rundll32.exe C:\Windows\SYSTEM32\WISPTIS.EXE C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\Dwm.exe C:\Windows\SYSTEM32\WISPTIS.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Windows\Explorer.EXE C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Windows\system32\WLANExt.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\taskeng.exe C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\rundll32.exe C:\Windows\SMINST\BLService.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\Pen_Tablet.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\DRIVERS\xaudio.exe C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe C:\Windows\system32\WUDFHost.exe C:\Windows\system32\WTablet\Pen_TabletUser.exe C:\Windows\system32\Pen_Tablet.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\System32\alg.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\mobsync.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Alwil Software\Avast4\ashDisp.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Windows\System32\rundll32.exe C:\Program Files\HP\QuickPlay\QPService.exe C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Users\Shrimpboat\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files\Stickies\stickies.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\wbem\unsecapp.exe c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Windows\System32\notepad.exe C:\Windows\system32\wuauclt.exe C:\Users\Shrimpboat\Downloads\RootRepeal.exe C:\Users\Shrimpboat\Downloads\dds.scr C:\Windows\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/ uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Presario&pf=cnnb mSearch Bar = hxxp://srch-qus8.hpwis.com/ uInternet Settings,ProxyOverride = .local mCustomizeSearch = hxxp://ie.search.msn.com mSearchAssistant = hxxp://ie.search.msn.com BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe" mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe mRun: [Conime] %windir%\system32\conime.exe mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe" mRun: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe StartupFolder: c:\users\shrimp~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\shrimpboat\appdata\roaming\dropbox\bin\Dropbox.exe StartupFolder: c:\users\shrimp~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\stickies.lnk - c:\program files\stickies\stickies.exe mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll Trusted Zone: real.com\rhap-app-4-0 Trusted Zone: real.com\rhapreg DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Hosts: 127.0.0.1 www.spywareinfo.com ================= FIREFOX =================== FF - ProfilePath - c:\users\shrimp~1\appdata\roaming\mozilla\firefox\profiles\f9rg6sat.default\ FF - prefs.js: browser.startup.homepage - hxxp://kompepperochu.deviantart.com/ FF - prefs.js: network.proxy.type - 2 FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll FF - plugin: c:\program files\opera\program\plugins\npmmaud.dll FF - plugin: c:\program files\opera\program\plugins\npmmprog.dll FF - plugin: c:\program files\opera\program\plugins\npmmvid.dll FF - plugin: c:\program files\opera\program\plugins\npmmzip.dll FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll FF - plugin: c:\program files\vistacodecpack\rm\browser\plugins\nppl3260.dll FF - plugin: c:\program files\vistacodecpack\rm\browser\plugins\nprpjplug.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); ============= SERVICES / DRIVERS =============== R0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys [2009-4-9 39472] R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-12-18 64288] R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-11-28 114768] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-11-28 20560] R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2008-11-28 53328] R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2008-11-28 138680] R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\kodak\aio\center\ekdiscovery.exe [2009-8-5 284016] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-9-24 1181328] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-12-28 210216] R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2008-6-1 34064] R2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\sminst\BLService.exe [2008-6-24 361808] R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-12-19 1153368] R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2008-12-1 3032360] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-11-28 24652] R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2008-11-28 254040] R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2008-11-28 352920] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-5-10 43040] R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2008-12-1 15144] S3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-6-24 193840] S3 XPADFL02;XPAD Filter Service 02;c:\windows\system32\drivers\xPADFL02.sys [2009-3-20 27904] =============== Created Last 30 ================ 2009-12-23 20:15:56 0 d-----w- c:\program files\Trend Micro 2009-12-19 18:24:43 177 ----a-w- c:\windows\wininit.ini 2009-12-19 17:57:01 0 d-----w- c:\users\shrimp~1\appdata\roaming\Malwarebytes 2009-12-19 17:56:52 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-12-19 17:56:50 0 d-----w- c:\programdata\Malwarebytes 2009-12-19 17:56:49 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-12-19 17:56:49 0 d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-12-19 17:48:57 0 d-----w- c:\programdata\Spybot - Search & Destroy 2009-12-19 17:48:57 0 d-----w- c:\program files\Spybot - Search & Destroy 2009-12-19 16:58:50 4608 ----a-w- c:\windows\system32\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2009-12-19 05:05:28 0 d-----w- c:\programdata\WindowsSearch 2009-12-19 02:13:02 9548 --sha-w- c:\windows\system32\drivers\fidbox.idx 2009-12-19 02:13:02 2523168 --sha-w- c:\windows\system32\drivers\fidbox.dat 2009-12-19 02:12:42 2506 ----a-w- C:\rollback.ini 2009-12-19 01:56:24 0 d-----w- c:\program files\common files\ParetoLogic 2009-12-19 01:56:23 0 d-----w- c:\programdata\ParetoLogic 2009-12-18 09:22:38 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys 2009-12-18 06:13:14 0 dc-h--w- c:\programdata\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6} 2009-12-17 21:38:23 0 d-----w- c:\users\shrimp~1\appdata\roaming\Auslogics 2009-12-17 21:38:20 0 d-----w- c:\program files\Auslogics 2009-12-10 12:07:13 24064 ----a-w- c:\windows\system32\nshhttp.dll 2009-12-10 12:07:07 411136 ----a-w- c:\windows\system32\drivers\http.sys 2009-12-10 12:07:06 31232 ----a-w- c:\windows\system32\httpapi.dll 2009-12-09 14:09:00 378368 ----a-w- c:\windows\system32\winhttp.dll 2009-12-09 14:07:34 244224 ----a-w- c:\windows\system32\rastls.dll 2009-12-09 14:07:33 281600 ----a-w- c:\windows\system32\raschap.dll 2009-12-02 06:03:42 0 d-----w- c:\windows\system32\EventProviders 2009-12-01 00:11:06 0 d-----w- c:\program files\Windows Journal Viewer 2009-11-30 09:38:20 104672 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT 2009-11-27 21:49:29 0 d-----w- c:\programdata\kds_kodak 2009-11-27 21:49:23 3 ----a-w- c:\windows\Twain001.Mtx 2009-11-27 21:49:23 156 ----a-w- c:\windows\Twunk001.MTX 2009-11-27 21:49:23 0 ----a-w- c:\windows\Twunk002.MTX 2009-11-27 21:40:28 0 d-----w- c:\programdata\Eastman Kodak Company 2009-11-27 21:39:59 890 ----a-w- c:\windows\system32\InstallUtil.InstallLog 2009-11-27 21:30:18 0 d-----w- c:\windows\system32\kodak 2009-11-27 21:29:12 0 d-----w- c:\program files\Kodak 2009-11-27 21:24:56 0 d-----w- c:\programdata\Kodak 2009-11-27 21:23:40 0 d-----w- c:\users\shrimp~1\appdata\roaming\Temp 2009-11-25 12:02:21 2048 ----a-w- c:\windows\system32\tzres.dll 2009-11-25 04:54:14 1399296 ----a-w- c:\windows\system32\msxml6.dll 2009-11-25 04:54:13 1257472 ----a-w- c:\windows\system32\msxml3.dll 2009-11-25 04:53:57 714240 ----a-w- c:\windows\system32\timedate.cpl ==================== Find3M ==================== 2009-12-25 02:49:16 43034 ----a-w- c:\programdata\nvModes.dat 2009-12-18 09:22:28 15880 ----a-w- c:\windows\system32\lsdelete.exe 2009-12-10 05:10:51 51200 ----a-w- c:\windows\inf\infpub.dat 2009-12-10 05:10:50 86016 ----a-w- c:\windows\inf\infstor.dat 2009-12-10 05:10:50 143360 ----a-w- c:\windows\inf\infstrng.dat 2009-11-24 23:49:48 53328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2009-11-21 06:40:20 916480 ----a-w- c:\windows\system32\wininet.dll 2009-11-21 06:34:39 71680 ----a-w- c:\windows\system32\iesetup.dll 2009-11-21 06:34:39 109056 ----a-w- c:\windows\system32\iesysprep.dll 2009-11-21 04:59:58 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2009-11-06 01:04:26 1890 --sha-w- c:\windows\system32\KGyGaAvL.sys 2009-11-03 03:42:06 195456 ------w- c:\windows\system32\MpSigStub.exe 2008-06-25 03:46:05 665600 ----a-w- c:\windows\inf\drvindex.dat 2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini 2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat 2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat 2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat 2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat 2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat 2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat 2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat 2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat 2009-01-08 03:50:50 56 --sha-r- c:\windows\system32\CD008D9325.sys 2009-04-20 17:21:39 16384 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\feeds cache\index.dat 2008-10-13 14:21:22 8192 --sha-w- c:\windows\users\default\NTUSER.DAT ============= FINISH: 20:20:10.23 =============== Attached File(s)* Attach.txt ( 7.35k ) Number of downloads: 10 ark.txt ( 57.2k ) Number of downloads: 0

etavares View Member Profile	Jan 5 2010, 07:04 PM Post #2
Bleepin' Remover Group: Malware Response Team Posts: 4,130 Joined: 16-August 08 Member No.: 230,544	Hello and welcome to Bleeping Computer We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far. Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware. If you have already posted a DDS log, please do so again, as your situation may have changed. Use the 'Add Reply' and add the new log to this thread. Thanks and again sorry for the delay. We need to see some information about what is happening in your machine. Please perform the following scan: Download DDS by sUBs from one of the following links. Save it to your desktop. DDS.scr DDS.pif Double click on the DDS icon, allow it to run. A small box will open, with an explaination about the tool. No input is needed, the scan is running. Notepad will open with the results. Follow the instructions that pop up for posting the results. Close the program window, and delete the program from your desktop. Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet. Also, please subscribe to this topic, so you are notified when someone replies. Please continue to check manually on occasion, as every now and then the email may be caught by your spam filter. To enable topic notifications you should do the following: Click on the My Controls link at the top of the page to enter your control panel. Scroll down to the Options category in the left hand side menu bar and click on the Email Settings link. Put a checkmark in the checkbox labeled Enable 'Email Notification' by default?. Set the If ticked, choose default type: menu option to Immediate Email Notification to have an email sent immediately when someone replied. Information on A/V control HERE -------------------- If I don't respond within 2 days, please feel free to PM me. Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well. Unified Network of Instructors and Trusted Eliminators

shrimpboat View Member Profile	Jan 6 2010, 04:34 AM Post #3
New Member Group: Members Posts: 9 Joined: 24-December 09 Member No.: 423,221	DDS (Ver_09-12-01.01) - NTFSx86 Run by Shrimpboat at 2:29:06.12 on Wed 01/06/2010 Internet Explorer: 8.0.6001.18865 BrowserJavaVersion: 1.6.0_13 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1790.924 [GMT -7:00] AV: Lavasoft Ad-Watch Live! Anti-Virus On-access scanning disabled (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33} SP: Spybot - Search and Destroy disabled (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9} SP: Lavasoft Ad-Watch Live! disabled (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22} SP: Windows Defender enabled (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\rundll32.exe C:\Windows\SYSTEM32\WISPTIS.EXE C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Windows\system32\WLANExt.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Windows\SYSTEM32\WISPTIS.EXE C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\System32\spoolsv.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Alwil Software\Avast4\ashDisp.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Windows\System32\rundll32.exe C:\Program Files\HP\QuickPlay\QPService.exe C:\Windows\system32\taskeng.exe C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Users\Shrimpboat\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files\Stickies\stickies.exe C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\rundll32.exe C:\Windows\SMINST\BLService.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\Pen_Tablet.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\WTablet\Pen_TabletUser.exe C:\Windows\system32\DRIVERS\xaudio.exe C:\Windows\system32\Pen_Tablet.exe C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe C:\Windows\system32\WUDFHost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\alg.exe C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Windows\system32\wbem\unsecapp.exe c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe C:\Program Files\Rhapsody\rhaphlpr.exe C:\Program Files\Opera\opera.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Windows\System32\mobsync.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Opera\opera.exe C:\Users\Shrimpboat\Downloads\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/ uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Presario&pf=cnnb mSearch Bar = hxxp://srch-qus8.hpwis.com/ uInternet Settings,ProxyOverride = .local mCustomizeSearch = hxxp://ie.search.msn.com mSearchAssistant = hxxp://ie.search.msn.com BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe" mRun: [Conime] %windir%\system32\conime.exe mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe" mRun: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe StartupFolder: c:\users\shrimp~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\shrimpboat\appdata\roaming\dropbox\bin\Dropbox.exe StartupFolder: c:\users\shrimp~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\stickies.lnk - c:\program files\stickies\stickies.exe mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll Trusted Zone: real.com\rhap-app-4-0 Trusted Zone: real.com\rhapreg DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Hosts: 127.0.0.1 www.spywareinfo.com ================= FIREFOX =================== FF - ProfilePath - c:\users\shrimp~1\appdata\roaming\mozilla\firefox\profiles\f9rg6sat.default\ FF - prefs.js: browser.startup.homepage - hxxp://kompepperochu.deviantart.com/ FF - prefs.js: network.proxy.type - 2 FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll FF - plugin: c:\program files\opera\program\plugins\npmmaud.dll FF - plugin: c:\program files\opera\program\plugins\npmmprog.dll FF - plugin: c:\program files\opera\program\plugins\npmmvid.dll FF - plugin: c:\program files\opera\program\plugins\npmmzip.dll FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll FF - plugin: c:\program files\vistacodecpack\rm\browser\plugins\nppl3260.dll FF - plugin: c:\program files\vistacodecpack\rm\browser\plugins\nprpjplug.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); ============= SERVICES / DRIVERS =============== R0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys [2009-4-9 39472] R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-12-18 64288] R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-11-28 114768] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-11-28 20560] R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2008-11-28 53328] R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2008-11-28 138680] R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\kodak\aio\center\ekdiscovery.exe [2009-8-5 284016] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-9-24 1181328] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-12-28 210216] R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2008-6-1 34064] R2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\sminst\BLService.exe [2008-6-24 361808] R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-12-19 1153368] R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2008-12-1 3032360] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-11-28 24652] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-5-10 43040] R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2008-12-1 15144] S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2008-11-28 254040] S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2008-11-28 352920] S3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-6-24 193840] S3 XPADFL02;XPAD Filter Service 02;c:\windows\system32\drivers\xPADFL02.sys [2009-3-20 27904] =============== Created Last 30 ================ 2010-01-04 20:01:07 0 d-----w- C:\WTablet 2009-12-23 20:15:56 0 d-----w- c:\program files\Trend Micro 2009-12-19 18:24:43 177 ----a-w- c:\windows\wininit.ini 2009-12-19 17:57:01 0 d-----w- c:\users\shrimp~1\appdata\roaming\Malwarebytes 2009-12-19 17:56:52 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-12-19 17:56:50 0 d-----w- c:\programdata\Malwarebytes 2009-12-19 17:56:49 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-12-19 17:56:49 0 d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-12-19 17:48:57 0 d-----w- c:\programdata\Spybot - Search & Destroy 2009-12-19 17:48:57 0 d-----w- c:\program files\Spybot - Search & Destroy 2009-12-19 16:58:50 4608 ----a-w- c:\windows\system32\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2009-12-19 05:05:28 0 d-----w- c:\programdata\WindowsSearch 2009-12-19 02:13:02 6182432 --sha-w- c:\windows\system32\drivers\fidbox.dat 2009-12-19 02:13:02 56408 --sha-w- c:\windows\system32\drivers\fidbox.idx 2009-12-19 02:12:42 2506 ----a-w- C:\rollback.ini 2009-12-19 01:56:24 0 d-----w- c:\program files\common files\ParetoLogic 2009-12-19 01:56:23 0 d-----w- c:\programdata\ParetoLogic 2009-12-18 09:22:38 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys 2009-12-18 06:13:14 0 dc-h--w- c:\programdata\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6} 2009-12-17 21:38:23 0 d-----w- c:\users\shrimp~1\appdata\roaming\Auslogics 2009-12-17 21:38:20 0 d-----w- c:\program files\Auslogics 2009-12-10 12:07:13 24064 ----a-w- c:\windows\system32\nshhttp.dll 2009-12-10 12:07:07 411136 ----a-w- c:\windows\system32\drivers\http.sys 2009-12-10 12:07:06 31232 ----a-w- c:\windows\system32\httpapi.dll 2009-12-09 14:09:00 378368 ----a-w- c:\windows\system32\winhttp.dll 2009-12-09 14:07:34 244224 ----a-w- c:\windows\system32\rastls.dll 2009-12-09 14:07:33 281600 ----a-w- c:\windows\system32\raschap.dll ==================== Find3M ==================== 2010-01-04 20:10:13 43034 ----a-w- c:\programdata\nvModes.dat 2009-12-18 09:22:28 15880 ----a-w- c:\windows\system32\lsdelete.exe 2009-12-10 05:10:51 51200 ----a-w- c:\windows\inf\infpub.dat 2009-12-10 05:10:50 86016 ----a-w- c:\windows\inf\infstor.dat 2009-12-10 05:10:50 143360 ----a-w- c:\windows\inf\infstrng.dat 2009-11-30 09:38:20 104672 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT 2009-11-24 23:49:48 53328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2009-11-21 06:40:20 916480 ----a-w- c:\windows\system32\wininet.dll 2009-11-21 06:34:39 71680 ----a-w- c:\windows\system32\iesetup.dll 2009-11-21 06:34:39 109056 ----a-w- c:\windows\system32\iesysprep.dll 2009-11-21 04:59:58 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2009-11-06 01:04:26 1890 --sha-w- c:\windows\system32\KGyGaAvL.sys 2009-11-03 03:42:06 195456 ------w- c:\windows\system32\MpSigStub.exe 2009-10-29 09:41:23 2048 ----a-w- c:\windows\system32\tzres.dll 2008-06-25 03:46:05 665600 ----a-w- c:\windows\inf\drvindex.dat 2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini 2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat 2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat 2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat 2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat 2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat 2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat 2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat 2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat 2009-01-08 03:50:50 56 --sha-r- c:\windows\system32\CD008D9325.sys 2009-04-20 17:21:39 16384 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\feeds cache\index.dat 2008-10-13 14:21:22 8192 --sha-w- c:\windows\users\default\NTUSER.DAT ============= FINISH: 2:31:12.09 =============== Attached File(s)* Attach.zip ( 4.6k ) Number of downloads: 7

chamber View Member Profile	Jan 7 2010, 07:57 AM Post #4
Bleepin' Geek Group: Malware Response Team Posts: 328 Joined: 2-April 09 From: ~/ Member No.: 315,940	Download OTL to your desktop. Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted. When the window appears, underneath Output at the top change it to Minimal Output. Check the boxes beside LOP Check and Purity Check. Under the Custom Scan box paste this in netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %SYSTEMDRIVE%\.exe %systemroot%\. /mp /s c:\$recycle.bin\. /s HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\|LastSuccessTime /rs /md5start eventlog.dll scecli.dll netlogon.dll cngaudit.dll sceclt.dll ntelogon.dll logevent.dll iaStor.sys nvstor.sys nvstor32.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll explorer.exe svchost.exe userinit.exe qmgr.dll ws2_32.dll proquota.exe imm32.dll kernel32.dll ndis.sys autochk.exe spoolsv.exe xmlprov.dll ntmssvc.dll mswsock.dll Beep.SYS ntfs.sys termsrv.dll sfcfiles.dll st3shark.sys ahcix86.sys srsvc.dll nvrd32.sys /md5stop %systemroot%\system32\.dll /lockedfiles %systemroot%\Tasks\.job /lockedfiles Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long. When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in. Please download GMER from one of the following locations and save it to your desktop: Main Mirror This version will download a randomly named file (Recommended) Zipped Mirror This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop. Disconnect from the Internet and close all running programs. Temporarily disable any real-time active protection so your security programs will not conflict with gmer's driver. Double-click on the randomly named GMER file (i.e. n7gmo46c.exe) and allow the gmer.sys driver to load if asked. Note: If you downloaded the zipped version, extract the file to its own folder such as C:\gmer and then double-click on gmer.exe. GMER will open to the Rootkit/Malware tab and perform an automatic quick scan when first run. (do not use the computer while the scan is in progress) If you receive a WARNING!!! about rootkit activity and are asked to fully scan your system...click NO. Now click the Scan button. If you see a rootkit warning window, click OK. When the scan is finished, click the Save... button to save the scan results to your Desktop. Save the file as gmer.log. Click the Copy button and paste the results into your next reply. Exit GMER and re-enable all active protection when done. -- If you encounter any problems, try running GMER in Safe Mode. -------------------- watch me and tremble, for I bring the purity of oblivion Sudo apt-get me a sandwich! Proud graduate of GeekU

chamber View Member Profile	Jan 8 2010, 03:47 AM Post #6
Bleepin' Geek Group: Malware Response Team Posts: 328 Joined: 2-April 09 From: ~/ Member No.: 315,940	Hi, I need you to unistall uTorrent. Run OTL Under the Custom Scans/Fixes box at the bottom, paste in the following CODE :OTL O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O33 - MountPoints2\{0811b661-bd98-11dd-bd17-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{0811b661-bd98-11dd-bd17-806e6f6e6963}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2005/09/28 01:55:17 \| 00,700,416 \| R--- \| M] (Electronic Arts Inc.) O33 - MountPoints2\{2868d565-edf8-11de-8cbe-001f16459ae4}\Shell - "" = AutoRun O33 - MountPoints2\{2868d565-edf8-11de-8cbe-001f16459ae4}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found O33 - MountPoints2\{64f7dd98-559f-11de-9b80-001f16459ae4}\Shell - "" = AutoRun O33 - MountPoints2\{64f7dd98-559f-11de-9b80-001f16459ae4}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -- File not found [2009/12/31 03:59:47 \| 00,000,000 \| ---D \| M] -- C:\Users\Shrimpboat\AppData\Roaming\uTorrent [2005/09/29 11:51:50 \| 00,700,416 \| ---- \| M] (LimeWire) -- C:\StubInstaller.exe :Services :Reg :Files :Commands [purity] [emptytemp] Then click the Run Fix button at the top Let the program run unhindered, reboot the PC when it is done Download ComboFix from one of these locations: Link 1 Link 2 * IMPORTANT !!! Save ComboFix.exe to your Desktop Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link HERE Double click on ComboFix.exe & follow the prompts. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware. Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console. Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures. Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message: Click on Yes, to continue scanning for malware. When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply. Notes: 1. Do not mouse-click Combofix's window while it is running. That may cause it to stall. 2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions. -------------------- watch me and tremble, for I bring the purity of oblivion Sudo apt-get me a sandwich! Proud graduate of GeekU**

chamber View Member Profile	Jan 9 2010, 06:02 AM Post #8
Bleepin' Geek Group: Malware Response Team Posts: 328 Joined: 2-April 09 From: ~/ Member No.: 315,940	You have an infected boot controller. First we need to copy the replacement file to C:\ which we will do from the command prompt Open an elevated command window: First open an elevated command prompt > Click Start and type cmd in Start Search. When cmd.exe populates above, right click it and select Run as Administrator to open an elevated command prompt. Copy the contents of the code box > right click in the command window and select paste CODE copy C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys c:\ press enter you should see 1 file copied on the screen type exit to close the command window. (if you do not see 1 file copied* do not continue, but instead post back and let me know.)* Now we need to boot into the Recovery Environment: Tap F8 on startup and select Repair your computer from the list of startup options. If Repair your computer is not an option on the Advanced Startup menu, insert your Windows Vista dvd and restart the computer, then when prompted, select Repair your computer select your keyboard layout enter your username and password (if you use one) then the System Recovery Options menu comes up select Command Prompt It will open to an x:\sources> prompt (this may vary depending if you boot from cd or an installed RE) at the X:\sources prompt type the following ren c:\windows\system32\drivers\atapi.sys atapi.old copy c:\atapi.sys c:\windows\system32\drivers\atapi.sys exit You should receive a message that "1 file" has been copied. {if you do not receive a message that 1 file has been copied, the file will need to be renamed back - type ren c:\windows\system32\drivers\atapi.old atapi.sys press enter then type exit, reboot the system normally and report this to me.) Reboot Normally. Run CombofIx for me again and post the log back here. -------------------- watch me and tremble, for I bring the purity of oblivion Sudo apt-get me a sandwich! Proud graduate of GeekU

chamber View Member Profile	Jan 10 2010, 02:42 PM Post #10
Bleepin' Geek Group: Malware Response Team Posts: 328 Joined: 2-April 09 From: ~/ Member No.: 315,940	That seems to have done the trick, Post a fresh OTL log for me. -------------------- watch me and tremble, for I bring the purity of oblivion Sudo apt-get me a sandwich! Proud graduate of GeekU

shrimpboat View Member Profile	Jan 11 2010, 02:05 AM Post #11
New Member Group: Members Posts: 9 Joined: 24-December 09 Member No.: 423,221	Yeah, Firefox is back in working condition! No more redirects and its speed is back. Thank you so much for all your help, really appreciate it! You're awesome! OTL logfile created on: 1/10/2010 11:52:22 PM - Run 2 OTL by OldTimer - Version 3.1.21.0 Folder = C:\Users\Shrimpboat\Desktop Windows Vista Home Premium Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18865) Locale: 00000409 \| Country: United States \| Language: ENU \| Date Format: M/d/yyyy 2.00 Gb Total Physical Memory \| 1.00 Gb Available Physical Memory \| 50.00% Memory free 4.00 Gb Paging File \| 2.00 Gb Available in Paging File \| 61.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\Windows \| %ProgramFiles% = C:\Program Files Drive C: \| 139.17 Gb Total Space \| 28.29 Gb Free Space \| 20.33% Space Free \| Partition Type: NTFS Drive D: \| 9.88 Gb Total Space \| 1.75 Gb Free Space \| 17.69% Space Free \| Partition Type: NTFS Drive E: \| 650.44 Mb Total Space \| 0.00 Mb Free Space \| 0.00% Space Free \| Partition Type: CDFS Drive F: \| 931.51 Gb Total Space \| 727.24 Gb Free Space \| 78.07% Space Free \| Partition Type: NTFS Drive G: \| 7.47 Gb Total Space \| 3.47 Gb Free Space \| 46.39% Space Free \| Partition Type: FAT32 H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ACTIONHAUS Current User Name: Shrimpboat Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\Shrimpboat\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft) PRC - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft) PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software) PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software) PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software) PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software) PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software) PRC - C:\Program Files\Rhapsody\rhaphlpr.exe (RealNetworks, Inc.) PRC - C:\Users\Shrimpboat\AppData\Roaming\Dropbox\bin\Dropbox.exe () PRC - C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe (Eastman Kodak Company) PRC - C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company) PRC - C:\Program Files\HP\QuickPlay\QPService.exe (CyberLink Corp.) PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) PRC - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe () PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.) PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) PRC - c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe (Hewlett-Packard) PRC - C:\Windows\System32\WTablet\Pen_TabletUser.exe (Wacom Technology, Corp.) PRC - C:\Windows\System32\Pen_Tablet.exe (Wacom Technology, Corp.) PRC - C:\Windows\SMINST\BLService.exe () PRC - C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Synaptics, Inc.) PRC - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.) PRC - C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) PRC - C:\Windows\System32\WUDFHost.exe (Microsoft Corporation) PRC - C:\Windows\System32\wbem\unsecapp.exe (Microsoft Corporation) PRC - C:\Windows\System32\wisptis.exe (Microsoft Corporation) PRC - C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) PRC - C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe (Microsoft Corporation) PRC - C:\Program Files\CyberLink\Shared Files\RichVideo.exe () PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation) PRC - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe () ========== Modules (SafeList) ========== MOD - C:\Users\Shrimpboat\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Program Files\McAfee\SiteAdvisor\sahook.dll () MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18000_none_5cdbaa5a083979cc\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (Lavasoft Ad-Aware Service) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft) SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software) SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software) SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software) SRV - (aswUpdSv) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software) SRV - (Kodak AiO Network Discovery Service) -- C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe (Eastman Kodak Company) SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe () SRV - (SBSDWSCService) -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) SRV - (iPod Service) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.) SRV - (Macromedia Licensing Service) -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe () SRV - (Bonjour Service) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.) SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Macrovision Europe Ltd.) SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.) SRV - (odserv) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (nvsvc) -- C:\Windows\System32\nvvsvc.exe (NVIDIA Corporation) SRV - (HP Health Check Service) -- c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe (Hewlett-Packard) SRV - (TabletServicePen) -- C:\Windows\System32\Pen_Tablet.exe (Wacom Technology, Corp.) SRV - (Recovery Service for Windows) -- C:\Windows\SMINST\BLService.exe () SRV - (Com4QLBEx) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe (Hewlett-Packard Development Company, L.P.) SRV - (hpqwmiex) -- C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe (Hewlett-Packard Development Company, L.P.) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (GameConsoleService) -- C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe (WildTangent, Inc.) SRV - (WLSetupSvc) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation) SRV - (usnjsvc) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation) SRV - (XAudioService) -- C:\Windows\System32\drivers\XAudio.exe (Conexant Systems, Inc.) SRV - (RichVideo) Cyberlink RichVideo Service(CRVS) -- C:\Program Files\CyberLink\Shared Files\RichVideo.exe () SRV - (Viewpoint Manager Service) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation) SRV - (AdobeActiveFileMonitor5.0) -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe () SRV - (ehstart) -- C:\Windows\ehome\ehstart.dll (Microsoft Corporation) SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (IDriverT) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation) ========== Driver Services (SafeList) ========== DRV - (catchme) -- File not found DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (ALWIL Software) DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (ALWIL Software) DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (ALWIL Software) DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (ALWIL Software) DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (ALWIL Software) DRV - (Lbd) -- C:\Windows\system32\DRIVERS\Lbd.sys (Lavasoft AB) DRV - (KLIF) -- C:\Windows\System32\drivers\klif.sys (Kaspersky Lab) DRV - (NCHSSVAD) -- C:\Windows\System32\drivers\nchssvad.sys (NCH Swift Sound) DRV - (PxHelp20) -- C:\Windows\System32\Drivers\PxHelp20.sys (Sonic Solutions) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (npf) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies) DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation) DRV - (GEARAspiWDM) -- C:\Windows\System32\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.) DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.) DRV - (wacmoumonitor) -- C:\Windows\System32\drivers\wacmoumonitor.sys (Wacom Technology) DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation) DRV - (hotcore3) -- C:\Windows\system32\drivers\hotcore3.sys (Paragon Software Group) DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.) DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.) DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation) DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.) DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems) DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company) DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.) DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic) DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation) DRV - (E1G60) Intel® -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation) DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.) DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation) DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic) DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic) DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.) DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex) DRV - (HSFHWAZL) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.) DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.) DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation) DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation) DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.) DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.) DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.) DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.) DRV - (wacomvhid) -- C:\Windows\System32\drivers\wacomvhid.sys (Wacom Technology) DRV - (HSF_DPV) -- C:\Windows\System32\drivers\HSX_DPV.sys (Conexant Systems, Inc.) DRV - (HSXHWAZL) -- C:\Windows\System32\drivers\HSXHWAZL.sys (Conexant Systems, Inc.) DRV - (winachsf) -- C:\Windows\System32\drivers\HSX_CNXT.sys (Conexant Systems, Inc.) DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.) DRV - (Point32) -- C:\Windows\System32\drivers\point32k.sys (Microsoft Corporation) DRV - (HpqRemHid) -- C:\Windows\System32\drivers\HpqRemHid.sys (Hewlett-Packard Development Company, L.P.) DRV - (RT25USBAP) -- C:\Windows\System32\drivers\RT25USBAP.SYS (Ralink Technology Inc.) DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.) DRV - (wacommousefilter) -- C:\Windows\System32\drivers\wacommousefilter.sys (Wacom Technology) DRV - (WacomVKHid) -- C:\Windows\System32\drivers\WacomVKHid.sys (Wacom Technology) DRV - (XPADFL02) -- C:\Windows\System32\drivers\xPADFL02.sys (Compuware Corporation) DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation) DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.) DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation) DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.) DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.) DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.) DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic) DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic) DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation) DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.) DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.) DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.) DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies) DRV - (BCM43XV) -- C:\Windows\System32\drivers\BCMWL6.SYS (Broadcom Corporation) DRV - (secdrv) -- C:\Windows\System32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) DRV - (mdmxsdk) -- C:\Windows\System32\drivers\mdmxsdk.sys (Conexant) DRV - (Ser2pl) -- C:\Windows\System32\drivers\ser2pl.sys (Prolific Technology Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = .local ========== FireFox ========== FF - prefs.js..browser.search.openintab: true FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "http://my.deviantart.com/messages/" FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170633FE}:0.4.5.14 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3 FF - prefs.js..extensions.enabledItems: downintab@max.max:0.0.9 FF - prefs.js..extensions.enabledItems: {c50ca3c4-5656-43c2-a061-13e717f73fc8}:3.0.8 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20091209.4 FF - prefs.js..extensions.enabledItems: {35106bca-6c78-48c7-ac28-56df30b51d2a}:1.3.7 FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:2.9 FF - prefs.js..extensions.enabledItems: restart@restart.org:0.3 FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe30}:0.6.7.4 FF - prefs.js..extensions.enabledItems: {46551EC9-40F0-4e47-8E18-8E5CF550CFB8}:1.0.7 FF - prefs.js..extensions.enabledItems: {D46E8522-6E86-44b1-A622-58C0668AD78E}:3.2.2 FF - prefs.js..network.proxy.type: 2 FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 [2008/06/24 23:50:52 \| 00,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2009/12/23 23:15:18 \| 00,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/12/18 00:52:23 \| 00,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Mozilla Firefox 3.5.5\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/12/17 23:33:40 \| 00,000,000 \| ---D \| M] [2009/11/20 20:37:04 \| 00,000,000 \| ---D \| M] -- C:\Users\Shrimpboat\AppData\Roaming\Mozilla\Extensions [2010/01/10 11:24:07 \| 00,000,000 \| ---D \| M] -- C:\Users\Shrimpboat\AppData\Roaming\Mozilla\Firefox\Profiles\f9rg6sat.default\extensions [2009/12/07 14:21:02 \| 00,000,000 \| ---D \| M] (Session Manager) -- C:\Users\Shrimpboat\AppData\Roaming\Mozilla\Firefox\Profiles\f9rg6sat.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30} [2009/11/21 13:10:04 \| 00,000,000 \| ---D \| M] (Linkification) -- C:\Users\Shrimpboat\AppData\Roaming\Mozilla\Firefox\Profiles\f9rg6sat.default\extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a} [2009/11/20 21:31:16 \| 00,000,000 \| ---D \| M] (Stylish) -- C:\Users\Shrimpboat\AppData\Roaming\Mozilla\Firefox\Profiles\f9rg6sat.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8} [2009/12/22 03:17:21 \| 00,000,000 \| ---D \| M] (eBay Sidebar for Firefox) -- C:\Users\Shrimpboat\AppData\Roaming\Mozilla\Firefox\Profiles\f9rg6sat.default\extensions\{62760FD6-B943-48C9-AB09-F99C6FE96088}(390) [2009/11/20 20:50:28 \| 00,000,000 \| ---D \| M] (4chan) -- C:\Users\Shrimpboat\AppData\Roaming\Mozilla\Firefox\Profiles\f9rg6sat.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE} [2009/11/20 20:50:28 \| 00,000,000 \| ---D \| M] (Fast Video Download (with SearchMenu)) -- C:\Users\Shrimpboat\AppData\Roaming\Mozilla\Firefox\Profiles\f9rg6sat.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8} [2010/01/10 11:23:57 \| 00,000,000 \| ---D \| M] (Adblock Plus) -- C:\Users\Shrimpboat\AppData\Roaming\Mozilla\Firefox\Profiles\f9rg6sat.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2009/11/20 20:42:53 \| 00,000,000 \| ---D \| M] (Classic Compact) -- C:\Users\Shrimpboat\AppData\Roaming\Mozilla\Firefox\Profiles\f9rg6sat.default\extensions\{D46E8522-6E86-44b1-A622-58C0668AD78E} [2009/12/09 01:11:19 \| 00,000,000 \| ---D \| M] (Greasemonkey) -- C:\Users\Shrimpboat\AppData\Roaming\Mozilla\Firefox\Profiles\f9rg6sat.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2009/11/20 20:50:28 \| 00,000,000 \| ---D \| M] -- C:\Users\Shrimpboat\AppData\Roaming\Mozilla\Firefox\Profiles\f9rg6sat.default\extensions\downintab@max.max [2009/11/20 20:50:29 \| 00,000,000 \| ---D \| M] -- C:\Users\Shrimpboat\AppData\Roaming\Mozilla\Firefox\Profiles\f9rg6sat.default\extensions\restart@restart.org [2009/11/20 20:42:57 \| 00,000,000 \| ---D \| M] (No name found) -- C:\Users\Shrimpboat\AppData\Roaming\Mozilla\Firefox\Profiles\f9rg6sat.default\extensions\{D46E8522-6E86-44b1-A622-58C0668AD78E}\chrome\mozapps\extensions [2009/11/20 21:00:47 \| 00,000,921 \| ---- \| M] () -- C:\Users\Shrimpboat\AppData\Roaming\Mozilla\Firefox\Profiles\f9rg6sat.default\searchplugins\dictionarycom.xml [2009/11/20 20:39:52 \| 00,001,626 \| ---- \| M] () -- C:\Users\Shrimpboat\AppData\Roaming\Mozilla\Firefox\Profiles\f9rg6sat.default\searchplugins\mozilla-add-ons.xml [2009/11/20 21:01:01 \| 00,000,918 \| ---- \| M] () -- C:\Users\Shrimpboat\AppData\Roaming\Mozilla\Firefox\Profiles\f9rg6sat.default\searchplugins\thesauruscom.xml [2009/11/20 21:00:30 \| 00,002,013 \| ---- \| M] () -- C:\Users\Shrimpboat\AppData\Roaming\Mozilla\Firefox\Profiles\f9rg6sat.default\searchplugins\urban-dictionary.xml [2009/11/20 20:36:41 \| 00,000,000 \| ---D \| M] -- C:\Program Files\Mozilla Firefox\extensions O1 HOSTS File: (366488 bytes) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 12613 more lines... O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found. O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll () O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (HP Smart BHO Class) - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll () O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software) O4 - HKLM..\Run: [Conime] C:\Windows\System32\conime.exe (Microsoft Corporation) O4 - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe (Eastman Kodak Company) O4 - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [QPService] C:\Program Files\HP\QuickPlay\QPService.exe (CyberLink Corp.) O4 - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics, Inc.) O4 - HKCU..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - Startup: C:\Users\Shrimpboat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Shrimpboat\AppData\Roaming\Dropbox\bin\Dropbox.exe () O4 - Startup: C:\Users\Shrimpboat\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stickies.lnk = C:\Program Files\Stickies\stickies.exe (Zhorn Software) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O15 - HKLM\..Trusted Domains: 58 domain(s) and sub-domain(s) not assigned to a zone. O15 - HKCU\..Trusted Domains: real.com ([rhap-app-4-0] https in Trusted sites) O15 - HKCU\..Trusted Domains: real.com ([rhapreg] https in Trusted sites) O15 - HKCU\..Trusted Domains: 65 domain(s) and sub-domain(s) not assigned to a zone. O15 - HKCU\..Trusted Ranges: Range1 ([http] in Local intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_13) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll () O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008/06/24 23:20:48 \| 00,000,074 \| ---- \| M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2005/09/28 02:20:18 \| 00,000,000 \| ---D \| M] - E:\AutoRun -- [ CDFS ] O32 - AutoRun File - [2005/09/28 01:55:17 \| 00,700,416 \| R--- \| M] (Electronic Arts Inc.) - E:\AutoRun.exe -- [ CDFS ] O32 - AutoRun File - [2005/09/28 00:25:53 \| 00,606,208 \| R--- \| M] (Electronic Arts Inc.) - E:\AutoRunGUI.dll -- [ CDFS ] O32 - AutoRun File - [2005/09/28 02:18:19 \| 00,000,138 \| R--- \| M] () - E:\autorun.inf -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk ) - File not found O34 - HKLM BootExecute: (autocheck lsdelete) - File not found O34 - HKLM BootExecute: (autocheck lsdelete) - File not found O34 - HKLM BootExecute: (lsdelete) - C:\Windows\System32\lsdelete.exe () O35 - comfile [open] -- "%1" %* O35 - exefile [open] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010/01/10 01:34:42 \| 00,000,000 \| ---D \| C] -- C:\Users\Shrimpboat\AppData\Local\temp [2010/01/10 01:32:41 \| 00,000,000 \| -HSD \| C] -- C:\$RECYCLE.BIN [2010/01/09 23:29:48 \| 00,000,000 \| ---D \| C] -- C:\ComboFix [2010/01/09 23:28:30 \| 00,212,480 \| ---- \| C] (SteelWerX) -- C:\Windows\SWXCACLS.exe [2010/01/09 13:31:58 \| 00,021,560 \| ---- \| C] (Microsoft Corporation) -- C:\atapi.sys [2010/01/08 13:45:02 \| 00,161,792 \| ---- \| C] (SteelWerX) -- C:\Windows\SWREG.exe [2010/01/08 13:45:02 \| 00,136,704 \| ---- \| C] (SteelWerX) -- C:\Windows\SWSC.exe [2010/01/08 13:45:02 \| 00,031,232 \| ---- \| C] (NirSoft) -- C:\Windows\NIRCMD.exe [2010/01/08 13:44:45 \| 00,000,000 \| ---D \| C] -- C:\Windows\ERDNT [2010/01/08 13:44:08 \| 00,000,000 \| ---D \| C] -- C:\Qoobox [2010/01/08 13:19:47 \| 00,000,000 \| ---D \| C] -- C:\_OTL [2010/01/07 12:30:57 \| 00,513,536 \| ---- \| C] (OldTimer Tools) -- C:\Users\Shrimpboat\Desktop\OTL.exe [2010/01/06 13:02:26 \| 00,000,000 \| ---D \| C] -- C:\Users\Public\Documents\EA Games [2010/01/06 13:00:38 \| 00,000,000 \| ---D \| C] -- C:\Users\Shrimpboat\Documents\EA Games [2010/01/06 12:41:17 \| 00,442,368 \| R--- \| C] (On2.com) -- C:\Windows\System32\vp6vfw.dll [2010/01/04 13:01:07 \| 00,000,000 \| ---D \| C] -- C:\WTablet [2009/12/23 13:15:56 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Trend Micro [2009/12/21 11:20:13 \| 00,000,000 \| ---D \| C] -- C:\Users\Shrimpboat\AppData\Roaming\U3 [2009/12/19 10:57:01 \| 00,000,000 \| ---D \| C] -- C:\Users\Shrimpboat\AppData\Roaming\Malwarebytes [2009/12/19 10:56:52 \| 00,038,224 \| ---- \| C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2009/12/19 10:56:50 \| 00,000,000 \| ---D \| C] -- C:\ProgramData\Malwarebytes [2009/12/19 10:56:49 \| 00,019,160 \| ---- \| C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2009/12/19 10:56:49 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Malwarebytes' Anti-Malware [2009/12/19 10:48:57 \| 00,000,000 \| ---D \| C] -- C:\ProgramData\Spybot - Search & Destroy [2009/12/19 10:48:57 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Spybot - Search & Destroy [2009/12/18 22:05:28 \| 00,000,000 \| ---D \| C] -- C:\ProgramData\WindowsSearch [2009/12/18 18:56:24 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Common Files\ParetoLogic [2009/12/18 18:56:23 \| 00,000,000 \| ---D \| C] -- C:\ProgramData\ParetoLogic [2009/12/18 02:22:38 \| 00,064,288 \| ---- \| C] (Lavasoft AB) -- C:\Windows\System32\drivers\Lbd.sys [2009/12/17 23:13:14 \| 00,000,000 \| -H-D \| C] -- C:\ProgramData\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6} [2009/12/17 14:38:23 \| 00,000,000 \| ---D \| C] -- C:\Users\Shrimpboat\AppData\Roaming\Auslogics [2009/12/17 14:38:20 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Auslogics ========== Files - Modified Within 30 Days ========== [2010/01/10 23:52:38 \| 08,126,464 \| -HS- \| M] () -- C:\Users\Shrimpboat\ntuser.dat [2010/01/10 23:42:04 \| 00,043,034 \| ---- \| M] () -- C:\ProgramData\nvModes.001 [2010/01/10 23:41:57 \| 00,067,584 \| --S- \| M] () -- C:\Windows\bootstat.dat [2010/01/10 13:26:26 \| 00,003,344 \| -H-- \| M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2010/01/10 13:26:26 \| 00,003,344 \| -H-- \| M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2010/01/10 08:23:11 \| 00,000,370 \| ---- \| M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 2).job [2010/01/10 02:22:12 \| 00,000,370 \| ---- \| M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 1).job [2010/01/10 01:41:00 \| 00,870,128 \| ---- \| M] () -- C:\Users\Shrimpboat\AppData\Roaming\mcs.rma [2010/01/10 01:41:00 \| 00,000,004 \| ---- \| M] () -- C:\Users\Shrimpboat\AppData\Roaming\A3206C [2010/01/10 01:28:53 \| 00,000,215 \| ---- \| M] () -- C:\Windows\system.ini [2010/01/09 23:32:40 \| 00,690,960 \| ---- \| M] () -- C:\Windows\System32\PerfStringBackup.INI [2010/01/09 23:32:40 \| 00,595,684 \| ---- \| M] () -- C:\Windows\System32\perfh009.dat [2010/01/09 23:32:40 \| 00,101,350 \| ---- \| M] () -- C:\Windows\System32\perfc009.dat [2010/01/09 23:29:47 \| 00,000,370 \| ---- \| M] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job [2010/01/09 23:29:47 \| 00,000,370 \| ---- \| M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 4).job [2010/01/09 23:29:46 \| 00,000,370 \| ---- \| M] () -- C:\Windows\tasks\Ad-Aware Update (Daily 3).job [2010/01/09 23:27:18 \| 00,000,246 \| ---- \| M] () -- C:\ProgramData\hpqp.ini [2010/01/09 23:27:09 \| 00,000,435 \| ---- \| M] () -- C:\Windows\System32\drivers\etc\hosts.ics [2010/01/09 23:26:31 \| 00,000,006 \| -H-- \| M] () -- C:\Windows\tasks\SA.DAT [2010/01/09 23:26:16 \| 18,772,95104 \| -HS- \| M] () -- C:\hiberfil.sys [2010/01/09 23:18:35 \| 07,026,464 \| -HS- \| M] () -- C:\Windows\System32\drivers\fidbox.dat [2010/01/09 23:18:35 \| 00,081,824 \| -HS- \| M] () -- C:\Windows\System32\drivers\fidbox.idx [2010/01/09 23:18:33 \| 00,524,288 \| -HS- \| M] () -- C:\Users\Shrimpboat\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms [2010/01/09 23:18:33 \| 00,065,536 \| -HS- \| M] () -- C:\Users\Shrimpboat\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf [2010/01/09 23:17:32 \| 02,916,564 \| -H-- \| M] () -- C:\Users\Shrimpboat\AppData\Local\IconCache.db [2010/01/08 13:36:53 \| 03,819,182 \| R--- \| M] () -- C:\Users\Shrimpboat\Desktop\ComboFix.exe [2010/01/08 13:23:24 \| 00,043,034 \| ---- \| M] () -- C:\ProgramData\nvModes.dat [2010/01/08 13:13:51 \| 33,504,7424 \| ---- \| M] () -- C:\Users\Shrimpboat\Desktop\registrybackup.reg [2010/01/08 12:56:59 \| 00,001,630 \| ---- \| M] () -- C:\Users\Shrimpboat\Desktop\CCleaner.lnk [2010/01/08 00:35:20 \| 00,000,505 \| ---- \| M] () -- C:\Users\Shrimpboat\Documents\My Sharing Folders.lnk [2010/01/07 12:31:18 \| 00,293,376 \| ---- \| M] () -- C:\Users\Shrimpboat\Desktop\ogse1f9w.exe [2010/01/07 12:30:57 \| 00,513,536 \| ---- \| M] (OldTimer Tools) -- C:\Users\Shrimpboat\Desktop\OTL.exe [2010/01/06 02:32:37 \| 00,004,706 \| ---- \| M] () -- C:\Users\Shrimpboat\Desktop\Attach.zip [2010/01/01 15:02:13 \| 00,001,233 \| ---- \| M] () -- C:\Windows\cdplayer.ini [2009/12/31 04:05:05 \| 00,000,342 \| ---- \| M] () -- C:\Windows\tasks\HPCeeScheduleForShrimpboat.job [2009/12/23 13:15:56 \| 00,001,834 \| ---- \| M] () -- C:\Users\Shrimpboat\Desktop\HijackThis.lnk [2009/12/19 11:26:06 \| 00,366,488 \| R--- \| M] () -- C:\Windows\System32\drivers\etc\hosts [2009/12/19 11:24:44 \| 00,000,177 \| ---- \| M] () -- C:\Windows\wininit.ini [2009/12/19 11:06:53 \| 00,002,577 \| ---- \| M] () -- C:\Windows\System32\config.nt [2009/12/19 10:49:05 \| 00,001,015 \| ---- \| M] () -- C:\Users\Shrimpboat\Desktop\Spybot - Search & Destroy.lnk [2009/12/19 10:05:06 \| 00,004,608 \| ---- \| M] () -- C:\Windows\System32\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/12/18 22:07:44 \| 00,182,272 \| ---- \| M] () -- C:\Users\Shrimpboat\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/12/18 19:12:42 \| 00,002,506 \| ---- \| M] () -- C:\rollback.ini [2009/12/18 10:54:49 \| 05,452,215 \| ---- \| M] () -- C:\Users\Shrimpboat\Documents\Radiation - A Very Hussie Christmas2.mp3 [2009/12/18 02:22:28 \| 00,015,880 \| ---- \| M] () -- C:\Windows\System32\lsdelete.exe [2009/12/18 02:19:21 \| 00,000,967 \| ---- \| M] () -- C:\Users\Public\Desktop\Ad-Aware.lnk [2009/12/17 23:34:03 \| 04,456,448 \| -HS- \| M] () -- C:\Users\Shrimpboat\ntuser.dat_previous [2009/12/17 14:49:01 \| 00,001,802 \| ---- \| M] () -- C:\Users\Shrimpboat\Documents\ps_pi_stupid.rtf [2009/12/15 00:15:14 \| 00,002,709 \| ---- \| M] () -- C:\Users\Public\Documents\Global.sw2 ========== Files Created - No Company Name ========== [2010/01/09 23:29:47 \| 00,000,370 \| ---- \| C] () -- C:\Windows\tasks\Ad-Aware Update (Weekly).job [2010/01/09 23:29:46 \| 00,000,370 \| ---- \| C] () -- C:\Windows\tasks\Ad-Aware Update (Daily 4).job [2010/01/09 23:29:46 \| 00,000,370 \| ---- \| C] () -- C:\Windows\tasks\Ad-Aware Update (Daily 3).job [2010/01/09 23:29:45 \| 00,000,370 \| ---- \| C] () -- C:\Windows\tasks\Ad-Aware Update (Daily 2).job [2010/01/09 23:29:11 \| 00,000,370 \| ---- \| C] () -- C:\Windows\tasks\Ad-Aware Update (Daily 1).job [2010/01/08 13:45:02 \| 00,261,632 \| ---- \| C] () -- C:\Windows\PEV.exe [2010/01/08 13:45:02 \| 00,098,816 \| ---- \| C] () -- C:\Windows\sed.exe [2010/01/08 13:45:02 \| 00,080,412 \| ---- \| C] () -- C:\Windows\grep.exe [2010/01/08 13:45:02 \| 00,077,312 \| ---- \| C] () -- C:\Windows\MBR.exe [2010/01/08 13:45:02 \| 00,068,096 \| ---- \| C] () -- C:\Windows\zip.exe [2010/01/08 13:39:06 \| 03,819,182 \| R--- \| C] () -- C:\Users\Shrimpboat\Desktop\ComboFix.exe [2010/01/08 13:11:26 \| 33,504,7424 \| ---- \| C] () -- C:\Users\Shrimpboat\Desktop\registrybackup.reg [2010/01/07 16:50:47 \| 18,772,95104 \| -HS- \| C] () -- C:\hiberfil.sys [2010/01/07 12:31:18 \| 00,293,376 \| ---- \| C] () -- C:\Users\Shrimpboat\Desktop\ogse1f9w.exe [2010/01/06 02:32:36 \| 00,004,706 \| ---- \| C] () -- C:\Users\Shrimpboat\Desktop\Attach.zip [2009/12/23 13:15:56 \| 00,001,834 \| ---- \| C] () -- C:\Users\Shrimpboat\Desktop\HijackThis.lnk [2009/12/19 11:24:43 \| 00,000,177 \| ---- \| C] () -- C:\Windows\wininit.ini [2009/12/19 10:49:05 \| 00,001,015 \| ---- \| C] () -- C:\Users\Shrimpboat\Desktop\Spybot - Search & Destroy.lnk [2009/12/19 09:58:50 \| 00,004,608 \| ---- \| C] () -- C:\Windows\System32\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/12/18 19:13:02 \| 07,026,464 \| -HS- \| C] () -- C:\Windows\System32\drivers\fidbox.dat [2009/12/18 19:13:02 \| 00,081,824 \| -HS- \| C] () -- C:\Windows\System32\drivers\fidbox.idx [2009/12/18 19:12:42 \| 00,002,506 \| ---- \| C] () -- C:\rollback.ini [2009/12/18 10:54:41 \| 05,452,215 \| ---- \| C] () -- C:\Users\Shrimpboat\Documents\Radiation - A Very Hussie Christmas2.mp3 [2009/12/18 02:19:21 \| 00,000,967 \| ---- \| C] () -- C:\Users\Public\Desktop\Ad-Aware.lnk [2009/12/17 14:32:56 \| 00,001,802 \| ---- \| C] () -- C:\Users\Shrimpboat\Documents\ps_pi_stupid.rtf [2009/11/29 23:30:19 \| 00,000,246 \| ---- \| C] () -- C:\ProgramData\hpqp.ini [2009/11/27 15:06:18 \| 00,052,686 \| ---- \| C] () -- C:\Users\Shrimpboat\AppData\Local\c4u.log [2009/11/27 14:23:14 \| 00,828,342 \| ---- \| C] () -- C:\Users\Shrimpboat\AppData\Local\installer.log [2009/11/13 16:17:40 \| 00,001,233 \| ---- \| C] () -- C:\Windows\cdplayer.ini [2009/09/01 11:54:34 \| 00,870,128 \| ---- \| C] () -- C:\Users\Shrimpboat\AppData\Roaming\mcs.rma [2009/09/01 11:54:34 \| 00,000,004 \| ---- \| C] () -- C:\Users\Shrimpboat\AppData\Roaming\A3206C [2009/08/18 16:55:15 \| 00,001,890 \| -HS- \| C] () -- C:\ProgramData\KGyGaAvL.sys [2009/08/18 16:55:15 \| 00,000,088 \| RHS- \| C] () -- C:\ProgramData\25938D00CD.sys [2009/08/03 14:07:42 \| 00,403,816 \| ---- \| C] () -- C:\Windows\System32\OGACheckControl.dll [2009/07/14 12:53:36 \| 00,237,568 \| ---- \| C] () -- C:\Windows\System32\Unlha32.dll [2009/07/14 12:53:35 \| 00,473,600 \| ---- \| C] () -- C:\Windows\System32\Harmony.dll [2009/07/07 13:10:49 \| 00,000,023 \| ---- \| C] () -- C:\Windows\BlendSettings.ini [2009/06/05 11:47:42 \| 00,000,050 \| ---- \| C] () -- C:\Windows\MegaManager.INI [2009/04/09 17:09:33 \| 00,247,560 \| ---- \| C] () -- C:\Windows\System32\prgiso.dll [2009/04/09 17:09:26 \| 04,244,744 \| ---- \| C] () -- C:\Windows\System32\qtp-mt334.dll [2009/04/09 17:09:26 \| 00,013,576 \| ---- \| C] () -- C:\Windows\System32\wnaspi32.dll [2009/02/11 14:54:33 \| 00,765,952 \| ---- \| C] () -- C:\Windows\System32\xvidcore.dll [2009/02/11 14:54:32 \| 00,180,224 \| ---- \| C] () -- C:\Windows\System32\xvidvfw.dll [2009/02/06 14:13:54 \| 00,000,547 \| ---- \| C] () -- C:\Windows\System32\ff_vfw.dll.manifest [2009/01/07 20:50:50 \| 00,000,056 \| RHS- \| C] () -- C:\Windows\System32\CD008D9325.sys [2009/01/07 20:50:46 \| 00,001,890 \| -HS- \| C] () -- C:\Windows\System32\KGyGaAvL.sys [2008/12/04 11:51:56 \| 00,007,592 \| ---- \| C] () -- C:\Users\Shrimpboat\AppData\Local\d3d9caps.dat [2008/12/01 16:34:25 \| 00,182,272 \| ---- \| C] () -- C:\Users\Shrimpboat\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008/11/28 09:34:29 \| 00,000,000 \| ---- \| C] () -- C:\Users\Shrimpboat\AppData\Local\QSwitch.txt [2008/11/28 09:34:29 \| 00,000,000 \| ---- \| C] () -- C:\Users\Shrimpboat\AppData\Local\DSwitch.txt [2008/11/28 09:34:29 \| 00,000,000 \| ---- \| C] () -- C:\Users\Shrimpboat\AppData\Local\AtStart.txt [2008/11/24 15:32:44 \| 00,005,120 \| ---- \| C] () -- C:\Windows\System32\ff_vfw.dll [2008/10/13 07:07:43 \| 00,043,034 \| ---- \| C] () -- C:\ProgramData\nvModes.001 [2008/10/13 07:07:40 \| 00,043,034 \| ---- \| C] () -- C:\ProgramData\nvModes.dat [2008/06/24 23:36:20 \| 00,000,688 \| ---- \| C] () -- C:\ProgramData\hpzinstall.log [2008/06/11 08:02:34 \| 00,058,648 \| ---- \| C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2008/06/11 08:02:34 \| 00,058,648 \| ---- \| C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2008/06/11 08:02:34 \| 00,058,648 \| ---- \| C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2008/06/11 08:02:34 \| 00,058,648 \| ---- \| C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2008/06/11 08:02:34 \| 00,058,648 \| ---- \| C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2008/06/11 08:02:34 \| 00,058,648 \| ---- \| C] () -- C:\Windows\System32\AgCPanelKorean.dll [2008/06/11 08:02:32 \| 00,058,648 \| ---- \| C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2008/06/11 08:02:32 \| 00,058,648 \| ---- \| C] () -- C:\Windows\System32\AgCPanelGerman.dll [2008/06/11 08:02:32 \| 00,058,648 \| ---- \| C] () -- C:\Windows\System32\AgCPanelFrench.dll [2008/06/05 07:58:26 \| 00,197,912 \| ---- \| C] () -- C:\Windows\System32\physxcudart_20.dll [2008/06/01 00:13:10 \| 00,053,299 \| ---- \| C] () -- C:\Windows\System32\pthreadVC.dll [2007/09/04 11:56:10 \| 00,164,352 \| ---- \| C] () -- C:\Windows\System32\unrar.dll [2007/02/05 20:05:26 \| 00,000,038 \| ---- \| C] () -- C:\Windows\AviSplitter.INI [2006/11/02 05:35:32 \| 00,005,632 \| ---- \| C] () -- C:\Windows\System32\sysprepMCE.dll [2006/11/02 00:40:29 \| 00,013,750 \| ---- \| C] () -- C:\Windows\System32\pacerprf.ini [2006/03/09 02:58:00 \| 01,060,424 \| ---- \| C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2005/08/30 00:00:00 \| 00,781,312 \| ---- \| C] () -- C:\Windows\System32\RGSS102J.dll [2005/08/30 00:00:00 \| 00,778,752 \| ---- \| C] () -- C:\Windows\System32\RGSS102E.dll [2005/08/30 00:00:00 \| 00,771,584 \| ---- \| C] () -- C:\Windows\System32\RGSS100J.dll [2002/06/06 02:01:58 \| 00,029,696 \| ---- \| C] () -- C:\Windows\System32\asutl8.dll ========== LOP Check ========== [2008/12/21 23:49:29 \| 00,000,000 \| ---D \| M] -- C:\Users\Shrimpboat\AppData\Roaming\acccore [2009/04/02 20:49:54 \| 00,000,000 \| ---D \| M] -- C:\Users\Shrimpboat\AppData\Roaming\Anvil Studio [2009/12/17 14:38:23 \| 00,000,000 \| ---D \| M] -- C:\Users\Shrimpboat\AppData\Roaming\Auslogics [2010/01/09 23:29:19 \| 00,000,000 \| ---D \| M] -- C:\Users\Shrimpboat\AppData\Roaming\Dropbox [2009/12/23 05:20:44 \| 00,000,000 \| ---D \| M] -- C:\Users\Shrimpboat\AppData\Roaming\IrfanView [2009/05/15 23:39:23 \| 00,000,000 \| ---D \| M] -- C:\Users\Shrimpboat\AppData\Roaming\Magic Set Editor [2008/12/23 23:24:31 \| 00,000,000 \| ---D \| M] -- C:\Users\Shrimpboat\AppData\Roaming\MSNInstaller [2008/12/11 14:38:30 \| 00,000,000 \| ---D \| M] -- C:\Users\Shrimpboat\AppData\Roaming\NCH Swift Sound [2009/03/05 14:28:23 \| 00,000,000 \| ---D \| M] -- C:\Users\Shrimpboat\AppData\Roaming\Opera [2008/12/11 15:34:51 \| 00,000,000 \| ---D \| M] -- C:\Users\Shrimpboat\AppData\Roaming\SPORE [2008/11/28 22:44:20 \| 00,000,000 \| ---D \| M] -- C:\Users\Shrimpboat\AppData\Roaming\SPORE Creature Creator [2010/01/09 23:29:15 \| 00,000,000 \| ---D \| M] -- C:\Users\Shrimpboat\AppData\Roaming\stickies [2008/11/28 15:54:55 \| 00,000,000 \| ---D \| M] -- C:\Users\Shrimpboat\AppData\Roaming\SystemRequirementsLab [2009/12/09 21:55:20 \| 00,000,000 \| ---D \| M] -- C:\Users\Shrimpboat\AppData\Roaming\Temp [2009/01/20 14:41:29 \| 00,000,000 \| ---D \| M] -- C:\Users\Shrimpboat\AppData\Roaming\Unity [2010/01/10 02:22:12 \| 00,000,370 \| ---- \| M] () -- C:\Windows\Tasks\Ad-Aware Update (Daily 1).job [2010/01/10 08:23:11 \| 00,000,370 \| ---- \| M] () -- C:\Windows\Tasks\Ad-Aware Update (Daily 2).job [2010/01/09 23:29:46 \| 00,000,370 \| ---- \| M] () -- C:\Windows\Tasks\Ad-Aware Update (Daily 3).job [2010/01/09 23:29:47 \| 00,000,370 \| ---- \| M] () -- C:\Windows\Tasks\Ad-Aware Update (Daily 4).job [2010/01/09 23:29:47 \| 00,000,370 \| ---- \| M] () -- C:\Windows\Tasks\Ad-Aware Update (Weekly).job [2010/01/09 23:18:05 \| 00,032,560 \| ---- \| M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:5C321E34 < End of report >

chamber View Member Profile	Jan 11 2010, 03:55 AM Post #12
Bleepin' Geek Group: Malware Response Team Posts: 328 Joined: 2-April 09 From: ~/ Member No.: 315,940	Download TFC to your desktop Open the file and close any other windows. It will close all programs itself when run, make sure to let it run uninterrupted. Click the Start button to begin the process. The program should not take long to finish its job Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean Please download Malwarebytes' Anti-Malware from Here. Double Click mbam-setup.exe to install the application. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish. If an update is found, it will download and install the latest version. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient. When the scan is complete, click OK, then Show Results to view the results. Make sure that everything is checked, and click Remove Selected. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note) The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM. Copy&Paste the entire report in your next reply. Extra Note: If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly. Please download JavaRa to your desktop and unzip it to its own folder Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions. Accept any prompts. Open JavaRa.exe again and select Search For Updates. Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer. Using Internet Explorer or Firefox, visit Kaspersky Online Scanner 1. Click Accept, when prompted to download and install the program files and database of malware definitions. 2. To optimize scanning time and produce a more sensible report for review: Close any open programs Turn off the real time scanner of any existing antivirus program while performing the online scan. Click HERE to see how to disable the most common antivirus programs. 3. Click Run at the Security prompt. The program will then begin downloading and installing and will also update the database. Please be patient as this can take quite a long time to download. Once the update is complete, click on Settings. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, adware, dialers, and other riskware Archives E-mail databases Click on My Computer under the green Scan bar to the left to start the scan. Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it. Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined. Click View report... at the bottom. Click the Save report... button. Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next reply -------------------- watch me and tremble, for I bring the purity of oblivion Sudo apt-get me a sandwich! Proud graduate of GeekU

shrimpboat View Member Profile	Jan 12 2010, 02:54 PM Post #13
New Member Group: Members Posts: 9 Joined: 24-December 09 Member No.: 423,221	Malwarebytes' Anti-Malware 1.44 Database version: 3541 Windows 6.0.6001 Service Pack 1 Internet Explorer 8.0.6001.18865 1/11/2010 12:58:28 PM mbam-log-2010-01-11 (12-58-28).txt Scan type: Quick Scan Objects scanned: 111655 Time elapsed: 8 minute(s), 5 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7.0: scan report Tuesday, January 12, 2010 Operating system: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 1 (build 6001) Kaspersky Online Scanner version: 7.0.26.13 Last database update: Monday, January 11, 2010 20:57:10 Records in database: 3299053 -------------------------------------------------------------------------------- Scan settings: scan using the following database: extended Scan archives: yes Scan e-mail databases: yes Scan area - My Computer: C:\ D:\ E:\ F:\ G:\ Scan statistics: Objects scanned: 285427 Threats found: 2 Infected objects found: 5 Suspicious objects found: 0 Scan duration: 11:35:53 File name / Threat / Threats count C:\Windows\System32\drivers\atapi.old Infected: Rootkit.Win32.TDSS.u 1 F:\Games\PC\PC-PacMan.World.Rally[English]\rld-pmwr.iso Infected: Trojan-Downloader.Win32.Agent.ayi 2 F:\Games\PC\PC-PacMan.World.Rally[English]\rld-pmwr.part04.rar Infected: Trojan-Downloader.Win32.Agent.ayi 2 Selected area has been scanned.

chamber View Member Profile	Jan 12 2010, 03:15 PM Post #14
Bleepin' Geek Group: Malware Response Team Posts: 328 Joined: 2-April 09 From: ~/ Member No.: 315,940	Please download OTM Save it to your desktop. Please double-click OTM to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator). Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy): CODE :Processes :Services :Reg :Files C:\Windows\System32\drivers\atapi.old F:\Games\PC\PC-PacMan.World.Rally[English]\rld-pmwr.iso F:\Games\PC\PC-PacMan.World.Rally[English]\rld-pmwr.part04.rar :Commands [purity] [emptytemp] [Reboot] Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste. Click the red Moveit! button. Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply. Close OTM and reboot your PC. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter .log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles* folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post. Download Security Check by screen317 from here or here. Save it to your Desktop. Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box. A Notepad document should open automatically called checkup.txt; please post the contents of that document. Post a fresh DDS log for me as well, also how things are currently running. -------------------- watch me and tremble, for I bring the purity of oblivion Sudo apt-get me a sandwich! Proud graduate of GeekU

shrimpboat View Member Profile	Jan 12 2010, 10:58 PM Post #15
New Member Group: Members Posts: 9 Joined: 24-December 09 Member No.: 423,221	All processes killed ========== PROCESSES ========== ========== SERVICES/DRIVERS ========== ========== REGISTRY ========== ========== FILES ========== File move failed. C:\Windows\System32\drivers\atapi.old scheduled to be moved on reboot. F:\Games\PC\PC-PacMan.World.Rally[English]\rld-pmwr.iso moved successfully. F:\Games\PC\PC-PacMan.World.Rally[English]\rld- pmwr.part04.rar moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Down ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Ginger ->Temp folder emptied: 0 bytes User: Public ->Temp folder emptied: 0 bytes User: Shrimpboat ->Temp folder emptied: 90894124 bytes ->Temporary Internet Files folder emptied: 4546995 bytes ->Java cache emptied: 13818443 bytes ->FireFox cache emptied: 52748090 bytes ->Opera cache emptied: 2471008 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 10438 bytes %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes %systemroot%\system32 \config\systemprofile\AppData\Local\Microsoft\Windows\Tempora ry Internet Files folder emptied: 33170 bytes %systemroot%\system32 \config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 243 bytes RecycleBin emptied: 76651 bytes Total Files Cleaned = 157.00 mb OTM by OldTimer - Version 3.1.5.0 log created on 01122010_200633 Files moved on Reboot... File move failed. C:\Windows\System32\drivers\atapi.old scheduled to be moved on reboot. File C:\Windows\temp\_avast4_\Webshlock.txt not found! C:\Windows\temp\sqlite_1cZYHFfYq6nzI4E moved successfully. C:\Windows\temp\sqlite_6KrrIeASiJnYcDL moved successfully. C:\Windows\temp\sqlite_TKzhzSysJcEuh9v moved successfully. Registry entries deleted on Reboot... Results of screen317's Security Check version 0.99.1 Windows Vista Service Pack 1 (UAC is disabled!) Out of date service pack!! `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Enabled! avast! Antivirus Antivirus up to date! (On Access scanning disabled!) `````````````````````````````` Anti-malware/Other Utilities Check: Ad-Aware SpywareBlaster 4.2 Spybot - Search & Destroy McAfee SiteAdvisor HijackThis 2.0.2 CCleaner Java™ 6 Update 17 Adobe Flash Player 10 Adobe Reader 8.1.2 Out of date Adobe Reader installed! `````````````````````````````` Process Check: objlist.exe by Laurent Ad-Aware AAWService.exe Ad-Aware AAWTray.exe is disabled! `````````````````````````````` DNS Vulnerability Check: Request Timed Out (Wireless Internet connection/Disconnected Internet/Proxy?) `````````End of Log``````````` DDS (Ver_09-12-01.01) - NTFSx86 Run by Shrimpboat at 20:36:47.15 on Tue 01/12/2010 Internet Explorer: 8.0.6001.18865 BrowserJavaVersion: 1.6.0_17 Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1790.381 [GMT -7:00] AV: Lavasoft Ad-Watch Live! Anti-Virus On-access scanning disabled (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33} SP: Spybot - Search and Destroy disabled (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9} SP: Lavasoft Ad-Watch Live! disabled (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22} SP: Windows Defender enabled (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46} ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\rundll32.exe C:\Windows\SYSTEM32\WISPTIS.EXE C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Windows\Explorer.EXE C:\Windows\system32\Dwm.exe C:\Windows\system32\WLANExt.exe C:\Windows\SYSTEM32\WISPTIS.EXE C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\taskeng.exe C:\Windows\system32\taskeng.exe C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe C:\Program Files\McAfee\SiteAdvisor\McSACore.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\rundll32.exe C:\Windows\SMINST\BLService.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\Pen_Tablet.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\WTablet\Pen_TabletUser.exe C:\Windows\system32\DRIVERS\xaudio.exe C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe C:\Windows\system32\Pen_Tablet.exe C:\Windows\system32\WUDFHost.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Windows\System32\alg.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\notepad.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Alwil Software\Avast4\ashDisp.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Windows\System32\rundll32.exe C:\Program Files\HP\QuickPlay\QPService.exe C:\Windows\System32\spool\drivers\w32x86\3\EKIJ5000MUI.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Windows\System32\mobsync.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Users\Shrimpboat\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\Program Files\Stickies\stickies.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\SearchProtocolHost.exe c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\notepad.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\Shrimpboat\Desktop\dds.scr C:\Windows\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/ mSearch Bar = hxxp://srch-qus8.hpwis.com/ uInternet Settings,ProxyOverride = *.local BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe" mRun: [Conime] %windir%\system32\conime.exe mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe" mRun: [EKIJ5000StatusMonitor] c:\windows\system32\spool\drivers\w32x86\3\EKIJ5000MUI.exe mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" StartupFolder: c:\users\shrimp~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\shrimpboat\appdata\roaming\dropbox\bin\Dropbox.exe StartupFolder: c:\users\shrimp~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\stickies.lnk - c:\program files\stickies\stickies.exe StartupFolder: c:\users\shrimp~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\dropbox.lnk - c:\users\shrimpboat\appdata\roaming\dropbox\bin\Dropbox.exe StartupFolder: c:\users\shrimp~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\stickies.lnk - c:\program files\stickies\stickies.exe mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll Trusted Zone: real.com\rhap-app-4-0 Trusted Zone: real.com\rhapreg DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Hosts: 127.0.0.1 www.spywareinfo.com ================= FIREFOX =================== FF - ProfilePath - c:\users\shrimp~1\appdata\roaming\mozilla\firefox\profiles\f9rg6sat.default\ FF - prefs.js: browser.startup.homepage - hxxp://my.deviantart.com/messages/ FF - prefs.js: network.proxy.type - 2 FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll FF - plugin: c:\program files\opera\program\plugins\npmmaud.dll FF - plugin: c:\program files\opera\program\plugins\npmmprog.dll FF - plugin: c:\program files\opera\program\plugins\npmmvid.dll FF - plugin: c:\program files\opera\program\plugins\npmmzip.dll FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll FF - plugin: c:\program files\vistacodecpack\rm\browser\plugins\nppl3260.dll FF - plugin: c:\program files\vistacodecpack\rm\browser\plugins\nprpjplug.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); ============= SERVICES / DRIVERS =============== R0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys [2009-4-9 39472] R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-12-18 64288] R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-11-28 114768] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-11-28 20560] R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2008-11-28 53328] R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2008-11-28 138680] R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\kodak\aio\center\ekdiscovery.exe [2009-8-5 284016] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-9-24 1181328] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-12-28 210216] R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2008-6-1 34064] R2 Recovery Service for Windows;Recovery Service for Windows;c:\windows\sminst\BLService.exe [2008-6-24 361808] R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2009-12-19 1153368] R2 TabletServicePen;TabletServicePen;c:\windows\system32\Pen_Tablet.exe [2008-12-1 3032360] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-11-28 24652] R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2008-11-28 254040] R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2008-11-28 352920] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-5-10 43040] R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [2008-12-1 15144] S3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-6-24 193840] S3 XPADFL02;XPAD Filter Service 02;c:\windows\system32\drivers\xPADFL02.sys [2009-3-20 27904] =============== Created Last 30 ================ 2010-01-13 03:06:34 0 d-----w- C:\_OTM 2010-01-10 08:32:41 0 d-sh--w- C:\$RECYCLE.BIN 2010-01-10 07:24:56 21560 ------w- c:\windows\system32\drivers\atapi.sys 2010-01-10 06:29:48 0 d-----w- C:\ComboFix 2010-01-09 20:31:58 21560 ----a-w- C:\atapi.sys 2010-01-08 20:45:02 98816 ----a-w- c:\windows\sed.exe 2010-01-08 20:45:02 77312 ----a-w- c:\windows\MBR.exe 2010-01-08 20:45:02 261632 ----a-w- c:\windows\PEV.exe 2010-01-08 20:45:02 161792 ----a-w- c:\windows\SWREG.exe 2010-01-08 20:19:47 0 d-----w- C:\_OTL 2010-01-06 19:41:17 442368 ----a-r- c:\windows\system32\vp6vfw.dll 2010-01-04 20:01:07 0 d-----w- C:\WTablet 2009-12-23 20:15:56 0 d-----w- c:\program files\Trend Micro 2009-12-19 18:24:43 177 ----a-w- c:\windows\wininit.ini 2009-12-19 17:57:01 0 d-----w- c:\users\shrimp~1\appdata\roaming\Malwarebytes 2009-12-19 17:56:52 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2009-12-19 17:56:50 0 d-----w- c:\programdata\Malwarebytes 2009-12-19 17:56:49 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-12-19 17:56:49 0 d-----w- c:\program files\Malwarebytes' Anti-Malware 2009-12-19 17:48:57 0 d-----w- c:\programdata\Spybot - Search & Destroy 2009-12-19 17:48:57 0 d-----w- c:\program files\Spybot - Search & Destroy 2009-12-19 16:58:50 4608 ----a-w- c:\windows\system32\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2009-12-19 05:05:28 0 d-----w- c:\programdata\WindowsSearch 2009-12-19 02:13:02 214676 --sha-w- c:\windows\system32\drivers\fidbox.idx 2009-12-19 02:13:02 15647776 --sha-w- c:\windows\system32\drivers\fidbox.dat 2009-12-19 02:12:42 2506 ----a-w- C:\rollback.ini 2009-12-19 01:56:24 0 d-----w- c:\program files\common files\ParetoLogic 2009-12-19 01:56:23 0 d-----w- c:\programdata\ParetoLogic 2009-12-18 09:22:38 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys 2009-12-18 06:13:14 0 dc-h--w- c:\programdata\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6} 2009-12-17 21:38:23 0 d-----w- c:\users\shrimp~1\appdata\roaming\Auslogics 2009-12-17 21:38:20 0 d-----w- c:\program files\Auslogics ==================== Find3M ==================== 2010-01-11 20:19:36 411368 ----a-w- c:\windows\system32\deploytk.dll 2010-01-08 20:23:24 43034 ----a-w- c:\programdata\nvModes.dat 2009-12-18 09:22:28 15880 ----a-w- c:\windows\system32\lsdelete.exe 2009-12-10 05:10:51 51200 ----a-w- c:\windows\inf\infpub.dat 2009-12-10 05:10:50 86016 ----a-w- c:\windows\inf\infstor.dat 2009-12-10 05:10:50 143360 ----a-w- c:\windows\inf\infstrng.dat 2009-11-30 09:38:20 104672 ----a-w- c:\windows\system32\GDIPFONTCACHEV1.DAT 2009-11-24 23:49:48 53328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys 2009-11-21 06:40:20 916480 ----a-w- c:\windows\system32\wininet.dll 2009-11-21 06:34:39 71680 ----a-w- c:\windows\system32\iesetup.dll 2009-11-21 06:34:39 109056 ----a-w- c:\windows\system32\iesysprep.dll 2009-11-21 04:59:58 133632 ----a-w- c:\windows\system32\ieUnatt.exe 2009-11-09 13:22:34 24064 ----a-w- c:\windows\system32\nshhttp.dll 2009-11-09 13:20:16 31232 ----a-w- c:\windows\system32\httpapi.dll 2009-11-06 01:04:26 1890 --sha-w- c:\windows\system32\KGyGaAvL.sys 2009-11-03 03:42:06 195456 ------w- c:\windows\system32\MpSigStub.exe 2009-10-29 09:41:23 2048 ----a-w- c:\windows\system32\tzres.dll 2008-06-25 03:46:05 665600 ----a-w- c:\windows\inf\drvindex.dat 2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini 2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat 2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat 2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat 2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat 2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat 2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat 2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat 2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat 2009-01-08 03:50:50 56 --sha-r- c:\windows\system32\CD008D9325.sys 2009-04-20 17:21:39 16384 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\feeds cache\index.dat 2008-10-13 14:21:22 8192 --sha-w- c:\windows\users\default\NTUSER.DAT ============= FINISH: 20:39:14.72 =============== Things are running just fine now. Nothing noticeable!

« Next Oldest · Virus, Trojan, Spyware, and Malware Removal Logs · Next Newest »

2 Pages

1 2 >

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Display Mode: Standard · Switch to: Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

Lo-Fi Version

Time is now: 29th July 2010 - 09:38 AM

Advertise \| About Us \| Terms of Use \| Privacy Policy \| Contact Us \| Site Map \| Chat \| Tutorials \| Uninstall List
Discussion Forums \| The Computer Glossary \| Resources \| RSS Feeds \| Startups \| The File Database \| Virus Removal Guides