Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google searches redirects me to various websites


  • This topic is locked This topic is locked
9 replies to this topic

#1 Sean Chen

Sean Chen

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:33 AM

Posted 12 January 2009 - 07:31 PM

Once in a while, when I click on a link through Google, the bottom url flashes that it is being redirected though goougly.com or some other website. I've run many virus and malware scans but came out empty handed. This only appears to occur when I use firefox, but deleting temporary files and reinstalling did not solve the problem. Here is my DDS scan result:

DDS (Ver_09-01-07.01) - NTFSx86
Run by Administrator at 18:23:26.62 on Mon 01/12/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2007 [GMT -6:00]

AV: ZoneAlarm Security Suite Antivirus *On-access scanning disabled* (Updated)
AV: avast! antivirus 4.8.1296 [VPS 090112-0] *On-access scanning enabled* (Updated)
FW: ZoneAlarm Security Suite Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
svchost.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\emaudsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATK Hotkey\Hcontrol.exe
C:\Program Files\ATK Hotkey\MsgTranAgt.exe
C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
C:\Program Files\ATKOSD2\ATKOSD2.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Creative Professional\E-MU USB Audio\EmuUsbAudioCP.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\ATK Hotkey\ATKOSD.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\ATK Hotkey\KBFiltr.exe
C:\Program Files\Orb Networks\Orb\bin\Orb.exe
C:\Program Files\ATK Hotkey\WDC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\SyncServer.exe
C:\Documents and Settings\Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [E-MU USB Audio Control Panel] "c:\program files\creative professional\e-mu usb audio\EmuUsbAudioCP.exe"
uRun: [Aim6]
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
uRun: [Orb] c:\program files\orb networks\orb\bin\OrbTray.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [ATKHOTKEY] "c:\program files\atk hotkey\Hcontrol.exe"
mRun: [MsgTranAgt] "c:\program files\atk hotkey\MsgTranAgt.exe"
mRun: [ATKMEDIA] c:\program files\asus\atk media\DMEDIA.EXE
mRun: [ATKOSD2] "c:\program files\atkosd2\ATKOSD2.exe"
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [Wireless Console 2] "c:\program files\wireless console 2\wcourier.exe"
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [H2O] c:\program files\syncrosoft\pos\h2o\cledx.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\emvp9tzx.default\
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: XUL Cache: {125509E5-E4C6-4FE3-8078-191C6B1F56D5} - c:\documents and settings\administrator\local settings\application data\{125509E5-E4C6-4FE3-8078-191C6B1F56D5}

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-12-26 111184]
R1 KLIF;KLIF;c:\windows\system32\drivers\klif.sys [2008-12-31 148496]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2008-12-25 353680]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2008-12-26 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2008-12-26 352920]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [2008-12-25 33792]
R3 emusba10;E-MU USB-Audio 1.0 Driver;c:\windows\system32\drivers\emusba10.sys [2007-11-26 163352]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2008-12-25 41376]
R4 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-12-26 20560]
R4 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2008-12-26 155160]
R4 emaudsv;E-MU Audio Service;c:\windows\system32\emaudsv.exe [2007-11-26 20992]
R4 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2008-12-25 10384]
R4 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-12-26 24652]
R4 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]

=============== Created Last 30 ================

2009-01-10 16:34 <DIR> --d----- c:\docume~1\alluse~1\applic~1\OrbNetworks
2009-01-10 16:33 <DIR> --d----- c:\program files\Orb Networks
2009-01-10 12:24 <DIR> --d----- c:\program files\Bonjour
2009-01-10 10:54 <DIR> --d----- c:\program files\Real Alternative
2009-01-07 16:24 15,104 ac------ c:\windows\system32\dllcache\usbscan.sys
2009-01-07 16:24 15,104 a------- c:\windows\system32\drivers\usbscan.sys
2009-01-07 16:24 5,632 a------- c:\windows\system32\ptpusb.dll
2009-01-07 16:24 159,232 a------- c:\windows\system32\ptpusd.dll
2009-01-07 16:19 161,792 a------- c:\windows\system32\CNMLM7W.DLL
2009-01-07 16:18 25,856 ac------ c:\windows\system32\dllcache\usbprint.sys
2009-01-07 16:18 25,856 a------- c:\windows\system32\drivers\usbprint.sys
2009-01-05 08:24 <DIR> --d----- c:\program files\MSECache
2009-01-03 12:39 <DIR> --d----- c:\program files\Windows Media Connect 2
2009-01-03 12:37 <DIR> --d----- c:\windows\system32\LogFiles
2008-12-31 09:37 <DIR> --d----- c:\docume~1\admini~1\applic~1\MailFrontier
2008-12-30 01:55 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_xusb21_01005.Wdf
2008-12-29 10:14 140,288 a------- c:\windows\system32\COMDLG32.OCX
2008-12-29 10:11 1,066,176 a------- c:\windows\system32\MSCOMCTL.OCX
2008-12-29 09:29 <DIR> --d----- c:\windows\system32\XPSViewer
2008-12-29 09:28 14,048 -------- c:\windows\system32\spmsg2.dll
2008-12-29 09:20 3,495,784 a------- c:\windows\system32\d3dx9_33.dll
2008-12-29 07:59 <DIR> --d----- c:\program files\Guitar Pro 5
2008-12-28 12:14 <DIR> --d----- c:\program files\EA GAMES
2008-12-28 12:08 2,297,552 a------- c:\windows\system32\d3dx9_26.dll
2008-12-28 12:03 <DIR> --d----- c:\docume~1\admini~1\applic~1\DAEMON Tools Pro
2008-12-28 12:02 <DIR> --d----- c:\docume~1\alluse~1\applic~1\DAEMON Tools Lite
2008-12-28 12:02 <DIR> --d----- c:\program files\DAEMON Tools Lite
2008-12-28 11:55 717,296 a------- c:\windows\system32\drivers\sptd.sys
2008-12-28 11:55 <DIR> --d----- c:\docume~1\admini~1\applic~1\DAEMON Tools Lite
2008-12-27 09:54 <DIR> --d----- c:\program files\Trend Micro
2008-12-27 09:45 110,592 a------- c:\windows\system32\SynTPCo4.dll
2008-12-26 12:25 1,060,864 a------- c:\windows\system32\MFC71.dll
2008-12-26 12:25 499,712 a------- c:\windows\system32\MSVCP71.dll
2008-12-26 10:23 <DIR> --d----- c:\program files\PowerISO
2008-12-26 08:09 410,984 a------- c:\windows\system32\deploytk.dll
2008-12-26 07:31 459,264 -c------ c:\windows\system32\dllcache\msfeeds.dll
2008-12-26 07:31 52,224 -c------ c:\windows\system32\dllcache\msfeedsbs.dll
2008-12-26 07:31 6,066,176 -c------ c:\windows\system32\dllcache\ieframe.dll
2008-12-26 07:31 2,455,488 -c------ c:\windows\system32\dllcache\ieapfltr.dat
2008-12-26 07:31 991,232 -c------ c:\windows\system32\dllcache\ieframe.dll.mui
2008-12-26 07:31 383,488 -c------ c:\windows\system32\dllcache\ieapfltr.dll
2008-12-26 07:31 267,776 -c------ c:\windows\system32\dllcache\iertutil.dll
2008-12-26 07:31 13,824 -c------ c:\windows\system32\dllcache\ieudinit.exe
2008-12-26 07:31 63,488 -c------ c:\windows\system32\dllcache\icardie.dll
2008-12-26 03:41 <DIR> --d----- c:\docume~1\admini~1\applic~1\Malwarebytes
2008-12-26 03:41 15,504 a------- c:\windows\system32\drivers\mbam.sys
2008-12-26 03:41 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-26 03:41 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2008-12-26 03:41 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2008-12-26 03:10 2 a------- C:\-598233055
2008-12-26 02:56 <DIR> --d----- c:\program files\common files\Native Instruments
2008-12-26 02:56 <DIR> --d----- c:\program files\common files\Digidesign
2008-12-26 02:55 <DIR> --d----- c:\program files\Native Instruments
2008-12-26 02:35 26,368 ac------ c:\windows\system32\dllcache\usbstor.sys
2008-12-26 02:06 <DIR> --d----- c:\docume~1\admini~1\applic~1\OpenOffice.org
2008-12-26 01:58 164,352 a------- c:\windows\system32\unrar.dll
2008-12-26 01:58 38 a------- c:\windows\avisplitter.ini
2008-12-26 01:58 348,160 a------- c:\windows\system32\msvcr71.dll
2008-12-26 01:58 <DIR> --d----- c:\program files\K-Lite Codec Pack
2008-12-26 01:47 471 a------- c:\windows\system32\Datei4
2008-12-26 01:47 471 a------- c:\windows\system32\Datei2
2008-12-26 01:47 470 a------- c:\windows\system32\Datei3
2008-12-26 01:47 470 a------- c:\windows\system32\Datei1
2008-12-26 01:47 469 a------- c:\windows\system32\Datei7
2008-12-26 01:47 469 a------- c:\windows\system32\Datei5
2008-12-26 01:47 468 a------- c:\windows\system32\Datei0
2008-12-26 01:47 467 a------- c:\windows\system32\Datei9
2008-12-26 01:47 467 a------- c:\windows\system32\Datei8
2008-12-26 01:47 467 a------- c:\windows\system32\Datei10
2008-12-26 01:47 465 a------- c:\windows\system32\Datei6
2008-12-26 01:47 <DIR> --d----- c:\docume~1\admini~1\applic~1\Steinberg
2008-12-26 01:11 107,368 a------- c:\windows\system32\GEARAspi.dll
2008-12-26 01:11 15,464 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2008-12-26 01:11 <DIR> --d----- c:\program files\iPod
2008-12-26 01:11 <DIR> --d----- c:\program files\iTunes
2008-12-26 01:11 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-26 01:10 32,000 a------- c:\windows\system32\drivers\usbaapl.sys
2008-12-26 01:03 <DIR> --d----- c:\docume~1\admini~1\applic~1\Red Alert 3
2008-12-26 01:02 107,888 a------- c:\windows\system32\CmdLineExt.dll
2008-12-26 00:50 1,491,992 a------- c:\windows\system32\D3DCompiler_38.dll
2008-12-26 00:50 467,984 a------- c:\windows\system32\d3dx10_38.dll
2008-12-26 00:50 3,850,760 a------- c:\windows\system32\D3DX9_38.dll
2008-12-26 00:50 444,776 a------- c:\windows\system32\d3dx10_35.dll
2008-12-26 00:50 1,358,192 a------- c:\windows\system32\D3DCompiler_35.dll
2008-12-26 00:50 3,727,720 a------- c:\windows\system32\d3dx9_35.dll
2008-12-26 00:49 <DIR> --d----- c:\windows\Logs
2008-12-26 00:46 <DIR> --d----- c:\program files\JRE
2008-12-26 00:46 <DIR> --d----- c:\program files\OpenOffice.org 3
2008-12-26 00:46 73,728 a------- c:\windows\system32\javacpl.cpl
2008-12-26 00:44 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Viewpoint
2008-12-26 00:44 <DIR> --d----- c:\program files\Viewpoint
2008-12-26 00:44 <DIR> --d----- c:\docume~1\alluse~1\applic~1\acccore
2008-12-26 00:43 <DIR> --d----- c:\program files\common files\AOL
2008-12-26 00:43 <DIR> --d----- c:\program files\AIM6
2008-12-26 00:43 402 a---h--- C:\IPH.PH
2008-12-25 21:43 <DIR> --d----- c:\program files\uTorrent
2008-12-25 21:42 <DIR> --d----- c:\docume~1\admini~1\applic~1\uTorrent
2008-12-25 21:18 77,842 a------- c:\windows\War3Unin.dat
2008-12-25 21:18 2,829 a------- c:\windows\War3Unin.pif
2008-12-25 21:18 139,264 a------- c:\windows\War3Unin.exe
2008-12-25 21:02 201,608 a------- c:\windows\system32\nvapps.xml
2008-12-25 21:02 18,696 a------- c:\windows\system32\nvdisp.nvu
2008-12-25 21:02 <DIR> --d----- c:\windows\nview
2008-12-25 20:42 3,593,216 -c------ c:\windows\system32\dllcache\mshtml.dll
2008-12-25 20:42 203,136 -c------ c:\windows\system32\dllcache\rmcast.sys
2008-12-25 20:42 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2008-12-25 20:42 331,776 -c------ c:\windows\system32\dllcache\msadce.dll
2008-12-25 20:42 691,712 -c------ c:\windows\system32\dllcache\inetcomm.dll
2008-12-25 20:42 337,408 -c------ c:\windows\system32\dllcache\netapi32.dll
2008-12-25 20:42 1,106,944 -c------ c:\windows\system32\dllcache\msxml3.dll
2008-12-25 20:32 <DIR> --d----- c:\windows\system32\scripting
2008-12-25 20:32 <DIR> --d----- c:\windows\l2schemas
2008-12-25 20:32 <DIR> --d----- c:\windows\system32\en
2008-12-25 20:32 <DIR> --d----- c:\windows\system32\bits
2008-12-25 20:29 <DIR> --d----- c:\windows\ServicePackFiles
2008-12-25 20:26 <DIR> --d----- c:\windows\network diagnostic
2008-12-25 20:14 701,440 -------- c:\windows\system32\drivers\ati2mtag.sys
2008-12-25 20:06 <DIR> --d----- c:\windows\system32\PreInstall
2008-12-25 20:04 31,768 a------- c:\windows\system32\wucltui.dll.mui
2008-12-25 20:04 23,576 a------- c:\windows\system32\wuaucpl.cpl.mui
2008-12-25 20:04 18,456 a------- c:\windows\system32\wuaueng.dll.mui
2008-12-25 20:04 23,576 a------- c:\windows\system32\wuapi.dll.mui
2008-12-25 20:04 <DIR> --d----- c:\windows\system32\SoftwareDistribution
2008-12-25 20:03 <DIR> --dsh--- c:\documents and settings\administrator\UserData
2008-12-25 12:56 72,704 a------- c:\windows\system32\ra3228_8.dll
2008-12-25 12:56 21,504 a------- c:\windows\system32\ra32dnet.dll
2008-12-25 12:56 487,936 a------- c:\windows\system32\rmbe3260.dll
2008-12-25 12:56 87,040 a------- c:\windows\system32\ra32sipr.dll
2008-12-25 12:56 487,424 a------- c:\windows\system32\msvcp70.dll
2008-12-25 12:56 81,920 a------- c:\windows\system32\ra3214_4.dll
2008-12-25 12:56 352,768 a------- c:\windows\system32\pngu3263.dll
2008-12-25 12:56 131,072 a------- c:\windows\system32\pneng50.dll
2008-12-25 12:56 130,560 a------- c:\windows\system32\pnc3250.dll
2008-12-25 12:56 85,504 a------- c:\windows\system32\encdnet.dll
2008-12-25 12:56 61,952 a------- c:\windows\system32\decdnet.dll
2008-12-25 12:55 <DIR> --d----- c:\program files\Steinberg
2008-12-25 12:52 33,792 a------- c:\windows\system32\drivers\cledx.sys
2008-12-25 12:51 147,425 a------- c:\windows\system32\SYNSOACC-Aide.chm
2008-12-25 12:51 120,468 a------- c:\windows\system32\SYNSOACC-Hilfe.chm
2008-12-25 12:51 114,279 a------- c:\windows\system32\SYNSOACC-Help.chm
2008-12-25 12:51 16,896 a------- c:\windows\system32\drivers\synasUSB.sys
2008-12-25 12:51 45,056 a------- c:\windows\system32\Synsopos.exe
2008-12-25 12:51 708,608 a------- c:\windows\system32\SYNSOACC.dll
2008-12-25 12:51 147,456 a------- c:\windows\system32\SynsoLChk.dll
2008-12-25 12:51 <DIR> --d----- c:\program files\Syncrosoft
2008-12-25 12:33 180 a------- C:\rollback.ini
2008-12-25 12:19 90,112 -------- c:\windows\Updreg.EXE
2008-12-25 12:18 11,776 a------- c:\windows\INRES.DLL
2008-12-25 12:18 <DIR> --d----- c:\windows\system32\Data
2008-12-25 12:18 <DIR> --d----- c:\program files\Creative Professional
2008-12-25 12:11 1,429 a------- c:\windows\system32\nvhda.nvu
2008-12-25 11:43 453,152 a------- c:\windows\system32\nvudisp.exe
2008-12-25 11:42 453,152 a------- c:\windows\system32\NVUNINST.EXE
2008-12-25 11:21 <DIR> --d----- c:\program files\Wireless Console 2
2008-12-25 11:20 1,060,424 a------- c:\windows\system32\WdfCoInstaller01000.dll
2008-12-25 11:19 196,608 a------- c:\windows\system32\SynCtrl.dll
2008-12-25 11:19 195,760 a------- c:\windows\system32\drivers\SynTP.sys
2008-12-25 11:19 163,840 a------- c:\windows\system32\SynCOM.dll
2008-12-25 11:19 147,456 a------- c:\windows\system32\SynTPAPI.dll
2008-12-25 11:19 <DIR> --d----- c:\program files\Synaptics
2008-12-25 11:15 <DIR> --d----- c:\program files\ASUS Security Center
2008-12-25 11:15 339,968 -------- c:\windows\system32\msvcr70.dll
2008-12-25 11:13 <DIR> --d-h--- C:\ASUS.SYS
2008-12-25 11:06 16,128 ac------ c:\windows\system32\dllcache\modemcsa.sys
2008-12-25 11:06 16,128 a------- c:\windows\system32\drivers\MODEMCSA.sys
2008-12-25 11:06 175,104 ac------ c:\windows\system32\dllcache\csamsp.dll
2008-12-25 11:06 175,104 a------- c:\windows\system32\csamsp.dll
2008-12-25 11:06 54,824 -------- c:\windows\system32\agrsmdel.exe
2008-12-25 11:06 13,312 -------- c:\windows\system32\agrscoin.dll
2008-12-25 11:06 1,203,776 a----r-- c:\windows\system32\drivers\AGRSM.sys
2008-12-25 11:06 54,824 a----r-- c:\windows\agrsmdel.exe
2008-12-25 11:06 13,312 a----r-- c:\windows\system32\agrsmsvc.exe
2008-12-25 11:06 <DIR> --d----- c:\windows\Options
2008-12-25 11:05 101,120 a------- c:\windows\system32\drivers\bthpan.sys
2008-12-25 11:05 59,136 a------- c:\windows\system32\drivers\rfcomm.sys
2008-12-25 11:05 151,552 a------- c:\windows\system32\irftp.exe
2008-12-25 11:05 28,160 a------- c:\windows\system32\irmon.dll
2008-12-25 11:05 17,024 a------- c:\windows\system32\drivers\bthenum.sys
2008-12-25 11:05 8,192 a------- c:\windows\system32\wshirda.dll
2008-12-25 11:05 18,944 a------- c:\windows\system32\drivers\bthusb.sys
2008-12-25 11:05 272,128 a------- c:\windows\system32\drivers\bthport.sys
2008-12-25 11:04 90,112 a------- c:\windows\system32\snymsico.dll
2008-12-25 11:04 43,008 a------- c:\windows\system32\drivers\rimsptsk.sys
2008-12-25 11:04 172,032 a------- c:\windows\system32\rixdicon.dll
2008-12-25 11:04 38,400 a------- c:\windows\system32\drivers\rixdptsk.sys
2008-12-25 11:04 46,592 a------- c:\windows\system32\drivers\rimmptsk.sys
2008-12-25 11:00 <DIR> --d----- c:\program files\ATKOSD2
2008-12-25 10:59 <DIR> --d----- c:\program files\ASUS
2008-12-25 10:59 <DIR> --d----- c:\program files\ATK Hotkey
2008-12-25 10:55 5,632 a----r-- c:\windows\system32\drivers\kbfiltr.sys
2008-12-25 10:55 <DIR> --d----- c:\windows\system32\ReinstallBackups
2008-12-25 10:50 940,794 a------- c:\windows\system32\LoopyMusic.wav
2008-12-25 10:50 146,650 a------- c:\windows\system32\BuzzingBee.wav
2008-12-25 10:50 <DIR> --d----- c:\windows\system32\Lang
2008-12-25 10:47 <DIR> --d----- c:\program files\Realtek
2008-12-25 10:13 <DIR> --d----- C:\Intel
2008-12-25 10:02 106,368 a------- c:\windows\system32\drivers\Rtenicxp.sys
2008-12-25 10:01 <DIR> --d-h--- c:\windows\PIF
2008-12-25 09:57 27,376 a------- c:\windows\system32\GDIPFONTCACHEV1.DAT
2008-12-25 09:55 7,680 a----r-- c:\windows\system32\drivers\ATKACPI.sys
2008-12-25 09:51 41,376 a------- c:\windows\system32\drivers\nvhda32.sys
2008-12-25 09:36 1,564,868 a------- c:\windows\system32\WINSP.MB
2008-12-25 09:35 156,672 ac------ c:\windows\system32\dllcache\winsp.ime
2008-12-25 09:34 <DIR> --d----- c:\program files\SonicWallES
2008-12-25 09:22 <DIR> --d----- c:\windows\system32\AGEIA
2008-12-25 09:20 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2008-12-25 09:16 <DIR> --d----- C:\NVIDIA
2008-12-25 09:10 13,646 a------- c:\windows\system32\wpa.bak
2008-12-25 09:03 27,244,576 a--sh--- c:\windows\system32\drivers\fidbox.dat
2008-12-25 09:03 299,360 a--sh--- c:\windows\system32\drivers\fidbox.idx
2008-12-25 08:59 <DIR> --d----- c:\program files\Zone Labs
2008-12-25 08:56 <DIR> --d----- c:\windows\Internet Logs
2008-12-25 08:41 1,741,888 a------- c:\windows\system32\drivers\athwx.sys
2008-12-25 08:41 1,343,616 a------- c:\windows\system32\drivers\athw.sys
2008-12-25 08:40 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2008-12-25 08:40 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2008-12-25 08:40 21,504 a------- c:\windows\system32\hidserv.dll
2008-12-25 08:40 0 a---h--- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-12-25 08:40 12,160 ac------ c:\windows\system32\dllcache\mouhid.sys
2008-12-25 08:40 12,160 a------- c:\windows\system32\drivers\mouhid.sys
2008-12-25 08:40 10,368 a------- c:\windows\system32\drivers\hidusb.sys
2008-12-25 08:39 10,384 a------- c:\windows\system32\drivers\LBeepKE.sys
2008-12-25 08:39 301,656 a------- c:\windows\system32\BtCoreIf.dll
2008-12-25 08:39 170,512 a------- c:\windows\system32\kemutb.dll
2008-12-25 08:39 145,936 a------- c:\windows\system32\KemUtil.dll
2008-12-25 08:39 117,264 a------- c:\windows\system32\KemWnd.dll
2008-12-25 08:39 84,496 a------- c:\windows\system32\KemXML.dll
2008-12-25 08:34 <DIR> --d----- c:\windows\RegisteredPackages
2008-12-25 08:32 46,592 -------- c:\windows\system32\drivers\irbus.sys
2008-12-25 08:32 19,200 -------- c:\windows\system32\drivers\hidir.sys
2008-12-25 08:31 26,488 a------- c:\windows\system32\spupdsvc.exe
2008-12-25 08:29 <DIR> --d----- c:\windows\system32\URTTemp
2008-12-25 08:28 <DIR> --d----- c:\program files\RGB
2008-12-25 08:27 <DIR> --d----- c:\program files\DIGStream
2008-12-25 08:27 <DIR> --d----- c:\program files\ESPNMotion
2008-12-25 08:27 <DIR> --d----- c:\program files\GemMaster
2008-12-25 08:27 <DIR> --d----- c:\program files\EnglishOtto
2008-12-25 08:22 <DIR> --d----- c:\documents and settings\Administrator
2008-12-25 08:22 <DIR> --ds---- c:\windows\system32\Microsoft
2008-12-25 08:20 8,192 a------- c:\windows\REGLOCS.OLD
2008-12-25 08:17 53,248 ac------ c:\windows\system32\dllcache\nextlink.dll
2008-12-25 08:16 43,520 ac------ c:\windows\system32\dllcache\EXCH_fcachdll.dll
2008-12-25 08:15 94,720 ac------ c:\windows\system32\dllcache\certmap.ocx
2008-12-25 08:15 <DIR> --d----- c:\windows\system32\xircom
2008-12-25 08:13 <DIR> --dsh--- c:\documents and settings\all users\DRM
2008-12-25 08:13 488 a---hr-- c:\windows\system32\WindowsLogon.manifest
2008-12-25 08:13 488 a---hr-- c:\windows\system32\logonui.exe.manifest
2008-12-25 08:13 <DIR> --ds---- c:\windows\Downloaded Program Files
2008-12-25 08:13 <DIR> --d--r-- c:\windows\Offline Web Pages
2008-12-25 08:13 749 a---hr-- c:\windows\WindowsShell.Manifest
2008-12-25 08:13 749 a---hr-- c:\windows\system32\wuaucpl.cpl.manifest
2008-12-25 08:13 749 a---hr-- c:\windows\system32\sapi.cpl.manifest
2008-12-25 08:13 749 a---hr-- c:\windows\system32\nwc.cpl.manifest
2008-12-25 08:13 749 a---hr-- c:\windows\system32\ncpa.cpl.manifest
2008-12-25 08:13 749 a---hr-- c:\windows\system32\cdplayer.exe.manifest
2008-12-25 08:13 <DIR> --d-h--- c:\program files\WindowsUpdate
2008-12-25 08:13 4,399,505 ac------ c:\windows\system32\dllcache\nls302en.lex
2008-12-25 08:13 <DIR> --d----- c:\windows\system32\DirectX
2008-12-25 08:12 <DIR> --d----- c:\program files\common files\MSSoap
2008-12-25 08:10 <DIR> --d----- c:\program files\Online Services
2008-12-25 08:10 <DIR> --d----- c:\program files\Windows Plus
2008-12-25 08:09 <DIR> --d----- c:\program files\Messenger
2008-12-25 08:09 <DIR> --d----- c:\program files\MSN Gaming Zone
2008-12-25 08:09 <DIR> --d----- c:\program files\Windows NT
2008-12-25 01:27 <DIR> --d----- c:\program files\common files\ODBC
2008-12-25 01:27 <DIR> --d----- c:\program files\common files\SpeechEngines
2008-12-25 01:27 <DIR> --d--r-- c:\documents and settings\all users\Documents

==================== Find3M ====================

2008-12-31 15:59 4,212 a---h--- c:\windows\system32\zllictbl.dat
2008-12-25 20:34 87,747 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2008-12-25 10:47 315,392 a------- c:\windows\HideWin.exe
2008-12-25 08:11 21,640 a------- c:\windows\system32\emptyregdb.dat
2008-12-12 11:18 87,336 a------- c:\windows\system32\dns-sd.exe
2008-12-12 11:11 61,440 a------- c:\windows\system32\dnssd.dll
2008-10-27 10:04 514,384 a------- c:\windows\system32\XAudio2_3.dll
2008-10-27 10:04 235,856 a------- c:\windows\system32\xactengine3_3.dll
2008-10-27 10:04 23,376 a------- c:\windows\system32\X3DAudio1_5.dll
2008-10-27 10:04 70,992 a------- c:\windows\system32\XAPOFX1_2.dll
2008-10-23 06:36 286,720 a------- c:\windows\system32\gdi32.dll
2008-10-16 14:38 826,368 a------- c:\windows\system32\wininet.dll

============= FINISH: 18:24:00.27 ===============


I don't really have any idea what to do. Any help would be greatly appreciated.

-Sean

BC AdBot (Login to Remove)

 


#2 jpshortstuff

jpshortstuff

    WhatTheTech Teacher


  • Members
  • 660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:08:33 AM

Posted 13 January 2009 - 07:49 AM

Hi, and Welcome to BleepingComputer :thumbsup:

My name is jpshortstuff. I would be glad to take a look at your log and help you with solving any malware problems. HijackThis logs can take a while to research, so please be patient and I'd be grateful if you would note the following:
  • I will be working on your Malware issues, this may or may not solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through the instructions before starting to follow them to amek sure you understand everything you have to do.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
Please download GooredFix and save it to your Desktop.
  • Double-click GooredFix.exe on your Desktop to run it.
  • Select "2. Fix Goored" by typing 2 and pressing Enter.
  • Make sure all instances of Firefox are closed at this point.
  • Type y at the prompt and press Enter again.
  • A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt).
Note: If you receive a message saying that GooredFix needs your system to be restarted, please close all applications and reboot your system. Please also allow any registry changes that may be prompted by any of your security programs.


Please also run DDS again. Please post the first log and then attach "Attach.text" in your next reply.

Let me know if you are still getting redirects are running GooredFix.

Thanks.
Trained at the What The Tech Classroom where you too could learn to help others.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here Posted Image

Posted Image

#3 Sean Chen

Sean Chen
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:33 AM

Posted 13 January 2009 - 09:44 PM

Hey, thanks for your help.

Here is the GooredFix log:

GooredFix v1.82 by jpshortstuff
Log created at 20:36 on 13/01/2009 running Option #2 (Administrator)
Firefox version 3.0.5 (en-US)

=====Goored Deletions=====

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.5\extensions]
"Plugins"="C:\Program Files\Mozilla Firefox\plugins"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.5\extensions]
"Components"="C:\Program Files\Mozilla Firefox\components"


Although I haven't gotten any new redirects, I still see the bottom of my browser flashing unfamiliar URLs when I click on google links.

Here is my new DDS log:

DDS (Ver_09-01-07.01) - NTFSx86
Run by Administrator at 20:39:05.12 on Tue 01/13/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2421 [GMT -6:00]

AV: ZoneAlarm Security Suite Antivirus *On-access scanning disabled* (Updated)
AV: avast! antivirus 4.8.1296 [VPS 090113-1] *On-access scanning enabled* (Updated)
FW: ZoneAlarm Security Suite Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
svchost.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\emaudsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATK Hotkey\Hcontrol.exe
C:\Program Files\ATK Hotkey\MsgTranAgt.exe
C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
C:\Program Files\ATKOSD2\ATKOSD2.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Creative Professional\E-MU USB Audio\EmuUsbAudioCP.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\ATK Hotkey\ATKOSD.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Orb Networks\Orb\bin\Orb.exe
C:\Program Files\ATK Hotkey\KBFiltr.exe
C:\Program Files\ATK Hotkey\WDC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\SyncServer.exe
C:\Documents and Settings\Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [E-MU USB Audio Control Panel] "c:\program files\creative professional\e-mu usb audio\EmuUsbAudioCP.exe"
uRun: [Aim6]
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
uRun: [Orb] c:\program files\orb networks\orb\bin\OrbTray.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [ATKHOTKEY] "c:\program files\atk hotkey\Hcontrol.exe"
mRun: [MsgTranAgt] "c:\program files\atk hotkey\MsgTranAgt.exe"
mRun: [ATKMEDIA] c:\program files\asus\atk media\DMEDIA.EXE
mRun: [ATKOSD2] "c:\program files\atkosd2\ATKOSD2.exe"
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [Wireless Console 2] "c:\program files\wireless console 2\wcourier.exe"
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [H2O] c:\program files\syncrosoft\pos\h2o\cledx.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\emvp9tzx.default\
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - HiddenExtension: XUL Cache: {125509E5-E4C6-4FE3-8078-191C6B1F56D5} - c:\documents and settings\administrator\local settings\application data\{125509E5-E4C6-4FE3-8078-191C6B1F56D5}

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-12-26 111184]
R1 KLIF;KLIF;c:\windows\system32\drivers\klif.sys [2008-12-31 148496]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2008-12-25 353680]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2008-12-26 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2008-12-26 352920]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [2008-12-25 33792]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2008-12-25 41376]
R4 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-12-26 20560]
R4 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2008-12-26 155160]
R4 emaudsv;E-MU Audio Service;c:\windows\system32\emaudsv.exe [2007-11-26 20992]
R4 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2008-12-25 10384]
R4 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-12-26 24652]
R4 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
S3 emusba10;E-MU USB-Audio 1.0 Driver;c:\windows\system32\drivers\emusba10.sys [2007-11-26 163352]

=============== Created Last 30 ================

2009-01-10 16:34 <DIR> --d----- c:\docume~1\alluse~1\applic~1\OrbNetworks
2009-01-10 16:33 <DIR> --d----- c:\program files\Orb Networks
2009-01-10 12:24 <DIR> --d----- c:\program files\Bonjour
2009-01-10 10:54 <DIR> --d----- c:\program files\Real Alternative
2009-01-07 16:24 15,104 ac------ c:\windows\system32\dllcache\usbscan.sys
2009-01-07 16:24 15,104 a------- c:\windows\system32\drivers\usbscan.sys
2009-01-07 16:24 5,632 a------- c:\windows\system32\ptpusb.dll
2009-01-07 16:24 159,232 a------- c:\windows\system32\ptpusd.dll
2009-01-07 16:19 161,792 a------- c:\windows\system32\CNMLM7W.DLL
2009-01-07 16:18 25,856 ac------ c:\windows\system32\dllcache\usbprint.sys
2009-01-07 16:18 25,856 a------- c:\windows\system32\drivers\usbprint.sys
2009-01-05 08:24 <DIR> --d----- c:\program files\MSECache
2009-01-03 12:39 <DIR> --d----- c:\program files\Windows Media Connect 2
2009-01-03 12:37 <DIR> --d----- c:\windows\system32\LogFiles
2008-12-31 09:37 <DIR> --d----- c:\docume~1\admini~1\applic~1\MailFrontier
2008-12-30 01:55 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_xusb21_01005.Wdf
2008-12-29 10:14 140,288 a------- c:\windows\system32\COMDLG32.OCX
2008-12-29 10:11 1,066,176 a------- c:\windows\system32\MSCOMCTL.OCX
2008-12-29 09:29 <DIR> --d----- c:\windows\system32\XPSViewer
2008-12-29 09:28 14,048 -------- c:\windows\system32\spmsg2.dll
2008-12-29 09:20 3,495,784 a------- c:\windows\system32\d3dx9_33.dll
2008-12-29 07:59 <DIR> --d----- c:\program files\Guitar Pro 5
2008-12-28 12:14 <DIR> --d----- c:\program files\EA GAMES
2008-12-28 12:08 2,297,552 a------- c:\windows\system32\d3dx9_26.dll
2008-12-28 12:03 <DIR> --d----- c:\docume~1\admini~1\applic~1\DAEMON Tools Pro
2008-12-28 12:02 <DIR> --d----- c:\docume~1\alluse~1\applic~1\DAEMON Tools Lite
2008-12-28 12:02 <DIR> --d----- c:\program files\DAEMON Tools Lite
2008-12-28 11:55 717,296 a------- c:\windows\system32\drivers\sptd.sys
2008-12-28 11:55 <DIR> --d----- c:\docume~1\admini~1\applic~1\DAEMON Tools Lite
2008-12-27 09:54 <DIR> --d----- c:\program files\Trend Micro
2008-12-27 09:45 110,592 a------- c:\windows\system32\SynTPCo4.dll
2008-12-26 12:25 1,060,864 a------- c:\windows\system32\MFC71.dll
2008-12-26 12:25 499,712 a------- c:\windows\system32\MSVCP71.dll
2008-12-26 10:23 <DIR> --d----- c:\program files\PowerISO
2008-12-26 08:09 410,984 a------- c:\windows\system32\deploytk.dll
2008-12-26 07:31 459,264 -c------ c:\windows\system32\dllcache\msfeeds.dll
2008-12-26 07:31 52,224 -c------ c:\windows\system32\dllcache\msfeedsbs.dll
2008-12-26 07:31 6,066,176 -c------ c:\windows\system32\dllcache\ieframe.dll
2008-12-26 07:31 2,455,488 -c------ c:\windows\system32\dllcache\ieapfltr.dat
2008-12-26 07:31 991,232 -c------ c:\windows\system32\dllcache\ieframe.dll.mui
2008-12-26 07:31 383,488 -c------ c:\windows\system32\dllcache\ieapfltr.dll
2008-12-26 07:31 267,776 -c------ c:\windows\system32\dllcache\iertutil.dll
2008-12-26 07:31 13,824 -c------ c:\windows\system32\dllcache\ieudinit.exe
2008-12-26 07:31 63,488 -c------ c:\windows\system32\dllcache\icardie.dll
2008-12-26 03:41 <DIR> --d----- c:\docume~1\admini~1\applic~1\Malwarebytes
2008-12-26 03:41 15,504 a------- c:\windows\system32\drivers\mbam.sys
2008-12-26 03:41 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-26 03:41 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2008-12-26 03:41 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2008-12-26 03:10 2 a------- C:\-598233055
2008-12-26 02:56 <DIR> --d----- c:\program files\common files\Native Instruments
2008-12-26 02:56 <DIR> --d----- c:\program files\common files\Digidesign
2008-12-26 02:55 <DIR> --d----- c:\program files\Native Instruments
2008-12-26 02:35 26,368 ac------ c:\windows\system32\dllcache\usbstor.sys
2008-12-26 02:06 <DIR> --d----- c:\docume~1\admini~1\applic~1\OpenOffice.org
2008-12-26 01:58 164,352 a------- c:\windows\system32\unrar.dll
2008-12-26 01:58 38 a------- c:\windows\avisplitter.ini
2008-12-26 01:58 348,160 a------- c:\windows\system32\msvcr71.dll
2008-12-26 01:58 <DIR> --d----- c:\program files\K-Lite Codec Pack
2008-12-26 01:47 471 a------- c:\windows\system32\Datei4
2008-12-26 01:47 471 a------- c:\windows\system32\Datei2
2008-12-26 01:47 470 a------- c:\windows\system32\Datei3
2008-12-26 01:47 470 a------- c:\windows\system32\Datei1
2008-12-26 01:47 469 a------- c:\windows\system32\Datei7
2008-12-26 01:47 469 a------- c:\windows\system32\Datei5
2008-12-26 01:47 468 a------- c:\windows\system32\Datei0
2008-12-26 01:47 467 a------- c:\windows\system32\Datei9
2008-12-26 01:47 467 a------- c:\windows\system32\Datei8
2008-12-26 01:47 467 a------- c:\windows\system32\Datei10
2008-12-26 01:47 465 a------- c:\windows\system32\Datei6
2008-12-26 01:47 <DIR> --d----- c:\docume~1\admini~1\applic~1\Steinberg
2008-12-26 01:11 107,368 a------- c:\windows\system32\GEARAspi.dll
2008-12-26 01:11 15,464 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2008-12-26 01:11 <DIR> --d----- c:\program files\iPod
2008-12-26 01:11 <DIR> --d----- c:\program files\iTunes
2008-12-26 01:11 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-12-26 01:10 32,000 a------- c:\windows\system32\drivers\usbaapl.sys
2008-12-26 01:03 <DIR> --d----- c:\docume~1\admini~1\applic~1\Red Alert 3
2008-12-26 01:02 107,888 a------- c:\windows\system32\CmdLineExt.dll
2008-12-26 00:50 1,491,992 a------- c:\windows\system32\D3DCompiler_38.dll
2008-12-26 00:50 467,984 a------- c:\windows\system32\d3dx10_38.dll
2008-12-26 00:50 3,850,760 a------- c:\windows\system32\D3DX9_38.dll
2008-12-26 00:50 444,776 a------- c:\windows\system32\d3dx10_35.dll
2008-12-26 00:50 1,358,192 a------- c:\windows\system32\D3DCompiler_35.dll
2008-12-26 00:50 3,727,720 a------- c:\windows\system32\d3dx9_35.dll
2008-12-26 00:49 <DIR> --d----- c:\windows\Logs
2008-12-26 00:46 <DIR> --d----- c:\program files\JRE
2008-12-26 00:46 <DIR> --d----- c:\program files\OpenOffice.org 3
2008-12-26 00:46 73,728 a------- c:\windows\system32\javacpl.cpl
2008-12-26 00:44 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Viewpoint
2008-12-26 00:44 <DIR> --d----- c:\program files\Viewpoint
2008-12-26 00:44 <DIR> --d----- c:\docume~1\alluse~1\applic~1\acccore
2008-12-26 00:43 <DIR> --d----- c:\program files\common files\AOL
2008-12-26 00:43 <DIR> --d----- c:\program files\AIM6
2008-12-26 00:43 402 a---h--- C:\IPH.PH
2008-12-25 21:43 <DIR> --d----- c:\program files\uTorrent
2008-12-25 21:42 <DIR> --d----- c:\docume~1\admini~1\applic~1\uTorrent
2008-12-25 21:18 77,842 a------- c:\windows\War3Unin.dat
2008-12-25 21:18 2,829 a------- c:\windows\War3Unin.pif
2008-12-25 21:18 139,264 a------- c:\windows\War3Unin.exe
2008-12-25 21:02 201,608 a------- c:\windows\system32\nvapps.xml
2008-12-25 21:02 18,696 a------- c:\windows\system32\nvdisp.nvu
2008-12-25 21:02 <DIR> --d----- c:\windows\nview
2008-12-25 20:42 3,593,216 -c------ c:\windows\system32\dllcache\mshtml.dll
2008-12-25 20:42 203,136 -c------ c:\windows\system32\dllcache\rmcast.sys
2008-12-25 20:42 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2008-12-25 20:42 331,776 -c------ c:\windows\system32\dllcache\msadce.dll
2008-12-25 20:42 691,712 -c------ c:\windows\system32\dllcache\inetcomm.dll
2008-12-25 20:42 337,408 -c------ c:\windows\system32\dllcache\netapi32.dll
2008-12-25 20:42 1,106,944 -c------ c:\windows\system32\dllcache\msxml3.dll
2008-12-25 20:32 <DIR> --d----- c:\windows\system32\scripting
2008-12-25 20:32 <DIR> --d----- c:\windows\l2schemas
2008-12-25 20:32 <DIR> --d----- c:\windows\system32\en
2008-12-25 20:32 <DIR> --d----- c:\windows\system32\bits
2008-12-25 20:29 <DIR> --d----- c:\windows\ServicePackFiles
2008-12-25 20:26 <DIR> --d----- c:\windows\network diagnostic
2008-12-25 20:14 701,440 -------- c:\windows\system32\drivers\ati2mtag.sys
2008-12-25 20:06 <DIR> --d----- c:\windows\system32\PreInstall
2008-12-25 20:04 31,768 a------- c:\windows\system32\wucltui.dll.mui
2008-12-25 20:04 23,576 a------- c:\windows\system32\wuaucpl.cpl.mui
2008-12-25 20:04 18,456 a------- c:\windows\system32\wuaueng.dll.mui
2008-12-25 20:04 23,576 a------- c:\windows\system32\wuapi.dll.mui
2008-12-25 20:04 <DIR> --d----- c:\windows\system32\SoftwareDistribution
2008-12-25 20:03 <DIR> --dsh--- c:\documents and settings\administrator\UserData
2008-12-25 12:56 72,704 a------- c:\windows\system32\ra3228_8.dll
2008-12-25 12:56 21,504 a------- c:\windows\system32\ra32dnet.dll
2008-12-25 12:56 487,936 a------- c:\windows\system32\rmbe3260.dll
2008-12-25 12:56 87,040 a------- c:\windows\system32\ra32sipr.dll
2008-12-25 12:56 487,424 a------- c:\windows\system32\msvcp70.dll
2008-12-25 12:56 81,920 a------- c:\windows\system32\ra3214_4.dll
2008-12-25 12:56 352,768 a------- c:\windows\system32\pngu3263.dll
2008-12-25 12:56 131,072 a------- c:\windows\system32\pneng50.dll
2008-12-25 12:56 130,560 a------- c:\windows\system32\pnc3250.dll
2008-12-25 12:56 85,504 a------- c:\windows\system32\encdnet.dll
2008-12-25 12:56 61,952 a------- c:\windows\system32\decdnet.dll
2008-12-25 12:55 <DIR> --d----- c:\program files\Steinberg
2008-12-25 12:52 33,792 a------- c:\windows\system32\drivers\cledx.sys
2008-12-25 12:51 147,425 a------- c:\windows\system32\SYNSOACC-Aide.chm
2008-12-25 12:51 120,468 a------- c:\windows\system32\SYNSOACC-Hilfe.chm
2008-12-25 12:51 114,279 a------- c:\windows\system32\SYNSOACC-Help.chm
2008-12-25 12:51 16,896 a------- c:\windows\system32\drivers\synasUSB.sys
2008-12-25 12:51 45,056 a------- c:\windows\system32\Synsopos.exe
2008-12-25 12:51 708,608 a------- c:\windows\system32\SYNSOACC.dll
2008-12-25 12:51 147,456 a------- c:\windows\system32\SynsoLChk.dll
2008-12-25 12:51 <DIR> --d----- c:\program files\Syncrosoft
2008-12-25 12:33 1,898 a------- C:\rollback.ini
2008-12-25 12:19 90,112 -------- c:\windows\Updreg.EXE
2008-12-25 12:18 11,776 a------- c:\windows\INRES.DLL
2008-12-25 12:18 <DIR> --d----- c:\windows\system32\Data
2008-12-25 12:18 <DIR> --d----- c:\program files\Creative Professional
2008-12-25 12:11 1,429 a------- c:\windows\system32\nvhda.nvu
2008-12-25 11:43 453,152 a------- c:\windows\system32\nvudisp.exe
2008-12-25 11:42 453,152 a------- c:\windows\system32\NVUNINST.EXE
2008-12-25 11:21 <DIR> --d----- c:\program files\Wireless Console 2
2008-12-25 11:20 1,060,424 a------- c:\windows\system32\WdfCoInstaller01000.dll
2008-12-25 11:19 196,608 a------- c:\windows\system32\SynCtrl.dll
2008-12-25 11:19 195,760 a------- c:\windows\system32\drivers\SynTP.sys
2008-12-25 11:19 163,840 a------- c:\windows\system32\SynCOM.dll
2008-12-25 11:19 147,456 a------- c:\windows\system32\SynTPAPI.dll
2008-12-25 11:19 <DIR> --d----- c:\program files\Synaptics
2008-12-25 11:15 <DIR> --d----- c:\program files\ASUS Security Center
2008-12-25 11:15 339,968 -------- c:\windows\system32\msvcr70.dll
2008-12-25 11:13 <DIR> --d-h--- C:\ASUS.SYS
2008-12-25 11:06 16,128 ac------ c:\windows\system32\dllcache\modemcsa.sys
2008-12-25 11:06 16,128 a------- c:\windows\system32\drivers\MODEMCSA.sys
2008-12-25 11:06 175,104 ac------ c:\windows\system32\dllcache\csamsp.dll
2008-12-25 11:06 175,104 a------- c:\windows\system32\csamsp.dll
2008-12-25 11:06 54,824 -------- c:\windows\system32\agrsmdel.exe
2008-12-25 11:06 13,312 -------- c:\windows\system32\agrscoin.dll
2008-12-25 11:06 1,203,776 a----r-- c:\windows\system32\drivers\AGRSM.sys
2008-12-25 11:06 54,824 a----r-- c:\windows\agrsmdel.exe
2008-12-25 11:06 13,312 a----r-- c:\windows\system32\agrsmsvc.exe
2008-12-25 11:06 <DIR> --d----- c:\windows\Options
2008-12-25 11:05 101,120 a------- c:\windows\system32\drivers\bthpan.sys
2008-12-25 11:05 59,136 a------- c:\windows\system32\drivers\rfcomm.sys
2008-12-25 11:05 151,552 a------- c:\windows\system32\irftp.exe
2008-12-25 11:05 28,160 a------- c:\windows\system32\irmon.dll
2008-12-25 11:05 17,024 a------- c:\windows\system32\drivers\bthenum.sys
2008-12-25 11:05 8,192 a------- c:\windows\system32\wshirda.dll
2008-12-25 11:05 18,944 a------- c:\windows\system32\drivers\bthusb.sys
2008-12-25 11:05 272,128 a------- c:\windows\system32\drivers\bthport.sys
2008-12-25 11:04 90,112 a------- c:\windows\system32\snymsico.dll
2008-12-25 11:04 43,008 a------- c:\windows\system32\drivers\rimsptsk.sys
2008-12-25 11:04 172,032 a------- c:\windows\system32\rixdicon.dll
2008-12-25 11:04 38,400 a------- c:\windows\system32\drivers\rixdptsk.sys
2008-12-25 11:04 46,592 a------- c:\windows\system32\drivers\rimmptsk.sys
2008-12-25 11:00 <DIR> --d----- c:\program files\ATKOSD2
2008-12-25 10:59 <DIR> --d----- c:\program files\ASUS
2008-12-25 10:59 <DIR> --d----- c:\program files\ATK Hotkey
2008-12-25 10:55 5,632 a----r-- c:\windows\system32\drivers\kbfiltr.sys
2008-12-25 10:55 <DIR> --d----- c:\windows\system32\ReinstallBackups
2008-12-25 10:50 940,794 a------- c:\windows\system32\LoopyMusic.wav
2008-12-25 10:50 146,650 a------- c:\windows\system32\BuzzingBee.wav
2008-12-25 10:50 <DIR> --d----- c:\windows\system32\Lang
2008-12-25 10:47 <DIR> --d----- c:\program files\Realtek
2008-12-25 10:13 <DIR> --d----- C:\Intel
2008-12-25 10:02 106,368 a------- c:\windows\system32\drivers\Rtenicxp.sys
2008-12-25 10:01 <DIR> --d-h--- c:\windows\PIF
2008-12-25 09:57 27,376 a------- c:\windows\system32\GDIPFONTCACHEV1.DAT
2008-12-25 09:55 7,680 a----r-- c:\windows\system32\drivers\ATKACPI.sys
2008-12-25 09:51 41,376 a------- c:\windows\system32\drivers\nvhda32.sys
2008-12-25 09:36 1,564,868 a------- c:\windows\system32\WINSP.MB
2008-12-25 09:35 156,672 ac------ c:\windows\system32\dllcache\winsp.ime
2008-12-25 09:34 <DIR> --d----- c:\program files\SonicWallES
2008-12-25 09:22 <DIR> --d----- c:\windows\system32\AGEIA
2008-12-25 09:20 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2008-12-25 09:16 <DIR> --d----- C:\NVIDIA
2008-12-25 09:10 13,646 a------- c:\windows\system32\wpa.bak
2008-12-25 09:03 30,687,264 a--sh--- c:\windows\system32\drivers\fidbox.dat
2008-12-25 09:03 359,432 a--sh--- c:\windows\system32\drivers\fidbox.idx
2008-12-25 08:59 <DIR> --d----- c:\program files\Zone Labs
2008-12-25 08:56 <DIR> --d----- c:\windows\Internet Logs
2008-12-25 08:41 1,741,888 a------- c:\windows\system32\drivers\athwx.sys
2008-12-25 08:41 1,343,616 a------- c:\windows\system32\drivers\athw.sys
2008-12-25 08:40 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2008-12-25 08:40 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_LHidFilt_01005.Wdf
2008-12-25 08:40 21,504 a------- c:\windows\system32\hidserv.dll
2008-12-25 08:40 0 a---h--- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-12-25 08:40 12,160 ac------ c:\windows\system32\dllcache\mouhid.sys
2008-12-25 08:40 12,160 a------- c:\windows\system32\drivers\mouhid.sys
2008-12-25 08:40 10,368 a------- c:\windows\system32\drivers\hidusb.sys
2008-12-25 08:39 10,384 a------- c:\windows\system32\drivers\LBeepKE.sys
2008-12-25 08:39 301,656 a------- c:\windows\system32\BtCoreIf.dll
2008-12-25 08:39 170,512 a------- c:\windows\system32\kemutb.dll
2008-12-25 08:39 145,936 a------- c:\windows\system32\KemUtil.dll
2008-12-25 08:39 117,264 a------- c:\windows\system32\KemWnd.dll
2008-12-25 08:39 84,496 a------- c:\windows\system32\KemXML.dll
2008-12-25 08:34 <DIR> --d----- c:\windows\RegisteredPackages
2008-12-25 08:32 46,592 -------- c:\windows\system32\drivers\irbus.sys
2008-12-25 08:32 19,200 -------- c:\windows\system32\drivers\hidir.sys
2008-12-25 08:31 26,488 a------- c:\windows\system32\spupdsvc.exe
2008-12-25 08:29 <DIR> --d----- c:\windows\system32\URTTemp
2008-12-25 08:28 <DIR> --d----- c:\program files\RGB
2008-12-25 08:27 <DIR> --d----- c:\program files\DIGStream
2008-12-25 08:27 <DIR> --d----- c:\program files\ESPNMotion
2008-12-25 08:27 <DIR> --d----- c:\program files\GemMaster
2008-12-25 08:27 <DIR> --d----- c:\program files\EnglishOtto
2008-12-25 08:22 <DIR> --d----- c:\documents and settings\Administrator
2008-12-25 08:22 <DIR> --ds---- c:\windows\system32\Microsoft
2008-12-25 08:20 8,192 a------- c:\windows\REGLOCS.OLD
2008-12-25 08:17 53,248 ac------ c:\windows\system32\dllcache\nextlink.dll
2008-12-25 08:16 43,520 ac------ c:\windows\system32\dllcache\EXCH_fcachdll.dll
2008-12-25 08:15 94,720 ac------ c:\windows\system32\dllcache\certmap.ocx
2008-12-25 08:15 <DIR> --d----- c:\windows\system32\xircom
2008-12-25 08:13 <DIR> --dsh--- c:\documents and settings\all users\DRM
2008-12-25 08:13 488 a---hr-- c:\windows\system32\WindowsLogon.manifest
2008-12-25 08:13 488 a---hr-- c:\windows\system32\logonui.exe.manifest
2008-12-25 08:13 <DIR> --ds---- c:\windows\Downloaded Program Files
2008-12-25 08:13 <DIR> --d--r-- c:\windows\Offline Web Pages
2008-12-25 08:13 749 a---hr-- c:\windows\WindowsShell.Manifest
2008-12-25 08:13 749 a---hr-- c:\windows\system32\wuaucpl.cpl.manifest
2008-12-25 08:13 749 a---hr-- c:\windows\system32\sapi.cpl.manifest
2008-12-25 08:13 749 a---hr-- c:\windows\system32\nwc.cpl.manifest
2008-12-25 08:13 749 a---hr-- c:\windows\system32\ncpa.cpl.manifest
2008-12-25 08:13 749 a---hr-- c:\windows\system32\cdplayer.exe.manifest
2008-12-25 08:13 <DIR> --d-h--- c:\program files\WindowsUpdate
2008-12-25 08:13 4,399,505 ac------ c:\windows\system32\dllcache\nls302en.lex
2008-12-25 08:13 <DIR> --d----- c:\windows\system32\DirectX
2008-12-25 08:12 <DIR> --d----- c:\program files\common files\MSSoap
2008-12-25 08:10 <DIR> --d----- c:\program files\Online Services
2008-12-25 08:10 <DIR> --d----- c:\program files\Windows Plus
2008-12-25 08:09 <DIR> --d----- c:\program files\Messenger
2008-12-25 08:09 <DIR> --d----- c:\program files\MSN Gaming Zone
2008-12-25 08:09 <DIR> --d----- c:\program files\Windows NT
2008-12-25 01:27 <DIR> --d----- c:\program files\common files\ODBC
2008-12-25 01:27 <DIR> --d----- c:\program files\common files\SpeechEngines
2008-12-25 01:27 <DIR> --d--r-- c:\documents and settings\all users\Documents

==================== Find3M ====================

2008-12-31 15:59 4,212 a---h--- c:\windows\system32\zllictbl.dat
2008-12-25 20:34 87,747 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2008-12-25 10:47 315,392 a------- c:\windows\HideWin.exe
2008-12-25 08:11 21,640 a------- c:\windows\system32\emptyregdb.dat
2008-12-12 11:18 87,336 a------- c:\windows\system32\dns-sd.exe
2008-12-12 11:11 61,440 a------- c:\windows\system32\dnssd.dll
2008-10-27 10:04 514,384 a------- c:\windows\system32\XAudio2_3.dll
2008-10-27 10:04 235,856 a------- c:\windows\system32\xactengine3_3.dll
2008-10-27 10:04 23,376 a------- c:\windows\system32\X3DAudio1_5.dll
2008-10-27 10:04 70,992 a------- c:\windows\system32\XAPOFX1_2.dll
2008-10-23 06:36 286,720 a------- c:\windows\system32\gdi32.dll
2008-10-16 14:38 826,368 a------- c:\windows\system32\wininet.dll

============= FINISH: 20:39:34.18 ===============

Attached Files



#4 jpshortstuff

jpshortstuff

    WhatTheTech Teacher


  • Members
  • 660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:08:33 AM

Posted 14 January 2009 - 03:19 AM

Hi :thumbsup:

We need to make sure all hidden files are showing so please:
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Show hidden files and folders.
  • Uncheck the Hide protected operating system files (recommended) option.
  • Click Yes to confirm.
  • Click OK.
Please navigate to this folder:
c:\documents and settings\administrator\local settings\application data

Look for this folder:
{125509E5-E4C6-4FE3-8078-191C6B1F56D5}

Please right-click it, select Send To >> Compressed Folder. This will create a file called {125509E5-E4C6-4FE3-8078-191C6B1F56D5}.zip.

Please upload {125509E5-E4C6-4FE3-8078-191C6B1F56D5}.zip here:
http://www.bleepingcomputer.com/submit-mal....php?channel=72


Click Start >> Run and copy and paste the following into the popup box:
regedit.exe /e C:\moz.reg HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla
and then hit enter.

Please upload this file:
C:\moz.reg
as an attachment in your next post.


Click Start >> Control Panel >> Add/Remove Programs. Find this entry on the resulting list:
Java ™ 6 Update 7
and click Remove by it.

Thanks.
Trained at the What The Tech Classroom where you too could learn to help others.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here Posted Image

Posted Image

#5 Sean Chen

Sean Chen
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:33 AM

Posted 14 January 2009 - 06:25 PM

Ok, I've uploaded the file as requested. Attached is the requested moz.reg. Java 6 update 7 has been uninstalled.

Attached Files

  • Attached File  moz.reg   3.56KB   25 downloads


#6 jpshortstuff

jpshortstuff

    WhatTheTech Teacher


  • Members
  • 660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:08:33 AM

Posted 15 January 2009 - 02:44 PM

Hi :thumbsup:

Thanks for the uploads. Please delete your existing copy of GooredFix. Download the latest from here:
http://jpshortstuff.247fixes.com/GooredFix.exe
Please double-click it and run Option#1, post the resulting log in your next reply.


Please download OTMoveIt3 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :Reg
    [HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\firefox\extensions]
    "{125509E5-E4C6-4FE3-8078-191C6B1F56D5}"=-

    :Files
    C:\Documents and Settings\Administrator\Local Settings\Application Data\{125509E5-E4C6-4FE3-8078-191C6B1F56D5}
    C:\Documents and Settings\Administrator\Local Settings\Application Data\{125509E5-E4C6-4FE3-8078-191C6B1F56D5}.zip
    C:\moz.reg

    :Commands
    [emptytemp]
    [Reboot]

  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Make sure all other Windows (especially Firefox Windows) are closed.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


Please go to Kaspersky website and perform an online antivirus scan.
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.
Please also run DDS again and post the first log from that.

How's the computer running now, redirects gone?

Thanks.
Trained at the What The Tech Classroom where you too could learn to help others.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here Posted Image

Posted Image

#7 Sean Chen

Sean Chen
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:33 AM

Posted 16 January 2009 - 04:41 PM

Ok, after performing this steps, redirects have appeared to stop! Thank you so much for your expert help.

GooredFix log

GooredFix v1.83 by jpshortstuff
Log created at 23:50 on 15/01/2009 running Option #1 (Administrator)
Firefox version 3.0.5 (en-US)

=====Suspect Goored Entries=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\firefox\extensions]
"{125509E5-E4C6-4FE3-8078-191C6B1F56D5}"="C:\Documents and Settings\Administrator\Local Settings\Application Data\{125509E5-E4C6-4FE3-8078-191C6B1F56D5}"

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.5\extensions]
"Plugins"="C:\Program Files\Mozilla Firefox\plugins"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.5\extensions]
"Components"="C:\Program Files\Mozilla Firefox\components"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\firefox\extensions]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\firefox\extensions]
"{125509E5-E4C6-4FE3-8078-191C6B1F56D5}"="C:\Documents and Settings\Administrator\Local Settings\Application Data\{125509E5-E4C6-4FE3-8078-191C6B1F56D5}"


OTMover Log

========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\firefox\extensions\\{125509E5-E4C6-4FE3-8078-191C6B1F56D5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{125509E5-E4C6-4FE3-8078-191C6B1F56D5}\ not found.
========== FILES ==========
C:\Documents and Settings\Administrator\Local Settings\Application Data\{125509E5-E4C6-4FE3-8078-191C6B1F56D5}\chrome\content moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\{125509E5-E4C6-4FE3-8078-191C6B1F56D5}\chrome moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\{125509E5-E4C6-4FE3-8078-191C6B1F56D5} moved successfully.
File/Folder C:\Documents and Settings\Administrator\Local Settings\Application Data\{125509E5-E4C6-4FE3-8078-191C6B1F56D5}.zip not found.
File/Folder C:\moz.reg not found.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Perflib_Perfdata_694.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Perflib_Perfdata_984.dat scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DF7F40.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_204.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_9c0.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\ZLT07b93.TMP scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01152009_235301

Files moved on Reboot...
File C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Perflib_Perfdata_694.dat not found!
File C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Perflib_Perfdata_984.dat not found!
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DF7F40.tmp moved successfully.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be moved on reboot.
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
C:\WINDOWS\temp\Perflib_Perfdata_204.dat moved successfully.
File C:\WINDOWS\temp\Perflib_Perfdata_9c0.dat not found!
File C:\WINDOWS\temp\ZLT07b93.TMP not found!


Kapersky detected no infected files, interestingly.

New DDS log

DDS (Ver_09-01-07.01) - NTFSx86
Run by Administrator at 15:36:00.39 on Fri 01/16/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2275 [GMT -6:00]

AV: ZoneAlarm Security Suite Antivirus *On-access scanning disabled* (Updated)
AV: avast! antivirus 4.8.1296 [VPS 090116-0] *On-access scanning enabled* (Updated)
FW: ZoneAlarm Security Suite Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\agrsmsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
svchost.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\emaudsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATK Hotkey\Hcontrol.exe
C:\Program Files\ATK Hotkey\MsgTranAgt.exe
C:\Program Files\ASUS\ATK Media\DMEDIA.EXE
C:\Program Files\ATKOSD2\ATKOSD2.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Creative Professional\E-MU USB Audio\EmuUsbAudioCP.exe
C:\Program Files\ATK Hotkey\ATKOSD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\Orb Networks\Orb\bin\OrbTray.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\ATK Hotkey\KBFiltr.exe
C:\Program Files\ATK Hotkey\WDC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Orb Networks\Orb\bin\Orb.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Documents and Settings\Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [E-MU USB Audio Control Panel] "c:\program files\creative professional\e-mu usb audio\EmuUsbAudioCP.exe"
uRun: [Aim6]
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
uRun: [Orb] c:\program files\orb networks\orb\bin\OrbTray.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [ATKHOTKEY] "c:\program files\atk hotkey\Hcontrol.exe"
mRun: [MsgTranAgt] "c:\program files\atk hotkey\MsgTranAgt.exe"
mRun: [ATKMEDIA] c:\program files\asus\atk media\DMEDIA.EXE
mRun: [ATKOSD2] "c:\program files\atkosd2\ATKOSD2.exe"
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [Wireless Console 2] "c:\program files\wireless console 2\wcourier.exe"
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [H2O] c:\program files\syncrosoft\pos\h2o\cledx.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\ssv.dll
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1\applic~1\mozilla\firefox\profiles\emvp9tzx.default\
FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-12-26 111184]
R1 KLIF;KLIF;c:\windows\system32\drivers\klif.sys [2008-12-31 148496]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2008-12-25 353680]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2008-12-26 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2008-12-26 352920]
R3 CLEDX;Team H2O CLEDX service;c:\windows\system32\drivers\cledx.sys [2008-12-25 33792]
R3 emusba10;E-MU USB-Audio 1.0 Driver;c:\windows\system32\drivers\emusba10.sys [2007-11-26 163352]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32.sys [2008-12-25 41376]
R4 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-12-26 20560]
R4 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2008-12-26 155160]
R4 emaudsv;E-MU Audio Service;c:\windows\system32\emaudsv.exe [2007-11-26 20992]
R4 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2008-12-25 10384]
R4 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-12-26 24652]
R4 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]

=============== Created Last 30 ================


==================== Find3M ====================

2008-12-31 15:59 4,212 a---h--- c:\windows\system32\zllictbl.dat
2008-12-25 20:34 87,747 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2008-12-25 10:47 315,392 a------- c:\windows\HideWin.exe
2008-12-25 08:11 21,640 a------- c:\windows\system32\emptyregdb.dat
2008-12-12 11:18 87,336 a------- c:\windows\system32\dns-sd.exe
2008-12-12 11:11 61,440 a------- c:\windows\system32\dnssd.dll
2008-12-11 04:57 333,952 a------- c:\windows\system32\drivers\srv.sys
2008-10-27 10:04 514,384 a------- c:\windows\system32\XAudio2_3.dll
2008-10-27 10:04 235,856 a------- c:\windows\system32\xactengine3_3.dll
2008-10-27 10:04 23,376 a------- c:\windows\system32\X3DAudio1_5.dll
2008-10-27 10:04 70,992 a------- c:\windows\system32\XAPOFX1_2.dll
2008-10-23 06:36 286,720 a------- c:\windows\system32\gdi32.dll

============= FINISH: 15:36:30.26 ===============



#8 jpshortstuff

jpshortstuff

    WhatTheTech Teacher


  • Members
  • 660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:08:33 AM

Posted 17 January 2009 - 03:44 AM

Hi Sean

Log looks good :thumbsup:

Clean up with OTMoveIt3
  • Double-click OTMoveIt3.exe.
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes, if not delete it by yourself.
You can now delete any other tools I had you download and use, unless you wish to keep them.


I notice that you have 2 AntiVirus programs running. While this may seem like a good idea, multiple AntiVirus programs running at the same time can conflict with each other as well as slowing your system down unnecessarily. I recommend you pick one of them and remove the other. Since ZoneAlarm is part of a security suite, it may be better to remove Avast!, though the choice as to how to proceed is yours.


Set correct settings for files that should be hidden in Windows XP
  • Click Start > My Computer > Tools menu (at top of page) > Folder Options > View tab.
  • Under "Hidden files and folders" if necessary select Do not show hidden files and folders.
  • If unchecked please checkHide protected operating system files (Recommended)
  • If necessary check "Display content of system folders"
  • If necessary Uncheck Hide file extensions for known file types.
  • Click OK
Now that your system appears to be clean, theres just a few steps I'd like you to take to prevent any future infections.
  • System restore:
    We will now clear your existing system restore points and establish a new clean restore point:
    • Go to Start > All Programs > Accessories > System Tools > System Restore
    • Select Create a restore point, and Ok it.
    • Next, go to Start > Run and type in cleanmgr
    • Select the More options tab
    • Choose the option to clean up system restore and OK it.

      This will remove all restore points except the new one you just created.
    Make sure you do this now, as your System Restore currently has infected files in it.

  • Keeping your Windows up-to-date is crucial to your computer's security. Please go to the Windows Update Site (using Internet Explorer) and download and install all critical updates on a regular basis.

  • Make sure you update your Anti-Virus software regularly, new viruses are being developed all the time.

  • Some more programs that it would be useful to have [OPTIONAL but RECOMMENDED]:

    Download Spybot Search and Destroy 1.5 from here
    Check for Updates/ Immunize and run a Full System Scan on a regular basis.

    SpywareBlaster is another real-time scanner that prevents most spyware from even being installed.
    Freely available: Download SpywareBlaster

    Download and install the free version of WinPatrol. This program protects your computer in a variety of ways and will work well with your existing security software. Have a look at this tutorial to help you get started with the program.
Also, please read this great article by Tony Klein: So How Did I Get Infected In First Place

Glad we could be of assistance.

Please reply to this thread once more if you are satisfied so that we can mark the problem as resolved.

Stay Clean!

jpshortstuff
Trained at the What The Tech Classroom where you too could learn to help others.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here Posted Image

Posted Image

#9 Sean Chen

Sean Chen
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:33 AM

Posted 18 January 2009 - 03:53 PM

Thanks jpshortstuff. I've completed the cleanup tasks and installed Spybot as well. I'm very satisfied with my computer right now, and am grateful for all your detailed help.

-Sean

#10 jpshortstuff

jpshortstuff

    WhatTheTech Teacher


  • Members
  • 660 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:08:33 AM

Posted 19 January 2009 - 02:07 AM

Since this issue appears resolved ... this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Trained at the What The Tech Classroom where you too could learn to help others.

My help is free, however, if you wish to make a small donation to show appreciation and to help me continue the fight against Malware, then click here Posted Image

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users