Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with "Your computer is infected with a virus - Click Here"


  • This topic is locked This topic is locked
12 replies to this topic

#1 mruseless

mruseless

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:31 AM

Posted 10 February 2009 - 02:51 PM

Here is my DDS log. Right now my desktop is pure white and I can't set a background image. Also I have a red X showing up in the tray saying "Your Computer is Infected - Click Here to Remove"

DDS (Ver_09-02-01.01) - NTFSx86
Run by Compaq_Administrator at 14:46:59.31 on Tue 02/10/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.606 [GMT -5:00]

AV: avast! antivirus 4.8.1296 [VPS 090210-0] *On-access scanning enabled* (Updated)
FW: Norton Internet Worm Protection *disabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\Program Files\DNA\btdna.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Compaq_Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
uRun: [NVIDIA nTune] "c:\program files\nvidia corporation\ntune\nTuneCmd.exe" clear
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [AlwaysReady Power Message APP] ARPWRMSG.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE
mRun: [<NO NAME>]
mRun: [PCDrProfiler]
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [IMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
uPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
uPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
dPolicies-explorer: NoSetActiveDesktop = 1 (0x1)
dPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
dPolicies-system: DisableTaskMgr = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
Trusted Zone: trymedia.com
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
LSA: Authentication Packages = msv1_0 c:\windows\system32\byXNdbCU

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\compaq~1\applic~1\mozilla\firefox\profiles\u30ijopg.default\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-2-8 64160]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-2-3 111184]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-2-3 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2009-2-3 155160]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast4\ashMaiSv.exe [2009-2-3 254040]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2009-2-3 352920]
RUnknown vdkgbeym;vdkgbeym; [x]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 950096]

=============== Created Last 30 ================

2009-02-10 14:14 <DIR> --d----- c:\program files\Trend Micro
2009-02-10 14:00 <DIR> --d----- c:\program files\CCleaner
2009-02-10 13:55 <DIR> --d----- C:\!KillBox
2009-02-10 09:07 1 a------- c:\windows\system32\uniq.tll
2009-02-10 09:07 24,064 a------- c:\windows\system32\frmwrk32.exe
2009-02-08 18:34 <DIR> --d----- C:\Chat
2009-02-08 15:02 15,688 a------- c:\windows\system32\lsdelete.exe
2009-02-08 14:59 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-02-08 14:58 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-02-08 14:58 <DIR> --d----- c:\program files\Lavasoft
2009-02-08 00:53 <DIR> --d----- c:\program files\Funcom
2009-02-07 18:11 4 a------- c:\windows\vdkgbeym
2009-02-07 14:43 <DIR> --d----- c:\program files\Combined Community Codec Pack
2009-02-06 15:05 529 a------- c:\windows\system32\winlogon2.exe
2009-02-06 08:10 512 a--sh--- c:\windows\system32\ddcIknnn.ini2
2009-02-06 08:10 512 a--sh--- c:\windows\system32\ddcIknnn.ini
2009-02-06 08:10 303,104 a------- c:\windows\system32\nnnkIcdd.dll
2009-02-05 14:41 4,307 a--sh--- c:\windows\system32\UCbdNXyb.ini2
2009-02-05 14:41 1,312 a------- c:\windows\runovbsv
2009-02-05 14:41 4,307 a--sh--- c:\windows\system32\UCbdNXyb.ini
2009-02-05 13:57 0 a------- c:\windows\system32\drivers\seneka.sys
2009-02-05 13:51 59 a------- c:\windows\system32\senekajwfdsvju.dat
2009-02-05 13:46 46,016 a------- c:\windows\system32\senekatxshnngx.dat
2009-02-05 13:46 15,872 a------- c:\windows\system32\senekaxorljhyl.dll
2009-02-05 13:46 49,152 a------- c:\windows\system32\senekagrrdxndo.dll
2009-02-05 12:46 <DIR> --d----- c:\program files\Yamb
2009-02-03 13:45 <DIR> --d----- c:\program files\NVIDIA Corporation
2009-02-03 13:43 <DIR> --d----- c:\program files\NVIDIA nTune Performance Application
2009-02-02 00:33 <DIR> --d----- c:\windows\system32\appmgmt
2009-02-02 00:19 <DIR> --d----- c:\docume~1\alluse~1\applic~1\DAEMON Tools Pro
2009-02-02 00:15 717,296 a------- c:\windows\system32\drivers\sptd.sys
2009-02-02 00:15 <DIR> --d----- c:\docume~1\compaq~1\applic~1\DAEMON Tools Pro
2009-02-02 00:07 211,938 a------- c:\windows\system32\lcphrase.tbl
2009-01-29 22:52 <DIR> --d----- c:\program files\VideoLAN
2009-01-28 16:04 138,624 a------- c:\windows\system32\drivers\PnkBstrK.sys
2009-01-28 16:04 202,352 a------- c:\windows\system32\PnkBstrB.exe
2009-01-28 16:03 <DIR> --d----- c:\windows\system32\LogFiles
2009-01-28 16:03 66,872 a------- c:\windows\system32\PnkBstrA.exe
2009-01-26 08:42 <DIR> --d----- c:\program files\Oberon Media
2009-01-25 12:26 <DIR> --d----- c:\program files\America's Army Server Manager
2009-01-25 12:24 <DIR> --d----- c:\program files\America's Army
2009-01-18 14:20 <DIR> --d----- c:\docume~1\compaq~1\applic~1\nHancer
2009-01-18 14:17 <DIR> --d----- c:\docume~1\alluse~1\applic~1\nHancer
2009-01-17 12:56 <DIR> --d----- c:\windows\system32\scripting
2009-01-17 12:56 <DIR> --d----- c:\windows\l2schemas
2009-01-17 12:56 <DIR> --d----- c:\windows\system32\en
2009-01-17 12:56 <DIR> --d----- c:\windows\system32\bits
2009-01-17 12:54 <DIR> --d----- c:\windows\ServicePackFiles
2009-01-17 07:06 180,360 -------- c:\windows\system32\drivers\ntmtlfax.sys
2009-01-16 18:46 6,066,176 -------- c:\windows\system32\dllcache\ieframe.dll
2009-01-16 18:46 2,455,488 -------- c:\windows\system32\dllcache\ieapfltr.dat
2009-01-16 18:46 991,232 -------- c:\windows\system32\dllcache\ieframe.dll.mui
2009-01-16 18:46 459,264 -------- c:\windows\system32\dllcache\msfeeds.dll
2009-01-16 18:46 383,488 -------- c:\windows\system32\dllcache\ieapfltr.dll
2009-01-16 18:46 267,776 -------- c:\windows\system32\dllcache\iertutil.dll
2009-01-16 18:46 63,488 -------- c:\windows\system32\dllcache\icardie.dll
2009-01-16 18:46 52,224 -------- c:\windows\system32\dllcache\msfeedsbs.dll
2009-01-16 18:46 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-01-16 18:43 <DIR> --d----- c:\windows\network diagnostic
2009-01-16 15:28 <DIR> --d----- c:\docume~1\compaq~1\applic~1\BitTorrent
2009-01-16 15:26 <DIR> --d----- c:\program files\DNA
2009-01-16 15:26 <DIR> --d----- c:\program files\BitTorrent
2009-01-16 15:26 <DIR> --d----- c:\docume~1\compaq~1\applic~1\DNA
2009-01-16 15:26 <DIR> --d----- c:\program files\AskSearch
2009-01-16 09:16 <DIR> --d----- c:\program files\MSXML 4.0
2009-01-16 08:33 272,128 -------- c:\windows\system32\dllcache\bthport.sys
2009-01-16 08:33 272,128 -------- c:\windows\system32\drivers\bthport.sys
2009-01-16 08:32 1,846,400 -------- c:\windows\system32\dllcache\win32k.sys
2009-01-16 08:31 23,040 -------- c:\windows\kb913800.exe
2009-01-16 08:30 203,136 -------- c:\windows\system32\dllcache\rmcast.sys
2009-01-16 08:30 455,296 -------- c:\windows\system32\dllcache\mrxsmb.sys
2009-01-16 08:30 333,952 -------- c:\windows\system32\dllcache\srv.sys
2009-01-16 08:30 691,712 -------- c:\windows\system32\dllcache\inetcomm.dll
2009-01-16 08:29 337,408 -------- c:\windows\system32\dllcache\netapi32.dll
2009-01-15 23:17 <DIR> --d----- c:\windows\system32\PreInstall
2009-01-15 22:27 2,145,280 -------- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-01-15 22:27 2,189,184 -------- c:\windows\system32\dllcache\ntoskrnl.exe
2009-01-15 22:27 2,023,936 -------- c:\windows\system32\dllcache\ntkrpamp.exe
2009-01-15 22:27 2,066,048 -------- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-01-15 21:58 <DIR> --d----- c:\docume~1\compaq~1\applic~1\Acreon
2009-01-15 19:30 12,160 a------- c:\windows\system32\drivers\mouhid.sys
2009-01-15 19:30 10,368 a------- c:\windows\system32\drivers\hidusb.sys
2009-01-15 19:27 248 a------- c:\windows\system\hpsysdrv.dat
2009-01-15 19:19 <DIR> --d----- c:\program files\World of Warcraft
2009-01-15 19:16 <DIR> --d--r-- c:\documents and settings\all users\Documents
2009-01-15 19:14 <DIR> --d--r-- c:\windows\Offline Web Pages
2009-01-15 19:11 <DIR> --dshr-- c:\windows\system32\dllcache
2009-01-15 18:13 <DIR> --d----- c:\windows\system32\AGEIA
2009-01-15 18:12 453,152 a------- c:\windows\system32\NVUNINST.EXE
2009-01-15 18:12 <DIR> --d----- C:\NVIDIA
2009-01-15 18:00 664 a------- c:\windows\system32\d3d9caps.dat
2009-01-15 18:00 552 a------- c:\windows\system32\d3d8caps.dat
2009-01-15 18:00 <DIR> --d----- c:\program files\SystemRequirementsLab
2009-01-15 17:51 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Blizzard
2009-01-15 17:50 <DIR> --d----- c:\program files\Ventrilo
2009-01-15 17:50 262 a------- c:\windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
2009-01-15 17:50 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-01-15 17:43 <DIR> --d----- c:\program files\common files\Blizzard Entertainment
2009-01-15 17:39 410,984 a------- c:\windows\system32\deploytk.dll
2009-01-15 17:39 73,728 a------- c:\windows\system32\javacpl.cpl
2009-01-15 17:38 <DIR> --dshr-- C:\cmdcons
2009-01-15 17:38 <DIR> --d----- c:\windows\setup.pss
2009-01-15 17:37 <DIR> --d----- c:\windows\setupupd
2009-01-15 17:36 1,769 a--shr-- c:\windows\system32\drivers\103C_HP_CPC_EX325AA-ABA SR1950NX NA670_YC_0Pres_QCNX623_E63NAemREA2_48_INAGAMI2_SASUSTek Computer INC._V2.00_B3.11_T060919_WXP2_L409_M1023_J250_7AMD_8Athlon 64_92.4_#060804_N_Z11C10620_G_OTSSTcorp CD DVDW TS-H652L.MRK
2009-01-15 17:34 <DIR> --d----- c:\docume~1\compaq~1\applic~1\Intuit
2009-01-15 17:34 <DIR> --d----- c:\documents and settings\compaq_administrator\WINDOWS
2009-01-15 17:34 <DIR> --d----- c:\documents and settings\Compaq_Administrator
2009-01-15 17:32 <DIR> --d----- c:\windows\system32\SoftwareDistribution

==================== Find3M ====================

2009-01-17 13:00 92,947 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-01-17 12:59 45,056 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\uninstallui\eHelpSetup.exe
2009-01-17 12:59 341,048 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\HPBasicDetection3.dll
2009-01-17 12:59 163,840 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\modemcheck.dll
2009-01-17 12:59 61,440 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\modemutil.dll
2009-01-17 12:59 44,032 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\scripts\devcon.exe
2009-01-17 12:59 40,960 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\ScDmi.dll
2009-01-17 12:59 32,768 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\uploadHSC.dll
2009-01-17 12:59 32,768 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\Scom.dll
2008-12-26 00:08 4,710,400 a------- c:\windows\system32\nvdisps.dll
2008-12-26 00:08 3,796,992 a------- c:\windows\system32\nvvitvs.dll
2008-12-26 00:08 3,489,792 a------- c:\windows\system32\nvgames.dll
2008-12-26 00:08 2,744,320 a------- c:\windows\system32\nvwss.dll
2008-12-26 00:08 1,560,576 a------- c:\windows\system32\nvcuda.dll
2008-12-26 00:08 1,286,144 a------- c:\windows\system32\nvmobls.dll
2008-12-26 00:08 801,312 a------- c:\windows\system32\nvcplui.exe
2008-12-26 00:08 453,152 a------- c:\windows\system32\nvudisp.exe
2008-12-26 00:08 188,416 a------- c:\windows\system32\nvmccss.dll
2008-12-13 01:40 3,593,216 -------- c:\windows\system32\dllcache\mshtml.dll

============= FINISH: 14:47:23.82 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 mruseless

mruseless
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:31 AM

Posted 10 February 2009 - 02:54 PM

Forgot to mention when I use google in Firefox, I have to open the link 6 or 7 times before it actually brings me to the link, other times it is redirected to a number of sites.

#3 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:05:31 PM

Posted 13 February 2009 - 07:47 AM

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from one of the locations below, and save it to your Desktop.

Link 1
Link 2
Link 3

Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

When finished, it shall produce a log for you. Post that log and a fresh HijackThis log in your next reply..

Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#4 mruseless

mruseless
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:31 AM

Posted 14 February 2009 - 08:43 PM

Thanks for taking the time to help me Fenzodahl, There is a new issue that came up after running Combo Fix, There is a Shield X on my tray saying Worm Protector isn't on?

These are some of the redirects I'm getting from google:

"http://clickfraudmanager.com/check.php?t=a49d29a78de6f7c0ee7dc99b1d9d9e5d&q=fire+fox&p=ff&a=998&s=3&e=google&v=icv270109ff&f=income&b=0.0581&u=http%3A%2F%2Ft.websearchmaster.net%2F%3Fd%3DrAbIv8zhbxNNNQ_VOUha--NOHNRsbbVXpcaDgY4ONESKGU_8BXzxGyJyugN0vHLpHe2fPeWljRpQNmQ2ADDnNFNNttDODtQFJIZCJJj3Ri9BigZcWmt_XtduNSQxxzYSp054Qx-VvG-S4RNrGHWjHrFSPEtPtxXdVNnRV8b0LuedL3vMi9Dw3ajfljdqZLgQB1ScM9cIrhvqplwsp-tzC8ti76C1EKEV3Mn7GKGor4pBm4I_6ZkQ1V_B_aFkPBH0PBDHr2_29dCTP8oi1pePoTvmk9BpFKn9cGsJwiZ8J_70tpubi3QwkppplhCikf_ohr1IRoObyOCezc4IKjsH_1h6nq8i7j8FBf64mBWz3MQ4ZLir-27CJN3Unpaszmoq5uszKphyu--0GcWgqYQJ9-oIpKSlUTzUmlT2wuppmkCDedCM2hxUA6WHRKh26edEJXdBonQi766CZU6keqkI7nbgeSCyL0l9WuAxwWIV6Tfl0FL1TQptktoIzaBQH0Atj9ENn6DIIwvbf6q07k-S5z2JxRrHEUrI0UZk0RbvZCzJ_9SLF1qHumFdcIf3JHj72JECwHmWTpjWBTROtrWDVzKXNxVdhPDa8D8hD7VW---AwDhZGRkYwR5Av4kZGpiLl5jnUN%2Fp3jlAmt4sQA8AwNjsTMcpzHtMz94sQx2AmxksQI8AmZ3ZGLjsQD5BGp3ZmLlsQH4AGH1MQN3sQO8ZQuyL2HmZQy8ATV0AQt1ZQI8oT9wLKEyoTyzMF5cozMi---3fbcae1813f4&rf=http://locatelife.info/?qa=fire+fox"

"undefined"

"http://clickfraudmanager.com/check.php?t=325cebe947e9c1f618e7fd006a7be42a&q=+site%3Awww.mozilla.com+fire+fox&p=ff&a=998&s=3&e=google&v=icv270109ff&f=income&b=0.0117&u=http%3A%2F%2Ft.websearchmaster.net%2F%3Fd%3DrAb11ZiBtxtDOrNUZizuh6UcKfkPEHDSDr6jzqQp5XnPvRO4-URmFnIdpKWJyKmyPbNxPFfxDSm1XuTZCo-f_O8CRCe_DW6aCNDP5NHExGJOQE_MB5FvcTN-koR_iHA7ImUVS1UomY-fMnw4MkJkyVVRvvDKTL0mUbhLFe8JSztFR4m-5DzXEpuRWxt5ONEzTQCNdWEx_T9uiXYseAa15GKXk3yJG_rrx4iQznSzmD31eBtySGIiS2IulKpgeX6n2-UyANpO2hlsDXpIfTN6fOwG0oKsQLpb4JDualKCtouShHb59Ojn9SeFnBoVcykn884ZlMyrerrlUJ2l_Iha9VeC6TmK5oIJ2fDiUy1eT_Kg4GTOnl-kKS-43IRE5wY8yg9y6Hc1GWS3WJweiyiSyLdv0WRfde1BV7PAmuBfinR8Cu9kzLtS0kIe4jZz99CVcBs0sZazIpcremDj89EJ3ZCqxkkq92QJ4XdKElzlG9VOIJUg2_yUtMyK-Be3nm8tDTbptaOZAs5FUk9RXwM6d3JvJnr9wnc3pms0HOBbHJb3zgwd87uY7755I6HK9Gn4RYqI2W5ROJuqvWSVGw4_g4ByaKr2-Cu6L9-ww7nLK3erWRBjBLZkj3CCR-srYsiG9wPwZoKz7rXAY7bpiuKoWm0L4_3YBya6xfWufyG32SUJR2-GHrmg6epps280w5kkf9gppkh1KczMmsPHZelHj2HXB56W2Gn25hEHLbASymjkxOZ8xScO-sncUCEpDQ0e8MQ692CsA9lvsdWqT-wnmign2aEsOBKBGfah4-2s-2j6pPYzkAybxFaUWdq2H9wV_JAOjTw60Fdpz2h1fKq-5h7yMtMi2DMpAeGA1e1xSl-5fFznMKpuZ-CXQh-qS3_r36dr5HdjJXOr3Pn87G8Q54lHMPBw51fKATSvxRic-5y9zWgyrUsP5704p6rnnuCfrig8TMv_BY0EcMMupyX9wGZ5rWOeEYy2MNsj4x7tjnsM29xheuyS8A5TY66SmvycHfhCod2Jp1LCP-7gAYLsd3m3ZDmWlQaAAyKG75QZvlqwSmcRC3EM-SHlQeoXT-14Km91rRlD85dx8PuZk_EE81JXatotnWGmcgjM0dLsZeVR7ft5K9SDp9NiYXgVFWlbgvmNScYRl6u8HEiz0q7XhqdqAyrsnWXKB5IrkE5FbSfr2cTG7rEMVei80WyomcgQ7Sx5UnssB-Rprlr_cLKMFVqxxdIyBeiysiZybbk7xIAWS6uvfRevUlM_C53-kUHy5V-VskG94MIsI7vzC5h0IizxkjoTjExxl-zel_HDCp5ASSle0Op-VnGQXtNOFPiRHNP_Wi_QWbYrWjeBq3npkO9za2tiiytowFiNxWRRtcEVLfjxRJVfVWOXSRiWm7C0Cm46hAf---AwDhZGRkYwR5Av4kZGpiLl5jnUN%2Fp3jlAmt4sQA8AwNjsUAcqTHtq3q3VT1irzyfoTRtL29gVTMcpzHtMz94sQRjZwN2ZKj1sQpmAmx1ZKj0BGx3AmAwZ3j1BQH1AJDjAajjsQt4ZQR3AQyysQEvAQD4AGN1sTqyozIlLJkfrJMcozDhnJ5zoj%3D%3D---fd0fcf144bec&rf=http://generallyfind.info/?qa=+site%3Awww.mozilla.com+fire+fox"

No idea where this is coming from either...

Here is the CF log:

ComboFix 09-02-12.03 - Compaq_Administrator 2009-02-14 20:30:52.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.602 [GMT -5:00]
Running from: c:\documents and settings\Compaq_Administrator\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090214-0] *On-access scanning disabled* (Updated)
FW: Norton Internet Worm Protection *disabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\ddcIknnn.ini
c:\windows\system32\ddcIknnn.ini2
c:\windows\system32\drivers\seneka.sys
c:\windows\system32\frmwrk32.exe
c:\windows\system32\senekagrrdxndo.dll
c:\windows\system32\senekajwfdsvju.dat
c:\windows\system32\senekatxshnngx.dat
c:\windows\system32\UCbdNXyb.ini
c:\windows\system32\UCbdNXyb.ini2
c:\windows\system32\uniq.tll
c:\windows\system32\winlogon2.exe
D:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SENEKA


((((((((((((((((((((((((( Files Created from 2009-01-15 to 2009-02-15 )))))))))))))))))))))))))))))))
.

2009-02-10 18:53 . 2009-02-10 18:53 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-02-10 14:14 . 2009-02-10 14:14 <DIR> d-------- c:\program files\Trend Micro
2009-02-10 14:00 . 2009-02-10 14:00 <DIR> d-------- c:\program files\CCleaner
2009-02-10 13:55 . 2009-02-11 18:17 <DIR> d-------- C:\!KillBox
2009-02-09 00:42 . 2009-02-09 00:42 <DIR> d-------- c:\documents and settings\Compaq_Administrator\Application Data\Media Player Classic
2009-02-08 18:34 . 2009-02-08 18:34 <DIR> d-------- C:\Chat
2009-02-08 15:02 . 2009-02-08 14:59 15,688 --a------ c:\windows\system32\lsdelete.exe
2009-02-08 14:59 . 2009-02-08 14:59 <DIR> d----c--- c:\windows\system32\DRVSTORE
2009-02-08 14:59 . 2009-02-08 14:59 64,160 --a------ c:\windows\system32\drivers\Lbd.sys
2009-02-08 14:58 . 2009-02-08 14:58 <DIR> d-------- c:\program files\Lavasoft
2009-02-08 14:58 . 2009-02-08 14:59 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2009-02-08 14:58 . 2009-02-08 14:58 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-02-08 00:53 . 2009-02-08 00:53 <DIR> d-------- c:\program files\Funcom
2009-02-07 18:11 . 2009-02-10 14:36 4 --a------ c:\windows\vdkgbeym
2009-02-07 14:43 . 2009-02-07 14:43 <DIR> d-------- c:\program files\Combined Community Codec Pack
2009-02-06 08:10 . 2009-02-06 08:10 303,104 --------- c:\windows\system32\nnnkIcdd.dll
2009-02-05 14:41 . 2009-02-07 00:59 1,312 --a------ c:\windows\runovbsv
2009-02-05 12:46 . 2009-02-05 12:47 <DIR> d-------- c:\program files\Yamb
2009-02-04 13:11 . 2009-02-04 13:11 <DIR> d-------- c:\documents and settings\Compaq_Administrator\Application Data\AdobeUM
2009-02-03 19:06 . 2009-02-03 19:06 <DIR> d-------- c:\program files\Alwil Software
2009-02-03 13:45 . 2009-02-03 13:45 <DIR> d-------- c:\program files\NVIDIA Corporation
2009-02-03 13:43 . 2009-02-03 13:43 <DIR> d-------- c:\program files\NVIDIA nTune Performance Application
2009-02-02 00:19 . 2009-02-02 00:19 <DIR> d-------- c:\documents and settings\All Users\Application Data\DAEMON Tools Pro
2009-02-02 00:15 . 2009-02-02 00:23 <DIR> d-------- c:\documents and settings\Compaq_Administrator\Application Data\DAEMON Tools Pro
2009-02-02 00:15 . 2009-02-02 00:16 717,296 --a------ c:\windows\system32\drivers\sptd.sys
2009-02-02 00:07 . 2004-08-09 16:00 10,129,408 --a------ c:\windows\system32\dllcache\hwxkor.dll
2009-01-29 22:53 . 2009-01-29 23:29 <DIR> d-------- c:\documents and settings\Compaq_Administrator\Application Data\vlc
2009-01-29 22:52 . 2009-01-29 22:52 <DIR> d-------- c:\program files\VideoLAN
2009-01-28 16:04 . 2009-01-31 10:59 202,352 --a------ c:\windows\system32\PnkBstrB.exe
2009-01-28 16:04 . 2009-01-31 10:59 138,624 --a------ c:\windows\system32\drivers\PnkBstrK.sys
2009-01-28 16:03 . 2009-01-28 16:03 <DIR> d-------- c:\windows\system32\LogFiles
2009-01-28 16:03 . 2009-01-28 16:03 66,872 --a------ c:\windows\system32\PnkBstrA.exe
2009-01-26 08:43 . 2009-01-26 08:43 <DIR> d-------- c:\documents and settings\Joanne\Application Data\Pogo Games
2009-01-26 08:43 . 2009-01-26 08:59 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2009-01-26 08:42 . 2009-01-26 08:42 <DIR> d-------- c:\program files\Oberon Media
2009-01-25 12:26 . 2009-01-25 12:26 <DIR> d-------- c:\program files\America's Army Server Manager
2009-01-25 12:24 . 2009-01-25 18:21 <DIR> d-------- c:\program files\America's Army
2009-01-24 17:07 . 2009-01-24 17:07 <DIR> d-------- c:\documents and settings\Joanne\Application Data\AdobeUM
2009-01-18 14:20 . 2009-02-02 00:34 <DIR> d-------- c:\documents and settings\Compaq_Administrator\Application Data\nHancer
2009-01-18 14:19 . 2009-01-18 14:20 <DIR> d-------- c:\documents and settings\All Users\Application Data\NVIDIA
2009-01-18 14:17 . 2009-01-18 14:20 <DIR> d-------- c:\documents and settings\All Users\Application Data\nHancer
2009-01-17 13:20 . 2009-02-02 00:33 <DIR> d-------- c:\documents and settings\All Users\Application Data\WinZip
2009-01-17 12:56 . 2009-01-17 12:56 <DIR> d-------- c:\windows\system32\scripting
2009-01-17 12:56 . 2009-01-17 12:56 <DIR> d-------- c:\windows\system32\en
2009-01-17 12:56 . 2009-01-17 12:56 <DIR> d-------- c:\windows\system32\bits
2009-01-17 12:56 . 2009-01-17 12:56 <DIR> d-------- c:\windows\l2schemas
2009-01-17 12:54 . 2009-01-17 12:54 <DIR> d-------- c:\windows\ServicePackFiles
2009-01-17 07:06 . 2008-04-13 19:09 13,463,552 --a------ c:\windows\system32\dllcache\hwxjpn.dll
2009-01-16 18:46 . 2008-10-16 15:38 6,066,176 --------- c:\windows\system32\dllcache\ieframe.dll
2009-01-16 18:46 . 2007-04-17 04:32 2,455,488 --------- c:\windows\system32\dllcache\ieapfltr.dat
2009-01-16 18:46 . 2007-03-08 00:10 991,232 --------- c:\windows\system32\dllcache\ieframe.dll.mui
2009-01-16 18:46 . 2008-10-16 15:38 459,264 --------- c:\windows\system32\dllcache\msfeeds.dll
2009-01-16 18:46 . 2008-10-16 15:38 383,488 --------- c:\windows\system32\dllcache\ieapfltr.dll
2009-01-16 18:46 . 2008-10-16 15:38 267,776 --------- c:\windows\system32\dllcache\iertutil.dll
2009-01-16 18:46 . 2008-10-16 15:38 63,488 --------- c:\windows\system32\dllcache\icardie.dll
2009-01-16 18:46 . 2008-10-16 15:38 52,224 --------- c:\windows\system32\dllcache\msfeedsbs.dll
2009-01-16 18:46 . 2008-10-16 08:11 13,824 --------- c:\windows\system32\dllcache\ieudinit.exe
2009-01-16 15:28 . 2009-02-08 14:42 <DIR> d-------- c:\documents and settings\Compaq_Administrator\Application Data\BitTorrent
2009-01-16 15:26 . 2009-02-13 16:51 <DIR> d-------- c:\program files\DNA
2009-01-16 15:26 . 2009-01-16 15:27 <DIR> d-------- c:\program files\BitTorrent
2009-01-16 15:26 . 2009-02-13 17:01 <DIR> d-------- c:\documents and settings\Compaq_Administrator\Application Data\DNA
2009-01-16 09:16 . 2009-01-16 09:16 <DIR> d-------- c:\program files\MSXML 4.0
2009-01-16 08:40 . 2009-01-16 08:40 <DIR> d-------- c:\windows\Sun
2009-01-16 08:33 . 2008-06-13 06:05 272,128 --------- c:\windows\system32\drivers\bthport.sys
2009-01-16 08:33 . 2008-06-13 06:05 272,128 --------- c:\windows\system32\dllcache\bthport.sys
2009-01-16 08:32 . 2008-09-15 07:12 1,846,400 --------- c:\windows\system32\dllcache\win32k.sys
2009-01-16 08:31 . 2009-01-16 08:31 <DIR> d--hs---- c:\documents and settings\Joanne\UserData
2009-01-16 08:31 . 2006-03-20 22:23 23,040 --------- c:\windows\kb913800.exe
2009-01-16 08:30 . 2008-04-11 14:04 691,712 --------- c:\windows\system32\dllcache\inetcomm.dll
2009-01-16 08:30 . 2008-10-24 06:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys
2009-01-16 08:30 . 2008-12-11 05:57 333,952 --------- c:\windows\system32\dllcache\srv.sys
2009-01-16 08:30 . 2008-05-08 09:02 203,136 --------- c:\windows\system32\dllcache\rmcast.sys
2009-01-16 08:29 . 2008-10-15 11:34 337,408 --------- c:\windows\system32\dllcache\netapi32.dll
2009-01-16 08:25 . 2006-05-05 05:20 <DIR> d-------- c:\documents and settings\Joanne\WINDOWS
2009-01-16 08:25 . 2006-05-05 05:20 <DIR> d-------- c:\documents and settings\Joanne\Application Data\Intuit
2009-01-16 08:25 . 2009-01-16 08:31 <DIR> d-------- c:\documents and settings\Joanne
2009-01-15 22:27 . 2008-08-14 05:11 2,189,184 --------- c:\windows\system32\dllcache\ntoskrnl.exe
2009-01-15 22:27 . 2008-08-14 05:09 2,145,280 --------- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-01-15 22:27 . 2008-08-14 04:33 2,066,048 --------- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-01-15 22:27 . 2008-08-14 04:33 2,023,936 --------- c:\windows\system32\dllcache\ntkrpamp.exe
2009-01-15 21:58 . 2009-01-15 21:58 <DIR> d-------- c:\documents and settings\Compaq_Administrator\Application Data\Acreon
2009-01-15 19:30 . 2001-08-17 16:48 12,160 --a------ c:\windows\system32\drivers\mouhid.sys
2009-01-15 19:30 . 2008-04-13 13:45 10,368 --a------ c:\windows\system32\drivers\hidusb.sys
2009-01-15 19:27 . 2009-02-14 20:35 248 --a------ c:\windows\system\hpsysdrv.dat
2009-01-15 19:19 . 2009-02-10 18:20 <DIR> d-------- c:\program files\World of Warcraft
2009-01-15 19:16 . 2009-01-15 19:25 <DIR> dr------- c:\documents and settings\All Users\Documents
2009-01-15 19:11 . 2009-02-14 18:06 <DIR> dr-hs---- c:\windows\system32\dllcache
2009-01-15 18:20 . 2009-01-15 18:20 0 --a------ c:\windows\nsreg.dat
2009-01-15 18:13 . 2009-01-15 18:13 <DIR> d-------- c:\windows\system32\AGEIA
2009-01-15 18:13 . 2009-01-15 18:13 <DIR> d-------- c:\program files\AGEIA Technologies
2009-01-15 18:12 . 2009-01-15 18:12 <DIR> d-------- C:\NVIDIA
2009-01-15 18:12 . 2008-12-23 21:58 453,152 --a------ c:\windows\system32\NVUNINST.EXE
2009-01-15 18:00 . 2009-02-03 19:20 664 --a------ c:\windows\system32\d3d9caps.dat
2009-01-15 18:00 . 2009-01-15 18:00 552 --a------ c:\windows\system32\d3d8caps.dat
2009-01-15 17:51 . 2009-01-15 17:51 <DIR> d-------- c:\documents and settings\All Users\Application Data\Blizzard
2009-01-15 17:50 . 2009-01-15 17:50 <DIR> d-------- c:\program files\Ventrilo
2009-01-15 17:50 . 2009-01-15 18:13 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-01-15 17:50 . 2009-01-15 20:09 <DIR> d-------- c:\documents and settings\Compaq_Administrator\Application Data\Ventrilo
2009-01-15 17:50 . 2009-01-15 17:50 262 --a------ c:\windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
2009-01-15 17:43 . 2009-01-15 21:04 <DIR> d-------- c:\program files\Common Files\Blizzard Entertainment
2009-01-15 17:39 . 2009-02-10 18:53 410,984 --a------ c:\windows\system32\deploytk.dll
2009-01-15 17:36 . 2009-01-15 17:36 1,769 -rahs---- c:\windows\system32\drivers\103C_HP_CPC_EX325AA-ABA SR1950NX NA670_YC_0Pres_QCNX623_E63NAemREA2_48_INAGAMI2_SASUSTek Computer INC._V2.00_B3.11_T060919_WXP2_L409_M1023_J250_7AMD_8Athlon 64_92.4_#060804_N_Z11C10620_G_OTSSTcorp CD DVDW TS-H652L.MRK
2009-01-15 17:34 . 2006-05-05 05:20 <DIR> d-------- c:\documents and settings\Compaq_Administrator\WINDOWS
2009-01-15 17:34 . 2006-05-05 05:20 <DIR> d-------- c:\documents and settings\Compaq_Administrator\Application Data\Intuit
2009-01-15 17:34 . 2009-02-14 20:04 <DIR> d-------- c:\documents and settings\Compaq_Administrator
2009-01-15 17:33 . 2006-05-05 05:20 <DIR> d-------- c:\windows\system32\config\systemprofile\WINDOWS
2009-01-15 17:33 . 2006-05-05 05:42 <DIR> d-------- c:\windows\system32\config\systemprofile\Application Data\Symantec
2009-01-15 17:33 . 2006-05-05 05:20 <DIR> d-------- c:\windows\system32\config\systemprofile\Application Data\Intuit
2009-01-15 17:32 . 2006-05-05 05:20 <DIR> d-------- c:\documents and settings\Default User\WINDOWS

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-15 01:05 --------- d-----w c:\program files\HP Games
2009-02-13 22:03 --------- d-----w c:\program files\Common Files\Real
2009-02-13 21:15 --------- d-----w c:\program files\Common Files\Sonic Shared
2009-02-13 21:14 --------- d-----w c:\program files\Common Files\InstallShield
2009-02-13 21:12 --------- d-----w c:\program files\Sonic
2009-02-13 21:07 --------- d-----w c:\program files\Hewlett-Packard
2009-02-10 23:53 --------- d-----w c:\program files\Java
2009-02-04 00:18 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-02-04 00:18 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-02-03 18:51 --------- d--h--w c:\program files\InstallShield Installation Information
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 81920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-10 148888]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-01-24 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-24 7311360]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-09 44032]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-02-08 509784]
"RTHDCPL"="RTHDCPL.EXE" [2006-03-08 c:\windows\RTHDCPL.EXE]
"nwiz"="nwiz.exe" [2006-01-24 c:\windows\system32\nwiz.exe]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 c:\windows\arpwrmsg.exe]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
--a------ 2004-08-03 22:32 455168 c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
--a------ 2004-08-03 22:32 455168 c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\DISC\\myFTP.exe"=
"c:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-02-08 64160]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-02-03 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-02-03 20560]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 950096]
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-PCDrProfiler - (no file)


.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
Trusted Zone: trymedia.com
FF - ProfilePath - c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\u30ijopg.default\
FF - prefs.js: browser.startup.homepage - www.google.com

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-14 20:35:42
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\arservice.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\NVIDIA Corporation\nTune\nTuneService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\rundll32.exe
c:\windows\ehome\ehmsas.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-02-14 20:38:13 - machine was rebooted
ComboFix-quarantined-files.txt 2009-02-15 01:38:11

Pre-Run: 175,252,807,680 bytes free
Post-Run: 175,181,574,144 bytes free

253 --- E O F --- 2009-01-17 18:20:33

And here is the Hijack This log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:40:50 PM, on 2/14/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\HP\KBD\KBD.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

--
End of file - 5366 bytes

Edited by mruseless, 14 February 2009 - 08:46 PM.


#5 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:05:31 PM

Posted 14 February 2009 - 11:44 PM

Please download Malwarebytes' Anti-Malware from HERE or HERE

Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.




Please download GooredFix and save it to your Desktop. Double-click Goored.exe to run it. Select 1. Find Goored (no fix) by typing 1 and pressing Enter. A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called Goored.txt). Note: Do not run Option #2 yet.



Post me these logs in your next reply..

1. Malwarebytes'
2. GooredFix

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#6 mruseless

mruseless
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:31 AM

Posted 15 February 2009 - 09:55 AM

Malwarebytes' Anti-Malware 1.34
Database version: 1763
Windows 5.1.2600 Service Pack 3

2/15/2009 9:54:25 AM
mbam-log-2009-02-15 (09-54-25).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 173516
Time elapsed: 35 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Qoobox\Quarantine\C\WINDOWS\system32\senekagrrdxndo.dll.vir (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP2\A0001814.dll (Trojan.TDSS) -> Quarantined and deleted successfully.
C:\Documents and Settings\Compaq_Administrator\Desktop\csrss.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.


GooredFix v1.91 by jpshortstuff
Log created at 09:55 on 15/02/2009 running Option #1 (Compaq_Administrator)
Firefox version 3.0.6 (en-US)

=====Suspect Goored Entries=====

C:\Program Files\Mozilla Firefox\extensions\{F725CD31-DC45-456F-B5CE-23717AA78EF3}

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.6\extensions]
"Plugins"="C:\Program Files\Mozilla Firefox\plugins"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.6\extensions]
"Components"="C:\Program Files\Mozilla Firefox\components"

#7 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:05:31 PM

Posted 15 February 2009 - 11:25 AM

1. Please open Notepad
  • Click Start, then Run
  • Type notepad.exe in the Run Box.
2. Now copy/paste the entire content of the codebox below into the Notepad window:

KillAll::

File::
c:\windows\vdkgbeym
c:\windows\system32\nnnkIcdd.dll
c:\windows\runovbsv

Folder::
C:\Program Files\Mozilla Firefox\extensions\{F725CD31-DC45-456F-B5CE-23717AA78EF3}

3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#8 mruseless

mruseless
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:31 AM

Posted 15 February 2009 - 01:36 PM

ComboFix 09-02-14.01 - Compaq_Administrator 2009-02-15 13:29:07.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.569 [GMT -5:00]
Running from: c:\documents and settings\Compaq_Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Compaq_Administrator\Desktop\CFScript.txt
AV: avast! antivirus 4.8.1335 [VPS 090215-0] *On-access scanning disabled* (Updated)
FW: Norton Internet Worm Protection *disabled*
* Created a new restore point

FILE ::
c:\windows\runovbsv
c:\windows\system32\nnnkIcdd.dll
c:\windows\vdkgbeym
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Mozilla Firefox\extensions\{F725CD31-DC45-456F-B5CE-23717AA78EF3}
c:\program files\Mozilla Firefox\extensions\{F725CD31-DC45-456F-B5CE-23717AA78EF3}\chrome.manifest
c:\program files\Mozilla Firefox\extensions\{F725CD31-DC45-456F-B5CE-23717AA78EF3}\chrome\content\overlay.xul
c:\program files\Mozilla Firefox\extensions\{F725CD31-DC45-456F-B5CE-23717AA78EF3}\install.rdf
c:\windows\runovbsv
c:\windows\system32\nnnkIcdd.dll
c:\windows\vdkgbeym

.
((((((((((((((((((((((((( Files Created from 2009-01-15 to 2009-02-15 )))))))))))))))))))))))))))))))
.

2009-02-15 02:30 . 2009-02-15 02:30 1,374 --a------ c:\windows\imsins.BAK
2009-02-15 01:58 . 2009-02-15 01:58 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-02-15 01:58 . 2009-02-15 01:58 <DIR> d-------- c:\documents and settings\Compaq_Administrator\Application Data\Malwarebytes
2009-02-15 01:58 . 2009-02-15 01:58 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-02-15 01:58 . 2009-02-11 10:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-15 01:58 . 2009-02-11 10:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-02-10 18:53 . 2009-02-10 18:53 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-02-10 14:14 . 2009-02-10 14:14 <DIR> d-------- c:\program files\Trend Micro
2009-02-10 14:00 . 2009-02-10 14:00 <DIR> d-------- c:\program files\CCleaner
2009-02-10 13:55 . 2009-02-11 18:17 <DIR> d-------- C:\!KillBox
2009-02-09 00:42 . 2009-02-09 00:42 <DIR> d-------- c:\documents and settings\Compaq_Administrator\Application Data\Media Player Classic
2009-02-08 18:34 . 2009-02-08 18:34 <DIR> d-------- C:\Chat
2009-02-08 15:02 . 2009-02-08 14:59 15,688 --a------ c:\windows\system32\lsdelete.exe
2009-02-08 14:59 . 2009-02-08 14:59 <DIR> d----c--- c:\windows\system32\DRVSTORE
2009-02-08 14:59 . 2009-02-08 14:59 64,160 --a------ c:\windows\system32\drivers\Lbd.sys
2009-02-08 14:58 . 2009-02-08 14:58 <DIR> d-------- c:\program files\Lavasoft
2009-02-08 14:58 . 2009-02-08 14:59 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2009-02-08 14:58 . 2009-02-08 14:58 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-02-08 00:53 . 2009-02-08 00:53 <DIR> d-------- c:\program files\Funcom
2009-02-07 14:43 . 2009-02-07 14:43 <DIR> d-------- c:\program files\Combined Community Codec Pack
2009-02-05 12:46 . 2009-02-05 12:47 <DIR> d-------- c:\program files\Yamb
2009-02-04 13:11 . 2009-02-04 13:11 <DIR> d-------- c:\documents and settings\Compaq_Administrator\Application Data\AdobeUM
2009-02-03 19:06 . 2009-02-03 19:06 <DIR> d-------- c:\program files\Alwil Software
2009-02-03 13:45 . 2009-02-03 13:45 <DIR> d-------- c:\program files\NVIDIA Corporation
2009-02-03 13:43 . 2009-02-03 13:43 <DIR> d-------- c:\program files\NVIDIA nTune Performance Application
2009-02-02 00:19 . 2009-02-02 00:19 <DIR> d-------- c:\documents and settings\All Users\Application Data\DAEMON Tools Pro
2009-02-02 00:15 . 2009-02-02 00:23 <DIR> d-------- c:\documents and settings\Compaq_Administrator\Application Data\DAEMON Tools Pro
2009-02-02 00:15 . 2009-02-02 00:16 717,296 --a------ c:\windows\system32\drivers\sptd.sys
2009-02-02 00:07 . 2004-08-09 16:00 10,129,408 --a------ c:\windows\system32\dllcache\hwxkor.dll
2009-01-29 22:53 . 2009-01-29 23:29 <DIR> d-------- c:\documents and settings\Compaq_Administrator\Application Data\vlc
2009-01-29 22:52 . 2009-01-29 22:52 <DIR> d-------- c:\program files\VideoLAN
2009-01-28 16:04 . 2009-01-31 10:59 202,352 --a------ c:\windows\system32\PnkBstrB.exe
2009-01-28 16:04 . 2009-01-31 10:59 138,624 --a------ c:\windows\system32\drivers\PnkBstrK.sys
2009-01-28 16:03 . 2009-01-28 16:03 <DIR> d-------- c:\windows\system32\LogFiles
2009-01-28 16:03 . 2009-01-28 16:03 66,872 --a------ c:\windows\system32\PnkBstrA.exe
2009-01-26 08:43 . 2009-01-26 08:43 <DIR> d-------- c:\documents and settings\Joanne\Application Data\Pogo Games
2009-01-26 08:43 . 2009-01-26 08:59 <DIR> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2009-01-26 08:42 . 2009-01-26 08:42 <DIR> d-------- c:\program files\Oberon Media
2009-01-25 12:26 . 2009-01-25 12:26 <DIR> d-------- c:\program files\America's Army Server Manager
2009-01-25 12:24 . 2009-01-25 18:21 <DIR> d-------- c:\program files\America's Army
2009-01-24 17:07 . 2009-01-24 17:07 <DIR> d-------- c:\documents and settings\Joanne\Application Data\AdobeUM
2009-01-18 14:20 . 2009-02-02 00:34 <DIR> d-------- c:\documents and settings\Compaq_Administrator\Application Data\nHancer
2009-01-18 14:19 . 2009-01-18 14:20 <DIR> d-------- c:\documents and settings\All Users\Application Data\NVIDIA
2009-01-18 14:17 . 2009-01-18 14:20 <DIR> d-------- c:\documents and settings\All Users\Application Data\nHancer
2009-01-17 13:20 . 2009-02-02 00:33 <DIR> d-------- c:\documents and settings\All Users\Application Data\WinZip
2009-01-17 12:56 . 2009-01-17 12:56 <DIR> d-------- c:\windows\system32\scripting
2009-01-17 12:56 . 2009-01-17 12:56 <DIR> d-------- c:\windows\system32\en
2009-01-17 12:56 . 2009-01-17 12:56 <DIR> d-------- c:\windows\system32\bits
2009-01-17 12:56 . 2009-01-17 12:56 <DIR> d-------- c:\windows\l2schemas
2009-01-17 12:54 . 2009-01-17 12:54 <DIR> d-------- c:\windows\ServicePackFiles
2009-01-17 07:06 . 2008-04-13 19:09 13,463,552 --a------ c:\windows\system32\dllcache\hwxjpn.dll
2009-01-16 18:46 . 2008-12-20 18:15 6,066,688 --------- c:\windows\system32\dllcache\ieframe.dll
2009-01-16 18:46 . 2007-04-17 04:32 2,455,488 --------- c:\windows\system32\dllcache\ieapfltr.dat
2009-01-16 18:46 . 2007-03-08 00:10 991,232 --------- c:\windows\system32\dllcache\ieframe.dll.mui
2009-01-16 18:46 . 2008-12-20 18:15 459,264 --------- c:\windows\system32\dllcache\msfeeds.dll
2009-01-16 18:46 . 2008-12-20 18:15 383,488 --------- c:\windows\system32\dllcache\ieapfltr.dll
2009-01-16 18:46 . 2008-12-20 18:15 267,776 --------- c:\windows\system32\dllcache\iertutil.dll
2009-01-16 18:46 . 2008-12-20 18:15 63,488 --------- c:\windows\system32\dllcache\icardie.dll
2009-01-16 18:46 . 2008-12-20 18:15 52,224 --------- c:\windows\system32\dllcache\msfeedsbs.dll
2009-01-16 18:46 . 2008-12-19 04:10 13,824 --------- c:\windows\system32\dllcache\ieudinit.exe
2009-01-16 15:28 . 2009-02-08 14:42 <DIR> d-------- c:\documents and settings\Compaq_Administrator\Application Data\BitTorrent
2009-01-16 15:26 . 2009-02-13 16:51 <DIR> d-------- c:\program files\DNA
2009-01-16 15:26 . 2009-01-16 15:27 <DIR> d-------- c:\program files\BitTorrent
2009-01-16 15:26 . 2009-02-13 17:01 <DIR> d-------- c:\documents and settings\Compaq_Administrator\Application Data\DNA
2009-01-16 09:16 . 2009-01-16 09:16 <DIR> d-------- c:\program files\MSXML 4.0
2009-01-16 08:40 . 2009-01-16 08:40 <DIR> d-------- c:\windows\Sun
2009-01-16 08:33 . 2008-06-13 06:05 272,128 --------- c:\windows\system32\drivers\bthport.sys
2009-01-16 08:33 . 2008-06-13 06:05 272,128 --------- c:\windows\system32\dllcache\bthport.sys
2009-01-16 08:32 . 2008-09-15 07:12 1,846,400 --------- c:\windows\system32\dllcache\win32k.sys
2009-01-16 08:31 . 2009-01-16 08:31 <DIR> d--hs---- c:\documents and settings\Joanne\UserData
2009-01-16 08:31 . 2006-03-20 22:23 23,040 --------- c:\windows\kb913800.exe
2009-01-16 08:30 . 2008-04-11 14:04 691,712 --------- c:\windows\system32\dllcache\inetcomm.dll
2009-01-16 08:30 . 2008-10-24 06:21 455,296 --------- c:\windows\system32\dllcache\mrxsmb.sys
2009-01-16 08:30 . 2008-12-11 05:57 333,952 --------- c:\windows\system32\dllcache\srv.sys
2009-01-16 08:30 . 2008-05-08 09:02 203,136 --------- c:\windows\system32\dllcache\rmcast.sys
2009-01-16 08:29 . 2008-10-15 11:34 337,408 --------- c:\windows\system32\dllcache\netapi32.dll
2009-01-16 08:25 . 2006-05-05 05:20 <DIR> d-------- c:\documents and settings\Joanne\WINDOWS
2009-01-16 08:25 . 2006-05-05 05:20 <DIR> d-------- c:\documents and settings\Joanne\Application Data\Intuit
2009-01-16 08:25 . 2009-01-16 08:31 <DIR> d-------- c:\documents and settings\Joanne
2009-01-15 22:27 . 2008-08-14 05:11 2,189,184 --------- c:\windows\system32\dllcache\ntoskrnl.exe
2009-01-15 22:27 . 2008-08-14 05:09 2,145,280 --------- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-01-15 22:27 . 2008-08-14 04:33 2,066,048 --------- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-01-15 22:27 . 2008-08-14 04:33 2,023,936 --------- c:\windows\system32\dllcache\ntkrpamp.exe
2009-01-15 21:58 . 2009-01-15 21:58 <DIR> d-------- c:\documents and settings\Compaq_Administrator\Application Data\Acreon
2009-01-15 19:30 . 2001-08-17 16:48 12,160 --a------ c:\windows\system32\drivers\mouhid.sys
2009-01-15 19:30 . 2008-04-13 13:45 10,368 --a------ c:\windows\system32\drivers\hidusb.sys
2009-01-15 19:27 . 2009-02-15 13:31 248 --a------ c:\windows\system\hpsysdrv.dat
2009-01-15 19:19 . 2009-02-10 18:20 <DIR> d-------- c:\program files\World of Warcraft
2009-01-15 19:16 . 2009-01-15 19:25 <DIR> dr------- c:\documents and settings\All Users\Documents
2009-01-15 19:11 . 2009-02-15 02:30 <DIR> dr-hs---- c:\windows\system32\dllcache
2009-01-15 18:20 . 2009-01-15 18:20 0 --a------ c:\windows\nsreg.dat
2009-01-15 18:13 . 2009-01-15 18:13 <DIR> d-------- c:\windows\system32\AGEIA
2009-01-15 18:13 . 2009-01-15 18:13 <DIR> d-------- c:\program files\AGEIA Technologies
2009-01-15 18:12 . 2009-01-15 18:12 <DIR> d-------- C:\NVIDIA
2009-01-15 18:12 . 2008-12-23 21:58 453,152 --a------ c:\windows\system32\NVUNINST.EXE
2009-01-15 18:00 . 2009-02-03 19:20 664 --a------ c:\windows\system32\d3d9caps.dat
2009-01-15 18:00 . 2009-01-15 18:00 552 --a------ c:\windows\system32\d3d8caps.dat
2009-01-15 17:51 . 2009-01-15 17:51 <DIR> d-------- c:\documents and settings\All Users\Application Data\Blizzard
2009-01-15 17:50 . 2009-01-15 17:50 <DIR> d-------- c:\program files\Ventrilo
2009-01-15 17:50 . 2009-01-15 18:13 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-01-15 17:50 . 2009-01-15 20:09 <DIR> d-------- c:\documents and settings\Compaq_Administrator\Application Data\Ventrilo
2009-01-15 17:50 . 2009-01-15 17:50 262 --a------ c:\windows\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
2009-01-15 17:43 . 2009-01-15 21:04 <DIR> d-------- c:\program files\Common Files\Blizzard Entertainment
2009-01-15 17:39 . 2009-02-10 18:53 410,984 --a------ c:\windows\system32\deploytk.dll
2009-01-15 17:36 . 2009-01-15 17:36 1,769 -rahs---- c:\windows\system32\drivers\103C_HP_CPC_EX325AA-ABA SR1950NX NA670_YC_0Pres_QCNX623_E63NAemREA2_48_INAGAMI2_SASUSTek Computer INC._V2.00_B3.11_T060919_WXP2_L409_M1023_J250_7AMD_8Athlon 64_92.4_#060804_N_Z11C10620_G_OTSSTcorp CD DVDW TS-H652L.MRK
2009-01-15 17:34 . 2006-05-05 05:20 <DIR> d-------- c:\documents and settings\Compaq_Administrator\WINDOWS
2009-01-15 17:34 . 2006-05-05 05:20 <DIR> d-------- c:\documents and settings\Compaq_Administrator\Application Data\Intuit
2009-01-15 17:34 . 2009-02-15 10:36 <DIR> d-------- c:\documents and settings\Compaq_Administrator
2009-01-15 17:33 . 2006-05-05 05:20 <DIR> d-------- c:\windows\system32\config\systemprofile\WINDOWS
2009-01-15 17:33 . 2006-05-05 05:42 <DIR> d-------- c:\windows\system32\config\systemprofile\Application Data\Symantec
2009-01-15 17:33 . 2006-05-05 05:20 <DIR> d-------- c:\windows\system32\config\systemprofile\Application Data\Intuit
2009-01-15 17:32 . 2006-05-05 05:20 <DIR> d-------- c:\documents and settings\Default User\WINDOWS

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-15 01:05 --------- d-----w c:\program files\HP Games
2009-02-13 22:03 --------- d-----w c:\program files\Common Files\Real
2009-02-13 21:15 --------- d-----w c:\program files\Common Files\Sonic Shared
2009-02-13 21:14 --------- d-----w c:\program files\Common Files\InstallShield
2009-02-13 21:12 --------- d-----w c:\program files\Sonic
2009-02-13 21:07 --------- d-----w c:\program files\Hewlett-Packard
2009-02-10 23:53 --------- d-----w c:\program files\Java
2009-02-04 00:18 --------- d-----w c:\program files\Common Files\Symantec Shared
2009-02-04 00:18 --------- d-----w c:\documents and settings\All Users\Application Data\Symantec
2009-02-03 18:51 --------- d--h--w c:\program files\InstallShield Installation Information
.

((((((((((((((((((((((((((((( SnapShot@2009-02-14_20.37.44.81 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-10-16 20:38:34 124,928 -c----w c:\windows\ie7updates\KB961260-IE7\advpack.dll
+ 2008-10-16 20:38:34 347,136 -c----w c:\windows\ie7updates\KB961260-IE7\dxtmsft.dll
+ 2008-10-16 20:38:34 214,528 -c----w c:\windows\ie7updates\KB961260-IE7\dxtrans.dll
+ 2008-10-16 20:38:35 133,120 -c----w c:\windows\ie7updates\KB961260-IE7\extmgr.dll
+ 2008-10-16 20:38:35 63,488 -c----w c:\windows\ie7updates\KB961260-IE7\icardie.dll
+ 2008-10-16 13:11:09 70,656 -c----w c:\windows\ie7updates\KB961260-IE7\ie4uinit.exe
+ 2008-10-16 20:38:35 153,088 -c----w c:\windows\ie7updates\KB961260-IE7\ieakeng.dll
+ 2008-10-16 20:38:35 230,400 -c----w c:\windows\ie7updates\KB961260-IE7\ieaksie.dll
+ 2008-10-15 07:04:53 161,792 -c----w c:\windows\ie7updates\KB961260-IE7\ieakui.dll
+ 2008-10-16 20:38:35 383,488 -c----w c:\windows\ie7updates\KB961260-IE7\ieapfltr.dll
+ 2008-10-16 20:38:35 384,512 -c----w c:\windows\ie7updates\KB961260-IE7\iedkcs32.dll
+ 2008-10-16 20:38:37 6,066,176 -c----w c:\windows\ie7updates\KB961260-IE7\ieframe.dll
+ 2008-10-16 20:38:37 44,544 -c----w c:\windows\ie7updates\KB961260-IE7\iernonce.dll
+ 2008-10-16 20:38:37 267,776 -c----w c:\windows\ie7updates\KB961260-IE7\iertutil.dll
+ 2008-10-16 13:11:09 13,824 -c----w c:\windows\ie7updates\KB961260-IE7\ieudinit.exe
+ 2008-10-15 07:06:26 633,632 -c----w c:\windows\ie7updates\KB961260-IE7\iexplore.exe
+ 2008-10-16 20:38:37 27,648 -c----w c:\windows\ie7updates\KB961260-IE7\jsproxy.dll
+ 2008-10-16 20:38:37 459,264 -c----w c:\windows\ie7updates\KB961260-IE7\msfeeds.dll
+ 2008-10-16 20:38:37 52,224 -c----w c:\windows\ie7updates\KB961260-IE7\msfeedsbs.dll
+ 2008-12-13 06:40:02 3,593,216 -c----w c:\windows\ie7updates\KB961260-IE7\mshtml.dll
+ 2008-10-16 20:38:38 477,696 -c----w c:\windows\ie7updates\KB961260-IE7\mshtmled.dll
+ 2008-10-16 20:38:38 193,024 -c----w c:\windows\ie7updates\KB961260-IE7\msrating.dll
+ 2008-10-16 20:38:39 671,232 -c----w c:\windows\ie7updates\KB961260-IE7\mstime.dll
+ 2008-10-16 20:38:39 102,912 -c----w c:\windows\ie7updates\KB961260-IE7\occache.dll
+ 2008-10-16 20:38:39 44,544 -c----w c:\windows\ie7updates\KB961260-IE7\pngfilt.dll
+ 2007-03-06 01:22:41 213,216 -c----w c:\windows\ie7updates\KB961260-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w c:\windows\ie7updates\KB961260-IE7\spuninst\updspapi.dll
+ 2008-10-16 20:38:39 105,984 -c----w c:\windows\ie7updates\KB961260-IE7\url.dll
+ 2008-10-16 20:38:39 1,160,192 -c----w c:\windows\ie7updates\KB961260-IE7\urlmon.dll
+ 2008-10-16 20:38:39 233,472 -c----w c:\windows\ie7updates\KB961260-IE7\webcheck.dll
+ 2008-10-16 20:38:40 826,368 -c----w c:\windows\ie7updates\KB961260-IE7\wininet.dll
- 2008-10-16 20:38:34 124,928 ----a-w c:\windows\system32\advpack.dll
+ 2008-12-20 23:15:11 124,928 ----a-w c:\windows\system32\advpack.dll
- 2008-10-16 20:38:34 124,928 ------w c:\windows\system32\dllcache\advpack.dll
+ 2008-12-20 23:15:11 124,928 ------w c:\windows\system32\dllcache\advpack.dll
- 2008-10-16 20:38:34 347,136 ------w c:\windows\system32\dllcache\dxtmsft.dll
+ 2008-12-20 23:15:12 347,136 ------w c:\windows\system32\dllcache\dxtmsft.dll
- 2008-10-16 20:38:34 214,528 ------w c:\windows\system32\dllcache\dxtrans.dll
+ 2008-12-20 23:15:13 214,528 ------w c:\windows\system32\dllcache\dxtrans.dll
- 2008-10-16 20:38:35 133,120 ------w c:\windows\system32\dllcache\extmgr.dll
+ 2008-12-20 23:15:13 133,120 ------w c:\windows\system32\dllcache\extmgr.dll
- 2008-10-16 13:11:09 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
+ 2008-12-19 09:10:15 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
- 2008-10-16 20:38:35 153,088 ------w c:\windows\system32\dllcache\ieakeng.dll
+ 2008-12-20 23:15:14 153,088 ------w c:\windows\system32\dllcache\ieakeng.dll
- 2008-10-16 20:38:35 230,400 ------w c:\windows\system32\dllcache\ieaksie.dll
+ 2008-12-20 23:15:14 230,400 ------w c:\windows\system32\dllcache\ieaksie.dll
- 2008-10-15 07:04:53 161,792 ------w c:\windows\system32\dllcache\ieakui.dll
+ 2008-12-19 05:23:56 161,792 ------w c:\windows\system32\dllcache\ieakui.dll
- 2008-10-16 20:38:35 384,512 ------w c:\windows\system32\dllcache\iedkcs32.dll
+ 2008-12-20 23:15:16 384,512 ------w c:\windows\system32\dllcache\iedkcs32.dll
- 2008-10-16 20:38:37 44,544 ------w c:\windows\system32\dllcache\iernonce.dll
+ 2008-12-20 23:15:21 44,544 ------w c:\windows\system32\dllcache\iernonce.dll
- 2008-10-15 07:06:26 633,632 ------w c:\windows\system32\dllcache\iexplore.exe
+ 2008-12-19 05:25:25 634,024 ------w c:\windows\system32\dllcache\iexplore.exe
- 2008-10-16 20:38:37 27,648 ------w c:\windows\system32\dllcache\jsproxy.dll
+ 2008-12-20 23:15:23 27,648 ------w c:\windows\system32\dllcache\jsproxy.dll
- 2008-12-13 06:40:02 3,593,216 ------w c:\windows\system32\dllcache\mshtml.dll
+ 2009-01-17 02:35:14 3,594,752 ------w c:\windows\system32\dllcache\mshtml.dll
- 2008-10-16 20:38:38 477,696 ------w c:\windows\system32\dllcache\mshtmled.dll
+ 2008-12-20 23:15:30 477,696 ------w c:\windows\system32\dllcache\mshtmled.dll
- 2008-10-16 20:38:38 193,024 ------w c:\windows\system32\dllcache\msrating.dll
+ 2008-12-20 23:15:31 193,024 ------w c:\windows\system32\dllcache\msrating.dll
- 2008-10-16 20:38:39 671,232 ------w c:\windows\system32\dllcache\mstime.dll
+ 2008-12-20 23:15:32 671,232 ------w c:\windows\system32\dllcache\mstime.dll
- 2008-10-16 20:38:39 102,912 ------w c:\windows\system32\dllcache\occache.dll
+ 2008-12-20 23:15:38 102,912 ------w c:\windows\system32\dllcache\occache.dll
- 2008-10-16 20:38:39 44,544 ------w c:\windows\system32\dllcache\pngfilt.dll
+ 2008-12-20 23:15:38 44,544 ------w c:\windows\system32\dllcache\pngfilt.dll
- 2008-10-16 20:38:39 105,984 ------w c:\windows\system32\dllcache\url.dll
+ 2008-12-20 23:15:39 105,984 ------w c:\windows\system32\dllcache\url.dll
- 2008-10-16 20:38:39 1,160,192 ------w c:\windows\system32\dllcache\urlmon.dll
+ 2008-12-20 23:15:40 1,160,192 ------w c:\windows\system32\dllcache\urlmon.dll
- 2008-10-16 20:38:39 233,472 ------w c:\windows\system32\dllcache\webcheck.dll
+ 2008-12-20 23:15:40 233,472 ------w c:\windows\system32\dllcache\webcheck.dll
- 2008-10-16 20:38:40 826,368 ------w c:\windows\system32\dllcache\wininet.dll
+ 2008-12-20 23:15:41 826,368 ------w c:\windows\system32\dllcache\wininet.dll
- 2008-10-16 20:38:34 347,136 ------w c:\windows\system32\dxtmsft.dll
+ 2008-12-20 23:15:12 347,136 ------w c:\windows\system32\dxtmsft.dll
- 2008-10-16 20:38:34 214,528 ------w c:\windows\system32\dxtrans.dll
+ 2008-12-20 23:15:13 214,528 ------w c:\windows\system32\dxtrans.dll
- 2008-10-16 20:38:35 133,120 ------w c:\windows\system32\extmgr.dll
+ 2008-12-20 23:15:13 133,120 ------w c:\windows\system32\extmgr.dll
- 2008-10-16 20:38:35 63,488 ----a-w c:\windows\system32\icardie.dll
+ 2008-12-20 23:15:13 63,488 ----a-w c:\windows\system32\icardie.dll
- 2008-10-16 13:11:09 70,656 ------w c:\windows\system32\ie4uinit.exe
+ 2008-12-19 09:10:15 70,656 ------w c:\windows\system32\ie4uinit.exe
- 2008-10-16 20:38:35 153,088 ------w c:\windows\system32\ieakeng.dll
+ 2008-12-20 23:15:14 153,088 ------w c:\windows\system32\ieakeng.dll
- 2008-10-16 20:38:35 230,400 ------w c:\windows\system32\ieaksie.dll
+ 2008-12-20 23:15:14 230,400 ------w c:\windows\system32\ieaksie.dll
- 2008-10-15 07:04:53 161,792 ------w c:\windows\system32\ieakui.dll
+ 2008-12-19 05:23:56 161,792 ------w c:\windows\system32\ieakui.dll
- 2008-10-16 20:38:35 383,488 ----a-w c:\windows\system32\ieapfltr.dll
+ 2008-12-20 23:15:15 383,488 ----a-w c:\windows\system32\ieapfltr.dll
- 2008-10-16 20:38:35 384,512 ------w c:\windows\system32\iedkcs32.dll
+ 2008-12-20 23:15:16 384,512 ------w c:\windows\system32\iedkcs32.dll
- 2008-10-16 20:38:37 6,066,176 ----a-w c:\windows\system32\ieframe.dll
+ 2008-12-20 23:15:21 6,066,688 ----a-w c:\windows\system32\ieframe.dll
- 2008-10-16 20:38:37 44,544 ------w c:\windows\system32\iernonce.dll
+ 2008-12-20 23:15:21 44,544 ------w c:\windows\system32\iernonce.dll
- 2008-10-16 20:38:37 267,776 ----a-w c:\windows\system32\iertutil.dll
+ 2008-12-20 23:15:22 267,776 ----a-w c:\windows\system32\iertutil.dll
- 2008-10-16 13:11:09 13,824 ----a-w c:\windows\system32\ieudinit.exe
+ 2008-12-19 09:10:15 13,824 ----a-w c:\windows\system32\ieudinit.exe
- 2008-10-16 20:38:37 27,648 ------w c:\windows\system32\jsproxy.dll
+ 2008-12-20 23:15:23 27,648 ------w c:\windows\system32\jsproxy.dll
- 2009-01-09 22:35:30 20,853,704 ----a-w c:\windows\system32\MRT.exe
+ 2009-02-12 04:56:17 21,244,872 ----a-w c:\windows\system32\MRT.exe
- 2008-10-16 20:38:37 459,264 ----a-w c:\windows\system32\msfeeds.dll
+ 2008-12-20 23:15:23 459,264 ----a-w c:\windows\system32\msfeeds.dll
- 2008-10-16 20:38:37 52,224 ----a-w c:\windows\system32\msfeedsbs.dll
+ 2008-12-20 23:15:24 52,224 ----a-w c:\windows\system32\msfeedsbs.dll
- 2008-12-13 06:40:02 3,593,216 ----a-w c:\windows\system32\mshtml.dll
+ 2009-01-17 02:35:14 3,594,752 ----a-w c:\windows\system32\mshtml.dll
- 2008-10-16 20:38:38 477,696 ------w c:\windows\system32\mshtmled.dll
+ 2008-12-20 23:15:30 477,696 ------w c:\windows\system32\mshtmled.dll
- 2008-10-16 20:38:38 193,024 ------w c:\windows\system32\msrating.dll
+ 2008-12-20 23:15:31 193,024 ------w c:\windows\system32\msrating.dll
- 2008-10-16 20:38:39 671,232 ------w c:\windows\system32\mstime.dll
+ 2008-12-20 23:15:32 671,232 ------w c:\windows\system32\mstime.dll
- 2008-10-16 20:38:39 102,912 ------w c:\windows\system32\occache.dll
+ 2008-12-20 23:15:38 102,912 ------w c:\windows\system32\occache.dll
- 2008-10-16 20:38:39 44,544 ------w c:\windows\system32\pngfilt.dll
+ 2008-12-20 23:15:38 44,544 ------w c:\windows\system32\pngfilt.dll
- 2007-11-30 12:39:22 17,272 ------w c:\windows\system32\spmsg.dll
+ 2008-07-09 07:38:24 17,272 ------w c:\windows\system32\spmsg.dll
- 2008-10-16 20:38:39 105,984 ----a-w c:\windows\system32\url.dll
+ 2008-12-20 23:15:39 105,984 ----a-w c:\windows\system32\url.dll
- 2008-10-16 20:38:39 1,160,192 ----a-w c:\windows\system32\urlmon.dll
+ 2008-12-20 23:15:40 1,160,192 ----a-w c:\windows\system32\urlmon.dll
- 2008-10-16 20:38:39 233,472 ----a-w c:\windows\system32\webcheck.dll
+ 2008-12-20 23:15:40 233,472 ----a-w c:\windows\system32\webcheck.dll
- 2008-10-16 20:38:40 826,368 ----a-w c:\windows\system32\wininet.dll
+ 2008-12-20 23:15:41 826,368 ----a-w c:\windows\system32\wininet.dll
+ 2009-02-15 18:32:04 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_1e4.dat
+ 2009-02-15 18:31:47 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_600.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"NVIDIA nTune"="c:\program files\NVIDIA Corporation\nTune\nTuneCmd.exe" [2007-09-04 81920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"KBD"="c:\hp\KBD\KBD.EXE" [2005-02-02 61440]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 52736]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-10 148888]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-01-24 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-01-24 7311360]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-09 44032]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-02-08 509784]
"RTHDCPL"="RTHDCPL.EXE" [2006-03-08 c:\windows\RTHDCPL.EXE]
"nwiz"="nwiz.exe" [2006-01-24 c:\windows\system32\nwiz.exe]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 c:\windows\arpwrmsg.exe]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
--a------ 2004-08-03 22:32 455168 c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
--a------ 2004-08-03 22:32 455168 c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\DISC\\DISCover.exe"=
"c:\\Program Files\\DISC\\DiscStreamHub.exe"=
"c:\\Program Files\\DISC\\myFTP.exe"=
"c:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-02-08 64160]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-02-03 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-02-03 20560]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 950096]
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
Trusted Zone: trymedia.com
FF - ProfilePath - c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\u30ijopg.default\
FF - prefs.js: browser.startup.homepage - www.google.com

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-15 13:32:18
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\arservice.exe
c:\windows\ehome\ehrecvr.exe
c:\windows\ehome\ehSched.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\rundll32.exe
c:\program files\NVIDIA Corporation\nTune\nTuneService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\ehome\ehmsas.exe
.
**************************************************************************
.
Completion time: 2009-02-15 13:34:41 - machine was rebooted
ComboFix-quarantined-files.txt 2009-02-15 18:34:38
ComboFix2.txt 2009-02-15 01:38:14

Pre-Run: 175,042,129,920 bytes free
Post-Run: 175,044,235,264 bytes free

391 --- E O F --- 2009-02-15 07:31:49


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:36:00 PM, on 2/15/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\HP\KBD\KBD.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ARPWRMSG.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: nTune Service (nTuneService) - NVIDIA - C:\Program Files\NVIDIA Corporation\nTune\nTuneService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe

--
End of file - 5333 bytes

#9 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:05:31 PM

Posted 16 February 2009 - 01:39 AM

Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

How's the computer now? :thumbup2:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#10 mruseless

mruseless
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:31 AM

Posted 16 February 2009 - 02:20 PM

So far its much better, not getting re-directed and I used a registry key to get my desktop back. That X on my tray is gone too.

Heres the Eset log

version=4
# OnlineScanner.ocx=1.0.0.635
# OnlineScannerDLLA.dll=1, 0, 0, 79
# OnlineScannerDLLW.dll=1, 0, 0, 78
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3857 (20090216)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=0d09b0c4e5d86f40980bba9e27385586
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2009-02-16 07:14:49
# local_time=2009-02-16 02:14:49 (-0500, Eastern Standard Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 3
# scanned=471809
# found=8
# scan_time=4500
D:\I386\APPS\APP18921\src\CompaqPresario_Spring06.exe a variant of Win32/Toolbar.MyWebSearch application (deleted) 00000000000000000000000000000000
D:\I386\APPS\APP18921\src\CompaqPresario_Spring06.exe »WISE »w6Setp.EXE a variant of Win32/Toolbar.MyWebSearch application (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
D:\I386\APPS\APP18921\src\HPPavillion_Spring06.exe a variant of Win32/Toolbar.MyWebSearch application (deleted) 00000000000000000000000000000000
D:\I386\APPS\APP18921\src\HPPavillion_Spring06.exe »WISE »w6Setp.EXE a variant of Win32/Toolbar.MyWebSearch application (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
D:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP4\A0002187.exe a variant of Win32/Toolbar.MyWebSearch application (deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP4\A0002187.exe »WISE »w6Setp.EXE a variant of Win32/Toolbar.MyWebSearch application (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000
D:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP4\A0002188.exe a variant of Win32/Toolbar.MyWebSearch application (deleted) 00000000000000000000000000000000
D:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP4\A0002188.exe »WISE »w6Setp.EXE a variant of Win32/Toolbar.MyWebSearch application (error while cleaning - operation unavailable for this type of object - error while deleting - operation unavailable for this type of object - was a part of the deleted object) 00000000000000000000000000000000

Edited by mruseless, 16 February 2009 - 02:20 PM.


#11 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:05:31 PM

Posted 16 February 2009 - 11:43 PM

Looks good to me.. Lets do some cleanup...


Please download OTCleanIt and save it to Desktop.
  • Make sure you have internet connection..
  • Double-click OTCleanIt.exe
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes



Please read these excellent articles by miekiemoes :
Help! My computer is slow!
How to prevent Malware

Please reply to this thread once more and tell us about the computer behaviour before we can close this thread :thumbup2:



Have a safe and happy computing day!


Regards
fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#12 mruseless

mruseless
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:31 AM

Posted 17 February 2009 - 01:03 PM

Computer is running much better now. No pop up adds, no redirects from search engines. Going to run my disk defragment to see if that will help pick the speed back up a little. Everything seems to be working well now Fenzodahl, Thank you very much ^.^

#13 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:05:31 PM

Posted 17 February 2009 - 01:06 PM

You are very welcome, I'm glad that we could help.

I will now close this topic. If you need this topic to be re-open, please pm me or Moderators regarding the matter..

If you have any new malware related questions or issues in the future please start a new topic.

Cheers and Happy Computing !

fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users