Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

search results redirected


  • This topic is locked This topic is locked
22 replies to this topic

#1 drumking

drumking

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:22 PM

Posted 15 February 2009 - 01:28 AM

Anytime i click on a search result link in yahoo or google it redirects me to an ad site or to the first page of search results. Here is my HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:52:56 PM, on 2009-02-14
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\ZoneLabs\vsmon.exe
D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
D:\WINDOWS\system32\spoolsv.exe
D:\PROGRA~2\Grisoft\AVG7\avgamsvr.exe
D:\PROGRA~2\Grisoft\AVG7\avgupsvc.exe
D:\PROGRA~2\Grisoft\AVG7\avgemc.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\WINDOWS\System32\CTsvcCDA.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\program files\MagicTune Premium\MagicTuneEngine.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
D:\WINDOWS\System32\MsPMSPSv.exe
D:\WINDOWS\system32\rundll32.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\STOPzilla!\STOPzilla.exe
D:\program files\MagicTune Premium\MagicTune.exe
D:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
D:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
D:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
D:\Program Files\Microsoft IntelliType Pro\type32.exe
D:\Program Files\Microsoft IntelliPoint\point32.exe
D:\program files\SAMSUNG\FW LiveUpdate\FWManager.exe
D:\WINDOWS\V0270Mon.exe
D:\WINDOWS\CTHELPER.EXE
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
D:\PROGRA~2\Grisoft\AVG7\avgcc.exe
D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
D:\Program Files\Java\jre6\bin\jusched.exe
D:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe
D:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
D:\program files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
D:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
D:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe
D:\Documents and Settings\Douglas Hawkins\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
D:\Program Files\Windows Media Player\WMPNSCFG.exe
D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
D:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
D:\WINDOWS\system32\ctfmon.exe
D:\program files\WIDCOMM\Bluetooth Software\BTTray.exe
D:\Program Files\PC Connectivity Solution\ServiceLayer.exe
D:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
D:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
D:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
D:\Program Files\PC Connectivity Solution\Transports\NclBCBTSrv.exe
D:\program files\MagicTune Premium\GammaTray.exe
D:\program files\SEC\Natural Color Pro\NCProTray.exe
D:\program files\Orbitdownloader\orbitdm.exe
D:\program files\CyberPower\PowerPanel\PowPanel.exe
D:\program files\Orbitdownloader\orbitnet.exe
D:\Program Files\Webroot\WebrootSecurity\SSU.EXE
D:\program files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = google.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: (no name) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - D:\Program Files\STOPzilla!\SZSG.dll
O2 - BHO: (no name) - {208329A3-615B-4225-9322-9CA6161FEFFB} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {4614CA41-DD4E-4DC2-B2EB-99AC41945A86} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: (no name) - {7CABF84D-9887-4E4A-9694-B0B40E28BBC2} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {B40AC783-253A-4555-8C7E-5B93614B3C52} - (no file)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - D:\Program Files\STOPzilla!\SZIEBHO.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - D:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - D:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - D:\Program Files\STOPzilla!\SZSG.dll
O4 - HKLM\..\Run: [CTSysVol] "D:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" /r
O4 - HKLM\..\Run: [CTDVDDET] "D:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE"
O4 - HKLM\..\Run: [SBDrvDet] "D:\Program Files\Creative\SB Drive Det\SBDrvDet.exe" /r
O4 - HKLM\..\Run: [UpdReg] "D:\WINDOWS\UpdReg.EXE"
O4 - HKLM\..\Run: [NeroFilterCheck] "D:\WINDOWS\system32\NeroCheck.exe"
O4 - HKLM\..\Run: [WINCINEMAMGR] "D:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe"
O4 - HKLM\..\Run: [type32] "D:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "D:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [Name of App] "D:\program files\SAMSUNG\FW LiveUpdate\FWManager.exe" r
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [V0270Mon.exe] "D:\WINDOWS\V0270Mon.exe"
O4 - HKLM\..\Run: [StartCCC] "D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [CTHelper] "D:\WINDOWS\CTHELPER.EXE"
O4 - HKLM\..\Run: [CTxfiHlp] "D:\WINDOWS\system32\CTXFIHLP.EXE"
O4 - HKLM\..\Run: [PinnacleDriverCheck] "D:\WINDOWS\system32\PSDrvCheck.exe" -CheckReg
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "D:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [ZoneAlarm Client] "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG7_CC] "D:\PROGRA~2\Grisoft\AVG7\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [GrooveMonitor] "D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SpySweeper] "D:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [RemoteCenter] "D:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE"
O4 - HKCU\..\Run: [Creative Live! Cam Manager] "D:\program files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe"
O4 - HKCU\..\Run: [PC Suite Tray] "D:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [OCAEBNDVDUpdate] "D:\Program Files\ObjectCube\XXX2Burn DVD Wizard\xxx2burn.exe" /update
O4 - HKCU\..\Run: [Nokia.PCSync] "D:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [Google Update] "D:\Documents and Settings\Douglas Hawkins\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [WMPNSCFG] "D:\Program Files\Windows Media Player\WMPNSCFG.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] "D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - HKCU\..\Run: [Advanced SystemCare 3] "D:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] "D:\WINDOWS\system32\ctfmon.exe"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] D:\PROGRA~2\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] D:\PROGRA~2\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] D:\PROGRA~2\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] D:\PROGRA~2\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: BJ Status Monitor Canon i960.lnk = ?
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: GammaTray.lnk = ?
O4 - Global Startup: NCProTray.lnk = ?
O4 - Global Startup: Orbit.lnk = D:\program files\Orbitdownloader\orbitdm.exe
O4 - Global Startup: PowerPanel.lnk = D:\program files\CyberPower\PowerPanel\PowPanel.exe
O4 - Global Startup: Scanner Detector.lnk = D:\program files\ScanSuite\SDetect.exe
O8 - Extra context menu item: &Download by Orbit - res://D:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://D:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://D:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Do&wnload selected by Orbit - res://D:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://D:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~2\MI1933~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Send to &Bluetooth Device... - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~2\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~2\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~2\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: d:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: d:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: d:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: d:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: d:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: d:\program files\common files\is3\anti-spyware\is3lsp.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1189008553700
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1200453490671
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V02002/ocx/15030/CTPID.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: cbXQgHxu - D:\WINDOWS\
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - D:\program files\Ares\chatServer.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~2\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~2\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:\PROGRA~2\Grisoft\AVG7\avgemc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - D:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - D:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - D:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - D:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MagicTuneEngine - Unknown owner - D:\program files\MagicTune Premium\MagicTuneEngine.exe
O23 - Service: ServiceLayer - Nokia. - D:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - D:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
O23 - Service: TVersityMediaServer - Unknown owner - D:\Program Files\TVersity\Media Server\MediaServer.exe
O23 - Service: Viewpoint Manager Service - Unknown owner - D:\Program Files\Viewpoint\Common\ViewpointService.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - D:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - D:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - D:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe

--
End of file - 16518 bytes

BC AdBot (Login to Remove)

 


#2 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:07:22 PM

Posted 23 February 2009 - 03:46 PM

Hi,

Sorry for delayed response. Forums have been really busy. If you still need help with this post a fresh hjt log, please.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#3 drumking

drumking
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:22 PM

Posted 27 February 2009 - 01:10 AM

No problem. I'm still having the same problem. Here is a fresh HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:09:00 AM, on 2009-02-27
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\ZoneLabs\vsmon.exe
D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\STOPzilla!\STOPzilla.exe
D:\PROGRA~2\Grisoft\AVG7\avgamsvr.exe
D:\PROGRA~2\Grisoft\AVG7\avgupsvc.exe
D:\PROGRA~2\Grisoft\AVG7\avgemc.exe
D:\Program Files\Common Files\iS3\Anti-Spyware\SZScanner.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\WINDOWS\System32\CTsvcCDA.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\program files\MagicTune Premium\MagicTuneEngine.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
D:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
D:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
D:\Program Files\Microsoft IntelliType Pro\type32.exe
D:\Program Files\Microsoft IntelliPoint\point32.exe
D:\program files\SAMSUNG\FW LiveUpdate\FWManager.exe
D:\program files\MagicTune Premium\MagicTune.exe
D:\WINDOWS\V0270Mon.exe
D:\WINDOWS\CTHELPER.EXE
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
D:\PROGRA~2\Grisoft\AVG7\avgcc.exe
D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
D:\Program Files\Java\jre6\bin\jusched.exe
D:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe
D:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
D:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
D:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe
D:\Documents and Settings\Douglas Hawkins\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
D:\Program Files\Windows Media Player\WMPNSCFG.exe
D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
D:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
D:\WINDOWS\system32\ctfmon.exe
D:\program files\WIDCOMM\Bluetooth Software\BTTray.exe
D:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
D:\program files\MagicTune Premium\GammaTray.exe
D:\program files\SEC\Natural Color Pro\NCProTray.exe
D:\program files\Orbitdownloader\orbitdm.exe
D:\program files\CyberPower\PowerPanel\PowPanel.exe
D:\WINDOWS\System32\MsPMSPSv.exe
D:\program files\Orbitdownloader\orbitnet.exe
D:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
D:\Program Files\PC Connectivity Solution\ServiceLayer.exe
D:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
D:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
D:\Program Files\PC Connectivity Solution\Transports\NclBCBTSrv.exe
D:\Program Files\Webroot\WebrootSecurity\SSU.EXE
D:\program files\Mozilla Firefox\firefox.exe
D:\program files\Google\Gmail Notifier\gnotify.exe
D:\WINDOWS\system32\rundll32.exe
D:\program files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = google.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
F2 - REG:system.ini: UserInit="D:\WINDOWS\system32\userinit.exe,"
O2 - BHO: (no name) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - (no file)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: SITEguard BHO - {1827766B-9F49-4854-8034-F6EE26FCB1EC} - D:\Program Files\STOPzilla!\SZSG.dll
O2 - BHO: (no name) - {208329A3-615B-4225-9322-9CA6161FEFFB} - (no file)
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {4614CA41-DD4E-4DC2-B2EB-99AC41945A86} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: (no name) - {7CABF84D-9887-4E4A-9694-B0B40E28BBC2} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {B40AC783-253A-4555-8C7E-5B93614B3C52} - (no file)
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - D:\Program Files\STOPzilla!\SZIEBHO.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - (no file)
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - D:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - D:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: STOPzilla - {98828DED-A591-462F-83BA-D2F62A68B8B8} - D:\Program Files\STOPzilla!\SZSG.dll
O4 - HKLM\..\Run: [CTSysVol] "D:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" /r
O4 - HKLM\..\Run: [CTDVDDET] "D:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE"
O4 - HKLM\..\Run: [SBDrvDet] "D:\Program Files\Creative\SB Drive Det\SBDrvDet.exe" /r
O4 - HKLM\..\Run: [UpdReg] "D:\WINDOWS\UpdReg.EXE"
O4 - HKLM\..\Run: [NeroFilterCheck] "D:\WINDOWS\system32\NeroCheck.exe"
O4 - HKLM\..\Run: [WINCINEMAMGR] "D:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe"
O4 - HKLM\..\Run: [type32] "D:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [IntelliPoint] "D:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [Name of App] "D:\program files\SAMSUNG\FW LiveUpdate\FWManager.exe" r
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [V0270Mon.exe] "D:\WINDOWS\V0270Mon.exe"
O4 - HKLM\..\Run: [StartCCC] "D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [CTHelper] "D:\WINDOWS\CTHELPER.EXE"
O4 - HKLM\..\Run: [CTxfiHlp] "D:\WINDOWS\system32\CTXFIHLP.EXE"
O4 - HKLM\..\Run: [PinnacleDriverCheck] "D:\WINDOWS\system32\PSDrvCheck.exe" -CheckReg
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "D:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [ZoneAlarm Client] "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [AVG7_CC] "D:\PROGRA~2\Grisoft\AVG7\avgcc.exe" /STARTUP
O4 - HKLM\..\Run: [GrooveMonitor] "D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [SpySweeper] "D:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [RemoteCenter] "D:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE"
O4 - HKCU\..\Run: [Creative Live! Cam Manager] "D:\program files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe"
O4 - HKCU\..\Run: [PC Suite Tray] "D:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKCU\..\Run: [OCAEBNDVDUpdate] "D:\Program Files\ObjectCube\XXX2Burn DVD Wizard\xxx2burn.exe" /update
O4 - HKCU\..\Run: [Nokia.PCSync] "D:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe" /NoDialog
O4 - HKCU\..\Run: [Google Update] "D:\Documents and Settings\Douglas Hawkins\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [WMPNSCFG] "D:\Program Files\Windows Media Player\WMPNSCFG.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] "D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - HKCU\..\Run: [Advanced SystemCare 3] "D:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] "D:\WINDOWS\system32\ctfmon.exe"
O4 - HKCU\..\Run: [XPRepairPro2007] "D:\program files\XP Repair Pro 2007\XPRepairPro.exe" /r
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] D:\PROGRA~2\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] D:\PROGRA~2\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] D:\PROGRA~2\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] D:\PROGRA~2\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: BJ Status Monitor Canon i960.lnk = ?
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: GammaTray.lnk = ?
O4 - Global Startup: NCProTray.lnk = ?
O4 - Global Startup: Orbit.lnk = D:\program files\Orbitdownloader\orbitdm.exe
O4 - Global Startup: PowerPanel.lnk = D:\program files\CyberPower\PowerPanel\PowPanel.exe
O4 - Global Startup: Scanner Detector.lnk = D:\program files\ScanSuite\SDetect.exe
O8 - Extra context menu item: &Download by Orbit - res://D:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://D:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://D:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: Do&wnload selected by Orbit - res://D:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://D:\Program Files\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~2\MI1933~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://D:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Send to &Bluetooth Device... - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~2\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~2\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~2\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - D:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: d:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: d:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: d:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: d:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: d:\program files\common files\is3\anti-spyware\is3lsp.dll
O10 - Unknown file in Winsock LSP: d:\program files\common files\is3\anti-spyware\is3lsp.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1189008553700
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1200453490671
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - http://www.sibelius.com/download/software/...tiveXPlugin.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V02002/ocx/15030/CTPID.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: cbXQgHxu - D:\WINDOWS\
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - D:\program files\Ares\chatServer.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - D:\PROGRA~2\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - D:\PROGRA~2\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - D:\PROGRA~2\Grisoft\AVG7\avgemc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - D:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - D:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - D:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - D:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - D:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MagicTuneEngine - Unknown owner - D:\program files\MagicTune Premium\MagicTuneEngine.exe
O23 - Service: ServiceLayer - Nokia. - D:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: STOPzilla Service (szserver) - iS3, Inc. - D:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
O23 - Service: TVersityMediaServer - Unknown owner - D:\Program Files\TVersity\Media Server\MediaServer.exe
O23 - Service: Viewpoint Manager Service - Unknown owner - D:\Program Files\Viewpoint\Common\ViewpointService.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - D:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. (www.webroot.com) - D:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
O23 - Service: Webroot Client Service (WRConsumerService) - Webroot Software, Inc. - D:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe

--
End of file - 16763 bytes

#4 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:07:22 PM

Posted 27 February 2009 - 04:55 AM

Hi again


Download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds.scr to run the tool.
  • When done, DDS will open two (2) logs:
    • DDS.txt
    • Attach.txt
  • Save both reports to your desktop. Post them back to your topic.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#5 drumking

drumking
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:22 PM

Posted 27 February 2009 - 10:19 AM

DDS:


DDS (Ver_09-02-01.01) - NTFSx86
Run by Douglas Hawkins at 10:16:34.31 on 2009-02-27
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_12
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1111 [GMT -5:00]

AV: AVG 7.5.557 *On-access scanning enabled* (Updated)
FW: Webroot Internet Security Essentials *disabled*
FW: ZoneAlarm Firewall *enabled*

============== Running Processes ===============

D:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost -k DcomLaunch
D:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
svchost.exe
D:\WINDOWS\System32\svchost.exe -k netsvcs
D:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
D:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
D:\WINDOWS\system32\ZoneLabs\vsmon.exe
D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
D:\WINDOWS\system32\spoolsv.exe
D:\PROGRA~2\Grisoft\AVG7\avgamsvr.exe
D:\PROGRA~2\Grisoft\AVG7\avgupsvc.exe
D:\PROGRA~2\Grisoft\AVG7\avgemc.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\WINDOWS\System32\CTsvcCDA.exe
D:\WINDOWS\System32\svchost.exe -k HTTPFilter
D:\Program Files\Java\jre6\bin\jqs.exe
D:\program files\MagicTune Premium\MagicTuneEngine.exe
D:\WINDOWS\System32\svchost.exe -k imgsvc
D:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
D:\WINDOWS\System32\MsPMSPSv.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\STOPzilla!\STOPzilla.exe
D:\program files\MagicTune Premium\MagicTune.exe
D:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
D:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
D:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
D:\Program Files\Microsoft IntelliType Pro\type32.exe
D:\Program Files\Microsoft IntelliPoint\point32.exe
D:\program files\SAMSUNG\FW LiveUpdate\FWManager.exe
D:\WINDOWS\V0270Mon.exe
D:\WINDOWS\CTHELPER.EXE
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
D:\PROGRA~2\Grisoft\AVG7\avgcc.exe
D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
D:\Program Files\Java\jre6\bin\jusched.exe
D:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe
D:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
D:\program files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
D:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
D:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe
D:\Documents and Settings\Douglas Hawkins\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
D:\Program Files\Windows Media Player\WMPNSCFG.exe
D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
D:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
D:\WINDOWS\system32\ctfmon.exe
D:\program files\WIDCOMM\Bluetooth Software\BTTray.exe
D:\program files\MagicTune Premium\GammaTray.exe
D:\Program Files\PC Connectivity Solution\ServiceLayer.exe
D:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
D:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
D:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
D:\Program Files\PC Connectivity Solution\Transports\NclBCBTSrv.exe
D:\program files\SEC\Natural Color Pro\NCProTray.exe
D:\program files\Orbitdownloader\orbitdm.exe
D:\program files\CyberPower\PowerPanel\PowPanel.exe
D:\program files\Orbitdownloader\orbitnet.exe
D:\Program Files\Webroot\WebrootSecurity\SSU.EXE
D:\WINDOWS\system32\rundll32.exe
D:\Documents and Settings\Douglas Hawkins\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = google.com
uInternet Settings,ProxyServer = 127.0.0.1:8080
uInternet Settings,ProxyOverride = local
mWinlogon: Userinit="d:\windows\system32\userinit.exe,"
BHO: {000123B4-9B42-4900-B3F7-F4B073EFC214} - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: NoExplorer - No File
BHO: ZILLAbar Browser Helper Object: {1827766b-9f49-4854-8034-f6ee26fcb1ec} - d:\program files\stopzilla!\SZSG.dll
{208329a3-615b-4225-9322-9ca6161feffb}
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
{4614ca41-dd4e-4dc2-b2eb-99ac41945a86}
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - d:\progra~2\spybot~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - d:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: {7CABF84D-9887-4E4A-9694-B0B40E28BBC2} - No File
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: {B40AC783-253A-4555-8C7E-5B93614B3C52} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\program files\java\jre6\bin\jp2ssv.dll
BHO: STOPzilla Browser Helper Object: {e3215f20-3212-11d6-9f8b-00d0b743919d} - d:\program files\stopzilla!\SZIEBHO.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - d:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - No File
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - d:\program files\canon\easy-webprint\Toolband.dll
TB: ZoneAlarm Spy Blocker: {f0d4b239-da4b-4daf-81e4-dfee4931a4aa} - d:\program files\zonealarmsb\bar\1.bin\SPYBLOCK.DLL
TB: STOPzilla: {98828ded-a591-462f-83ba-d2f62a68b8b8} - d:\program files\stopzilla!\SZSG.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [RemoteCenter] "d:\program files\creative\mediasource\remotecontrol\RCMan.EXE"
uRun: [Creative Live! Cam Manager] "d:\program files\creative\creative live! cam\live! cam manager\CTLCMgr.exe"
uRun: [PC Suite Tray] "d:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytray
uRun: [OCAEBNDVDUpdate] "d:\program files\objectcube\xxx2burn dvd wizard\xxx2burn.exe" /update
uRun: [Nokia.PCSync] "d:\program files\nokia\nokia pc suite 7\PCSync2.exe" /NoDialog
uRun: [Google Update] "d:\documents and settings\douglas hawkins\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [WMPNSCFG] "d:\program files\windows media player\WMPNSCFG.exe"
uRun: [SUPERAntiSpyware] "d:\program files\superantispyware\SUPERAntiSpyware.exe"
uRun: [Advanced SystemCare 3] "d:\program files\iobit\advanced systemcare 3\AWC.exe" /startup
uRun: [ctfmon.exe] "d:\windows\system32\ctfmon.exe"
uRun: [XPRepairPro2007] "d:\program files\xp repair pro 2007\XPRepairPro.exe" /r
mRun: [CTSysVol] "d:\program files\creative\sbaudigy2zs\surround mixer\CTSysVol.exe" /r
mRun: [CTDVDDET] "d:\program files\creative\sbaudigy2zs\dvdaudio\CTDVDDet.EXE"
mRun: [SBDrvDet] "d:\program files\creative\sb drive det\SBDrvDet.exe" /r
mRun: [UpdReg] "d:\windows\UpdReg.EXE"
mRun: [NeroFilterCheck] "d:\windows\system32\NeroCheck.exe"
mRun: [WINCINEMAMGR] "d:\program files\intervideo\common\bin\WinCinemaMgr.exe"
mRun: [type32] "d:\program files\microsoft intellitype pro\type32.exe"
mRun: [IntelliPoint] "d:\program files\microsoft intellipoint\point32.exe"
mRun: [Name of App] "d:\program files\samsung\fw liveupdate\FWManager.exe" r
mRun: [QuickTime Task] "d:\program files\quicktime\qttask.exe" -atboottime
mRun: [V0270Mon.exe] "d:\windows\V0270Mon.exe"
mRun: [StartCCC] "d:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"
mRun: [CTHelper] "d:\windows\CTHELPER.EXE"
mRun: [CTxfiHlp] "d:\windows\system32\CTXFIHLP.EXE"
mRun: [PinnacleDriverCheck] "d:\windows\system32\PSDrvCheck.exe" -CheckReg
mRun: [Adobe Reader Speed Launcher] "d:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [TkBellExe] "d:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [AdobeCS4ServiceManager] "d:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [ZoneAlarm Client] "d:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [AVG7_CC] "d:\progra~2\grisoft\avg7\avgcc.exe" /STARTUP
mRun: [GrooveMonitor] "d:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [SunJavaUpdateSched] "d:\program files\java\jre6\bin\jusched.exe"
mRun: [<NO NAME>]
mRun: [SpySweeper] "d:\program files\webroot\webrootsecurity\SpySweeperUI.exe" /startintray
dRun: [AVG7_Run] d:\progra~2\grisoft\avg7\avgw.exe /RUNONCE
StartupFolder: d:\docume~1\dougla~1\startm~1\programs\startup\BJSTAT~1.LNK -
StartupFolder: d:\docume~1\alluse~1.win\startm~1\programs\startup\blueto~1.lnk - d:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: d:\docume~1\alluse~1.win\startm~1\programs\startup\gammat~1.lnk - d:\program files\magictune premium\GammaTray.exe
StartupFolder: d:\docume~1\alluse~1.win\startm~1\programs\startup\ncprot~1.lnk - d:\program files\sec\natural color pro\NCProTray.exe
StartupFolder: d:\docume~1\alluse~1.win\startm~1\programs\startup\orbit.lnk - d:\program files\orbitdownloader\orbitdm.exe
StartupFolder: d:\docume~1\alluse~1.win\startm~1\programs\startup\powerp~1.lnk - d:\program files\cyberpower\powerpanel\PowPanel.exe
StartupFolder: d:\docume~1\alluse~1.win\startm~1\programs\startup\scanne~1.lnk - d:\program files\scansuite\SDetect.exe
mPolicies-explorer: NoPopUpsOnBoot = 1 (0x1)
IE: &Download by Orbit - d:\program files\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - d:\program files\orbitdownloader\orbitmxt.dll/204
IE: Add to Google Photos Screensa&ver - d:\windows\system32\GPhotos.scr/200
IE: Do&wnload selected by Orbit - d:\program files\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - d:\program files\orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - d:\progra~2\mi1933~1\office12\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - d:\program files\canon\easy-webprint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - d:\program files\canon\easy-webprint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - d:\program files\canon\easy-webprint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - d:\program files\canon\easy-webprint\Resource.dll/RC_Print.html
IE: Send to &Bluetooth Device... - d:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - d:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - d:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - d:\progra~2\mi1933~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - d:\progra~2\mi1933~1\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - d:\progra~2\spybot~1\SDHelper.dll
LSP: d:\program files\common files\is3\anti-spyware\iS3lsp.dll
Trusted Zone: aol.com\free
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1189008553700
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1200453490671
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/su2/CTL_V02002/ocx/15030/CTPID.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - d:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: !SASWinLogon - d:\program files\superantispyware\SASWINLO.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - d:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - d:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - d:\program files\superantispyware\SASSEH.DLL
LSA: Authentication Packages = msv1_0 d:\windows\system32\byXPHxUl

================= FIREFOX ===================

FF - ProfilePath - d:\docume~1\dougla~1\applic~1\mozilla\firefox\profiles\0dqawfms.default\
FF - prefs.js: browser.search.selectedEngine - Search
FF - component: d:\documents and settings\douglas hawkins\application data\mozilla\firefox\profiles\0dqawfms.default\extensions\bkmrksync@nokia.com\components\BkMrkExt.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nppl3260.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprjplug.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpjplug.dll
FF - plugin: d:\documents and settings\douglas hawkins\application data\mozilla\firefox\profiles\0dqawfms.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: d:\documents and settings\douglas hawkins\local settings\application data\google\update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: d:\program files\google\picasa3\npPicasa3.dll
FF - plugin: d:\program files\ksolo\npAVX.dll
FF - plugin: d:\program files\mozilla firefox\plugins\nppopcaploader.dll
FF - plugin: d:\program files\mozilla firefox\plugins\NPTURNMED.dll
FF - plugin: d:\program files\mozilla firefox\plugins\NPZoneSB.dll
FF - plugin: d:\program files\opera\program\plugins\npdivx32.dll
FF - plugin: d:\program files\viewpoint\viewpoint media player\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R0 ivicd;Ivi CDVD Filter Driver;d:\windows\system32\drivers\ivicd.sys [2007-9-5 38784]
R0 ssfs0bbc;ssfs0bbc;d:\windows\system32\drivers\ssfs0bbc.sys [2008-12-7 29808]
R0 szkg5;szkg;d:\windows\system32\drivers\SZKG.sys [2008-12-2 54656]
R1 Avg7Core;AVG7 Kernel;d:\windows\system32\drivers\avg7core.sys [2008-12-29 821856]
R1 Avg7RsW;AVG7 Wrap Driver;d:\windows\system32\drivers\avg7rsw.sys [2008-12-29 4224]
R1 Avg7RsXP;AVG7 Resident Driver XP;d:\windows\system32\drivers\avg7rsxp.sys [2008-12-29 27776]
R1 AvgClean;AVG7 Clean Driver;d:\windows\system32\drivers\avgclean.sys [2008-12-29 10760]
R1 SASDIFSV;SASDIFSV;d:\program files\superantispyware\sasdifsv.sys [2009-1-15 8944]
R1 SASKUTIL;SASKUTIL;d:\program files\superantispyware\SASKUTIL.SYS [2009-1-15 55024]
R1 vsdatant;vsdatant;d:\windows\system32\vsdatant.sys [2008-10-1 353680]
R2 aawservice;Ad-Aware 2007 Service;d:\program files\lavasoft\ad-aware 2007\aawservice.exe [2007-10-29 587096]
R2 Avg7Alrt;AVG7 Alert Manager Server;d:\progra~2\grisoft\avg7\avgamsvr.exe [2008-12-29 418816]
R2 Avg7UpdSvc;AVG7 Update Service;d:\progra~2\grisoft\avg7\avgupsvc.exe [2008-12-29 49664]
R2 AVGEMS;AVG E-mail Scanner;d:\progra~2\grisoft\avg7\avgemc.exe [2008-12-29 406528]
R2 AvgTdi;AVG Network Redirector;d:\windows\system32\drivers\avgtdi.sys [2008-12-29 4960]
R2 PfDetNT;PfDetNT;d:\windows\system32\drivers\pfmodnt.sys [2006-8-11 8192]
R2 RVIEGVST;VSC VST Engine;d:\program files\roland\virtual sound canvas vst\RVIEg01VST.sys [2009-2-27 188276]
R2 vsmon;TrueVector Internet Monitor;d:\windows\system32\zonelabs\vsmon.exe -service --> d:\windows\system32\zonelabs\vsmon.exe -service [?]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;d:\program files\webroot\webrootsecurity\SpySweeper.exe [2008-12-7 3671408]
R2 WRConsumerService;Webroot Client Service;d:\program files\webroot\webrootsecurity\WRConsumerService.exe [2009-2-11 1090936]
R3 SASENUM;SASENUM;d:\program files\superantispyware\SASENUM.SYS [2009-1-15 7408]
S2 Viewpoint Manager Service;Viewpoint Manager Service;"d:\program files\viewpoint\common\viewpointservice.exe" --> d:\program files\viewpoint\common\ViewpointService.exe [?]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;d:\program files\magix\common\database\bin\fbserver.exe [2009-1-7 1527900]
S3 iviudf;iviudf;d:\windows\system32\drivers\IviUdf.sys [2007-9-5 116224]
S3 VF0270Dev;Live! Cam Optia;d:\windows\system32\drivers\V0270Dev.sys [2007-9-5 225632]
S3 VF0270Vfx;VF0270 Video FX;d:\windows\system32\drivers\V0270Vfx.sys [2007-9-5 6912]

=============== Created Last 30 ================

2009-02-27 09:52 1,976 a------- d:\windows\system32\drivers\kgpcpy.cfg
2009-02-27 02:11 1,409 a------- d:\windows\system32\PGMUS.FOT
2009-02-27 02:11 1,409 a------- d:\windows\system32\pgjazz__.FOT
2009-02-27 02:02 <DIR> --d----- d:\program files\Roland
2009-02-27 02:01 <DIR> --d----- d:\program files\PowerTracks DirectX Plugins
2009-02-27 01:56 <DIR> --d----- D:\bb
2009-02-25 00:18 <DIR> --d----- d:\program files\Turbo Tube
2009-02-17 22:25 <DIR> --d----- d:\program files\XP Repair Pro 2007
2009-02-16 15:36 <DIR> --d----- d:\docume~1\dougla~1\applic~1\Uniblue
2009-02-16 15:35 <DIR> --d----- d:\program files\Uniblue
2009-02-16 15:35 <DIR> -cd-h--- d:\docume~1\alluse~1.win\applic~1\{2840BBCB-9BEC-47F6-BA0F-10D3C34BF151}
2009-02-13 02:04 28 a------- d:\windows\Lic.xxx
2009-02-13 02:04 626,688 a------- d:\windows\system32\msvcr80.dll
2009-02-13 02:04 548,864 a------- d:\windows\system32\msvcp80.dll
2009-02-13 02:04 28,672 a------- d:\windows\system32\eEmpty.exe
2009-02-13 02:04 522 a------- d:\windows\system32\Microsoft.VC80.CRT.manifest
2009-02-13 02:04 135,680 a------- d:\windows\system32\TASKMGR.COM
2009-02-13 02:04 135,680 a------- d:\windows\system32\T.COM
2009-02-13 02:04 146,432 a------- d:\windows\REGEDIT.COM
2009-02-13 02:04 146,432 a------- d:\windows\R.COM
2009-02-13 02:04 <DIR> --d----- d:\docume~1\alluse~1.win\applic~1\MicroWorld
2009-02-12 00:00 <DIR> --d----- D:\VundoFix Backups
2009-02-11 00:23 1,553,272 a------- d:\windows\WRSetup.dll
2009-02-11 00:23 <DIR> --d----- d:\program files\Webroot
2009-02-11 00:23 <DIR> --d----- d:\docume~1\dougla~1\applic~1\Webroot
2009-02-11 00:23 <DIR> --d----- d:\docume~1\alluse~1.win\applic~1\Webroot
2009-02-11 00:22 164 a------- D:\install.dat
2009-02-10 02:02 <DIR> --d----- d:\program files\IObit
2009-02-10 02:02 <DIR> --d----- d:\docume~1\dougla~1\applic~1\IObit
2009-02-10 00:57 <DIR> --d----- D:\ComboFix
2009-02-10 00:57 389,120 a------- d:\windows\system32\CF29441.exe
2009-02-09 00:24 <DIR> --d----- D:\fixwareout
2009-02-09 00:16 73,728 a------- d:\windows\system32\javacpl.cpl
2009-02-09 00:01 <DIR> --d----- d:\documents and settings\douglas hawkins\.SunDownloadManager
2009-02-08 16:46 117 a------- d:\windows\Ulead32.INI
2009-02-08 16:45 167,936 a------- d:\windows\system32\EventMgr.exe
2009-02-08 16:45 21,288 a------- d:\windows\system32\msmusd.dll
2009-02-08 16:45 <DIR> --d----- D:\Microtek
2009-02-08 16:30 306,688 a------- d:\windows\uninstss.bin
2009-02-08 16:30 <DIR> --d----- d:\program files\ScanSuite
2009-02-08 16:28 53,760 ac------ d:\windows\system32\dllcache\wiamsmud.dll
2009-02-08 16:28 53,760 a------- d:\windows\system32\wiamsmud.dll
2009-02-08 16:28 28,160 ac------ d:\windows\system32\dllcache\sm91w.dll
2009-02-08 16:28 28,160 a------- d:\windows\system32\sm91w.dll
2009-02-08 16:28 15,104 ac------ d:\windows\system32\dllcache\usbscan.sys
2009-02-08 16:28 15,104 a------- d:\windows\system32\drivers\USBSCAN.SYS
2009-02-07 13:46 250 a------- d:\windows\gmer.ini
2009-02-07 01:54 <DIR> --d----- d:\program files\Trend Micro
2009-02-07 01:30 <DIR> --d----- d:\docume~1\dougla~1\applic~1\Malwarebytes
2009-02-07 01:30 15,504 a------- d:\windows\system32\drivers\mbam.sys
2009-02-07 01:30 38,496 a------- d:\windows\system32\drivers\mbamswissarmy.sys
2009-02-07 01:30 <DIR> --d----- d:\program files\Malwarebytes' Anti-Malware
2009-02-07 01:30 <DIR> --d----- d:\docume~1\alluse~1.win\applic~1\Malwarebytes
2009-02-05 02:26 <DIR> --d----- d:\program files\XoftSpySE
2009-02-05 02:02 161,792 a------- d:\windows\SWREG.exe
2009-02-05 02:02 98,816 a------- d:\windows\sed.exe
2009-02-05 02:01 389,120 a------- d:\windows\system32\CF7598.exe
2009-02-05 02:01 2,204 a------- d:\windows\ojmaczrh
2009-02-05 02:01 1,014 a--sh--- d:\windows\system32\lUxHPXyb.ini
2009-02-05 02:01 591 a--sh--- d:\windows\system32\lUxHPXyb.ini2
2009-02-01 14:52 32,592 a------- d:\windows\system32\msonpmon.dll
2009-02-01 14:45 <DIR> --d----- d:\program files\Microsoft Visual Studio 8
2009-02-01 14:44 <DIR> --d----- d:\windows\SHELLNEW

==================== Find3M ====================

2009-02-09 00:16 410,984 a------- d:\windows\system32\deploytk.dll
2009-02-06 01:04 4,508 a------- d:\windows\system32\tmp.reg
2009-01-18 01:20 91 a------- D:\sysrun23.dll
2009-01-05 17:33 3,751,995 a------- d:\windows\system32\GPhotos.scr
2009-01-01 04:05 675,500 a--sh--- d:\windows\system32\JmUBJRqr.ini2
2008-12-31 14:05 102,664 a------- d:\windows\system32\drivers\tmcomm.sys
2008-12-20 18:15 826,368 a------- d:\windows\system32\wininet.dll
2008-12-17 17:26 17,408 a----r-- d:\windows\system32\SZIO5.dll
2008-12-17 17:25 282,624 a----r-- d:\windows\system32\SZBase5.dll
2008-12-17 17:24 540,672 a----r-- d:\windows\system32\SZComp5.dll
2008-12-09 13:53 4,212 a---h--- d:\windows\system32\zllictbl.dat
2008-07-02 21:47 1,568 a------- d:\docume~1\dougla~1\applic~1\mpauth.dat
2007-09-05 11:53 65 a------- d:\program files\common files\appop.log
2003-07-02 00:00 12,800 a------- d:\documents and settings\douglas hawkins\cnmss Canon i960 (Local).exe
2008-01-31 02:19 132 a--shr-- d:\windows\Regbak.dat
2008-08-01 20:57 32,768 a--sh--- d:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008080120080802\index.dat

============= FINISH: 10:17:10.25 ===============





Attach:


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-02-01.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 2007-09-05 10:58:25 AM
System Uptime: 2009-02-27 9:51:10 AM (1 hours ago)

Motherboard: ASUSTeK Computer INC. | | A8N-SLI DELUXE
Processor: AMD Athlon™ 64 X2 Dual Core Processor 4200+ | Socket 939 | 2211/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 186 GiB total, 108.048 GiB free.
D: is FIXED (NTFS) - 186 GiB total, 87.481 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: PCI Memory Controller
Device ID: PCI\VEN_10DE&DEV_005E&SUBSYS_00000000&REV_A3\3&2411E6FE&0&00
Manufacturer:
Name: PCI Memory Controller
PNP Device ID: PCI\VEN_10DE&DEV_005E&SUBSYS_00000000&REV_A3\3&2411E6FE&0&00
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: SM Bus Controller
Device ID: PCI\VEN_10DE&DEV_0052&SUBSYS_815A1043&REV_A2\3&2411E6FE&0&09
Manufacturer:
Name: SM Bus Controller
PNP Device ID: PCI\VEN_10DE&DEV_0052&SUBSYS_815A1043&REV_A2\3&2411E6FE&0&09
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Universal Serial Bus (USB) Controller
Device ID: PCI\VEN_10DE&DEV_005B&SUBSYS_815A1043&REV_A3\3&2411E6FE&0&11
Manufacturer:
Name: Universal Serial Bus (USB) Controller
PNP Device ID: PCI\VEN_10DE&DEV_005B&SUBSYS_815A1043&REV_A3\3&2411E6FE&0&11
Service:

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Realtek RTL8139 Family PCI Fast Ethernet NIC
Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_813910EC&REV_10\4&13699180&0&3848
Manufacturer: Realtek
Name: Realtek RTL8139 Family PCI Fast Ethernet NIC
PNP Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_813910EC&REV_10\4&13699180&0&3848
Service: rtl8139

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: RAID Controller
Device ID: PCI\VEN_1095&DEV_3114&SUBSYS_81671043&REV_02\4&13699180&0&5048
Manufacturer:
Name: RAID Controller
PNP Device ID: PCI\VEN_1095&DEV_3114&SUBSYS_81671043&REV_02\4&13699180&0&5048
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Ethernet Controller
Device ID: PCI\VEN_11AB&DEV_4320&SUBSYS_811A1043&REV_13\4&13699180&0&6048
Manufacturer:
Name: Ethernet Controller
PNP Device ID: PCI\VEN_11AB&DEV_4320&SUBSYS_811A1043&REV_13\4&13699180&0&6048
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Other PCI Bridge Device
Device ID: PCI\VEN_10DE&DEV_0057&SUBSYS_81411043&REV_A3\3&2411E6FE&0&50
Manufacturer:
Name: Other PCI Bridge Device
PNP Device ID: PCI\VEN_10DE&DEV_0057&SUBSYS_81411043&REV_A3\3&2411E6FE&0&50
Service:

Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia 6555b
Device ID: ROOT\WPD\0000
Manufacturer: Nokia
Name: Nokia 6555b
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd

==== System Restore Points ===================

RP1: 2009-02-11 12:33:24 AM - System Checkpoint
RP2: 2009-02-11 3:13:25 AM - Software Distribution Service 3.0
RP3: 2009-02-14 2:05:20 PM - System Checkpoint
RP4: 2009-02-16 2:40:58 PM - System Checkpoint
RP5: 2009-02-16 3:40:36 PM - Uniblue RegistryBooster 2009
RP6: 2009-02-17 10:24:59 PM - Installed XP Repair Pro 2007.
RP7: 2009-02-17 10:36:26 PM - XP Repair Pro Backup - 2/17/2009 22:36:22
RP8: 2009-02-20 10:11:43 PM - System Checkpoint
RP9: 2009-02-22 8:48:42 PM - System Checkpoint
RP10: 2009-02-24 8:49:01 PM - System Checkpoint
RP11: 2009-02-25 12:18:51 AM - Installed Tube Increaser

==== Installed Programs ======================


2007 Microsoft Office Suite Service Pack 1 (SP1)
Ad-Aware 2007
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe AIR
Adobe Anchor Service CS3
Adobe Anchor Service CS4
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge CS4
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color Common Settings
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS3
Adobe Device Central CS4
Adobe Drive CS4
Adobe ExtendScript Toolkit 2
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe Linguistics CS4
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS3
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Stock Photos CS3
Adobe Type Support CS4
Adobe Update Manager CS3
Adobe Update Manager CS4
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Advanced SystemCare 3
AIM 6
Apple Software Update
Ares 2.0.9
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
Audacity 1.2.6
AutoUpdate
AVI Joiner version 1.22
AVI Video Joiner 1.2
AviSynth 2.5
AVS Video Converter 6
AVS4YOU Software Navigator 1.2
Band-in-a-Box 2009 (Build 279)
Canon i960
Canon Utilities Easy-PhotoPrint
Canon Utilities Easy-PhotoPrint Plus
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help English
Connect
Creative Audio Console
Creative Live! Cam Center
Creative Live! Cam Manager
Creative Live! Cam Optia Driver (1.01.02.00)
Creative Live! Cam Optia User's Guide (English)
Creative MediaSource
Creative Photo Calendar
Creative Photo Manager
Creative Software AutoUpdate
Creative System Information
DivX Codec
DivX Converter
DivX Player
DivX Web Player
DTS Neo:6 Settings
DVD Decrypter (Remove Only)
Easy-WebPrint
Easy Video Joiner 5.21
ERUNT 1.1j
ffdshow [rev 1324] [2007-07-01]
Firebird SQL Server - MAGIX Edition
FLV Player 2.0, build 24
FLV to AVI MPEG WMV 3GP MP4 iPod Converter 4.2.0620
FW LiveUpdate
Google Chrome
Google Gmail Notifier
Guitar Chord Legend 1.00
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
InterVideo Launcher
iS3 ANTIvirus by AVG
Java™ 6 Update 12
K-Lite Codec Pack 3.5.3 Full
kSolo Recorder
kuler
Live 6.0.10
Live 7.0.3
MagicTune Premium
Malwarebytes' Anti-Malware
MAXpc
Memorex exPressit Label Design Studio
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft IntelliPoint 5.0
Microsoft IntelliType Pro 5.0
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.5
Microsoft Visual C++ 2005 Redistributable
Microtek ScanSuite 1.12
Microtek ScanWizard
Move Networks Media Player for Internet Explorer
Mozilla Firefox (3.0.6)
Mozilla Thunderbird (2.0.0.9)
Mp3tag v2.42
MSVC80_x86
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 and SOAP Toolkit 3.0
muvee autoProducer 4.1
Natural Color Pro
Nero OEM
Nero Suite
Netscape Navigator (9.0.0.5)
Nokia Connectivity Cable Driver
Nokia PC Suite
Open Video Joiner version 3.21
OpenCV 3x
OpenOffice.org 2.3
Opera 9.51
Orbit Downloader
PC Connectivity Solution
PDF Settings CS4
PG Music DirectX Plugins 2.0.0.0
Photoshop Camera Raw
Picasa 3
PopCap Browser Plugin
PowerPanel 2.03
PS Media Tunnel
PS3 Media Center X 0.92
PS3 Video 9 4.04
QuickTime
RealPlayer
Registry Mechanic 5.1
Rhapsody
Rhapsody Player Engine
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB958439)
Security Update for Microsoft Office Excel 2007 (KB958437)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB960715)
Sibelius Scorch
Sibelius Scorch (ActiveX Only)
Sibelius Scorch Plugin
SightSpeed (remove only)
Skins
SmartSound Quicktracks Plugin
Sound Blaster Audigy 2 ZS
Spy Sweeper
Spy Sweeper Core
Spybot - Search & Destroy
STOPzilla
Studio 9
Suite Shared Configuration CS4
SUPERAntiSpyware Free Edition
TBS WMP Plug-in
Text-To-Speech-Runtime
The Ultimate Troubleshooter
Tube Increaser
TVersity Codec Pack 1.1
TVersity Media Server 0.9.11.4 beta
TVersity Media Server 0.9.10.8a beta
Uniblue RegistryBooster 2009
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb959634)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Utherverse 3D Client
VC 9.0 Runtime
VideoLAN VLC media player 0.8.6h
Virtual Desktop Manager Powertoy for Windows XP
Virtual Sound Canvas DXi
Virtual Sound Canvas VST
WebFldrs XP
WIDCOMM Bluetooth Software
Winamp (remove only)
Windows Driver Package - Nokia Modem (03/05/2008 3.7)
Windows Driver Package - Nokia Modem (03/13/2008 6.86.0.1)
Windows Driver Package - Nokia Modem (05/22/2008 3.8)
Windows Driver Package - Nokia Modem (05/22/2008 7.00.0.1)
Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows XP Service Pack 3
WinRAR archiver
XoftSpySE
XP Codec Pack
XP Repair Pro 2007
XXX2Burn DVD Wizard (remove only)
Yahoo! Anti-Spy
Yahoo! Messenger
ZoneAlarm
ZoneAlarm Spy Blocker

==== Event Viewer Messages From Past Week ========

2009-02-22 1:45:04 AM, error: Service Control Manager [7000] - The Viewpoint Manager Service service failed to start due to the following error: The system cannot find the path specified.
2009-02-22 1:45:04 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the TVersityMediaServer service to connect.
2009-02-22 1:42:42 AM, error: ati2mtag [45062] - CRT invalid display type
2009-02-21 2:50:39 PM, error: Service Control Manager [7034] - The MagicTuneEngine service terminated unexpectedly. It has done this 1 time(s).
2009-02-24 8:06:59 PM, error: Service Control Manager [7000] - The SASDIFSV service failed to start due to the following error: Cannot create a file when that file already exists.

==== End Of File ===========================

#6 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:07:22 PM

Posted 27 February 2009 - 12:57 PM

Hi again,


Disable SpySweeper's realtime protection.
  • Open Spysweeper and click on Options
  • Choose Program Options and uncheck
    load at windows
    startup

    .
  • On the left click
    shields
    and then uncheck everything.
  • Uncheck
    home page shield
    .
  • Uncheck
    automatically restore default without notification
    .
  • Exit the program.

Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
    Remember to re-enable them afterwards.

  • Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds.txt contents.


A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#7 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:07:22 PM

Posted 04 March 2009 - 12:37 PM

Due to inactivity, this thread will now be closed. If you need this topic reopened, please contact a Staff member. Include the address of this thread in your request. This applies only to the original topic starter. Should you have a new issue, please start a New Topic.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#8 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:07:22 PM

Posted 09 March 2009 - 10:07 AM

Topic re-opened upon user's request.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#9 drumking

drumking
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:22 PM

Posted 09 March 2009 - 11:16 AM

ComboFix:

ComboFix 09-03-04.01 - Douglas Hawkins 2009-03-05 14:51:49.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1272 [GMT -5:00]
Running from: d:\documents and settings\Douglas Hawkins\Desktop\ComboFix.exe
AV: AVG 7.5.557 *On-access scanning disabled* (Updated)
FW: Webroot Internet Security Essentials *disabled*
FW: ZoneAlarm Firewall *disabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

d:\windows\regedit.com
d:\windows\system32\eventmgr.exe
d:\windows\system32\gsavbchp.ini
d:\windows\system32\JmUBJRqr.ini
d:\windows\system32\JmUBJRqr.ini2
d:\windows\system32\lUxHPXyb.ini
d:\windows\system32\lUxHPXyb.ini2
d:\windows\system32\niwmvajv.ini
d:\windows\system32\rlhgdwuf.ini
d:\windows\system32\taskmgr.com
d:\windows\system32\tmp.reg
d:\windows\system32\ttvnfvsv.ini
d:\windows\Tasks\uihpnaly.job

.
((((((((((((((((((((((((( Files Created from 2009-02-05 to 2009-03-05 )))))))))))))))))))))))))))))))
.

2009-03-05 14:56 . 2009-03-05 14:59 1,648 --a------ d:\windows\system32\drivers\kgpcpy.cfg
2009-02-27 02:11 . 2009-02-27 02:11 1,409 --a------ d:\windows\system32\PGMUS.FOT
2009-02-27 02:11 . 2009-02-27 02:11 1,409 --a------ d:\windows\system32\pgjazz__.FOT
2009-02-27 02:02 . 2009-02-27 02:02 <DIR> d-------- d:\program files\Roland
2009-02-27 02:01 . 2009-02-27 02:01 <DIR> d-------- d:\program files\PowerTracks DirectX Plugins
2009-02-27 01:56 . 2009-02-27 02:14 <DIR> d-------- D:\bb
2009-02-25 00:18 . 2009-02-25 00:18 <DIR> d-------- d:\program files\Turbo Tube
2009-02-17 22:25 . 2009-02-17 22:30 <DIR> d-------- d:\program files\XP Repair Pro 2007
2009-02-16 15:36 . 2009-02-16 15:36 <DIR> d-------- d:\documents and settings\Douglas Hawkins\Application Data\Uniblue
2009-02-16 15:35 . 2009-02-16 15:35 <DIR> d-------- d:\program files\Uniblue
2009-02-16 15:35 . 2009-02-16 15:35 <DIR> d--h-c--- d:\documents and settings\All Users.WINDOWS\Application Data\{2840BBCB-9BEC-47F6-BA0F-10D3C34BF151}
2009-02-13 02:04 . 2009-02-13 02:04 <DIR> d-------- d:\documents and settings\All Users.WINDOWS\Application Data\MicroWorld
2009-02-13 02:04 . 2009-02-13 02:04 626,688 --a------ d:\windows\system32\msvcr80.dll
2009-02-13 02:04 . 2009-02-13 02:04 548,864 --a------ d:\windows\system32\msvcp80.dll
2009-02-13 02:04 . 2008-04-13 19:12 146,432 --a------ d:\windows\R.COM
2009-02-13 02:04 . 2008-04-13 19:12 135,680 --a------ d:\windows\system32\T.COM
2009-02-13 02:04 . 2009-02-13 02:04 28,672 --a------ d:\windows\system32\eEmpty.exe
2009-02-13 02:04 . 2005-09-22 23:22 522 --a------ d:\windows\system32\Microsoft.VC80.CRT.manifest
2009-02-13 02:04 . 2009-02-13 02:04 28 --a------ d:\windows\Lic.xxx
2009-02-12 00:00 . 2009-02-12 00:00 <DIR> d-------- D:\VundoFix Backups
2009-02-11 00:23 . 2009-02-11 00:23 <DIR> d-------- d:\program files\Webroot
2009-02-11 00:23 . 2009-02-11 00:23 <DIR> d-------- d:\documents and settings\Douglas Hawkins\Application Data\Webroot
2009-02-11 00:23 . 2009-02-11 00:28 <DIR> d-------- d:\documents and settings\All Users.WINDOWS\Application Data\Webroot
2009-02-11 00:23 . 2009-01-20 09:07 1,553,272 --a------ d:\windows\WRSetup.dll
2009-02-11 00:22 . 2009-02-11 00:22 164 --a------ D:\install.dat
2009-02-10 02:02 . 2009-02-10 02:02 <DIR> d-------- d:\program files\IObit
2009-02-10 02:02 . 2009-02-14 14:40 <DIR> d-------- d:\documents and settings\Douglas Hawkins\Application Data\IObit
2009-02-09 00:24 . 2009-02-09 00:30 <DIR> d-------- D:\fixwareout
2009-02-09 00:16 . 2009-02-09 00:16 73,728 --a------ d:\windows\system32\javacpl.cpl
2009-02-09 00:01 . 2009-02-09 00:02 <DIR> d-------- d:\documents and settings\Douglas Hawkins\.SunDownloadManager
2009-02-08 16:46 . 2009-02-08 16:50 117 --a------ d:\windows\Ulead32.INI
2009-02-08 16:45 . 2009-02-08 16:45 <DIR> d-------- D:\Microtek
2009-02-08 16:45 . 2000-01-18 15:10 21,288 --a------ d:\windows\system32\msmusd.dll
2009-02-08 16:30 . 2009-02-08 16:54 <DIR> d-------- d:\program files\ScanSuite
2009-02-08 16:30 . 1998-10-29 15:45 306,688 --a------ d:\windows\uninstss.bin
2009-02-08 16:28 . 2001-08-17 22:36 53,760 --a------ d:\windows\system32\wiamsmud.dll
2009-02-08 16:28 . 2001-08-17 22:36 53,760 --a--c--- d:\windows\system32\dllcache\wiamsmud.dll
2009-02-08 16:28 . 2001-08-17 22:36 28,160 --a------ d:\windows\system32\sm91w.dll
2009-02-08 16:28 . 2001-08-17 22:36 28,160 --a--c--- d:\windows\system32\dllcache\sm91w.dll
2009-02-08 16:28 . 2008-04-13 14:45 15,104 --a------ d:\windows\system32\drivers\USBSCAN.SYS
2009-02-08 16:28 . 2008-04-13 14:45 15,104 --a--c--- d:\windows\system32\dllcache\usbscan.sys
2009-02-07 13:46 . 2009-02-08 16:08 250 --a------ d:\windows\gmer.ini
2009-02-07 01:54 . 2009-02-07 01:54 <DIR> d-------- d:\program files\Trend Micro
2009-02-07 01:30 . 2009-02-13 22:30 <DIR> d-------- d:\program files\Malwarebytes' Anti-Malware
2009-02-07 01:30 . 2009-02-07 01:30 <DIR> d-------- d:\documents and settings\Douglas Hawkins\Application Data\Malwarebytes
2009-02-07 01:30 . 2009-02-07 01:30 <DIR> d-------- d:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2009-02-07 01:30 . 2009-02-11 10:19 38,496 --a------ d:\windows\system32\drivers\mbamswissarmy.sys
2009-02-07 01:30 . 2009-02-11 10:19 15,504 --a------ d:\windows\system32\drivers\mbam.sys
2009-02-07 01:28 . 2009-02-07 01:28 <DIR> d-------- d:\program files\ERUNT
2009-02-05 02:26 . 2009-02-05 02:38 <DIR> d-------- d:\program files\XoftSpySE
2009-02-05 02:01 . 2009-02-05 02:16 2,204 --a------ d:\windows\ojmaczrh

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-05 20:00 --------- d-----w d:\documents and settings\Douglas Hawkins\Application Data\Orbit
2009-03-05 19:58 --------- d-----w d:\documents and settings\All Users.WINDOWS\Application Data\STOPzilla!
2009-03-05 17:06 --------- d-----w d:\documents and settings\All Users.WINDOWS\Application Data\avg7
2009-03-05 02:36 --------- d-----w d:\documents and settings\All Users.WINDOWS\Application Data\SITEguard
2009-02-28 02:07 --------- d-----w d:\program files\Microsoft Silverlight
2009-02-28 01:37 --------- d-----w d:\documents and settings\Douglas Hawkins\Application Data\AVG7
2009-02-27 07:02 --------- d--h--w d:\program files\InstallShield Installation Information
2009-02-26 00:17 --------- d-----w d:\documents and settings\Douglas Hawkins\Application Data\Move Networks
2009-02-25 08:22 416,768 ----a-w d:\windows\Internet Logs\xDB3.tmp
2009-02-25 01:06 --------- d-----w d:\program files\SUPERAntiSpyware
2009-02-21 19:02 3,895,620 ----a-w d:\windows\Internet Logs\tvDebug.Zip
2009-02-18 23:06 2,923,520 ----a-w d:\windows\Internet Logs\xDB2.tmp
2009-02-11 08:27 --------- d-----w d:\documents and settings\All Users.WINDOWS\Application Data\Microsoft Help
2009-02-09 05:15 --------- d-----w d:\program files\Java
2009-02-05 20:16 --------- d-----w d:\program files\Common Files\Wise Installation Wizard
2009-02-05 20:16 --------- d-----w d:\documents and settings\Douglas Hawkins\Application Data\SUPERAntiSpyware.com
2009-02-01 19:50 --------- d-----w d:\program files\MSBuild
2009-02-01 19:50 --------- d-----w d:\program files\Microsoft Works
2009-02-01 19:48 --------- d-----w d:\program files\Microsoft.NET
2009-02-01 19:45 --------- d-----w d:\program files\Microsoft Visual Studio 8
2009-01-28 20:04 --------- d-----w d:\program files\Common Files\Intuit
2009-01-22 05:47 --------- d-----w d:\documents and settings\Douglas Hawkins\Application Data\Intuit
2009-01-22 05:45 --------- d-----w d:\program files\Common Files\AnswerWorks 5.0
2009-01-22 05:44 --------- d-----w d:\documents and settings\All Users.WINDOWS\Application Data\Intuit
2009-01-22 05:42 --------- d-----w d:\program files\TurboTax
2009-01-18 06:20 91 ----a-w D:\sysrun23.dll
2009-01-18 06:14 --------- d-----w d:\program files\Northworks Solutions Ltd
2009-01-17 08:46 --------- d-----w d:\documents and settings\Douglas Hawkins\Application Data\Azureus
2009-01-14 03:03 102,523 ----a-w d:\windows\Internet Logs\zlclient_2nd_2009_01_13_11_13_20_small.dmp.zip
2009-01-12 07:45 --------- d-----w d:\program files\Common Files\eSellerate
2009-01-12 07:44 --------- d-----w d:\program files\AnswersThatWork
2009-01-07 21:21 --------- d-----w d:\program files\MAGIX
2009-01-07 21:16 --------- d-----w d:\program files\Oxin's Style!
2009-01-07 21:11 --------- d-----w d:\documents and settings\Douglas Hawkins\Application Data\MAGIX
2009-01-07 21:10 --------- d-----w d:\documents and settings\All Users.WINDOWS\Application Data\MAGIX
2009-01-05 03:02 --------- d-----w d:\program files\Red Kawa
2009-01-05 03:02 --------- d-----w d:\program files\AviSynth 2.5
2009-01-05 02:59 --------- d-----w d:\program files\DVD Decrypter
2009-01-05 02:55 --------- d-----w d:\documents and settings\All Users.WINDOWS\Application Data\Azureus
2009-01-05 02:54 --------- d-----w d:\program files\Vuze
2008-07-03 02:47 1,568 ----a-w d:\documents and settings\Douglas Hawkins\Application Data\mpauth.dat
2007-09-05 16:53 65 ----a-w d:\program files\Common Files\appop.log
2003-07-02 05:00 12,800 ----a-w d:\documents and settings\Douglas Hawkins\cnmss Canon i960 (Local).exe
2008-01-31 07:19 132 --sha-r d:\windows\Regbak.dat
2008-08-02 01:57 32,768 --sha-w d:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008080120080802\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteCenter"="d:\program files\Creative\MediaSource\RemoteControl\RCMan.EXE" [2003-10-08 139264]
"Creative Live! Cam Manager"="d:\program files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" [2006-09-06 143360]
"PC Suite Tray"="d:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-10-02 1124352]
"OCAEBNDVDUpdate"="d:\program files\ObjectCube\XXX2Burn DVD Wizard\xxx2burn.exe" [2006-12-13 1081344]
"Nokia.PCSync"="d:\program files\Nokia\Nokia PC Suite 7\PCSync2.exe" [2008-06-17 1249280]
"Google Update"="d:\documents and settings\Douglas Hawkins\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-12-17 133104]
"WMPNSCFG"="d:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
"SUPERAntiSpyware"="d:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-02-24 1830128]
"Advanced SystemCare 3"="d:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2009-01-09 2262352]
"ctfmon.exe"="d:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"XPRepairPro2007"="d:\program files\XP Repair Pro 2007\XPRepairPro.exe" [2007-07-04 1023624]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSysVol"="d:\program files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"CTDVDDET"="d:\program files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE" [2003-06-18 45056]
"SBDrvDet"="d:\program files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 45056]
"UpdReg"="d:\windows\UpdReg.EXE" [2000-05-11 90112]
"NeroFilterCheck"="d:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"WINCINEMAMGR"="d:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe" [2005-01-21 270336]
"type32"="d:\program files\Microsoft IntelliType Pro\type32.exe" [2003-05-15 114688]
"IntelliPoint"="d:\program files\Microsoft IntelliPoint\point32.exe" [2003-05-15 163840]
"Name of App"="d:\program files\SAMSUNG\FW LiveUpdate\FWManager.exe" [2008-07-07 675935]
"QuickTime Task"="d:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
"V0270Mon.exe"="d:\windows\V0270Mon.exe" [2006-09-26 32768]
"StartCCC"="d:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"CTHelper"="d:\windows\CTHELPER.EXE" [2006-08-11 17920]
"CTxfiHlp"="d:\windows\system32\CTXFIHLP.EXE" [2006-08-11 18944]
"PinnacleDriverCheck"="d:\windows\system32\PSDrvCheck.exe" [2004-03-10 406016]
"Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"TkBellExe"="d:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-09-24 185896]
"AdobeCS4ServiceManager"="d:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"ZoneAlarm Client"="d:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-11-13 981904]
"AVG7_CC"="d:\progra~2\Grisoft\AVG7\avgcc.exe" [2009-02-24 590848]
"GrooveMonitor"="d:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"SunJavaUpdateSched"="d:\program files\Java\jre6\bin\jusched.exe" [2009-02-09 148888]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="d:\progra~2\Grisoft\AVG7\avgw.exe" [2008-12-29 219136]

d:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Bluetooth.lnk - d:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-04-01 568176]
GammaTray.lnk - d:\program files\MagicTune Premium\GammaTray.exe [2008-05-21 36864]
NCProTray.lnk - d:\program files\SEC\Natural Color Pro\NCProTray.exe [2008-05-21 49220]
Orbit.lnk - d:\program files\Orbitdownloader\orbitdm.exe [2008-08-03 1703112]
PowerPanel.lnk - d:\program files\CyberPower\PowerPanel\PowPanel.exe [2008-11-05 615424]
Scanner Detector.lnk - d:\program files\ScanSuite\SDetect.exe [2009-02-08 29184]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoPopUpsOnBoot"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "d:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 d:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= vdrcodec.dll
"VIDC.MJPG"= Pvmjpg21.dll
"VIDC.PIM1"= pclepim1.dll
"msacm.avis"= ff_acm.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"

[HKLM\~\startupfolder\D:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
backup=d:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKLM\~\startupfolder\D:^Documents and Settings^Douglas Hawkins^Start Menu^Programs^Startup^OpenOffice.org 2.3.lnk]
backup=d:\windows\pss\OpenOffice.org 2.3.lnkStartup

[HKLM\~\startupfolder\D:^Documents and Settings^Douglas Hawkins^Start Menu^Programs^Startup^SDK Tray Menu.lnk]
backup=d:\windows\pss\SDK Tray Menu.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2008-03-25 15:21 50528 d:\program files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 11:54 5674352 d:\program files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
--a------ 2009-02-24 20:06 1830128 d:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\program files\\SightSpeed\\SightSpeed.exe"=
"d:\\program files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files (x86)\\Ares\\Ares.exe"=
"d:\\program files\\Ares\\Ares.exe"=
"d:\\program files\\common files\\AOL\\Loader\\aolload.exe"=
"d:\\program files\\AIM6\\aim6.exe"=
"d:\\program files\\Java\\jre1.5.0_01\\launch4j-tmp\\RKMediaCenter.exe"=
"d:\\program files\\Digital Integration Ltd\\PS Media Tunnel\\PSMediaTunnel.exe"=
"d:\\program files\\Messenger\\msmsgs.exe"=
"d:\\program files\\MSN Messenger\\msnmsgr.exe"=
"d:\\program files\\MSN Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\Administrator\\Desktop\\utorrent.exe"=
"d:\\program files\\Mozilla Firefox\\firefox.exe"=
"d:\\program files\\Bonjour\\mDNSResponder.exe"=
"d:\\program files\\MagicTune Premium\\MagicTune.exe"=
"d:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"d:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"d:\\Program Files\\ObjectCube\\XXX2Burn DVD Wizard\\AppUpdate.exe"=
"d:\\Program Files\\ObjectCube\\XXX2Burn DVD Wizard\\xxx2burn.exe"=
"d:\\program files\\common files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"d:\\program files\\Grisoft\\AVG7\\avginet.exe"=
"d:\\program files\\Grisoft\\AVG7\\avgamsvr.exe"=
"d:\\program files\\Grisoft\\AVG7\\avgcc.exe"=
"d:\\program files\\Grisoft\\AVG7\\avgemc.exe"=
"d:\\program files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"d:\\program files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"d:\\program files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6112:TCP"= 6112:TCP:Blizzard Downloader
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R0 ivicd;Ivi CDVD Filter Driver;d:\windows\system32\drivers\ivicd.sys [2007-09-05 38784]
R0 ssfs0bbc;ssfs0bbc;d:\windows\system32\drivers\ssfs0bbc.sys [2008-12-07 29808]
R0 szkg5;szkg;d:\windows\system32\drivers\SZKG.sys [2008-12-02 54656]
R1 SASDIFSV;SASDIFSV;d:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-01-15 8944]
R1 SASKUTIL;SASKUTIL;d:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-01-15 55024]
R2 PfDetNT;PfDetNT;d:\windows\system32\drivers\pfmodnt.sys [2006-08-11 8192]
R2 RVIEGVST;VSC VST Engine;d:\program files\Roland\Virtual Sound Canvas VST\RVIEg01VST.sys [2009-02-27 188276]
R2 WRConsumerService;Webroot Client Service;d:\program files\Webroot\WebrootSecurity\WRConsumerService.exe [2009-02-11 1090936]
R3 SASENUM;SASENUM;d:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-01-15 7408]
S2 Viewpoint Manager Service;Viewpoint Manager Service;"d:\program files\Viewpoint\Common\ViewpointService.exe" --> d:\program files\Viewpoint\Common\ViewpointService.exe [?]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;d:\program files\MAGIX\Common\Database\bin\fbserver.exe [2009-01-07 1527900]
S3 iviudf;iviudf;d:\windows\system32\drivers\IviUdf.sys [2007-09-05 116224]
S3 VF0270Dev;Live! Cam Optia;d:\windows\system32\drivers\V0270Dev.sys [2007-09-05 225632]
S3 VF0270Vfx;VF0270 Video FX;d:\windows\system32\drivers\V0270Vfx.sys [2007-09-05 6912]

--- Other Services/Drivers In Memory ---

*Deregistered* - udffsrec

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ee457f80-cae0-11dd-9a94-00d041a1ca43}]
\Shell\AutoRun\command - k:\wd_windows_tools\Setup.exe
.
Contents of the 'Scheduled Tasks' folder

2008-08-29 d:\windows\Tasks\AppleSoftwareUpdate.job
- d:\program files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 12:42]

2009-03-05 d:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-448539723-725345543-1004.job
- d:\documents and settings\Douglas Hawkins\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-17 18:57]

2009-02-25 d:\windows\Tasks\XoftSpySE 2.job
- d:\program files\XoftSpySE\XoftSpy.exe [2009-01-28 09:29]

2009-02-24 d:\windows\Tasks\XoftSpySE.job
- d:\program files\XoftSpySE\XoftSpy.exe [2009-01-28 09:29]
.
- - - - ORPHANS REMOVED - - - -

BHO-{208329A3-615B-4225-9322-9CA6161FEFFB} - (no file)
BHO-{4614CA41-DD4E-4DC2-B2EB-99AC41945A86} - (no file)
BHO-{7CABF84D-9887-4E4A-9694-B0B40E28BBC2} - (no file)
BHO-{B40AC783-253A-4555-8C7E-5B93614B3C52} - (no file)
Toolbar-SITEguard - (no file)
Notify-cbXQgHxu - (no file)


.
------- Supplementary Scan -------
.
uStart Page = google.com
uInternet Settings,ProxyServer = 127.0.0.1:8080
uInternet Settings,ProxyOverride = local
IE: &Download by Orbit - d:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - d:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Add to Google Photos Screensa&ver - d:\windows\system32\GPhotos.scr/200
IE: Do&wnload selected by Orbit - d:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - d:\program files\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - d:\progra~2\MI1933~1\Office12\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - d:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - d:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - d:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - d:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Send to &Bluetooth Device... - d:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
LSP: d:\program files\Common Files\iS3\Anti-Spyware\iS3lsp.dll
Trusted Zone: aol.com\free
FF - ProfilePath - d:\documents and settings\Douglas Hawkins\Application Data\Mozilla\Firefox\Profiles\0dqawfms.default\
FF - prefs.js: browser.search.selectedEngine - Search
FF - component: d:\documents and settings\Douglas Hawkins\Application Data\Mozilla\Firefox\Profiles\0dqawfms.default\extensions\bkmrksync@nokia.com\components\BkMrkExt.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll
FF - plugin: d:\documents and settings\Douglas Hawkins\Application Data\Mozilla\Firefox\Profiles\0dqawfms.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: d:\documents and settings\Douglas Hawkins\Local Settings\Application Data\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: d:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: d:\program files\kSolo\npAVX.dll
FF - plugin: d:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: d:\program files\Mozilla Firefox\plugins\nppopcaploader.dll
FF - plugin: d:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: d:\program files\Mozilla Firefox\plugins\NPZoneSB.dll
FF - plugin: d:\program files\Opera\program\plugins\npdivx32.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-05 14:57:57
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="d:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,0c,65,d7,16,ae,
4d,a7,7f,e2,63,26,f1,3f,c8,ff,68,05,ca,49,2f,b8,4e,96,4f,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="d:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,bb,70,2c,04,ee,
72,4f,c3,6a,9c,d6,61,af,45,84,18,a0,90,6d,12,62,9d,85,fa,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="d:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,79,05,23,52,0c,
e3,dc,4b,ff,7c,85,e0,43,d4,0e,fe,05,6b,37,37,1f,2c,c1,29,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="d:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,ca,ee,86,ce,6c,
42,6e,08,86,8c,21,01,be,91,eb,e7,a9,1b,ab,36,eb,ce,f0,83,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="d:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,39,d3,b4,da,60,
ae,e5,5e,f5,1d,4d,73,a8,13,5c,05,f1,cb,9f,5f,68,18,1a,54,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="d:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:50,93,e5,ab,ec,6a,4e,ab,ba,01,49,d5,4e,
4d,e1,b0,df,20,58,62,78,6b,cf,c8,67,ff,07,5f,a0,43,ee,63,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="d:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,24,3a,60,66,77,
8e,af,1c,fb,a7,78,e6,12,2f,9a,ea,06,4e,86,a5,68,72,10,40,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="d:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,00,a2,0d,bc,56,
2b,87,a2,01,3a,48,fc,e8,04,4a,f1,fc,f3,96,1b,a9,9a,7e,81,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="d:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,a7,a8,ee,54,ef,
a9,c3,57,f6,0f,4e,58,98,5b,89,c9,a9,d3,7c,20,b3,71,6a,7f,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="d:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,67,b4,14,bc,03,
79,13,74,3d,ce,ea,26,2d,45,aa,78,17,5d,e6,bf,9d,00,ce,ac,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="d:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,14,dd,97,24,e2,
99,a0,69,2a,b7,cc,b5,b9,7f,41,e7,9f,59,cc,2e,91,3e,99,f1,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="d:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,8d,99,9d,e1,59,
a3,35,0d,6c,43,2d,1e,aa,22,2f,9c,1e,c6,58,33,db,f1,03,24,6c,43,2d,1e,aa,22,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(744)
d:\program files\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > 'lsass.exe'(800)
d:\program files\Common Files\iS3\Anti-Spyware\iS3lsp.dll
.
------------------------ Other Running Processes ------------------------
.
d:\windows\system32\ati2evxx.exe
d:\program files\common files\iS3\Anti-Spyware\SZServer.exe
d:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
d:\windows\system32\ZoneLabs\vsmon.exe
d:\program files\Lavasoft\Ad-Aware 2007\aawservice.exe
d:\program files\Grisoft\AVG7\avgamsvr.exe
d:\program files\Grisoft\AVG7\avgupsvc.exe
d:\progra~2\Grisoft\AVG7\avgemc.exe
d:\program files\Bonjour\mDNSResponder.exe
d:\windows\system32\CTSVCCDA.EXE
d:\program files\Java\jre6\bin\jqs.exe
d:\program files\MagicTune Premium\MagicTuneEngine.exe
d:\program files\Webroot\WebrootSecurity\SpySweeper.exe
d:\windows\system32\MsPMSPSv.exe
d:\program files\Windows Media Player\wmpnetwk.exe
d:\program files\PC Connectivity Solution\ServiceLayer.exe
d:\program files\Orbitdownloader\orbitnet.exe
d:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
d:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
d:\program files\PC Connectivity Solution\Transports\NclBCBTSrv.exe
d:\program files\common files\Nokia\MPAPI\MPAPI3s.exe
.
**************************************************************************
.
Completion time: 2009-03-05 15:05:45 - machine was rebooted [Douglas Hawkins]
ComboFix-quarantined-files.txt 2009-03-05 20:05:41

Pre-Run: 94,029,410,304 bytes free
Post-Run: 94,667,440,128 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(1)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(1)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Professional x64 Edition" /fastdetect

426 --- E O F --- 2009-02-28 02:01:05



New DDS:


DDS (Ver_09-02-01.01) - NTFSx86
Run by Douglas Hawkins at 15:25:29.62 on Sun 03/08/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_12
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1030 [GMT -4:00]

AV: AVG 7.5.557 *On-access scanning enabled* (Updated)
FW: Webroot Internet Security Essentials *disabled*
FW: ZoneAlarm Firewall *enabled*

============== Running Processes ===============

D:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost -k DcomLaunch
D:\Program Files\Common Files\iS3\Anti-Spyware\SZServer.exe
svchost.exe
D:\WINDOWS\System32\svchost.exe -k netsvcs
D:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
D:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
D:\WINDOWS\system32\ZoneLabs\vsmon.exe
D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
D:\WINDOWS\system32\spoolsv.exe
D:\PROGRA~2\Grisoft\AVG7\avgamsvr.exe
D:\PROGRA~2\Grisoft\AVG7\avgupsvc.exe
D:\PROGRA~2\Grisoft\AVG7\avgemc.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\WINDOWS\System32\CTsvcCDA.exe
D:\WINDOWS\System32\svchost.exe -k HTTPFilter
D:\Program Files\Java\jre6\bin\jqs.exe
D:\program files\MagicTune Premium\MagicTuneEngine.exe
D:\WINDOWS\System32\svchost.exe -k imgsvc
D:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
D:\WINDOWS\System32\MsPMSPSv.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\STOPzilla!\STOPzilla.exe
D:\program files\MagicTune Premium\MagicTune.exe
D:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
D:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE
D:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
D:\Program Files\Microsoft IntelliType Pro\type32.exe
D:\Program Files\Microsoft IntelliPoint\point32.exe
D:\program files\SAMSUNG\FW LiveUpdate\FWManager.exe
D:\WINDOWS\V0270Mon.exe
D:\WINDOWS\CTHELPER.EXE
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
D:\PROGRA~2\Grisoft\AVG7\avgcc.exe
D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
D:\Program Files\Java\jre6\bin\jusched.exe
D:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
D:\program files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe
D:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
D:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe
D:\Documents and Settings\Douglas Hawkins\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
D:\Program Files\Windows Media Player\WMPNSCFG.exe
D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
D:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
D:\WINDOWS\system32\ctfmon.exe
D:\program files\WIDCOMM\Bluetooth Software\BTTray.exe
D:\program files\MagicTune Premium\GammaTray.exe
D:\Program Files\PC Connectivity Solution\ServiceLayer.exe
D:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
D:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
D:\Program Files\PC Connectivity Solution\Transports\NclBCBTSrv.exe
D:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
D:\program files\SEC\Natural Color Pro\NCProTray.exe
D:\PROGRA~2\Grisoft\AVG7\avgw.exe
D:\program files\Orbitdownloader\orbitdm.exe
D:\program files\CyberPower\PowerPanel\PowPanel.exe
D:\program files\Orbitdownloader\orbitnet.exe
D:\Documents and Settings\Douglas Hawkins\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = google.com
uInternet Settings,ProxyServer = 127.0.0.1:8080
uInternet Settings,ProxyOverride = local
BHO: {000123B4-9B42-4900-B3F7-F4B073EFC214} - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: NoExplorer - No File
BHO: ZILLAbar Browser Helper Object: {1827766b-9f49-4854-8034-f6ee26fcb1ec} - d:\program files\stopzilla!\SZSG.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - d:\progra~2\spybot~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - d:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\program files\java\jre6\bin\jp2ssv.dll
BHO: STOPzilla Browser Helper Object: {e3215f20-3212-11d6-9f8b-00d0b743919d} - d:\program files\stopzilla!\SZIEBHO.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - d:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - No File
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - d:\program files\canon\easy-webprint\Toolband.dll
TB: ZoneAlarm Spy Blocker: {f0d4b239-da4b-4daf-81e4-dfee4931a4aa} - d:\program files\zonealarmsb\bar\1.bin\SPYBLOCK.DLL
TB: STOPzilla: {98828ded-a591-462f-83ba-d2f62a68b8b8} - d:\program files\stopzilla!\SZSG.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [RemoteCenter] "d:\program files\creative\mediasource\remotecontrol\RCMan.EXE"
uRun: [Creative Live! Cam Manager] "d:\program files\creative\creative live! cam\live! cam manager\CTLCMgr.exe"
uRun: [PC Suite Tray] "d:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytray
uRun: [OCAEBNDVDUpdate] "d:\program files\objectcube\xxx2burn dvd wizard\xxx2burn.exe" /update
uRun: [Nokia.PCSync] "d:\program files\nokia\nokia pc suite 7\PCSync2.exe" /NoDialog
uRun: [Google Update] "d:\documents and settings\douglas hawkins\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [WMPNSCFG] "d:\program files\windows media player\WMPNSCFG.exe"
uRun: [SUPERAntiSpyware] "d:\program files\superantispyware\SUPERAntiSpyware.exe"
uRun: [Advanced SystemCare 3] "d:\program files\iobit\advanced systemcare 3\AWC.exe" /startup
uRun: [ctfmon.exe] d:\windows\system32\ctfmon.exe
uRun: [XPRepairPro2007] d:\program files\xp repair pro 2007\XPRepairPro.exe /r
mRun: [CTSysVol] "d:\program files\creative\sbaudigy2zs\surround mixer\CTSysVol.exe" /r
mRun: [CTDVDDET] "d:\program files\creative\sbaudigy2zs\dvdaudio\CTDVDDet.EXE"
mRun: [SBDrvDet] "d:\program files\creative\sb drive det\SBDrvDet.exe" /r
mRun: [UpdReg] "d:\windows\UpdReg.EXE"
mRun: [NeroFilterCheck] "d:\windows\system32\NeroCheck.exe"
mRun: [WINCINEMAMGR] "d:\program files\intervideo\common\bin\WinCinemaMgr.exe"
mRun: [type32] "d:\program files\microsoft intellitype pro\type32.exe"
mRun: [IntelliPoint] "d:\program files\microsoft intellipoint\point32.exe"
mRun: [Name of App] "d:\program files\samsung\fw liveupdate\FWManager.exe" r
mRun: [QuickTime Task] "d:\program files\quicktime\qttask.exe" -atboottime
mRun: [V0270Mon.exe] "d:\windows\V0270Mon.exe"
mRun: [StartCCC] "d:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"
mRun: [CTHelper] "d:\windows\CTHELPER.EXE"
mRun: [CTxfiHlp] "d:\windows\system32\CTXFIHLP.EXE"
mRun: [PinnacleDriverCheck] "d:\windows\system32\PSDrvCheck.exe" -CheckReg
mRun: [Adobe Reader Speed Launcher] "d:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [TkBellExe] "d:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [AdobeCS4ServiceManager] "d:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [ZoneAlarm Client] "d:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [AVG7_CC] "d:\progra~2\grisoft\avg7\avgcc.exe" /STARTUP
mRun: [GrooveMonitor] "d:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [SunJavaUpdateSched] "d:\program files\java\jre6\bin\jusched.exe"
dRun: [AVG7_Run] d:\progra~2\grisoft\avg7\avgw.exe /RUNONCE
StartupFolder: d:\docume~1\dougla~1\startm~1\programs\startup\BJSTAT~1.LNK -
StartupFolder: d:\docume~1\alluse~1.win\startm~1\programs\startup\blueto~1.lnk - d:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: d:\docume~1\alluse~1.win\startm~1\programs\startup\gammat~1.lnk - d:\program files\magictune premium\GammaTray.exe
StartupFolder: d:\docume~1\alluse~1.win\startm~1\programs\startup\ncprot~1.lnk - d:\program files\sec\natural color pro\NCProTray.exe
StartupFolder: d:\docume~1\alluse~1.win\startm~1\programs\startup\orbit.lnk - d:\program files\orbitdownloader\orbitdm.exe
StartupFolder: d:\docume~1\alluse~1.win\startm~1\programs\startup\powerp~1.lnk - d:\program files\cyberpower\powerpanel\PowPanel.exe
StartupFolder: d:\docume~1\alluse~1.win\startm~1\programs\startup\scanne~1.lnk - d:\program files\scansuite\SDetect.exe
mPolicies-explorer: NoPopUpsOnBoot = 1 (0x1)
IE: &Download by Orbit - d:\program files\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - d:\program files\orbitdownloader\orbitmxt.dll/204
IE: Add to Google Photos Screensa&ver - d:\windows\system32\GPhotos.scr/200
IE: Do&wnload selected by Orbit - d:\program files\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - d:\program files\orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - d:\progra~2\mi1933~1\office12\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - d:\program files\canon\easy-webprint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - d:\program files\canon\easy-webprint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - d:\program files\canon\easy-webprint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - d:\program files\canon\easy-webprint\Resource.dll/RC_Print.html
IE: Send to &Bluetooth Device... - d:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - d:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - d:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - d:\progra~2\mi1933~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - d:\progra~2\mi1933~1\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - d:\progra~2\spybot~1\SDHelper.dll
LSP: d:\program files\common files\is3\anti-spyware\iS3lsp.dll
Trusted Zone: aol.com\free
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1189008553700
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1200453490671
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/su2/CTL_V02002/ocx/15030/CTPID.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - d:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: !SASWinLogon - d:\program files\superantispyware\SASWINLO.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - d:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - d:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - d:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - d:\docume~1\dougla~1\applic~1\mozilla\firefox\profiles\0dqawfms.default\
FF - prefs.js: browser.search.selectedEngine - Search
FF - component: d:\documents and settings\douglas hawkins\application data\mozilla\firefox\profiles\0dqawfms.default\extensions\bkmrksync@nokia.com\components\BkMrkExt.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nppl3260.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprjplug.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpjplug.dll
FF - plugin: d:\documents and settings\douglas hawkins\application data\mozilla\firefox\profiles\0dqawfms.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: d:\documents and settings\douglas hawkins\local settings\application data\google\update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: d:\program files\google\picasa3\npPicasa3.dll
FF - plugin: d:\program files\ksolo\npAVX.dll
FF - plugin: d:\program files\mozilla firefox\plugins\nppopcaploader.dll
FF - plugin: d:\program files\mozilla firefox\plugins\NPTURNMED.dll
FF - plugin: d:\program files\mozilla firefox\plugins\NPZoneSB.dll
FF - plugin: d:\program files\opera\program\plugins\npdivx32.dll

============= SERVICES / DRIVERS ===============

R0 ivicd;Ivi CDVD Filter Driver;d:\windows\system32\drivers\ivicd.sys [2007-9-5 38784]
R0 ssfs0bbc;ssfs0bbc;d:\windows\system32\drivers\ssfs0bbc.sys [2008-12-7 29808]
R0 szkg5;szkg;d:\windows\system32\drivers\SZKG.sys [2008-12-2 54656]
R1 Avg7Core;AVG7 Kernel;d:\windows\system32\drivers\avg7core.sys [2008-12-29 821856]
R1 Avg7RsW;AVG7 Wrap Driver;d:\windows\system32\drivers\avg7rsw.sys [2008-12-29 4224]
R1 Avg7RsXP;AVG7 Resident Driver XP;d:\windows\system32\drivers\avg7rsxp.sys [2008-12-29 27776]
R1 AvgClean;AVG7 Clean Driver;d:\windows\system32\drivers\avgclean.sys [2008-12-29 10760]
R1 SASDIFSV;SASDIFSV;d:\program files\superantispyware\sasdifsv.sys [2009-1-15 8944]
R1 SASKUTIL;SASKUTIL;d:\program files\superantispyware\SASKUTIL.SYS [2009-1-15 55024]
R1 vsdatant;vsdatant;d:\windows\system32\vsdatant.sys [2008-10-1 353680]
R2 aawservice;Ad-Aware 2007 Service;d:\program files\lavasoft\ad-aware 2007\aawservice.exe [2007-10-29 587096]
R2 Avg7Alrt;AVG7 Alert Manager Server;d:\progra~2\grisoft\avg7\avgamsvr.exe [2008-12-29 418816]
R2 Avg7UpdSvc;AVG7 Update Service;d:\progra~2\grisoft\avg7\avgupsvc.exe [2008-12-29 49664]
R2 AVGEMS;AVG E-mail Scanner;d:\progra~2\grisoft\avg7\avgemc.exe [2008-12-29 406528]
R2 AvgTdi;AVG Network Redirector;d:\windows\system32\drivers\avgtdi.sys [2008-12-29 4960]
R2 PfDetNT;PfDetNT;d:\windows\system32\drivers\pfmodnt.sys [2006-8-11 8192]
R2 RVIEGVST;VSC VST Engine;d:\program files\roland\virtual sound canvas vst\RVIEg01VST.sys [2009-2-27 188276]
R2 vsmon;TrueVector Internet Monitor;d:\windows\system32\zonelabs\vsmon.exe -service --> d:\windows\system32\zonelabs\vsmon.exe -service [?]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;d:\program files\webroot\webrootsecurity\SpySweeper.exe [2008-12-7 3671408]
R2 WRConsumerService;Webroot Client Service;d:\program files\webroot\webrootsecurity\WRConsumerService.exe [2009-2-11 1090936]
R3 SASENUM;SASENUM;d:\program files\superantispyware\SASENUM.SYS [2009-1-15 7408]
S2 Viewpoint Manager Service;Viewpoint Manager Service;"d:\program files\viewpoint\common\viewpointservice.exe" --> d:\program files\viewpoint\common\ViewpointService.exe [?]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;d:\program files\magix\common\database\bin\fbserver.exe [2009-1-7 1527900]
S3 iviudf;iviudf;d:\windows\system32\drivers\IviUdf.sys [2007-9-5 116224]
S3 VF0270Dev;Live! Cam Optia;d:\windows\system32\drivers\V0270Dev.sys [2007-9-5 225632]
S3 VF0270Vfx;VF0270 Video FX;d:\windows\system32\drivers\V0270Vfx.sys [2007-9-5 6912]

=============== Created Last 30 ================

2009-03-08 14:54 1,976 a------- d:\windows\system32\drivers\kgpcpy.cfg
2009-02-27 03:11 1,409 a------- d:\windows\system32\PGMUS.FOT
2009-02-27 03:11 1,409 a------- d:\windows\system32\pgjazz__.FOT
2009-02-27 03:02 <DIR> --d----- d:\program files\Roland
2009-02-27 03:01 <DIR> --d----- d:\program files\PowerTracks DirectX Plugins
2009-02-27 02:56 <DIR> --d----- D:\bb
2009-02-25 01:18 <DIR> --d----- d:\program files\Turbo Tube
2009-02-17 23:25 <DIR> --d----- d:\program files\XP Repair Pro 2007
2009-02-16 16:36 <DIR> --d----- d:\docume~1\dougla~1\applic~1\Uniblue
2009-02-16 16:35 <DIR> --d----- d:\program files\Uniblue
2009-02-16 16:35 <DIR> -cd-h--- d:\docume~1\alluse~1.win\applic~1\{2840BBCB-9BEC-47F6-BA0F-10D3C34BF151}
2009-02-13 03:04 28 a------- d:\windows\Lic.xxx
2009-02-13 03:04 626,688 a------- d:\windows\system32\msvcr80.dll
2009-02-13 03:04 548,864 a------- d:\windows\system32\msvcp80.dll
2009-02-13 03:04 28,672 a------- d:\windows\system32\eEmpty.exe
2009-02-13 03:04 522 a------- d:\windows\system32\Microsoft.VC80.CRT.manifest
2009-02-13 03:04 135,680 a------- d:\windows\system32\T.COM
2009-02-13 03:04 146,432 a------- d:\windows\R.COM
2009-02-13 03:04 <DIR> --d----- d:\docume~1\alluse~1.win\applic~1\MicroWorld
2009-02-12 01:00 <DIR> --d----- D:\VundoFix Backups
2009-02-11 01:23 1,553,272 a------- d:\windows\WRSetup.dll
2009-02-11 01:23 <DIR> --d----- d:\program files\Webroot
2009-02-11 01:23 <DIR> --d----- d:\docume~1\dougla~1\applic~1\Webroot
2009-02-11 01:23 <DIR> --d----- d:\docume~1\alluse~1.win\applic~1\Webroot
2009-02-11 01:22 164 a------- D:\install.dat
2009-02-10 03:02 <DIR> --d----- d:\program files\IObit
2009-02-10 03:02 <DIR> --d----- d:\docume~1\dougla~1\applic~1\IObit
2009-02-09 01:24 <DIR> --d----- D:\fixwareout
2009-02-09 01:16 73,728 a------- d:\windows\system32\javacpl.cpl
2009-02-09 01:01 <DIR> --d----- d:\documents and settings\douglas hawkins\.SunDownloadManager
2009-02-08 17:46 117 a------- d:\windows\Ulead32.INI
2009-02-08 17:45 21,288 a------- d:\windows\system32\msmusd.dll
2009-02-08 17:45 <DIR> --d----- D:\Microtek
2009-02-08 17:30 306,688 a------- d:\windows\uninstss.bin
2009-02-08 17:30 <DIR> --d----- d:\program files\ScanSuite
2009-02-08 17:28 53,760 ac------ d:\windows\system32\dllcache\wiamsmud.dll
2009-02-08 17:28 53,760 a------- d:\windows\system32\wiamsmud.dll
2009-02-08 17:28 28,160 ac------ d:\windows\system32\dllcache\sm91w.dll
2009-02-08 17:28 28,160 a------- d:\windows\system32\sm91w.dll
2009-02-08 17:28 15,104 ac------ d:\windows\system32\dllcache\usbscan.sys
2009-02-08 17:28 15,104 a------- d:\windows\system32\drivers\USBSCAN.SYS
2009-02-07 14:46 250 a------- d:\windows\gmer.ini
2009-02-07 02:54 <DIR> --d----- d:\program files\Trend Micro
2009-02-07 02:30 <DIR> --d----- d:\docume~1\dougla~1\applic~1\Malwarebytes
2009-02-07 02:30 15,504 a------- d:\windows\system32\drivers\mbam.sys
2009-02-07 02:30 38,496 a------- d:\windows\system32\drivers\mbamswissarmy.sys
2009-02-07 02:30 <DIR> --d----- d:\program files\Malwarebytes' Anti-Malware
2009-02-07 02:30 <DIR> --d----- d:\docume~1\alluse~1.win\applic~1\Malwarebytes

==================== Find3M ====================

2009-02-09 01:16 410,984 a------- d:\windows\system32\deploytk.dll
2009-01-18 02:20 91 a------- D:\sysrun23.dll
2009-01-05 18:33 3,751,995 a------- d:\windows\system32\GPhotos.scr
2008-12-20 19:15 826,368 a------- d:\windows\system32\wininet.dll
2008-12-17 18:26 17,408 a----r-- d:\windows\system32\SZIO5.dll
2008-12-17 18:25 282,624 a----r-- d:\windows\system32\SZBase5.dll
2008-12-17 18:24 540,672 a----r-- d:\windows\system32\SZComp5.dll
2008-12-09 14:53 4,212 a---h--- d:\windows\system32\zllictbl.dat
2008-07-02 22:47 1,568 a------- d:\docume~1\dougla~1\applic~1\mpauth.dat
2007-09-05 12:53 65 a------- d:\program files\common files\appop.log
2003-07-02 01:00 12,800 a------- d:\documents and settings\douglas hawkins\cnmss Canon i960 (Local).exe
2008-01-31 03:19 132 a--shr-- d:\windows\Regbak.dat
2008-08-01 21:57 32,768 a--sh--- d:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008080120080802\index.dat

============= FINISH: 15:26:34.31 ===============

#10 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:07:22 PM

Posted 09 March 2009 - 11:58 AM

Hi


Uninstall ZoneAlarm Spy Blocker if not installed on purpose.



Upload following files to http://www.virustotal.com and post back the results.
d:\windows\R.COM
d:\windows\system32\T.COM
d:\windows\system32\eEmpty.exe
D:\sysrun23.dll



Uninstall old Adobe Reader versions and get the latest one here or get Foxit Reader here. Make sure you don't install toolbar if choose Foxit Reader!



Please download GooredFix and save it to your Desktop. Double-click Goored.exe to run it. Select 1. Find Goored (no fix) by typing 1 and pressing Enter. A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt). Note: Do not run Option #2 yet.


Open notepad and copy/paste the text in the quotebox below into it:

File::
d:\windows\ojmaczrh

DDS::
uInternet Settings,ProxyServer = 127.0.0.1:8080
uInternet Settings,ProxyOverride = local
BHO: {000123B4-9B42-4900-B3F7-F4B073EFC214} - No File
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: NoExplorer - No File
BHO: {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoPopUpsOnBoot"=-

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=-


Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.


Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.


Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache

*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.


Please run an online scan with Kaspersky Online Scanner as instructed in the screenshot here. If you get a message that latest Java must be installed "enable" the Java add-ons in IE7. Do that using "manage add-ons" from the IE7 toolbar.


Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#11 drumking

drumking
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:22 PM

Posted 09 March 2009 - 04:20 PM

Results from Virustotal:

d:\windows\R.COM:

ntivirus Version Last Update Result
a-squared 4.0.0.101 2009.02.27 -
AhnLab-V3 5.0.0.2 2009.02.27 -
AntiVir 7.9.0.98 2009.02.27 -
Authentium 5.1.0.4 2009.02.27 -
Avast 4.8.1335.0 2009.02.26 -
AVG 8.0.0.237 2009.02.27 -
BitDefender 7.2 2009.02.27 -
CAT-QuickHeal 10.00 2009.02.27 -
ClamAV 0.94.1 2009.02.27 -
Comodo 986 2009.02.20 -
DrWeb 4.44.0.09170 2009.02.27 -
eSafe 7.0.17.0 2009.02.26 -
eTrust-Vet 31.6.6376 2009.02.27 -
F-Prot 4.4.4.56 2009.02.26 -
F-Secure 8.0.14470.0 2009.02.27 -
Fortinet 3.117.0.0 2009.02.27 -
GData 19 2009.02.27 -
Ikarus T3.1.1.45.0 2009.02.27 -
K7AntiVirus 7.10.648 2009.02.26 -
Kaspersky 7.0.0.125 2009.02.27 -
McAfee 5537 2009.02.26 -
McAfee+Artemis 5537 2009.02.26 -
Microsoft 1.4306 2009.02.27 -
NOD32 3894 2009.02.27 -
Norman 6.00.06 2009.02.27 -
nProtect 2009.1.8.0 2009.02.27 -
Panda 10.0.0.10 2009.02.26 -
PCTools 4.4.2.0 2009.02.27 -
Prevx1 V2 2009.02.27 -
Rising 21.18.42.00 2009.02.27 -
SecureWeb-Gateway 6.0.0 2009.02.27 -
Sophos 4.39.0 2009.02.27 -
Sunbelt 3.2.1858.2 2009.02.26 -
Symantec 10 2009.02.27 -
TheHacker 6.3.2.5.267 2009.02.27 -
TrendMicro 8.700.0.1004 2009.02.27 -
VBA32 3.12.10.1 2009.02.26 -
ViRobot 2009.2.27.1627 2009.02.27 -
VirusBuster 4.5.11.0 2009.02.27 -
Additional information
File size: 146432 bytes
MD5...: 058710b720282ca82b909912d3ef28db
SHA1..: 48f4612efeb713a5860726fdb999ceceff07557d
SHA256: 97535e75ca6a77e6bcb81216b0fb383024709539727fd656df6afd33a50cad04
SHA512: 033503276ad77a63d874ec3cb8e81c81076c50584c4e5b7a276921622ab1f10b
5766bc2ecc211b1c65d61f11c9d4d7b6c48986b52cda4d207c9e2ef375181436
ssdeep: 3072:NtkaZgxktEdSja2qLckP+4AnrIKvOBI+huG0TG0uvJb9w:NtkqxrqLckP+x
n0YOBI+AG0TG0
PEiD..: -
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (53.1%)
Windows Screen Saver (18.4%)
Win32 Executable Generic (12.0%)
Win32 Dynamic Link Library (generic) (10.6%)
Generic Win/DOS Executable (2.8%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1691e
timedatestamp.....: 0x48025214 (Sun Apr 13 18:33:56 2008)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x17902 0x17a00 6.37 8d566c1e457741cced3b34f6d18c225d
.data 0x19000 0x40da0 0x400 1.20 def7edb164ce2210badeb06959cdaa48
.rsrc 0x5a000 0xb8b0 0xba00 3.68 55c800dc56999ec2683a54271953b1b7

( 14 imports )
> msvcrt.dll: __p__commode, _adjust_fdiv, __p__fmode, _initterm, __getmainargs, _acmdln, __set_app_type, _except_handler3, __setusermatherr, _controlfp, exit, _XcptFilter, _exit, _c_exit, swprintf, iswprint, wcsncpy, wcslen, wcscat, wcscpy, _purecall, iswctype, wcscmp, wcschr, wcsncmp, wcsrchr, _cexit, memmove
> ADVAPI32.dll: RegQueryValueExA, RegOpenKeyExA, InitializeSecurityDescriptor, RegDeleteValueW, InitializeAcl, SetSecurityDescriptorDacl, SetSecurityDescriptorSacl, SetSecurityDescriptorOwner, SetSecurityDescriptorGroup, GetInheritanceSourceW, LookupAccountSidW, GetSidSubAuthorityCount, GetSidSubAuthority, GetSecurityDescriptorControl, GetSecurityDescriptorOwner, GetSecurityDescriptorGroup, GetSecurityDescriptorDacl, GetSecurityDescriptorSacl, SetSecurityInfo, SetNamedSecurityInfoW, GetNamedSecurityInfoW, MapGenericMask, RegSetValueExA, RegSetValueW, RegFlushKey, RegSaveKeyW, RegRestoreKeyW, RegConnectRegistryW, RegQueryValueExW, RegCloseKey, RegOpenKeyW, RegSetValueExW, RegCreateKeyW, RegEnumValueW, RegEnumKeyW, AdjustTokenPrivileges, LookupPrivilegeValueW, OpenProcessToken, RegUnLoadKeyW, RegLoadKeyW, RegOpenKeyExW, RegQueryInfoKeyW, RegDeleteKeyW
> KERNEL32.dll: ReadFile, DeleteFileW, WriteFile, WideCharToMultiByte, CreateFileW, OutputDebugStringW, GetLastError, SetFilePointer, GetFileSize, SearchPathW, GetTimeFormatW, GetDateFormatW, GetSystemDefaultLCID, FileTimeToSystemTime, FileTimeToLocalFileTime, FreeLibrary, LoadLibraryW, MulDiv, lstrcpynW, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime, TerminateProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetModuleHandleA, GetStartupInfoA, MultiByteToWideChar, lstrcmpW, FormatMessageW, GetThreadLocale, GetModuleHandleW, ExitProcess, GetCommandLineW, GetProcessHeap, lstrcatW, LocalAlloc, GetCurrentProcess, CloseHandle, LocalFree, GetComputerNameW, lstrcmpiW, lstrlenW, lstrcpyW, LocalReAlloc, GlobalAlloc, GlobalLock, GlobalUnlock, GetProcAddress, LoadLibraryA
> GDI32.dll: GetStockObject, SetAbortProc, StartDocW, StartPage, SetViewportOrgEx, EndPage, EndDoc, AbortDoc, DeleteDC, CreateBitmap, CreatePatternBrush, PatBlt, ExcludeClipRect, SelectClipRgn, DeleteObject, SetBkColor, SetTextColor, ExtTextOutW, GetDeviceCaps, CreateFontIndirectW, SelectObject, GetTextMetricsW
> USER32.dll: SendDlgItemMessageW, SetDlgItemTextW, SetWindowLongW, DefWindowProcW, ReleaseDC, GetDC, SetScrollInfo, wsprintfW, DestroyCaret, ReleaseCapture, KillTimer, SetCaretPos, ScrollWindowEx, ShowCaret, HideCaret, InvalidateRect, CloseClipboard, SetClipboardData, EmptyClipboard, OpenClipboard, GetClipboardData, WinHelpW, EndDialog, GetWindowLongW, EndPaint, BeginPaint, CreateCaret, SetTimer, SetCapture, SetFocus, CharLowerW, GetDlgItem, DestroyMenu, TrackPopupMenuEx, IsClipboardFormatAvailable, EnableMenuItem, GetSubMenu, LoadMenuW, GetKeyState, RegisterClassW, LoadCursorW, RegisterClipboardFormatW, CheckRadioButton, SendMessageW, GetWindowTextW, GetParent, GetDlgItemTextW, IsDlgButtonChecked, GetDlgCtrlID, CallWindowProcW, GetWindowTextLengthW, GetDlgItemInt, PostQuitMessage, GetWindowPlacement, SetWindowTextW, EnableWindow, GetWindowRect, DrawMenuBar, InsertMenuItemW, DeleteMenu, SetMenuItemInfoW, GetMenu, GetMenuItemInfoW, EndDeferWindowPos, DeferWindowPos, BeginDeferWindowPos, IsIconic, DestroyIcon, LoadImageW, GetSysColor, SetCursor, ShowCursor, ShowWindow, SetWindowPlacement, CreateWindowExW, GetProcessDefaultLayout, GetMessageW, ScreenToClient, SetCursorPos, DispatchMessageW, ClientToScreen, GetDesktopWindow, LoadIconW, PostMessageW, SetMenuDefaultItem, InsertMenuW, GetMenuItemID, CheckMenuItem, UpdateWindow, RegisterClassExW, CharNextW, GetClientRect, DestroyWindow, CreateDialogParamW, CheckDlgButton, DrawAnimatedRects, IntersectRect, ModifyMenuW, GetMessagePos, TranslateMessage, TranslateAcceleratorW, LoadAcceleratorsW, SetForegroundWindow, GetLastActivePopup, BringWindowToTop, FindWindowW, LoadStringW, GetWindow, IsDialogMessageW, PeekMessageW, MessageBoxW, CharUpperBuffW, CharUpperW, IsCharAlphaNumericW, GetSystemMetrics, MoveWindow, MapWindowPoints, DialogBoxParamW, SetWindowPos, MessageBeep
> COMCTL32.dll: -, -, -, -, InitCommonControlsEx, -, -, ImageList_SetBkColor, ImageList_Create, ImageList_Destroy, -, -, ImageList_ReplaceIcon, -, -, -, -, CreateStatusWindowW
> comdlg32.dll: GetOpenFileNameW, GetSaveFileNameW, PrintDlgExW
> SHELL32.dll: ShellAboutW, DragQueryFileW, DragFinish
> AUTHZ.dll: AuthzInitializeContextFromSid, AuthzAccessCheck, AuthzFreeContext, AuthzFreeResourceManager, AuthzInitializeResourceManager
> ACLUI.dll: -
> ole32.dll: CoCreateInstance, CoUninitialize, CoInitializeEx, ReleaseStgMedium
> ulib.dll: _Resize@DSTRING@@UAEEK@Z, _Initialize@ARRAY@@QAEEKK@Z, _NewBuf@DSTRING@@UAEEK@Z, __1DSTRING@@UAE@XZ, __1OBJECT@@UAE@XZ, __0OBJECT@@IAE@XZ, _Compare@OBJECT@@UBEJPBV1@@Z, __0DSTRING@@QAE@XZ, _Initialize@WSTRING@@QAEEPBV1@KK@Z, _Strcat@WSTRING@@QAEEPBV1@@Z, __0ARRAY@@QAE@XZ, _Initialize@WSTRING@@QAEEPBGK@Z
> clb.dll: ClbAddData, ClbSetColumnWidths
> ntdll.dll: RtlFreeHeap, RtlAllocateHeap


d:\windows\system32\T.COM:

Antivirus Version Last Update Result
a-squared 4.0.0.101 2009.03.08 -
AhnLab-V3 5.0.0.2 2009.02.27 -
AntiVir 7.9.0.105 2009.03.07 -
Authentium 5.1.0.4 2009.03.08 -
Avast 4.8.1335.0 2009.03.08 -
AVG 8.0.0.237 2009.03.08 -
BitDefender 7.2 2009.03.08 -
CAT-QuickHeal 10.00 2009.03.07 -
ClamAV 0.94.1 2009.03.06 -
Comodo 1037 2009.03.08 -
DrWeb 4.44.0.09170 2009.03.08 -
eSafe 7.0.17.0 2009.03.08 -
eTrust-Vet 31.6.6386 2009.03.06 -
F-Prot 4.4.4.56 2009.03.08 -
F-Secure 8.0.14470.0 2009.03.08 -
Fortinet 3.117.0.0 2009.03.08 -
GData 19 2009.03.08 -
Ikarus T3.1.1.45.0 2009.03.08 -
K7AntiVirus 7.10.663 2009.03.07 -
Kaspersky 7.0.0.125 2009.03.08 -
McAfee 5547 2009.03.08 -
McAfee+Artemis 5547 2009.03.08 -
Microsoft 1.4405 2009.03.08 -
NOD32 3917 2009.03.07 -
Norman 6.00.06 2009.03.06 -
nProtect 2009.1.8.0 2009.03.08 -
Panda 10.0.0.10 2009.03.08 -
PCTools 4.4.2.0 2009.03.08 -
Prevx1 V2 2009.03.08 -
Rising 21.19.42.00 2009.03.06 -
SecureWeb-Gateway 6.7.6 2009.03.08 -
Sophos 4.39.0 2009.03.08 -
Sunbelt 3.2.1858.2 2009.03.08 -
Symantec 1.4.4.12 2009.03.08 -
TheHacker 6.3.2.7.276 2009.03.08 -
TrendMicro 8.700.0.1004 2009.03.06 -
VBA32 3.12.10.1 2009.03.08 -
ViRobot 2009.3.7.1639 2009.03.07 -
VirusBuster 4.5.11.0 2009.03.08 -
Additional information
File size: 135680 bytes
MD5...: 2cd1c3506a85b38e2d17e61aded175c4
SHA1..: 811d06dc5c7b530a5f0bd07c50607e402da43d59
SHA256: f899e8c466b518346d47c7cd56f6d4ae3eed38369b8e38b6badf0227b93e7f82
SHA512: ee63dcaaf8504cc757ac66d40de23ddee0679cc7f7fd49e95f89fc2904f7df2c
39a7dbbda4846537d3ebee34e24599e068f25d6c363a2a86e85512673d9edfea
ssdeep: 3072:gkh3VK2abS5VHwO8KdKiZuNuEJ+4PmuN1IS:1VQO8uZUE4M
PEiD..: -
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x5944
timedatestamp.....: 0x48025274 (Sun Apr 13 18:35:32 2008)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x13f1a 0x14000 6.43 e1ce1687a8ad161dd4842025228d581f
.data 0x15000 0x170c 0x600 2.79 44a98784179a334c27cbc27b57643de2
.rsrc 0x17000 0xc6c0 0xc800 3.75 4fd6e04a36f8483bcaa02204338374c4

( 11 imports )
> ADVAPI32.dll: RegCloseKey, RegQueryValueExW, RegOpenKeyExW, RegSetValueExW, RegCreateKeyExW, IsValidSid, AdjustTokenPrivileges, OpenThreadToken, OpenProcessToken, RegOpenKeyExA, RegQueryValueExA, LookupPrivilegeValueW
> KERNEL32.dll: GetProcessAffinityMask, OpenProcess, MultiByteToWideChar, GetThreadTimes, TerminateProcess, GetPriorityClass, lstrcmpW, SetEvent, CreateEventW, GetComputerNameW, Sleep, FreeLibrary, SetProcessAffinityMask, LoadLibraryA, QueryPerformanceCounter, GetSystemTimeAsFileTime, GetCurrentDirectoryW, SetUnhandledExceptionFilter, lstrcmpiW, GetTickCount, HeapSize, GetProcAddress, GetNumberFormatW, HeapReAlloc, lstrlenW, GetCurrentProcess, SetPriorityClass, GetCommandLineW, GetStartupInfoW, GetModuleHandleW, ExitProcess, CreateMutexW, GetCurrentProcessId, ProcessIdToSessionId, ReleaseMutex, SetProcessShutdownParameters, WaitForSingleObject, ExpandEnvironmentStringsW, CreateProcessW, GetCurrentThreadId, FormatMessageW, lstrcatW, GetVersionExW, GetLocaleInfoW, LocalAlloc, LocalFree, HeapFree, HeapAlloc, GetProcessHeap, CreateThread, CloseHandle, lstrcpynW, lstrcpyW, GetLastError, LoadLibraryW, InterlockedCompareExchange, GetVersionExA, IsBadWritePtr, SetLastError, GetCurrentThread, DelayLoadFailureHook, UnhandledExceptionFilter
> GDI32.dll: CreateFontIndirectW, GetCharWidth32W, CreateCompatibleBitmap, Rectangle, SetBkMode, SetTextColor, CreateCompatibleDC, DeleteDC, GetCurrentObject, GetObjectW, BitBlt, SelectObject, MoveToEx, LineTo, CreatePen, GetStockObject, CreateRectRgn, DeleteObject, CreateSolidBrush, CombineRgn, SetRectRgn, GetDeviceCaps, FillRgn
> USER32.dll: DestroyIcon, LoadImageW, BeginDeferWindowPos, GetMenuItemCount, EnableMenuItem, GetSystemMetrics, SetMenuItemInfoW, LoadMenuW, DestroyMenu, ExitWindowsEx, LockWorkStation, GetAsyncKeyState, SetForegroundWindow, OpenIcon, LoadAcceleratorsW, MessageBoxW, CheckDlgButton, EndDialog, GetWindowTextW, IsDlgButtonChecked, GetSubMenu, InvalidateRect, GetSysColor, MonitorFromRect, SetTimer, LoadIconW, GetThreadDesktop, GetDialogBaseUnits, KillTimer, GetDesktopWindow, DestroyWindow, MessageBeep, MoveWindow, PostQuitMessage, IsZoomed, DispatchMessageW, TranslateMessage, IsDialogMessageW, TranslateAcceleratorW, GetMessageW, CreateDialogParamW, SendMessageTimeoutW, AllowSetForegroundWindow, GetWindowThreadProcessId, FindWindowW, RegisterWindowMessageW, FillRect, DrawTextW, UpdateWindow, GetDlgCtrlID, SetFocus, CreateWindowExW, DialogBoxParamW, GetShellWindow, SetScrollPos, GetScrollInfo, IsWindow, EnableWindow, GetFocus, CharLowerBuffW, TrackPopupMenuEx, GetGuiResources, EnumWindowStationsW, GetClassLongW, IsHungAppWindow, InternalGetWindowText, IsWindowVisible, GetWindow, SetMenuDefaultItem, EnumWindows, CloseDesktop, SetThreadDesktop, OpenDesktopW, EnumDesktopsW, CloseWindowStation, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, CascadeWindows, TileWindows, SwitchToThisWindow, GetLastActivePopup, EndTask, PostMessageW, ShowWindowAsync, GetCursorPos, SetDlgItemTextW, GetParent, GetWindowTextLengthW, SetRect, SetCursor, LoadCursorW, GetWindowRect, DeferWindowPos, EndDeferWindowPos, GetMenuItemInfoW, IsIconic, BeginPaint, EndPaint, DrawEdge, GetForegroundWindow, GetKeyState, PostThreadMessageW, wsprintfW, GetClientRect, SetScrollInfo, ShowWindow, SetWindowPos, SetMenu, GetDlgItem, MapWindowPoints, SendMessageW, GetMenu, CheckMenuRadioItem, CheckMenuItem, DeleteMenu, LoadStringW, SetWindowTextW, GetClassInfoW, RegisterClassW, GetDC, ReleaseDC, SystemParametersInfoW, GetWindowLongW, SetWindowLongW, CallWindowProcW, DefWindowProcW, RemoveMenu, GetWindowLongA
> ntdll.dll: _chkstk, _snwprintf, RtlUnwind, _wcsicmp, NtQueryVirtualMemory, NtOpenThread, NtClose, strrchr, RtlLargeIntegerToChar, RtlAnsiStringToUnicodeString, _ui64tow, mbstowcs, memmove, NtQuerySystemInformation, wcstol, NtShutdownSystem, NtInitiatePowerAction, NtPowerInformation, RtlTimeToElapsedTimeFields
> iphlpapi.dll: GetInterfaceInfo, GetNumberOfInterfaces, NhGetInterfaceNameFromDeviceGuid, GetIfEntry
> COMCTL32.dll: -, ImageList_Remove, ImageList_ReplaceIcon, ImageList_SetIconSize, ImageList_Create, CreateStatusWindowW
> SHLWAPI.dll: StrStrIW, -, StrFormatByteSizeW, -, wnsprintfW
> SHELL32.dll: Shell_NotifyIconW, -, ShellAboutW, -, -, -, -
> Secur32.dll: GetUserNameExW
> VDMDBG.dll: VDMEnumTaskWOWEx, VDMTerminateTaskWOW

d:\windows\system32\eEmpty.exe:

Antivirus Version Last Update Result
a-squared 4.0.0.101 2009.03.04 -
AhnLab-V3 5.0.0.2 2009.02.27 -
AntiVir 7.9.0.98 2009.03.03 -
Authentium 5.1.0.4 2009.03.04 -
Avast 4.8.1335.0 2009.03.04 -
AVG 8.0.0.237 2009.03.03 -
BitDefender 7.2 2009.03.04 -
CAT-QuickHeal 10.00 2009.03.03 -
ClamAV 0.94.1 2009.03.03 -
Comodo 1021 2009.03.03 -
DrWeb 4.44.0.09170 2009.03.03 -
eSafe 7.0.17.0 2009.03.03 -
eTrust-Vet 31.6.6381 2009.03.03 -
F-Prot 4.4.4.56 2009.03.04 -
F-Secure 8.0.14470.0 2009.03.03 -
Fortinet 3.117.0.0 2009.03.04 -
GData 19 2009.03.04 -
Ikarus T3.1.1.45.0 2009.03.04 -
K7AntiVirus 7.10.656 2009.03.03 -
Kaspersky 7.0.0.125 2009.03.04 -
McAfee 5542 2009.03.03 -
McAfee+Artemis 5542 2009.03.03 -
Microsoft 1.4405 2009.03.04 -
NOD32 3906 2009.03.03 -
Norman 6.00.06 2009.03.03 -
nProtect 2009.1.8.0 2009.03.04 -
Panda 10.0.0.10 2009.03.03 -
PCTools 4.4.2.0 2009.03.03 -
Prevx1 V2 2009.03.04 -
Rising 21.19.11.00 2009.03.03 -
SecureWeb-Gateway 6.7.6 2009.03.03 -
Sophos 4.39.0 2009.03.04 -
Sunbelt 3.2.1858.2 2009.03.02 -
Symantec 10 2009.03.04 -
TheHacker 6.3.2.7.271 2009.03.03 -
TrendMicro 8.700.0.1004 2009.03.03 -
VBA32 3.12.10.1 2009.03.03 -
ViRobot 2009.3.3.1632 2009.03.04 -
VirusBuster 4.5.11.0 2009.03.03 -
Additional information
File size: 28672 bytes
MD5...: 531c58770c9c4c5c8715dc141abd4ddd
SHA1..: 592520b5c123fb1a558d3aed687c12be1a19d973
SHA256: 8c61e30b251d4756a3081ef1b70f96c90ebe5713a9966dc20721af9c4165d1e9
SHA512: aa14c3c3a62e6f9df79b2e8dc4711fede8352dab092156ae8ffbde33803b413d
90ae3d05dd2164cf111d98f1f7d4c5dc6e1e3e63956cbdd8dc39143afd069aa0
ssdeep: 384:Wg0MvVx9fzmlXUBWEYHyyBYrh6oZqWtR:LfXKTHyY+h6on
PEiD..: Armadillo v1.71
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1010
timedatestamp.....: 0x48ef47c1 (Fri Oct 10 12:17:05 2008)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x288e 0x3000 5.91 198f4e38f8e14d9c5d88044d22617c84
.rdata 0x4000 0x736 0x1000 3.01 30beb8b339ff491f47a323f852d5e3c0
.data 0x5000 0x9bc 0x1000 0.87 5dd0366f742b8f20fd3b8ef03763cab4
.rsrc 0x6000 0x6a8 0x1000 2.23 1b4e4145b58e683ef4eac921fcc561f4

( 1 imports )
> KERNEL32.dll: GetModuleHandleA, GetStartupInfoA, GetCommandLineA, GetVersion, ExitProcess, TerminateProcess, GetCurrentProcess, UnhandledExceptionFilter, GetModuleFileNameA, FreeEnvironmentStringsA, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStrings, GetEnvironmentStringsW, SetHandleCount, GetStdHandle, GetFileType, HeapDestroy, HeapCreate, VirtualFree, HeapFree, RtlUnwind, WriteFile, GetCPInfo, GetACP, GetOEMCP, HeapAlloc, VirtualAlloc, HeapReAlloc, GetProcAddress, LoadLibraryA, MultiByteToWideChar, LCMapStringA, LCMapStringW, GetStringTypeA, GetStringTypeW



D:\sysrun23.dll:

Antivirus Version Last Update Result
a-squared 4.0.0.101 2009.03.09 -
AhnLab-V3 5.0.0.2 2009.02.27 -
AntiVir 7.9.0.107 2009.03.09 -
Authentium 5.1.0.4 2009.03.08 -
Avast 4.8.1335.0 2009.03.09 -
AVG 8.0.0.237 2009.03.09 -
BitDefender 7.2 2009.03.09 -
CAT-QuickHeal 10.00 2009.03.09 -
ClamAV 0.94.1 2009.03.06 -
Comodo 1039 2009.03.09 -
DrWeb 4.44.0.09170 2009.03.09 -
eSafe 7.0.17.0 2009.03.09 -
eTrust-Vet 31.6.6386 2009.03.06 -
F-Prot 4.4.4.56 2009.03.08 -
F-Secure 8.0.14470.0 2009.03.09 -
Fortinet 3.117.0.0 2009.03.09 -
GData 19 2009.03.09 -
Ikarus T3.1.1.45.0 2009.03.09 -
K7AntiVirus 7.10.664 2009.03.09 -
Kaspersky 7.0.0.125 2009.03.09 -
McAfee 5548 2009.03.09 -
McAfee+Artemis 5548 2009.03.09 -
Microsoft 1.4405 2009.03.09 -
NOD32 3921 2009.03.09 -
Norman 6.00.06 2009.03.06 -
nProtect 2009.1.8.0 2009.03.09 -
Panda 10.0.0.10 2009.03.09 -
PCTools 4.4.2.0 2009.03.09 -
Prevx1 V2 2009.03.09 -
Rising 21.20.02.00 2009.03.09 -
SecureWeb-Gateway 6.7.6 2009.03.09 -
Sophos 4.39.0 2009.03.09 -
Sunbelt 3.2.1858.2 2009.03.08 -
Symantec 1.4.4.12 2009.03.09 -
TheHacker 6.3.3.0.277 2009.03.09 -
TrendMicro 8.700.0.1004 2009.03.09 -
VBA32 3.12.10.1 2009.03.09 -
ViRobot 2009.3.9.1641 2009.03.09 -
VirusBuster 4.5.11.0 2009.03.09 -
Additional information
File size: 91 bytes
MD5...: df52cc4911b458c3b317e739b2a2730c
SHA1..: dd6cb1d9f54317e8d645d83b2dc1db2217289a2f
SHA256: 97918da5fe67eff5adf7b2f3fb9463d0906ed47878dac729efe03b1ce9836817
SHA512: 37fea60905a9077a84d230c88b65df606c4fc764587e7fdaa60d3a7e2998b15b
5f2f38b2fc3d897b0923c227c9a63f926b3d3bcac381ae31c46a7ebeb20e8869
ssdeep: 3:Aurp2ilv2PruUK69JiWn9VVMaNA:zUweDuUKO1nLV5W
PEiD..: -
TrID..: File type identification
Unknown!
PEInfo: -
__________________________________________

Goored:

GooredFix v1.9 by jpshortstuff
Log created at 13:21 on 09/03/2009 running Option #1 (Douglas Hawkins)
Firefox version 3.0.7 (en-US)

=====Suspect Goored Entries=====

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.7\extensions]
"Plugins"="D:\program files\Mozilla Firefox\plugins"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.7\extensions]
"Components"="D:\program files\Mozilla Firefox\components"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"jqs@sun.com"="D:\Program Files\Java\jre6\lib\deploy\jqs\ff"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{ABDE892B-13A8-4d1b-88E6-365A6E755758}"="C:\Program Files\Real\RealPlayer\browserrecord"

______________________________________________________________________________________


ComboFix:

ComboFix 09-03-06.02 - Douglas Hawkins 2009-03-09 13:25:15.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.992 [GMT -4:00]
Running from: d:\documents and settings\Douglas Hawkins\Desktop\ComboFix.exe
Command switches used :: d:\documents and settings\Douglas Hawkins\Desktop\CFScript.txt
AV: AVG 7.5.557 *On-access scanning disabled* (Updated)
FW: Webroot Internet Security Essentials *disabled*
FW: ZoneAlarm Firewall *disabled*
* Created a new restore point

FILE ::
d:\windows\ojmaczrh
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

d:\windows\ojmaczrh

.
((((((((((((((((((((((((( Files Created from 2009-02-09 to 2009-03-09 )))))))))))))))))))))))))))))))
.

2009-03-09 13:04 . 2008-10-01 19:37 262,144 --a------ d:\program files\Uninstall Spy Blocker.dll
2009-03-09 12:07 . 2009-03-09 12:10 1,976 --a------ d:\windows\system32\drivers\kgpcpy.cfg
2009-03-08 16:43 . 2009-03-08 16:43 <DIR> d-------- d:\windows\system32\127.0.0.1
2009-02-27 03:11 . 2009-02-27 03:11 1,409 --a------ d:\windows\system32\PGMUS.FOT
2009-02-27 03:11 . 2009-02-27 03:11 1,409 --a------ d:\windows\system32\pgjazz__.FOT
2009-02-27 03:02 . 2009-02-27 03:02 <DIR> d-------- d:\program files\Roland
2009-02-27 03:01 . 2009-02-27 03:01 <DIR> d-------- d:\program files\PowerTracks DirectX Plugins
2009-02-27 02:56 . 2009-02-27 03:14 <DIR> d-------- D:\bb
2009-02-25 01:18 . 2009-02-25 01:18 <DIR> d-------- d:\program files\Turbo Tube
2009-02-17 23:25 . 2009-02-17 23:30 <DIR> d-------- d:\program files\XP Repair Pro 2007
2009-02-16 16:36 . 2009-02-16 16:36 <DIR> d-------- d:\documents and settings\Douglas Hawkins\Application Data\Uniblue
2009-02-16 16:35 . 2009-02-16 16:35 <DIR> d-------- d:\program files\Uniblue
2009-02-16 16:35 . 2009-02-16 16:35 <DIR> d--h-c--- d:\documents and settings\All Users.WINDOWS\Application Data\{2840BBCB-9BEC-47F6-BA0F-10D3C34BF151}
2009-02-13 03:04 . 2009-02-13 03:04 <DIR> d-------- d:\documents and settings\All Users.WINDOWS\Application Data\MicroWorld
2009-02-13 03:04 . 2009-02-13 03:04 626,688 --a------ d:\windows\system32\msvcr80.dll
2009-02-13 03:04 . 2009-02-13 03:04 548,864 --a------ d:\windows\system32\msvcp80.dll
2009-02-13 03:04 . 2008-04-13 20:12 146,432 --a------ d:\windows\R.COM
2009-02-13 03:04 . 2008-04-13 20:12 135,680 --a------ d:\windows\system32\T.COM
2009-02-13 03:04 . 2009-02-13 03:04 28,672 --a------ d:\windows\system32\eEmpty.exe
2009-02-13 03:04 . 2005-09-23 00:22 522 --a------ d:\windows\system32\Microsoft.VC80.CRT.manifest
2009-02-13 03:04 . 2009-02-13 03:04 28 --a------ d:\windows\Lic.xxx
2009-02-12 01:00 . 2009-02-12 01:00 <DIR> d-------- D:\VundoFix Backups
2009-02-11 01:23 . 2009-02-11 01:23 <DIR> d-------- d:\program files\Webroot
2009-02-11 01:23 . 2009-02-11 01:23 <DIR> d-------- d:\documents and settings\Douglas Hawkins\Application Data\Webroot
2009-02-11 01:23 . 2009-02-11 01:28 <DIR> d-------- d:\documents and settings\All Users.WINDOWS\Application Data\Webroot
2009-02-11 01:23 . 2009-01-20 10:07 1,553,272 --a------ d:\windows\WRSetup.dll
2009-02-11 01:22 . 2009-02-11 01:22 164 --a------ D:\install.dat
2009-02-10 03:02 . 2009-02-10 03:02 <DIR> d-------- d:\program files\IObit
2009-02-10 03:02 . 2009-02-14 15:40 <DIR> d-------- d:\documents and settings\Douglas Hawkins\Application Data\IObit
2009-02-09 01:24 . 2009-02-09 01:30 <DIR> d-------- D:\fixwareout
2009-02-09 01:16 . 2009-02-09 01:16 73,728 --a------ d:\windows\system32\javacpl.cpl
2009-02-09 01:01 . 2009-02-09 01:02 <DIR> d-------- d:\documents and settings\Douglas Hawkins\.SunDownloadManager

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-09 17:23 --------- d-----w d:\documents and settings\All Users.WINDOWS\Application Data\STOPzilla!
2009-03-09 17:15 --------- d-----w d:\program files\Common Files\Adobe
2009-03-09 16:11 --------- d-----w d:\documents and settings\Douglas Hawkins\Application Data\Orbit
2009-03-09 16:10 --------- d-----w d:\documents and settings\All Users.WINDOWS\Application Data\avg7
2009-03-05 02:36 --------- d-----w d:\documents and settings\All Users.WINDOWS\Application Data\SITEguard
2009-02-28 02:07 --------- d-----w d:\program files\Microsoft Silverlight
2009-02-28 01:37 --------- d-----w d:\documents and settings\Douglas Hawkins\Application Data\AVG7
2009-02-27 07:02 --------- d--h--w d:\program files\InstallShield Installation Information
2009-02-26 00:17 --------- d-----w d:\documents and settings\Douglas Hawkins\Application Data\Move Networks
2009-02-25 08:22 416,768 ----a-w d:\windows\Internet Logs\xDB3.tmp
2009-02-25 01:06 --------- d-----w d:\program files\SUPERAntiSpyware
2009-02-21 19:02 3,895,620 ----a-w d:\windows\Internet Logs\tvDebug.Zip
2009-02-18 23:06 2,923,520 ----a-w d:\windows\Internet Logs\xDB2.tmp
2009-02-14 03:30 --------- d-----w d:\program files\Malwarebytes' Anti-Malware
2009-02-11 15:19 38,496 ----a-w d:\windows\system32\drivers\mbamswissarmy.sys
2009-02-11 15:19 15,504 ----a-w d:\windows\system32\drivers\mbam.sys
2009-02-11 08:27 --------- d-----w d:\documents and settings\All Users.WINDOWS\Application Data\Microsoft Help
2009-02-09 05:16 410,984 ----a-w d:\windows\system32\deploytk.dll
2009-02-09 05:15 --------- d-----w d:\program files\Java
2009-02-08 21:54 --------- d-----w d:\program files\ScanSuite
2009-02-07 06:54 --------- d-----w d:\program files\Trend Micro
2009-02-07 06:30 --------- d-----w d:\documents and settings\Douglas Hawkins\Application Data\Malwarebytes
2009-02-07 06:30 --------- d-----w d:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2009-02-07 06:28 --------- d-----w d:\program files\ERUNT
2009-02-05 20:16 --------- d-----w d:\program files\Common Files\Wise Installation Wizard
2009-02-05 20:16 --------- d-----w d:\documents and settings\Douglas Hawkins\Application Data\SUPERAntiSpyware.com
2009-02-05 07:38 --------- d-----w d:\program files\XoftSpySE
2009-02-01 19:50 --------- d-----w d:\program files\MSBuild
2009-02-01 19:50 --------- d-----w d:\program files\Microsoft Works
2009-02-01 19:48 --------- d-----w d:\program files\Microsoft.NET
2009-02-01 19:45 --------- d-----w d:\program files\Microsoft Visual Studio 8
2009-01-28 20:04 --------- d-----w d:\program files\Common Files\Intuit
2009-01-22 05:47 --------- d-----w d:\documents and settings\Douglas Hawkins\Application Data\Intuit
2009-01-22 05:45 --------- d-----w d:\program files\Common Files\AnswerWorks 5.0
2009-01-22 05:44 --------- d-----w d:\documents and settings\All Users.WINDOWS\Application Data\Intuit
2009-01-22 05:42 --------- d-----w d:\program files\TurboTax
2009-01-18 06:20 91 ----a-w D:\sysrun23.dll
2009-01-18 06:14 --------- d-----w d:\program files\Northworks Solutions Ltd
2009-01-17 08:46 --------- d-----w d:\documents and settings\Douglas Hawkins\Application Data\Azureus
2009-01-14 03:03 102,523 ----a-w d:\windows\Internet Logs\zlclient_2nd_2009_01_13_11_13_20_small.dmp.zip
2009-01-12 07:45 --------- d-----w d:\program files\Common Files\eSellerate
2009-01-12 07:44 --------- d-----w d:\program files\AnswersThatWork
2009-01-05 22:33 3,751,995 ----a-w d:\windows\system32\GPhotos.scr
2008-12-20 23:15 826,368 ----a-w d:\windows\system32\wininet.dll
2008-12-17 22:26 17,408 ----a-r d:\windows\system32\SZIO5.dll
2008-12-17 22:25 282,624 ----a-r d:\windows\system32\SZBase5.dll
2008-12-17 22:24 540,672 ----a-r d:\windows\system32\SZComp5.dll
2008-07-03 02:47 1,568 ----a-w d:\documents and settings\Douglas Hawkins\Application Data\mpauth.dat
2007-09-05 16:53 65 ----a-w d:\program files\Common Files\appop.log
2003-07-02 05:00 12,800 ----a-w d:\documents and settings\Douglas Hawkins\cnmss Canon i960 (Local).exe
2008-01-31 07:19 132 --sha-r d:\windows\Regbak.dat
2008-08-02 01:57 32,768 --sha-w d:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008080120080802\index.dat
.

((((((((((((((((((((((((((((( SnapShot@2009-03-05_15.04.33.21 )))))))))))))))))))))))))))))))))))))))))
.
- 2005-10-21 01:02:28 163,328 ----a-w d:\windows\ERDNT\Hiv-backup\ERDNT.EXE
+ 2005-10-21 00:02:28 163,328 ----a-w d:\windows\ERDNT\Hiv-backup\ERDNT.EXE
+ 2007-12-12 19:06:42 295,606 ----a-r d:\windows\Installer\{AC76BA86-7AD7-1033-7B44-A90000000001}\SC_Reader.exe
- 2000-08-31 13:00:00 29,696 ----a-w d:\windows\NIRCMD.exe
+ 2000-08-31 12:00:00 29,696 ----a-w d:\windows\NIRCMD.exe
- 2000-08-31 13:00:00 161,792 ----a-w d:\windows\SWREG.exe
+ 2000-08-31 12:00:00 161,792 ----a-w d:\windows\SWREG.exe
- 2008-11-19 04:26:07 60,624 ----a-w d:\windows\system32\perfc009.dat
+ 2009-03-08 18:59:17 60,624 ----a-w d:\windows\system32\perfc009.dat
- 2008-11-19 04:26:07 400,464 ----a-w d:\windows\system32\perfh009.dat
+ 2009-03-08 18:59:17 400,464 ----a-w d:\windows\system32\perfh009.dat
+ 2009-03-09 16:08:29 16,384 ----atw d:\windows\Temp\Perflib_Perfdata_3ac.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteCenter"="d:\program files\Creative\MediaSource\RemoteControl\RCMan.EXE" [2003-10-08 139264]
"Creative Live! Cam Manager"="d:\program files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" [2006-09-06 143360]
"PC Suite Tray"="d:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-10-02 1124352]
"OCAEBNDVDUpdate"="d:\program files\ObjectCube\XXX2Burn DVD Wizard\xxx2burn.exe" [2006-12-13 1081344]
"Nokia.PCSync"="d:\program files\Nokia\Nokia PC Suite 7\PCSync2.exe" [2008-06-17 1249280]
"Google Update"="d:\documents and settings\Douglas Hawkins\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-12-17 133104]
"WMPNSCFG"="d:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
"SUPERAntiSpyware"="d:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-02-24 1830128]
"Advanced SystemCare 3"="d:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2009-01-09 2262352]
"ctfmon.exe"="d:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"XPRepairPro2007"="d:\program files\XP Repair Pro 2007\XPRepairPro.exe" [2007-07-04 1023624]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSysVol"="d:\program files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"CTDVDDET"="d:\program files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE" [2003-06-18 45056]
"SBDrvDet"="d:\program files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 45056]
"UpdReg"="d:\windows\UpdReg.EXE" [2000-05-11 90112]
"NeroFilterCheck"="d:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"WINCINEMAMGR"="d:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe" [2005-01-21 270336]
"type32"="d:\program files\Microsoft IntelliType Pro\type32.exe" [2003-05-15 114688]
"IntelliPoint"="d:\program files\Microsoft IntelliPoint\point32.exe" [2003-05-15 163840]
"Name of App"="d:\program files\SAMSUNG\FW LiveUpdate\FWManager.exe" [2008-07-07 675935]
"QuickTime Task"="d:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
"V0270Mon.exe"="d:\windows\V0270Mon.exe" [2006-09-26 32768]
"StartCCC"="d:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"CTHelper"="d:\windows\CTHELPER.EXE" [2006-08-11 17920]
"CTxfiHlp"="d:\windows\system32\CTXFIHLP.EXE" [2006-08-11 18944]
"PinnacleDriverCheck"="d:\windows\system32\PSDrvCheck.exe" [2004-03-10 406016]
"TkBellExe"="d:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-09-25 185896]
"AdobeCS4ServiceManager"="d:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"ZoneAlarm Client"="d:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-11-13 981904]
"AVG7_CC"="d:\progra~2\Grisoft\AVG7\avgcc.exe" [2009-02-24 590848]
"GrooveMonitor"="d:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"SunJavaUpdateSched"="d:\program files\Java\jre6\bin\jusched.exe" [2009-02-09 148888]
"Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="d:\progra~2\Grisoft\AVG7\avgw.exe" [2008-12-29 219136]

d:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Bluetooth.lnk - d:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-04-01 568176]
GammaTray.lnk - d:\program files\MagicTune Premium\GammaTray.exe [2008-05-21 36864]
NCProTray.lnk - d:\program files\SEC\Natural Color Pro\NCProTray.exe [2008-05-21 49220]
Orbit.lnk - d:\program files\Orbitdownloader\orbitdm.exe [2008-08-04 1703112]
PowerPanel.lnk - d:\program files\CyberPower\PowerPanel\PowPanel.exe [2008-11-05 615424]
Scanner Detector.lnk - d:\program files\ScanSuite\SDetect.exe [2009-02-08 29184]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "d:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 12:05 356352 d:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= vdrcodec.dll
"VIDC.MJPG"= Pvmjpg21.dll
"VIDC.PIM1"= pclepim1.dll
"msacm.avis"= ff_acm.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"

[HKLM\~\startupfolder\D:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
backup=d:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKLM\~\startupfolder\D:^Documents and Settings^Douglas Hawkins^Start Menu^Programs^Startup^OpenOffice.org 2.3.lnk]
backup=d:\windows\pss\OpenOffice.org 2.3.lnkStartup

[HKLM\~\startupfolder\D:^Documents and Settings^Douglas Hawkins^Start Menu^Programs^Startup^SDK Tray Menu.lnk]
backup=d:\windows\pss\SDK Tray Menu.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2008-03-25 16:21 50528 d:\program files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 12:54 5674352 d:\program files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
--a------ 2009-02-24 21:06 1830128 d:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\program files\\SightSpeed\\SightSpeed.exe"=
"d:\\program files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files (x86)\\Ares\\Ares.exe"=
"d:\\program files\\Ares\\Ares.exe"=
"d:\\program files\\common files\\AOL\\Loader\\aolload.exe"=
"d:\\program files\\AIM6\\aim6.exe"=
"d:\\program files\\Java\\jre1.5.0_01\\launch4j-tmp\\RKMediaCenter.exe"=
"d:\\program files\\Digital Integration Ltd\\PS Media Tunnel\\PSMediaTunnel.exe"=
"d:\\program files\\Messenger\\msmsgs.exe"=
"d:\\program files\\MSN Messenger\\msnmsgr.exe"=
"d:\\program files\\MSN Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\Administrator\\Desktop\\utorrent.exe"=
"d:\\program files\\Mozilla Firefox\\firefox.exe"=
"d:\\program files\\Bonjour\\mDNSResponder.exe"=
"d:\\program files\\MagicTune Premium\\MagicTune.exe"=
"d:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"d:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"d:\\Program Files\\ObjectCube\\XXX2Burn DVD Wizard\\AppUpdate.exe"=
"d:\\Program Files\\ObjectCube\\XXX2Burn DVD Wizard\\xxx2burn.exe"=
"d:\\program files\\common files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"d:\\program files\\Grisoft\\AVG7\\avginet.exe"=
"d:\\program files\\Grisoft\\AVG7\\avgamsvr.exe"=
"d:\\program files\\Grisoft\\AVG7\\avgcc.exe"=
"d:\\program files\\Grisoft\\AVG7\\avgemc.exe"=
"d:\\program files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"d:\\program files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"d:\\program files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6112:TCP"= 6112:TCP:Blizzard Downloader
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R0 ivicd;Ivi CDVD Filter Driver;d:\windows\system32\drivers\ivicd.sys [2007-09-05 38784]
R0 ssfs0bbc;ssfs0bbc;d:\windows\system32\drivers\ssfs0bbc.sys [2008-12-07 29808]
R0 szkg5;szkg;d:\windows\system32\drivers\SZKG.sys [2008-12-02 54656]
R1 SASDIFSV;SASDIFSV;d:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-01-15 8944]
R1 SASKUTIL;SASKUTIL;d:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-01-15 55024]
R2 PfDetNT;PfDetNT;d:\windows\system32\drivers\pfmodnt.sys [2006-08-11 8192]
R2 RVIEGVST;VSC VST Engine;d:\program files\Roland\Virtual Sound Canvas VST\RVIEg01VST.sys [2009-02-27 188276]
R2 WRConsumerService;Webroot Client Service;d:\program files\Webroot\WebrootSecurity\WRConsumerService.exe [2009-02-11 1090936]
R3 SASENUM;SASENUM;d:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-01-15 7408]
S2 Viewpoint Manager Service;Viewpoint Manager Service;"d:\program files\Viewpoint\Common\ViewpointService.exe" --> d:\program files\Viewpoint\Common\ViewpointService.exe [?]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;d:\program files\MAGIX\Common\Database\bin\fbserver.exe [2009-01-07 1527900]
S3 iviudf;iviudf;d:\windows\system32\drivers\IviUdf.sys [2007-09-05 116224]
S3 VF0270Dev;Live! Cam Optia;d:\windows\system32\drivers\V0270Dev.sys [2007-09-05 225632]
S3 VF0270Vfx;VF0270 Video FX;d:\windows\system32\drivers\V0270Vfx.sys [2007-09-05 6912]

--- Other Services/Drivers In Memory ---

*Deregistered* - udffsrec

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ee457f80-cae0-11dd-9a94-00d041a1ca43}]
\Shell\AutoRun\command - k:\wd_windows_tools\Setup.exe
.
Contents of the 'Scheduled Tasks' folder

2009-03-06 d:\windows\Tasks\AppleSoftwareUpdate.job
- d:\program files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 13:42]

2009-03-09 d:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-448539723-725345543-1004.job
- d:\documents and settings\Douglas Hawkins\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-17 19:57]

2009-03-08 d:\windows\Tasks\XoftSpySE 2.job
- d:\program files\XoftSpySE\XoftSpy.exe [2009-01-28 10:29]

2009-02-24 d:\windows\Tasks\XoftSpySE.job
- d:\program files\XoftSpySE\XoftSpy.exe [2009-01-28 10:29]
.
.
------- Supplementary Scan -------
.
uStart Page = google.com
IE: &Download by Orbit - d:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - d:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Add to Google Photos Screensa&ver - d:\windows\system32\GPhotos.scr/200
IE: Do&wnload selected by Orbit - d:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - d:\program files\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - d:\progra~2\MI1933~1\Office12\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - d:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - d:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - d:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - d:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Send to &Bluetooth Device... - d:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
LSP: d:\program files\Common Files\iS3\Anti-Spyware\iS3lsp.dll
Trusted Zone: aol.com\free
FF - ProfilePath - d:\documents and settings\Douglas Hawkins\Application Data\Mozilla\Firefox\Profiles\0dqawfms.default\
FF - prefs.js: browser.search.selectedEngine - Search
FF - component: d:\documents and settings\Douglas Hawkins\Application Data\Mozilla\Firefox\Profiles\0dqawfms.default\extensions\bkmrksync@nokia.com\components\BkMrkExt.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll
FF - plugin: d:\documents and settings\Douglas Hawkins\Application Data\Mozilla\Firefox\Profiles\0dqawfms.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: d:\documents and settings\Douglas Hawkins\Local Settings\Application Data\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: d:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: d:\program files\kSolo\npAVX.dll
FF - plugin: d:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: d:\program files\Mozilla Firefox\plugins\nppopcaploader.dll
FF - plugin: d:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: d:\program files\Mozilla Firefox\plugins\NPZoneSB.dll
FF - plugin: d:\program files\Opera\program\plugins\npdivx32.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-09 13:30:03
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="d:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,0c,65,d7,16,ae,
4d,a7,7f,e2,63,26,f1,3f,c8,ff,68,05,ca,49,2f,b8,4e,96,4f,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="d:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,bb,70,2c,04,ee,
72,4f,c3,6a,9c,d6,61,af,45,84,18,a0,90,6d,12,62,9d,85,fa,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="d:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,79,05,23,52,0c,
e3,dc,4b,ff,7c,85,e0,43,d4,0e,fe,05,6b,37,37,1f,2c,c1,29,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="d:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,ca,ee,86,ce,6c,
42,6e,08,86,8c,21,01,be,91,eb,e7,a9,1b,ab,36,eb,ce,f0,83,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="d:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,39,d3,b4,da,60,
ae,e5,5e,f5,1d,4d,73,a8,13,5c,05,f1,cb,9f,5f,68,18,1a,54,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="d:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:50,93,e5,ab,ec,6a,4e,ab,ba,01,49,d5,4e,
4d,e1,b0,df,20,58,62,78,6b,cf,c8,67,ff,07,5f,a0,43,ee,63,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="d:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,24,3a,60,66,77,
8e,af,1c,fb,a7,78,e6,12,2f,9a,ea,06,4e,86,a5,68,72,10,40,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="d:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,00,a2,0d,bc,56,
2b,87,a2,01,3a,48,fc,e8,04,4a,f1,fc,f3,96,1b,a9,9a,7e,81,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="d:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,a7,a8,ee,54,ef,
a9,c3,57,f6,0f,4e,58,98,5b,89,c9,a9,d3,7c,20,b3,71,6a,7f,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="d:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,67,b4,14,bc,03,
79,13,74,3d,ce,ea,26,2d,45,aa,78,17,5d,e6,bf,9d,00,ce,ac,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="d:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,14,dd,97,24,e2,
99,a0,69,2a,b7,cc,b5,b9,7f,41,e7,9f,59,cc,2e,91,3e,99,f1,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="d:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,8d,99,9d,e1,59,
a3,35,0d,6c,43,2d,1e,aa,22,2f,9c,1e,c6,58,33,db,f1,03,24,6c,43,2d,1e,aa,22,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(748)
d:\program files\SUPERAntiSpyware\SASWINLO.dll
d:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

- - - - - - - > 'lsass.exe'(804)
d:\program files\Common Files\iS3\Anti-Spyware\iS3lsp.dll
.
Completion time: 2009-03-09 13:32:43
ComboFix-quarantined-files.txt 2009-03-09 17:31:47
ComboFix2.txt 2009-03-05 20:05:48

Pre-Run: 93,860,114,432 bytes free
Post-Run: 94,222,647,296 bytes free

375 --- E O F --- 2009-02-28 02:01:05

_____________________________________________________

Kapersky:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Monday, March 9, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, March 09, 2009 18:46:55
Records in database: 1883212
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\

Scan statistics:
Files scanned: 230215
Threat name: 0
Infected objects: 0
Suspicious objects: 0
Duration of the scan: 03:13:58

No malware has been detected. The scan area is clean.

The selected area was scanned.
_______________________________________________________

DDS:


DDS (Ver_09-02-01.01) - NTFSx86
Run by Douglas Hawkins at 17:18:36.15 on Mon 03/09/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_12
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1111 [GMT -4:00]

AV: AVG 7.5.557 *On-access scanning enabled* (Updated)
FW: Webroot Internet Security Essentials *disabled*
FW: ZoneAlarm Firewall *disabled*

============== Running Processes ===============

D:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
D:\WINDOWS\system32\Ati2evxx.exe
D:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
D:\WINDOWS\System32\svchost.exe -k netsvcs
D:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
D:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
D:\WINDOWS\system32\spoolsv.exe
D:\PROGRA~2\Grisoft\AVG7\avgamsvr.exe
D:\PROGRA~2\Grisoft\AVG7\avgupsvc.exe
D:\PROGRA~2\Grisoft\AVG7\avgemc.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\WINDOWS\System32\CTsvcCDA.exe
D:\WINDOWS\System32\svchost.exe -k HTTPFilter
D:\Program Files\Java\jre6\bin\jqs.exe
D:\program files\MagicTune Premium\MagicTuneEngine.exe
D:\WINDOWS\System32\svchost.exe -k imgsvc
D:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
D:\Program Files\Microsoft IntelliType Pro\type32.exe
D:\Program Files\Microsoft IntelliPoint\point32.exe
D:\program files\SAMSUNG\FW LiveUpdate\FWManager.exe
D:\WINDOWS\V0270Mon.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\PROGRA~2\Grisoft\AVG7\avgcc.exe
D:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
D:\Program Files\Java\jre6\bin\jusched.exe
D:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
D:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe
D:\Program Files\Nokia\Nokia PC Suite 7\PCSync2.exe
D:\Documents and Settings\Douglas Hawkins\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
D:\Program Files\Windows Media Player\WMPNSCFG.exe
D:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
D:\WINDOWS\system32\ctfmon.exe
D:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
D:\program files\MagicTune Premium\GammaTray.exe
D:\program files\SEC\Natural Color Pro\NCProTray.exe
D:\program files\Orbitdownloader\orbitdm.exe
D:\program files\CyberPower\PowerPanel\PowPanel.exe
D:\program files\Orbitdownloader\orbitnet.exe
D:\WINDOWS\System32\MsPMSPSv.exe
D:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
D:\Program Files\PC Connectivity Solution\ServiceLayer.exe
D:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
D:\Program Files\PC Connectivity Solution\Transports\NclRSSrv.exe
D:\Program Files\PC Connectivity Solution\Transports\NclBCBTSrv.exe
D:\program files\Google\Gmail Notifier\gnotify.exe
D:\WINDOWS\explorer.exe
D:\program files\Mozilla Firefox\firefox.exe
D:\Documents and Settings\Douglas Hawkins\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = google.com
BHO: ZILLAbar Browser Helper Object: {1827766b-9f49-4854-8034-f6ee26fcb1ec} - d:\program files\stopzilla!\SZSG.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - d:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - d:\progra~2\spybot~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - d:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\program files\java\jre6\bin\jp2ssv.dll
BHO: STOPzilla Browser Helper Object: {e3215f20-3212-11d6-9f8b-00d0b743919d} - d:\program files\stopzilla!\SZIEBHO.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - d:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - d:\program files\canon\easy-webprint\Toolband.dll
TB: STOPzilla: {98828ded-a591-462f-83ba-d2f62a68b8b8} - d:\program files\stopzilla!\SZSG.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [RemoteCenter] "d:\program files\creative\mediasource\remotecontrol\RCMan.EXE"
uRun: [Creative Live! Cam Manager] "d:\program files\creative\creative live! cam\live! cam manager\CTLCMgr.exe"
uRun: [PC Suite Tray] "d:\program files\nokia\nokia pc suite 7\PCSuite.exe" -onlytray
uRun: [OCAEBNDVDUpdate] "d:\program files\objectcube\xxx2burn dvd wizard\xxx2burn.exe" /update
uRun: [Nokia.PCSync] "d:\program files\nokia\nokia pc suite 7\PCSync2.exe" /NoDialog
uRun: [Google Update] "d:\documents and settings\douglas hawkins\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [WMPNSCFG] "d:\program files\windows media player\WMPNSCFG.exe"
uRun: [SUPERAntiSpyware] "d:\program files\superantispyware\SUPERAntiSpyware.exe"
uRun: [Advanced SystemCare 3] "d:\program files\iobit\advanced systemcare 3\AWC.exe" /startup
uRun: [ctfmon.exe] d:\windows\system32\ctfmon.exe
uRun: [XPRepairPro2007] d:\program files\xp repair pro 2007\XPRepairPro.exe /r
mRun: [CTSysVol] "d:\program files\creative\sbaudigy2zs\surround mixer\CTSysVol.exe" /r
mRun: [CTDVDDET] "d:\program files\creative\sbaudigy2zs\dvdaudio\CTDVDDet.EXE"
mRun: [SBDrvDet] "d:\program files\creative\sb drive det\SBDrvDet.exe" /r
mRun: [UpdReg] "d:\windows\UpdReg.EXE"
mRun: [NeroFilterCheck] "d:\windows\system32\NeroCheck.exe"
mRun: [WINCINEMAMGR] "d:\program files\intervideo\common\bin\WinCinemaMgr.exe"
mRun: [type32] "d:\program files\microsoft intellitype pro\type32.exe"
mRun: [IntelliPoint] "d:\program files\microsoft intellipoint\point32.exe"
mRun: [Name of App] "d:\program files\samsung\fw liveupdate\FWManager.exe" r
mRun: [QuickTime Task] "d:\program files\quicktime\qttask.exe" -atboottime
mRun: [V0270Mon.exe] "d:\windows\V0270Mon.exe"
mRun: [StartCCC] "d:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"
mRun: [CTHelper] "d:\windows\CTHELPER.EXE"
mRun: [CTxfiHlp] "d:\windows\system32\CTXFIHLP.EXE"
mRun: [PinnacleDriverCheck] "d:\windows\system32\PSDrvCheck.exe" -CheckReg
mRun: [TkBellExe] "d:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [AdobeCS4ServiceManager] "d:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [ZoneAlarm Client] "d:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [AVG7_CC] "d:\progra~2\grisoft\avg7\avgcc.exe" /STARTUP
mRun: [GrooveMonitor] "d:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [SunJavaUpdateSched] "d:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "d:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
dRun: [AVG7_Run] d:\progra~2\grisoft\avg7\avgw.exe /RUNONCE
StartupFolder: d:\docume~1\dougla~1\startm~1\programs\startup\BJSTAT~1.LNK -
StartupFolder: d:\docume~1\alluse~1.win\startm~1\programs\startup\blueto~1.lnk - d:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: d:\docume~1\alluse~1.win\startm~1\programs\startup\gammat~1.lnk - d:\program files\magictune premium\GammaTray.exe
StartupFolder: d:\docume~1\alluse~1.win\startm~1\programs\startup\ncprot~1.lnk - d:\program files\sec\natural color pro\NCProTray.exe
StartupFolder: d:\docume~1\alluse~1.win\startm~1\programs\startup\orbit.lnk - d:\program files\orbitdownloader\orbitdm.exe
StartupFolder: d:\docume~1\alluse~1.win\startm~1\programs\startup\powerp~1.lnk - d:\program files\cyberpower\powerpanel\PowPanel.exe
StartupFolder: d:\docume~1\alluse~1.win\startm~1\programs\startup\scanne~1.lnk - d:\program files\scansuite\SDetect.exe
IE: &Download by Orbit - d:\program files\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - d:\program files\orbitdownloader\orbitmxt.dll/204
IE: Add to Google Photos Screensa&ver - d:\windows\system32\GPhotos.scr/200
IE: Do&wnload selected by Orbit - d:\program files\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - d:\program files\orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - d:\progra~2\mi1933~1\office12\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - d:\program files\canon\easy-webprint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - d:\program files\canon\easy-webprint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - d:\program files\canon\easy-webprint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - d:\program files\canon\easy-webprint\Resource.dll/RC_Print.html
IE: Send to &Bluetooth Device... - d:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - d:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - d:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - d:\progra~2\mi1933~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - d:\progra~2\mi1933~1\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - d:\progra~2\spybot~1\SDHelper.dll
LSP: d:\program files\common files\is3\anti-spyware\iS3lsp.dll
Trusted Zone: aol.com\free
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1189008553700
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1200453490671
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/su2/CTL_V02002/ocx/15030/CTPID.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - d:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: !SASWinLogon - d:\program files\superantispyware\SASWINLO.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - d:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - d:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - d:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - d:\docume~1\dougla~1\applic~1\mozilla\firefox\profiles\0dqawfms.default\
FF - prefs.js: browser.search.selectedEngine - Search
FF - component: d:\documents and settings\douglas hawkins\application data\mozilla\firefox\profiles\0dqawfms.default\extensions\bkmrksync@nokia.com\components\BkMrkExt.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nppl3260.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprjplug.dll
FF - plugin: c:\program files\real\realplayer\netscape6\nprpjplug.dll
FF - plugin: d:\documents and settings\douglas hawkins\application data\mozilla\firefox\profiles\0dqawfms.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: d:\documents and settings\douglas hawkins\local settings\application data\google\update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: d:\program files\google\picasa3\npPicasa3.dll
FF - plugin: d:\program files\ksolo\npAVX.dll
FF - plugin: d:\program files\mozilla firefox\plugins\nppopcaploader.dll
FF - plugin: d:\program files\mozilla firefox\plugins\NPTURNMED.dll
FF - plugin: d:\program files\mozilla firefox\plugins\NPZoneSB.dll
FF - plugin: d:\program files\opera\program\plugins\npdivx32.dll

============= SERVICES / DRIVERS ===============

R0 ivicd;Ivi CDVD Filter Driver;d:\windows\system32\drivers\ivicd.sys [2007-9-5 38784]
R0 ssfs0bbc;ssfs0bbc;d:\windows\system32\drivers\ssfs0bbc.sys [2008-12-7 29808]
R0 szkg5;szkg;d:\windows\system32\drivers\SZKG.sys [2008-12-2 54656]
R1 Avg7Core;AVG7 Kernel;d:\windows\system32\drivers\avg7core.sys [2008-12-29 821856]
R1 Avg7RsW;AVG7 Wrap Driver;d:\windows\system32\drivers\avg7rsw.sys [2008-12-29 4224]
R1 Avg7RsXP;AVG7 Resident Driver XP;d:\windows\system32\drivers\avg7rsxp.sys [2008-12-29 27776]
R1 AvgClean;AVG7 Clean Driver;d:\windows\system32\drivers\avgclean.sys [2008-12-29 10760]
R1 SASDIFSV;SASDIFSV;d:\program files\superantispyware\sasdifsv.sys [2009-1-15 8944]
R1 SASKUTIL;SASKUTIL;d:\program files\superantispyware\SASKUTIL.SYS [2009-1-15 55024]
R1 vsdatant;vsdatant;d:\windows\system32\vsdatant.sys [2008-10-1 353680]
R2 aawservice;Ad-Aware 2007 Service;d:\program files\lavasoft\ad-aware 2007\aawservice.exe [2007-10-29 587096]
R2 Avg7Alrt;AVG7 Alert Manager Server;d:\progra~2\grisoft\avg7\avgamsvr.exe [2008-12-29 418816]
R2 Avg7UpdSvc;AVG7 Update Service;d:\progra~2\grisoft\avg7\avgupsvc.exe [2008-12-29 49664]
R2 AVGEMS;AVG E-mail Scanner;d:\progra~2\grisoft\avg7\avgemc.exe [2008-12-29 406528]
R2 AvgTdi;AVG Network Redirector;d:\windows\system32\drivers\avgtdi.sys [2008-12-29 4960]
R2 PfDetNT;PfDetNT;d:\windows\system32\drivers\pfmodnt.sys [2006-8-11 8192]
R2 RVIEGVST;VSC VST Engine;d:\program files\roland\virtual sound canvas vst\RVIEg01VST.sys [2009-2-27 188276]
R2 WebrootSpySweeperService;Webroot Spy Sweeper Engine;d:\program files\webroot\webrootsecurity\SpySweeper.exe [2008-12-7 3671408]
R2 WRConsumerService;Webroot Client Service;d:\program files\webroot\webrootsecurity\WRConsumerService.exe [2009-2-11 1090936]
R3 SASENUM;SASENUM;d:\program files\superantispyware\SASENUM.SYS [2009-1-15 7408]
S2 Viewpoint Manager Service;Viewpoint Manager Service;"d:\program files\viewpoint\common\viewpointservice.exe" --> d:\program files\viewpoint\common\ViewpointService.exe [?]
S2 vsmon;TrueVector Internet Monitor;d:\windows\system32\zonelabs\vsmon.exe -service --> d:\windows\system32\zonelabs\vsmon.exe -service [?]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;d:\program files\magix\common\database\bin\fbserver.exe [2009-1-7 1527900]
S3 iviudf;iviudf;d:\windows\system32\drivers\IviUdf.sys [2007-9-5 116224]
S3 VF0270Dev;Live! Cam Optia;d:\windows\system32\drivers\V0270Dev.sys [2007-9-5 225632]
S3 VF0270Vfx;VF0270 Video FX;d:\windows\system32\drivers\V0270Vfx.sys [2007-9-5 6912]

=============== Created Last 30 ================

2009-03-09 13:24 <DIR> --d----- D:\ComboFix
2009-03-09 13:04 262,144 a------- d:\program files\Uninstall Spy Blocker.dll
2009-03-09 12:07 1,976 a------- d:\windows\system32\drivers\kgpcpy.cfg
2009-03-08 16:43 <DIR> --d----- d:\windows\system32\127.0.0.1
2009-02-27 03:11 1,409 a------- d:\windows\system32\PGMUS.FOT
2009-02-27 03:11 1,409 a------- d:\windows\system32\pgjazz__.FOT
2009-02-27 03:02 <DIR> --d----- d:\program files\Roland
2009-02-27 03:01 <DIR> --d----- d:\program files\PowerTracks DirectX Plugins
2009-02-27 02:56 <DIR> --d----- D:\bb
2009-02-25 01:18 <DIR> --d----- d:\program files\Turbo Tube
2009-02-17 23:25 <DIR> --d----- d:\program files\XP Repair Pro 2007
2009-02-16 16:36 <DIR> --d----- d:\docume~1\dougla~1\applic~1\Uniblue
2009-02-16 16:35 <DIR> --d----- d:\program files\Uniblue
2009-02-16 16:35 <DIR> -cd-h--- d:\docume~1\alluse~1.win\applic~1\{2840BBCB-9BEC-47F6-BA0F-10D3C34BF151}
2009-02-13 03:04 28 a------- d:\windows\Lic.xxx
2009-02-13 03:04 626,688 a------- d:\windows\system32\msvcr80.dll
2009-02-13 03:04 548,864 a------- d:\windows\system32\msvcp80.dll
2009-02-13 03:04 28,672 a------- d:\windows\system32\eEmpty.exe
2009-02-13 03:04 522 a------- d:\windows\system32\Microsoft.VC80.CRT.manifest
2009-02-13 03:04 135,680 a------- d:\windows\system32\T.COM
2009-02-13 03:04 146,432 a------- d:\windows\R.COM
2009-02-13 03:04 <DIR> --d----- d:\docume~1\alluse~1.win\applic~1\MicroWorld
2009-02-12 01:00 <DIR> --d----- D:\VundoFix Backups
2009-02-11 01:23 1,553,272 a------- d:\windows\WRSetup.dll
2009-02-11 01:23 <DIR> --d----- d:\program files\Webroot
2009-02-11 01:23 <DIR> --d----- d:\docume~1\dougla~1\applic~1\Webroot
2009-02-11 01:23 <DIR> --d----- d:\docume~1\alluse~1.win\applic~1\Webroot
2009-02-11 01:22 164 a------- D:\install.dat
2009-02-10 03:02 <DIR> --d----- d:\program files\IObit
2009-02-10 03:02 <DIR> --d----- d:\docume~1\dougla~1\applic~1\IObit
2009-02-09 01:24 <DIR> --d----- D:\fixwareout
2009-02-09 01:16 73,728 a------- d:\windows\system32\javacpl.cpl
2009-02-09 01:01 <DIR> --d----- d:\documents and settings\douglas hawkins\.SunDownloadManager
2009-02-08 17:46 117 a------- d:\windows\Ulead32.INI
2009-02-08 17:45 21,288 a------- d:\windows\system32\msmusd.dll
2009-02-08 17:45 <DIR> --d----- D:\Microtek
2009-02-08 17:30 306,688 a------- d:\windows\uninstss.bin
2009-02-08 17:30 <DIR> --d----- d:\program files\ScanSuite
2009-02-08 17:28 53,760 ac------ d:\windows\system32\dllcache\wiamsmud.dll
2009-02-08 17:28 53,760 a------- d:\windows\system32\wiamsmud.dll
2009-02-08 17:28 28,160 ac------ d:\windows\system32\dllcache\sm91w.dll
2009-02-08 17:28 28,160 a------- d:\windows\system32\sm91w.dll
2009-02-08 17:28 15,104 ac------ d:\windows\system32\dllcache\usbscan.sys
2009-02-08 17:28 15,104 a------- d:\windows\system32\drivers\USBSCAN.SYS

==================== Find3M ====================

2009-02-11 11:19 38,496 a------- d:\windows\system32\drivers\mbamswissarmy.sys
2009-02-11 11:19 15,504 a------- d:\windows\system32\drivers\mbam.sys
2009-02-09 01:16 410,984 a------- d:\windows\system32\deploytk.dll
2009-01-18 02:20 91 a------- D:\sysrun23.dll
2009-01-05 18:33 3,751,995 a------- d:\windows\system32\GPhotos.scr
2008-12-20 19:15 826,368 a------- d:\windows\system32\wininet.dll
2008-12-17 18:26 17,408 a----r-- d:\windows\system32\SZIO5.dll
2008-12-17 18:25 282,624 a----r-- d:\windows\system32\SZBase5.dll
2008-12-17 18:24 540,672 a----r-- d:\windows\system32\SZComp5.dll
2008-07-02 22:47 1,568 a------- d:\docume~1\dougla~1\applic~1\mpauth.dat
2007-09-05 12:53 65 a------- d:\program files\common files\appop.log
2003-07-02 01:00 12,800 a------- d:\documents and settings\douglas hawkins\cnmss Canon i960 (Local).exe
2008-01-31 03:19 132 a--shr-- d:\windows\Regbak.dat
2008-08-01 21:57 32,768 a--sh--- d:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008080120080802\index.dat

============= FINISH: 17:19:04.48 ===============

_______________________________________________________________________

Attach Log from DDS:


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-02-01.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 9/5/2007 10:58:25 AM
System Uptime: 3/9/2009 11:07:11 AM (6 hours ago)

Motherboard: ASUSTeK Computer INC. | | A8N-SLI DELUXE
Processor: AMD Athlon™ 64 X2 Dual Core Processor 4200+ | Socket 939 | 2211/200mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 186 GiB total, 108.04 GiB free.
D: is FIXED (NTFS) - 186 GiB total, 87.698 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: PCI Memory Controller
Device ID: PCI\VEN_10DE&DEV_005E&SUBSYS_00000000&REV_A3\3&2411E6FE&0&00
Manufacturer:
Name: PCI Memory Controller
PNP Device ID: PCI\VEN_10DE&DEV_005E&SUBSYS_00000000&REV_A3\3&2411E6FE&0&00
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: SM Bus Controller
Device ID: PCI\VEN_10DE&DEV_0052&SUBSYS_815A1043&REV_A2\3&2411E6FE&0&09
Manufacturer:
Name: SM Bus Controller
PNP Device ID: PCI\VEN_10DE&DEV_0052&SUBSYS_815A1043&REV_A2\3&2411E6FE&0&09
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Universal Serial Bus (USB) Controller
Device ID: PCI\VEN_10DE&DEV_005B&SUBSYS_815A1043&REV_A3\3&2411E6FE&0&11
Manufacturer:
Name: Universal Serial Bus (USB) Controller
PNP Device ID: PCI\VEN_10DE&DEV_005B&SUBSYS_815A1043&REV_A3\3&2411E6FE&0&11
Service:

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Realtek RTL8139 Family PCI Fast Ethernet NIC
Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_813910EC&REV_10\4&13699180&0&3848
Manufacturer: Realtek
Name: Realtek RTL8139 Family PCI Fast Ethernet NIC
PNP Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_813910EC&REV_10\4&13699180&0&3848
Service: rtl8139

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: RAID Controller
Device ID: PCI\VEN_1095&DEV_3114&SUBSYS_81671043&REV_02\4&13699180&0&5048
Manufacturer:
Name: RAID Controller
PNP Device ID: PCI\VEN_1095&DEV_3114&SUBSYS_81671043&REV_02\4&13699180&0&5048
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Ethernet Controller
Device ID: PCI\VEN_11AB&DEV_4320&SUBSYS_811A1043&REV_13\4&13699180&0&6048
Manufacturer:
Name: Ethernet Controller
PNP Device ID: PCI\VEN_11AB&DEV_4320&SUBSYS_811A1043&REV_13\4&13699180&0&6048
Service:

Class GUID: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Description: Other PCI Bridge Device
Device ID: PCI\VEN_10DE&DEV_0057&SUBSYS_81411043&REV_A3\3&2411E6FE&0&50
Manufacturer:
Name: Other PCI Bridge Device
PNP Device ID: PCI\VEN_10DE&DEV_0057&SUBSYS_81411043&REV_A3\3&2411E6FE&0&50
Service:

Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia 6555b
Device ID: ROOT\WPD\0000
Manufacturer: Nokia
Name: Nokia 6555b
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd

==== System Restore Points ===================

RP1: 2/11/2009 12:33:24 AM - System Checkpoint
RP2: 2/11/2009 3:13:25 AM - Software Distribution Service 3.0
RP3: 2/14/2009 2:05:20 PM - System Checkpoint
RP4: 2/16/2009 2:40:58 PM - System Checkpoint
RP5: 2/16/2009 3:40:36 PM - Uniblue RegistryBooster 2009
RP6: 2/17/2009 10:24:59 PM - Installed XP Repair Pro 2007.
RP7: 2/17/2009 10:36:26 PM - XP Repair Pro Backup - 2/17/2009 22:36:22
RP8: 2/20/2009 10:11:43 PM - System Checkpoint
RP9: 2/22/2009 8:48:42 PM - System Checkpoint
RP10: 2/24/2009 8:49:01 PM - System Checkpoint
RP11: 2/25/2009 12:18:51 AM - Installed Tube Increaser
RP12: 2/27/2009 9:00:15 PM - Software Distribution Service 3.0
RP13: 3/1/2009 3:34:39 PM - System Checkpoint
RP14: 3/5/2009 11:21:51 AM - System Checkpoint
RP15: 3/5/2009 2:49:01 PM - ComboFix created restore point
RP16: 3/6/2009 3:31:56 PM - System Checkpoint
RP17: 3/7/2009 10:31:02 PM - System Checkpoint
RP18: 3/9/2009 12:15:04 PM - Removed Adobe Reader 8.1.2
RP19: 3/9/2009 12:19:30 PM - Installed Adobe Reader 9.
RP20: 3/9/2009 12:24:55 PM - ComboFix created restore point

==== Installed Programs ======================


2007 Microsoft Office Suite Service Pack 1 (SP1)
Acrobat.com
Ad-Aware 2007
Adobe AIR
Adobe Anchor Service CS3
Adobe Anchor Service CS4
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge CS4
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color Common Settings
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS3
Adobe Device Central CS4
Adobe Drive CS4
Adobe ExtendScript Toolkit 2
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe Linguistics CS4
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS3
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Reader 9
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Stock Photos CS3
Adobe Type Support CS4
Adobe Update Manager CS3
Adobe Update Manager CS4
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
Advanced SystemCare 3
AIM 6
Apple Software Update
Ares 2.0.9
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
Audacity 1.2.6
AutoUpdate
AVI Joiner version 1.22
AVI Video Joiner 1.2
AviSynth 2.5
AVS Video Converter 6
AVS4YOU Software Navigator 1.2
Band-in-a-Box 2009 (Build 279)
Canon i960
Canon Utilities Easy-PhotoPrint
Canon Utilities Easy-PhotoPrint Plus
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help English
Connect
Creative Audio Console
Creative Live! Cam Center
Creative Live! Cam Manager
Creative Live! Cam Optia Driver (1.01.02.00)
Creative Live! Cam Optia User's Guide (English)
Creative MediaSource
Creative Photo Calendar
Creative Photo Manager
Creative Software AutoUpdate
Creative System Information
DivX Codec
DivX Converter
DivX Player
DivX Web Player
DTS Neo:6 Settings
DVD Decrypter (Remove Only)
Easy-WebPrint
Easy Video Joiner 5.21
ERUNT 1.1j
ffdshow [rev 1324] [2007-07-01]
Firebird SQL Server - MAGIX Edition
FLV Player 2.0, build 24
FLV to AVI MPEG WMV 3GP MP4 iPod Converter 4.2.0620
FW LiveUpdate
Google Chrome
Google Gmail Notifier
Guitar Chord Legend 1.00
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
InterVideo Launcher
iS3 ANTIvirus by AVG
Java™ 6 Update 12
K-Lite Codec Pack 3.5.3 Full
kSolo Recorder
kuler
Live 6.0.10
Live 7.0.3
MagicTune Premium
Malwarebytes' Anti-Malware
MAXpc
Memorex exPressit Label Design Studio
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft IntelliPoint 5.0
Microsoft IntelliType Pro 5.0
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.5
Microsoft Visual C++ 2005 Redistributable
Microtek ScanSuite 1.12
Microtek ScanWizard
Move Networks Media Player for Internet Explorer
Mozilla Firefox (3.0.7)
Mozilla Thunderbird (2.0.0.9)
Mp3tag v2.42
MSVC80_x86
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 and SOAP Toolkit 3.0
muvee autoProducer 4.1
Natural Color Pro
Nero OEM
Nero Suite
Netscape Navigator (9.0.0.5)
Nokia Connectivity Cable Driver
Nokia PC Suite
Open Video Joiner version 3.21
OpenCV 3x
OpenOffice.org 2.3
Opera 9.51
Orbit Downloader
PC Connectivity Solution
PDF Settings CS4
PG Music DirectX Plugins 2.0.0.0
Photoshop Camera Raw
Picasa 3
PopCap Browser Plugin
PowerPanel
PowerPanel 2.03
PS Media Tunnel
PS3 Media Center X 0.92
PS3 Video 9 4.04
QuickTime
RealPlayer
Registry Mechanic 5.1
Rhapsody
Rhapsody Player Engine
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB958439)
Security Update for Microsoft Office Excel 2007 (KB958437)
Security Update for Microsoft Office OneNote 2007 (KB950130)
Security Update for Microsoft Office PowerPoint 2007 (KB951338)
Security Update for Microsoft Office Publisher 2007 (KB950114)
Security Update for Microsoft Office system 2007 (KB954326)
Security Update for Microsoft Office system 2007 (KB956828)
Security Update for Microsoft Office Word 2007 (KB956358)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB960715)
Sibelius Scorch
Sibelius Scorch (ActiveX Only)
Sibelius Scorch Plugin
SightSpeed (remove only)
Skins
SmartSound Quicktracks Plugin
Sound Blaster Audigy 2 ZS
Spy Sweeper
Spy Sweeper Core
Spybot - Search & Destroy
STOPzilla
Studio 9
Suite Shared Configuration CS4
SUPERAntiSpyware Free Edition
TBS WMP Plug-in
Text-To-Speech-Runtime
The Ultimate Troubleshooter
Tube Increaser
TVersity Codec Pack 1.1
TVersity Media Server 0.9.11.4 beta
TVersity Media Server 0.9.10.8a beta
Uniblue RegistryBooster 2009
Update for Microsoft Office Outlook 2007 (KB952142)
Update for Office 2007 (KB946691)
Update for Outlook 2007 Junk Email Filter (kb959634)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Utherverse 3D Client
VC 9.0 Runtime
VideoLAN VLC media player 0.8.6h
Virtual Desktop Manager Powertoy for Windows XP
Virtual Sound Canvas DXi
Virtual Sound Canvas VST
WebFldrs XP
WIDCOMM Bluetooth Software
Winamp (remove only)
Windows Driver Package - Nokia Modem (03/05/2008 3.7)
Windows Driver Package - Nokia Modem (03/13/2008 6.86.0.1)
Windows Driver Package - Nokia Modem (05/22/2008 3.8)
Windows Driver Package - Nokia Modem (05/22/2008 7.00.0.1)
Windows Driver Package - Nokia pccsmcfd (10/12/2007 6.85.4.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Live Messenger
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows XP Service Pack 3
WinRAR archiver
XoftSpySE
XP Codec Pack
XP Repair Pro 2007
XXX2Burn DVD Wizard (remove only)
Yahoo! Anti-Spy
Yahoo! Messenger
ZoneAlarm

==== Event Viewer Messages From Past Week ========

3/5/2009 11:06:59 AM, error: Service Control Manager [7000] - The Viewpoint Manager Service service failed to start due to the following error: The system cannot find the path specified.
3/5/2009 11:05:54 AM, error: ati2mtag [45062] - CRT invalid display type
3/5/2009 2:22:32 AM, error: Service Control Manager [7034] - The MagicTuneEngine service terminated unexpectedly. It has done this 1 time(s).
3/4/2009 9:23:51 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the TVersityMediaServer service to connect.
3/5/2009 2:48:45 PM, error: Service Control Manager [7034] - The STOPzilla Service service terminated unexpectedly. It has done this 1 time(s).
3/9/2009 12:16:08 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.

==== End Of File ===========================

#12 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:07:22 PM

Posted 10 March 2009 - 10:47 AM

Hi again,

Open notepad and copy/paste the text in the quotebox below into it:

DirLook::
d:\windows\system32\127.0.0.1


Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log. How is the system running now?


Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#13 drumking

drumking
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:22 PM

Posted 10 March 2009 - 12:38 PM

ComboFix 09-03-06.02 - Douglas Hawkins 2009-03-10 13:23:45.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1225 [GMT -4:00]
Running from: d:\documents and settings\Douglas Hawkins\Desktop\ComboFix.exe
Command switches used :: d:\documents and settings\Douglas Hawkins\Desktop\cfscript.txt
AV: AVG 7.5.557 *On-access scanning disabled* (Updated)
FW: Webroot Internet Security Essentials *disabled*
FW: ZoneAlarm Firewall *disabled*
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2009-02-10 to 2009-03-10 )))))))))))))))))))))))))))))))
.

2009-03-10 13:03 . 2009-03-10 13:06 2,192 --a------ d:\windows\system32\drivers\kgpcpy.cfg
2009-03-10 13:03 . 2009-03-10 13:03 360 --a------ d:\windows\system32\drivers\kgpfr2.cfg
2009-03-08 16:43 . 2009-03-08 16:43 <DIR> d-------- d:\windows\system32\127.0.0.1
2009-02-27 03:11 . 2009-02-27 03:11 1,409 --a------ d:\windows\system32\PGMUS.FOT
2009-02-27 03:11 . 2009-02-27 03:11 1,409 --a------ d:\windows\system32\pgjazz__.FOT
2009-02-27 03:02 . 2009-02-27 03:02 <DIR> d-------- d:\program files\Roland
2009-02-27 03:01 . 2009-02-27 03:01 <DIR> d-------- d:\program files\PowerTracks DirectX Plugins
2009-02-27 02:56 . 2009-02-27 03:14 <DIR> d-------- D:\bb
2009-02-25 01:18 . 2009-02-25 01:18 <DIR> d-------- d:\program files\Turbo Tube
2009-02-17 23:25 . 2009-02-17 23:30 <DIR> d-------- d:\program files\XP Repair Pro 2007
2009-02-16 16:36 . 2009-02-16 16:36 <DIR> d-------- d:\documents and settings\Douglas Hawkins\Application Data\Uniblue
2009-02-16 16:35 . 2009-02-16 16:35 <DIR> d-------- d:\program files\Uniblue
2009-02-16 16:35 . 2009-02-16 16:35 <DIR> d--h-c--- d:\documents and settings\All Users.WINDOWS\Application Data\{2840BBCB-9BEC-47F6-BA0F-10D3C34BF151}
2009-02-13 03:04 . 2009-02-13 03:04 <DIR> d-------- d:\documents and settings\All Users.WINDOWS\Application Data\MicroWorld
2009-02-13 03:04 . 2009-02-13 03:04 626,688 --a------ d:\windows\system32\msvcr80.dll
2009-02-13 03:04 . 2009-02-13 03:04 548,864 --a------ d:\windows\system32\msvcp80.dll
2009-02-13 03:04 . 2008-04-13 20:12 146,432 --a------ d:\windows\R.COM
2009-02-13 03:04 . 2008-04-13 20:12 135,680 --a------ d:\windows\system32\T.COM
2009-02-13 03:04 . 2009-02-13 03:04 28,672 --a------ d:\windows\system32\eEmpty.exe
2009-02-13 03:04 . 2005-09-23 00:22 522 --a------ d:\windows\system32\Microsoft.VC80.CRT.manifest
2009-02-13 03:04 . 2009-02-13 03:04 28 --a------ d:\windows\Lic.xxx
2009-02-12 01:00 . 2009-02-12 01:00 <DIR> d-------- D:\VundoFix Backups
2009-02-11 01:23 . 2009-02-11 01:23 <DIR> d-------- d:\program files\Webroot
2009-02-11 01:23 . 2009-02-11 01:23 <DIR> d-------- d:\documents and settings\Douglas Hawkins\Application Data\Webroot
2009-02-11 01:23 . 2009-02-11 01:28 <DIR> d-------- d:\documents and settings\All Users.WINDOWS\Application Data\Webroot
2009-02-11 01:23 . 2009-01-20 10:07 1,553,272 --a------ d:\windows\WRSetup.dll
2009-02-11 01:22 . 2009-02-11 01:22 164 --a------ D:\install.dat
2009-02-10 03:02 . 2009-02-10 03:02 <DIR> d-------- d:\program files\IObit
2009-02-10 03:02 . 2009-02-14 15:40 <DIR> d-------- d:\documents and settings\Douglas Hawkins\Application Data\IObit

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-10 17:22 --------- d-----w d:\documents and settings\All Users.WINDOWS\Application Data\STOPzilla!
2009-03-10 17:07 --------- d-----w d:\documents and settings\Douglas Hawkins\Application Data\Orbit
2009-03-10 17:06 --------- d-----w d:\documents and settings\All Users.WINDOWS\Application Data\avg7
2009-03-09 20:51 --------- d-----w d:\documents and settings\Douglas Hawkins\Application Data\Move Networks
2009-03-09 17:15 --------- d-----w d:\program files\Common Files\Adobe
2009-03-05 02:36 --------- d-----w d:\documents and settings\All Users.WINDOWS\Application Data\SITEguard
2009-02-28 02:07 --------- d-----w d:\program files\Microsoft Silverlight
2009-02-28 01:37 --------- d-----w d:\documents and settings\Douglas Hawkins\Application Data\AVG7
2009-02-27 07:02 --------- d--h--w d:\program files\InstallShield Installation Information
2009-02-25 08:22 416,768 ----a-w d:\windows\Internet Logs\xDB3.tmp
2009-02-25 01:06 --------- d-----w d:\program files\SUPERAntiSpyware
2009-02-21 19:02 3,895,620 ----a-w d:\windows\Internet Logs\tvDebug.Zip
2009-02-18 23:06 2,923,520 ----a-w d:\windows\Internet Logs\xDB2.tmp
2009-02-14 03:30 --------- d-----w d:\program files\Malwarebytes' Anti-Malware
2009-02-11 15:19 38,496 ----a-w d:\windows\system32\drivers\mbamswissarmy.sys
2009-02-11 15:19 15,504 ----a-w d:\windows\system32\drivers\mbam.sys
2009-02-11 08:27 --------- d-----w d:\documents and settings\All Users.WINDOWS\Application Data\Microsoft Help
2009-02-09 05:16 410,984 ----a-w d:\windows\system32\deploytk.dll
2009-02-09 05:15 --------- d-----w d:\program files\Java
2009-02-08 21:54 --------- d-----w d:\program files\ScanSuite
2009-02-07 06:54 --------- d-----w d:\program files\Trend Micro
2009-02-07 06:30 --------- d-----w d:\documents and settings\Douglas Hawkins\Application Data\Malwarebytes
2009-02-07 06:30 --------- d-----w d:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2009-02-07 06:28 --------- d-----w d:\program files\ERUNT
2009-02-05 20:16 --------- d-----w d:\program files\Common Files\Wise Installation Wizard
2009-02-05 20:16 --------- d-----w d:\documents and settings\Douglas Hawkins\Application Data\SUPERAntiSpyware.com
2009-02-05 07:38 --------- d-----w d:\program files\XoftSpySE
2009-02-01 19:50 --------- d-----w d:\program files\MSBuild
2009-02-01 19:50 --------- d-----w d:\program files\Microsoft Works
2009-02-01 19:48 --------- d-----w d:\program files\Microsoft.NET
2009-02-01 19:45 --------- d-----w d:\program files\Microsoft Visual Studio 8
2009-01-28 20:04 --------- d-----w d:\program files\Common Files\Intuit
2009-01-22 05:47 --------- d-----w d:\documents and settings\Douglas Hawkins\Application Data\Intuit
2009-01-22 05:45 --------- d-----w d:\program files\Common Files\AnswerWorks 5.0
2009-01-22 05:44 --------- d-----w d:\documents and settings\All Users.WINDOWS\Application Data\Intuit
2009-01-22 05:42 --------- d-----w d:\program files\TurboTax
2009-01-18 06:20 91 ----a-w D:\sysrun23.dll
2009-01-18 06:14 --------- d-----w d:\program files\Northworks Solutions Ltd
2009-01-17 08:46 --------- d-----w d:\documents and settings\Douglas Hawkins\Application Data\Azureus
2009-01-14 03:03 102,523 ----a-w d:\windows\Internet Logs\zlclient_2nd_2009_01_13_11_13_20_small.dmp.zip
2009-01-12 07:45 --------- d-----w d:\program files\Common Files\eSellerate
2009-01-12 07:44 --------- d-----w d:\program files\AnswersThatWork
2009-01-05 22:33 3,751,995 ----a-w d:\windows\system32\GPhotos.scr
2008-12-20 23:15 826,368 ----a-w d:\windows\system32\wininet.dll
2008-12-17 22:26 17,408 ----a-r d:\windows\system32\SZIO5.dll
2008-12-17 22:25 282,624 ----a-r d:\windows\system32\SZBase5.dll
2008-12-17 22:24 540,672 ----a-r d:\windows\system32\SZComp5.dll
2008-07-03 02:47 1,568 ----a-w d:\documents and settings\Douglas Hawkins\Application Data\mpauth.dat
2007-09-05 16:53 65 ----a-w d:\program files\Common Files\appop.log
2003-07-02 05:00 12,800 ----a-w d:\documents and settings\Douglas Hawkins\cnmss Canon i960 (Local).exe
2008-01-31 07:19 132 --sha-r d:\windows\Regbak.dat
2008-08-02 01:57 32,768 --sha-w d:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008080120080802\index.dat
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of d:\windows\system32\127.0.0.1 ----

2009-03-08 16:43 0 --a------ d:\windows\system32\127.0.0.1\statusnext
2009-03-08 16:43 0 --a------ d:\windows\system32\127.0.0.1\eventnext


((((((((((((((((((((((((((((( SnapShot@2009-03-05_15.04.33.21 )))))))))))))))))))))))))))))))))))))))))
.
- 2005-10-21 01:02:28 163,328 ----a-w d:\windows\ERDNT\Hiv-backup\ERDNT.EXE
+ 2005-10-21 00:02:28 163,328 ----a-w d:\windows\ERDNT\Hiv-backup\ERDNT.EXE
+ 2007-12-12 19:06:42 295,606 ----a-r d:\windows\Installer\{AC76BA86-7AD7-1033-7B44-A90000000001}\SC_Reader.exe
- 2000-08-31 13:00:00 29,696 ----a-w d:\windows\NIRCMD.exe
+ 2000-08-31 12:00:00 29,696 ----a-w d:\windows\NIRCMD.exe
- 2000-08-31 13:00:00 161,792 ----a-w d:\windows\SWREG.exe
+ 2000-08-31 12:00:00 161,792 ----a-w d:\windows\SWREG.exe
- 2008-11-19 04:26:07 60,624 ----a-w d:\windows\system32\perfc009.dat
+ 2009-03-08 18:59:17 60,624 ----a-w d:\windows\system32\perfc009.dat
- 2008-11-19 04:26:07 400,464 ----a-w d:\windows\system32\perfh009.dat
+ 2009-03-08 18:59:17 400,464 ----a-w d:\windows\system32\perfh009.dat
+ 2009-03-10 17:03:45 16,384 ----atw d:\windows\Temp\Perflib_Perfdata_714.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteCenter"="d:\program files\Creative\MediaSource\RemoteControl\RCMan.EXE" [2003-10-08 139264]
"Creative Live! Cam Manager"="d:\program files\Creative\Creative Live! Cam\Live! Cam Manager\CTLCMgr.exe" [2006-09-06 143360]
"PC Suite Tray"="d:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2008-10-02 1124352]
"OCAEBNDVDUpdate"="d:\program files\ObjectCube\XXX2Burn DVD Wizard\xxx2burn.exe" [2006-12-13 1081344]
"Nokia.PCSync"="d:\program files\Nokia\Nokia PC Suite 7\PCSync2.exe" [2008-06-17 1249280]
"Google Update"="d:\documents and settings\Douglas Hawkins\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-12-17 133104]
"WMPNSCFG"="d:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 204288]
"SUPERAntiSpyware"="d:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-02-24 1830128]
"Advanced SystemCare 3"="d:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2009-01-09 2262352]
"ctfmon.exe"="d:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"XPRepairPro2007"="d:\program files\XP Repair Pro 2007\XPRepairPro.exe" [2007-07-04 1023624]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTSysVol"="d:\program files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe" [2003-09-17 57344]
"CTDVDDET"="d:\program files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDet.EXE" [2003-06-18 45056]
"SBDrvDet"="d:\program files\Creative\SB Drive Det\SBDrvDet.exe" [2002-12-03 45056]
"UpdReg"="d:\windows\UpdReg.EXE" [2000-05-11 90112]
"NeroFilterCheck"="d:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"WINCINEMAMGR"="d:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe" [2005-01-21 270336]
"type32"="d:\program files\Microsoft IntelliType Pro\type32.exe" [2003-05-15 114688]
"IntelliPoint"="d:\program files\Microsoft IntelliPoint\point32.exe" [2003-05-15 163840]
"Name of App"="d:\program files\SAMSUNG\FW LiveUpdate\FWManager.exe" [2008-07-07 675935]
"QuickTime Task"="d:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
"V0270Mon.exe"="d:\windows\V0270Mon.exe" [2006-09-26 32768]
"StartCCC"="d:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"CTHelper"="d:\windows\CTHELPER.EXE" [2006-08-11 17920]
"CTxfiHlp"="d:\windows\system32\CTXFIHLP.EXE" [2006-08-11 18944]
"PinnacleDriverCheck"="d:\windows\system32\PSDrvCheck.exe" [2004-03-10 406016]
"TkBellExe"="d:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-09-25 185896]
"AdobeCS4ServiceManager"="d:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"ZoneAlarm Client"="d:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-11-13 981904]
"AVG7_CC"="d:\progra~2\Grisoft\AVG7\avgcc.exe" [2009-02-24 590848]
"GrooveMonitor"="d:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"SunJavaUpdateSched"="d:\program files\Java\jre6\bin\jusched.exe" [2009-02-09 148888]
"Adobe Reader Speed Launcher"="d:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="d:\progra~2\Grisoft\AVG7\avgw.exe" [2008-12-29 219136]

d:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Bluetooth.lnk - d:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-04-01 568176]
GammaTray.lnk - d:\program files\MagicTune Premium\GammaTray.exe [2008-05-21 36864]
NCProTray.lnk - d:\program files\SEC\Natural Color Pro\NCProTray.exe [2008-05-21 49220]
Orbit.lnk - d:\program files\Orbitdownloader\orbitdm.exe [2008-08-04 1703112]
PowerPanel.lnk - d:\program files\CyberPower\PowerPanel\PowPanel.exe [2008-11-05 615424]
Scanner Detector.lnk - d:\program files\ScanSuite\SDetect.exe [2009-02-08 29184]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "d:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 12:05 356352 d:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= vdrcodec.dll
"VIDC.MJPG"= Pvmjpg21.dll
"VIDC.PIM1"= pclepim1.dll
"msacm.avis"= ff_acm.acm

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WRConsumerService]
@="Service"

[HKLM\~\startupfolder\D:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^InterVideo WinCinema Manager.lnk]
backup=d:\windows\pss\InterVideo WinCinema Manager.lnkCommon Startup

[HKLM\~\startupfolder\D:^Documents and Settings^Douglas Hawkins^Start Menu^Programs^Startup^OpenOffice.org 2.3.lnk]
backup=d:\windows\pss\OpenOffice.org 2.3.lnkStartup

[HKLM\~\startupfolder\D:^Documents and Settings^Douglas Hawkins^Start Menu^Programs^Startup^SDK Tray Menu.lnk]
backup=d:\windows\pss\SDK Tray Menu.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2008-03-25 16:21 50528 d:\program files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
--a------ 2007-01-19 12:54 5674352 d:\program files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
--a------ 2009-02-24 21:06 1830128 d:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\program files\\SightSpeed\\SightSpeed.exe"=
"d:\\program files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files (x86)\\Ares\\Ares.exe"=
"d:\\program files\\Ares\\Ares.exe"=
"d:\\program files\\common files\\AOL\\Loader\\aolload.exe"=
"d:\\program files\\AIM6\\aim6.exe"=
"d:\\program files\\Java\\jre1.5.0_01\\launch4j-tmp\\RKMediaCenter.exe"=
"d:\\program files\\Digital Integration Ltd\\PS Media Tunnel\\PSMediaTunnel.exe"=
"d:\\program files\\Messenger\\msmsgs.exe"=
"d:\\program files\\MSN Messenger\\msnmsgr.exe"=
"d:\\program files\\MSN Messenger\\livecall.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Documents and Settings\\Administrator\\Desktop\\utorrent.exe"=
"d:\\program files\\Mozilla Firefox\\firefox.exe"=
"d:\\program files\\Bonjour\\mDNSResponder.exe"=
"d:\\program files\\MagicTune Premium\\MagicTune.exe"=
"d:\\Program Files\\Orbitdownloader\\orbitdm.exe"=
"d:\\Program Files\\Orbitdownloader\\orbitnet.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"d:\\Program Files\\ObjectCube\\XXX2Burn DVD Wizard\\AppUpdate.exe"=
"d:\\Program Files\\ObjectCube\\XXX2Burn DVD Wizard\\xxx2burn.exe"=
"d:\\program files\\common files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"d:\\program files\\Grisoft\\AVG7\\avginet.exe"=
"d:\\program files\\Grisoft\\AVG7\\avgamsvr.exe"=
"d:\\program files\\Grisoft\\AVG7\\avgcc.exe"=
"d:\\program files\\Grisoft\\AVG7\\avgemc.exe"=
"d:\\program files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"d:\\program files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"d:\\program files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6112:TCP"= 6112:TCP:Blizzard Downloader
"5353:TCP"= 5353:TCP:Adobe CSI CS4

R0 ivicd;Ivi CDVD Filter Driver;d:\windows\system32\drivers\ivicd.sys [2007-09-05 38784]
R0 ssfs0bbc;ssfs0bbc;d:\windows\system32\drivers\ssfs0bbc.sys [2008-12-07 29808]
R0 szkg5;szkg;d:\windows\system32\drivers\SZKG.sys [2008-12-02 54656]
R1 SASDIFSV;SASDIFSV;d:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-01-15 8944]
R1 SASKUTIL;SASKUTIL;d:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-01-15 55024]
R2 PfDetNT;PfDetNT;d:\windows\system32\drivers\pfmodnt.sys [2006-08-11 8192]
R2 RVIEGVST;VSC VST Engine;d:\program files\Roland\Virtual Sound Canvas VST\RVIEg01VST.sys [2009-02-27 188276]
R2 WRConsumerService;Webroot Client Service;d:\program files\Webroot\WebrootSecurity\WRConsumerService.exe [2009-02-11 1090936]
R3 SASENUM;SASENUM;d:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-01-15 7408]
S2 Viewpoint Manager Service;Viewpoint Manager Service;"d:\program files\Viewpoint\Common\ViewpointService.exe" --> d:\program files\Viewpoint\Common\ViewpointService.exe [?]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;d:\program files\MAGIX\Common\Database\bin\fbserver.exe [2009-01-07 1527900]
S3 iviudf;iviudf;d:\windows\system32\drivers\IviUdf.sys [2007-09-05 116224]
S3 VF0270Dev;Live! Cam Optia;d:\windows\system32\drivers\V0270Dev.sys [2007-09-05 225632]
S3 VF0270Vfx;VF0270 Video FX;d:\windows\system32\drivers\V0270Vfx.sys [2007-09-05 6912]

--- Other Services/Drivers In Memory ---

*Deregistered* - udffsrec

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ee457f80-cae0-11dd-9a94-00d041a1ca43}]
\Shell\AutoRun\command - k:\wd_windows_tools\Setup.exe
.
Contents of the 'Scheduled Tasks' folder

2009-03-06 d:\windows\Tasks\AppleSoftwareUpdate.job
- d:\program files\Apple Software Update\SoftwareUpdate.exe [2007-06-03 13:42]

2009-03-10 d:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1123561945-448539723-725345543-1004.job
- d:\documents and settings\Douglas Hawkins\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-12-17 19:57]

2009-03-09 d:\windows\Tasks\XoftSpySE 2.job
- d:\program files\XoftSpySE\XoftSpy.exe [2009-01-28 10:29]

2009-02-24 d:\windows\Tasks\XoftSpySE.job
- d:\program files\XoftSpySE\XoftSpy.exe [2009-01-28 10:29]
.
.
------- Supplementary Scan -------
.
uStart Page = google.com
IE: &Download by Orbit - d:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - d:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Add to Google Photos Screensa&ver - d:\windows\system32\GPhotos.scr/200
IE: Do&wnload selected by Orbit - d:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - d:\program files\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - d:\progra~2\MI1933~1\Office12\EXCEL.EXE/3000
IE: Easy-WebPrint Add To Print List - d:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - d:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - d:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - d:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Send to &Bluetooth Device... - d:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
LSP: d:\program files\Common Files\iS3\Anti-Spyware\iS3lsp.dll
Trusted Zone: aol.com\free
FF - ProfilePath - d:\documents and settings\Douglas Hawkins\Application Data\Mozilla\Firefox\Profiles\0dqawfms.default\
FF - prefs.js: browser.search.selectedEngine - Search
FF - component: d:\documents and settings\Douglas Hawkins\Application Data\Mozilla\Firefox\Profiles\0dqawfms.default\extensions\bkmrksync@nokia.com\components\BkMrkExt.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nppl3260.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprjplug.dll
FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll
FF - plugin: d:\documents and settings\Douglas Hawkins\Application Data\Mozilla\Firefox\Profiles\0dqawfms.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: d:\documents and settings\Douglas Hawkins\Local Settings\Application Data\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: d:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: d:\program files\kSolo\npAVX.dll
FF - plugin: d:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: d:\program files\Mozilla Firefox\plugins\nppopcaploader.dll
FF - plugin: d:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: d:\program files\Opera\program\plugins\npdivx32.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-10 13:28:10
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32*]
"ThreadingModel"="Apartment"
@="d:\\WINDOWS\\system32\\OLE32.DLL"
"cd042efbbd7f7af1647644e76e06692b"=hex:e2,63,26,f1,3f,c8,ff,68,0c,65,d7,16,ae,
4d,a7,7f,e2,63,26,f1,3f,c8,ff,68,05,ca,49,2f,b8,4e,96,4f,e2,63,26,f1,3f,c8,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32*]
"ThreadingModel"="Apartment"
@="d:\\WINDOWS\\system32\\OLE32.DLL"
"bca643cdc5c2726b20d2ecedcc62c59b"=hex:71,3b,04,66,8b,46,0d,96,bb,70,2c,04,ee,
72,4f,c3,6a,9c,d6,61,af,45,84,18,a0,90,6d,12,62,9d,85,fa,6a,9c,d6,61,af,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32*]
"ThreadingModel"="Apartment"
@="d:\\WINDOWS\\system32\\OLE32.DLL"
"2c81e34222e8052573023a60d06dd016"=hex:25,da,ec,7e,55,20,c9,26,79,05,23,52,0c,
e3,dc,4b,ff,7c,85,e0,43,d4,0e,fe,05,6b,37,37,1f,2c,c1,29,ff,7c,85,e0,43,d4,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32*]
"ThreadingModel"="Apartment"
@="d:\\WINDOWS\\system32\\OLE32.DLL"
"2582ae41fb52324423be06337561aa48"=hex:86,8c,21,01,be,91,eb,e7,ca,ee,86,ce,6c,
42,6e,08,86,8c,21,01,be,91,eb,e7,a9,1b,ab,36,eb,ce,f0,83,86,8c,21,01,be,91,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32*]
"ThreadingModel"="Apartment"
@="d:\\WINDOWS\\system32\\OLE32.DLL"
"caaeda5fd7a9ed7697d9686d4b818472"=hex:cd,44,cd,b9,a6,33,6c,cd,39,d3,b4,da,60,
ae,e5,5e,f5,1d,4d,73,a8,13,5c,05,f1,cb,9f,5f,68,18,1a,54,f5,1d,4d,73,a8,13,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32*]
"ThreadingModel"="Apartment"
@="d:\\WINDOWS\\system32\\OLE32.DLL"
"a4a1bcf2cc2b8bc3716b74b2b4522f5d"=hex:50,93,e5,ab,ec,6a,4e,ab,ba,01,49,d5,4e,
4d,e1,b0,df,20,58,62,78,6b,cf,c8,67,ff,07,5f,a0,43,ee,63,df,20,58,62,78,6b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32*]
"ThreadingModel"="Apartment"
@="d:\\WINDOWS\\system32\\OLE32.DLL"
"4d370831d2c43cd13623e232fed27b7b"=hex:31,77,e1,ba,b1,f8,68,02,24,3a,60,66,77,
8e,af,1c,fb,a7,78,e6,12,2f,9a,ea,06,4e,86,a5,68,72,10,40,fb,a7,78,e6,12,2f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32*]
"ThreadingModel"="Apartment"
@="d:\\WINDOWS\\system32\\OLE32.DLL"
"1d68fe701cdea33e477eb204b76f993d"=hex:83,6c,56,8b,a0,85,96,ab,00,a2,0d,bc,56,
2b,87,a2,01,3a,48,fc,e8,04,4a,f1,fc,f3,96,1b,a9,9a,7e,81,01,3a,48,fc,e8,04,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32*]
"ThreadingModel"="Apartment"
@="d:\\WINDOWS\\system32\\OLE32.DLL"
"1fac81b91d8e3c5aa4b0a51804d844a3"=hex:51,fa,6e,91,28,9e,14,cc,a7,a8,ee,54,ef,
a9,c3,57,f6,0f,4e,58,98,5b,89,c9,a9,d3,7c,20,b3,71,6a,7f,f6,0f,4e,58,98,5b,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32*]
"ThreadingModel"="Apartment"
@="d:\\WINDOWS\\system32\\OLE32.DLL"
"f5f62a6129303efb32fbe080bb27835b"=hex:3d,ce,ea,26,2d,45,aa,78,67,b4,14,bc,03,
79,13,74,3d,ce,ea,26,2d,45,aa,78,17,5d,e6,bf,9d,00,ce,ac,3d,ce,ea,26,2d,45,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32*]
"ThreadingModel"="Apartment"
@="d:\\WINDOWS\\system32\\OLE32.DLL"
"fd4e2e1a3940b94dceb5a6a021f2e3c6"=hex:2a,b7,cc,b5,b9,7f,41,e7,14,dd,97,24,e2,
99,a0,69,2a,b7,cc,b5,b9,7f,41,e7,9f,59,cc,2e,91,3e,99,f1,2a,b7,cc,b5,b9,7f,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32*]
"ThreadingModel"="Apartment"
@="d:\\WINDOWS\\system32\\OLE32.DLL"
"8a8aec57dd6508a385616fbc86791ec2"=hex:6c,43,2d,1e,aa,22,2f,9c,8d,99,9d,e1,59,
a3,35,0d,6c,43,2d,1e,aa,22,2f,9c,1e,c6,58,33,db,f1,03,24,6c,43,2d,1e,aa,22,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(748)
d:\program files\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > 'lsass.exe'(804)
d:\program files\Common Files\iS3\Anti-Spyware\iS3lsp.dll
.
Completion time: 2009-03-10 13:30:48
ComboFix-quarantined-files.txt 2009-03-10 17:30:12
ComboFix2.txt 2009-03-09 17:32:44
ComboFix3.txt 2009-03-05 20:05:48

Pre-Run: 94,140,772,352 bytes free
Post-Run: 94,188,724,224 bytes free

370 --- E O F --- 2009-02-28 02:01:05



Still getting redirected. Not as often now but still happening some.

#14 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:07:22 PM

Posted 11 March 2009 - 02:54 AM

Hi

Delete d:\windows\system32\127.0.0.1 folder. On which browsers does the redirecting occur? What kind of links it shows to redirect you (leave http://www. part of to make sure you won't post malicious links)?

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#15 drumking

drumking
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:12:22 PM

Posted 11 March 2009 - 12:54 PM

Firefox and IE are redirecting. The most common site I get redirected to is

c.enhance.com/c?e1=ulFpAJkOHxD0TKrxQWpUWsqcf0WS3gDvkYxmfaceh0QZuFmKlVDscwqtc5DXRwbwL2hWfO4tla3r5VfAseGkZXqMBGlBsTYnEwWcMokzRW4lasvZSvzuALajCEeFNK0HdCXGkwpPsmrIMnTOxd5NWM3felQljwv5QFUVcqoEtzN2NJPUtwvTAuUYIUsjli5cWHOdB5YgvEWaLRCdCLwiE40QzxbsCmMUFfQMkhLb3yKmSFAnfMznMf4PpqgtTrATEYuHhfrMhwuKDrrORNrB5nPpzk2tPMnHsCJFzmLj2j5fwvS1WgDueTjtPJ1Q5jYDUkLUQvMxWHTgiMdKaTKi2w2gEA3k2UUMBjGZMMSn0OYNXjaEcasfNuKKW1OnXWhTWPwtG0sv3mRmbAoHuWkCFoSzlLrgzadSRuiUQAu4eHipqdqvD1rIpPbKpaEbRJrRfn4Oe0qQsgvZ14FnKRgtckoqTi0HdUglaapZAClXpzulIfKkyLtHVGe&h=Y0ixNsFKHW5NROBN0&b=2282689

Others that I have been redirected to:

best-antimalware-scanner.com/promo/1/freescan.php?nu=77019105&back=%3DjQ5zzj3NkMMMI%3DM

7search.com/scripts/validation/v1/validate.aspx?x=Kr5TAAWf92hzdatWQb6KFA%3d%3d_ZpdPnp5ruDk0NgmJ%2fOpAwRV%2fAGw1PEAcmk83%2f4BQGPYLHlnH05ZOlmE7MmZX6z5aJRv4WQPZ0FIj1JSTUGw8vfk9fVdBN%2fIBy6vgyowUmlrNpVmDrHpE77mY7JNlwD8MTuoc5Jn4Z64R9C%2fwBJIyStoWI7c38nvLxDT4hYtmYybwGw44y6Pfagca28G8j2ZKYKJH0SIEPcS1CajlXY%2fVKIdu2Dc3g7ciHVLsjayE3YseGRpOdXjphXWd55YPCJlmCrenQ1%2fd46OuA2xK80Bsxw%3d%3d

www.google.com/undefined

penny-memory.info/search.php?aid=11774&said=2788-3&keyword=search%20results%20redirect&ipr=&rej=1




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users