Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirected Google links and possibly other symptoms


  • This topic is locked This topic is locked
4 replies to this topic

#1 meonlyme775

meonlyme775

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:11 PM

Posted 22 March 2009 - 01:59 AM

So I basically got bombed by a huge infection today. Managed to fend off most of it by running malwarebytes (had to rename the exe file to run it) and deleting a corrupt portion of my registry. Along the way, I also reinstalled Windows XP (which did absolutely nothing). In the aftermath, I now have some problems with the internet, namely not being able to open links in Google Search. I can copy the link location and open it in a new window, but opening it by clicking on the link just gives me a redirect to a seemingly random or nonexistent website (and oftentimes, Firefox 3 crashes i.e. "Firefox has encountered a problem and needs to close"). I got to these forums through this topic: http://forums.cnet.com/5208-6132_102-0.htm...ssageID=2976980 . Malwarebytes has found nothing after a complete scan, so this is somewhat like my last resort. Please help me out.

DDS (Ver_09-03-16.01) - NTFSx86
Run by Ben at 23:44:58.07 on Sat 03/21/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_12
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3582.2617 [GMT -8:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated)
FW: ActiveArmor Firewall *disabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Documents and Settings\Ben\ckatwdp.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe
C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54GSv2.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe
C:\Program Files\Razer\Copperhead\razerhid.exe
C:\Program Files\Lexmark 4200 Series\lxbmbmon.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Razer\Reclusa\razerhid.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Ben\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Program Files\ClickToConvert\C2CMonitor.exe
C:\Program Files\Razer\Copperhead\razerofa.exe
C:\Program Files\Razer\Reclusa\razertra.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Wallpaper Master\Wallpaper.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\iTunes\iTunes.exe
C:\Documents and Settings\Ben\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\documents and settings\ben\ckatwdp.exe \s,
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: Megaupload Toolbar: {a057a204-bacc-4d26-c39e-35f1d2a32ec8} - c:\progra~1\megaup~1\MEGAUP~1.DLL
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Megaupload Toolbar: {a057a204-bacc-4d26-c39e-35f1d2a32ec8} - c:\progra~1\megaup~1\MEGAUP~1.DLL
uRun: [Aim6]
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\ben\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [nTrayFw] c:\program files\nvidia corporation\networkaccessmanager\bin\nTrayFw.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [Lexmark 4200 Series] "c:\program files\lexmark 4200 series\lxbmbmgr.exe"
mRun: [FaxCenterServer4_in_1] "c:\program files\lexmark 4200 series\fax\fm3032.exe" /s
mRun: [<NO NAME>]
mRun: [razer] c:\program files\razer\copperhead\razerhid.exe
mRun: [RegistryMechanic]
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [BootSkin Startup Jobs] "c:\program files\stardock\wincustomize\bootskin\BootSkin.exe" /StartupJobs
mRun: [JMB36X IDE Setup] c:\windows\jm\JMInsIDE.exe
mRun: [JMB36X Configure] c:\windows\system32\JMRaidSetup.exe boot
mRun: [Copperhead] c:\program files\razer\copperhead\razerhid.exe
mRun: [IMJPMIG8.1] c:\windows\ime\imjp8_1\IMJPMIG.EXE /Spoil /RemAdvDef /Migration32
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [Reclusa] c:\program files\razer\reclusa\razerhid.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [ukchb] c:\windows\system32\ukchb.exe \u
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SkyTel] SkyTel.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\docume~1\ben\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\c2cmon~1.lnk - c:\program files\clicktoconvert\C2CMonitor.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: avgrsstarter - avgrsstx.dll
AppInit_DLLs: gzrglq.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: OJpHXGbT - {288B0619-8221-ACB3-0BBD-32825DDB85DE} - c:\windows\system32\wj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
LSA: Authentication Packages = msv1_0 c:\windows\system32\qoMeCRjG

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\ben\applic~1\mozilla\firefox\profiles\k90lu1yl.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - chrome://fastdial/content/fastdial.html
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\ben\local settings\application data\google\update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npmusicn.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\opera\program\plugins\nprpjplug.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-2-13 325128]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-2-13 27656]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-2-13 107272]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-2-13 298264]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-10-29 24652]
R2 WUSB54GSv2SVC;WUSB54GSv2SVC;c:\program files\linksys wireless-g usb wireless network monitor\WLService.exe [2007-10-27 41025]
R3 RecFltr;Reclusa Keyboard;c:\windows\system32\drivers\RecFltr.sys [2008-12-5 41984]
R4 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2009-3-21 38496]
S0 BootScreen;BootScreen;\SystemRoot\\SystemRoot\System32\drivers\vidstub.sys --> \SystemRoot\\SystemRoot\System32\drivers\vidstub.sys [?]
S0 mais;mais;c:\windows\system32\drivers\buhav.sys --> c:\windows\system32\drivers\buhav.sys [?]
S1 SASKUTIL;SASKUTIL;\??\c:\program files\superantispyware\saskutil.sys --> c:\program files\superantispyware\SASKUTIL.sys [?]
S3 uisp;Freescale USB JW32 driver;c:\windows\system32\drivers\Usbicp.sys [2007-10-27 14592]
S3 UsbFltr;Razer Copperhead Driver;c:\windows\system32\drivers\copperhd.sys [2008-9-30 11596]

=============== Created Last 30 ================

2009-03-21 23:06 <DIR> --d----- c:\windows\system32\Adobe
2009-03-21 23:03 73,728 a------- c:\windows\system32\javacpl.cpl
2009-03-21 22:52 <DIR> --d----- c:\windows\NV15243948.TMP
2009-03-21 22:50 <DIR> --d----- c:\windows\NV36123264.TMP
2009-03-21 22:33 <DIR> --d----- c:\windows\NV15123584.TMP
2009-03-21 21:39 <DIR> --d----- c:\docume~1\ben\applic~1\Malwarebytes
2009-03-21 21:31 62 a------- c:\windows\wininit.ini
2009-03-21 19:34 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-03-21 19:34 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-21 19:34 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-03-21 19:34 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-03-21 19:20 26,624 ac------ c:\windows\system32\dllcache\iscomlog.dll
2009-03-21 19:19 488 a---hr-- c:\windows\system32\logonui.exe.manifest
2009-03-21 19:19 749 a---hr-- c:\windows\WindowsShell.Manifest
2009-03-21 19:19 749 a---hr-- c:\windows\system32\wuaucpl.cpl.manifest
2009-03-21 19:19 749 a---hr-- c:\windows\system32\sapi.cpl.manifest
2009-03-21 19:19 749 a---hr-- c:\windows\system32\nwc.cpl.manifest
2009-03-21 19:19 749 a---hr-- c:\windows\system32\ncpa.cpl.manifest
2009-03-21 18:57 1,042,903 a----r-- c:\windows\SETDF.tmp
2009-03-21 17:03 32,256 a------- c:\windows\system32\ukchb.exe
2009-03-21 17:03 32,256 ----h--- c:\documents and settings\ben\ckatwdp.exe
2009-03-21 17:02 64,512 a------- c:\windows\system32\ewf3.pxf
2009-03-21 17:02 32,768 a------- c:\windows\system32\fe3.wa
2009-03-21 16:11 <DIR> --d----- c:\docume~1\ben\applic~1\Wallpaper Master
2009-03-21 16:11 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Wallpaper Master
2009-03-14 13:40 <DIR> --d----- c:\docume~1\alluse~1\applic~1\ONScripter-34069f
2009-03-14 13:27 <DIR> --d----- c:\program files\07th_Expansion
2009-03-14 13:03 <DIR> --d----- c:\docume~1\alluse~1\applic~1\ONScripter-En
2009-03-14 13:03 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Higurashi
2009-03-05 17:58 410,984 a------- c:\windows\system32\deploytk.dll
2009-03-05 15:34 <DIR> --d----- c:\program files\CCleaner
2009-03-02 20:56 <DIR> --d----- c:\program files\eMule
2009-02-22 11:42 <DIR> --d----- c:\program files\PicWalker

==================== Find3M ====================

2009-03-21 21:15 163,712 a------- c:\windows\system32\drivers\vidstub.sys
2009-03-21 19:18 22,704 a------- c:\windows\system32\emptyregdb.dat
2009-03-01 18:47 8,192 a--sh--- c:\program files\Thumbs.db
2009-02-13 16:52 107,272 a------- c:\windows\system32\drivers\avgtdix.sys
2009-02-13 16:52 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-02-13 16:52 325,128 a------- c:\windows\system32\drivers\avgldx86.sys
2009-02-06 22:22 71,004 a---h--- c:\windows\system32\mlfcache.dat
2009-02-04 22:52 717,296 a------- c:\windows\system32\drivers\sptd.sys
2009-01-05 14:33 3,751,995 a------- c:\windows\system32\GPhotos.scr
2008-12-23 23:42 40,960 a------- c:\windows\DelPiv.exe
2008-01-07 23:50 27,720 a------- c:\docume~1\ben\applic~1\GDIPFONTCACHEV1.DAT
2007-10-26 23:23 22,328 a------- c:\docume~1\ben\applic~1\PnkBstrK.sys
2007-03-21 13:45 1,111,358 a------- c:\program files\UXTheme Multi-Patcher 5.5.exe
2006-05-03 02:06 163,328 a--shr-- c:\windows\system32\flvDX.dll
2008-11-28 22:18 905,639 a--sh--- c:\windows\system32\GjRCeMoq.ini2
2007-02-21 03:47 31,232 a--shr-- c:\windows\system32\msfDX.dll
2008-03-16 05:30 216,064 a--shr-- c:\windows\system32\nbDX.dll

============= FINISH: 23:45:05.14 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 meonlyme775

meonlyme775
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:11 PM

Posted 22 March 2009 - 01:19 PM

Just an update: I installed several windows updates last night when turning off my computer (26 of them), but nothing really changed. Also, it took 2 tries to boot up my computer today, so there are probably other issues still lingering.

edit:
I just deleted c:\windows\system32\ukchb.exe from my computer after finding it in my startup programs list and not finding it online. Didn't do anything about Google search on FFX3, however.

It seems whatever the problem is is doing the same thing to other search engines, such as Yahoo. On Google Chrome, these engines work fine.

Another problem I have is I can't open my harddrives by doubleclicking them in My Computer. I get some sort of error like: "Windows cannot find 'RECYCLER\S-2-7-97-100016242-100024005-100022154.com'. Make sure you typed the name correctly, and then try again."

Edited by meonlyme775, 22 March 2009 - 03:06 PM.


#3 meonlyme775

meonlyme775
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:03:11 PM

Posted 22 March 2009 - 10:49 PM

For those interested, I ran combofix (it was a risk, since noone told me to) and it fixed the search redirecting. I fixed the harddrive problem by running a bootup scan for avast.

ComboFix 09-03-22.01 - Ben 2009-03-22 20:19:58.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3582.3079 [GMT -7:00]
Running from: c:\documents and settings\Ben\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090322-0] *On-access scanning disabled* (Updated)
FW: ActiveArmor Firewall *disabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\AppPatch\Custom\{deb7008b-681e-4a4a-8aae-cc833e8216ce}.sdb
c:\windows\system32\drivers\gaopdxqjepyargapfuwprtuiqaomkkfsjbtarg.sys
c:\windows\system32\drivers\gaopdxtaqpkctpirrnqgwyliilswqjjoiykjsl.sys
c:\windows\system32\drivers\gaopdxuwbscvbdwqintivvbqhpfjoawnyklvit.sys
c:\windows\system32\gaopdxcounter
c:\windows\system32\gaopdxkqceoyejdjahxeoytfkdvcxsvlaujutd.dll
c:\windows\system32\GjRCeMoq.ini
c:\windows\system32\GjRCeMoq.ini2
c:\windows\system32\iqvlumlo.ini
c:\windows\system32\kaetnlqy.ini
c:\windows\system32\stcoapwx.ini
c:\windows\system32\xlbgupsx.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_gaopdxserv.sys


((((((((((((((((((((((((( Files Created from 2009-02-23 to 2009-03-23 )))))))))))))))))))))))))))))))
.

2009-03-22 16:09 . 2009-03-22 16:09 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-03-22 13:50 . 2009-03-22 16:05 <DIR> d-------- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-03-22 13:47 . 2009-03-22 13:47 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-03-22 12:40 . 2009-03-22 12:40 <DIR> d-------- c:\program files\Windows Defender
2009-03-22 00:06 . 2009-03-22 00:06 <DIR> d-------- c:\windows\system32\Adobe
2009-03-22 00:03 . 2009-03-22 00:03 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-03-21 23:54 . 2008-08-14 03:00 2,180,352 -----c--- c:\windows\system32\dllcache\ntoskrnl.exe
2009-03-21 23:54 . 2008-08-14 02:58 2,136,064 -----c--- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-03-21 23:54 . 2008-08-14 02:22 2,057,728 -----c--- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-03-21 23:54 . 2008-08-14 02:22 2,015,744 -----c--- c:\windows\system32\dllcache\ntkrpamp.exe
2009-03-21 23:54 . 2008-06-13 06:10 272,128 -----c--- c:\windows\system32\dllcache\bthport.sys
2009-03-21 23:53 . 2008-10-24 04:10 453,632 -----c--- c:\windows\system32\dllcache\mrxsmb.sys
2009-03-21 23:52 . 2009-03-21 23:52 <DIR> d-------- c:\windows\NV15243948.TMP
2009-03-21 23:50 . 2009-03-21 23:50 <DIR> d-------- c:\windows\NV36123264.TMP
2009-03-21 23:33 . 2009-03-21 23:33 <DIR> d-------- c:\windows\NV15123584.TMP
2009-03-21 22:39 . 2009-03-21 22:39 <DIR> d-------- c:\documents and settings\Ben\Application Data\Malwarebytes
2009-03-21 22:31 . 2009-03-21 22:31 62 --a------ c:\windows\wininit.ini
2009-03-21 20:34 . 2009-03-21 22:56 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-03-21 20:34 . 2009-03-21 20:34 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-03-21 20:34 . 2009-02-11 11:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-03-21 20:34 . 2009-02-11 11:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-03-21 20:20 . 2004-08-04 05:00 10,096,640 --a--c--- c:\windows\system32\dllcache\hwxcht.dll
2009-03-21 20:19 . 2009-03-21 20:19 749 -rah----- c:\windows\WindowsShell.Manifest
2009-03-21 20:19 . 2009-03-21 20:19 749 -rah----- c:\windows\system32\wuaucpl.cpl.manifest
2009-03-21 20:19 . 2009-03-21 20:19 749 -rah----- c:\windows\system32\sapi.cpl.manifest
2009-03-21 20:19 . 2009-03-21 20:19 749 -rah----- c:\windows\system32\nwc.cpl.manifest
2009-03-21 20:19 . 2009-03-21 20:19 749 -rah----- c:\windows\system32\ncpa.cpl.manifest
2009-03-21 20:19 . 2009-03-21 20:19 488 -rah----- c:\windows\system32\logonui.exe.manifest
2009-03-21 19:57 . 2004-08-04 05:00 1,042,903 -ra------ c:\windows\SETDF.tmp
2009-03-21 18:02 . 2009-03-21 18:02 64,512 --a------ c:\windows\system32\ewf3.pxf
2009-03-21 18:02 . 2009-03-21 18:02 32,768 --a------ c:\windows\system32\fe3.wa
2009-03-21 17:11 . 2009-03-21 17:11 <DIR> d-------- c:\documents and settings\Ben\Application Data\Wallpaper Master
2009-03-21 17:11 . 2009-03-21 17:11 <DIR> d-------- c:\documents and settings\All Users\Application Data\Wallpaper Master
2009-03-21 12:50 . 2009-03-22 20:18 3,218,079,744 --a------ c:\windows\MEMORY.DMP
2009-03-14 14:40 . 2009-03-14 14:40 <DIR> d-------- c:\documents and settings\All Users\Application Data\ONScripter-34069f
2009-03-14 14:27 . 2009-03-14 14:27 <DIR> d-------- c:\program files\07th_Expansion
2009-03-14 14:03 . 2009-03-14 14:03 <DIR> d-------- c:\documents and settings\All Users\Application Data\ONScripter-En
2009-03-14 14:03 . 2009-03-14 17:31 <DIR> d-------- c:\documents and settings\All Users\Application Data\Higurashi
2009-03-05 18:58 . 2009-03-22 00:03 410,984 --a------ c:\windows\system32\deploytk.dll
2009-03-05 16:34 . 2009-03-05 16:34 <DIR> d-------- c:\program files\CCleaner
2009-03-02 21:56 . 2009-03-02 22:02 <DIR> d-------- c:\program files\eMule
2009-03-01 19:47 . 2009-03-01 19:47 7,168 --ahs---- c:\documents and settings\Thumbs.db

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-03-23 03:16 --------- d-----w c:\documents and settings\Ben\Application Data\uTorrent
2009-03-22 23:11 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2009-03-22 21:16 --------- d-----w c:\program files\SUPERAntiSpyware
2009-03-22 19:47 --------- d-----w c:\program files\ClickToConvert
2009-03-22 07:03 --------- d-----w c:\program files\Java
2009-03-22 06:21 --------- d-----w c:\documents and settings\Ben\Application Data\MegauploadToolbar
2009-03-22 05:15 163,712 ----a-w c:\windows\system32\drivers\vidstub.sys
2009-03-22 01:26 --------- d-----w c:\program files\Wallpaper Master
2009-03-15 02:41 --------- d-----w c:\program files\Warcraft III
2009-03-12 05:14 --------- d-----w c:\program files\Tsukihime
2009-03-12 03:45 --------- d-----w c:\documents and settings\Ben\Application Data\mIRC
2009-03-12 03:44 --------- d-----w c:\program files\mIRC
2009-03-12 02:16 --------- d-----w c:\program files\LimeWire
2009-03-08 18:16 --------- d-----w c:\documents and settings\Ben\Application Data\Mal Updater
2009-03-05 06:42 --------- d-----w c:\documents and settings\Ben\Application Data\GetRight
2009-03-04 09:08 --------- d-----w c:\program files\Fate-stay night English
2009-03-02 07:51 --------- d-----w c:\program files\Mal Updater 2
2009-03-02 02:47 8,192 --sha-w c:\program files\Thumbs.db
2009-02-28 09:20 --------- d-----w c:\program files\Starcraft
2009-02-28 09:20 --------- d-----w c:\program files\Flagship Studios
2009-02-28 09:20 --------- d-----w c:\program files\Audacity
2009-02-28 09:20 --------- d-----w c:\program files\AIM6
2009-02-23 03:56 --------- d-----w c:\program files\PicWalker
2009-02-18 07:15 --------- d-----w c:\documents and settings\Ben\Application Data\Skype
2009-02-18 04:01 --------- d-----w c:\documents and settings\Ben\Application Data\skypePM
2009-02-18 03:44 --------- d-----w c:\documents and settings\Ben\Application Data\X-Chat 2
2009-02-16 04:13 --------- d-----w c:\program files\WorldOfGoo
2009-02-16 04:13 --------- d-----w c:\program files\Windows Media Connect 2
2009-02-16 04:13 --------- d-----w c:\program files\Steam
2009-02-16 04:13 --------- d-----w c:\program files\Real Alternative
2009-02-16 04:13 --------- d-----w c:\program files\MKVtoolnix
2009-02-16 04:13 --------- d-----w c:\program files\Linksys Wireless-G USB Wireless Network Monitor
2009-02-16 04:13 --------- d-----w c:\program files\Kagetsu Tohya English v0.5
2009-02-16 04:13 --------- d-----w c:\program files\AoA Audio Extractor
2009-02-14 05:47 --------- d-----w c:\documents and settings\Ben\Application Data\VSO
2009-02-12 10:22 --------- d-----w c:\documents and settings\Ben\Application Data\U3
2009-02-11 06:38 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-02-11 01:15 --------- d-----w c:\program files\Common Files\Skype
2009-02-11 01:15 --------- d-----w c:\documents and settings\All Users\Application Data\Skype
2009-02-11 01:15 --------- d-----r c:\program files\Skype
2009-02-10 06:34 --------- d-----w c:\documents and settings\Ben\Application Data\DAEMON Tools Lite
2009-02-10 06:31 --------- d-----w c:\documents and settings\Ben\Application Data\DAEMON Tools Pro
2009-02-10 06:31 --------- d-----w c:\documents and settings\Ben\Application Data\DAEMON Tools
2009-02-10 06:30 --------- d-----w c:\program files\DAEMON Tools Lite
2009-02-10 06:30 --------- d-----w c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-02-07 05:53 --------- d-----w c:\program files\Google
2009-02-05 06:54 --------- d-----w c:\program files\Smart Projects
2009-02-05 06:52 717,296 ----a-w c:\windows\system32\drivers\sptd.sys
2009-01-28 00:35 --------- d-----w c:\documents and settings\Ben\Application Data\NoteTab Light
2009-01-28 00:32 --------- d-----w c:\program files\NoteTab Light
2009-01-26 02:54 --------- d-----w c:\program files\X-Chat 2
2009-01-25 01:36 --------- d-----w c:\program files\SpeedFan
2008-12-24 07:42 40,960 ----a-w c:\windows\DelPiv.exe
2008-01-08 07:50 27,720 ----a-w c:\documents and settings\Ben\Application Data\GDIPFONTCACHEV1.DAT
2007-10-27 07:23 22,328 ----a-w c:\documents and settings\Ben\Application Data\PnkBstrK.sys
2007-03-21 21:45 1,111,358 ----a-w c:\program files\UXTheme Multi-Patcher 5.5.exe
2006-05-03 10:06 163,328 --sha-r c:\windows\system32\flvDX.dll
2007-02-21 11:47 31,232 --sha-r c:\windows\system32\msfDX.dll
2008-03-16 13:30 216,064 --sha-r c:\windows\system32\nbDX.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A057A204-BACC-4D26-C39E-35F1D2A32EC8}]
2008-08-04 13:44 1947080 --a------ c:\progra~1\MEGAUP~1\MEGAUP~1.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A057A204-BACC-4D26-C39E-35F1D2A32EC8}"= "c:\progra~1\MEGAUP~1\MEGAUP~1.DLL" [2008-08-04 1947080]

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-c39e-35f1d2a32ec8}]
[HKEY_CLASSES_ROOT\megauploadtoolbar.MEGAUPLOADTOOLBAR]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{A057A204-BACC-4D26-C39E-35F1D2A32EC8}"= "c:\progra~1\MEGAUP~1\MEGAUP~1.DLL" [2008-08-04 1947080]

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-c39e-35f1d2a32ec8}]
[HKEY_CLASSES_ROOT\megauploadtoolbar.MEGAUPLOADTOOLBAR]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-05-11 8429568]
"FaxCenterServer4_in_1"="c:\program files\Lexmark 4200 Series\Fax\fm3032.exe" [2004-01-22 151552]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2008-02-29 15872]
"BootSkin Startup Jobs"="c:\program files\Stardock\WinCustomize\BootSkin\BootSkin.exe" [2004-04-26 270336]
"JMB36X IDE Setup"="c:\windows\JM\JMInsIDE.exe" [2006-10-30 36864]
"JMB36X Configure"="c:\windows\system32\JMRaidSetup.exe" [2006-10-30 1953792]
"Copperhead"="c:\program files\Razer\Copperhead\razerhid.exe" [2005-11-25 155648]
"Reclusa"="c:\program files\Razer\Reclusa\razerhid.exe" [2007-06-18 167936]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-11-07 111936]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-05-11 81920]
"razer"="c:\program files\Razer\Copperhead\razerhid.exe" [2005-11-25 155648]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"nTrayFw"="c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe" [2006-02-17 270336]
"nwiz"="nwiz.exe" [2007-05-11 c:\windows\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-11-14 c:\windows\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 c:\windows\SkyTel.exe]

c:\documents and settings\Ben\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 113664]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Wallpaper Master.lnk - c:\program files\Wallpaper Master\Wallpaper.exe [2007-10-28 1650688]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=gzrglq.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Works Calendar Reminders.lnk]
backup=c:\windows\pss\Microsoft Works Calendar Reminders.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\288b06b7
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
--a------ 2008-10-31 12:22 50480 c:\program files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-12-29 03:40 687560 c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2004-10-13 09:24 1694208 c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-11-04 11:30 413696 c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
-ra------ 2009-02-04 13:27 23975720 c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-10-10 17:45 1410296 c:\program files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SkyTel]
-ra------ 2006-05-16 03:04 2879488 c:\windows\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\id Software\\Enemy Territory - QUAKE Wars\\etqwded.exe"=
"c:\\Program Files\\id Software\\Enemy Territory - QUAKE Wars\\etqw.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Flagship Studios\\Hellgate London\\Launcher.exe"=
"c:\\Program Files\\NCsoft\\Exteel\\System\\Exteel.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\bin\\nTrayFw.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-03-22 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-02-17 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-02-17 55024]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-03-22 20560]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-10-29 24652]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-03 13592]
R2 WUSB54GSv2SVC;WUSB54GSv2SVC;c:\program files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe [2007-10-27 41025]
R3 RecFltr;Reclusa Keyboard;c:\windows\system32\drivers\RecFltr.sys [2008-12-05 41984]
S0 BootScreen;BootScreen;\SystemRoot\\SystemRoot\System32\drivers\vidstub.sys --> \SystemRoot\\SystemRoot\System32\drivers\vidstub.sys [?]
S0 mais;mais;c:\windows\system32\drivers\buhav.sys --> c:\windows\system32\drivers\buhav.sys [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-02-17 7408]
S3 uisp;Freescale USB JW32 driver;c:\windows\system32\drivers\Usbicp.sys [2007-10-27 14592]
S3 UsbFltr;Razer Copperhead Driver;c:\windows\system32\drivers\copperhd.sys [2008-09-30 11596]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - GTNDIS5

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\C]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\S-2-7-97-100016242-100024005-100022154-3374.com c:\
\Shell\Open\command - RECYCLER\S-2-7-97-100016242-100024005-100022154-3374.com c:\

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\SETUP.EXE

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL RECYCLER\S-2-7-97-100016242-100024005-100022154-3374.com e:\
\Shell\Open\command - RECYCLER\S-2-7-97-100016242-100024005-100022154-3374.com e:\
.
Contents of the 'Scheduled Tasks' folder

2008-11-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]

2009-03-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1708537768-1897051121-839522115-1003.job
- c:\documents and settings\Ben\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-20 19:17]

2009-03-23 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Aim6 - (no file)
HKLM-Run-RegistryMechanic - (no file)


.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
LSP: %SYSTEMROOT%\system32\nvappfilter.dll
TCP: {4292AFEA-3871-4A32-9353-E9C10EADFA93} = 66.75.160.63,66.75.160.64
FF - ProfilePath - c:\documents and settings\Ben\Application Data\Mozilla\Firefox\Profiles\k90lu1yl.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - chrome://fastdial/content/fastdial.html
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=megaup&p=
FF - plugin: c:\documents and settings\Ben\Local Settings\Application Data\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmusicn.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Opera\program\plugins\nppl3260.dll
FF - plugin: c:\program files\Opera\program\plugins\nprpjplug.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-22 20:26:34
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(816)
c:\program files\SUPERAntiSpyware\SASWINLO.dll

- - - - - - - > 'lsass.exe'(884)
c:\windows\system32\nvappfilter.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\savedump.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
c:\windows\system32\nvsvc32.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54GSv2.exe
c:\windows\system32\rundll32.exe
c:\program files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
c:\program files\Razer\Copperhead\razerofa.exe
c:\program files\Razer\Reclusa\razertra.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-03-22 20:30:22 - machine was rebooted
ComboFix-quarantined-files.txt 2009-03-23 03:30:20

Pre-Run: 128,433,135,616 bytes free
Post-Run: 133,249,523,712 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

341 --- E O F --- 2009-03-22 09:01:58

#4 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:06:11 PM

Posted 30 March 2009 - 02:34 PM

Welcome to the BleepingComputer Forums.

Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Please post the contents of log.txt.
Thank you for your patience.

Please see Preparation Guide for use before posting about your potential Malware problem.

If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped.

Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so.

While we are working on your HijackThis log, please:
  • Reply to this thread; do not start another!
  • Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so.
  • Do not run any other tool until instructed to do so!
  • Let me know if any of the links do not work or if any of the tools do not work.
  • Tell me about problems or symptoms that occur during the fix.
  • Do not run any other programs or open any other windows while doing a fix.
  • Ask any questions that you have regarding the fix(es), the infection(s), the performance of your computer, etc.
Thanks.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#5 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:06:11 PM

Posted 06 April 2009 - 10:56 AM

This subject is now closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users