Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

firefox links infected


  • This topic is locked This topic is locked
16 replies to this topic

#1 charzan

charzan

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:58 PM

Posted 17 April 2009 - 02:05 PM

When I go to a search engine and try to click a link it takes me to some bogus site. If I click the same link 3-4 times it finally takes me to the site I wanted. It doesn't do it all the time and it seems to be the same couple of sites. One of them is a yellow book site and another is cow survey. I tried norton and macafee. Ran super spyware and Malwarebytes' Anti-Malware. I don't know what to do so I read the forum and I am following the instructions it gave me to get help. At this point any help would be greatly appreciated.


DDS (Ver_09-03-16.01) - NTFSx86
Run by HP_Owner at 14:54:05.50 on Fri 04/17/2009
Internet Explorer: 6.0.2900.5512
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.101 [GMT -4:00]

AV: AVG Anti-Virus *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgam.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\HP_Owner.CHAR.000\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
uSearch Page = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
uInternet Connection Wizard,ShellNext = hxxp://us.mcafee.com/root/campaign.asp?cid=43586
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Smart-Shopper: {4a7c84e2-e95c-43c6-8dd3-03abcd0eb60e} - c:\program files\smart-shopper\bin\2.5.1\Smrt-Shpr.dll
BHO: jZip Webmail plugin: {647fd14a-c4f1-46f4-8fc3-0b40f54226f7} - c:\program files\jzip\WebmailPlugin.dll
TB: HP View: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - c:\program files\hp\digital imaging\bin\HPDTLK02.dll
EB: SmartShopper: {8bcb5337-ec01-4e38-840c-a964f174255b} - c:\program files\smart-shopper\bin\2.5.1\Smrt-Shpr.dll
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [SunJavaUpdateSched] c:\program files\java\j2re1.4.2_03\bin\jusched.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [HPHUPD06] c:\program files\hp\{aac4fc36-8f89-4587-8dd3-ebc57c83374d}\hphupd06.exe
mRun: [HPHmon06] c:\windows\system32\hphmon06.exe
mRun: [KBD] c:\hp\kbd\KBD.EXE
IE: Add To HP Organize... - c:\progra~1\hewlet~1\hporga~1\bin\core.hp.main\SendTo.html
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683}
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
IE: {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEBF} - {6FAC4823-815E-4361-836E-46D65ED2550B} - c:\program files\smart-shopper\bin\2.5.1\Smrt-Shpr.dll
IE: {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEC0} - {4CF088BD-BE95-40a5-BE9B-677F8683EDEA} - c:\program files\smart-shopper\bin\2.5.1\Smrt-Shpr.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\hp_own~1.000\applic~1\mozilla\firefox\profiles\l2gx4cwc.default\
FF - prefs.js: browser.startup.homepage - hxxp://home.jzip.com
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJava11.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJava12.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJava13.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJava14.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJava32.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJPI142_03.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPOJI610.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npgcplug.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npracplug.dll

============= SERVICES / DRIVERS ===============

R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2009-4-13 12552]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-4-13 325640]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-4-13 27656]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-4-13 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-1-15 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-1-15 55024]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-4-13 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-4-13 298264]
S2 .norton2009Reset;Norton2009 Reset;c:\documents and settings\all users\application data\norton\norton2009reset.exe --> c:\documents and settings\all users\application data\norton\Norton2009Reset.exe [?]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-1-15 7408]

=============== Created Last 30 ================

2009-04-17 14:34 <DIR> --d----- C:\fghhhhhhhhhhhhhhh
2009-04-17 14:30 <DIR> --d----- c:\program files\Smart-Shopper
2009-04-17 14:30 <DIR> --d----- c:\docume~1\hp_own~1.000\applic~1\Smart-Shopper
2009-04-17 14:29 <DIR> --d----- c:\program files\jZip
2009-04-17 13:13 <DIR> --d----- c:\windows\system32\NtmsData
2009-04-17 12:08 <DIR> --d----- c:\docume~1\hp_own~1.000\applic~1\Malwarebytes
2009-04-17 12:08 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-04-17 12:08 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-17 12:08 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-04-17 12:08 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-04-17 11:49 161,792 a------- c:\windows\SWREG.exe
2009-04-17 11:49 98,816 a------- c:\windows\sed.exe
2009-04-16 15:45 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-04-16 15:45 1,203,922 -c------ c:\windows\system32\dllcache\sysmain.sdb
2009-04-16 15:45 215,552 -c------ c:\windows\system32\dllcache\wordpad.exe
2009-04-15 13:53 16,496 a----r-- c:\windows\system32\drivers\HPZipr12.sys
2009-04-15 13:53 49,920 a----r-- c:\windows\system32\drivers\HPZid412.sys
2009-04-15 13:52 271,704 a----r-- c:\windows\system32\hpzids01.dll
2009-04-15 13:52 117,760 a------- c:\windows\system32\hpzll5mu.dll
2009-04-15 13:52 21,568 a----r-- c:\windows\system32\drivers\HPZius12.sys
2009-04-15 13:52 25,856 ac------ c:\windows\system32\dllcache\usbprint.sys
2009-04-15 13:52 25,856 a------- c:\windows\system32\drivers\usbprint.sys
2009-04-15 13:51 309,760 a----r-- c:\windows\system32\difxapi.dll
2009-04-15 13:51 372,736 a----r-- c:\windows\system32\hppldcoi.dll
2009-04-15 13:51 581,632 a----r-- c:\windows\system32\hpotscl6.dll
2009-04-15 13:51 303,104 a----r-- c:\windows\system32\hpovst15.dll
2009-04-15 13:51 729,088 a----r-- c:\windows\system32\hpowiax7.dll
2009-04-15 13:51 15,104 ac------ c:\windows\system32\dllcache\usbscan.sys
2009-04-15 13:51 15,104 a------- c:\windows\system32\drivers\usbscan.sys
2009-04-13 22:48 <DIR> --d----- C:\00000082
2009-04-13 04:46 <DIR> --d-h--- C:\$AVG8.VAULT$
2009-04-13 04:27 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-04-13 04:27 12,552 a------- c:\windows\system32\drivers\avgrkx86.sys
2009-04-13 04:27 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-04-13 04:27 325,640 a------- c:\windows\system32\drivers\avgldx86.sys
2009-04-13 04:27 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-04-13 04:27 <DIR> --d----- c:\program files\AVG
2009-04-13 04:27 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-04-09 22:27 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-04-09 22:26 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-04-09 22:26 <DIR> --d----- c:\docume~1\hp_own~1.000\applic~1\SUPERAntiSpyware.com
2009-04-09 22:26 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-04-09 02:06 <DIR> --d----- c:\windows\system32\scripting
2009-04-09 02:06 <DIR> --d----- c:\windows\system32\bits
2009-04-09 01:25 159,744 a------- c:\windows\system32\igfxres.dll
2009-04-09 01:17 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-04-09 01:13 1,900,544 a------- c:\windows\system32\usbaaplrc.dll
2009-04-09 01:13 36,864 a------- c:\windows\system32\drivers\usbaapl.sys
2009-04-09 00:30 121,984 -------- c:\windows\system32\drivers\usbvideo.sys
2009-04-09 00:29 67,866 -------- c:\windows\system32\drivers\netwlan5.img
2009-04-09 00:28 6,144 -------- c:\windows\system32\kbdpash.dll
2009-04-09 00:27 650,752 -------- c:\windows\system32\dot3ui.dll
2009-04-09 00:26 870,784 -------- c:\windows\system32\ati3d1ag.dll
2009-04-09 00:13 272,128 -c------ c:\windows\system32\dllcache\bthport.sys
2009-04-09 00:13 272,128 -------- c:\windows\system32\drivers\bthport.sys
2009-04-09 00:13 666,112 -c------ c:\windows\system32\dllcache\wininet.dll
2009-04-09 00:13 619,520 -c------ c:\windows\system32\dllcache\urlmon.dll
2009-04-09 00:13 1,499,136 -c------ c:\windows\system32\dllcache\shdocvw.dll
2009-04-09 00:12 2,145,280 -c------ c:\windows\system32\dllcache\ntkrnlmp.exe
2009-04-09 00:12 2,189,056 -c------ c:\windows\system32\dllcache\ntoskrnl.exe
2009-04-09 00:12 2,066,048 -c------ c:\windows\system32\dllcache\ntkrnlpa.exe
2009-04-09 00:12 2,023,936 -c------ c:\windows\system32\dllcache\ntkrpamp.exe
2009-04-09 00:12 3,068,416 -c------ c:\windows\system32\dllcache\mshtml.dll
2009-04-09 00:12 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2009-04-09 00:12 333,952 -c------ c:\windows\system32\dllcache\srv.sys
2009-04-09 00:11 691,712 -c------ c:\windows\system32\dllcache\inetcomm.dll
2009-04-09 00:10 203,136 -c------ c:\windows\system32\dllcache\rmcast.sys
2009-04-09 00:09 <DIR> --d----- c:\windows\system32\PreInstall
2009-04-08 23:56 337,408 -c------ c:\windows\system32\dllcache\netapi32.dll
2009-04-08 23:35 245,376 a----r-- c:\windows\system32\drivers\rt2500usb.sys
2009-04-08 23:33 <DIR> --d----- c:\windows\system32\Lang
2009-04-08 23:33 94,208 a------- c:\windows\system32\igfxcpl.cpl
2009-04-08 23:32 221,184 a------- c:\windows\system32\wmpns.dll
2009-04-08 23:32 4,192 a--shr-- c:\windows\system32\drivers\HP_PN228AA-ABA a749c_YC_Pavi_QMXM439_E44NAheBLU5_4_IGrouper_SASUSTeK Computer INC._V1.xx_B3.06_T040827_WXH2_L409_M504_J200_7Intel_8Pentium 4_92.93_111063044_N10EC8139_P_Z11C1048C_K_A_U80862658_G80862582.MRK
2009-04-08 23:32 <DIR> --d----- c:\docume~1\hp_own~1.000\applic~1\Symantec
2009-04-08 23:32 <DIR> --d----- c:\documents and settings\hp_owner.char.000\WINDOWS
2009-04-08 23:32 <DIR> --d----- c:\documents and settings\HP_Owner.CHAR.000
2009-04-08 23:28 21,060 -------- c:\windows\system32\drivers\iviaspi.sys
2009-04-08 23:28 10,368 -------- c:\windows\system32\drivers\pfc.sys
2009-04-08 23:27 204,800 a------- c:\windows\system32\IVIresizeW7.dll
2009-04-08 23:27 200,704 a------- c:\windows\system32\IVIresizeA6.dll
2009-04-08 23:27 192,512 a------- c:\windows\system32\IVIresizeP6.dll
2009-04-08 23:27 192,512 a------- c:\windows\system32\IVIresizeM6.dll
2009-04-08 23:27 188,416 a------- c:\windows\system32\IVIresizePX.dll
2009-04-08 23:27 20,480 a------- c:\windows\system32\IVIresize.dll
2009-04-08 23:01 61,696 a------- c:\windows\system32\drivers\ohci1394.sys
2009-04-08 23:01 53,376 a------- c:\windows\system32\drivers\1394bus.sys
2009-04-08 23:01 6,400 a------- c:\windows\system32\drivers\enum1394.sys
2009-04-08 22:55 <DIR> --d----- c:\windows\system32\LogFiles
2009-04-08 22:55 26,488 a------- c:\windows\system32\spupdsvc.exe
2009-04-08 22:26 <DIR> -cdshr-- c:\windows\system32\dllcache
2009-04-08 22:22 <DIR> --d----- c:\docume~1\hp_own~1.000\applic~1\GetRightToGo
2009-04-08 21:17 <DIR> --d----- c:\windows\RegCure
2009-04-08 20:54 <DIR> --dshr-- C:\cmdcons
2009-04-08 20:53 <DIR> --d----- c:\windows\setupupd
2009-04-08 20:40 <DIR> --d----- c:\docume~1\hp_own~1.000\applic~1\uTorrent
2009-04-08 20:37 <DIR> --d----- c:\windows\system32\SoftwareDistribution
2009-03-28 15:49 69 a------- c:\windows\NeroDigital.ini
2009-03-24 18:05 <DIR> --d----- c:\program files\Nero
2009-03-24 18:05 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Nero
2009-03-21 10:06 989,696 -c------ c:\windows\system32\dllcache\kernel32.dll

==================== Find3M ====================

2009-04-09 02:14 81,903 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-04-09 02:13 3,072 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\pavilion\xphwwbf4duet\plugin\bin\jsharpde\pchealthde.exe
2009-04-09 02:13 98,304 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\pavilion\xphwwbf4duet\plugin\bin\PluginCtrl.dll
2009-04-08 23:34 3,885 a------- c:\windows\viassary-hp.reg
2009-03-19 16:32 23,400 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-06 10:22 284,160 a------- c:\windows\system32\pdh.dll
2009-02-25 22:02 157,571 a------- c:\windows\hpoins27.dat
2009-02-20 04:10 666,112 a------- c:\windows\system32\wininet.dll
2009-02-20 04:10 81,920 a------- c:\windows\system32\ieencode.dll
2009-02-09 08:10 729,088 a------- c:\windows\system32\lsasrv.dll
2009-02-09 08:10 714,752 a------- c:\windows\system32\ntdll.dll
2009-02-09 08:10 617,472 a------- c:\windows\system32\advapi32.dll
2009-02-09 08:10 401,408 a------- c:\windows\system32\rpcss.dll
2009-02-09 07:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-07 19:02 2,066,048 a------- c:\windows\system32\ntkrnlpa.exe
2009-02-06 07:11 110,592 a------- c:\windows\system32\services.exe
2009-02-06 07:08 2,189,056 a------- c:\windows\system32\ntoskrnl.exe
2009-02-06 06:39 35,328 a------- c:\windows\system32\sc.exe
2009-02-03 15:59 56,832 a------- c:\windows\system32\secur32.dll
2006-09-01 18:27 523,071 a------- c:\program files\gpiclientinstall.exe
2006-08-18 12:30 774,144 a------- c:\program files\RngInterstitial.dll
2006-03-24 21:02 5,175,696 a------- c:\program files\Firefox Setup 1.5.0.1.exe

============= FINISH: 14:54:34.39 ===============

BC AdBot (Login to Remove)

 


#2 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:58 PM

Posted 02 May 2009 - 04:06 PM

Hi

My name is Extremeboy (or EB for short), and I will be helping you with your log.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far.

If you do not make a reply in 5 days, we will need to close your topic.

You may want to keep the link to this topic in your favourites. Alternatively, you can click the Posted Image button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.

Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Please reply using the Posted Image button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply.
  • Old topics are closed after 3 days with no reply, and working topics are closed after 5 days. If for any reason you cannot complete instructions within that time, that's fine, just post back here so that we know you're still here.
If you still require assistance post a new set of DDS Logs and a description of any remaining problems or symptoms you may still have please.

If for any reason you did not post a DDS log please refer to this page and in step #6 there is instructions on downloading and running DDS. IF you have any problems just let me know in your next reply or simply post a Hijackthis log.

Thanks again and we apologzie for the delay.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#3 charzan

charzan
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:58 PM

Posted 05 May 2009 - 08:26 AM

Hi and thank you for responding. since posting this ive tried zone alarm, and currently have bit defender and spybot on my computer. following the directions they gave me are the only changes i might have made. The problem seems to still be there but not nearly as bad. it went from being unusable to only happening sometimes. thanks I appreciate any help you can give.

Attached Files



#4 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:58 PM

Posted 05 May 2009 - 03:27 PM

Hello.

. The problem seems to still be there but not nearly as bad. it went from being unusable to only happening sometimes. thanks I appreciate any help you can give.

Is this referring to the Firefox redirect problem? Please elaborate.

Question: Do you know what this folder is in your C:\ drive: C:\fghhhhhhhhhhhhhhh

Next perform the following.

Update and Scan with MalwareBytes Anti-Malware
  • Launch Malwarebytes' Anti-Malware
  • Go to the Update tab
  • Select Check for Update and let MBAM download and install any available updates.
  • After the update is complete go to the Scanner tab.
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download and Run Rooter SD

Please download Rooter.exe and save it to your desktop
  • Double-click it to start the tool. If you are using Vista, please right-click and choose Run As Administrator...
  • Alow it to run when you get a Security Warning
  • A black Command Windows will open saying: "Please Wait..."
  • A bunch of text will go past the screen very quickly (Don't worry, it is scanning)
  • It will now begin to scan, please be paitent. The scan should not take more than 2 minutes
  • A Notepad file containing the report will open soon. It can also be found at %systemdrive%\Rooter.txt
  • Please post that log here in your next reply please
Download and Run GooredFix using Option1 (Scanning)
  • Please download GooredFix and save it to your Desktop.
    Alternative Download Mirror #2
  • Double-click Goored.exe to run it.
  • A window shall open, please Select 1. [Find Goored (no fix)] by typing 1 and pressing Enter. It will begin scanning.
  • A log will open once it is complete, please post the contents of that log in your next reply
*Note: The log can also be found on your desktop, called Goored.txt
Please Do not run Option #2 yet.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#5 charzan

charzan
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:58 PM

Posted 06 May 2009 - 10:58 AM

I am sorry. Yes the firefox redirect problem is what I ment. It used to be every time I clicked a link I would have to click it 4 times to get the right link. Majority of the time it would go to some yellowbook site, a cow survey site, 404 not found, then finally the actual site I wanted to go to. It would happen every time I clicked a link, any link. Now it only does it some times. Most of the time I click a link and it goes right to the site. But I am afraid it is only going to get worse, again. And I did check the file C:\ drive: C:\fghhhhhhhhhhhhhhh. I am not sure why it is named that but inside is hijackthis.exe and a txt document. I downloaded that and combfix and rooter to try and save time incase I was ever asked to post any of them. Sorry for the confusion.


Malwarebytes' Anti-Malware 1.36
Database version: 2083
Windows 5.1.2600 Service Pack 3

5/6/2009 11:44:31 AM
mbam-log-2009-05-06 (11-44-31).txt

Scan type: Quick Scan
Objects scanned: 87298
Time elapsed: 5 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)





GooredFix v1.92 by jpshortstuff
Log created at 11:45 on 06/05/2009 running Option #1 (HP_Owner)
Firefox version 3.0.10 (en-US)

=====Suspect Goored Entries=====

C:\Program Files\Mozilla Firefox\extensions\{DFB35553-816E-4E25-BCA5-C3ACE71A2AF0}

C:\Program Files\Mozilla Firefox\extensions\{4E6B4204-63F0-4390-8A05-8E158DA5ECC9}

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.10\extensions]
"Plugins"="C:\Program Files\Mozilla Firefox\plugins"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.10\extensions]
"Components"="C:\Program Files\Mozilla Firefox\components"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"FFToolbar@bitdefender.com"="C:\Program Files\BitDefender\BitDefender 2009\FFToolbar\"

#6 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:58 PM

Posted 07 May 2009 - 02:56 PM

Hello.

I need to see the Rooter log please. PLease run it.

Run GooredFix using Option2 (Removal)

Please download GooredFix and save it to your Desktop.
Alternative Download Mirror #2

Please make sure all instances of Firefox are closed at this point before proceeding.
  • Please double-click Goored.exe on your Desktop to run it.
  • A window will appear, please Select 2. (Fix Goored) by typing 2 and pressing Enter.
  • Type Y at the prompt and press Enter. The removal process will begin
  • A log will open with the file after completion, please post the contents of that log in your next reply
*Note: The log can also be found on your desktop (Goored.txt)

Re-Run DDS and post back with a new set of logs.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#7 charzan

charzan
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:58 PM

Posted 09 May 2009 - 10:47 AM

hi and thanks for helping. I am sorry I didn't include the step two phase last time. I hope this helps. Thanks again.

GooredFix v1.92 by jpshortstuff
Log created at 11:42 on 09/05/2009 running Option #2 (HP_Owner)
Firefox version 3.0.10 (en-US)

=====Goored Deletions=====
C:\Program Files\Mozilla Firefox\extensions\{DFB35553-816E-4E25-BCA5-C3ACE71A2AF0}
->Backing up folder... Done.
->Emptying folder... Done.
->Deleting folder... Done.
C:\Program Files\Mozilla Firefox\extensions\{4E6B4204-63F0-4390-8A05-8E158DA5ECC9}
->Backing up folder... Done.
->Emptying folder... Done.
->Deleting folder... Done.

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.10\extensions]
"Plugins"="C:\Program Files\Mozilla Firefox\plugins"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.10\extensions]
"Components"="C:\Program Files\Mozilla Firefox\components"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"FFToolbar@bitdefender.com"="C:\Program Files\BitDefender\BitDefender 2009\FFToolbar\"



DDS (Ver_09-03-16.01) - NTFSx86
Run by HP_Owner at 11:43:07.53 on Sat 05/09/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.41 [GMT -4:00]

AV: BitDefender Antivirus *On-access scanning enabled* (Updated)
FW: BitDefender Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\HP_Owner.CHAR.000\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.msn.com
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
uInternet Connection Wizard,ShellNext = hxxp://us.mcafee.com/root/campaign.asp?cid=43586
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: WormRadar.com IESiteBlocker.NavFilter: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - AVG Safe Search
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
TB: HP View: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - c:\program files\hp\digital imaging\bin\HPDTLK02.dll
TB: BitDefender Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} - c:\program files\bitdefender\bitdefender 2009\IEToolbar.dll
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [SunJavaUpdateSched] c:\program files\java\j2re1.4.2_03\bin\jusched.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [HPHUPD06] c:\program files\hp\{aac4fc36-8f89-4587-8dd3-ebc57c83374d}\hphupd06.exe
mRun: [HPHmon06] c:\windows\system32\hphmon06.exe
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [BDAgent] "c:\program files\bitdefender\bitdefender 2009\bdagent.exe"
mRun: [BitDefender Antiphishing Helper] "c:\program files\bitdefender\bitdefender 2009\IEShow.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: Add To HP Organize... - c:\progra~1\hewlet~1\hporga~1\bin\core.hp.main\SendTo.html
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683}
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\hp_own~1.000\applic~1\mozilla\firefox\profiles\l2gx4cwc.default\
FF - component: c:\program files\mozilla firefox\components\FFComm.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJava11.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJava12.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJava13.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJava14.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJava32.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJPI142_03.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPOJI610.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npgcplug.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npracplug.dll

============= SERVICES / DRIVERS ===============

R2 BDVEDISK;BDVEDISK;c:\program files\bitdefender\bitdefender 2009\BDVEDISK.sys [2008-10-6 82696]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-4-25 179856]
R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [2008-9-18 111112]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [2009-2-12 104328]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-4-25 15504]
S2 .norton2009Reset;Norton2009 Reset;c:\documents and settings\all users\application data\norton\norton2009reset.exe --> c:\documents and settings\all users\application data\norton\Norton2009Reset.exe [?]
S3 Arrakis3;BitDefender Arrakis Server;c:\program files\common files\bitdefender\bitdefender arrakis server\bin\Arrakis3.exe [2009-1-20 172032]

=============== Created Last 30 ================

2009-04-30 13:32 <DIR> --d----- c:\docume~1\hp_own~1.000\applic~1\Windows Search
2009-04-30 12:11 1,089,593 -c------ c:\windows\system32\dllcache\ntprint.cat
2009-04-29 20:13 121 a------- c:\windows\bdagent.INI
2009-04-29 18:27 473 a------- c:\windows\system32\BDUpdateV1.xml
2009-04-29 16:56 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-04-29 16:56 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-04-29 15:26 <DIR> --d----- c:\windows\system32\XPSViewer
2009-04-29 15:25 597,504 -c------ c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-04-29 15:25 89,088 -c------ c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-04-29 15:25 117,760 -------- c:\windows\system32\prntvpt.dll
2009-04-29 15:25 575,488 -c------ c:\windows\system32\dllcache\xpsshhdr.dll
2009-04-29 15:25 575,488 -------- c:\windows\system32\xpsshhdr.dll
2009-04-29 15:25 1,676,288 -c------ c:\windows\system32\dllcache\xpssvcs.dll
2009-04-29 15:25 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2009-04-29 15:25 <DIR> --d----- C:\c7160620f8c44a52805a9689bf79f32d
2009-04-29 15:07 <DIR> --d----- c:\docume~1\hp_own~1.000\applic~1\Windows Desktop Search
2009-04-29 15:06 <DIR> --d----- c:\windows\system32\GroupPolicy
2009-04-29 15:06 <DIR> --d----- c:\program files\Windows Desktop Search
2009-04-29 15:05 192,000 -c------ c:\windows\system32\dllcache\offfilt.dll
2009-04-29 15:05 98,304 -c------ c:\windows\system32\dllcache\nlhtml.dll
2009-04-29 15:05 29,696 -c------ c:\windows\system32\dllcache\mimefilt.dll
2009-04-29 14:58 <DIR> --dsh--- c:\documents and settings\hp_owner.char.000\IETldCache
2009-04-29 14:57 <DIR> --d----- c:\windows\ie8updates
2009-04-29 14:56 105,984 -c------ c:\windows\system32\dllcache\iecompat.dll
2009-04-29 14:55 <DIR> -cd-h--- c:\windows\ie8
2009-04-29 14:30 850 a------- c:\windows\system32\ProductTweaks.xml
2009-04-29 14:30 385 a------- c:\windows\system32\user_gensett.xml
2009-04-29 14:29 81,984 a------- c:\windows\system32\bdod.bin
2009-04-29 14:19 <DIR> --d----- c:\windows\system32\logs
2009-04-29 14:19 <DIR> --d----- c:\docume~1\hp_own~1.000\applic~1\BitDefender
2009-04-29 14:19 <DIR> --d----- C:\Binaries
2009-04-29 14:19 <DIR> --d----- c:\program files\BitDefender
2009-04-29 14:19 <DIR> --d----- c:\docume~1\alluse~1\applic~1\BitDefender
2009-04-29 14:10 <DIR> --d----- c:\program files\common files\BitDefender
2009-04-26 15:45 76,803 a------- c:\windows\War3Unin.dat
2009-04-26 15:44 139,264 a------- c:\windows\War3Unin.exe
2009-04-26 15:44 2,829 a------- c:\windows\War3Unin.pif
2009-04-25 14:01 4,212 a---h--- c:\windows\system32\zllictbl.dat
2009-04-25 14:00 <DIR> --d----- c:\windows\system32\ZoneLabs
2009-04-25 14:00 <DIR> --d----- c:\program files\Zone Labs
2009-04-25 13:59 <DIR> --d----- c:\windows\Internet Logs
2009-04-25 12:10 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-04-25 12:10 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-25 12:10 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-04-25 12:06 <DIR> --d----- c:\program files\VS Revo Group
2009-04-17 19:01 3,895 a------- C:\rollback.ini
2009-04-17 18:48 <DIR> --d----- c:\program files\common files\ParetoLogic
2009-04-17 18:48 <DIR> --d----- c:\docume~1\alluse~1\applic~1\ParetoLogic
2009-04-17 14:34 <DIR> --d----- C:\fghhhhhhhhhhhhhhh
2009-04-17 13:13 <DIR> --d----- c:\windows\system32\NtmsData
2009-04-17 12:08 <DIR> --d----- c:\docume~1\hp_own~1.000\applic~1\Malwarebytes
2009-04-17 12:08 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-04-17 11:49 161,792 a------- c:\windows\SWREG.exe
2009-04-17 11:49 98,816 a------- c:\windows\sed.exe
2009-04-16 15:45 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-04-16 15:45 1,203,922 -c------ c:\windows\system32\dllcache\sysmain.sdb
2009-04-16 15:45 215,552 -c------ c:\windows\system32\dllcache\wordpad.exe
2009-04-15 13:53 16,496 a----r-- c:\windows\system32\drivers\HPZipr12.sys
2009-04-15 13:53 49,920 a----r-- c:\windows\system32\drivers\HPZid412.sys
2009-04-15 13:52 271,704 a----r-- c:\windows\system32\hpzids01.dll
2009-04-15 13:52 117,760 a------- c:\windows\system32\hpzll5mu.dll
2009-04-15 13:52 21,568 a----r-- c:\windows\system32\drivers\HPZius12.sys
2009-04-15 13:52 25,856 ac------ c:\windows\system32\dllcache\usbprint.sys
2009-04-15 13:52 25,856 a------- c:\windows\system32\drivers\usbprint.sys
2009-04-15 13:51 309,760 a----r-- c:\windows\system32\difxapi.dll
2009-04-15 13:51 372,736 a----r-- c:\windows\system32\hppldcoi.dll
2009-04-15 13:51 581,632 a----r-- c:\windows\system32\hpotscl6.dll
2009-04-15 13:51 303,104 a----r-- c:\windows\system32\hpovst15.dll
2009-04-15 13:51 729,088 a----r-- c:\windows\system32\hpowiax7.dll
2009-04-15 13:51 15,104 ac------ c:\windows\system32\dllcache\usbscan.sys
2009-04-15 13:51 15,104 a------- c:\windows\system32\drivers\usbscan.sys
2009-04-13 22:48 <DIR> --d----- C:\00000082
2009-04-13 04:27 <DIR> --d----- c:\program files\AVG
2009-04-09 22:27 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-04-09 22:26 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-04-09 22:26 <DIR> --d----- c:\docume~1\hp_own~1.000\applic~1\SUPERAntiSpyware.com

==================== Find3M ====================

2009-04-09 02:14 81,903 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-04-09 02:13 3,072 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\pavilion\xphwwbf4duet\plugin\bin\jsharpde\pchealthde.exe
2009-04-09 02:13 98,304 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\pavilion\xphwwbf4duet\plugin\bin\PluginCtrl.dll
2009-04-08 23:34 3,885 a------- c:\windows\viassary-hp.reg
2009-04-08 23:32 4,192 a--shr-- c:\windows\system32\drivers\HP_PN228AA-ABA a749c_YC_Pavi_QMXM439_E44NAheBLU5_4_IGrouper_SASUSTeK Computer INC._V1.xx_B3.06_T040827_WXH2_L409_M504_J200_7Intel_8Pentium 4_92.93_111063044_N10EC8139_P_Z11C1048C_K_A_U80862658_G80862582.MRK
2009-03-26 15:23 1,900,544 a------- c:\windows\system32\usbaaplrc.dll
2009-03-26 15:23 36,864 a------- c:\windows\system32\drivers\usbaapl.sys
2009-03-19 16:32 23,400 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-08 04:34 914,944 a------- c:\windows\system32\wininet.dll
2009-03-08 04:34 43,008 a------- c:\windows\system32\licmgr10.dll
2009-03-08 04:33 18,944 a------- c:\windows\system32\corpol.dll
2009-03-08 04:33 420,352 a------- c:\windows\system32\vbscript.dll
2009-03-08 04:32 72,704 a------- c:\windows\system32\admparse.dll
2009-03-08 04:32 71,680 a------- c:\windows\system32\iesetup.dll
2009-03-08 04:31 34,816 a------- c:\windows\system32\imgutil.dll
2009-03-08 04:31 48,128 a------- c:\windows\system32\mshtmler.dll
2009-03-08 04:31 45,568 a------- c:\windows\system32\mshta.exe
2009-03-08 04:22 156,160 a------- c:\windows\system32\msls31.dll
2009-03-06 10:22 284,160 a------- c:\windows\system32\pdh.dll
2009-02-25 22:02 157,571 a------- c:\windows\hpoins27.dat
2009-02-09 08:10 729,088 a------- c:\windows\system32\lsasrv.dll
2009-02-09 08:10 714,752 a------- c:\windows\system32\ntdll.dll
2009-02-09 08:10 617,472 a------- c:\windows\system32\advapi32.dll
2009-02-09 08:10 401,408 a------- c:\windows\system32\rpcss.dll
2009-02-09 07:13 1,846,784 a------- c:\windows\system32\win32k.sys
2006-09-01 18:27 523,071 a------- c:\program files\gpiclientinstall.exe
2006-08-18 12:30 774,144 a------- c:\program files\RngInterstitial.dll
2006-03-24 21:02 5,175,696 a------- c:\program files\Firefox Setup 1.5.0.1.exe

============= FINISH: 11:44:58.28 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-03-16.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 4/8/2009 11:30:26 PM
System Uptime: 5/9/2009 11:33:06 AM (0 hours ago)

Motherboard: ASUSTeK Computer INC. | | Grouper
Processor: Intel® Pentium® 4 CPU 2.93GHz | CPU 1 | 2932/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 180 GiB total, 156.413 GiB free.
D: is FIXED (FAT32) - 6 GiB total, 0.755 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Realtek RTL8139/810x Family Fast Ethernet NIC
Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_2A0B103C&REV_10\4&2E9A5DB2&0&10F0
Manufacturer: Realtek
Name: Realtek RTL8139/810x Family Fast Ethernet NIC
PNP Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_2A0B103C&REV_10\4&2E9A5DB2&0&10F0
Service: rtl8139

==== System Restore Points ===================

RP1: 4/25/2009 11:35:02 AM - System Checkpoint
RP2: 4/25/2009 11:48:56 AM - Installed Windows XP KB958644.
RP3: 4/25/2009 12:07:27 PM - Revo Uninstaller's restore point - Malwarebytes' Anti-Malware
RP4: 4/26/2009 1:51:02 AM - Revo Uninstaller's restore point - RealJukebox 1.0
RP5: 4/27/2009 1:39:36 PM - System Checkpoint
RP6: 4/28/2009 6:41:54 PM - System Checkpoint
RP7: 4/29/2009 2:12:57 PM - Removed AVG 8.5
RP8: 4/29/2009 2:13:55 PM - Installed AVG 8.5
RP9: 4/29/2009 2:18:58 PM - Installed BitDefender Total Security 2009
RP10: 4/29/2009 2:52:01 PM - Software Distribution Service 3.0
RP11: 4/29/2009 3:05:43 PM - Software Distribution Service 3.0
RP12: 4/29/2009 3:19:17 PM - Software Distribution Service 3.0
RP13: 4/29/2009 3:43:31 PM - Printer Driver Microsoft XPS Document Writer Installed
RP14: 4/30/2009 12:19:43 PM - Software Distribution Service 3.0
RP15: 4/30/2009 12:49:25 PM - Software Distribution Service 3.0
RP16: 4/30/2009 1:00:34 PM - Software Distribution Service 3.0
RP17: 4/30/2009 1:09:13 PM - Software Distribution Service 3.0
RP18: 4/30/2009 1:15:14 PM - Software Distribution Service 3.0
RP19: 4/30/2009 1:16:51 PM - Software Distribution Service 3.0
RP20: 4/30/2009 1:18:02 PM - Software Distribution Service 3.0
RP21: 4/30/2009 1:21:16 PM - Software Distribution Service 3.0
RP22: 4/30/2009 1:23:37 PM - Software Distribution Service 3.0
RP23: 4/30/2009 1:25:15 PM - Software Distribution Service 3.0
RP24: 4/30/2009 1:41:07 PM - Software Distribution Service 3.0
RP25: 4/30/2009 1:42:53 PM - Software Distribution Service 3.0
RP26: 5/1/2009 4:08:44 PM - System Checkpoint
RP27: 5/6/2009 10:28:04 AM - System Checkpoint
RP28: 5/7/2009 11:34:05 AM - System Checkpoint

==== Installed Programs ======================

µTorrent
Adobe Acrobat - Reader 6.0.2 Update
Adobe Flash Player 10 Plugin
Adobe Reader 6.0.1
AiO_Scan
AiOSoftware
Apple Mobile Device Support
Apple Software Update
BitDefender Total Security 2009
Bonjour
BufferChm
CameraDrivers
Combined Community Codec Pack 2008-09-21 16:18
Copy
CreativeProjects
CreativeProjectsTemplates
Critical Update for Windows Media Player 11 (KB959772)
CueTour
Destinations
Director
DocProc
DocumentViewer
Fax
Help and Support Additions
High Definition Audio Driver Package - KB835221
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
HP Deskjet Preloaded Printer Drivers
HP Diagnostic Assistant
HP Image Zone 4.2
HP Image Zone Plus 4.2
HP Organize
HP Photo & Imaging 3.5 - HP Devices
HP PSC & OfficeJet 4.0
HP Software Update
hpg2436
hpg3970
hpg4600
hpg5530
hpg8200
HPIZ402
HpSdpAppCoreApp
HPSystemDiagnostics
InstantShare
Intel® Graphics Media Accelerator Driver
IntelliMover Data Transfer Demo
InterVideo WinDVD Creator 2
InterVideo WinDVD Player
iTunes
Java 2 Runtime Environment, SE v1.4.2_03
KBD
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Plus! Dancer LE
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Works 7.0
Mozilla Firefox (3.0.10)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
muvee autoProducer 3.5 magicMoments - HPD
PC-Doctor for Windows
PeerGuardian 2.0
PhotoGallery
Photosmart 320,370,7400,8100,8400 Series
PrintScreen
PS2
PSPrinters06
Python 2.2 combined Win32 extensions
Python 2.2.1
QFolder
QuickProjects
QuickTime
Readme
Revo Uninstaller 1.80
Scan
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB963027)
SkinsHP1
SkinsHP2
Sonic RecordNow!
Spybot - Search & Destroy
TrayApp
Unload
Update for Windows Internet Explorer 8 (KB968220)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Updates from HP
VC 9.0 Runtime
Warcraft III: All Products
WebFldrs XP
WebReg
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0
Windows XP Service Pack 3
WinRAR archiver

==== Event Viewer Messages From Past Week ========

5/6/2009 9:59:08 AM, error: Service Control Manager [7000] - The Norton2009 Reset service failed to start due to the following error: The system cannot find the file specified.

==== End Of File ===========================

#8 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:58 PM

Posted 09 May 2009 - 12:57 PM

Hello.

There are things on your computer that I need to warn you about, but I still need to see the Rooter log as I believe there are more things on your computer that are "not-good". <- I will explain what I mean once I see that log.....

I need to see the Rooter log please. PLease run it.

:thumbup2:

~Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#9 charzan

charzan
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:58 PM

Posted 10 May 2009 - 08:03 AM

i am very sorry i thought i included this last time. i am eager to see the million things wrong with my computer.


Microsoft Windows XP Home Edition (5.1.2600) Service Pack 3

C:\ [Fixed] - NTFS - (Total:184828 Mo/Free:706 Mo)
D:\ [Fixed] - FAT32 - (Total:5931 Mo/Free:773 Mo)
E:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
F:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)
G:\ [Removable] (Total:0 Mo/Free:0 Mo)
H:\ [Removable] (Total:0 Mo/Free:0 Mo)
I:\ [Removable] (Total:0 Mo/Free:0 Mo)
J:\ [Removable] (Total:0 Mo/Free:0 Mo)

Sun 05/10/2009| 8:51

----------------------\\ Processes..

--Locked-- [System Process]
---------- ???"??
---------- \SystemRoot\System32\smss.exe
---------- \??\C:\WINDOWS\system32\csrss.exe
---------- \??\C:\WINDOWS\system32\winlogon.exe
---------- C:\WINDOWS\system32\services.exe
---------- C:\WINDOWS\system32\lsass.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
--Locked-- ???"?"???
--Locked-- ???"?"???
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\Explorer.EXE
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\spoolsv.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
---------- C:\Program Files\Bonjour\mDNSResponder.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
---------- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\SearchIndexer.exe
---------- C:\Program Files\Windows Media Player\WMPNetwk.exe
---------- C:\WINDOWS\System32\alg.exe
---------- C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
---------- C:\WINDOWS\system32\hkcmd.exe
---------- C:\WINDOWS\system32\hphmon06.exe
---------- C:\HP\KBD\KBD.EXE
---------- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
--Locked-- ???"?"???
---------- C:\Program Files\Windows Media Player\WMPNSCFG.exe
---------- C:\WINDOWS\system32\ctfmon.exe
---------- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
---------- C:\WINDOWS\system32\wuauclt.exe
--Locked-- ???"?"???
---------- C:\Program Files\Mozilla Firefox\firefox.exe
---------- C:\WINDOWS\system32\cmd.exe
---------- C:\Rooter$\RK.exe

----------------------\\ Search..

----------------------\\ ROOTKIT !!


----------------------\\ Cracks & Keygens..

C:\DOCUME~1\HP_OWN~1.000\Desktop\various apps\ZoneAlarm 8 Keygen.exe
C:\DOCUME~1\HP_OWN~1.000\Desktop\various apps\Nero 7.10.1.0\Keygen.exe
C:\DOCUME~1\HP_OWN~1.000\Desktop\various apps\REG CURE-FULL\precracked - enjoy.txt
C:\DOCUME~1\HP_OWN~1.000\Desktop\various apps\SUPER Anti Spyware.v4.25 PRO [FINAL.PL.Keygen] [Arx]\Czyt..!!.txt
C:\DOCUME~1\HP_OWN~1.000\Desktop\various apps\SUPER Anti Spyware.v4.25 PRO [FINAL.PL.Keygen] [Arx]\info.txt
C:\DOCUME~1\HP_OWN~1.000\Desktop\various apps\SUPER Anti Spyware.v4.25 PRO [FINAL.PL.Keygen] [Arx]\SUPERAntiSpyware.exe
C:\DOCUME~1\HP_OWN~1.000\Desktop\various apps\SUPER Anti Spyware.v4.25 PRO [FINAL.PL.Keygen] [Arx]\Uninstalling Previous Version\READ ME FIRST ! ! !.txt
C:\DOCUME~1\HP_OWN~1.000\Desktop\various apps\SUPER Anti Spyware.v4.25 PRO [FINAL.PL.Keygen] [Arx]\Uninstalling Previous Version\SASUNINST.EXE
C:\DOCUME~1\ALLUSE~1\Documents\My Videos\BitDefender Total Security 2009 v12.0.10+Keygen-HeartBug\Setup.exe
C:\DOCUME~1\ALLUSE~1\Documents\My Videos\BitDefender Total Security 2009 v12.0.10+Keygen-HeartBug\Keygen\Keygen.exe


1 - "C:\Rooter$\Rooter_1.txt" - Sun 05/10/2009| 8:52

----------------------\\ Scan completed at 8:52

#10 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:58 PM

Posted 10 May 2009 - 05:36 PM

Hello.

Not wrong "wrong" but wrong as in there are things on your computer that shouldn't be.

What I'm talking is cracks and keygenes.

Posted ImageCracks and Key Generators Warning

Your system is full of "cracks and keygens", this means You have used cracks or key generators.

You should know that use of these is considered illegal activity, as it bypasses copyright laws.

Some of the worst types of malware infections can be contracted and spread by visiting crack, keygen, warez and other pirated software sites. In many cases, these sites are infested with a sm?rg?sbord of malware. Those who attempt to get software for free can end up with a computer system so badly damaged that recovery is not possible and it cannot be repaired. When that happens there is nothing you can do besides reformatting and reinstalling Windows.

Merely visiting such sites without downloading ANYTHING is one of the worst things a user can do online. They are illegal. Cracked software is notorious for carrying malware/infections. How do you think these people make their money... they aren't really giving you this software out of the goodness of their hearts.

Antivirus programs cannot protect you against what you are deliberately running. If you have or are using a CRACKED version of ANY security programs you are basically infecting yourself by installing that software, as it's not going to protect you.

The HJT Teams will have 0 tolerance of members that continue to reinfect their system from use of such programs.

You should know what I am talking about and I expect you remove all of these programs/files.

Once we finish you cleaning you up and giving you some prevention tips, I expect you to refrain from using these and geting re-infected again.

Once you have done that, please re-run DDS and post back with both it's log and the log from GMER (refer below).


Download and Run Scan with GMER

We will use GMER to scan for rootkits.This version will download a zip file you will need to extract first. If you use this mirror, please extract the zip file to your desktop. Unzip/extract the file to its own folder. (Click here for information on how to do this if not sure. Win 2000 users click here.
  • Close any and all open programs, as this process may crash your computer.
  • Double click Posted Image or Posted Image on your desktop.
  • When you have done this, close all running programs.
    There is a small chance this application may crash your computer so save any work you have open.
  • Double-click on Gmer.exe to start the program. Right-click and select Run As Administrator... if you are using Vista
  • Allow the gmer.sys driver to load if asked.
    If it detects rootkit activity, you will receive a prompt (refer below) to run a full scan. Click NO..
    Posted Image
  • In the right panel, you will see several boxes that have been checked. Please UNCHECK the following:
    • Sections
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show all (Don't miss this one!)
  • Posted Image
  • Click on Posted Image and wait for the scan to finish.
  • If you see a rootkit warning window, click OK.
  • Push Posted Image and save the logfile to your desktop.
  • Copy and Paste the contents of that file in your next post.

If GMER doesn't work in Normal Mode try running it in Safe Mode

Note: Do Not run any program while GMER is running
*Note*: Rootkit scans often produce false positives. Do NOT take any actions on "<--- ROOKIT" entries

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#11 charzan

charzan
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:58 PM

Posted 11 May 2009 - 06:51 PM

hello again and thanks for helping. I apologize for having anything on my computer that i shouldn't. I downloaded some suggested programs and followed directions how to use them. So I do know what keygens are, but i am unfamiliar with 'cracks'. i think i have erased everything ive downloaded since trying to fix my firefox problem. however if you can see anything else from my log that you would recommend i erase i will be more than happy to do so. It was never my intention to ever have any thing illegal at all. i hope you understand and continue to help. thanks

DDS (Ver_09-03-16.01) - NTFSx86
Run by HP_Owner at 19:45:29.62 on Mon 05/11/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.20 [GMT -4:00]

AV: BitDefender Antivirus *On-access scanning enabled* (Updated)
FW: BitDefender Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\Explorer.EXE
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\HP_Owner.CHAR.000\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.msn.com
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
uInternet Connection Wizard,ShellNext = hxxp://us.mcafee.com/root/campaign.asp?cid=43586
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: WormRadar.com IESiteBlocker.NavFilter: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - AVG Safe Search
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
TB: HP View: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - c:\program files\hp\digital imaging\bin\HPDTLK02.dll
TB: BitDefender Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} - c:\program files\bitdefender\bitdefender 2009\IEToolbar.dll
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [SunJavaUpdateSched] c:\program files\java\j2re1.4.2_03\bin\jusched.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [HPHUPD06] c:\program files\hp\{aac4fc36-8f89-4587-8dd3-ebc57c83374d}\hphupd06.exe
mRun: [HPHmon06] c:\windows\system32\hphmon06.exe
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [BDAgent] "c:\program files\bitdefender\bitdefender 2009\bdagent.exe"
mRun: [BitDefender Antiphishing Helper] "c:\program files\bitdefender\bitdefender 2009\IEShow.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: Add To HP Organize... - c:\progra~1\hewlet~1\hporga~1\bin\core.hp.main\SendTo.html
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683}
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\hp_own~1.000\applic~1\mozilla\firefox\profiles\l2gx4cwc.default\
FF - component: c:\program files\mozilla firefox\components\FFComm.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJava11.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJava12.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJava13.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJava14.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJava32.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPJPI142_03.dll
FF - plugin: c:\program files\java\j2re1.4.2_03\bin\NPOJI610.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npgcplug.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npracplug.dll

============= SERVICES / DRIVERS ===============

R2 BDVEDISK;BDVEDISK;c:\program files\bitdefender\bitdefender 2009\BDVEDISK.sys [2008-10-6 82696]
R3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [2008-9-18 111112]
R3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [2009-2-12 104328]

=============== Created Last 30 ================

2009-05-11 10:23 250 a------- c:\windows\gmer.ini
2009-05-10 08:50 <DIR> --d----- C:\Rooter$
2009-04-30 13:32 <DIR> --d----- c:\docume~1\hp_own~1.000\applic~1\Windows Search
2009-04-30 12:11 1,089,593 -c------ c:\windows\system32\dllcache\ntprint.cat
2009-04-29 20:13 121 a------- c:\windows\bdagent.INI
2009-04-29 18:27 473 a------- c:\windows\system32\BDUpdateV1.xml
2009-04-29 16:56 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-04-29 16:56 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-04-29 15:26 <DIR> --d----- c:\windows\system32\XPSViewer
2009-04-29 15:25 597,504 -c------ c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-04-29 15:25 89,088 -c------ c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-04-29 15:25 117,760 -------- c:\windows\system32\prntvpt.dll
2009-04-29 15:25 575,488 -c------ c:\windows\system32\dllcache\xpsshhdr.dll
2009-04-29 15:25 575,488 -------- c:\windows\system32\xpsshhdr.dll
2009-04-29 15:25 1,676,288 -c------ c:\windows\system32\dllcache\xpssvcs.dll
2009-04-29 15:25 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2009-04-29 15:25 <DIR> --d----- C:\c7160620f8c44a52805a9689bf79f32d
2009-04-29 15:07 <DIR> --d----- c:\docume~1\hp_own~1.000\applic~1\Windows Desktop Search
2009-04-29 15:06 <DIR> --d----- c:\windows\system32\GroupPolicy
2009-04-29 15:06 <DIR> --d----- c:\program files\Windows Desktop Search
2009-04-29 15:05 192,000 -c------ c:\windows\system32\dllcache\offfilt.dll
2009-04-29 15:05 98,304 -c------ c:\windows\system32\dllcache\nlhtml.dll
2009-04-29 15:05 29,696 -c------ c:\windows\system32\dllcache\mimefilt.dll
2009-04-29 14:58 <DIR> --dsh--- c:\documents and settings\hp_owner.char.000\IETldCache
2009-04-29 14:57 <DIR> --d----- c:\windows\ie8updates
2009-04-29 14:56 105,984 -c------ c:\windows\system32\dllcache\iecompat.dll
2009-04-29 14:55 <DIR> -cd-h--- c:\windows\ie8
2009-04-29 14:30 850 a------- c:\windows\system32\ProductTweaks.xml
2009-04-29 14:30 385 a------- c:\windows\system32\user_gensett.xml
2009-04-29 14:29 0 a------- c:\windows\system32\bdod.bin
2009-04-29 14:19 <DIR> --d----- c:\windows\system32\logs
2009-04-29 14:19 <DIR> --d----- c:\docume~1\hp_own~1.000\applic~1\BitDefender
2009-04-29 14:19 <DIR> --d----- C:\Binaries
2009-04-29 14:19 <DIR> --d----- c:\program files\BitDefender
2009-04-29 14:19 <DIR> --d----- c:\docume~1\alluse~1\applic~1\BitDefender
2009-04-29 14:10 <DIR> --d----- c:\program files\common files\BitDefender
2009-04-25 14:01 4,212 a---h--- c:\windows\system32\zllictbl.dat
2009-04-25 14:00 <DIR> --d----- c:\windows\system32\ZoneLabs
2009-04-25 14:00 <DIR> --d----- c:\program files\Zone Labs
2009-04-25 13:59 <DIR> --d----- c:\windows\Internet Logs
2009-04-25 12:10 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-04-25 12:10 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-25 12:10 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-04-25 12:06 <DIR> --d----- c:\program files\VS Revo Group
2009-04-17 19:01 3,895 a------- C:\rollback.ini
2009-04-17 18:48 <DIR> --d----- c:\program files\common files\ParetoLogic
2009-04-17 18:48 <DIR> --d----- c:\docume~1\alluse~1\applic~1\ParetoLogic
2009-04-17 13:13 <DIR> --d----- c:\windows\system32\NtmsData
2009-04-17 12:08 <DIR> --d----- c:\docume~1\hp_own~1.000\applic~1\Malwarebytes
2009-04-17 12:08 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-04-17 11:49 161,792 a------- c:\windows\SWREG.exe
2009-04-17 11:49 98,816 a------- c:\windows\sed.exe
2009-04-16 15:45 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-04-16 15:45 1,203,922 -c------ c:\windows\system32\dllcache\sysmain.sdb
2009-04-16 15:45 215,552 -c------ c:\windows\system32\dllcache\wordpad.exe
2009-04-15 13:53 16,496 a----r-- c:\windows\system32\drivers\HPZipr12.sys
2009-04-15 13:53 49,920 a----r-- c:\windows\system32\drivers\HPZid412.sys
2009-04-15 13:52 271,704 a----r-- c:\windows\system32\hpzids01.dll
2009-04-15 13:52 117,760 a------- c:\windows\system32\hpzll5mu.dll
2009-04-15 13:52 21,568 a----r-- c:\windows\system32\drivers\HPZius12.sys
2009-04-15 13:52 25,856 ac------ c:\windows\system32\dllcache\usbprint.sys
2009-04-15 13:52 25,856 a------- c:\windows\system32\drivers\usbprint.sys
2009-04-15 13:51 309,760 a----r-- c:\windows\system32\difxapi.dll
2009-04-15 13:51 372,736 a----r-- c:\windows\system32\hppldcoi.dll
2009-04-15 13:51 581,632 a----r-- c:\windows\system32\hpotscl6.dll
2009-04-15 13:51 303,104 a----r-- c:\windows\system32\hpovst15.dll
2009-04-15 13:51 729,088 a----r-- c:\windows\system32\hpowiax7.dll
2009-04-15 13:51 15,104 ac------ c:\windows\system32\dllcache\usbscan.sys
2009-04-15 13:51 15,104 a------- c:\windows\system32\drivers\usbscan.sys
2009-04-13 22:48 <DIR> --d----- C:\00000082
2009-04-13 04:27 <DIR> --d----- c:\program files\AVG

==================== Find3M ====================

2009-04-09 02:14 81,903 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-04-09 02:13 3,072 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\pavilion\xphwwbf4duet\plugin\bin\jsharpde\pchealthde.exe
2009-04-09 02:13 98,304 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\pavilion\xphwwbf4duet\plugin\bin\PluginCtrl.dll
2009-04-08 23:34 3,885 a------- c:\windows\viassary-hp.reg
2009-04-08 23:32 4,192 a--shr-- c:\windows\system32\drivers\HP_PN228AA-ABA a749c_YC_Pavi_QMXM439_E44NAheBLU5_4_IGrouper_SASUSTeK Computer INC._V1.xx_B3.06_T040827_WXH2_L409_M504_J200_7Intel_8Pentium 4_92.93_111063044_N10EC8139_P_Z11C1048C_K_A_U80862658_G80862582.MRK
2009-03-26 15:23 1,900,544 a------- c:\windows\system32\usbaaplrc.dll
2009-03-26 15:23 36,864 a------- c:\windows\system32\drivers\usbaapl.sys
2009-03-19 16:32 23,400 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-08 04:34 914,944 a------- c:\windows\system32\wininet.dll
2009-03-08 04:34 43,008 a------- c:\windows\system32\licmgr10.dll
2009-03-08 04:33 18,944 a------- c:\windows\system32\corpol.dll
2009-03-08 04:33 420,352 a------- c:\windows\system32\vbscript.dll
2009-03-08 04:32 72,704 a------- c:\windows\system32\admparse.dll
2009-03-08 04:32 71,680 a------- c:\windows\system32\iesetup.dll
2009-03-08 04:31 34,816 a------- c:\windows\system32\imgutil.dll
2009-03-08 04:31 48,128 a------- c:\windows\system32\mshtmler.dll
2009-03-08 04:31 45,568 a------- c:\windows\system32\mshta.exe
2009-03-08 04:22 156,160 a------- c:\windows\system32\msls31.dll
2009-03-06 10:22 284,160 a------- c:\windows\system32\pdh.dll
2009-02-25 22:02 157,571 a------- c:\windows\hpoins27.dat
2006-09-01 18:27 523,071 a------- c:\program files\gpiclientinstall.exe
2006-08-18 12:30 774,144 a------- c:\program files\RngInterstitial.dll
2006-03-24 21:02 5,175,696 a------- c:\program files\Firefox Setup 1.5.0.1.exe

============= FINISH: 19:48:15.79 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-03-16.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 4/8/2009 11:30:26 PM
System Uptime: 5/11/2009 7:38:50 AM (12 hours ago)

Motherboard: ASUSTeK Computer INC. | | Grouper
Processor: Intel® Pentium® 4 CPU 2.93GHz | CPU 1 | 2932/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 180 GiB total, 158.486 GiB free.
D: is FIXED (FAT32) - 6 GiB total, 0.755 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Realtek RTL8139/810x Family Fast Ethernet NIC
Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_2A0B103C&REV_10\4&2E9A5DB2&0&10F0
Manufacturer: Realtek
Name: Realtek RTL8139/810x Family Fast Ethernet NIC
PNP Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_2A0B103C&REV_10\4&2E9A5DB2&0&10F0
Service: rtl8139

==== System Restore Points ===================

RP7: 4/29/2009 2:12:57 PM - Removed AVG 8.5
RP8: 4/29/2009 2:13:55 PM - Installed AVG 8.5
RP9: 4/29/2009 2:18:58 PM - Installed BitDefender Total Security 2009
RP10: 4/29/2009 2:52:01 PM - Software Distribution Service 3.0
RP11: 4/29/2009 3:05:43 PM - Software Distribution Service 3.0
RP12: 4/29/2009 3:19:17 PM - Software Distribution Service 3.0
RP13: 4/29/2009 3:43:31 PM - Printer Driver Microsoft XPS Document Writer Installed
RP14: 4/30/2009 12:19:43 PM - Software Distribution Service 3.0
RP15: 4/30/2009 12:49:25 PM - Software Distribution Service 3.0
RP16: 4/30/2009 1:00:34 PM - Software Distribution Service 3.0
RP17: 4/30/2009 1:09:13 PM - Software Distribution Service 3.0
RP18: 4/30/2009 1:15:14 PM - Software Distribution Service 3.0
RP19: 4/30/2009 1:16:51 PM - Software Distribution Service 3.0
RP20: 4/30/2009 1:18:02 PM - Software Distribution Service 3.0
RP21: 4/30/2009 1:21:16 PM - Software Distribution Service 3.0
RP22: 4/30/2009 1:23:37 PM - Software Distribution Service 3.0
RP23: 4/30/2009 1:25:15 PM - Software Distribution Service 3.0
RP24: 4/30/2009 1:41:07 PM - Software Distribution Service 3.0
RP25: 4/30/2009 1:42:53 PM - Software Distribution Service 3.0
RP26: 5/1/2009 4:08:44 PM - System Checkpoint
RP27: 5/6/2009 10:28:04 AM - System Checkpoint
RP28: 5/7/2009 11:34:05 AM - System Checkpoint
RP29: 5/11/2009 1:01:27 AM - System Checkpoint

==== Installed Programs ======================

µTorrent
Adobe Acrobat - Reader 6.0.2 Update
Adobe Flash Player 10 Plugin
Adobe Reader 6.0.1
AiO_Scan
AiOSoftware
Apple Mobile Device Support
Apple Software Update
BitDefender Total Security 2009
Bonjour
BufferChm
CameraDrivers
Combined Community Codec Pack 2008-09-21 16:18
Copy
CreativeProjects
CreativeProjectsTemplates
Critical Update for Windows Media Player 11 (KB959772)
CueTour
Destinations
Director
DocProc
DocumentViewer
Fax
Help and Support Additions
High Definition Audio Driver Package - KB835221
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
HP Deskjet Preloaded Printer Drivers
HP Diagnostic Assistant
HP Image Zone 4.2
HP Image Zone Plus 4.2
HP Organize
HP Photo & Imaging 3.5 - HP Devices
HP PSC & OfficeJet 4.0
HP Software Update
hpg2436
hpg3970
hpg4600
hpg5530
hpg8200
HPIZ402
HpSdpAppCoreApp
HPSystemDiagnostics
InstantShare
Intel® Graphics Media Accelerator Driver
IntelliMover Data Transfer Demo
InterVideo WinDVD Creator 2
InterVideo WinDVD Player
iTunes
Java 2 Runtime Environment, SE v1.4.2_03
KBD
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Plus! Dancer LE
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Works 7.0
Mozilla Firefox (3.0.10)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
muvee autoProducer 3.5 magicMoments - HPD
PC-Doctor for Windows
PeerGuardian 2.0
PhotoGallery
Photosmart 320,370,7400,8100,8400 Series
PrintScreen
PS2
PSPrinters06
Python 2.2 combined Win32 extensions
Python 2.2.1
QFolder
QuickProjects
QuickTime
Readme
Revo Uninstaller 1.80
Scan
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB963027)
SkinsHP1
SkinsHP2
Sonic RecordNow!
Spybot - Search & Destroy
TrayApp
Unload
Update for Windows Internet Explorer 8 (KB968220)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Updates from HP
VC 9.0 Runtime
WebFldrs XP
WebReg
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0
Windows XP Service Pack 3
WinRAR archiver

==== Event Viewer Messages From Past Week ========

5/5/2009 8:41:45 AM, error: Service Control Manager [7000] - The Norton2009 Reset service failed to start due to the following error: The system cannot find the file specified.
5/11/2009 7:42:19 PM, error: PSched [14103] - QoS [Adapter {0AD8ED1E-0431-4FDA-AAA0-1C8855A02815}]: The netcard driver failed the query for OID_GEN_LINK_SPEED.

==== End Of File ===========================


GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-05-11 19:43:30
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

SSDT \??\C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes' Anti-Malware/Malwarebytes Corporation) ZwCreateSection [0xA980EFE0]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender S.R.L.) ZwOpenProcess [0xA9179C90]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender S.R.L.) ZwOpenThread [0xA9179D7E]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender S.R.L.) ZwTerminateProcess [0xA9179BF4]
SSDT \??\C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender S.R.L.) ZwTerminateThread [0xA9179EC4]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs trufos.sys (Trufos Kernel Module/BitDefender S.R.L.)
AttachedDevice \Driver\Tcpip \Device\Ip bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender LLC)
AttachedDevice \Driver\Tcpip \Device\Tcp bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender LLC)
AttachedDevice \Driver\Tcpip \Device\Udp bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender LLC)
AttachedDevice \Driver\Tcpip \Device\RawIp bdftdif.sys (BitDefender Firewall TDI Filter Driver/BitDefender LLC)
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

#12 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:58 PM

Posted 12 May 2009 - 02:49 PM

Hello.

We will continue. We will update Java and run an online scan.

First...

Remove Crack/Keygene related things
Delete the following folders/files if they are still there.

C:\DOCUME~1\HP_OWN~1.000\Desktop\various apps\ZoneAlarm 8 Keygen.exe
C:\DOCUME~1\HP_OWN~1.000\Desktop\various apps\Nero 7.10.1.0
C:\DOCUME~1\HP_OWN~1.000\Desktop\various apps\REG CURE-FULL
C:\DOCUME~1\HP_OWN~1.000\Desktop\various apps\SUPER Anti Spyware.v4.25 PRO [FINAL.PL.Keygen] [Arx]
C:\DOCUME~1\ALLUSE~1\Documents\My Videos\BitDefender Total Security 2009 v12.0.10+Keygen-HeartBug

I do not know what is in the "Various apps" folder, but if there's nothing you need an easier way would be to delete that WHOLE Folder and the folder regarding "BitDefender Total Security ..."

Note: DOCUME~1 should be by default usually Documents and Settings and HP_OWN~1.000 should be a folder name beginning with HP_OWN1.000.

IF YOU HAVE ANY DIFFICULTIES REMOVING THOSE LET ME KNOW AND I WILL CREATE A SCRIPT TO REMOVE THOSE.

Please remove the following software and install another free anti-virus software.

BitDefender Total Security 2009

Install an anti-virus software now.

Install Antivirus

An anti-virus is essential in keeping your computer safe while surfing the Internet. Please install a (ONE) free anti-virus program from one of the links below:Update It after the installation is complete please.


Peer-to-Peer Programs Warning

Your log shows that you are using so called peer-to-peer or file-sharing programs (in your case UTorrent). These programs allow to share files between users as the name(s) suggest. In today's world cyber crime has come to an enormous dimension and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of the malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. Some further readings on this subject, along the included links, are as follows: File-Sharing, otherwise known as Peer To Peer and Risks of File-Sharing Technology.

It is also important to note that sharing entertainment files and proprietary software infringes the copyright laws in many countries over the world and you are putting yourself at risk of being indicted through organizations watching over the rights of the authors of such files (i.e. the RIAA for music files, or the MPAA for movie files in the USA) or the authors of the files themselves.

Naturally there are also legal ways to use these services, such as downloading Linux distributions or office suites such as "Open Office."

It is your decision whether or not you wish to keep your program(s) but I suggest you remove it via add/remove. However, please refrain from using them until your computer has been declared clean.

Update Java to Version 6 Update 13

Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 6 and save it to your desktop.
  • Look for "Java Runtime Environment (JRE)" JRE 6 Update 13.
  • Click the Download button to the right.
  • Select your Platform: "Windows".
  • Select your Language: "Multi-language".
  • Read the License Agreement, and then check the box that says: "Accept License Agreement".
  • Click Continue and the page will refresh.
  • Under Required Files, check the box for Windows Offline Installation, click the link below it and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
    Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u13-windows-i586-p.exe to install the newest version.
*If using Windows Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
** If you choose to update via the Java applet in Control Panel, uncheck the option to install the Toolbar unless you want it.
*** The uninstaller incorporated in this release removes previous Updates 10 and above, but does not remove older versions, so they still need to be removed manually.


Run Scan with Kaspersky

Please do a scan with Kaspersky Online Scanner. Please note: Kaspersky requires Java Runtime Environment (JRE) be installed before scanning for malware, as ActiveX is no longer being used.)

If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • Open the Kaspersky WebScanner
    page.
  • Click on the Posted Image button on the main page.
  • The program will launch and fill in the Information section on the left.
  • Read the "Requirements and Limitations" then press the Posted Image button.
  • The program will begin downloading the latest program and definition files. It may take a while so please be patient and let it finish.
  • Once the files have been downloaded, click on the Posted Image ...button.
    In the scan settings make sure the following are selected:
    • Detect malicious programs of the following categories:
      Viruses, Worms, Trojan Horses, Rootkits
      Spyware, Adware, Dialers and other potentially dangerous programs
    • Scan compound files (doesn't apply to the File scan area):
      Archives
      Mail databases
      By default the above items should already be checked.
    • Click the Posted Image button, if you made any changes.
  • Now under the Scan section on the left:

    Select My Computer
  • The program will now start and scan your system. This will run for a while, be patient and let it finish.
  • Once the scan is complete, click on View scan report
  • Now, click on the Save Report as button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
You can refer to this animation by sundavis.

Post a new DDS log as well. Attach and DDS logs.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#13 charzan

charzan
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:58 PM

Posted 13 May 2009 - 09:43 AM

Hi and thanks for helping. I am not sure what this means. Note: DOCUME~1 should be by default usually Documents and Settings and HP_OWN~1.000 should be a folder name beginning with HP_OWN<some alpha(numric) characters here>1.000. I am not sure how to correct this. I have deleted the various apps folder entirely. I am willing to delete anything off of my computer forever. The only programs I use/need are firefox for the internet and Itunes plus what ever security programs you would reccommend. i am afraid to erase some important windows thing and i dont seem to need the room so i usually just leave whatever junk on here. I think i have deleted everything you asked for, if not please give instructions. Thanks again


Wednesday, May 13, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Wednesday, May 13, 2009 06:07:58
Records in database: 2171060
Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes
Scan area My Computer
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
Scan statistics
Files scanned 81548
Threat name 0
Infected objects 0
Suspicious objects 0
Duration of the scan 02:12:04

No malware has been detected. The scan area is clean.


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-03-16.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 4/8/2009 11:30:26 PM
System Uptime: 5/13/2009 6:17:03 AM (4 hours ago)

Motherboard: ASUSTeK Computer INC. | | Grouper
Processor: Intel® Pentium® 4 CPU 2.93GHz | CPU 1 | 2932/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 180 GiB total, 158.295 GiB free.
D: is FIXED (FAT32) - 6 GiB total, 0.755 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is Removable
H: is Removable
I: is Removable
J: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Realtek RTL8139/810x Family Fast Ethernet NIC
Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_2A0B103C&REV_10\4&2E9A5DB2&0&10F0
Manufacturer: Realtek
Name: Realtek RTL8139/810x Family Fast Ethernet NIC
PNP Device ID: PCI\VEN_10EC&DEV_8139&SUBSYS_2A0B103C&REV_10\4&2E9A5DB2&0&10F0
Service: rtl8139

==== System Restore Points ===================

RP11: 4/29/2009 3:05:43 PM - Software Distribution Service 3.0
RP12: 4/29/2009 3:19:17 PM - Software Distribution Service 3.0
RP13: 4/29/2009 3:43:31 PM - Printer Driver Microsoft XPS Document Writer Installed
RP14: 4/30/2009 12:19:43 PM - Software Distribution Service 3.0
RP15: 4/30/2009 12:49:25 PM - Software Distribution Service 3.0
RP16: 4/30/2009 1:00:34 PM - Software Distribution Service 3.0
RP17: 4/30/2009 1:09:13 PM - Software Distribution Service 3.0
RP18: 4/30/2009 1:15:14 PM - Software Distribution Service 3.0
RP19: 4/30/2009 1:16:51 PM - Software Distribution Service 3.0
RP20: 4/30/2009 1:18:02 PM - Software Distribution Service 3.0
RP21: 4/30/2009 1:21:16 PM - Software Distribution Service 3.0
RP22: 4/30/2009 1:23:37 PM - Software Distribution Service 3.0
RP23: 4/30/2009 1:25:15 PM - Software Distribution Service 3.0
RP24: 4/30/2009 1:41:07 PM - Software Distribution Service 3.0
RP25: 4/30/2009 1:42:53 PM - Software Distribution Service 3.0
RP26: 5/1/2009 4:08:44 PM - System Checkpoint
RP27: 5/6/2009 10:28:04 AM - System Checkpoint
RP28: 5/7/2009 11:34:05 AM - System Checkpoint
RP29: 5/11/2009 1:01:27 AM - System Checkpoint
RP30: 5/12/2009 12:30:01 PM - System Checkpoint
RP31: 5/12/2009 11:12:31 PM - Removed BitDefender Total Security 2009
RP32: 5/12/2009 11:25:29 PM - Avira AntiVir Personal - 5/12/2009 23:25
RP33: 5/12/2009 11:44:08 PM - Removed Java 2 Runtime Environment, SE v1.4.2_03
RP34: 5/13/2009 12:22:18 AM - Installed Java™ SE Development Kit 6 Update 13
RP35: 5/13/2009 12:24:11 AM - Installed Java™ 6 Update 13
RP36: 5/13/2009 10:22:57 AM - Software Distribution Service 3.0

==== Installed Programs ======================

Adobe Acrobat - Reader 6.0.2 Update
Adobe Flash Player 10 Plugin
Adobe Reader 6.0.1
AiO_Scan
AiOSoftware
Apple Mobile Device Support
Apple Software Update
Avira AntiVir Personal - Free Antivirus
Bonjour
BufferChm
CameraDrivers
Combined Community Codec Pack 2008-09-21 16:18
Copy
CreativeProjects
CreativeProjectsTemplates
Critical Update for Windows Media Player 11 (KB959772)
CueTour
Destinations
Director
DocProc
DocumentViewer
Fax
Help and Support Additions
High Definition Audio Driver Package - KB835221
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
HP Deskjet Preloaded Printer Drivers
HP Diagnostic Assistant
HP Image Zone 4.2
HP Image Zone Plus 4.2
HP Organize
HP Photo & Imaging 3.5 - HP Devices
HP PSC & OfficeJet 4.0
HP Software Update
hpg2436
hpg3970
hpg4600
hpg5530
hpg8200
HPIZ402
HpSdpAppCoreApp
HPSystemDiagnostics
InstantShare
Intel® Graphics Media Accelerator Driver
IntelliMover Data Transfer Demo
InterVideo WinDVD Creator 2
InterVideo WinDVD Player
iTunes
Java DB 10.4.1.3
Java™ 6 Update 13
Java™ SE Development Kit 6 Update 13
KBD
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Plus! Dancer LE
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works 7.0
Mozilla Firefox (3.0.10)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
muvee autoProducer 3.5 magicMoments - HPD
PC-Doctor for Windows
PeerGuardian 2.0
PhotoGallery
Photosmart 320,370,7400,8100,8400 Series
PrintScreen
PS2
PSPrinters06
Python 2.2 combined Win32 extensions
Python 2.2.1
QFolder
QuickProjects
QuickTime
Readme
Revo Uninstaller 1.80
Scan
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB963027)
SkinsHP1
SkinsHP2
Sonic RecordNow!
Spybot - Search & Destroy
TrayApp
Unload
Update for Windows Internet Explorer 8 (KB968220)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Updates from HP
VC 9.0 Runtime
WebFldrs XP
WebReg
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows Search 4.0
Windows XP Service Pack 3
WinRAR archiver

==== Event Viewer Messages From Past Week ========

5/12/2009 11:46:53 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.
5/12/2009 11:46:53 AM, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/12/2009 11:39:39 AM, error: Service Control Manager [7000] - The Norton2009 Reset service failed to start due to the following error: The system cannot find the file specified.
5/12/2009 11:18:26 PM, error: Print [19] - Sharing printer failed + 1722, Printer Microsoft XPS Document Writer share name Printer2.
5/12/2009 11:17:17 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
5/11/2009 7:42:19 PM, error: PSched [14103] - QoS [Adapter {0AD8ED1E-0431-4FDA-AAA0-1C8855A02815}]: The netcard driver failed the query for OID_GEN_LINK_SPEED.

==== End Of File ===========================



DDS (Ver_09-03-16.01) - NTFSx86
Run by HP_Owner at 10:30:19.15 on Wed 05/13/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.503.114 [GMT -4:00]

AV: BitDefender Antivirus *On-access scanning disabled* (Outdated)
AV: AntiVir Desktop *On-access scanning enabled* (Updated)
FW: BitDefender Firewall *disabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\hphmon06.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\HP_Owner.CHAR.000\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.msn.com
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q404&bd=pavilion&pf=desktop
uInternet Connection Wizard,ShellNext = hxxp://us.mcafee.com/root/campaign.asp?cid=43586
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: WormRadar.com IESiteBlocker.NavFilter: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - AVG Safe Search
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: HP View: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - c:\program files\hp\digital imaging\bin\HPDTLK02.dll
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [HPHUPD06] c:\program files\hp\{aac4fc36-8f89-4587-8dd3-ebc57c83374d}\hphupd06.exe
mRun: [HPHmon06] c:\windows\system32\hphmon06.exe
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: Add To HP Organize... - c:\progra~1\hewlet~1\hporga~1\bin\core.hp.main\SendTo.html
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\hp_own~1.000\applic~1\mozilla\firefox\profiles\l2gx4cwc.default\
FF - component: c:\program files\mozilla firefox\components\FFComm.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npgcplug.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npracplug.dll

============= SERVICES / DRIVERS ===============

R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-5-12 11608]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-5-12 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-5-12 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-5-12 55640]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-4-25 179856]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-4-25 15504]
S2 .norton2009Reset;Norton2009 Reset;c:\documents and settings\all users\application data\norton\norton2009reset.exe --> c:\documents and settings\all users\application data\norton\Norton2009Reset.exe [?]

=============== Created Last 30 ================

2009-05-13 00:24 <DIR> --d----- c:\program files\Sun
2009-05-13 00:24 410,984 a------- c:\windows\system32\deploytk.dll
2009-05-13 00:24 73,728 a------- c:\windows\system32\javacpl.cpl
2009-05-12 23:26 55,640 a------- c:\windows\system32\drivers\avgntflt.sys
2009-05-12 23:26 <DIR> --d----- c:\program files\Avira
2009-05-12 23:26 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Avira
2009-05-12 23:17 <DIR> --d----- c:\docume~1\hp_own~1.000\applic~1\BitDefender
2009-05-12 23:16 <DIR> --dsh--- c:\documents and settings\hp_owner.char.000\PrivacIE
2009-05-11 10:23 250 a------- c:\windows\gmer.ini
2009-05-10 08:50 <DIR> --d----- C:\Rooter$
2009-04-30 13:32 <DIR> --d----- c:\docume~1\hp_own~1.000\applic~1\Windows Search
2009-04-30 12:11 1,089,593 -c------ c:\windows\system32\dllcache\ntprint.cat
2009-04-29 20:13 121 a------- c:\windows\bdagent.INI
2009-04-29 18:27 473 a------- c:\windows\system32\BDUpdateV1.xml
2009-04-29 16:56 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-04-29 16:56 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-04-29 15:26 <DIR> --d----- c:\windows\system32\XPSViewer
2009-04-29 15:25 597,504 -c------ c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-04-29 15:25 89,088 -c------ c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-04-29 15:25 117,760 -------- c:\windows\system32\prntvpt.dll
2009-04-29 15:25 575,488 -c------ c:\windows\system32\dllcache\xpsshhdr.dll
2009-04-29 15:25 575,488 -------- c:\windows\system32\xpsshhdr.dll
2009-04-29 15:25 1,676,288 -c------ c:\windows\system32\dllcache\xpssvcs.dll
2009-04-29 15:25 1,676,288 -------- c:\windows\system32\xpssvcs.dll
2009-04-29 15:25 <DIR> --d----- C:\c7160620f8c44a52805a9689bf79f32d
2009-04-29 15:07 <DIR> --d----- c:\docume~1\hp_own~1.000\applic~1\Windows Desktop Search
2009-04-29 15:06 <DIR> --d----- c:\windows\system32\GroupPolicy
2009-04-29 15:06 <DIR> --d----- c:\program files\Windows Desktop Search
2009-04-29 15:05 192,000 -c------ c:\windows\system32\dllcache\offfilt.dll
2009-04-29 15:05 98,304 -c------ c:\windows\system32\dllcache\nlhtml.dll
2009-04-29 15:05 29,696 -c------ c:\windows\system32\dllcache\mimefilt.dll
2009-04-29 14:58 <DIR> --dsh--- c:\documents and settings\hp_owner.char.000\IETldCache
2009-04-29 14:57 <DIR> --d----- c:\windows\ie8updates
2009-04-29 14:56 105,984 -c------ c:\windows\system32\dllcache\iecompat.dll
2009-04-29 14:55 <DIR> -cd-h--- c:\windows\ie8
2009-04-29 14:30 850 a------- c:\windows\system32\ProductTweaks.xml
2009-04-29 14:30 385 a------- c:\windows\system32\user_gensett.xml
2009-04-29 14:29 81,984 a------- c:\windows\system32\bdod.bin
2009-04-29 14:19 <DIR> --d----- c:\windows\system32\logs
2009-04-29 14:19 <DIR> --d----- c:\program files\BitDefender
2009-04-29 14:19 <DIR> --d----- c:\docume~1\alluse~1\applic~1\BitDefender
2009-04-29 14:10 <DIR> --d----- c:\program files\common files\BitDefender
2009-04-25 14:01 4,212 a---h--- c:\windows\system32\zllictbl.dat
2009-04-25 14:00 <DIR> --d----- c:\windows\system32\ZoneLabs
2009-04-25 14:00 <DIR> --d----- c:\program files\Zone Labs
2009-04-25 13:59 <DIR> --d----- c:\windows\Internet Logs
2009-04-25 12:10 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-04-25 12:10 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-25 12:10 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-04-25 12:06 <DIR> --d----- c:\program files\VS Revo Group
2009-04-17 19:01 3,895 a------- C:\rollback.ini
2009-04-17 18:48 <DIR> --d----- c:\program files\common files\ParetoLogic
2009-04-17 18:48 <DIR> --d----- c:\docume~1\alluse~1\applic~1\ParetoLogic
2009-04-17 13:13 <DIR> --d----- c:\windows\system32\NtmsData
2009-04-17 12:08 <DIR> --d----- c:\docume~1\hp_own~1.000\applic~1\Malwarebytes
2009-04-17 12:08 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-04-17 11:49 161,792 a------- c:\windows\SWREG.exe
2009-04-17 11:49 98,816 a------- c:\windows\sed.exe
2009-04-16 15:45 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-04-16 15:45 1,203,922 -c------ c:\windows\system32\dllcache\sysmain.sdb
2009-04-16 15:45 215,552 -c------ c:\windows\system32\dllcache\wordpad.exe
2009-04-15 13:53 16,496 a----r-- c:\windows\system32\drivers\HPZipr12.sys
2009-04-15 13:53 49,920 a----r-- c:\windows\system32\drivers\HPZid412.sys
2009-04-15 13:52 271,704 a----r-- c:\windows\system32\hpzids01.dll
2009-04-15 13:52 117,760 a------- c:\windows\system32\hpzll5mu.dll
2009-04-15 13:52 21,568 a----r-- c:\windows\system32\drivers\HPZius12.sys
2009-04-15 13:52 25,856 ac------ c:\windows\system32\dllcache\usbprint.sys
2009-04-15 13:52 25,856 a------- c:\windows\system32\drivers\usbprint.sys
2009-04-15 13:51 309,760 a----r-- c:\windows\system32\difxapi.dll
2009-04-15 13:51 372,736 a----r-- c:\windows\system32\hppldcoi.dll
2009-04-15 13:51 581,632 a----r-- c:\windows\system32\hpotscl6.dll
2009-04-15 13:51 303,104 a----r-- c:\windows\system32\hpovst15.dll
2009-04-15 13:51 729,088 a----r-- c:\windows\system32\hpowiax7.dll
2009-04-15 13:51 15,104 ac------ c:\windows\system32\dllcache\usbscan.sys
2009-04-15 13:51 15,104 a------- c:\windows\system32\drivers\usbscan.sys
2009-04-13 22:48 <DIR> --d----- C:\00000082

==================== Find3M ====================

2009-04-09 02:14 81,903 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-04-09 02:13 3,072 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\pavilion\xphwwbf4duet\plugin\bin\jsharpde\pchealthde.exe
2009-04-09 02:13 98,304 a------- c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\pavilion\xphwwbf4duet\plugin\bin\PluginCtrl.dll
2009-04-08 23:34 3,885 a------- c:\windows\viassary-hp.reg
2009-04-08 23:32 4,192 a--shr-- c:\windows\system32\drivers\HP_PN228AA-ABA a749c_YC_Pavi_QMXM439_E44NAheBLU5_4_IGrouper_SASUSTeK Computer INC._V1.xx_B3.06_T040827_WXH2_L409_M504_J200_7Intel_8Pentium 4_92.93_111063044_N10EC8139_P_Z11C1048C_K_A_U80862658_G80862582.MRK
2009-03-26 15:23 1,900,544 a------- c:\windows\system32\usbaaplrc.dll
2009-03-26 15:23 36,864 a------- c:\windows\system32\drivers\usbaapl.sys
2009-03-19 16:32 23,400 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-03-08 04:34 914,944 a------- c:\windows\system32\wininet.dll
2009-03-08 04:34 43,008 a------- c:\windows\system32\licmgr10.dll
2009-03-08 04:33 18,944 a------- c:\windows\system32\corpol.dll
2009-03-08 04:33 420,352 a------- c:\windows\system32\vbscript.dll
2009-03-08 04:32 72,704 a------- c:\windows\system32\admparse.dll
2009-03-08 04:32 71,680 a------- c:\windows\system32\iesetup.dll
2009-03-08 04:31 34,816 a------- c:\windows\system32\imgutil.dll
2009-03-08 04:31 48,128 a------- c:\windows\system32\mshtmler.dll
2009-03-08 04:31 45,568 a------- c:\windows\system32\mshta.exe
2009-03-08 04:22 156,160 a------- c:\windows\system32\msls31.dll
2009-03-06 10:22 284,160 a------- c:\windows\system32\pdh.dll
2009-02-25 22:02 157,571 a------- c:\windows\hpoins27.dat
2006-08-18 12:30 774,144 a------- c:\program files\RngInterstitial.dll
2006-03-24 21:02 5,175,696 a------- c:\program files\Firefox Setup 1.5.0.1.exe

============= FINISH: 10:31:02.50 ===============

#14 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:58 PM

Posted 13 May 2009 - 02:47 PM

Hello.

Good that you removed it :step5:

Now, just some cleanup work to do and we're done!

Go to Start>>Run...>> In the open field please copy and paste the following in code box (Do not copy the word "code")
Sc delete ".norton2009Reset"
Now hit Ok and a quick black window shall open and disappear immediately.

That is normal. After that we can cleanup.


Please follow/read the steps below to remove the tools we used, purge a system restore and for some more information. :)

Download and Run OTCleanIt

We will now remove the tools we used during this fix.
  • Download OTCleanIt by OldTimer to your desktop.
  • Double click OTCleanIt.exe to start the program.
  • Click the big CleanUp! button.
  • When asked if you want to proceed witht the cleanup process, click Yes. Restart your computer when prompted.
Create a New System Restore Point<- Very Important

Now you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
  • Then use Disk Cleanup to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok"
  • Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" Tab.
  • Click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically.
Vista Users can refer to these links: Create a New Restore Point and Disk Cleanup.

System A bit Slow? Try StartupLight

You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance.

If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware.


Congratulations! You now appear clean! :step1: :) :thumbup2:

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Preventing Infections in the Future

Please also have a look at the following links, giving some advice and Tips to protect yourself against malware and reduce the potential for re-infection:
  • Avoid gaming sites, underground web pages, pirated software sites, and peer-to-peer (P2P) file sharing programs. They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
Disable Autorun on Flash-Drive/Removable Drives

When is AUTORUN.INF really an AUTORUN.INF?

USB worms work by creating a file called AUTORUN.INF on the root of USB drives. These INF files then use Autorun or Autoplay (not the same thing!) to execute themselves either when the stick is inserted, or more commonly, when the user double-clicks on the USB drive icon from My Computer (Windows Explorer)...


Keeping Autorun enabled on USB and other removable drives has become a significant security risk due to the increasing number of malware variants that can infect them and transfer the infection to your computer. Read USB-Based Malware Attacks and Please disable Autorun asap!.

If using Windows Vista, please refer to:
"Disable AutoPlay in Windows Vista"
"Preventing AutoPlay with Local Group Policy Editor or AutoPlay options panel"

Note: When Autorun is disabled, double-clicking a drive which has autorun.inf in its root directory may still activate Autorun so be careful.

Vist the WindowsUpdate Site Regularly

I recommend you regularly visit the Windows Update Site!
  • Lots of Hacking/Trojans use the methods found (plugged by the updates) that have not been stopped by people not updating.
  • Update ALL Critical updates and any other Windows updates for services/programs that you use.
  • If you wish to turn on automatic updates then you will find here is a nice little article about turning on automatic updates.
  • Note that it will download them for you, but you still have to actually click install.
Update Non-Microsoft Programs

It is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.

Update all programs regularly - Make sure you update all the programs you have installed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.
Finally, and definitely the MOST IMPORTANT step, click on the following tutorial and follow each step listed there:

Simple and easy ways to keep your computer safe and secure on the Internet


Glad I was able to help and thank you for choosing Bleeping Computer as you malware removal source.
Don't forget to tell your friends about us and Good luck :step4:


If you have no more questions, comments or problems please tell us, so we can close off the topic.

Thanks :)

With Regards,
Extremeboy

Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#15 charzan

charzan
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:58 PM

Posted 15 May 2009 - 04:09 PM

Great! Everything seems to be working fine. Thank you for all of your help. I can't thank you enough you saved my computer.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users