Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Can't get into RegEdit, redirected in Firefox


  • This topic is locked This topic is locked
8 replies to this topic

#1 jonnyz

jonnyz

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:40 AM

Posted 23 May 2009 - 06:10 AM

I noticed a couple of weeks ago that I am constantly being redirected when I click on something in Google. I also am no longer able to access regedit in the run menu. I am attaching my log file from hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:40:36 AM, on 5/23/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\AVG\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
D:\AVG\avgrsx.exe
D:\AVG\avgnsx.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
D:\AVG\avgtray.exe
D:\Sony Walkman\ContentTransferWMDetector.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://cgi.verizon.net/bookmarks/bmredir.a...mp;bm=ho_search
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O1 - Hosts: 66.197.153.197 idenupdate.motorola.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\AVG\avgssie.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - (no file)
O2 - BHO: LastPass Browser Helper Object - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Documents and Settings\Jonny Z\Application Data\LastPass\LPBar.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - D:\AVG\avgtoolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - (no file)
O3 - Toolbar: (no name) - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - (no file)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - D:\AVG\avgtoolbar.dll
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] D:\AVG\avgtray.exe
O4 - HKLM\..\Run: [ContentTransferWMDetector.exe] D:\Sony Walkman\ContentTransferWMDetector.exe
O4 - HKUS\S-1-5-18\..\Run: [Windows Update ST64] stupd64.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [Windows Update ST64] stupd64.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunServices: [Windows Security Service] ygiuo.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Windows Update ST64] stupd64.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [Windows Update ST64] stupd64.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunServices: [Windows Security Service] ygiuo.exe (User 'Default user')
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://D:\Pixma\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://D:\Pixma\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://D:\Pixma\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://D:\Pixma\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: LastPass - file://C:\Documents and Settings\Jonny Z\Application Data\LastPass\context.html?cmd=lastpass
O8 - Extra context menu item: LastPass Fill Forms - file://C:\Documents and Settings\Jonny Z\Application Data\LastPass\context.html?cmd=fillforms
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: SCV - https://www.omnovia.com/pages/sc2/image/SCV.CAB
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - https://aidomain.net/Citrix/ICAWEB/en/ica32/ica32t.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1128870450000
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1132177171843
O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} (Create & Print ActiveX Plug-in) - http://di.imgag.com/imgag/cp/install/AxCtp2.cab
O16 - DPF: {C54FC4B9-E71C-4623-83CD-01A7E9D52857} (v3 silent install) - https://aidomain.net/Citrix/MetaFrame/spv3/spv3icachk.cab
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O16 - DPF: {E36C5562-C4E0-4220-BCB2-1C671E3A5916} - http://www.seagate.com/support/disc/asp/to.../npseatools.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - http://ccfiles.creative.com/Web/softwareup...15106/CTPID.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\AVG\avgpp.dll
O20 - AppInit_DLLs: wajhqm.dll
O20 - Winlogon Notify: !SASWinLogon - E:\Super Antispyware\SASWINLO.dll (file missing)
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O20 - Winlogon Notify: ssqpm - C:\WINDOWS\
O20 - Winlogon Notify: vtstq - vtstq.dll (file missing)
O21 - SSODL: fldrsys - {72063A34-E05B-496A-AD24-121D464A923A} - (no file)
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - D:\AVG\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - D:\SiSoft\SiSoftware Sandra Lite 2009.SP2\RpcAgentSrv.exe
O23 - Service: System Manager Service (SMSC) - Unknown owner - C:\WINDOWS\smsc.exe (file missing)
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)

--
End of file - 9184 bytes

BC AdBot (Login to Remove)

 


m

#2 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:06:40 PM

Posted 24 May 2009 - 09:04 AM

Please make sure you disable ALL of your Antivirus/Antispyware/Firewall before running ComboFix.. Please visit HERE if you don't know how.. Please re-enable them back after performing all steps given..

Please download ComboFix by sUBs from one of the locations below, and save it to your Desktop.Link 1
Link 2
Link 3
Double click combofix.exe and follow the prompts. Please, never rename Combofix unless instructed.

If ComboFix asked you to install Recovery Console, please do so.. It will be your best interest..

When finished, it shall produce a log for you. Post that log and a fresh HijackThis log in your next reply..

Note: DON'T do anything with your computer while ComboFix is running.. Let ComboFix finishes its job..

------------------------------------------------------------------------------------------------------------------

NOTE: IMPORTANT! To other lurkers who see this topic, if you ever want to use ComboFix, please have a look at below tutorial.. You have been warned!

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

You should not run ComboFix unless you are specifically asked to by a helper. Also, due to the power of this tool it is strongly advised that you do not attempt to act upon any of the information displayed by ComboFix without supervision from someone who has been properly trained. If you do so, it may lead to problems with the normal functionality of your computer.


Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#3 jonnyz

jonnyz
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:40 AM

Posted 24 May 2009 - 09:44 AM

ComboFix 09-05-23.04 - Jonny Z 05/24/2009 10:29.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.610 [GMT -4:00]
Running from: c:\unzipped\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Jonny Z\Application Data\inst.exe
c:\documents and settings\Jonny Z\Application Data\Install.dat
c:\windows\MailSwitch.ocx
c:\windows\system32\E95THK16.EXE
c:\windows\system32\encapi32.dll
c:\windows\system32\mpqss.bak2
c:\windows\system32\mpqss.tmp

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SMSC
-------\Service_SMSC


((((((((((((((((((((((((( Files Created from 2009-04-24 to 2009-05-24 )))))))))))))))))))))))))))))))
.

2009-05-23 22:38 . 2008-03-21 17:57 14640 ------w c:\windows\system32\spmsgXP_2k3.dll
2009-05-23 22:36 . 2008-05-02 13:25 465920 -c----w c:\windows\system32\dllcache\imapi2fs.dll
2009-05-23 22:36 . 2008-05-02 13:25 465920 ------w c:\windows\system32\imapi2fs.dll
2009-05-23 22:36 . 2008-05-02 13:25 317952 -c----w c:\windows\system32\dllcache\imapi2.dll
2009-05-23 22:36 . 2008-05-02 13:25 317952 ------w c:\windows\system32\imapi2.dll
2009-05-23 11:23 . 2009-05-23 11:23 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-05-23 11:21 . 2009-05-23 11:21 -------- d-----w c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-05-23 11:21 . 2009-05-23 11:21 -------- d-----w c:\program files\SDHelper (Spybot - Search & Destroy)
2009-05-23 11:21 . 2009-05-23 11:21 -------- d-----w c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-05-23 11:19 . 2009-05-23 11:21 -------- d-----w c:\program files\TeaTimer (Spybot - Search & Destroy)
2009-05-22 00:33 . 2009-05-22 00:35 -------- dc-h--w C:\$AVG8.VAULT$
2009-05-21 22:19 . 2009-05-21 22:19 -------- d-----w c:\documents and settings\Jonny Z\Application Data\Sony Corporation
2009-05-21 22:15 . 2009-05-21 22:15 -------- d-----w c:\program files\Sony
2009-05-21 22:13 . 2009-05-21 22:13 -------- d-----w c:\program files\Common Files\Sony Shared
2009-05-21 22:12 . 2009-05-21 22:12 -------- d-----w c:\documents and settings\Jonny Z\Local Settings\Application Data\Downloaded Installations
2009-05-14 14:18 . 2009-05-01 03:08 575488 ----a-w c:\documents and settings\Jonny Z\Application Data\Mozilla\Firefox\Profiles\v87pnlkt.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll
2009-05-13 23:26 . 2009-05-13 23:26 -------- d-----w c:\program files\Trend Micro
2009-05-05 16:59 . 2009-05-05 16:59 -------- dc----w C:\AVGTemp
2009-05-04 18:38 . 2009-05-04 18:38 319488 ----a-w c:\documents and settings\Jonny Z\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\octoshape\octoshape.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-23 22:56 . 2009-05-23 22:56 0 ---ha-w c:\windows\system32\drivers\Msft_User_ZuneDriver_01_07_00.Wdf
2009-05-23 22:56 . 2009-05-23 22:56 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_WinUSB_01007.Wdf
2009-05-23 22:55 . 2009-05-23 22:55 0 ---ha-w c:\windows\system32\drivers\MsftWdf_user_01_07_00.Wdf
2009-05-23 22:38 . 2009-05-23 22:38 0 ---ha-w c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2009-05-23 22:38 . 2009-05-23 22:38 0 ---ha-w c:\windows\system32\drivers\Msft_Kernel_zumbus_01007.Wdf
2009-05-23 11:23 . 2004-01-01 09:31 -------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-05-22 21:41 . 2009-04-01 10:31 117760 ----a-w c:\documents and settings\Jonny Z\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-05-21 23:43 . 2009-04-07 02:06 -------- d-----w c:\program files\Wise Registry Cleaner
2009-05-21 23:43 . 2008-11-20 20:39 -------- d-----w c:\program files\Windows Media Connect 2
2009-05-21 23:42 . 2006-01-26 20:03 -------- d-----w c:\program files\MSHome
2009-05-21 23:42 . 2005-12-26 00:10 -------- d-----w c:\program files\360Share
2009-04-17 15:20 . 2009-03-22 19:58 1 ----a-w c:\documents and settings\Jonny Z\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2009-04-10 14:48 . 2009-03-22 18:52 -------- d-----w c:\documents and settings\Jonny Z\Application Data\Hoyle Casino
2009-04-06 20:33 . 2004-01-01 05:23 76487 ----a-w c:\windows\PCHealth\HelpCtr\OfflineCache\index.dat
2009-03-31 01:20 . 2009-03-31 01:20 -------- d-----w c:\program files\Citrix
2009-03-31 01:20 . 2009-03-31 01:20 60744 ----a-w c:\documents and settings\Jonny Z\g2mdlhlpx.exe
2009-03-30 17:43 . 2009-03-30 17:43 57344 ----a-w c:\documents and settings\Jonny Z\Application Data\Sun\Java\Deployment\cache\6.0\50\5b902232-42bead23-n\Decora-SSE.dll
2009-03-30 17:43 . 2009-03-30 17:43 315392 ----a-w c:\documents and settings\Jonny Z\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-57238708-n\jogl.dll
2009-03-30 17:43 . 2009-03-30 17:43 24064 ----a-w c:\documents and settings\Jonny Z\Application Data\Sun\Java\Deployment\cache\6.0\15\4e09eacf-7ec8cedd-n\Decora-D3D.dll
2009-03-30 17:43 . 2009-03-30 17:43 20480 ----a-w c:\documents and settings\Jonny Z\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-57238708-n\jogl_awt.dll
2009-03-30 17:43 . 2009-03-30 17:43 20480 ----a-w c:\documents and settings\Jonny Z\Application Data\Sun\Java\Deployment\cache\6.0\45\4f710eed-2085115f-n\gluegen-rt.dll
2009-03-30 17:43 . 2009-03-30 17:43 114688 ----a-w c:\documents and settings\Jonny Z\Application Data\Sun\Java\Deployment\cache\6.0\62\6baea4fe-57238708-n\jogl_cg.dll
2009-03-30 17:43 . 2009-03-30 17:43 499712 ----a-w c:\documents and settings\Jonny Z\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-341fa2bf-n\msvcp71.dll
2009-03-30 17:43 . 2009-03-30 17:43 499712 ----a-w c:\documents and settings\Jonny Z\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-341fa2bf-n\jmc.dll
2009-03-30 17:43 . 2009-03-30 17:43 348160 ----a-w c:\documents and settings\Jonny Z\Application Data\Sun\Java\Deployment\cache\6.0\33\258cea61-341fa2bf-n\msvcr71.dll
2009-03-30 17:43 . 2005-10-24 21:00 -------- d-----w c:\program files\Java
2009-03-30 17:41 . 2009-03-30 17:41 152576 ----a-w c:\documents and settings\Jonny Z\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2009-03-26 19:19 . 2006-05-24 21:32 25544 ----a-w c:\documents and settings\Jonny Z\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-03-16 17:44 . 2005-11-12 14:52 348160 ----a-w c:\windows\system32\msvcr71.dll
2009-03-16 15:47 . 2009-03-16 15:47 0 ----a-w c:\documents and settings\All Users\Application Data\xmlEB.tmp
2009-03-16 15:47 . 2009-03-16 15:47 0 ----a-w c:\documents and settings\All Users\Application Data\xmlEA.tmp
2009-03-16 15:41 . 2009-03-16 15:41 0 ----a-w c:\documents and settings\All Users\Application Data\xmlDB.tmp
2009-03-16 15:41 . 2009-03-16 15:41 0 ----a-w c:\documents and settings\All Users\Application Data\xmlDA.tmp
2009-03-16 15:36 . 2009-02-17 15:10 2311 ----a-w c:\documents and settings\All Users\Application Data\xml67.tmp
2009-03-16 15:36 . 2009-03-16 15:36 0 ----a-w c:\documents and settings\All Users\Application Data\xmlD0.tmp
2009-03-16 15:36 . 2009-02-17 15:10 0 ----a-w c:\documents and settings\All Users\Application Data\xml66.tmp
2009-03-16 15:36 . 2009-02-17 15:10 9017 ----a-w c:\documents and settings\All Users\Application Data\xml65.tmp
2009-03-16 13:03 . 2009-03-16 13:03 107912 ----a-w c:\windows\system32\drivers\avgtdix.sys
2009-03-16 13:03 . 2009-03-16 13:03 10520 ----a-w c:\windows\system32\avgrsstx.dll
2009-03-16 13:03 . 2009-03-16 13:03 325640 ----a-w c:\windows\system32\drivers\avgldx86.sys
2009-03-16 13:03 . 2009-03-16 13:03 27656 ----a-w c:\windows\system32\drivers\avgmfx86.sys
2009-03-15 23:17 . 2005-12-30 15:16 1079808 ----a-w c:\windows\system32\AutoPartNt.exe
2009-03-09 09:19 . 2009-01-01 14:43 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-06 14:22 . 2003-03-31 12:00 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-05 18:34 . 2009-03-05 18:34 3584 ----a-r c:\documents and settings\Jonny Z\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2009-03-04 05:09 . 2009-03-07 21:18 2251304 -c--a-w C:\WindowsXP-KB297694-x86-ENU.exe
2009-03-03 00:18 . 2006-06-23 15:33 826368 ----a-w c:\windows\system32\wininet.dll
2007-12-18 12:54 . 2008-11-20 01:12 262144 ----a-w c:\program files\Uninstall Spy Blocker.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelliType"="c:\program files\Microsoft Hardware\Keyboard\type32.exe" [2002-03-22 94208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2007-08-14 5562368]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"= 01000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-03-16 13:03 10520 ----a-w c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ExifLauncher2.lnk]
backup=c:\windows\pss\ExifLauncher2.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Omega Research Task Scheduler.lnk]
backup=c:\windows\pss\Omega Research Task Scheduler.lnkCommon Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AceGain LiveUpdate
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\itype
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA nTune
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Shell
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Verizon_McciTrayApp

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"AVG8_TRAY"=d:\avg\avgtray.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\java.exe"=
"d:\\AVG\\avgupd.exe"=
"d:\\AVG\\avgnsx.exe"=
"e:\\Links\\LinksMMI.exe"=
"d:\\SiSoft\\SiSoftware Sandra Lite 2009.SP2\\RpcAgentSrv.exe"=
"d:\\SiSoft\\SiSoftware Sandra Lite 2009.SP2\\WNt500x86\\RpcSandraSrv.exe"=
"d:\\Thunderbird\\thunderbird.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 si3112r;Silicon Image SiI 3112 SATARaid Controller;c:\windows\system32\drivers\SI3112r.sys [1/1/2004 4:41 AM 97408]
R0 SiWinAcc;SiWinAcc;c:\windows\system32\drivers\SiWinAcc.sys [1/1/2004 4:41 AM 10240]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [3/16/2009 9:03 AM 325640]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [3/16/2009 9:03 AM 107912]
R1 SASDIFSV;SASDIFSV;d:\super antispyware\SASDIFSV.SYS [1/15/2009 5:17 PM 9968]
R2 avg8wd;AVG Free8 WatchDog;d:\avg\avgwdsvc.exe [3/16/2009 9:03 AM 298264]
S1 atitray;atitray;\??\c:\program files\Radeon Omega Drivers\v3.8.330\ATI Tray Tools\atitray.sys --> c:\program files\Radeon Omega Drivers\v3.8.330\ATI Tray Tools\atitray.sys [?]
S1 SASKUTIL;SASKUTIL;\??\e:\super antispyware\SASKUTIL.sys --> e:\super antispyware\SASKUTIL.sys [?]
S2 SSIPDDP;SSIPDDP Parallel port device driver;\??\c:\windows\System32\DRIVERS\SSIPDDP.SYS --> c:\windows\System32\DRIVERS\SSIPDDP.SYS [?]
S3 AC2003;AC2003;c:\windows\system32\drivers\AC2003.sys [1/1/2004 4:40 AM 4224]
S3 iteio;iteio;c:\windows\system32\drivers\ITEIO.SYS [11/22/2008 9:45 AM 3680]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [3/14/2007 7:01 PM 40832]
S3 p17filt;p17filt;c:\windows\system32\drivers\p17filt.sys [3/20/2006 7:34 PM 1452032]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;d:\sisoft\SiSoftware Sandra Lite 2009.SP2\RpcAgentSrv.exe [3/16/2009 11:46 AM 98488]
S3 SASENUM;SASENUM;\??\e:\super antispyware\SASENUM.SYS --> e:\super antispyware\SASENUM.SYS [?]
.
Contents of the 'Scheduled Tasks' folder

2009-03-07 c:\windows\Tasks\$~$Sys0$.job
- c:\windows\System32\SchedSvc.dll [2005-12-22 00:12]

2009-02-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:34]
.
- - - - ORPHANS REMOVED - - - -

HKU-Default-Run-Windows Update ST64 - stupd64.exe
HKU-Default-RunOnce-FlashPlayerUpdate - e:\opera\Program\Plugins\NPSWF32_FlashUtil.exe
HKU-Default-RunOnce-Windows Update ST64 - stupd64.exe
HKU-Default-RunServices-Windows Security Service - ygiuo.exe
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
SSODL-fldrsys-{72063A34-E05B-496A-AD24-121D464A923A} - (no file)
Notify-!SASWinLogon - e:\super antispyware\SASWINLO.dll
Notify-ssqpm - (no file)
Notify-vtstq - vtstq.dll
SafeBoot-procexp90.Sys


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.cnn.com/
uInternet Settings,ProxyOverride = *.local
IE: Easy-WebPrint Add To Print List - d:\pixma\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - d:\pixma\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - d:\pixma\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - d:\pixma\Easy-WebPrint\Resource.dll/RC_Print.html
IE: LastPass - file://c:\documents and settings\Jonny Z\Application Data\LastPass\context.html?cmd=lastpass
IE: LastPass Fill Forms - file://c:\documents and settings\Jonny Z\Application Data\LastPass\context.html?cmd=fillforms
Trusted Zone: aol.com\free
Trusted Zone: internet
Trusted Zone: sprintpcs.com\manage
Trusted Zone: musicmatch.com\online
DPF: Microsoft XML Parser for Java
DPF: SCV - hxxps://www.omnovia.com/pages/sc2/image/SCV.CAB
DPF: {C54FC4B9-E71C-4623-83CD-01A7E9D52857} - hxxps://aidomain.net/Citrix/MetaFrame/spv3/spv3icachk.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-24 10:32
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(756)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(816)
c:\windows\system32\relog_ap.dll

- - - - - - - > 'explorer.exe'(4060)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTSVCCDA.EXE
c:\program files\Java\jre6\bin\jqs.exe
d:\avg\avgrsx.exe
d:\avg\avgnsx.exe
c:\windows\system32\ZuneBusEnum.exe
.
**************************************************************************
.
Completion time: 2009-05-24 10:34 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-24 14:34

Pre-Run: 7,097,761,792 bytes free
Post-Run: 7,032,762,368 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

238 --- E O F --- 2009-05-13 23:34





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:41:23 AM, on 5/24/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
D:\AVG\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
D:\AVG\avgrsx.exe
D:\AVG\avgnsx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZuneBusEnum.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - D:\AVG\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: LastPass Browser Helper Object - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Documents and Settings\Jonny Z\Application Data\LastPass\LPBar.dll
O2 - BHO: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - D:\AVG\avgtoolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: (no name) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - (no file)
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - D:\AVG\avgtoolbar.dll
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKUS\S-1-5-18\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe (User 'Default user')
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://D:\Pixma\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://D:\Pixma\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://D:\Pixma\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://D:\Pixma\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: LastPass - file://C:\Documents and Settings\Jonny Z\Application Data\LastPass\context.html?cmd=lastpass
O8 - Extra context menu item: LastPass Fill Forms - file://C:\Documents and Settings\Jonny Z\Application Data\LastPass\context.html?cmd=fillforms
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: SCV - https://www.omnovia.com/pages/sc2/image/SCV.CAB
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - https://aidomain.net/Citrix/ICAWEB/en/ica32/ica32t.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1128870450000
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} -
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1132177171843
O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} (Create & Print ActiveX Plug-in) - http://di.imgag.com/imgag/cp/install/AxCtp2.cab
O16 - DPF: {C54FC4B9-E71C-4623-83CD-01A7E9D52857} (v3 silent install) - https://aidomain.net/Citrix/MetaFrame/spv3/spv3icachk.cab
O16 - DPF: {E36C5562-C4E0-4220-BCB2-1C671E3A5916} - http://www.seagate.com/support/disc/asp/to.../npseatools.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - http://ccfiles.creative.com/Web/softwareup...15106/CTPID.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - D:\AVG\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - D:\AVG\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Google Updater Service (gusvc) - Unknown owner - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - D:\SiSoft\SiSoftware Sandra Lite 2009.SP2\RpcAgentSrv.exe
O23 - Service: stllssvr - Unknown owner - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe (file missing)

--
End of file - 8056 bytes

#4 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:06:40 PM

Posted 24 May 2009 - 10:08 AM

Please download GooredFix and save it to your Desktop. Double-click Goored.exe to run it. Select 1. Find Goored (no fix) by typing 1 and pressing Enter. A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called Goored.txt). Note: Do not run Option #2 yet.

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#5 jonnyz

jonnyz
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:40 AM

Posted 24 May 2009 - 10:51 AM

GooredFix v1.92 by jpshortstuff
Log created at 11:50 on 24/05/2009 running Option #1 (Jonny Z)
Firefox version 3.0.10 (en-US)

=====Suspect Goored Entries=====

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.10\extensions]
"Plugins"="D:\Firefox\plugins"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.10\extensions]
"Components"="D:\Firefox\components"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{1d5287d1-8a92-0001-1f31-1cec198018d8}"="D:\AVG\ToolbarFF"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{3f963a5b-e555-4543-90e2-c3908898db71}"="D:\AVG\Firefox"

#6 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:06:40 PM

Posted 24 May 2009 - 11:14 AM

Please download Malwarebytes' Anti-Malware from HERE or HERE

Note: If you already have Malwarebytes' Anti-Malware, just run and update it.. Then do a "Perform Full Scan"

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.




Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic


Post these logs in your next reply..

1. Malwarebytes'
2. ESET Online Scanner
3. How's the computer now? :thumbup2:

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#7 jonnyz

jonnyz
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:40 AM

Posted 24 May 2009 - 02:28 PM

Here's the malwarebyte's log. I ran the eset program which found and deleted 9 infections, however when I looked for the text file to send it wasn't there. I am now able to get into regedit again so I assume all of this has worked.

Malwarebytes' Anti-Malware 1.36
Database version: 2174
Windows 5.1.2600 Service Pack 3

5/24/2009 2:00:26 PM
mbam-log-2009-05-24 (14-00-26).txt

Scan type: Full Scan (C:\|D:\|E:\|F:\|G:\|K:\|L:\|M:\|N:\|O:\|)
Objects scanned: 295541
Time elapsed: 1 hour(s), 22 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#8 fenzodahl512

fenzodahl512

  • Members
  • 6,738 posts
  • OFFLINE
  •  
  • Local time:06:40 PM

Posted 24 May 2009 - 02:35 PM

Looks good to me.. Lets do some cleanup...


Please download OTCleanIt and save it to Desktop.
  • Make sure you have internet connection..
  • Double-click OTCleanIt.exe
  • Click the CleanUp! button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes


Please read these excellent articles write by my friends:
Preventing Malware and Safe Computing by Rorschach112
What makes your machine slow? by Artellos


Also, please read these excellent articles by miekiemoes :
Help! My computer is slow!
How to prevent Malware


Read these great info's about safe internet surfing..

http://www.pcpitstop.com/spycheck/safesurfing.asp
http://bluefive.pair.com/practice_safe_surfing.htm




Please reply to this thread once more and tell us about the computer behaviour before we can close this thread :thumbup2:



Have a safe and happy computing day!


Regards
fenzodahl512

Keep calm, make it simple, use your brain, don't freak out, and you'll be just fine..
Awesomeness: When I get sad, I stop being sad and be awesome instead.. True story - Barney Stinson
Posted Image Posted Image
Its gonna be legen.. wait for it.. dary! Cherish the pain, it means you're still alive


#9 jonnyz

jonnyz
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:06:40 AM

Posted 24 May 2009 - 02:54 PM

Everything seems fine now... just did the google thing and wasn't redirected at all. The computer seems to be running faster too!! Thanks a MILLION for taking the time to help me with this problem, especially on a holiday weekend!!!

Jon

Edited by jonnyz, 24 May 2009 - 02:54 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users