Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirects and Trojan Warnings


  • Please log in to reply
8 replies to this topic

#1 Radio Waves

Radio Waves

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:31 AM

Posted 31 May 2009 - 11:15 AM

Continuing on from an "Am I Infected?" thread where boopme was helping me out, http://www.bleepingcomputer.com/forums/t/228714/pop-ups-pop-unders-and-avast-trojan-warnings/ (it seems that the malware is protected).

I was having trouble with pop-ups and pop-unders, ads that really did not belong on the websites I was visiting, as well as re-directs to search sites, yahoo jobs, and a youtube video about cobra. Some of these pop-ups, -unders and redirects would cause my avast! program to give me a warning that the site was malicious, or I would get a trojan warning and it would immediately block the site. Also, any attempt to download or update several malware detection and removal programs would be blocked or met with errors. I experienced this problem with MBAM, SAS, and Windows Defender.

The pop-ups and pop-unders seem to be gone now (or at least I haven't been having any issues with them), but the redirects and the inability to update malware definitions, or download anti-malware programs continue to hamper my efforts to clean my computer.

Here is the log from DDS:


DDS (Ver_09-05-14.01) - NTFSx86
Run by jkfii at 11:59:01.00 on Sun 05/31/2009
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_13
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2045.912 [GMT -4:00]

AV: avast! antivirus 4.8.1229 [VPS 081124-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: avast! antivirus 4.8.1229 [VPS 081124-0] *enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\OEM02Mon.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\DELL\MediaDirect\PCMService.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Lexmark 4800 Series\lxdemon.exe
C:\Program Files\Lexmark 4800 Series\lxdeamon.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
C:\Windows\system32\aestsrv.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Users\jkfii\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
C:\Windows\system32\CTsvcCDA.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\system32\lxdecoms.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\OpenCASE\OpenCASE Media Agent\MediaAgent.exe
C:\Program Files\DELL\QuickSet\quickset.exe
C:\Program Files\MOG-O-MATIC\MogClient.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Dell Support Center\bin\sprtsvc.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\STacSV.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Windows\System32\alg.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\System32\wscript.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\jkfii\Desktop\dds.scr

============== Pseudo HJT Report ===============

uWindow Title = Internet Explorer provided by Dell
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.21.0\gears.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - No File
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [Aim6]
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [Google Update] "c:\users\jkfii\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Yahoo! Pager] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Simplify Media] "c:\program files\simplify media\SimplifyMedia.exe"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe
mRun: [VolPanel] "c:\program files\creative\sbaudigy\volume panel\VolPanlu.exe" /r
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: []
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [lxdemon.exe] "c:\program files\lexmark 4800 series\lxdemon.exe"
mRun: [lxdeamon] "c:\program files\lexmark 4800 series\lxdeamon.exe"
mRun: [FaxCenterServer] "c:\program files\lexmark fax solutions\fm3032.exe" /s
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start
mRun: [XboxStat] "c:\program files\microsoft xbox 360 accessories\XboxStat.exe" silentrun
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\users\jkfii\appdata\roaming\micros~1\windows\startm~1\programs\startup\mog-o-~1.lnk - c:\program files\mog-o-matic\MogClient.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\windows\installer\{7f0c4457-8e64-491b-8d7b-991504365d1e}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe
mPolicies-explorer: UseDefaultTile = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: HideFastUserSwitching = 0 (0x0)
IE: &AIM Toolbar Search - c:\programdata\aim toolbar\ietoolbar\resources\en-us\local\search.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.21.0\gears.dll
IE: {0b83c99c-1efa-4259-858f-bcb33e007a5b} - {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://dl8-cdn-09.sun.com/s/ESD7/JSCDL/jdk/6u13-b03/jinstall-6u13-windows-i586-jc.cab?e=1240445993851&h=08a64a543af9e8e4e7ad084140ed6581/&filename=jinstall-6u13-windows-i586-jc.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\jkfii\appdata\roaming\mozilla\firefox\profiles\mdxbi6zb.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - component: c:\program files\google\google gears\firefox\components\gears.dll
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - component: c:\users\jkfii\appdata\roaming\mozilla\firefox\profiles\mdxbi6zb.default\extensions\{f722f063-925c-43d2-8308-584cfc1297fe}\components\FFAlert.dll
FF - plugin: c:\program files\google\update\1.2.133.33\npGoogleOneClick7.dll
FF - plugin: c:\program files\google\update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\google\update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\jkfii\appdata\local\google\update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\users\jkfii\appdata\roaming\mozilla\firefox\profiles\mdxbi6zb.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071101000055.dll

---- FIREFOX POLICIES ----

============= SERVICES / DRIVERS ===============

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-4-12 114768]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2007-10-30 73728]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-4-12 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2008-4-12 51792]
R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;c:\program files\microsoft small business\business contact manager\BcmSqlStartupSvc.exe [2008-1-11 30312]
R2 lxde_device;lxde_device;c:\windows\system32\lxdecoms.exe -service --> c:\windows\system32\lxdecoms.exe -service [?]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-2-4 210216]
R2 OpenCASE Media Agent;OpenCASE Media Agent;c:\program files\opencase\opencase media agent\MediaAgent.exe [2008-1-16 814728]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-1-14 226656]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-11-22 24652]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2007-7-28 179712]
R3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2008-11-25 29263712]
R3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\system32\drivers\OEM02Dev.sys [2007-10-10 235648]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\system32\drivers\OEM02Vfx.sys [2007-7-28 7424]
S2 gupdate1c951bd5e78aef0;Google Update Service (gupdate1c951bd5e78aef0);c:\program files\google\update\GoogleUpdate.exe [2008-11-28 133104]
S2 lxdeCATSCustConnectService;lxdeCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdeserv.exe [2007-5-29 99248]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2009-4-7 55280]
S3 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533360]
S3 MusCVideo;MusCVideo;c:\windows\system32\drivers\MusCVideo.sys [2008-11-17 3768]

=============== Created Last 30 ================

2009-05-29 17:11 691 a------- c:\users\jkfii\appdata\roaming\GetValue.vbs
2009-05-29 17:11 35 a------- c:\users\jkfii\appdata\roaming\SetValue.bat
2009-05-29 16:14 6,518 a------- c:\windows\system32\tmp.reg
2009-05-28 20:22 --d----- c:\users\jkfii\appdata\roaming\SUPERAntiSpyware.com
2009-05-24 13:00 116,839 a------- c:\windows\hpqins00.dat
2009-05-22 04:30 --d----- C:\VundoFix Backups
2009-05-17 20:47 55,640 a------- c:\windows\system32\drivers\avgntflt.sys
2009-05-17 20:31 --d----- c:\program files\Exterminate It!
2009-05-10 16:44 --d----- c:\program files\Simplify Media
2009-05-08 19:46 --d----- c:\users\jkfii\appdata\roaming\AccurateRip
2009-05-08 19:46 5,433,520 a------- c:\windows\system32\SpoonUninstall.exe
2009-05-08 19:46 33,846 a------- c:\windows\system32\SpoonUninstall-dBpoweramp Music Converter.bmp
2009-05-08 19:46 14,373 a------- c:\windows\system32\SpoonUninstall-dBpoweramp Music Converter.dat
2009-05-08 19:46 --d----- c:\program files\Illustrate

==================== Find3M ====================

2009-05-31 11:51 31,871 a------- c:\programdata\nvModes.dat
2009-05-31 11:51 31,871 a------- c:\progra~2\nvModes.dat
2009-05-26 13:20 40,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-26 13:19 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-05-13 19:32 618,457 a------- c:\windows\jgzr.dat
2009-04-22 20:19 410,984 a------- c:\windows\system32\deploytk.dll
2009-04-22 16:35 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_xusb21_01001.Wdf
2009-04-22 16:34 86,016 a------- c:\windows\inf\infstor.dat
2009-04-22 16:34 51,200 a------- c:\windows\inf\infpub.dat
2009-04-22 16:34 143,360 a------- c:\windows\inf\infstrng.dat
2009-04-03 15:39 70,936 a------- c:\windows\system32\PhysXLoader.dll
2009-03-16 23:38 40,960 a------- c:\windows\apppatch\apihex86.dll
2009-03-16 23:38 13,824 a------- c:\windows\system32\apilogen.dll
2009-03-16 23:38 24,064 a------- c:\windows\system32\amxread.dll
2009-03-06 02:59 1,900,544 a------- c:\windows\system32\usbaaplrc.dll
2009-03-03 00:46 3,599,328 a------- c:\windows\system32\ntkrnlpa.exe
2009-03-03 00:46 3,547,632 a------- c:\windows\system32\ntoskrnl.exe
2009-03-03 00:40 499,200 a------- c:\windows\system32\wbem\WmiPrvSD.dll
2009-03-03 00:40 129,024 a------- c:\windows\system32\wbem\WmiDcPrv.dll
2009-03-03 00:40 827,392 a------- c:\windows\system32\wininet.dll
2009-03-03 00:39 183,296 a------- c:\windows\system32\sdohlp.dll
2009-03-03 00:39 551,424 a------- c:\windows\system32\rpcss.dll
2009-03-03 00:39 26,112 a------- c:\windows\system32\printfilterpipelineprxy.dll
2009-03-03 00:37 78,336 a------- c:\windows\system32\ieencode.dll
2009-03-03 00:37 98,304 a------- c:\windows\system32\iasrecst.dll
2009-03-03 00:37 54,784 a------- c:\windows\system32\iasads.dll
2009-03-03 00:37 44,032 a------- c:\windows\system32\iasdatastore.dll
2009-03-03 00:36 615,424 a------- c:\windows\system32\wbem\fastprox.dll
2009-03-02 23:04 666,624 a------- c:\windows\system32\printfilterpipelinesvc.exe
2009-03-02 22:38 17,408 a------- c:\windows\system32\iashost.exe
2009-03-02 22:28 26,624 a------- c:\windows\system32\ieUnatt.exe
2009-03-02 22:16 247,296 a------- c:\windows\system32\wbem\WmiPrvSE.exe
2009-02-28 02:38 41,335 a------- c:\users\jkfii\appdata\roaming\nvModes.dat
2008-06-11 20:11 665,600 a------- c:\windows\inf\drvindex.dat
2008-04-23 18:23 174 a--sh--- c:\program files\desktop.ini
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2007-07-28 12:44 76 ---shr-- c:\windows\CT4CET.bin

============= FINISH: 11:59:25.11 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:31 AM

Posted 11 June 2009 - 08:26 PM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#3 Radio Waves

Radio Waves
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:31 AM

Posted 12 June 2009 - 12:52 PM

You can find the description of my issues in the initial post. The main problem, anymore, seems to be my inability to update or download any malware or spyware scanning software. The sites end up blocked. I still get redirects every once in a while, but the pop-ups and pop-unders have stopped. Any help is appreciated.


DDS (Ver_09-05-14.01) - NTFSx86 MINIMAL
Run by jkfii at 13:31:43.02 on Fri 06/12/2009
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_13
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2045.1583 [GMT -4:00]

AV: avast! antivirus 4.8.1229 [VPS 081124-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: avast! antivirus 4.8.1229 [VPS 081124-0] *enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\Explorer.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\jkfii\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uWindow Title = Internet Explorer provided by Dell
uInternet Settings,ProxyOverride = *.local
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - c:\program files\yahoo!\common\yiesrvc.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SearchHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.21.0\gears.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - No File
uRun: [DellSupport] "c:\program files\dellsupport\DSAgnt.exe" /startup
uRun: [Aim6]
uRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
uRun: [Google Update] "c:\users\jkfii\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Yahoo! Pager] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Simplify Media] "c:\program files\simplify media\SimplifyMedia.exe"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [OEM02Mon.exe] c:\windows\OEM02Mon.exe
mRun: [VolPanel] "c:\program files\creative\sbaudigy\volume panel\VolPanlu.exe" /r
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [<NO NAME>]
mRun: [PCMService] "c:\program files\dell\mediadirect\PCMService.exe"
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [DellSupportCenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P DellSupportCenter
mRun: [lxdemon.exe] "c:\program files\lexmark 4800 series\lxdemon.exe"
mRun: [lxdeamon] "c:\program files\lexmark 4800 series\lxdeamon.exe"
mRun: [FaxCenterServer] "c:\program files\lexmark fax solutions\fm3032.exe" /s
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start
mRun: [XboxStat] "c:\program files\microsoft xbox 360 accessories\XboxStat.exe" silentrun
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
StartupFolder: c:\users\jkfii\appdata\roaming\micros~1\windows\startm~1\programs\startup\mog-o-~1.lnk - c:\program files\mog-o-matic\MogClient.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickset.lnk - c:\windows\installer\{7f0c4457-8e64-491b-8d7b-991504365d1e}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe
mPolicies-explorer: UseDefaultTile = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: HideFastUserSwitching = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.21.0\gears.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - c:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} - hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://dl8-cdn-09.sun.com/s/ESD7/JSCDL/jdk/6u13-b03/jinstall-6u13-windows-i586-jc.cab?e=1240445993851&h=08a64a543af9e8e4e7ad084140ed6581/&filename=jinstall-6u13-windows-i586-jc.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\jkfii\appdata\roaming\mozilla\firefox\profiles\mdxbi6zb.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - component: c:\program files\google\google gears\firefox\components\gears.dll
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - component: c:\users\jkfii\appdata\roaming\mozilla\firefox\profiles\mdxbi6zb.default\extensions\{f722f063-925c-43d2-8308-584cfc1297fe}\components\FFAlert.dll
FF - plugin: c:\program files\google\update\1.2.133.33\npGoogleOneClick7.dll
FF - plugin: c:\program files\google\update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\google\update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\jkfii\appdata\local\google\update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\users\jkfii\appdata\roaming\mozilla\firefox\profiles\mdxbi6zb.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071101000055.dll

---- FIREFOX POLICIES ----

============= SERVICES / DRIVERS ===============

S1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-4-12 114768]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\AEstSrv.exe [2007-10-30 73728]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-4-12 20560]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2008-4-12 51792]
S2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;c:\program files\microsoft small business\business contact manager\BcmSqlStartupSvc.exe [2008-1-11 30312]
S2 gupdate1c951bd5e78aef0;Google Update Service (gupdate1c951bd5e78aef0);c:\program files\google\update\GoogleUpdate.exe [2008-11-28 133104]
S2 lxde_device;lxde_device;c:\windows\system32\lxdecoms.exe -service --> c:\windows\system32\lxdecoms.exe -service [?]
S2 lxdeCATSCustConnectService;lxdeCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxdeserv.exe [2007-5-29 99248]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2009-2-4 210216]
S2 OpenCASE Media Agent;OpenCASE Media Agent;c:\program files\opencase\opencase media agent\MediaAgent.exe [2008-1-16 814728]
S2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-1-14 226656]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-11-22 24652]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2007-7-28 179712]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2009-4-7 55280]
S3 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533360]
S3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2008-11-25 29263712]
S3 MusCVideo;MusCVideo;c:\windows\system32\drivers\MusCVideo.sys [2008-11-17 3768]
S3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\system32\drivers\OEM02Dev.sys [2007-10-10 235648]
S3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\system32\drivers\OEM02Vfx.sys [2007-7-28 7424]

=============== Created Last 30 ================

2009-05-29 17:11 691 a------- c:\users\jkfii\appdata\roaming\GetValue.vbs
2009-05-29 17:11 35 a------- c:\users\jkfii\appdata\roaming\SetValue.bat
2009-05-29 16:14 6,518 a------- c:\windows\system32\tmp.reg
2009-05-28 20:22 <DIR> --d----- c:\users\jkfii\appdata\roaming\SUPERAntiSpyware.com
2009-05-26 17:18 90,112 a------- c:\windows\system32\QuickTimeVR.qtx
2009-05-26 17:18 57,344 a------- c:\windows\system32\QuickTime.qts
2009-05-24 13:00 116,839 a------- c:\windows\hpqins00.dat
2009-05-22 04:30 <DIR> --d----- C:\VundoFix Backups
2009-05-17 20:47 55,640 a------- c:\windows\system32\drivers\avgntflt.sys
2009-05-17 20:31 <DIR> --d----- c:\program files\Exterminate It!

==================== Find3M ====================

2009-06-12 13:13 31,871 a------- c:\programdata\nvModes.dat
2009-06-12 13:13 31,871 a------- c:\progra~2\nvModes.dat
2009-05-26 13:20 40,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-26 13:19 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-05-13 19:32 618,457 a------- c:\windows\jgzr.dat
2009-05-08 19:46 14,373 a------- c:\windows\system32\SpoonUninstall-dBpoweramp Music Converter.dat
2009-05-08 19:46 5,433,520 a------- c:\windows\system32\SpoonUninstall.exe
2009-04-22 20:19 410,984 a------- c:\windows\system32\deploytk.dll
2009-04-22 16:35 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_xusb21_01001.Wdf
2009-04-22 16:34 86,016 a------- c:\windows\inf\infstor.dat
2009-04-22 16:34 51,200 a------- c:\windows\inf\infpub.dat
2009-04-22 16:34 143,360 a------- c:\windows\inf\infstrng.dat
2009-04-03 15:39 70,936 a------- c:\windows\system32\PhysXLoader.dll
2009-03-16 23:38 40,960 a------- c:\windows\apppatch\apihex86.dll
2009-03-16 23:38 13,824 a------- c:\windows\system32\apilogen.dll
2009-03-16 23:38 24,064 a------- c:\windows\system32\amxread.dll
2009-02-28 02:38 41,335 a------- c:\users\jkfii\appdata\roaming\nvModes.dat
2008-06-11 20:11 665,600 a------- c:\windows\inf\drvindex.dat
2008-04-23 18:23 174 a--sh--- c:\program files\desktop.ini
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 08:42 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 08:42 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 05:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 05:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2007-07-28 12:44 76 ---shr-- c:\windows\CT4CET.bin

============= FINISH: 13:32:10.52 ===============

Attached Files



#4 Ried

Ried

  • Malware Response Team
  • 1,009 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:31 AM

Posted 15 June 2009 - 11:35 PM

Hello Radio Waves,

Posted Image
Download GMER Rootkit Scanner from here or here.
  • Extract the contents of the zipped file to desktop.
  • Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.


    Posted Image
    Click the image to enlarge it


  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "ark.txt"
  • Save it where you can easily find it, such as your desktop and attach the report in your next reply.
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Microsoft MVP - Consumer Security 2010, 2011, 2012

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."


#5 Radio Waves

Radio Waves
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:31 AM

Posted 16 June 2009 - 03:55 PM

had a bit of trouble with this one. I tried to run it in normal mode -- twice actually, and both times I would get a blue screen letting me know that there was a fatal error and that windows would have to shut down. I then went into safe mode to run it, and had no problems. Hopefully that's good. Let me know if there is anything else I can do. Any idea what the issue may have been?

Anyway, attached is the log from running it in safe mode.

Attached Files

  • Attached File  ark.txt   990bytes   7 downloads


#6 Ried

Ried

  • Malware Response Team
  • 1,009 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:31 AM

Posted 17 June 2009 - 01:03 AM

Sometimes you need to also uncheck Devices when that happens. No real concern, Radio Waves.

Download Combofix from any of the links below, and save it to your desktop.


Link 1
Link 2
Link 3


**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. If you are unsure how to do this, please see this link http://www.bleepingcomputer.com/forums/t/114351/how-to-temporarily-disable-your-anti-virus-firewall-and-anti-malware-programs/

--------------------------------------------------------------------

Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review, along with an update on system behavior.

Microsoft MVP - Consumer Security 2010, 2011, 2012

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."


#7 Radio Waves

Radio Waves
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:31 AM

Posted 17 June 2009 - 06:31 PM

I'm still getting blocked from updating my malware and spyware protection program definitions and from accessing their sites to download the programs directly. (those affected: SUPERAnti-spyware, malwarebytes, and Windows Defender) I haven't been having any redirect issues other than trying to access those sites yet.

Here is the combofix log:

ComboFix 09-06-17.02 - jkfii 06/17/2009 19:06.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2045.951 [GMT -4:00]
Running from: c:\users\jkfii\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1229 [VPS 081124-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: avast! antivirus 4.8.1229 [VPS 081124-0] *enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\MabryObj.dll
c:\windows\system32\tmp.reg

.
((((((((((((((((((((((((( Files Created from 2009-05-17 to 2009-06-17 )))))))))))))))))))))))))))))))
.

2009-06-17 23:12 . 2009-06-17 23:12 -------- d-----w- c:\users\jkfii\AppData\Local\temp
2009-06-17 16:34 . 2009-06-17 16:34 -------- d-----w- c:\windows\LastGood
2009-06-12 23:48 . 2009-06-12 23:48 -------- d-----w- c:\program files\iPod
2009-06-12 23:39 . 2009-06-12 23:39 75048 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-06 21:25 . 2009-06-06 21:25 -------- d-----w- c:\program files\QuickTime
2009-06-05 15:42 . 2009-06-05 15:42 39424 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-06-05 15:42 . 2009-06-05 15:42 2060288 ----a-w- c:\windows\system32\usbaaplrc.dll
2009-06-05 04:42 . 2009-06-05 04:42 -------- d-----w- c:\users\jkfii\AppData\Local\Apple
2009-06-03 19:26 . 2009-06-04 15:42 -------- d-----w- c:\users\jkfii\AppData\Local\Adobe
2009-05-29 21:11 . 2009-05-29 21:11 35 ----a-w- c:\users\jkfii\AppData\Roaming\SetValue.bat
2009-05-29 00:23 . 2009-06-16 20:50 117760 ----a-w- c:\users\jkfii\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-05-29 00:22 . 2009-05-29 00:22 -------- d-----w- c:\users\jkfii\AppData\Roaming\SUPERAntiSpyware.com
2009-05-28 23:57 . 2009-06-06 21:20 -------- d-----w- c:\users\jkfii\AppData\Local\Apple Computer
2009-05-25 22:03 . 2009-04-29 17:46 159744 ----a-w- c:\users\jkfii\AppData\Roaming\Songbird2\Profiles\m0q27yrg.default\extensions\windowsmedia@songbirdnest.com\platform\WINNT_x86-msvc\components\sbWindowsMediacore.dll
2009-05-24 17:00 . 2009-05-24 17:03 116839 ----a-w- c:\windows\hpqins00.dat
2009-05-22 08:30 . 2009-05-22 08:30 -------- d-----w- C:\VundoFix Backups

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-17 22:55 . 2009-03-03 20:12 31871 ----a-w- c:\programdata\nvModes.dat
2009-06-17 16:34 . 2007-08-03 20:12 -------- d-----w- c:\programdata\Apple
2009-06-16 20:48 . 2008-05-09 22:23 66560 --sha-w- c:\programdata\ExtendMedia\Media Agent\ac.dll
2009-06-16 19:24 . 2007-07-28 16:29 836 ----a-w- c:\windows\bthservsdp.dat
2009-06-12 23:53 . 2008-06-19 01:53 -------- d-----w- c:\program files\Safari
2009-06-12 23:48 . 2007-09-29 23:39 -------- d-----w- c:\program files\iTunes
2009-06-12 23:48 . 2007-08-03 20:12 -------- d-----w- c:\program files\Common Files\Apple
2009-06-12 03:36 . 2008-01-23 04:35 -------- d-----w- c:\users\jkfii\AppData\Roaming\uTorrent
2009-05-29 21:11 . 2009-05-29 21:11 691 ----a-w- c:\users\jkfii\AppData\Roaming\GetValue.vbs
2009-05-29 21:11 . 2007-07-28 16:57 -------- d-----w- c:\program files\Google
2009-05-29 21:09 . 2008-01-15 20:37 -------- d-----w- c:\program files\Eusing Free Registry Cleaner
2009-05-29 16:49 . 2008-10-04 11:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-05-29 14:02 . 2007-09-08 00:42 7592 ----a-w- c:\users\jkfii\AppData\Local\d3d9caps.dat
2009-05-29 00:22 . 2008-10-04 11:51 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-05-29 00:20 . 2008-04-12 05:10 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-05-26 17:20 . 2008-10-04 11:53 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-26 17:19 . 2008-10-04 11:53 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-05-24 17:03 . 2008-08-24 20:40 -------- d-----w- c:\program files\HP
2009-05-22 23:46 . 2008-06-11 00:41 -------- d-----w- c:\programdata\Lx_cats
2009-05-18 02:59 . 2009-05-18 00:31 -------- d-----w- c:\program files\Exterminate It!
2009-05-13 23:35 . 2007-09-26 02:41 -------- d-----w- c:\programdata\Examsoft
2009-05-13 23:32 . 2007-09-26 02:41 618457 ----a-w- c:\windows\jgzr.dat
2009-05-13 10:06 . 2007-08-03 19:09 -------- d-----w- c:\programdata\Microsoft Help
2009-05-13 10:02 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-05-12 08:51 . 2008-12-22 13:08 2967799 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-05-10 20:44 . 2009-05-10 20:44 -------- d-----w- c:\program files\Simplify Media
2009-05-08 23:46 . 2009-05-08 23:46 -------- d-----w- c:\users\jkfii\AppData\Roaming\AccurateRip
2009-05-08 23:46 . 2009-05-08 23:46 14373 ----a-w- c:\windows\system32\SpoonUninstall-dBpoweramp Music Converter.dat
2009-05-08 23:46 . 2009-05-08 23:46 -------- d-----w- c:\program files\Illustrate
2009-05-08 23:46 . 2009-05-08 23:46 5433520 ----a-w- c:\windows\system32\SpoonUninstall.exe
2009-05-02 00:29 . 2009-04-22 00:07 -------- d-----w- c:\program files\Cryptic Studios
2009-04-28 23:51 . 2009-04-28 23:51 -------- d-----w- c:\users\jkfii\AppData\Roaming\Songbird2
2009-04-28 23:51 . 2009-04-28 23:51 -------- d-----w- c:\program files\Songbird
2009-04-28 23:50 . 2009-04-28 23:50 -------- d-----w- c:\program files\Matador Download Helper
2009-04-23 00:19 . 2008-12-01 21:46 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-04-23 00:16 . 2007-07-28 16:38 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-04-23 00:15 . 2009-04-23 00:15 -------- d-----w- c:\users\jkfii\AppData\Roaming\InstallShield
2009-04-23 00:14 . 2007-07-28 16:38 -------- d-----w- c:\program files\Java
2009-04-22 20:35 . 2009-04-22 20:35 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_xusb21_01001.Wdf
2009-04-22 20:34 . 2009-04-22 20:33 -------- d-----w- c:\program files\Microsoft Xbox 360 Accessories
2009-04-22 10:55 . 2009-04-21 23:54 -------- d-----w- c:\program files\AGEIA Technologies
2009-04-22 10:39 . 2008-06-06 16:45 -------- d-----w- c:\programdata\NVIDIA
2009-04-21 23:41 . 2009-04-21 23:40 -------- d-----w- c:\program files\SystemRequirementsLab
2009-04-21 23:40 . 2009-04-21 23:40 -------- d-----w- c:\users\jkfii\AppData\Roaming\SystemRequirementsLab
2009-04-03 19:39 . 2009-04-03 19:39 70936 ----a-w- c:\windows\system32\PhysXLoader.dll
2009-03-24 20:08 . 2009-05-18 00:47 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-03-19 23:32 . 2009-04-12 03:34 23400 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2007-07-28 16:44 . 2007-07-28 16:44 76 --sh--r- c:\windows\CT4CET.bin
2007-07-29 00:23 . 2007-07-29 00:20 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-14 206064]
"Google Update"="c:\users\jkfii\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-09-03 133104]
"Yahoo! Pager"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-31 4670704]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-07 3885408]
"Simplify Media"="c:\program files\Simplify Media\SimplifyMedia.exe" [2009-04-30 8564232]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-05-26 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-05-21 159744]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-05-09 36864]
"VolPanel"="c:\program files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" [2006-11-27 180224]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-04-16 184320]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-03-16 17920]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2007-03-21 1548288]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-14 206064]
"lxdemon.exe"="c:\program files\Lexmark 4800 Series\lxdemon.exe" [2007-06-11 455600]
"lxdeamon"="c:\program files\Lexmark 4800 Series\lxdeamon.exe" [2007-06-01 20480]
"FaxCenterServer"="c:\program files\Lexmark Fax Solutions\fm3032.exe" [2007-06-11 316336]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 80896]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-14 177472]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-13 405504]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-30 13605408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-30 92704]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2009-01-30 96800]
"XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2007-09-27 734264]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-04-23 148888]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]

c:\users\jkfii\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MOG-O-MATIC.lnk - c:\program files\MOG-O-MATIC\MogClient.exe [2007-11-11 677888]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-3 703280]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-7-28 50688]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
QuickSet.lnk - c:\windows\Installer\{7F0C4457-8E64-491B-8D7B-991504365D1E}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [2007-7-28 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"UseDefaultTile"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"="0x00000000"
"UpdatesDisableNotify"="0x00000000"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{62E80140-AB37-4E65-9395-2B4BCC292819}"= UDP:c:\program files\Common Files\McAfee\MNA\McNASvc.exe:McAfee Network Agent
"{A716FDDA-D7FB-4B0A-B030-D30727AAA47E}"= c:\program files\Dell\MediaDirect\PowerCinema.exe:CyberLink PowerCinema
"{EA041977-B3A9-44E1-94A8-E0D510F58D29}"= c:\program files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program
"{AE74C7FF-2FFC-4BAE-9A1C-06EA947E007F}"= c:\program files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
"{660D86A7-2E6F-4444-8A33-FA618E38F2E5}"= c:\program files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server
"{9E7C34B3-6A4A-4EEC-BAE1-F34CC9812F6E}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{105447CC-007B-410A-9CD0-CC7FCAD794EA}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{98FF67AA-D2F9-4233-BCB8-07D111342BAF}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{B04DED9A-B7BC-4E3D-978B-27F52B046192}"= UDP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{4FDF3197-EFE8-4587-A315-354C68B743D0}"= TCP:c:\program files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{3B2E6CE1-76F0-458F-938D-1A1D830AC3C0}"= UDP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{4B61C41C-D534-49C1-9C16-F914BF5EB309}"= TCP:c:\program files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{07D7CA42-E8BA-4EFC-83A4-E9A59614DA72}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{CE76778E-AB7B-482B-A63C-97060AE273BE}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"TCP Query User{C08F5D58-4673-490A-95B6-558102DA533D}c:\\windows\\system32\\msiexec.exe"= UDP:c:\windows\system32\msiexec.exe:Windows® installer
"UDP Query User{90FC9532-73E7-4A59-AD41-2630831E7EB0}c:\\windows\\system32\\msiexec.exe"= TCP:c:\windows\system32\msiexec.exe:Windows® installer
"TCP Query User{72C0B469-FA16-4B12-806F-AE304D3F31D4}c:\\program files\\mozilla firefox\\firefox.exe"= UDP:c:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{90AA9860-2BB2-423C-8E6E-A89D70528F8C}c:\\program files\\mozilla firefox\\firefox.exe"= TCP:c:\program files\mozilla firefox\firefox.exe:Firefox
"TCP Query User{21C51C3C-3E89-42E0-801F-1D6C47E622F0}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{F4622AE6-5ADA-4DE2-B1AE-D9A0BE2D30D9}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:uTorrent
"{D270522A-E91A-4253-8036-8EECCD34EBF7}"= UDP:c:\program files\Lexmark 4800 Series\lxdeamon.exe:Lexmark Device Monitor
"{A519864B-CC11-4D92-864B-1E367F195E91}"= TCP:c:\program files\Lexmark 4800 Series\lxdeamon.exe:Lexmark Device Monitor
"{2904BAE2-3A0C-4027-9902-6FF8CBDC1E4E}"= UDP:c:\program files\Lexmark 4800 Series\frun.exe:Lexmark Productivity Studio
"{5C12FCFE-63C2-4D25-A384-55BE3EC496DF}"= TCP:c:\program files\Lexmark 4800 Series\frun.exe:Lexmark Productivity Studio
"{0F5E48F5-FD4F-4F43-A616-90A9FB96A57C}"= UDP:c:\program files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe:ABBYY FineReader
"{11ECF6F5-9B4F-40FB-8310-3B6C7F650C6C}"= TCP:c:\program files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe:ABBYY FineReader
"{C523F9D3-1851-44B5-9A23-ACB14D6977E9}"= UDP:c:\program files\Lexmark Fax Solutions\FaxCtr.exe:Fax software
"{D61FB2C5-4D80-4C70-9036-A9E3ED23A2FC}"= TCP:c:\program files\Lexmark Fax Solutions\FaxCtr.exe:Fax software
"{6756CE5F-B808-48B4-82CC-6C415093C00E}"= UDP:c:\windows\System32\lxdecfg.exe:Printer Communication System
"{1F11436C-8E04-484B-A7C8-B20F98908CE6}"= TCP:c:\windows\System32\lxdecfg.exe:Printer Communication System
"{3D4C95C7-E6A8-4F2E-AEE4-5527069FF9BC}"= UDP:c:\windows\System32\lxdecoms.exe:Lexmark Communications System
"{F01FF4B8-1882-4E5E-A219-99982BC540A0}"= TCP:c:\windows\System32\lxdecoms.exe:Lexmark Communications System
"{DB1F70FB-022B-46A6-BD01-79C2C210D3E6}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxdepswx.exe:Printer Status Window Interface
"{143F4F11-9936-4D71-B803-C18F7C1A6342}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxdepswx.exe:Printer Status Window Interface
"{235432EF-2F4F-45CF-B893-9569D86D970A}"= UDP:c:\windows\System32\spool\drivers\w32x86\3\lxdetime.exe:Lexmark Connect Time Executable
"{2E67092D-21DB-4B9C-A9D9-9C7BC28AD662}"= TCP:c:\windows\System32\spool\drivers\w32x86\3\lxdetime.exe:Lexmark Connect Time Executable
"TCP Query User{BB1BE6FD-8657-492D-BCD2-E8A524DD8434}c:\\program files\\electronic arts\\eadm\\core.exe"= UDP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"UDP Query User{5A0CBCFF-32D9-40F6-9C00-AA2A9A4E3230}c:\\program files\\electronic arts\\eadm\\core.exe"= TCP:c:\program files\electronic arts\eadm\core.exe:EA Download Manager
"TCP Query User{24162A25-3D49-4B77-A5A1-192649693CEB}c:\\program files\\soulseek\\slsk.exe"= UDP:c:\program files\soulseek\slsk.exe:SoulSeek
"UDP Query User{E94D6ABD-3A0E-478B-B8EA-B33B2909773C}c:\\program files\\soulseek\\slsk.exe"= TCP:c:\program files\soulseek\slsk.exe:SoulSeek
"TCP Query User{D45C37EA-F22F-4198-8036-72AF18BBEE2A}c:\\program files\\simplify media\\simplifypeer.exe"= UDP:c:\program files\simplify media\simplifypeer.exe:Simplify Media Peer
"UDP Query User{F876F1D6-7E39-4183-92F3-106BF5F78B4C}c:\\program files\\simplify media\\simplifypeer.exe"= TCP:c:\program files\simplify media\simplifypeer.exe:Simplify Media Peer
"TCP Query User{0B9D9CEA-4E3C-4A74-A9B9-6096741BB401}c:\\program files\\simplify media\\simplifypeer.exe"= UDP:c:\program files\simplify media\simplifypeer.exe:Simplify Media Peer
"UDP Query User{39EC2ED2-7867-4F81-9B98-639DEE154410}c:\\program files\\simplify media\\simplifypeer.exe"= TCP:c:\program files\simplify media\simplifypeer.exe:Simplify Media Peer
"{0F6EE592-5CB4-4EE4-B6DB-5B2F5790D7B8}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe
"{2752CE77-BCED-4DCC-9E2D-E774ACDDBAF8}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqtra08.exe:hpqtra08.exe
"{A81D43FF-0AEE-4B2B-8801-AB2984EE64F3}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe
"{00DA13EC-8F10-4FF6-9F0C-06261346301F}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqste08.exe:hpqste08.exe
"{E4035339-B59E-4AC3-84D2-9527A1FA46F1}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe
"{00BD976F-DB62-47FF-868D-F0F41AB0D4D0}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hposid01.exe:hposid01.exe
"{20083853-CA04-4DCE-98B8-ABBD8FFE77D4}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpiscnapp.exe:hpiscnapp.exe
"{194BDB20-514D-4DF0-B141-FCFF994DDA93}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpiscnapp.exe:hpiscnapp.exe
"{2729787C-3BAF-4C9E-A02A-466F2FB42737}"= Disabled:UDP:c:\program files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe
"{5FF52B14-2F3F-4FF6-8345-89432AAED677}"= Disabled:TCP:c:\program files\HP\Digital Imaging\bin\hpqkygrp.exe:hpqkygrp.exe
"{8703F5FC-1655-4D6D-8281-7BAF11E3E77E}"= UDP:c:\program files\Lexmark 4800 Series\lxdemon.exe:Printer Device Monitor
"{32409ECB-2B83-4860-A917-99673B6D56C2}"= TCP:c:\program files\Lexmark 4800 Series\lxdemon.exe:Printer Device Monitor
"TCP Query User{B34AB88C-71F3-4236-A087-8C7F7575C173}c:\\program files\\utorrent\\utorrent.exe"= UDP:c:\program files\utorrent\utorrent.exe:uTorrent
"UDP Query User{82E44F9D-3996-457C-A247-30DD5AED76FC}c:\\program files\\utorrent\\utorrent.exe"= TCP:c:\program files\utorrent\utorrent.exe:uTorrent
"{C6288043-226E-4426-88A9-6F256ACAC07B}"= UDP:c:\program files\uTorrent\uTorrent.exe:µTorrent (TCP-In)
"{DB069BC5-33D1-4F9F-A681-C9F3CD8933CD}"= TCP:c:\program files\uTorrent\uTorrent.exe:µTorrent (UDP-In)
"{027CC1B9-98C0-4E60-B69C-F389B78AF69E}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{F248D6FA-E15F-4076-B7EB-FB31086DF636}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{9591CAF8-131A-4334-A676-CC0B0B90B9CE}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{F6D88644-4425-4929-9677-6D6521A91461}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"TCP Query User{4B9E68C4-A3BD-425C-8BE4-384CAD22F45F}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= UDP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"UDP Query User{15F8EA21-FCAF-4863-85B2-AE769CA6EB9A}c:\\program files\\yahoo!\\messenger\\yahoomessenger.exe"= TCP:c:\program files\yahoo!\messenger\yahoomessenger.exe:Yahoo! Messenger
"TCP Query User{6EBE1CE1-AF04-49E6-9F0E-F558CF12E8EA}c:\\program files\\simplify media\\simplifymedia.exe"= UDP:c:\program files\simplify media\simplifymedia.exe:Simplify Media
"UDP Query User{8AD78EA7-B8D4-4E77-9217-D515960034B0}c:\\program files\\simplify media\\simplifymedia.exe"= TCP:c:\program files\simplify media\simplifymedia.exe:Simplify Media
"{AF223344-5510-4ADF-AAF1-C5AF139C7701}"= UDP:c:\program files\AIM6\aim6.exe:AIM
"{5F9B19D9-6627-4528-9D57-9BB9607BCA9E}"= TCP:c:\program files\AIM6\aim6.exe:AIM
"{57AE7507-5D61-4F3A-B83E-68C5FCE1926C}"= UDP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"{B5CA3BBF-BBA7-4737-860C-4895AA63795C}"= TCP:c:\program files\Bonjour\mDNSResponder.exe:Bonjour
"TCP Query User{9B8718B0-5BA1-4B48-BFF1-AD083FC06A23}c:\\program files\\vuze\\azureus.exe"= UDP:c:\program files\vuze\azureus.exe:Azureus
"UDP Query User{F23B10C9-E7DC-40F7-937B-16F444EA1D36}c:\\program files\\vuze\\azureus.exe"= TCP:c:\program files\vuze\azureus.exe:Azureus
"{2C03878B-EEA9-440A-BA2E-908E28745864}"= c:\program files\Windows Live\Sync\WindowsLiveSync.exe:Windows Live Sync
"TCP Query User{283A72B1-DBB7-4A83-AC2D-F1314716FB4A}c:\\program files\\cryptic studios\\champions online\\playtest\\gameclient.exe"= UDP:c:\program files\cryptic studios\champions online\playtest\gameclient.exe:GameClient
"UDP Query User{0CAA2681-D0CC-412F-9843-4D202AB960B1}c:\\program files\\cryptic studios\\champions online\\playtest\\gameclient.exe"= TCP:c:\program files\cryptic studios\champions online\playtest\gameclient.exe:GameClient
"{BC99B9A3-20E7-46B8-A763-F0D536DDFAA7}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{00DBACA4-6AD7-4596-9D21-1A68C0627BA9}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AuthorizedApplications\List]
"c:\\Program Files\\ExamSoft\\SofTest\\SoftLnch.exe"= c:\program files\ExamSoft\SoftLnch.exe:*:Enabled:SofLaunch

"c:\\Program Files\\ExamSoft\\SofTest\\softest.exe"= c:\program files\ExamSoft\SofTest.exe:*:Enabled:SofTest

R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [4/12/2008 6:17 AM 114768]
R2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\AEstSrv.exe [10/30/2007 8:28 PM 73728]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [4/12/2008 6:17 AM 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [4/12/2008 6:17 AM 51792]
R2 BcmSqlStartupSvc;Business Contact Manager SQL Server Startup Service;c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe [1/11/2008 9:50 PM 30312]
R2 lxde_device;lxde_device;c:\windows\system32\lxdecoms.exe -service --> c:\windows\system32\lxdecoms.exe -service [?]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [2/4/2009 11:18 PM 210216]
R2 OpenCASE Media Agent;OpenCASE Media Agent;c:\program files\OpenCASE\OpenCASE Media Agent\MediaAgent.exe [1/16/2008 6:57 PM 814728]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [11/22/2007 9:11 PM 24652]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\System32\drivers\b57nd60x.sys [7/28/2007 8:23 PM 179712]
R3 MSSQL$MSSMLBIZ;SQL Server (MSSMLBIZ);c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [11/25/2008 1:31 AM 29263712]
R3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\System32\drivers\OEM02Dev.sys [10/10/2007 5:03 PM 235648]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\System32\drivers\OEM02Vfx.sys [7/28/2007 8:23 PM 7424]
S2 gupdate1c951bd5e78aef0;Google Update Service (gupdate1c951bd5e78aef0);c:\program files\Google\Update\GoogleUpdate.exe [11/28/2008 8:56 PM 133104]
S2 lxdeCATSCustConnectService;lxdeCATSCustConnectService;c:\windows\System32\spool\drivers\w32x86\3\lxdeserv.exe [5/29/2007 5:06 AM 99248]
S3 fssfltr;FssFltr;c:\windows\System32\drivers\fssfltr.sys [4/7/2009 6:35 PM 55280]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [2/6/2009 9:08 PM 533360]
S3 MusCVideo;MusCVideo;c:\windows\System32\drivers\MusCVideo.sys [11/17/2008 5:01 AM 3768]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2009-06-17 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-11-29 00:56]

2009-06-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2117460787-3238168841-1170143009-1000.job
- c:\users\jkfii\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-03 03:57]

2009-06-17 c:\windows\Tasks\User_Feed_Synchronization-{8EB9DA08-D47D-42A3-A376-53E380420484}.job
- c:\windows\system32\msfeedssync.exe [2008-04-23 07:33]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Aim6 - (no file)


.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\jkfii\AppData\Roaming\Mozilla\Firefox\Profiles\mdxbi6zb.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://search.live.com/results.aspx?FORM=IEFM1&q=
FF - component: c:\program files\Google\Google Gears\Firefox\components\gears.dll
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: c:\users\jkfii\AppData\Roaming\Mozilla\Firefox\Profiles\mdxbi6zb.default\extensions\{f722f063-925c-43d2-8308-584cfc1297fe}\components\FFAlert.dll
FF - plugin: c:\program files\Google\Update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: c:\users\jkfii\AppData\Local\Google\Update\1.2.145.5\npGoogleOneClick8.dll
FF - plugin: c:\users\jkfii\AppData\Roaming\Mozilla\Firefox\Profiles\mdxbi6zb.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll

---- FIREFOX POLICIES ----
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-17 19:12
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aac\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flac\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.spx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-06-17 19:15
ComboFix-quarantined-files.txt 2009-06-17 23:15

Pre-Run: 6,681,133,056 bytes free
Post-Run: 6,999,085,056 bytes free

371 --- E O F --- 2009-05-15 19:14

#8 Ried

Ried

  • Malware Response Team
  • 1,009 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:31 AM

Posted 17 June 2009 - 10:42 PM

Download HostsXpert.
  • Unzip HostsXpert to it's own folder.
  • Right click HostsXpert.exe and run as administrator
  • Click "Restore MS Hosts file" and then click OK.
  • Close HostsXpert.
  • Note: If a custom Hosts file was in place, you'll have to edit those entries back in.
Are you able to access those sites now?

Microsoft MVP - Consumer Security 2010, 2011, 2012

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."


#9 Radio Waves

Radio Waves
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:06:31 AM

Posted 03 July 2009 - 03:17 PM

I started a new job a couple of weeks back so i haven't had much time to get on the computer to check for updates here. Also, I wanted to give the pc some time to see if the popups and redirectes were still a problem.
I used the program, but I'm still not able to access those sites. Also, the pop-ups, pop-unders and redirects are still a problem. Most of the ads (banner ads, pop-ups and pop-unders) seem to be coming from something called clicksor if that helps at all. Its irritating.

Edited by Radio Waves, 04 July 2009 - 11:08 AM.





1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users