Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirect malware on Google - Overclick, Shopica, Toseeka


  • This topic is locked This topic is locked
17 replies to this topic

#1 skysyrfer

skysyrfer

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:03 PM

Posted 26 June 2009 - 10:31 PM

I get redirected to random websites when I click on the hyperlinks on my Google search results page. Overclick.cn, shopica, toseeka are some of themore frequnet redirects.

I am operating with Windows XP service pack 3. I have run Malwarbytes, CCcleaner, and SuperAntispyware (some in safe mode) all to no avail.

DDS file psoted below:


DDS (Ver_09-05-14.01) - NTFSx86
Run by Pete at 23:24:29.20 on Fri 06/26/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.137 [GMT -4:00]

AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Maxtor\MaxBlast\MaxBlastMonitor.exe
C:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exe
C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\V0510Mon.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Magentic\bin\MgApp.exe
C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Pete\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.comcast.net/
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.dellnet.com
uSearch Bar = hxxp://www.comcast.net/toolbar2.0/search/
uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZR&fl=0&ptb=aijFIbhI3ZykZsy3igmjrA&url=http://edits.mywebsearch.com/toolbaredits/barsearch.jhtml&st=sb&searchfor={searchTerms}
uInternet Settings,ProxyOverride = localhost
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.comcast.net/toolbar2.0/search/
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Comcast Toolbar: {4e7bd74f-2b8d-469e-93be-be2df4d9ae29} - c:\progra~1\comcas~2\COMCAS~1.DLL
BHO: ALOT Toolbar: {5aa2ba46-9913-4dc7-9620-69ab0fa17ae7} - c:\program files\alot\bin\alot.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_09\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar3.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
TB: {ACB1E670-3217-45C4-A021-6B829A8A27CB} - No File
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar3.dll
TB: Comcast Toolbar: {4e7bd74f-2b8d-469e-93be-be2df4d9ae29} - c:\progra~1\comcas~2\COMCAS~1.DLL
TB: ALOT Toolbar: {5aa2ba46-9913-4dc7-9620-69ab0fa17ae7} - c:\program files\alot\bin\alot.dll
TB: {724D43A0-0D85-11D4-9908-00400523E39A} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
EB: {9404901D-06DA-4B23-A0EE-3EA4F64EC9B3} - No File
EB: {9999A076-A9E2-4C99-8A2B-632FC9429223} - No File
uRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NVMCTRAY.DLL,NvTaskbarInit
uRun: [Magentic] c:\progra~1\magentic\bin\Magentic.exe /c
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [EPSON Artisan 800 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatiema.exe /fu "c:\windows\temp\E_SB2.tmp" /EF "HKCU"
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [Microsoft Works Update Detection] c:\program files\microsoft works\WkDetect.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [Pete] c:\documents and settings\pete\Pete.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Iomega Startup Options] c:\program files\iomega\common\ImgStart.exe
mRun: [Iomega Drive Icons] c:\program files\iomega\driveicons\ImgIcon.exe
mRun: [Deskup] c:\program files\iomega\driveicons\deskup.exe
mRun: [ADUserMon] c:\program files\iomega\autodisk\ADUserMon.exe
mRun: [AdaptecDirectCD] c:\program files\roxio\easy cd creator 5\directcd\DirectCD.exe
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe"
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [MaxBlastMonitor.exe] c:\program files\maxtor\maxblast\MaxBlastMonitor.exe
mRun: [AcronisTimounterMonitor] c:\program files\maxtor\maxblast\TimounterMonitor.exe
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\maxtor\schedule2\schedhlp.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [PKWARE Certificate Proxy Client] c:\progra~1\pkware\pkzipw\pkpcsr.exe
mRun: [EEventManager] c:\progra~1\epsons~1\eventm~1\EEventManager.exe
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [V0510Mon.exe] c:\windows\V0510Mon.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRunOnce: [NoIE4StubProcessing] c:\windows\system32\reg.exe delete "hklm\software\microsoft\active setup\Installed Components" /v "NoIE4StubProcessing" /f
StartupFolder: c:\docume~1\pete\startm~1\programs\startup\launch~1.lnk - c:\docume~1\pete\applic~1\microsoft\installer\{d8e363a7-88b7-446d-b2c0-e26ce4dc8e54}\_294823.exe
StartupFolder: c:\docume~1\pete\startm~1\programs\startup\pictur~1.lnk - c:\program files\sony\sony picture utility\volumewatcher\SPUVolumeWatcher.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\secure~1.lnk - c:\program files\pkware\pkzipm\12.20.0021\PKTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
IE: &Search
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Resource.dll/RC_Print.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_09\bin\ssv.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813
DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab
DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - hxxp://w4s2.work4sure.com/c/ge/w4sgeen10.exe
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {2D337EB0-3BFB-42A3-B314-A24BBA8C085B} - hxxp://download.yahoo.com/dl/mail/yautoiol1.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/wmv9dmo.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1246069601593
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37933.5667824074
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E5ABEB00-B357-4884-9949-77B2C71A7EE3} - hxxp://www.intel.com/design/motherbd/boardid/BoardID.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: 70c4619a509 - c:\windows\system32\comsvcs32.dll
AppInit_DLLs: c:\windows\system32\comsvcs32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
LSA: Authentication Packages = msv1_0 relog_ap

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\pete\applic~1\mozilla\firefox\profiles\2pzf6rev.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.comcast.net/
FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\program files\real\realplayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1601.7122\npCIDetect13.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\java\jre1.5.0_09\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_09\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_09\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_09\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_09\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_09\bin\NPJPI150_09.dll
FF - plugin: c:\program files\java\jre1.5.0_09\bin\NPOJI610.dll
FF - plugin: c:\program files\real\realarcade\plugins\mozilla\npracplug.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-6-25 64160]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-6-20 11608]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-5-26 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-5-26 72944]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-6-20 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-6-20 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-6-20 55640]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 1003344]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-5-26 7408]
S2 gupdate1c98ef3b86cdb8e;Google Update Service (gupdate1c98ef3b86cdb8e);c:\program files\google\update\GoogleUpdate.exe [2009-2-14 133104]
S2 MCVSRte;McAfee.com VirusScan Online Realtime Engine;c:\progra~1\mcafee.com\vso\mcvsrte.exe /embedding --> c:\progra~1\mcafee.com\vso\mcvsrte.exe [?]
S2 PIEUsb;Pacific Image Electronics USB Scanner;c:\windows\system32\drivers\usbscan.sys [2004-2-21 15104]
S2 SBService;ScriptBlocking Service;c:\progra~1\common~1\symant~1\script~1\sbserv.exe --> c:\progra~1\common~1\symant~1\script~1\SBServ.exe [?]
S2 spupdsvc;Windows Service Pack Installer update service;c:\windows\system32\spupdsvc.exe [2005-2-19 26144]
S2 Winkvj;Winkvj;c:\windows\system32\winkvj.exe --> c:\windows\system32\Winkvj.exe [?]
S3 McAfeePF;McAfee Firewall Network Filter Miniport;c:\windows\system32\drivers\fw220.sys --> c:\windows\system32\drivers\fw220.sys [?]
S3 V0510Dev;Rocketfish Webcam VF0510 Driver;c:\windows\system32\drivers\V0510Vid.sys [2009-3-14 254080]
S3 V0510Vfx;Rocketfish Webcam VF0510 Video VFX Driver;c:\windows\system32\drivers\V0510Vfx.sys [2009-3-14 7424]

=============== Created Last 30 ================

2009-06-26 22:46 102,912 -c------ c:\windows\system32\dllcache\iecompat.dll
2009-06-26 22:46 <DIR> --d----- c:\windows\ie8updates
2009-06-26 22:45 12,800 -c------ c:\windows\system32\dllcache\xpshims.dll
2009-06-26 22:45 246,272 -c------ c:\windows\system32\dllcache\ieproxy.dll
2009-06-26 22:45 5,936,128 -------- c:\windows\system32\SET944.tmp
2009-06-26 22:45 1,985,024 -------- c:\windows\system32\SET947.tmp
2009-06-26 22:45 1,207,808 -------- c:\windows\system32\SET943.tmp
2009-06-26 22:45 915,456 -------- c:\windows\system32\SET942.tmp
2009-06-26 22:45 11,064,832 -------- c:\windows\system32\SET948.tmp
2009-06-26 22:43 <DIR> -cd-h--- c:\windows\ie8
2009-06-26 21:10 3,840 a------- c:\windows\system32\drivers\BANTExt.sys
2009-06-26 21:10 <DIR> --d----- c:\program files\Belarc
2009-06-25 22:17 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-06-25 22:13 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-06-24 15:42 25,992 a------- c:\windows\system32\pgdfgsvc.exe
2009-06-24 15:27 <DIR> --d----- c:\program files\GPLGS
2009-06-24 15:26 87,552 a------- c:\windows\system32\cpwmon2k.dll
2009-06-24 15:26 <DIR> --d----- c:\program files\Acro Software
2009-06-24 15:08 13,492 a------- c:\windows\system32\defprtr2.ppd
2009-06-24 14:45 <DIR> --d----- c:\windows\system32\NtmsData
2009-06-20 18:26 <DIR> --d----- c:\program files\common files\Symantec Shared
2009-06-20 18:25 <DIR> --d----- c:\program files\Norton Security Scan
2009-06-20 17:07 54,156 a---h--- c:\windows\QTFont.qfn
2009-06-20 17:07 1,409 a------- c:\windows\QTFont.for
2009-06-20 00:19 55,640 a------- c:\windows\system32\drivers\avgntflt.sys
2009-06-20 00:19 <DIR> --d----- c:\program files\Avira
2009-06-20 00:19 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Avira
2009-06-19 23:56 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-06-19 23:55 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-06-19 23:55 <DIR> --d----- c:\docume~1\pete\applic~1\SUPERAntiSpyware.com
2009-06-19 23:54 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-06-14 14:33 <DIR> --d----- c:\docume~1\pete\applic~1\Malwarebytes
2009-06-14 14:32 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-14 14:32 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-06-14 14:32 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-06-14 14:32 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-06-13 20:08 56,320 a------- c:\windows\system32\SET610.tmp
2009-06-13 12:04 1,203,922 -c------ c:\windows\system32\dllcache\sysmain.sdb
2009-06-13 12:04 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-06-13 12:04 215,552 -c------ c:\windows\system32\dllcache\wordpad.exe
2009-06-12 23:12 <DIR> --d----- c:\docume~1\pete\applic~1\LimeWire
2009-06-12 22:18 0 -------- c:\documents and settings\pete\uhntlt.exe

==================== Find3M ====================

2009-06-05 17:57 203,296 a------- c:\windows\pchealth\helpctr\config\cache\Personal_32_1033.dat
2009-05-07 11:32 345,600 a------- c:\windows\system32\localspl.dll
2009-04-29 00:56 827,392 -------- c:\windows\system32\wininet.dll
2009-04-17 08:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-15 10:51 585,216 a------- c:\windows\system32\rpcrt4.dll
2009-04-03 15:41 3,190,688 a------- C:\ccsetup218.exe
2008-05-21 21:29 1,435 ac------ c:\program files\INSTALL.LOG
2008-02-17 21:21 79,984 -------- c:\docume~1\pete\applic~1\GDIPFONTCACHEV1.DAT
2005-06-03 19:00 774,144 ac------ c:\program files\RngInterstitial.dll
2002-07-06 22:14 548 a------- c:\program files\Shortcut to Mindspring2.lnk
2008-12-26 12:35 1,593 a--sh--- c:\windows\system32\GroupPolicy000.dat

============= FINISH: 23:28:11.71 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 DocSatan

DocSatan

    Bleepin' Wanna-Be


  • Members
  • 2,156 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston, Ma.
  • Local time:08:03 PM

Posted 01 July 2009 - 11:21 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

#3 skysyrfer

skysyrfer
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:03 PM

Posted 01 July 2009 - 12:16 PM

Thanks for your response. I am still experienceing the re-direct problem. The only meauseres I have taken to try and correct are to use Malwarebytes, Superantispyware, and Avira antivirus scans.

"I get redirected to random websites when I click on the hyperlinks on my Google search results page. Overclick.cn, shopica, toseeka are some of themore frequnet redirects."


Of course I have also been reading about similar issues in this forum to anticipate waht may be next.

Updated Logs follow and attacted:



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-05-14.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 2/7/2004 11:31:56 AM
System Uptime: 6/30/2009 10:49:37 PM (15 hours ago)

Motherboard: Intel Corporation | | D845EPT2
Processor: Intel® Pentium® 4 CPU 1.80GHz | X1 | 1794/100mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 37 GiB total, 13.038 GiB free.
D: is CDROM ()
E: is FIXED (FAT32) - 20 GiB total, 19.991 GiB free.
F: is FIXED (NTFS) - 80 GiB total, 66.861 GiB free.
G: is FIXED (NTFS) - 100 GiB total, 71.351 GiB free.
H: is FIXED (NTFS) - 40 GiB total, 20.73 GiB free.
I: is FIXED (FAT32) - 18 GiB total, 17.992 GiB free.
J: is FIXED (FAT32) - 40 GiB total, 40.06 GiB free.
M: is Removable

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: McAfee Firewall Network Filter Miniport
Device ID: ROOT\MFW_NETDRVMP\0000
Manufacturer: Network Associates, Inc.
Name: GVC-REALTEK Ethernet 10/100 PCI Adapter - McAfee Firewall Network Filter Miniport
PNP Device ID: ROOT\MFW_NETDRVMP\0000
Service: McAfeePF

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: McAfee Firewall Network Filter Miniport
Device ID: ROOT\MFW_NETDRVMP\0001
Manufacturer: Network Associates, Inc.
Name: McAfee Firewall Network Filter Miniport #2
PNP Device ID: ROOT\MFW_NETDRVMP\0001
Service: McAfeePF

==== System Restore Points ===================

RP1910: 6/12/2009 7:49:47 PM - System Checkpoint
RP1911: 6/12/2009 7:49:47 PM - System Checkpoint
RP1912: 6/12/2009 7:49:48 PM - System Checkpoint
RP1913: 6/12/2009 7:49:48 PM - System Checkpoint
RP1914: 6/12/2009 7:49:48 PM - System Checkpoint
RP1915: 6/12/2009 7:49:48 PM - System Checkpoint
RP1916: 6/12/2009 7:49:49 PM - System Checkpoint
RP1917: 6/12/2009 7:49:49 PM - System Checkpoint
RP1918: 6/12/2009 7:49:50 PM - System Checkpoint
RP1919: 6/12/2009 7:49:51 PM - System Checkpoint
RP1920: 6/12/2009 7:49:51 PM - System Checkpoint
RP1921: 6/12/2009 7:49:51 PM - System Checkpoint
RP1922: 6/12/2009 7:49:51 PM - System Checkpoint
RP1923: 6/12/2009 7:49:52 PM - Installed Connect Service
RP1924: 6/12/2009 7:49:52 PM - System Checkpoint
RP1925: 6/12/2009 7:49:54 PM - System Checkpoint
RP1926: 6/12/2009 7:49:55 PM - System Checkpoint
RP1927: 6/12/2009 7:49:55 PM - System Checkpoint
RP1928: 6/12/2009 7:49:55 PM - System Checkpoint
RP1929: 6/12/2009 7:49:55 PM - System Checkpoint
RP1930: 6/12/2009 7:49:56 PM - System Checkpoint
RP1931: 6/12/2009 7:49:56 PM - System Checkpoint
RP1932: 6/12/2009 7:49:56 PM - System Checkpoint
RP1933: 6/12/2009 7:49:57 PM - System Checkpoint
RP1934: 6/12/2009 7:49:57 PM - System Checkpoint
RP1935: 6/12/2009 7:49:57 PM - System Checkpoint
RP1936: 6/12/2009 7:49:58 PM - System Checkpoint
RP1937: 6/12/2009 7:49:58 PM - System Checkpoint
RP1938: 6/12/2009 7:49:58 PM - System Checkpoint
RP1939: 6/12/2009 7:49:59 PM - System Checkpoint
RP1940: 6/12/2009 7:49:59 PM - System Checkpoint
RP1941: 6/12/2009 7:49:59 PM - System Checkpoint
RP1942: 6/12/2009 7:49:59 PM - System Checkpoint
RP1943: 6/12/2009 7:50:00 PM - System Checkpoint
RP1944: 6/12/2009 7:50:00 PM - System Checkpoint
RP1945: 6/12/2009 7:50:00 PM - System Checkpoint
RP1946: 6/12/2009 7:50:00 PM - System Checkpoint
RP1947: 6/12/2009 7:50:01 PM - System Checkpoint
RP1948: 6/12/2009 7:50:01 PM - System Checkpoint
RP1949: 6/12/2009 7:50:01 PM - System Checkpoint
RP1950: 6/12/2009 7:50:02 PM - System Checkpoint
RP1951: 6/12/2009 7:50:02 PM - System Checkpoint
RP1952: 6/12/2009 7:50:02 PM - System Checkpoint
RP1953: 6/12/2009 7:50:03 PM - System Checkpoint
RP1954: 6/12/2009 7:50:03 PM - System Checkpoint
RP1955: 6/12/2009 7:50:03 PM - System Checkpoint
RP1956: 6/12/2009 7:50:04 PM - System Checkpoint
RP1957: 6/12/2009 7:50:04 PM - System Checkpoint
RP1958: 6/12/2009 7:50:04 PM - System Checkpoint
RP1959: 6/13/2009 7:50:37 PM - System Checkpoint
RP1960: 6/13/2009 8:01:06 PM - Software Distribution Service 3.0
RP1961: 6/13/2009 10:58:41 PM - Ad-Aware Checkpoint
RP1962: 6/14/2009 11:19:01 PM - System Checkpoint
RP1963: 6/20/2009 9:47:27 AM - System Checkpoint
RP1964: 6/20/2009 5:52:36 PM - Installed Windows Defender
RP1965: 6/20/2009 5:54:28 PM - Software Distribution Service 3.0
RP1966: 6/20/2009 6:18:53 PM - Windows Defender Checkpoint
RP1967: 6/21/2009 6:29:31 PM - System Checkpoint
RP1968: 6/22/2009 6:41:21 PM - System Checkpoint
RP1969: 6/23/2009 9:56:51 PM - Software Distribution Service 3.0
RP1970: 6/24/2009 2:43:25 PM - Installed Windows Backup Utility
RP1971: 6/24/2009 3:09:35 PM - Printer Driver AdobePSGenericPostScriptPrinter Installed
RP1972: 6/24/2009 3:26:40 PM - Printer Driver CutePDF Writer Installed
RP1973: 6/25/2009 7:17:15 PM - System Checkpoint
RP1974: 6/26/2009 7:25:21 PM - System Checkpoint
RP1975: 6/26/2009 10:37:43 PM - Software Distribution Service 3.0
RP1976: 6/27/2009 11:06:02 PM - System Checkpoint

==== Installed Programs ======================

"Let's Ride! Dreamer"
3-D Dinosaur Adventure v3.3
ABBYY FineReader 6.0 Sprint
Active Disk
Ad-Aware
Adobe Flash Player ActiveX
Adobe Reader 8.1.3
Adobe Shockwave Player
Adobe® Photoshop® Album Starter Edition 3.2
ALOT Toolbar
ArcSoft PhotoImpression 5
ArcSoft Print Creations
ArcSoft Print Creations - Greeting Card
ArcSoft Print Creations - Photo Book
ArcSoft Print Creations - Photo Calendar
ArcSoft Print Creations - Photo Prints
Avira AntiVir Personal - Free Antivirus
Backyard Football 2004
Belarc Advisor 8.1
Bird Hunter
Canon PhotoRecord
Canon PIXMA iP4000
Canon Utilities Easy-PhotoPrint
CCleaner (remove only)
Comcast Toolbar
Compatibility Pack for the 2007 Office system
Cook'n Fix and Forget
Courseware
Critical Update for Windows Media Player 11 (KB959772)
CutePDF Writer 2.7
CyberView for USB Film Scanner Multi-Language
Dell | Support
Dell Picture Studio - Image Expert 2000
Dell ResourceCD
Dell Solution Center
Disney's Extremely Goofy Skateboarding Preview
Disney's Magic Artist Studio Preview
Easy-WebPrint
Easy CD Creator 5 Basic
Ecco the Dolphin
EPSON Artisan 800 Series Printer Uninstall
Epson Event Manager
Epson Print CD
EPSON Scan
ESShelp
essvcpt
Fisher-Price 1-2-3's
Fisher-Price® Time to Play ™ Dollhouse
Fisher Price ABC 32
FMS
Franklin The Turtle School
Google Earth
Google Photos Screensaver
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
Help and Support Customization
HLPPDOCK
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
IE2K
Intel Application Accelerator
Iomega App Services
IomegaWare
iPod for Windows 2005-09-23
Island Xtreme Stunts
iTunes
J2SE Runtime Environment 5.0 Update 3
J2SE Runtime Environment 5.0 Update 9
Kid's College CFA
Lucent Win Modem
Madeline Rainy Day Activities
Magentic
Magic 3D Coloring Book Amazing Animals
Malwarebytes' Anti-Malware
Math Blaster 4th Grade
Maxtor MaxBlast
McAfee Virtual Technician
MedianSoft Joiner-Converter 3.7
MemoKit
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Excel 2000 Beginning
Microsoft Flight Simulator X
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Professional
Microsoft Picture It! Express 2000
Microsoft Picture It! Photo 2002
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Word 2002
Microsoft Works 2002 Setup Launcher
Microsoft Works 6.0
Microsoft Works Suite Add-in for Microsoft Word
Microsoft XML Parser and SDK
Modem Helper
Mozilla Firefox (3.0.5)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 Parser and SDK
NAIC Investor's Toolkit
Nero 7 Essentials
neroxml
Norton Security Scan
Norton Security Scan (Symantec Corporation)
NVIDIA Windows 2000/XP Display Drivers
Operation
OTtBP
OTtBPSDK
PC Camera
Pet Vet (remove only)
Peterson North American Birds
Picasa 3
Polaroid Digital Cam
Powerboat Racing Pure Power
Presto! ImageFolio LE
Presto! PageManager
Quicken 2007
Quicken Basic 99
QuickTime
Reader Rabbit's Kindergarten
Reader Rabbit's Preschool
Reader Rabbit's Toddler
Reading Blaster Ages 6-7
RealArcade
RealPlayer
Realtek RTL8139 Diagnostics Program
Rocketfish 2MP AF Webcam Driver (1.00.06.00)
Rocketfish Live! Cam Center
Rocketfish Webcam User's Guide
SA30xx Device Manager
SA30xx Media Converter
SecureZIP for Windows 12.20.0021
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB911565)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Shockwave
Shockwave Player
Sierra On-Line Games (Remove only)
Skype™ 4.0
SmartMusic 9
Sonic UDF Reader
Sony Picture Utility
Sony USB Driver
SpongeBob SquarePants - Battle for Bikini Bottom DEMO
Spy Masters Unmask the Prankster
Su-Doku Quest
SUPERAntiSpyware Free Edition
Time to Ride
TP Preview Exclusive Treasure Racer
U3Launcher
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Viewpoint Media Player (Remove Only)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
Webshots Desktop
Windows Backup Utility
Windows Defender
Windows Driver Package - OEM (mr97320) Image (04/20/2007 1.0.0.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Application Compatibility Update[Q319580]
Windows XP Hotfix (SP1) [See Q309521 for more information]
Windows XP Service Pack 3
WinZip 11.2
Works Suite OS Pack
Works Synchronization
YAMAHA Digital Music Notebook
YAMAHA Musicsoft Downloader 5
Zoombinis Island Odyssey

==== Event Viewer Messages From Past Week ========

6/30/2009 4:39:16 PM, error: System Error [1003] - Error code 000000d1, parameter1 e1f5b000, parameter2 00000002, parameter3 00000000, parameter4 ecc7fb00.
6/29/2009 4:26:04 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume8'. It has stopped monitoring the volume.
6/29/2009 4:26:04 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume7'. It has stopped monitoring the volume.
6/29/2009 4:26:04 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume3'. It has stopped monitoring the volume.
6/28/2009 8:04:05 PM, error: System Error [1003] - Error code 000000d1, parameter1 e1f94000, parameter2 00000002, parameter3 00000000, parameter4 ec4efe85.
6/28/2009 4:59:49 PM, error: System Error [1003] - Error code 000000d1, parameter1 e1fda000, parameter2 00000002, parameter3 00000000, parameter4 ee7ace85.
6/28/2009 4:04:51 PM, error: Service Control Manager [7000] - The Pacific Image Electronics USB Scanner service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
6/28/2009 10:37:41 PM, error: Print [19] - Sharing printer failed + 1722, Printer Generic PostScript Printer share name Adobe Printer Fox.
6/28/2009 10:37:21 PM, error: Dhcp [1002] - The IP address lease 192.168.1.100 for the Network Card with network address 00C0A87D64C0 has been denied by the DHCP server 0.0.0.0 (The DHCP Server sent a DHCPNACK message).
6/25/2009 11:09:22 AM, error: Service Control Manager [7000] - The SASDIFSV service failed to start due to the following error: Cannot create a file when that file already exists.
6/24/2009 2:51:25 PM, error: Removable Storage Service [15] - RSM cannot manage library CdRom0. The database is corrupt.
6/24/2009 2:51:23 PM, error: Removable Storage Service [15] - RSM cannot manage library PhysicalDrive2. The database is corrupt.
6/24/2009 2:22:39 PM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x800703e3: Automatic Updates.
6/24/2009 11:22:50 PM, error: System Error [1003] - Error code 000000d1, parameter1 e1fa8000, parameter2 00000002, parameter3 00000000, parameter4 ee7a9e85.
6/24/2009 10:44:11 PM, error: System Error [1003] - Error code 0000000a, parameter1 00000018, parameter2 00000002, parameter3 00000000, parameter4 8050c9cc.
6/24/2009 10:04:57 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Lbd
6/24/2009 10:04:57 PM, error: Service Control Manager [7000] - The ScriptBlocking Service service failed to start due to the following error: The system cannot find the path specified.
6/24/2009 10:04:57 PM, error: Service Control Manager [7000] - The Pacific Image Electronics USB Scanner service failed to start due to the following error: The system cannot find the file specified.
6/24/2009 10:04:57 PM, error: Service Control Manager [7000] - The McAfee.com VirusScan Online Realtime Engine service failed to start due to the following error: The system cannot find the path specified.

==== End Of File ===========================

Attached Files



#4 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:03:03 AM

Posted 03 July 2009 - 08:07 AM

Hi,

You posted attach.txt twice. Could you post fresh dds.txt too, please? :thumbup2:

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#5 skysyrfer

skysyrfer
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:03 PM

Posted 03 July 2009 - 10:00 AM

Dang It !

Sorry about that.

THe following is the DDS file:


DDS (Ver_09-05-14.01) - NTFSx86
Run by Pete at 13:08:24.07 on Wed 07/01/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.142 [GMT -4:00]

AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Maxtor\MaxBlast\MaxBlastMonitor.exe
C:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exe
C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\V0510Mon.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\PROGRA~1\Magentic\bin\MgApp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Pete\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.comcast.net/
uSearch Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.dellnet.com
uSearch Bar = hxxp://www.comcast.net/toolbar2.0/search/
uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZR&fl=0&ptb=aijFIbhI3ZykZsy3igmjrA&url=http://edits.mywebsearch.com/toolbaredits/barsearch.jhtml&st=sb&searchfor={searchTerms}
uInternet Settings,ProxyOverride = localhost
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.comcast.net/toolbar2.0/search/
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Comcast Toolbar: {4e7bd74f-2b8d-469e-93be-be2df4d9ae29} - c:\progra~1\comcas~2\COMCAS~1.DLL
BHO: ALOT Toolbar: {5aa2ba46-9913-4dc7-9620-69ab0fa17ae7} - c:\program files\alot\bin\alot.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_09\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar3.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.15642\swg.dll
TB: {ACB1E670-3217-45C4-A021-6B829A8A27CB} - No File
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar3.dll
TB: Comcast Toolbar: {4e7bd74f-2b8d-469e-93be-be2df4d9ae29} - c:\progra~1\comcas~2\COMCAS~1.DLL
TB: ALOT Toolbar: {5aa2ba46-9913-4dc7-9620-69ab0fa17ae7} - c:\program files\alot\bin\alot.dll
TB: {724D43A0-0D85-11D4-9908-00400523E39A} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
EB: {9404901D-06DA-4B23-A0EE-3EA4F64EC9B3} - No File
EB: {9999A076-A9E2-4C99-8A2B-632FC9429223} - No File
uRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NVMCTRAY.DLL,NvTaskbarInit
uRun: [Magentic] c:\progra~1\magentic\bin\Magentic.exe /c
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [EPSON Artisan 800 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatiema.exe /fu "c:\windows\temp\E_SB2.tmp" /EF "HKCU"
uRun: [Microsoft Works Update Detection] c:\program files\microsoft works\WkDetect.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Iomega Startup Options] c:\program files\iomega\common\ImgStart.exe
mRun: [Iomega Drive Icons] c:\program files\iomega\driveicons\ImgIcon.exe
mRun: [Deskup] c:\program files\iomega\driveicons\deskup.exe
mRun: [ADUserMon] c:\program files\iomega\autodisk\ADUserMon.exe
mRun: [AdaptecDirectCD] c:\program files\roxio\easy cd creator 5\directcd\DirectCD.exe
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe"
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [MaxBlastMonitor.exe] c:\program files\maxtor\maxblast\MaxBlastMonitor.exe
mRun: [AcronisTimounterMonitor] c:\program files\maxtor\maxblast\TimounterMonitor.exe
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\maxtor\schedule2\schedhlp.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [PKWARE Certificate Proxy Client] c:\progra~1\pkware\pkzipw\pkpcsr.exe
mRun: [EEventManager] c:\progra~1\epsons~1\eventm~1\EEventManager.exe
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [V0510Mon.exe] c:\windows\V0510Mon.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
StartupFolder: c:\docume~1\pete\startm~1\programs\startup\launch~1.lnk - c:\docume~1\pete\applic~1\microsoft\installer\{d8e363a7-88b7-446d-b2c0-e26ce4dc8e54}\_294823.exe
StartupFolder: c:\docume~1\pete\startm~1\programs\startup\pictur~1.lnk - c:\program files\sony\sony picture utility\volumewatcher\SPUVolumeWatcher.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\secure~1.lnk - c:\program files\pkware\pkzipm\12.20.0021\PKTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
IE: &Search
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Resource.dll/RC_Print.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_09\bin\ssv.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813
DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab
DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} - hxxp://w4s2.work4sure.com/c/ge/w4sgeen10.exe
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {2D337EB0-3BFB-42A3-B314-A24BBA8C085B} - hxxp://download.yahoo.com/dl/mail/yautoiol1.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/wmv9dmo.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1246069601593
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37933.5667824074
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E5ABEB00-B357-4884-9949-77B2C71A7EE3} - hxxp://www.intel.com/design/motherbd/boardid/BoardID.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: 70c4619a509 - c:\windows\system32\comsvcs32.dll
AppInit_DLLs: c:\windows\system32\comsvcs32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
LSA: Authentication Packages = msv1_0 relog_ap

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\pete\applic~1\mozilla\firefox\profiles\2pzf6rev.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.comcast.net/
FF - component: c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
FF - component: c:\program files\real\realplayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1601.7122\npCIDetect13.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\java\jre1.5.0_09\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_09\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_09\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_09\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_09\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_09\bin\NPJPI150_09.dll
FF - plugin: c:\program files\java\jre1.5.0_09\bin\NPOJI610.dll
FF - plugin: c:\program files\real\realarcade\plugins\mozilla\npracplug.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-6-25 64160]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-6-20 11608]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-5-26 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-5-26 72944]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-6-20 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-6-20 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-6-20 55640]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 1003344]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-5-26 7408]
S2 gupdate1c98ef3b86cdb8e;Google Update Service (gupdate1c98ef3b86cdb8e);c:\program files\google\update\GoogleUpdate.exe [2009-2-14 133104]
S2 MCVSRte;McAfee.com VirusScan Online Realtime Engine;c:\progra~1\mcafee.com\vso\mcvsrte.exe /embedding --> c:\progra~1\mcafee.com\vso\mcvsrte.exe [?]
S2 PIEUsb;Pacific Image Electronics USB Scanner;c:\windows\system32\drivers\usbscan.sys [2004-2-21 15104]
S2 SBService;ScriptBlocking Service;c:\progra~1\common~1\symant~1\script~1\sbserv.exe --> c:\progra~1\common~1\symant~1\script~1\SBServ.exe [?]
S2 Winkvj;Winkvj;c:\windows\system32\winkvj.exe --> c:\windows\system32\Winkvj.exe [?]
S3 McAfeePF;McAfee Firewall Network Filter Miniport;c:\windows\system32\drivers\fw220.sys --> c:\windows\system32\drivers\fw220.sys [?]
S3 V0510Dev;Rocketfish Webcam VF0510 Driver;c:\windows\system32\drivers\V0510Vid.sys [2009-3-14 254080]
S3 V0510Vfx;Rocketfish Webcam VF0510 Video VFX Driver;c:\windows\system32\drivers\V0510Vfx.sys [2009-3-14 7424]

=============== Created Last 30 ================

2009-06-27 06:26 <DIR> --dsh--- c:\documents and settings\pete\PrivacIE
2009-06-27 06:22 <DIR> --dsh--- c:\documents and settings\pete\IETldCache
2009-06-26 22:46 102,912 -c------ c:\windows\system32\dllcache\iecompat.dll
2009-06-26 22:46 <DIR> --d----- c:\windows\ie8updates
2009-06-26 22:45 12,800 -c------ c:\windows\system32\dllcache\xpshims.dll
2009-06-26 22:45 246,272 -c------ c:\windows\system32\dllcache\ieproxy.dll
2009-06-26 22:43 <DIR> -cd-h--- c:\windows\ie8
2009-06-26 22:27 23,576 a------- c:\windows\system32\wuapi.dll.mui
2009-06-26 21:10 3,840 a------- c:\windows\system32\drivers\BANTExt.sys
2009-06-26 21:10 <DIR> --d----- c:\program files\Belarc
2009-06-25 22:17 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-06-25 22:13 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-06-24 15:50 4,194,447 a------- c:\windows\pfirewall.log.old
2009-06-24 15:42 25,992 a------- c:\windows\system32\pgdfgsvc.exe
2009-06-24 15:27 <DIR> --d----- c:\program files\GPLGS
2009-06-24 15:26 87,552 a------- c:\windows\system32\cpwmon2k.dll
2009-06-24 15:26 <DIR> --d----- c:\program files\Acro Software
2009-06-24 15:08 13,492 a------- c:\windows\system32\defprtr2.ppd
2009-06-24 14:45 <DIR> --d----- c:\windows\system32\NtmsData
2009-06-20 18:26 <DIR> --d----- c:\program files\common files\Symantec Shared
2009-06-20 18:25 <DIR> --d----- c:\program files\Norton Security Scan
2009-06-20 17:07 54,156 a---h--- c:\windows\QTFont.qfn
2009-06-20 17:07 1,409 a------- c:\windows\QTFont.for
2009-06-20 00:19 55,640 a------- c:\windows\system32\drivers\avgntflt.sys
2009-06-20 00:19 <DIR> --d----- c:\program files\Avira
2009-06-20 00:19 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Avira
2009-06-19 23:56 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-06-19 23:55 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-06-19 23:55 <DIR> --d----- c:\docume~1\pete\applic~1\SUPERAntiSpyware.com
2009-06-19 23:54 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-06-14 14:33 <DIR> --d----- c:\docume~1\pete\applic~1\Malwarebytes
2009-06-14 14:32 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-14 14:32 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-06-14 14:32 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-06-14 14:32 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-06-13 20:08 56,320 a------- c:\windows\system32\SET610.tmp
2009-06-13 12:04 1,203,922 -c------ c:\windows\system32\dllcache\sysmain.sdb
2009-06-13 12:04 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-06-13 12:04 215,552 -c------ c:\windows\system32\dllcache\wordpad.exe
2009-06-12 23:12 <DIR> --d----- c:\docume~1\pete\applic~1\LimeWire
2009-06-12 22:18 0 -------- c:\documents and settings\pete\uhntlt.exe

==================== Find3M ====================

2009-06-05 17:57 203,296 a------- c:\windows\pchealth\helpctr\config\cache\Personal_32_1033.dat
2009-05-13 01:15 915,456 a------- c:\windows\system32\wininet.dll
2009-05-07 11:32 345,600 a------- c:\windows\system32\localspl.dll
2009-04-17 08:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-15 10:51 585,216 a------- c:\windows\system32\rpcrt4.dll
2009-04-03 15:41 3,190,688 a------- C:\ccsetup218.exe
2008-05-21 21:29 1,435 ac------ c:\program files\INSTALL.LOG
2008-02-17 21:21 79,984 -------- c:\docume~1\pete\applic~1\GDIPFONTCACHEV1.DAT
2005-06-03 19:00 774,144 ac------ c:\program files\RngInterstitial.dll
2002-07-06 22:14 548 a------- c:\program files\Shortcut to Mindspring2.lnk
2008-12-26 12:35 1,593 a--sh--- c:\windows\system32\GroupPolicy000.dat

============= FINISH: 13:11:53.87 ===============

#6 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:03:03 AM

Posted 03 July 2009 - 10:59 AM

Ok. Now we continue :thumbup2:


Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully and install the Recovery Console first.

The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
    Remember to re-enable them afterwards.

  • Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds.txt log.


A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#7 skysyrfer

skysyrfer
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:03 PM

Posted 07 July 2009 - 06:00 PM

Thanks, will do that now.
Sorry for the delay, I was out of town for the July 4th Holiday.

#8 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:03:03 AM

Posted 08 July 2009 - 04:09 AM

Ok. Shall wait for the results :thumbup2:

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#9 skysyrfer

skysyrfer
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:03 PM

Posted 08 July 2009 - 06:30 PM

Below are the combofix log and new dds log.

THe tool seemed to run well. A couple of notes:

Combofix prompted me to download a more current version, which I did.
Combofix detected rootkit activity and initiated a reboot.
Combi fix identified several viruses while performing the scan and promted me to select an "action". I selected the pre-selected action which was "Deny Access". The viruses identified were "Ejcar-Test-signature" and "Tr/Crypt.ZPACK.GEN". I also noted the file locations for these. Let me know if further action is needed to remove these viruses.

Thanks again for all your help! :thumbup2:


ComboFix 09-07-08.04 - Pete 07/08/2009 18:39.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.274 [GMT -4:00]
Running from: c:\documents and settings\Pete\Desktop\ComboFix.exe
AV: AntiVir Desktop *On-access scanning disabled* (Outdated) {AD166499-45F9-482A-A743-FDD3350758C7}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Bryce\Application Data\0200000082bf739b509C.manifest
c:\documents and settings\Bryce\Application Data\0200000082bf739b509O.manifest
c:\documents and settings\Bryce\Application Data\0200000082bf739b509P.manifest
c:\documents and settings\Bryce\Application Data\0200000082bf739b509S.manifest
c:\documents and settings\Bryce\Application Data\alot
c:\documents and settings\Griffin\Application Data\alot
c:\documents and settings\Guest\Application Data\0200000082bf739b509C.manifest
c:\documents and settings\Guest\Application Data\0200000082bf739b509O.manifest
c:\documents and settings\Guest\Application Data\0200000082bf739b509P.manifest
c:\documents and settings\Guest\Application Data\0200000082bf739b509S.manifest
c:\documents and settings\Guest\Application Data\alot
c:\documents and settings\Laurel\Application Data\alot
c:\documents and settings\Pete\Application Data\0200000082bf739b509C.manifest
c:\documents and settings\Pete\Application Data\0200000082bf739b509O.manifest
c:\documents and settings\Pete\Application Data\0200000082bf739b509P.manifest
c:\documents and settings\Pete\Application Data\0200000082bf739b509S.manifest
c:\documents and settings\Pete\Application Data\alot
c:\documents and settings\Pete\uhntlt.exe
c:\documents and settings\Welcome Guest\Application Data\alot
c:\program files\alot
c:\program files\alot\alotUninst.exe
c:\program files\alot\bin\alot.dll
c:\program files\Freeze.com Toolbar
c:\program files\Freeze.com Toolbar\basis.xml
c:\program files\Freeze.com Toolbar\freeze.bmp
c:\program files\Freeze.com Toolbar\freeze_us.crc
c:\program files\Freeze.com Toolbar\frzToolbar_logo.bmp
c:\program files\Freeze.com Toolbar\icons.bmp
c:\program files\Freeze.com Toolbar\info.txt
c:\program files\Freeze.com Toolbar\powered_yahoo_search.bmp
c:\program files\Freeze.com Toolbar\version.txt
c:\program files\INSTALL.LOG
c:\windows\a3kebook.ini
c:\windows\akebook.ini
c:\windows\ANS2000.INI
c:\windows\desktop
c:\windows\desktop\Try AOL.lnk
c:\windows\GnuHashes.ini
c:\windows\Installer\1add55.a207.msi
c:\windows\Installer\1add5e.a274.msi
c:\windows\Installer\2cc7e9.msi
c:\windows\system32\_000007_.tmp.dll
c:\windows\system32\_000008_.tmp.dll
c:\windows\system32\_000009_.tmp.dll
c:\windows\system32\_000021_.tmp.dll
c:\windows\system32\_000022_.tmp.dll
c:\windows\system32\_000023_.tmp.dll
c:\windows\system32\_000024_.tmp.dll
c:\windows\system32\drivers\SKYNETxogeorgd.sys
c:\windows\system32\drivers\UACeaybircnkueuwrd.sys
c:\windows\system32\GroupPolicy000.dat
c:\windows\system32\SKYNETbowmctqe.dll
c:\windows\system32\SKYNETlog.dat
c:\windows\system32\SKYNETvjayukig.dll
c:\windows\system32\SKYNETvlddwfqn.dat
c:\windows\system32\UACmspyxjtaevpwmsh.dll
c:\windows\system32\UACumppyjdawersaoj.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_UACd.sys
-------\Service_SKYNETkawqlppp


((((((((((((((((((((((((( Files Created from 2009-06-08 to 2009-07-08 )))))))))))))))))))))))))))))))
.

2009-07-01 18:24 . 2009-07-01 18:24 81512 ------w- c:\documents and settings\Guest\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-01 18:23 . 2009-07-01 18:23 -------- d-sh--w- c:\documents and settings\Guest\IETldCache
2009-06-27 10:26 . 2009-06-27 10:26 -------- d-sh--w- c:\documents and settings\Pete\PrivacIE
2009-06-27 10:22 . 2009-06-27 10:22 -------- d-sh--w- c:\documents and settings\Pete\IETldCache
2009-06-27 05:02 . 2009-06-27 05:02 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-06-27 02:46 . 2009-06-02 10:12 102912 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-06-27 02:46 . 2009-06-27 02:46 -------- d-----w- c:\windows\ie8updates
2009-06-27 02:45 . 2009-04-30 21:22 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-06-27 02:45 . 2009-04-30 21:22 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-27 02:43 . 2009-06-27 02:44 -------- dc-h--w- c:\windows\ie8
2009-06-27 01:10 . 2009-06-27 01:10 -------- d-----w- c:\program files\Belarc
2009-06-27 01:10 . 2008-03-06 15:51 3840 ----a-w- c:\windows\system32\drivers\BANTExt.sys
2009-06-26 02:17 . 2009-06-26 02:16 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-06-26 02:17 . 2009-07-03 02:17 314712 ------w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-06-26 02:17 . 2009-07-07 02:26 25440 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\savapibridge.dll
2009-06-26 02:17 . 2009-07-03 02:17 348496 ------w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-06-26 02:17 . 2009-07-03 02:17 169312 ------w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-06-26 02:17 . 2009-06-26 02:17 15688 ------w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-06-26 02:17 . 2009-07-03 02:17 298336 ------w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-06-26 02:17 . 2009-07-03 02:17 84832 ------w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-06-26 02:16 . 2009-07-07 02:26 0 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2009-06-26 02:16 . 2009-07-03 02:17 40288 ------w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-06-26 02:16 . 2009-07-03 02:17 246128 ------w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-06-26 02:16 . 2009-06-26 02:16 64160 ------w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\lbd.sys
2009-06-26 02:16 . 2009-07-03 02:17 85352 ------w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\AAWDriverTool.exe
2009-06-26 02:16 . 2009-07-03 02:17 664424 ------w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-06-26 02:16 . 2009-07-03 02:17 566632 ------w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-06-26 02:16 . 2009-07-03 02:17 563064 ------w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-06-26 02:16 . 2009-07-07 02:24 2353480 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-06-26 02:16 . 2009-07-03 02:17 629072 ------w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2009-06-26 02:16 . 2009-07-03 02:17 520024 ------w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-06-26 02:16 . 2009-07-03 02:17 1029456 ------w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-06-26 02:13 . 2009-03-12 08:17 2902048 -c----w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
2009-06-26 02:13 . 2009-06-26 02:13 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-06-26 01:02 . 2009-07-07 23:09 -------- d-----w- c:\documents and settings\Pete\Local Settings\Application Data\CutePDF Writer
2009-06-24 19:42 . 2009-06-24 19:42 25992 ----a-w- c:\windows\system32\pgdfgsvc.exe
2009-06-24 19:27 . 2009-06-24 19:27 -------- d-----w- c:\program files\GPLGS
2009-06-24 19:26 . 2007-07-13 02:33 87552 ----a-w- c:\windows\system32\cpwmon2k.dll
2009-06-24 19:26 . 2009-06-24 19:26 -------- d-----w- c:\program files\Acro Software
2009-06-24 18:45 . 2009-07-05 07:31 -------- d-----w- c:\windows\system32\NtmsData
2009-06-21 04:37 . 2009-06-21 04:37 81512 ------w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-21 02:10 . 2009-06-21 02:11 117760 ------w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-06-21 02:10 . 2009-06-21 02:10 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2009-06-20 22:26 . 2009-06-20 22:26 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-06-20 22:25 . 2009-06-20 22:25 -------- d-----w- c:\program files\Norton Security Scan
2009-06-20 21:52 . 2009-06-20 21:52 -------- d-----w- c:\program files\Windows Defender
2009-06-20 04:19 . 2009-03-30 14:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-06-20 04:19 . 2009-03-24 20:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-06-20 04:19 . 2009-02-13 16:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-06-20 04:19 . 2009-02-13 16:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-06-20 04:19 . 2009-06-20 04:19 -------- d-----w- c:\program files\Avira
2009-06-20 04:19 . 2009-06-20 04:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-06-20 03:58 . 2009-07-08 22:07 117760 ----a-w- c:\documents and settings\Pete\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-06-20 03:56 . 2009-06-20 03:56 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-06-20 03:55 . 2009-06-25 15:09 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-06-20 03:55 . 2009-06-20 03:55 -------- d-----w- c:\documents and settings\Pete\Application Data\SUPERAntiSpyware.com
2009-06-20 03:54 . 2009-06-20 03:54 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-20 03:39 . 2009-06-20 03:39 3561743 ------w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-06-19 20:22 . 2009-06-19 20:22 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2009-06-19 13:28 . 2009-06-19 13:28 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-06-19 12:56 . 2009-06-19 12:56 49152 ------r- c:\documents and settings\Pete\Application Data\Microsoft\Installer\{FCC07EEA-FA18-4A21-9105-9666603C6885}\IconFCC07EEA1.exe
2009-06-19 12:56 . 2009-06-19 12:56 49152 ------r- c:\documents and settings\Pete\Application Data\Microsoft\Installer\{FCC07EEA-FA18-4A21-9105-9666603C6885}\IconFCC07EEA.exe
2009-06-14 18:33 . 2009-06-14 18:33 -------- d-----w- c:\documents and settings\Pete\Application Data\Malwarebytes
2009-06-14 18:32 . 2009-06-17 15:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-14 18:32 . 2009-06-20 03:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-14 18:32 . 2009-06-17 15:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-14 18:32 . 2009-06-14 18:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-14 00:07 . 2009-02-09 12:10 729088 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-14 00:07 . 2009-02-09 12:10 714752 ----a-w- c:\windows\system32\ntdll.dll
2009-06-14 00:07 . 2009-02-09 12:10 617472 ----a-w- c:\windows\system32\advapi32.dll
2009-06-14 00:07 . 2009-02-07 23:02 2066048 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-06-14 00:07 . 2009-02-06 11:11 110592 ----a-w- c:\windows\system32\services.exe
2009-06-14 00:07 . 2009-02-06 11:08 2189056 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-06-13 16:10 . 2009-03-06 14:22 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2009-06-13 16:10 . 2009-02-09 12:10 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2009-06-13 16:10 . 2009-02-09 12:10 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2009-06-13 16:10 . 2009-02-06 11:11 110592 -c----w- c:\windows\system32\dllcache\services.exe
2009-06-13 16:10 . 2009-02-09 12:10 729088 -c----w- c:\windows\system32\dllcache\lsasrv.dll
2009-06-13 16:10 . 2009-02-09 12:10 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
2009-06-13 16:10 . 2009-02-09 12:10 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-06-13 16:10 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2009-06-13 16:10 . 2009-02-09 12:10 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll
2009-06-13 16:04 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2009-06-13 16:04 . 2008-04-21 12:08 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2009-06-13 03:12 . 2009-06-13 03:14 -------- d-----w- c:\documents and settings\Pete\Application Data\LimeWire
2009-06-13 00:17 . 2009-06-13 00:17 390664 ------w- c:\documents and settings\Bryce\Application Data\Real\RealPlayer\Update\realplayer11gold.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-01 23:53 . 2009-03-15 02:12 -------- d-----w- c:\documents and settings\Pete\Application Data\Skype
2009-07-01 18:26 . 2009-03-15 15:06 -------- d-----w- c:\documents and settings\Guest\Application Data\Skype
2009-06-26 02:12 . 2007-01-07 02:57 -------- d-----w- c:\program files\Lavasoft
2009-06-24 01:35 . 2003-08-01 23:51 -------- d-----w- c:\program files\Google
2009-06-24 01:29 . 2008-05-10 11:24 -------- d-----w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-24 01:26 . 2003-10-31 23:55 -------- d-----w- c:\program files\SurferNETWORK Player
2009-06-24 01:22 . 2005-01-27 23:42 -------- d-----w- c:\program files\Common Files\Adobe
2009-06-23 01:55 . 2006-08-08 10:39 -------- d-----w- c:\documents and settings\Pete\Application Data\U3
2009-06-20 22:23 . 2008-05-10 11:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-06-14 21:28 . 2009-03-15 00:40 -------- d-----w- c:\program files\Angle Interactive
2009-06-13 15:55 . 2008-12-25 23:38 -------- d-----w- c:\documents and settings\Bryce\Application Data\LimeWire
2009-06-13 03:53 . 2005-06-04 01:08 -------- d-----w- c:\documents and settings\Pete\Application Data\Webshots
2009-06-06 14:02 . 2008-12-26 02:10 -------- d-----w- c:\documents and settings\Pete\Application Data\PKWARE
2009-06-06 12:17 . 2009-06-06 12:17 -------- d-----w- c:\documents and settings\Pete\Application Data\Talkback
2009-06-05 21:57 . 2006-01-05 02:32 203296 ----a-w- c:\windows\PCHEALTH\HELPCTR\Config\Cache\Personal_32_1033.dat
2009-05-13 05:15 . 2004-01-08 18:23 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-13 00:04 . 2008-04-22 16:37 -------- d-----w- c:\program files\Common Files\Scanner
2009-05-07 15:32 . 2001-08-18 12:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-05-03 12:48 . 2008-05-10 15:23 81512 ------w- c:\documents and settings\Laurel\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-17 12:26 . 2001-08-18 12:00 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2004-09-01 20:44 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2005-06-03 23:00 . 2005-06-03 23:00 774144 -c--a-w- c:\program files\RngInterstitial.dll
2002-07-07 02:14 . 2002-07-07 02:38 548 ----a-w- c:\program files\Shortcut to Mindspring2.lnk
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="c:\windows\system32\NVMCTRAY.DLL" [2003-07-28 49152]
"Magentic"="c:\progra~1\Magentic\bin\Magentic.exe" [2007-09-03 475180]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-22 68856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-07-28 4841472]
"Iomega Startup Options"="c:\program files\Iomega\Common\ImgStart.exe" [2001-01-17 45056]
"Iomega Drive Icons"="c:\program files\Iomega\DriveIcons\ImgIcon.exe" [2001-11-20 57344]
"Deskup"="c:\program files\Iomega\DriveIcons\deskup.exe" [2001-10-01 28672]
"ADUserMon"="c:\program files\Iomega\AutoDisk\ADUserMon.exe" [2002-01-24 106496]
"AdaptecDirectCD"="c:\program files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2005-01-02 684032]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-06-13 127036]
"MaxBlastMonitor.exe"="c:\program files\Maxtor\MaxBlast\MaxBlastMonitor.exe" [2007-04-20 1169720]
"AcronisTimounterMonitor"="c:\program files\Maxtor\MaxBlast\TimounterMonitor.exe" [2007-04-20 1945712]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Maxtor\Schedule2\schedhlp.exe" [2007-04-20 149024]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"PKWARE Certificate Proxy Client"="c:\progra~1\PKWARE\PKZIPW\pkpcsr.exe" [2008-08-04 238928]
"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2008-05-07 591696]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2009-04-29 188728]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-02-14 198160]
"V0510Mon.exe"="c:\windows\V0510Mon.exe" [2007-12-07 32768]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-07-03 520024]
"nwiz"="nwiz.exe" - c:\windows\SYSTEM32\nwiz.exe [2003-07-28 323584]

c:\documents and settings\Pete\Start Menu\Programs\Startup\
LaunchU3.exe.lnk - c:\documents and settings\Pete\Application Data\Microsoft\Installer\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_294823.exe [2008-1-6 1078]
Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-12-27 344064]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
SecureZIP Attachments Status.lnk - c:\program files\PKWARE\PKZIPM\12.20.0021\PKTray.exe [2008-12-25 206160]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-4-28 415072]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^Marsha^Start Menu^Programs^Startup^America Online 5.0 Tray Icon.lnk]
path=c:\documents and settings\Marsha\Start Menu\Programs\Startup\America Online 5.0 Tray Icon.lnk
backup=c:\windows\pss\America Online 5.0 Tray Icon.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Magentic\\bin\\Magentic.exe"=
"c:\\Program Files\\Magentic\\bin\\MgApp.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 Lbd;Lbd;c:\windows\SYSTEM32\DRIVERS\Lbd.sys [6/25/2009 10:17 PM 64160]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [5/26/2009 10:05 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/26/2009 10:05 AM 72944]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [6/20/2009 12:19 AM 108289]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
S2 gupdate1c98ef3b86cdb8e;Google Update Service (gupdate1c98ef3b86cdb8e);c:\program files\Google\Update\GoogleUpdate.exe [2/14/2009 6:29 PM 133104]
S2 PIEUsb;Pacific Image Electronics USB Scanner;c:\windows\SYSTEM32\DRIVERS\usbscan.sys [2/21/2004 11:10 AM 15104]
S2 Winkvj;Winkvj;c:\windows\System32\Winkvj.exe --> c:\windows\System32\Winkvj.exe [?]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 3:06 PM 1029456]
S3 McAfeePF;McAfee Firewall Network Filter Miniport;c:\windows\system32\DRIVERS\fw220.sys --> c:\windows\system32\DRIVERS\fw220.sys [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5/26/2009 10:05 AM 7408]
S3 V0510Dev;Rocketfish Webcam VF0510 Driver;c:\windows\SYSTEM32\DRIVERS\V0510Vid.sys [3/14/2009 6:54 PM 254080]
S3 V0510Vfx;Rocketfish Webcam VF0510 Video VFX Driver;c:\windows\SYSTEM32\DRIVERS\V0510Vfx.sys [3/14/2009 6:54 PM 7424]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-07-07 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 02:17]

2009-07-08 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-26 22:20]

2009-07-08 c:\windows\Tasks\GoogleUpdateTaskMachine.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-14 22:29]

2009-07-08 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]

2009-07-03 c:\windows\Tasks\Norton Security Scan for Pete.job
- c:\program files\Norton Security Scan\Nss.exe [2008-09-19 08:18]

2009-07-05 c:\windows\Tasks\Weelky Backup.job
- c:\windows\system32\ntbackup.exe [2001-08-18 02:36]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Microsoft Works Update Detection - c:\program files\Microsoft Works\WkDetect.exe
Notify-70c4619a509 - c:\windows\System32\comsvcs32.dll


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.comcast.net/
uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZR&fl=0&ptb=aijFIbhI3ZykZsy3igmjrA&url=http://edits.mywebsearch.com/toolbaredits/barsearch.jhtml&st=sb&searchfor={searchTerms}
uInternet Settings,ProxyOverride = localhost
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Search
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {E5ABEB00-B357-4884-9949-77B2C71A7EE3} - hxxp://www.intel.com/design/motherbd/boardid/BoardID.cab
FF - ProfilePath - c:\documents and settings\Pete\Application Data\Mozilla\Firefox\Profiles\2pzf6rev.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.comcast.net/
FF - component: c:\program files\Real\RealPlayer\browserrecord\components\nprpbrowserrecordplugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1601.7122\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.141.5\npGoogleOneClick7.dll
FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPJPI150_09.dll
FF - plugin: c:\program files\Java\jre1.5.0_09\bin\NPOJI610.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-08 18:56
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Iomega Activity Disk2]
"ImagePath"="\"\""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(640)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'lsass.exe'(696)
c:\windows\system32\relog_ap.dll

- - - - - - - > 'explorer.exe'(584)
c:\windows\system32\WININET.dll
c:\program files\Iomega\DriveIcons\IMGHOOK.DLL
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\ArcSoft\PhotoImpression 5\share\pihook.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\Maxtor\Schedule2\schedul2.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\progra~1\Iomega\System32\AppServices.exe
c:\windows\SYSTEM32\nvsvc32.exe
c:\program files\Iomega\AutoDisk\ADService.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
c:\windows\SYSTEM32\rundll32.exe
c:\progra~1\Magentic\bin\MgApp.exe
c:\documents and settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe
.
**************************************************************************
.
Completion time: 2009-07-08 19:03 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-08 23:03

Pre-Run: 13,657,993,216 bytes free
Post-Run: 13,783,953,408 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

366 --- E O F --- 2009-07-06 15:23


**********************


DDS Log:

DDS (Ver_09-05-14.01) - NTFSx86
Run by Pete at 19:16:14.84 on Wed 07/08/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.86 [GMT -4:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Maxtor\MaxBlast\MaxBlastMonitor.exe
C:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exe
C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\V0510Mon.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\PROGRA~1\Magentic\bin\MgApp.exe
C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Pete\Desktop\Debuggers\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.comcast.net/
uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZR&fl=0&ptb=aijFIbhI3ZykZsy3igmjrA&url=http://edits.mywebsearch.com/toolbaredits/barsearch.jhtml&st=sb&searchfor={searchTerms}
uInternet Settings,ProxyOverride = localhost
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Comcast Toolbar: {4e7bd74f-2b8d-469e-93be-be2df4d9ae29} - c:\progra~1\comcas~2\COMCAS~1.DLL
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_09\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar3.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.15642\swg.dll
TB: {ACB1E670-3217-45C4-A021-6B829A8A27CB} - No File
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar3.dll
TB: Comcast Toolbar: {4e7bd74f-2b8d-469e-93be-be2df4d9ae29} - c:\progra~1\comcas~2\COMCAS~1.DLL
TB: {724D43A0-0D85-11D4-9908-00400523E39A} - No File
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
EB: {9404901D-06DA-4B23-A0EE-3EA4F64EC9B3} - No File
EB: {9999A076-A9E2-4C99-8A2B-632FC9429223} - No File
uRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NVMCTRAY.DLL,NvTaskbarInit
uRun: [Magentic] c:\progra~1\magentic\bin\Magentic.exe /c
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Iomega Startup Options] c:\program files\iomega\common\ImgStart.exe
mRun: [Iomega Drive Icons] c:\program files\iomega\driveicons\ImgIcon.exe
mRun: [Deskup] c:\program files\iomega\driveicons\deskup.exe
mRun: [ADUserMon] c:\program files\iomega\autodisk\ADUserMon.exe
mRun: [AdaptecDirectCD] c:\program files\roxio\easy cd creator 5\directcd\DirectCD.exe
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe"
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [MaxBlastMonitor.exe] c:\program files\maxtor\maxblast\MaxBlastMonitor.exe
mRun: [AcronisTimounterMonitor] c:\program files\maxtor\maxblast\TimounterMonitor.exe
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\maxtor\schedule2\schedhlp.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [PKWARE Certificate Proxy Client] c:\progra~1\pkware\pkzipw\pkpcsr.exe
mRun: [EEventManager] c:\progra~1\epsons~1\eventm~1\EEventManager.exe
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [V0510Mon.exe] c:\windows\V0510Mon.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [nwiz] nwiz.exe /install
StartupFolder: c:\docume~1\pete\startm~1\programs\startup\launch~1.lnk - c:\docume~1\pete\applic~1\microsoft\installer\{d8e363a7-88b7-446d-b2c0-e26ce4dc8e54}\_294823.exe
StartupFolder: c:\docume~1\pete\startm~1\programs\startup\pictur~1.lnk - c:\program files\sony\sony picture utility\volumewatcher\SPUVolumeWatcher.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\secure~1.lnk - c:\program files\pkware\pkzipm\12.20.0021\PKTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
IE: &Search
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Resource.dll/RC_Print.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_09\bin\ssv.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813
DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {2D337EB0-3BFB-42A3-B314-A24BBA8C085B} - hxxp://download.yahoo.com/dl/mail/yautoiol1.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/wmv9dmo.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1246069601593
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37933.5667824074
DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E5ABEB00-B357-4884-9949-77B2C71A7EE3} - hxxp://www.intel.com/design/motherbd/boardid/BoardID.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
LSA: Authentication Packages = msv1_0 relog_ap

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\pete\applic~1\mozilla\firefox\profiles\2pzf6rev.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.comcast.net/

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-6-25 64160]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-6-20 11608]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-5-26 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-5-26 72944]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-6-20 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-6-20 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-6-20 55640]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 1029456]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-5-26 7408]
S2 gupdate1c98ef3b86cdb8e;Google Update Service (gupdate1c98ef3b86cdb8e);c:\program files\google\update\GoogleUpdate.exe [2009-2-14 133104]
S2 MCVSRte;McAfee.com VirusScan Online Realtime Engine;c:\progra~1\mcafee.com\vso\mcvsrte.exe /embedding --> c:\progra~1\mcafee.com\vso\mcvsrte.exe [?]
S2 PIEUsb;Pacific Image Electronics USB Scanner;c:\windows\system32\drivers\usbscan.sys [2004-2-21 15104]
S2 SBService;ScriptBlocking Service;c:\progra~1\common~1\symant~1\script~1\sbserv.exe --> c:\progra~1\common~1\symant~1\script~1\SBServ.exe [?]
S2 Winkvj;Winkvj;c:\windows\system32\winkvj.exe --> c:\windows\system32\Winkvj.exe [?]
S3 McAfeePF;McAfee Firewall Network Filter Miniport;c:\windows\system32\drivers\fw220.sys --> c:\windows\system32\drivers\fw220.sys [?]
S3 V0510Dev;Rocketfish Webcam VF0510 Driver;c:\windows\system32\drivers\V0510Vid.sys [2009-3-14 254080]
S3 V0510Vfx;Rocketfish Webcam VF0510 Video VFX Driver;c:\windows\system32\drivers\V0510Vfx.sys [2009-3-14 7424]

=============== Created Last 30 ================

2009-07-08 19:02 <DIR> -cd----- c:\windows\system32\dllcache\cache
2009-07-08 18:28 <DIR> a-dshr-- C:\cmdcons
2009-07-08 18:24 161,792 a------- c:\windows\SWREG.exe
2009-07-08 18:24 155,136 a------- c:\windows\PEV.exe
2009-07-08 18:24 98,816 a------- c:\windows\sed.exe
2009-06-27 06:26 <DIR> --dsh--- c:\documents and settings\pete\PrivacIE
2009-06-27 06:22 <DIR> --dsh--- c:\documents and settings\pete\IETldCache
2009-06-26 22:46 102,912 -c------ c:\windows\system32\dllcache\iecompat.dll
2009-06-26 22:46 <DIR> --d----- c:\windows\ie8updates
2009-06-26 22:45 12,800 -c------ c:\windows\system32\dllcache\xpshims.dll
2009-06-26 22:45 246,272 -c------ c:\windows\system32\dllcache\ieproxy.dll
2009-06-26 22:43 <DIR> -cd-h--- c:\windows\ie8
2009-06-26 22:27 23,576 a------- c:\windows\system32\wuapi.dll.mui
2009-06-26 21:10 3,840 a------- c:\windows\system32\drivers\BANTExt.sys
2009-06-26 21:10 <DIR> --d----- c:\program files\Belarc
2009-06-25 22:17 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-06-25 22:13 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-06-24 15:50 4,076,908 a------- c:\windows\pfirewall.log.old
2009-06-24 15:42 25,992 a------- c:\windows\system32\pgdfgsvc.exe
2009-06-24 15:27 <DIR> --d----- c:\program files\GPLGS
2009-06-24 15:26 87,552 a------- c:\windows\system32\cpwmon2k.dll
2009-06-24 15:26 <DIR> --d----- c:\program files\Acro Software
2009-06-24 15:08 13,492 a------- c:\windows\system32\defprtr2.ppd
2009-06-24 14:45 <DIR> --d----- c:\windows\system32\NtmsData
2009-06-20 18:26 <DIR> --d----- c:\program files\common files\Symantec Shared
2009-06-20 18:25 <DIR> --d----- c:\program files\Norton Security Scan
2009-06-20 17:07 54,156 a---h--- c:\windows\QTFont.qfn
2009-06-20 17:07 1,409 a------- c:\windows\QTFont.for
2009-06-20 00:19 55,640 a------- c:\windows\system32\drivers\avgntflt.sys
2009-06-20 00:19 <DIR> --d----- c:\program files\Avira
2009-06-20 00:19 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Avira
2009-06-19 23:56 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-06-19 23:55 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-06-19 23:55 <DIR> --d----- c:\docume~1\pete\applic~1\SUPERAntiSpyware.com
2009-06-19 23:54 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-06-14 14:33 <DIR> --d----- c:\docume~1\pete\applic~1\Malwarebytes
2009-06-14 14:32 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-14 14:32 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-06-14 14:32 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-06-14 14:32 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-06-13 20:08 56,320 a------- c:\windows\system32\SET610.tmp
2009-06-13 12:04 1,203,922 -c------ c:\windows\system32\dllcache\sysmain.sdb
2009-06-13 12:04 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-06-13 12:04 215,552 -c------ c:\windows\system32\dllcache\wordpad.exe
2009-06-12 23:12 <DIR> --d----- c:\docume~1\pete\applic~1\LimeWire

==================== Find3M ====================

2009-06-05 17:57 203,296 a------- c:\windows\pchealth\helpctr\config\cache\Personal_32_1033.dat
2009-05-13 01:15 915,456 a------- c:\windows\system32\wininet.dll
2009-05-07 11:32 345,600 a------- c:\windows\system32\localspl.dll
2009-04-17 08:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-15 10:51 585,216 a------- c:\windows\system32\rpcrt4.dll
2008-02-17 21:21 79,984 -------- c:\docume~1\pete\applic~1\GDIPFONTCACHEV1.DAT
2005-06-03 19:00 774,144 ac------ c:\program files\RngInterstitial.dll
2002-07-06 22:14 548 a------- c:\program files\Shortcut to Mindspring2.lnk

============= FINISH: 19:17:56.09 ===============

#10 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:03:03 AM

Posted 09 July 2009 - 03:57 AM

Hi again,

Open notepad and copy/paste the text in the quotebox below into it:

Driver::
Winkvj

File::
c:\windows\System32\Winkvj.exe

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=-

DDS::
uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZR&fl=0&ptb=aijFIbhI3ZykZsy3igmjrA&url=http://edits.mywebsearch.com/toolbaredits/barsearch.jhtml&st=sb&searchfor={searchTerms}
uInternet Settings,ProxyOverride = localhost
TB: {ACB1E670-3217-45C4-A021-6B829A8A27CB} - No File
TB: {724D43A0-0D85-11D4-9908-00400523E39A} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
EB: {9404901D-06DA-4B23-A0EE-3EA4F64EC9B3} - No File
EB: {9999A076-A9E2-4C99-8A2B-632FC9429223} - No File


Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

Posted Image

Disable Ad-Watch, Antivir and other protection software if currently running and then close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.


Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.


Uninstall old Adobe Reader versions and get the latest one (9.1 + update 9.1.2 for it) here or get Foxit Reader here. Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here.


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

Updating Java:
  • Download the latest version of Java Runtime Environment (JRE) 6 Update 14.
  • Click the
    Download
    button to the right.
  • Select Windows on platform combobox and check the box that says:
    Accept License Agreement. Click continue.
  • The page will refresh.
  • Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u14-windows-i586-p.exe to install the newest version. Uncheck MSN toolbar if it's offered there.


Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache

*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.


Please run an online scan with Kaspersky Online Scanner as instructed in the screenshot here.


Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#11 skysyrfer

skysyrfer
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:03 PM

Posted 09 July 2009 - 09:50 PM

Hey,

All done, no issues following the instructions/execution of programs.

Thanks,

:thumbup2:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Thursday, July 9, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Thursday, July 09, 2009 20:50:46
Records in database: 2451499
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
M:\

Scan statistics:
Files scanned: 158157
Threat name: 5
Infected objects: 10
Suspicious objects: 1
Duration of the scan: 05:40:55


File name / Threat name / Threats count
C:\Documents and Settings\Pete\Local Settings\Application Data\Microsoft\Outlook\outlook.pst Infected: Email-Worm.VBS.KakWorm 4
C:\Documents and Settings\Pete\Local Settings\Application Data\Microsoft\Outlook\outlook.pst Suspicious: Exploit.HTML.Iframe.FileDownload 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\SKYNETvjayukig.dll.vir Infected: Trojan.Win32.Monder.gen 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACmspyxjtaevpwmsh.dll.vir Infected: Packed.Win32.Tdss.m 1
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1976\A0647312.dll Infected: Packed.Win32.Tdss.m 1
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP1976\A0647399.dll Infected: Trojan.Win32.Monder.gen 1
C:\WINDOWS\Windows Update Setup Files\searchbarsetup.exe Infected: not-a-virus:AdWare.Win32.AdvancedSearchBar 2

The selected area was scanned.








DDS (Ver_09-05-14.01) - NTFSx86
Run by Pete at 22:37:35.71 on Thu 07/09/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.151 [GMT -4:00]

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Maxtor\MaxBlast\MaxBlastMonitor.exe
C:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exe
C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\V0510Mon.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\PROGRA~1\Magentic\bin\MgApp.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Pete\Local Settings\temp\jkos-Pete\binaries\ScanningProcess.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Documents and Settings\Pete\Desktop\Debuggers\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.comcast.net/
uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZR&fl=0&ptb=aijFIbhI3ZykZsy3igmjrA&url=http://edits.mywebsearch.com/toolbaredits/barsearch.jhtml&st=sb&searchfor={searchTerms}
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Comcast Toolbar: {4e7bd74f-2b8d-469e-93be-be2df4d9ae29} - c:\progra~1\comcas~2\COMCAS~1.DLL
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar3.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.15642\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar3.dll
TB: Comcast Toolbar: {4e7bd74f-2b8d-469e-93be-be2df4d9ae29} - c:\progra~1\comcas~2\COMCAS~1.DLL
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
uRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NVMCTRAY.DLL,NvTaskbarInit
uRun: [Magentic] c:\progra~1\magentic\bin\Magentic.exe /c
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Microsoft Works Update Detection] c:\program files\microsoft works\WkDetect.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Iomega Startup Options] c:\program files\iomega\common\ImgStart.exe
mRun: [Iomega Drive Icons] c:\program files\iomega\driveicons\ImgIcon.exe
mRun: [Deskup] c:\program files\iomega\driveicons\deskup.exe
mRun: [ADUserMon] c:\program files\iomega\autodisk\ADUserMon.exe
mRun: [AdaptecDirectCD] c:\program files\roxio\easy cd creator 5\directcd\DirectCD.exe
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe"
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [MaxBlastMonitor.exe] c:\program files\maxtor\maxblast\MaxBlastMonitor.exe
mRun: [AcronisTimounterMonitor] c:\program files\maxtor\maxblast\TimounterMonitor.exe
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\maxtor\schedule2\schedhlp.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [PKWARE Certificate Proxy Client] c:\progra~1\pkware\pkzipw\pkpcsr.exe
mRun: [EEventManager] c:\progra~1\epsons~1\eventm~1\EEventManager.exe
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [V0510Mon.exe] c:\windows\V0510Mon.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [nwiz] nwiz.exe /install
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\docume~1\pete\startm~1\programs\startup\launch~1.lnk - c:\docume~1\pete\applic~1\microsoft\installer\{d8e363a7-88b7-446d-b2c0-e26ce4dc8e54}\_294823.exe
StartupFolder: c:\docume~1\pete\startm~1\programs\startup\pictur~1.lnk - c:\program files\sony\sony picture utility\volumewatcher\SPUVolumeWatcher.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\secure~1.lnk - c:\program files\pkware\pkzipm\12.20.0021\PKTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
IE: &Search
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Resource.dll/RC_Print.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813
DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {2D337EB0-3BFB-42A3-B314-A24BBA8C085B} - hxxp://download.yahoo.com/dl/mail/yautoiol1.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/wmv9dmo.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1246069601593
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37933.5667824074
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E5ABEB00-B357-4884-9949-77B2C71A7EE3} - hxxp://www.intel.com/design/motherbd/boardid/BoardID.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
LSA: Authentication Packages = msv1_0 relog_ap

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\pete\applic~1\mozilla\firefox\profiles\2pzf6rev.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.comcast.net/

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-6-25 64160]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-6-20 11608]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-5-26 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-5-26 72944]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-6-20 55640]
S2 PIEUsb;Pacific Image Electronics USB Scanner;c:\windows\system32\drivers\usbscan.sys [2004-2-21 15104]
S3 McAfeePF;McAfee Firewall Network Filter Miniport;c:\windows\system32\drivers\fw220.sys --> c:\windows\system32\drivers\fw220.sys [?]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-5-26 7408]
S3 V0510Dev;Rocketfish Webcam VF0510 Driver;c:\windows\system32\drivers\V0510Vid.sys [2009-3-14 254080]
S3 V0510Vfx;Rocketfish Webcam VF0510 Video VFX Driver;c:\windows\system32\drivers\V0510Vfx.sys [2009-3-14 7424]

=============== Created Last 30 ================

2009-07-09 14:34 410,984 a------- c:\windows\system32\deploytk.dll
2009-07-09 14:34 73,728 a------- c:\windows\system32\javacpl.cpl
2009-07-08 19:02 <DIR> -cd----- c:\windows\system32\dllcache\cache
2009-07-08 18:28 <DIR> a-dshr-- C:\cmdcons
2009-07-08 18:24 161,792 a------- c:\windows\SWREG.exe
2009-07-08 18:24 155,136 a------- c:\windows\PEV.exe
2009-07-08 18:24 98,816 a------- c:\windows\sed.exe
2009-06-27 06:26 <DIR> --dsh--- c:\documents and settings\pete\PrivacIE
2009-06-27 06:22 <DIR> --dsh--- c:\documents and settings\pete\IETldCache
2009-06-26 22:46 102,912 -c------ c:\windows\system32\dllcache\iecompat.dll
2009-06-26 22:46 <DIR> --d----- c:\windows\ie8updates
2009-06-26 22:45 12,800 -c------ c:\windows\system32\dllcache\xpshims.dll
2009-06-26 22:45 246,272 -c------ c:\windows\system32\dllcache\ieproxy.dll
2009-06-26 22:43 <DIR> -cd-h--- c:\windows\ie8
2009-06-26 22:27 23,576 a------- c:\windows\system32\wuapi.dll.mui
2009-06-26 21:10 3,840 a------- c:\windows\system32\drivers\BANTExt.sys
2009-06-26 21:10 <DIR> --d----- c:\program files\Belarc
2009-06-25 22:17 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-06-25 22:13 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-06-24 15:50 4,076,908 a------- c:\windows\pfirewall.log.old
2009-06-24 15:42 25,992 a------- c:\windows\system32\pgdfgsvc.exe
2009-06-24 15:27 <DIR> --d----- c:\program files\GPLGS
2009-06-24 15:26 87,552 a------- c:\windows\system32\cpwmon2k.dll
2009-06-24 15:26 <DIR> --d----- c:\program files\Acro Software
2009-06-24 15:08 13,492 a------- c:\windows\system32\defprtr2.ppd
2009-06-24 14:45 <DIR> --d----- c:\windows\system32\NtmsData
2009-06-20 18:26 <DIR> --d----- c:\program files\common files\Symantec Shared
2009-06-20 18:25 <DIR> --d----- c:\program files\Norton Security Scan
2009-06-20 17:07 54,156 a---h--- c:\windows\QTFont.qfn
2009-06-20 17:07 1,409 a------- c:\windows\QTFont.for
2009-06-20 00:19 55,640 a------- c:\windows\system32\drivers\avgntflt.sys
2009-06-20 00:19 <DIR> --d----- c:\program files\Avira
2009-06-20 00:19 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Avira
2009-06-19 23:56 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-06-19 23:55 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-06-19 23:55 <DIR> --d----- c:\docume~1\pete\applic~1\SUPERAntiSpyware.com
2009-06-19 23:54 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-06-14 14:33 <DIR> --d----- c:\docume~1\pete\applic~1\Malwarebytes
2009-06-14 14:32 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-14 14:32 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-06-14 14:32 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-06-14 14:32 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-06-13 20:08 56,320 a------- c:\windows\system32\SET610.tmp
2009-06-13 12:04 1,203,922 -c------ c:\windows\system32\dllcache\sysmain.sdb
2009-06-13 12:04 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-06-13 12:04 215,552 -c------ c:\windows\system32\dllcache\wordpad.exe
2009-06-12 23:12 <DIR> --d----- c:\docume~1\pete\applic~1\LimeWire

==================== Find3M ====================

2009-06-05 17:57 203,296 a------- c:\windows\pchealth\helpctr\config\cache\Personal_32_1033.dat
2009-05-13 01:15 915,456 a------- c:\windows\system32\wininet.dll
2009-05-07 11:32 345,600 a------- c:\windows\system32\localspl.dll
2009-04-17 08:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-15 10:51 585,216 a------- c:\windows\system32\rpcrt4.dll
2008-02-17 21:21 79,984 -------- c:\docume~1\pete\applic~1\GDIPFONTCACHEV1.DAT
2005-06-03 19:00 774,144 ac------ c:\program files\RngInterstitial.dll
2002-07-06 22:14 548 a------- c:\program files\Shortcut to Mindspring2.lnk

============= FINISH: 22:39:10.12 ===============







ComboFix 09-07-09.01 - Pete 07/09/2009 14:06.2.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.212 [GMT -4:00]
Running from: c:\documents and settings\Pete\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Pete\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

FILE ::
"c:\windows\System32\Winkvj.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_WINKVJ
-------\Service_Winkvj


((((((((((((((((((((((((( Files Created from 2009-06-09 to 2009-07-09 )))))))))))))))))))))))))))))))
.

2009-07-09 17:33 . 2009-02-12 09:35 38208 ----a-w- c:\documents and settings\Pete\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-07-09 17:29 . 2009-07-09 17:29 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-07-09 17:27 . 2009-07-09 17:27 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2009-07-09 17:27 . 2009-07-09 17:59 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-07-09 17:27 . 2009-07-09 17:59 -------- d-----w- c:\program files\NOS
2009-07-09 08:12 . 2009-07-09 08:12 -------- d-----w- c:\documents and settings\Pete\Local Settings\Application Data\Temp
2009-07-01 18:24 . 2009-07-01 18:24 81512 ------w- c:\documents and settings\Guest\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-01 18:23 . 2009-07-01 18:23 -------- d-sh--w- c:\documents and settings\Guest\IETldCache
2009-06-27 10:26 . 2009-06-27 10:26 -------- d-sh--w- c:\documents and settings\Pete\PrivacIE
2009-06-27 10:22 . 2009-06-27 10:22 -------- d-sh--w- c:\documents and settings\Pete\IETldCache
2009-06-27 05:02 . 2009-06-27 05:02 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2009-06-27 02:46 . 2009-06-02 10:12 102912 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-06-27 02:46 . 2009-06-27 02:46 -------- d-----w- c:\windows\ie8updates
2009-06-27 02:45 . 2009-04-30 21:22 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-06-27 02:45 . 2009-04-30 21:22 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-06-27 02:43 . 2009-06-27 02:44 -------- dc-h--w- c:\windows\ie8
2009-06-27 01:10 . 2009-06-27 01:10 -------- d-----w- c:\program files\Belarc
2009-06-27 01:10 . 2008-03-06 15:51 3840 ----a-w- c:\windows\system32\drivers\BANTExt.sys
2009-06-26 02:17 . 2009-06-26 02:16 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-06-26 02:17 . 2009-07-03 02:17 314712 ------w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-06-26 02:17 . 2009-07-07 02:26 25440 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\savapibridge.dll
2009-06-26 02:17 . 2009-07-03 02:17 348496 ------w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-06-26 02:17 . 2009-07-03 02:17 169312 ------w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-06-26 02:17 . 2009-06-26 02:17 15688 ------w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-06-26 02:17 . 2009-07-03 02:17 298336 ------w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-06-26 02:17 . 2009-07-03 02:17 84832 ------w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-06-26 02:16 . 2009-07-07 02:26 0 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2009-06-26 02:16 . 2009-07-03 02:17 40288 ------w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-06-26 02:16 . 2009-07-03 02:17 246128 ------w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-06-26 02:16 . 2009-06-26 02:16 64160 ------w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\lbd.sys
2009-06-26 02:16 . 2009-07-03 02:17 85352 ------w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\AAWDriverTool.exe
2009-06-26 02:16 . 2009-07-03 02:17 664424 ------w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-06-26 02:16 . 2009-07-03 02:17 566632 ------w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-06-26 02:16 . 2009-07-03 02:17 563064 ------w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-06-26 02:16 . 2009-07-07 02:24 2353480 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-06-26 02:16 . 2009-07-03 02:17 629072 ------w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2009-06-26 02:16 . 2009-07-03 02:17 520024 ------w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-06-26 02:16 . 2009-07-03 02:17 1029456 ------w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-06-26 02:13 . 2009-03-12 08:17 2902048 -c----w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
2009-06-26 02:13 . 2009-06-26 02:13 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-06-26 01:02 . 2009-07-07 23:09 -------- d-----w- c:\documents and settings\Pete\Local Settings\Application Data\CutePDF Writer
2009-06-24 19:42 . 2009-07-09 00:31 25992 ----a-w- c:\windows\system32\pgdfgsvc.exe
2009-06-24 19:27 . 2009-06-24 19:27 -------- d-----w- c:\program files\GPLGS
2009-06-24 19:26 . 2007-07-13 02:33 87552 ----a-w- c:\windows\system32\cpwmon2k.dll
2009-06-24 19:26 . 2009-06-24 19:26 -------- d-----w- c:\program files\Acro Software
2009-06-24 18:45 . 2009-07-05 07:31 -------- d-----w- c:\windows\system32\NtmsData
2009-06-21 04:37 . 2009-06-21 04:37 81512 ------w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-21 02:10 . 2009-06-21 02:11 117760 ------w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-06-21 02:10 . 2009-06-21 02:10 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2009-06-20 22:26 . 2009-06-20 22:26 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-06-20 22:25 . 2009-06-20 22:25 -------- d-----w- c:\program files\Norton Security Scan
2009-06-20 21:52 . 2009-06-20 21:52 -------- d-----w- c:\program files\Windows Defender
2009-06-20 04:19 . 2009-03-30 14:33 96104 ----a-w- c:\windows\system32\drivers\avipbb.sys
2009-06-20 04:19 . 2009-03-24 20:08 55640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-06-20 04:19 . 2009-02-13 16:29 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys
2009-06-20 04:19 . 2009-02-13 16:17 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys
2009-06-20 04:19 . 2009-06-20 04:19 -------- d-----w- c:\program files\Avira
2009-06-20 04:19 . 2009-06-20 04:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-06-20 03:58 . 2009-07-09 17:53 117760 ----a-w- c:\documents and settings\Pete\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-06-20 03:56 . 2009-06-20 03:56 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-06-20 03:55 . 2009-06-25 15:09 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-06-20 03:55 . 2009-06-20 03:55 -------- d-----w- c:\documents and settings\Pete\Application Data\SUPERAntiSpyware.com
2009-06-20 03:54 . 2009-06-20 03:54 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-06-20 03:39 . 2009-06-20 03:39 3561743 ------w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-06-19 20:22 . 2009-06-19 20:22 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2009-06-19 13:28 . 2009-06-19 13:28 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-06-19 12:56 . 2009-06-19 12:56 49152 ------r- c:\documents and settings\Pete\Application Data\Microsoft\Installer\{FCC07EEA-FA18-4A21-9105-9666603C6885}\IconFCC07EEA1.exe
2009-06-19 12:56 . 2009-06-19 12:56 49152 ------r- c:\documents and settings\Pete\Application Data\Microsoft\Installer\{FCC07EEA-FA18-4A21-9105-9666603C6885}\IconFCC07EEA.exe
2009-06-14 18:33 . 2009-06-14 18:33 -------- d-----w- c:\documents and settings\Pete\Application Data\Malwarebytes
2009-06-14 18:32 . 2009-06-17 15:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-14 18:32 . 2009-06-20 03:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-14 18:32 . 2009-06-17 15:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-14 18:32 . 2009-06-14 18:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-14 00:07 . 2009-02-09 12:10 729088 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-14 00:07 . 2009-02-09 12:10 714752 ----a-w- c:\windows\system32\ntdll.dll
2009-06-14 00:07 . 2009-02-09 12:10 617472 ----a-w- c:\windows\system32\advapi32.dll
2009-06-14 00:07 . 2009-02-07 23:02 2066048 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-06-14 00:07 . 2009-02-06 11:11 110592 ----a-w- c:\windows\system32\services.exe
2009-06-14 00:07 . 2009-02-06 11:08 2189056 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-06-13 16:10 . 2009-03-06 14:22 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2009-06-13 16:10 . 2009-02-09 12:10 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2009-06-13 16:10 . 2009-02-09 12:10 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2009-06-13 16:10 . 2009-02-06 11:11 110592 -c----w- c:\windows\system32\dllcache\services.exe
2009-06-13 16:10 . 2009-02-09 12:10 729088 -c----w- c:\windows\system32\dllcache\lsasrv.dll
2009-06-13 16:10 . 2009-02-09 12:10 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
2009-06-13 16:10 . 2009-02-09 12:10 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-06-13 16:10 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2009-06-13 16:10 . 2009-02-09 12:10 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll
2009-06-13 16:04 . 2008-05-03 11:55 2560 ------w- c:\windows\system32\xpsp4res.dll
2009-06-13 16:04 . 2008-04-21 12:08 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2009-06-13 03:12 . 2009-06-13 03:14 -------- d-----w- c:\documents and settings\Pete\Application Data\LimeWire
2009-06-13 00:17 . 2009-06-13 00:17 390664 ------w- c:\documents and settings\Bryce\Application Data\Real\RealPlayer\Update\realplayer11gold.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-09 17:45 . 2005-12-23 15:34 -------- d-----w- c:\program files\Java
2009-07-09 17:32 . 2005-01-27 23:42 -------- d-----w- c:\program files\Common Files\Adobe
2009-07-01 23:53 . 2009-03-15 02:12 -------- d-----w- c:\documents and settings\Pete\Application Data\Skype
2009-07-01 18:26 . 2009-03-15 15:06 -------- d-----w- c:\documents and settings\Guest\Application Data\Skype
2009-06-26 02:12 . 2007-01-07 02:57 -------- d-----w- c:\program files\Lavasoft
2009-06-24 01:35 . 2003-08-01 23:51 -------- d-----w- c:\program files\Google
2009-06-24 01:29 . 2008-05-10 11:24 -------- d-----w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-24 01:26 . 2003-10-31 23:55 -------- d-----w- c:\program files\SurferNETWORK Player
2009-06-23 01:55 . 2006-08-08 10:39 -------- d-----w- c:\documents and settings\Pete\Application Data\U3
2009-06-20 22:23 . 2008-05-10 11:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-06-14 21:28 . 2009-03-15 00:40 -------- d-----w- c:\program files\Angle Interactive
2009-06-13 15:55 . 2008-12-25 23:38 -------- d-----w- c:\documents and settings\Bryce\Application Data\LimeWire
2009-06-13 03:53 . 2005-06-04 01:08 -------- d-----w- c:\documents and settings\Pete\Application Data\Webshots
2009-06-06 14:02 . 2008-12-26 02:10 -------- d-----w- c:\documents and settings\Pete\Application Data\PKWARE
2009-06-06 12:17 . 2009-06-06 12:17 -------- d-----w- c:\documents and settings\Pete\Application Data\Talkback
2009-06-05 21:57 . 2006-01-05 02:32 203296 ----a-w- c:\windows\PCHEALTH\HELPCTR\Config\Cache\Personal_32_1033.dat
2009-05-13 05:15 . 2004-01-08 18:23 915456 ----a-w- c:\windows\system32\wininet.dll
2009-05-13 00:04 . 2008-04-22 16:37 -------- d-----w- c:\program files\Common Files\Scanner
2009-05-07 15:32 . 2001-08-18 12:00 345600 ----a-w- c:\windows\system32\localspl.dll
2009-05-03 12:48 . 2008-05-10 15:23 81512 ------w- c:\documents and settings\Laurel\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-17 12:26 . 2001-08-18 12:00 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-15 14:51 . 2004-09-01 20:44 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2005-06-03 23:00 . 2005-06-03 23:00 774144 -c--a-w- c:\program files\RngInterstitial.dll
2002-07-07 02:14 . 2002-07-07 02:38 548 ----a-w- c:\program files\Shortcut to Mindspring2.lnk
.

((((((((((((((((((((((((((((( SnapShot@2009-07-08_22.57.15 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-09 03:07 . 2009-07-09 03:07 22528 c:\windows\Installer\e7cc3f.msi
+ 2009-07-09 17:34 . 2009-07-09 17:34 20480 c:\windows\Installer\3f5e0d5.msi
+ 2009-07-09 17:30 . 2009-07-09 17:30 26624 c:\windows\Installer\3f5e0bf.msi
+ 2009-07-09 08:14 . 2009-07-09 08:14 25214 c:\windows\Installer\{CC016F21-3970-11DE-B878-005056806466}\UNINST_Uninstall_G_408FFBEED62349E08B232864A94D2864.exe
+ 2009-07-09 08:14 . 2009-07-09 08:14 25214 c:\windows\Installer\{CC016F21-3970-11DE-B878-005056806466}\ShortcutOGL_EB071909B9884F8CBF3D6115D4ADEE5E.exe
+ 2009-07-09 08:14 . 2009-07-09 08:14 25214 c:\windows\Installer\{CC016F21-3970-11DE-B878-005056806466}\ShortcutDX_EB071909B9884F8CBF3D6115D4ADEE5E.exe
+ 2009-07-09 08:14 . 2009-07-09 08:14 25214 c:\windows\Installer\{CC016F21-3970-11DE-B878-005056806466}\googleearth.exe1_407B9B5CDAC54F44A756B57CAB4E6A8B.exe
+ 2009-07-09 08:14 . 2009-07-09 08:14 25214 c:\windows\Installer\{CC016F21-3970-11DE-B878-005056806466}\googleearth.exe_407B9B5CDAC54F44A756B57CAB4E6A8B.exe
+ 2009-07-09 08:14 . 2009-07-09 08:14 25214 c:\windows\Installer\{CC016F21-3970-11DE-B878-005056806466}\ARPPRODUCTICON.exe
+ 2006-12-02 02:54 . 2006-12-02 02:54 626688 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcr80.dll
+ 2006-12-02 02:54 . 2006-12-02 02:54 548864 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcp80.dll
+ 2006-12-02 02:54 . 2006-12-02 02:54 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\msvcm80.dll
+ 2009-01-18 20:05 . 2009-01-18 20:05 675840 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0100000010\9.1.0\JP2KLib.dll
+ 2009-07-09 17:35 . 2009-07-09 17:35 6653952 c:\windows\Installer\3f5e0f9.msp
+ 2009-07-09 17:33 . 2009-07-09 17:33 3938816 c:\windows\Installer\3f5e0ca.msi
+ 2009-07-09 08:14 . 2009-07-09 08:14 1401344 c:\windows\Installer\1ffb2b0.msi
+ 2008-12-18 20:48 . 2008-12-18 20:48 3645440 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0100000010\9.1.0\authplay.dll
+ 2009-02-27 20:37 . 2009-02-27 20:37 20403568 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0100000010\9.1.0\AcroRd32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="c:\windows\system32\NVMCTRAY.DLL" [2003-07-28 49152]
"Magentic"="c:\progra~1\Magentic\bin\Magentic.exe" [2007-09-03 475180]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-04-22 68856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"Microsoft Works Update Detection"="c:\program files\Microsoft Works\WkDetect.exe" [BU]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-07-28 4841472]
"Iomega Startup Options"="c:\program files\Iomega\Common\ImgStart.exe" [2001-01-17 45056]
"Iomega Drive Icons"="c:\program files\Iomega\DriveIcons\ImgIcon.exe" [2001-11-20 57344]
"Deskup"="c:\program files\Iomega\DriveIcons\deskup.exe" [2001-10-01 28672]
"ADUserMon"="c:\program files\Iomega\AutoDisk\ADUserMon.exe" [2002-01-24 106496]
"AdaptecDirectCD"="c:\program files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" [2005-01-02 684032]
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe" [2007-03-09 63712]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2006-06-13 127036]
"MaxBlastMonitor.exe"="c:\program files\Maxtor\MaxBlast\MaxBlastMonitor.exe" [2007-04-20 1169720]
"AcronisTimounterMonitor"="c:\program files\Maxtor\MaxBlast\TimounterMonitor.exe" [2007-04-20 1945712]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Maxtor\Schedule2\schedhlp.exe" [2007-04-20 149024]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]
"PKWARE Certificate Proxy Client"="c:\progra~1\PKWARE\PKZIPW\pkpcsr.exe" [2008-08-04 238928]
"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2008-05-07 591696]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2009-04-29 188728]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-02-14 198160]
"V0510Mon.exe"="c:\windows\V0510Mon.exe" [2007-12-07 32768]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-07-03 520024]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"nwiz"="nwiz.exe" - c:\windows\SYSTEM32\nwiz.exe [2003-07-28 323584]

c:\documents and settings\Pete\Start Menu\Programs\Startup\
LaunchU3.exe.lnk - c:\documents and settings\Pete\Application Data\Microsoft\Installer\{D8E363A7-88B7-446D-B2C0-E26CE4DC8E54}\_294823.exe [2008-1-6 1078]
Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2007-12-27 344064]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
SecureZIP Attachments Status.lnk - c:\program files\PKWARE\PKZIPM\12.20.0021\PKTray.exe [2008-12-25 206160]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-4-28 415072]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^Marsha^Start Menu^Programs^Startup^America Online 5.0 Tray Icon.lnk]
path=c:\documents and settings\Marsha\Start Menu\Programs\Startup\America Online 5.0 Tray Icon.lnk
backup=c:\windows\pss\America Online 5.0 Tray Icon.lnkStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Magentic\\bin\\Magentic.exe"=
"c:\\Program Files\\Magentic\\bin\\MgApp.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 Lbd;Lbd;c:\windows\SYSTEM32\DRIVERS\Lbd.sys [6/25/2009 10:17 PM 64160]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [5/26/2009 10:05 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/26/2009 10:05 AM 72944]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [6/20/2009 12:19 AM 108289]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
S2 gupdate1c98ef3b86cdb8e;Google Update Service (gupdate1c98ef3b86cdb8e);c:\program files\Google\Update\GoogleUpdate.exe [2/14/2009 6:29 PM 133104]
S2 PIEUsb;Pacific Image Electronics USB Scanner;c:\windows\SYSTEM32\DRIVERS\usbscan.sys [2/21/2004 11:10 AM 15104]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 3:06 PM 1029456]
S3 McAfeePF;McAfee Firewall Network Filter Miniport;c:\windows\system32\DRIVERS\fw220.sys --> c:\windows\system32\DRIVERS\fw220.sys [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [5/26/2009 10:05 AM 7408]
S3 V0510Dev;Rocketfish Webcam VF0510 Driver;c:\windows\SYSTEM32\DRIVERS\V0510Vid.sys [3/14/2009 6:54 PM 254080]
S3 V0510Vfx;Rocketfish Webcam VF0510 Video VFX Driver;c:\windows\SYSTEM32\DRIVERS\V0510Vfx.sys [3/14/2009 6:54 PM 7424]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-07-07 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 02:17]

2009-07-09 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-26 22:20]

2009-07-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-14 22:29]

2009-07-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-14 22:29]

2009-07-09 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]

2009-07-03 c:\windows\Tasks\Norton Security Scan for Pete.job
- c:\program files\Norton Security Scan\Nss.exe [2008-09-19 08:18]

2009-07-05 c:\windows\Tasks\Weelky Backup.job
- c:\windows\system32\ntbackup.exe [2001-08-18 02:36]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.comcast.net/
uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZR&fl=0&ptb=aijFIbhI3ZykZsy3igmjrA&url=http://edits.mywebsearch.com/toolbaredits/barsearch.jhtml&st=sb&searchfor={searchTerms}
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Search
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Easy-WebPrint Add To Print List - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E5ABEB00-B357-4884-9949-77B2C71A7EE3} - hxxp://www.intel.com/design/motherbd/boardid/BoardID.cab
FF - ProfilePath - c:\documents and settings\Pete\Application Data\Mozilla\Firefox\Profiles\2pzf6rev.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.comcast.net/

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-09 14:20
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Iomega Activity Disk2]
"ImagePath"="\"\""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(640)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'lsass.exe'(696)
c:\windows\system32\relog_ap.dll

- - - - - - - > 'explorer.exe'(1060)
c:\windows\system32\WININET.dll
c:\program files\Iomega\DriveIcons\IMGHOOK.DLL
c:\program files\Common Files\Ahead\Lib\NeroDigitalExt.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_6b128700\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\ArcSoft\PhotoImpression 5\share\pihook.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Nero\Nero 7\Nero BackItUp\NBShell.dll
c:\program files\Nero\Nero 7\Nero BackItUp\MFC71U.DLL
c:\program files\Avira\AntiVir Desktop\shlext.dll
c:\program files\Common Files\PKWARE\PKZIP7\PKCOM700.dll
c:\program files\Common Files\PKWARE\PKZIP7\PKArchive86u.dll
c:\program files\Common Files\PKWARE\PKZIP7\pkopt700.dll
c:\program files\Malwarebytes' Anti-Malware\mbamext.dll
c:\program files\Lavasoft\Ad-Aware\ShellExt.dll
c:\program files\SUPERAntiSpyware\SASCTXMN.DLL
c:\program files\WinZip\wzshlstb.dll
c:\program files\SUPERAntiSpyware\SASSEH.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\Maxtor\Schedule2\schedul2.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\progra~1\Iomega\System32\AppServices.exe
c:\windows\SYSTEM32\nvsvc32.exe
c:\program files\Iomega\AutoDisk\ADService.exe
c:\windows\SYSTEM32\wscntfy.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
c:\windows\SYSTEM32\rundll32.exe
c:\documents and settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe
c:\progra~1\Magentic\bin\MgApp.exe
.
**************************************************************************
.
Completion time: 2009-07-09 14:27 - machine was rebooted
ComboFix-quarantined-files.txt 2009-07-09 18:27
ComboFix2.txt 2009-07-08 23:03

Pre-Run: 13,159,399,424 bytes free
Post-Run: 13,187,891,200 bytes free

335 --- E O F --- 2009-07-06 15:23

#12 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:03:03 AM

Posted 10 July 2009 - 03:52 AM

Hi again,

Check email messages in following location and delete suspicious looking ones:
C:\Documents and Settings\Pete\Local Settings\Application Data\Microsoft\Outlook\outlook.pst

Delete C:\WINDOWS\Windows Update Setup Files\searchbarsetup.exe file.

Reboot and post a fresh dds.txt log. Any symptoms left?

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.


#13 skysyrfer

skysyrfer
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:03 PM

Posted 10 July 2009 - 12:06 PM

Hi "Blade",

I was not sure what you meant by "Check email messages in following location and delete suspicious looking ones:
C:\Documents and Settings\Pete\Local Settings\Application Data\Microsoft\Outlook\outlook.pst". So I opened my Outlook program , which I runs the .pst file, and deleted any old/suspicious emails there.

When we are done, will you be able to tell me if I am "clean" or not? What about the viruses identified by the Kaspersky scan? Does the DDS log indicate to you when I am clean?

Thnks for all your great help! :thumbup2:




DDS (Ver_09-05-14.01) - NTFSx86
Run by Pete at 13:00:39.75 on Fri 07/10/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.511.110 [GMT -4:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
svchost.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Common Files\Maxtor\Schedule2\schedul2.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Iomega\AutoDisk\ADService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Maxtor\MaxBlast\MaxBlastMonitor.exe
C:\Program Files\Maxtor\MaxBlast\TimounterMonitor.exe
C:\Program Files\Common Files\Maxtor\Schedule2\schedhlp.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\V0510Mon.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\Magentic\bin\MgApp.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32Info.exe
C:\Documents and Settings\Pete\Desktop\Debuggers\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.comcast.net/
uSearchMigratedDefaultUrl = hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZR&fl=0&ptb=aijFIbhI3ZykZsy3igmjrA&url=http://edits.mywebsearch.com/toolbaredits/barsearch.jhtml&st=sb&searchfor={searchTerms}
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Comcast Toolbar: {4e7bd74f-2b8d-469e-93be-be2df4d9ae29} - c:\progra~1\comcas~2\COMCAS~1.DLL
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar3.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.15642\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar3.dll
TB: Comcast Toolbar: {4e7bd74f-2b8d-469e-93be-be2df4d9ae29} - c:\progra~1\comcas~2\COMCAS~1.DLL
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -
uRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NVMCTRAY.DLL,NvTaskbarInit
uRun: [Magentic] c:\progra~1\magentic\bin\Magentic.exe /c
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [Microsoft Works Update Detection] c:\program files\microsoft works\WkDetect.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [Iomega Startup Options] c:\program files\iomega\common\ImgStart.exe
mRun: [Iomega Drive Icons] c:\program files\iomega\driveicons\ImgIcon.exe
mRun: [Deskup] c:\program files\iomega\driveicons\deskup.exe
mRun: [ADUserMon] c:\program files\iomega\autodisk\ADUserMon.exe
mRun: [AdaptecDirectCD] c:\program files\roxio\easy cd creator 5\directcd\DirectCD.exe
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe"
mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
mRun: [MaxBlastMonitor.exe] c:\program files\maxtor\maxblast\MaxBlastMonitor.exe
mRun: [AcronisTimounterMonitor] c:\program files\maxtor\maxblast\TimounterMonitor.exe
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\maxtor\schedule2\schedhlp.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [PKWARE Certificate Proxy Client] c:\progra~1\pkware\pkzipw\pkpcsr.exe
mRun: [EEventManager] c:\progra~1\epsons~1\eventm~1\EEventManager.exe
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [V0510Mon.exe] c:\windows\V0510Mon.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [nwiz] nwiz.exe /install
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\docume~1\pete\startm~1\programs\startup\launch~1.lnk - c:\docume~1\pete\applic~1\microsoft\installer\{d8e363a7-88b7-446d-b2c0-e26ce4dc8e54}\_294823.exe
StartupFolder: c:\docume~1\pete\startm~1\programs\startup\pictur~1.lnk - c:\program files\sony\sony picture utility\volumewatcher\SPUVolumeWatcher.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\secure~1.lnk - c:\program files\pkware\pkzipm\12.20.0021\PKTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
IE: &Search
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Easy-WebPrint Add To Print List - c:\program files\canon\easy-webprint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint High Speed Print - c:\program files\canon\easy-webprint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Preview - c:\program files\canon\easy-webprint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint Print - c:\program files\canon\easy-webprint\Resource.dll/RC_Print.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813
DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {2D337EB0-3BFB-42A3-B314-A24BBA8C085B} - hxxp://download.yahoo.com/dl/mail/yautoiol1.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {33564D57-0000-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB
DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/wmv9dmo.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1246069601593
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37933.5667824074
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E5ABEB00-B357-4884-9949-77B2C71A7EE3} - hxxp://www.intel.com/design/motherbd/boardid/BoardID.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
LSA: Authentication Packages = msv1_0 relog_ap

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\pete\applic~1\mozilla\firefox\profiles\2pzf6rev.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.comcast.net/

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true
============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-6-25 64160]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-6-20 11608]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-5-26 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-5-26 72944]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-6-20 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-6-20 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-6-20 55640]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 1029456]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S2 gupdate1c98ef3b86cdb8e;Google Update Service (gupdate1c98ef3b86cdb8e);c:\program files\google\update\GoogleUpdate.exe [2009-2-14 133104]
S2 MCVSRte;McAfee.com VirusScan Online Realtime Engine;c:\progra~1\mcafee.com\vso\mcvsrte.exe /embedding --> c:\progra~1\mcafee.com\vso\mcvsrte.exe [?]
S2 PIEUsb;Pacific Image Electronics USB Scanner;c:\windows\system32\drivers\usbscan.sys [2004-2-21 15104]
S2 SBService;ScriptBlocking Service;c:\progra~1\common~1\symant~1\script~1\sbserv.exe --> c:\progra~1\common~1\symant~1\script~1\SBServ.exe [?]
S3 McAfeePF;McAfee Firewall Network Filter Miniport;c:\windows\system32\drivers\fw220.sys --> c:\windows\system32\drivers\fw220.sys [?]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-5-26 7408]
S3 V0510Dev;Rocketfish Webcam VF0510 Driver;c:\windows\system32\drivers\V0510Vid.sys [2009-3-14 254080]
S3 V0510Vfx;Rocketfish Webcam VF0510 Video VFX Driver;c:\windows\system32\drivers\V0510Vfx.sys [2009-3-14 7424]

=============== Created Last 30 ================

2009-07-09 22:58 <DIR> --d----- c:\docume~1\pete\applic~1\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2009-07-09 14:34 410,984 a------- c:\windows\system32\deploytk.dll
2009-07-09 14:34 73,728 a------- c:\windows\system32\javacpl.cpl
2009-07-08 19:02 <DIR> -cd----- c:\windows\system32\dllcache\cache
2009-07-08 18:28 <DIR> a-dshr-- C:\cmdcons
2009-07-08 18:24 161,792 a------- c:\windows\SWREG.exe
2009-07-08 18:24 155,136 a------- c:\windows\PEV.exe
2009-07-08 18:24 98,816 a------- c:\windows\sed.exe
2009-06-27 06:26 <DIR> --dsh--- c:\documents and settings\pete\PrivacIE
2009-06-27 06:22 <DIR> --dsh--- c:\documents and settings\pete\IETldCache
2009-06-26 22:46 102,912 -c------ c:\windows\system32\dllcache\iecompat.dll
2009-06-26 22:46 <DIR> --d----- c:\windows\ie8updates
2009-06-26 22:45 12,800 -c------ c:\windows\system32\dllcache\xpshims.dll
2009-06-26 22:45 246,272 -c------ c:\windows\system32\dllcache\ieproxy.dll
2009-06-26 22:43 <DIR> -cd-h--- c:\windows\ie8
2009-06-26 22:27 23,576 a------- c:\windows\system32\wuapi.dll.mui
2009-06-26 21:10 3,840 a------- c:\windows\system32\drivers\BANTExt.sys
2009-06-26 21:10 <DIR> --d----- c:\program files\Belarc
2009-06-25 22:17 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-06-25 22:13 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-06-24 15:50 4,076,908 a------- c:\windows\pfirewall.log.old
2009-06-24 15:42 25,992 a------- c:\windows\system32\pgdfgsvc.exe
2009-06-24 15:27 <DIR> --d----- c:\program files\GPLGS
2009-06-24 15:26 87,552 a------- c:\windows\system32\cpwmon2k.dll
2009-06-24 15:26 <DIR> --d----- c:\program files\Acro Software
2009-06-24 15:08 13,492 a------- c:\windows\system32\defprtr2.ppd
2009-06-24 14:45 <DIR> --d----- c:\windows\system32\NtmsData
2009-06-20 18:26 <DIR> --d----- c:\program files\common files\Symantec Shared
2009-06-20 18:25 <DIR> --d----- c:\program files\Norton Security Scan
2009-06-20 17:07 54,156 a---h--- c:\windows\QTFont.qfn
2009-06-20 17:07 1,409 a------- c:\windows\QTFont.for
2009-06-20 00:19 55,640 a------- c:\windows\system32\drivers\avgntflt.sys
2009-06-20 00:19 <DIR> --d----- c:\program files\Avira
2009-06-20 00:19 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Avira
2009-06-19 23:56 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-06-19 23:55 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-06-19 23:55 <DIR> --d----- c:\docume~1\pete\applic~1\SUPERAntiSpyware.com
2009-06-19 23:54 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-06-14 14:33 <DIR> --d----- c:\docume~1\pete\applic~1\Malwarebytes
2009-06-14 14:32 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-14 14:32 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-06-14 14:32 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-06-14 14:32 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-06-13 20:08 56,320 a------- c:\windows\system32\SET610.tmp
2009-06-13 12:04 1,203,922 -c------ c:\windows\system32\dllcache\sysmain.sdb
2009-06-13 12:04 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-06-13 12:04 215,552 -c------ c:\windows\system32\dllcache\wordpad.exe
2009-06-12 23:12 <DIR> --d----- c:\docume~1\pete\applic~1\LimeWire

==================== Find3M ====================

2009-06-05 17:57 203,296 a------- c:\windows\pchealth\helpctr\config\cache\Personal_32_1033.dat
2009-05-13 01:15 915,456 a------- c:\windows\system32\wininet.dll
2009-05-07 11:32 345,600 a------- c:\windows\system32\localspl.dll
2009-04-17 08:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-15 10:51 585,216 a------- c:\windows\system32\rpcrt4.dll
2008-02-17 21:21 79,984 -------- c:\docume~1\pete\applic~1\GDIPFONTCACHEV1.DAT
2005-06-03 19:00 774,144 ac------ c:\program files\RngInterstitial.dll
2002-07-06 22:14 548 a------- c:\program files\Shortcut to Mindspring2.lnk

============= FINISH: 13:02:44.81 ===============

#14 skysyrfer

skysyrfer
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:08:03 PM

Posted 10 July 2009 - 12:08 PM

Oh yeah, I almost forgot, the redirect symptoms seem to have been cured!

AM I clean?

Thanks again

#15 Blade81

Blade81

    Bleepin' Rocker


  • Malware Response Team
  • 6,465 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:03:03 AM

Posted 10 July 2009 - 02:55 PM

I was not sure what you meant by "Check email messages in following location and delete suspicious looking ones:
C:\Documents and Settings\Pete\Local Settings\Application Data\Microsoft\Outlook\outlook.pst". So I opened my Outlook program , which I runs the .pst file, and deleted any old/suspicious emails there.

Yes, that's how I wanted you to do :thumbup2: Those other bad findings will be removed when ComboFix is uninstalled and system restore resetted. Instructions for that below.


Well congrats, it appears your system is all clean Are you still noticing any problems? If not, it's time to secure your system to prevent against further intrusions.


THESE STEPS ARE VERY IMPORTANT

Let's reset system restore
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.

1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.
NOTE: only do this ONCE,NOT on a regular basis



Now lets uninstall ComboFix:
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK

You may delete DDS and related logs too.


UPDATING WINDOWS AND INTERNET EXPLORER

IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site to get the critical updates.

If you are running Microsoft Office, or any portion thereof, go to the Microsoft's Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update.


Make your Internet Explorer more secure

This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.



The following are recommended third party programs that are designed to keep your computer clean. A link as well as a brief description is included with each item.
  • hosts file:
    • Every version of windows has a hosts file as part of them.
    • In a very basic sense, they are used to locate webpages.
    • We can customize a hosts file so that it blocks certain webpages.
    • However, it can slow down certain computers.
    • This is why using a hosts file is optional!!
    Download it here. Make sure you read the instructions on how to install the hosts file. There is a good tutorial here
    If you decide to download the hosts file, the slowdown problems can usually be avoided by following these steps:
    • Click the start button (at the lower left hand corner of your screen)
    • Click run
    • In the dialog box, type services.msc
    • hit enter, then locate dns client
    • Highlight it, then double-click it.
    • On the dropdown box, change the setting from automatic to manual.
    • Click ok
  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. For more info, check this webpage out.
    If you don't have a 3rd party firewall or a router behind NAT then I recommend getting one. I recommend either Online Armor Free or Comodo Firewall Pro (If you choose Comodo: Uncheck during installation "Install Comodo SafeSurf..", Make Comodo my default search provider" and "Make Comodo Search my homepage" and install firewall ONLY!). Both providers have support forums that help with configuration related questions.

Just a final reminder for you. I am trying to stress these two points.
UPDATE UPDATE UPDATE!!! Make sure you do this about every 1-2 weeks.
Make sure all of your security programs are up to date.
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.



Once again, please post and tell me how things are going with your system... problems etc.

Have a great day,
Blade :)

Microsoft Windows Insider MVP 2016-2017

Microsoft MVP Consumer Security 2008-2015
UNITE member since 2006
unite_blue.png

Provided malware removal related instructions are meant to be used in the correspondent user's case only. If you have similar symptoms create own topic instead of following instructions given to some other, please.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users