Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google gone crazy


  • This topic is locked This topic is locked
27 replies to this topic

#1 liznarf

liznarf

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:44 PM

Posted 12 August 2009 - 10:54 PM

google seems to be disabled. have tried HijackThis and Combofix with no success, Please advise,,thanks

Attached Files



BC AdBot (Login to Remove)

 


#2 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:07:44 AM

Posted 24 August 2009 - 07:21 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.  

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine.  Please perform the following scan:
  • Download DDS by sUBs from one of the following links.  Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool.  No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note:  You may have to disable any script protection running if the scan fails to run.  After downloading the tool, disconnect from the internet and disable all antivirus protection.  Run the scan, enable your A/V and reconnect to the internet.  

Information on A/V control HERE

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#3 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 37,012 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:07:44 PM

Posted 31 August 2009 - 09:25 PM

Topic reopened.

@ liznarf,

Please post your current DDS logs and an updated description of your computer issues as requested in the previous post.

Orange Blossom :thumbup2:
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#4 liznarf

liznarf
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:44 PM

Posted 31 August 2009 - 11:51 PM

hope i`m doing this correctly

Attached Files



#5 liznarf

liznarf
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:44 PM

Posted 31 August 2009 - 11:57 PM

thank OrangeB...computer works fine except for google. got a bunch of 64.86.17.32 and 74.125.45.100 in my host file( here)C:\windows\system32\drivers\etc\hosts

Attached Files

  • Attached File  DDS.zip   5.18KB   15 downloads


#6 liznarf

liznarf
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:44 PM

Posted 02 September 2009 - 08:15 PM

OrangeBlossom,,Please don`t forget me

#7 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:44 AM

Posted 04 September 2009 - 07:07 PM

Hi liznarf,

Welcome to BC HijackThis forum. I am farbar. I am going to assist you with your problem.

Please refrain from making any changes to your system (updating Windows, installing applications, removing files, etc.) from now on as it might prolong handling your log and make the job for both of us more difficult.
  • Download HostsXpert.zip
    • Extract (unzip) HostsXpert.zip to a permanent folder on your hard drive such as C:\HostsXpert
    • Double-click HostsXpert.exe to run the program.
    • Click "Make Hosts Writable?" in the upper right corner (If available).
    • Click "Restore Microsoft's Hosts file" and then click "OK".
    • Click the X to exit the program.
    • Note: If you were using a custom Hosts file you will need to replace any of those entries yourself.
  • I need to see the ComboFix.txt from the first run. Please copy/paste the log the first run located at C:\Qoobox\combofixX.txt where X is a number. Please post the log with the highest number.


#8 liznarf

liznarf
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:44 PM

Posted 06 September 2009 - 11:05 AM

thanks for responding farbar. didn`t have any luck with HostXpert.zip.. a screen pops up saying that the host file is marked as a "system file" then after that another screen says the host file is a "hidden file"
here is the combofix file..... i hope i am doing this correctly . thanks again for your help

ComboFix 09-08-31.03 - Administrator 08/31/2009 22:07.5.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1527.879 [GMT -4:00]
Running from: c:\documents and settings\Administrator\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((( Files Created from 2009-08-01 to 2009-09-01 )))))))))))))))))))))))))))))))
.

2009-08-30 14:49 . 2009-08-01 16:16 6256600 ---ha-w- c:\documents and settings\Administrator\Application Data\mjusbsp\in00000\setup.exe
2009-08-30 14:49 . 2009-08-01 16:12 728600 ---ha-w- c:\documents and settings\Administrator\Application Data\mjusbsp\ar00000\install.exe
2009-08-23 23:54 . 2009-08-23 23:54 -------- d-----w- c:\program files\Microsoft
2009-08-18 23:10 . 2009-08-18 23:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-18 23:10 . 2009-08-18 23:12 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-18 01:02 . 2008-10-16 18:06 268648 ----a-w- c:\windows\system32\mucltui.dll
2009-08-17 21:49 . 2009-08-30 14:49 -------- d-----w- c:\documents and settings\Administrator\Tracing
2009-08-17 21:48 . 2009-08-17 21:48 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-08-17 21:48 . 2009-08-17 21:48 -------- d-----w- c:\program files\Windows Live
2009-08-17 21:46 . 2009-08-17 21:46 -------- d-----w- c:\program files\Common Files\Windows Live
2009-08-17 00:27 . 2009-08-17 00:27 -------- d-----w- c:\documents and settings\Administrator\Application Data\MSN6
2009-08-17 00:27 . 2009-08-17 00:27 -------- d-----w- c:\documents and settings\All Users\Application Data\MSN6
2009-08-13 09:35 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-08-13 00:16 . 2009-08-13 00:16 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-08-13 00:15 . 2009-08-03 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-13 00:15 . 2009-08-13 01:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-13 00:15 . 2009-08-13 00:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-13 00:15 . 2009-08-03 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-10 22:43 . 2009-08-10 22:44 -------- d-----w- c:\windows\system32\NtmsData
2009-08-10 22:35 . 2009-09-01 00:45 230432 ----a-w- C:\PA7302.DAT
2009-08-10 22:25 . 2009-08-10 22:25 -------- d-----w- c:\windows\PixArt
2009-08-10 03:23 . 2008-12-11 12:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-08-10 03:23 . 2009-04-03 14:18 130936 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-08-10 03:23 . 2008-12-18 15:16 73840 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-08-10 03:23 . 2009-08-10 22:49 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-08-10 03:23 . 2009-08-10 03:24 -------- d-----w- c:\program files\Common Files\PC Tools
2009-08-10 03:23 . 2008-12-10 15:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-08-10 03:23 . 2009-08-10 03:25 -------- d-----w- c:\program files\Spyware Doctor
2009-08-10 03:23 . 2009-08-10 03:23 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-08-10 03:23 . 2009-08-10 03:23 -------- d-----w- c:\documents and settings\Administrator\Application Data\PC Tools
2009-08-09 19:16 . 2009-08-09 19:16 153104 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-08-09 17:19 . 2009-08-09 17:19 -------- d-----w- c:\windows\system32\XPSViewer
2009-08-09 17:19 . 2009-08-09 17:19 -------- d-----w- c:\program files\MSBuild
2009-08-09 17:19 . 2009-08-09 17:19 -------- d-----w- c:\program files\Reference Assemblies
2009-08-09 17:18 . 2009-08-09 17:18 -------- d-----w- C:\680620c7a931b91c2b
2009-08-09 17:18 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-09 17:18 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-09 17:18 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-08-09 17:18 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-08-09 17:18 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-08-09 17:18 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-08-09 17:18 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-09 17:18 . 2009-08-09 17:21 -------- d-----w- c:\windows\SxsCaPendDel
2009-08-09 15:39 . 2007-06-14 19:29 457856 ----a-w- c:\windows\system32\drivers\PAC7302.SYS
2009-08-09 15:39 . 2006-11-20 13:04 6656 ----a-w- c:\windows\system32\CoInst.dll
2009-08-09 15:39 . 2009-08-09 15:39 -------- d-----w- c:\program files\VGA USB Camera
2009-08-09 15:39 . 2009-08-09 15:39 -------- d-----w- c:\documents and settings\Administrator\Application Data\InstallShield
2009-08-08 20:41 . 2009-08-08 20:51 -------- d-----w- c:\documents and settings\Administrator\Application Data\Reg Tool
2009-08-08 20:41 . 2009-08-08 20:54 -------- d-----w- c:\program files\Reg Tool
2009-08-08 16:21 . 2009-08-08 16:21 -------- d-----w- c:\program files\Java
2009-08-06 21:36 . 2009-08-08 16:19 152576 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-08-06 21:28 . 2009-08-13 01:03 117760 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-08-06 15:57 . 2009-08-06 15:57 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-08-06 15:57 . 2009-08-06 15:57 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-08-06 15:57 . 2009-08-06 15:57 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2009-08-06 15:56 . 2009-08-06 15:56 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-08-06 15:49 . 2009-08-01 16:16 6256600 ---ha-w- c:\documents and settings\Administrator\Application Data\mjusbsp\Upgrade\setup1.exe
2009-08-06 15:49 . 2009-08-01 16:12 728600 ---ha-w- c:\documents and settings\Administrator\Application Data\mjusbsp\Upgrade\install1.exe
2009-08-06 15:48 . 2008-04-13 18:45 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2009-08-06 15:48 . 2008-04-13 18:45 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2009-08-06 15:46 . 2009-08-06 15:46 -------- d-----w- c:\windows\system32\wbem\Repository
2009-08-06 03:27 . 2009-08-06 03:27 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\tjnet
2009-08-05 09:01 . 2009-08-05 09:01 204800 -c----w- c:\windows\system32\dllcache\mswebdvd.dll
2009-08-03 20:26 . 2009-08-30 14:49 -------- d-----w- c:\documents and settings\Administrator\Application Data\mjusbsp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-01 00:59 . 2008-04-29 22:29 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-08-17 21:49 . 2008-04-25 00:59 161688 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-17 13:14 . 2008-04-25 02:14 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-17 13:14 . 2008-04-25 02:14 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-17 13:14 . 2008-04-25 02:14 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-11 22:59 . 2008-04-26 16:08 -------- d-----w- c:\documents and settings\Administrator\Application Data\AdobeUM
2009-08-09 15:39 . 2008-04-25 01:23 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-08 16:21 . 2009-01-20 01:14 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-08-05 09:01 . 2001-08-18 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-01 16:16 . 2009-08-01 16:16 95576 ----a-w- c:\documents and settings\Administrator\Application Data\mjusbsp\ug00000\magicJack.dll
2009-08-01 16:16 . 2009-08-01 16:16 6256600 ----a-w- c:\documents and settings\Administrator\Application Data\mjusbsp\ug00000\setup.exe
2009-08-01 16:16 . 2009-08-01 16:16 413304 ----a-w- c:\documents and settings\Administrator\Application Data\mjusbsp\magicJackLoader.exe
2009-08-01 16:16 . 2009-08-01 16:16 480608 ----a-w- c:\documents and settings\Administrator\Application Data\mjusbsp\octvqe1_apiw.dll
2009-08-01 16:16 . 2009-08-01 16:16 214360 ----a-w- c:\documents and settings\Administrator\Application Data\mjusbsp\TjVista.dll
2009-08-01 16:16 . 2009-08-01 16:16 325040 ----a-w- c:\documents and settings\Administrator\Application Data\mjusbsp\TjIpSys.dll
2009-08-01 16:16 . 2009-08-01 16:16 570736 ----a-w- c:\documents and settings\Administrator\Application Data\mjusbsp\SJHandsetMagicJack.dll
2009-08-01 16:15 . 2009-08-01 16:15 87384 ----a-w- c:\documents and settings\Administrator\Application Data\mjusbsp\st00000\mjsetup.exe
2009-08-01 16:15 . 2009-08-01 16:15 95576 ----a-w- c:\documents and settings\Administrator\Application Data\mjusbsp\st00000\magicJack.dll
2009-08-01 16:15 . 2009-08-01 16:15 95576 ----a-w- c:\documents and settings\Administrator\Application Data\mjusbsp\magicJack.dll
2009-08-01 16:13 . 2009-08-01 16:13 12231512 ----a-w- c:\documents and settings\Administrator\Application Data\mjusbsp\magicJack.exe
2009-08-01 16:12 . 2009-08-01 16:12 728600 ----a-w- c:\documents and settings\Administrator\Application Data\mjusbsp\ug00000\install.exe
2009-08-01 16:12 . 2009-08-01 16:12 87384 ----a-w- c:\documents and settings\Administrator\Application Data\mjusbsp\in00000\mjsetup.exe
2009-08-01 16:12 . 2009-08-01 16:12 95576 ----a-w- c:\documents and settings\Administrator\Application Data\mjusbsp\in00000\magicJack.dll
2009-08-01 16:11 . 2009-08-01 16:11 441704 ----a-w- c:\documents and settings\Administrator\Application Data\mjusbsp\ug00000\magicJackSplash.exe
2009-08-01 16:11 . 2009-08-01 16:11 441704 ----a-w- c:\documents and settings\Administrator\Application Data\mjusbsp\st00000\magicJackSplash.exe
2009-08-01 16:11 . 2009-08-01 16:11 441704 ----a-w- c:\documents and settings\Administrator\Application Data\mjusbsp\magicJackSplash.exe
2009-08-01 16:11 . 2009-08-01 16:11 441704 ----a-w- c:\documents and settings\Administrator\Application Data\mjusbsp\in00000\magicJackSplash.exe
2009-08-01 16:11 . 2009-08-01 16:11 50520 ----a-w- c:\documents and settings\Administrator\Application Data\mjusbsp\cdloader2.exe
2009-07-26 20:44 . 2009-07-26 20:44 48448 ----a-w- c:\windows\system32\sirenacm.dll
2009-07-17 19:01 . 2001-08-18 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 03:43 . 2008-04-25 00:54 286208 ------w- c:\windows\system32\wmpdxm.dll
2009-06-29 16:12 . 2001-08-18 12:00 827392 ------w- c:\windows\system32\wininet.dll
2009-06-29 16:12 . 2008-04-25 00:54 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 16:12 . 2001-08-18 12:00 17408 ------w- c:\windows\system32\corpol.dll
2009-06-25 08:25 . 2001-08-18 12:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2001-08-18 12:00 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2001-08-18 12:00 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2001-08-18 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:25 . 2001-08-18 12:00 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:25 . 2001-08-18 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-24 11:18 . 2001-08-18 12:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-16 14:36 . 2001-08-18 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2001-08-18 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-12 12:31 . 2001-08-18 12:00 80896 ----a-w- c:\windows\system32\tlntsess.exe
2009-06-12 12:31 . 2001-08-18 12:00 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:13 . 2001-08-18 12:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 13:19 . 2008-04-25 03:08 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:14 . 2001-08-18 12:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-03 19:09 . 2001-08-18 12:00 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-19 20:07 . 2009-05-19 20:07 27976 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll
2009-05-19 20:07 . 2009-05-19 20:07 126360 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll
2009-05-19 20:07 . 2009-05-19 20:07 46408 ----a-w- c:\program files\mozilla firefox\plugins\atmccli.dll
2009-05-19 20:07 . 2009-05-19 20:07 98712 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-08-11_20.31.28 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-11 23:41 . 2009-07-11 23:41 97280 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.dll
+ 2007-11-13 11:31 . 2009-07-14 11:03 46080 c:\windows\system32\tzchange.exe
+ 2008-04-25 00:51 . 2007-07-27 14:41 26488 c:\windows\system32\spupdsvc.exe
- 2008-04-25 00:51 . 2007-11-30 11:18 26488 c:\windows\system32\spupdsvc.exe
+ 2008-05-21 00:35 . 2009-05-26 11:40 17272 c:\windows\system32\spmsg.dll
- 2008-05-21 00:35 . 2007-11-30 11:18 17272 c:\windows\system32\spmsg.dll
+ 2009-06-25 08:25 . 2009-06-25 08:25 54272 c:\windows\system32\dllcache\wdigest.dll
+ 2009-06-12 12:31 . 2009-06-12 12:31 80896 c:\windows\system32\dllcache\tlntsess.exe
+ 2009-06-12 12:31 . 2009-06-12 12:31 76288 c:\windows\system32\dllcache\telnet.exe
+ 2009-02-03 19:59 . 2009-06-25 08:25 56832 c:\windows\system32\dllcache\secur32.dll
- 2009-02-03 19:59 . 2009-02-03 19:59 56832 c:\windows\system32\dllcache\secur32.dll
+ 2009-06-24 11:18 . 2009-06-24 11:18 92928 c:\windows\system32\dllcache\ksecdd.sys
+ 2009-06-10 14:13 . 2009-06-10 14:13 84992 c:\windows\system32\dllcache\avifil32.dll
+ 2009-07-17 19:01 . 2009-07-17 19:01 58880 c:\windows\system32\dllcache\atl.dll
+ 2009-08-23 23:53 . 2009-08-23 23:53 27136 c:\windows\Installer\1d59ec5b.msi
+ 2009-08-17 21:48 . 2009-08-17 21:48 83456 c:\windows\Installer\12973f26.msi
+ 2009-08-17 21:48 . 2009-08-17 21:48 59904 c:\windows\Installer\12973f21.msi
+ 2009-08-17 21:48 . 2009-08-17 21:48 62304 c:\windows\Installer\{F6BD194C-4190-4D73-B1B1-C48C99921BFE}\IconWlc.exe
+ 2009-08-23 23:54 . 2009-08-23 23:54 80395 c:\windows\Installer\{A85FD55B-891B-4314-97A5-EA96C0BD80B5}\MsblIco.Exe
+ 2009-08-17 21:49 . 2009-08-17 21:49 80395 c:\windows\Installer\{0AAA9C97-74D4-47CE-B089-0B147EF3553C}\MsblIco.Exe
+ 2008-04-24 19:32 . 2009-08-18 07:06 492272 c:\windows\system32\FNTCACHE.DAT
+ 2009-07-14 03:43 . 2009-07-14 03:43 286208 c:\windows\system32\dllcache\wmpdxm.dll
+ 2009-06-10 06:14 . 2009-06-10 06:14 132096 c:\windows\system32\dllcache\wkssvc.dll
+ 2008-12-05 06:54 . 2009-06-25 08:25 147456 c:\windows\system32\dllcache\schannel.dll
+ 2009-06-25 08:25 . 2009-06-25 08:25 136192 c:\windows\system32\dllcache\msv1_0.dll
+ 2009-04-15 00:05 . 2009-06-25 08:25 730112 c:\windows\system32\dllcache\lsasrv.dll
+ 2009-06-25 08:25 . 2009-06-25 08:25 301568 c:\windows\system32\dllcache\kerberos.dll
+ 2009-08-23 23:54 . 2009-08-23 23:54 430080 c:\windows\Installer\1d59ec83.msi
+ 2009-08-23 23:54 . 2009-08-23 23:54 155648 c:\windows\Installer\1d59ec67.msi
+ 2009-08-18 07:00 . 2009-08-18 07:00 248832 c:\windows\Installer\1490f8f6.msi
+ 2009-08-17 21:48 . 2009-08-17 21:48 140288 c:\windows\Installer\12973f35.msi
+ 2009-08-17 21:48 . 2009-08-17 21:48 202752 c:\windows\Installer\12973f30.msi
+ 2009-08-17 21:48 . 2009-08-17 21:48 152576 c:\windows\Installer\12973f2b.msi
+ 2009-08-17 21:48 . 2009-08-17 21:48 107008 c:\windows\Installer\12973f1c.msi
+ 2009-08-17 21:47 . 2009-08-17 21:47 301056 c:\windows\Installer\12973f17.msi
+ 2009-06-10 13:19 . 2009-06-10 13:19 2066432 c:\windows\system32\dllcache\mstscax.dll
+ 2008-04-25 01:17 . 2009-09-01 01:11 2248192 c:\windows\Installer\119971.msi
- 2008-04-25 01:17 . 2009-08-09 15:40 2248192 c:\windows\Installer\119971.msi
+ 2008-04-25 00:54 . 2009-07-14 03:43 10841088 c:\windows\system32\wmp.dll
+ 2008-04-26 12:52 . 2009-07-30 00:49 24281536 c:\windows\system32\MRT.exe
+ 2009-07-14 03:43 . 2009-07-14 03:43 10841088 c:\windows\system32\dllcache\wmp.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cdloader"="c:\documents and settings\Administrator\Application Data\mjusbsp\cdloader2.exe" [2009-08-01 50520]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus CX4200 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE" [2005-03-08 98304]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-13 163840]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-13 135168]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"ScanSoft PDF Converter 4-reminder"="c:\program files\ScanSoft\PDF Converter 4\Ereg\Ereg.exe" [2006-11-16 35368]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-08 149280]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
"PDF4 Registry Controller"="c:\program files\ScanSoft\PDF Converter 4\RegistryController.exe" [2006-12-19 46632]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-08-17 2007832]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2007-04-16 577536]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2008-12-24 344064]
PowerReg Scheduler.exe [2008-10-28 233472]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-17 13:14 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^HotSync Manager.lnk]
path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\HotSync Manager.lnk
backup=c:\windows\pss\HotSync Manager.lnkStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Thunderbird\\thunderbird.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Documents and Settings\\Administrator\\Application Data\\mjusbsp\\magicJack.exe"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [8/9/2009 11:23 PM 130936]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [4/24/2008 10:14 PM 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [4/24/2008 10:14 PM 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/28/2009 10:53 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/28/2009 10:53 AM 72944]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [6/18/2009 8:43 AM 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [7/5/2008 8:41 AM 297752]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [3/17/2009 8:03 PM 92008]
R3 PAC7302;PAC7302 VGA USB Camera;c:\windows\system32\drivers\PAC7302.SYS [8/9/2009 11:39 AM 457856]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [7/28/2009 10:53 AM 7408]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [8/9/2009 11:23 PM 348752]
.
.
------- Supplementary Scan -------
.
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Open with ScanSoft PDF Converter 4.0 - c:\program files\ScanSoft\PDF Converter 4\cnvres_eng.dll /100
DPF: {3AD09ACB-EE3C-4B13-8371-38DD65947DCE} - hxxp://198.111.161.52/HD300CTL.cab
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wrn4kz2r.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/index.html
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npatgpc.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-31 22:10
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(560)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(796)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-09-01 22:11
ComboFix-quarantined-files.txt 2009-09-01 02:11
ComboFix2.txt 2009-09-01 01:58
ComboFix3.txt 2009-08-13 01:36
ComboFix4.txt 2009-08-11 20:57
ComboFix5.txt 2009-09-01 02:05

Pre-Run: 84,257,509,376 bytes free
Post-Run: 84,243,464,192 bytes free

280 --- E O F --- 2009-08-27 07:00

#9 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:44 AM

Posted 06 September 2009 - 11:16 AM

Don't worry about the host file error. We will fix it.

I need the first log of Combofix. Please go to start -> Run.
  • Copy and paste the bold line in the run-box and click OK: C:\Qoobox\ComboFix5.txt
  • A text file opens up, copy and paste the content to your reply.


#10 liznarf

liznarf
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:44 PM

Posted 06 September 2009 - 11:19 AM

ComboFix 09-08-10.06 - Administrator 08/11/2009 16:27.1.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1527.957 [GMT -4:00]
Running from: L:\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Mozilla Firefox\searchplugins\search.xml

.
((((((((((((((((((((((((( Files Created from 2009-07-11 to 2009-08-11 )))))))))))))))))))))))))))))))
.

2009-08-11 20:18 . 2009-08-01 16:16 6256600 ---ha-w- c:\documents and settings\Administrator\Application Data\mjusbsp\in00000\setup.exe
2009-08-11 20:18 . 2009-08-01 16:12 728600 ---ha-w- c:\documents and settings\Administrator\Application Data\mjusbsp\ar00000\install.exe
2009-08-10 22:43 . 2009-08-10 22:44 -------- d-----w- c:\windows\system32\NtmsData
2009-08-10 22:35 . 2009-08-10 22:35 921632 ----a-w- C:\PA7302.DAT
2009-08-10 22:25 . 2009-08-10 22:25 -------- d-----w- c:\windows\PixArt
2009-08-10 03:23 . 2008-12-11 12:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-08-10 03:23 . 2009-04-03 14:18 130936 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-08-10 03:23 . 2008-12-18 15:16 73840 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-08-10 03:23 . 2009-08-10 22:49 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-08-10 03:23 . 2009-08-10 03:24 -------- d-----w- c:\program files\Common Files\PC Tools
2009-08-10 03:23 . 2008-12-10 15:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-08-10 03:23 . 2009-08-10 03:25 -------- d-----w- c:\program files\Spyware Doctor
2009-08-10 03:23 . 2009-08-10 03:23 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-08-10 03:23 . 2009-08-10 03:23 -------- d-----w- c:\documents and settings\Administrator\Application Data\PC Tools
2009-08-09 19:16 . 2009-08-09 19:16 153104 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-08-09 17:19 . 2009-08-09 17:19 -------- d-----w- c:\windows\system32\XPSViewer
2009-08-09 17:19 . 2009-08-09 17:19 -------- d-----w- c:\program files\MSBuild
2009-08-09 17:19 . 2009-08-09 17:19 -------- d-----w- c:\program files\Reference Assemblies
2009-08-09 17:18 . 2009-08-09 17:18 -------- d-----w- C:\680620c7a931b91c2b
2009-08-09 17:18 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-09 17:18 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-09 17:18 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-08-09 17:18 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-08-09 17:18 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-08-09 17:18 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-08-09 17:18 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-09 17:18 . 2009-08-09 17:21 -------- d-----w- c:\windows\SxsCaPendDel
2009-08-09 15:39 . 2007-06-14 19:29 457856 ----a-w- c:\windows\system32\drivers\PAC7302.SYS
2009-08-09 15:39 . 2006-11-20 13:04 6656 ----a-w- c:\windows\system32\CoInst.dll
2009-08-09 15:39 . 2009-08-09 15:39 -------- d-----w- c:\program files\VGA USB Camera
2009-08-09 15:39 . 2009-08-09 15:39 -------- d-----w- c:\documents and settings\Administrator\Application Data\InstallShield
2009-08-08 20:41 . 2009-08-08 20:51 -------- d-----w- c:\documents and settings\Administrator\Application Data\Reg Tool
2009-08-08 20:41 . 2009-08-08 20:54 -------- d-----w- c:\program files\Reg Tool
2009-08-08 16:21 . 2009-08-08 16:21 -------- d-----w- c:\program files\Java
2009-08-06 21:36 . 2009-08-08 16:19 152576 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-08-06 21:28 . 2009-08-10 22:49 117760 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-08-06 15:57 . 2009-08-06 15:57 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-08-06 15:57 . 2009-08-06 15:57 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-08-06 15:57 . 2009-08-06 15:57 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2009-08-06 15:56 . 2009-08-06 15:56 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-08-06 15:49 . 2009-08-01 16:16 6256600 ---ha-w- c:\documents and settings\Administrator\Application Data\mjusbsp\Upgrade\setup1.exe
2009-08-06 15:49 . 2009-08-01 16:12 728600 ---ha-w- c:\documents and settings\Administrator\Application Data\mjusbsp\Upgrade\install1.exe
2009-08-06 15:48 . 2008-04-13 18:45 60032 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2009-08-06 15:48 . 2008-04-13 18:45 60032 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2009-08-06 15:46 . 2009-08-06 15:46 -------- d-----w- c:\windows\system32\wbem\Repository
2009-08-06 03:27 . 2009-08-06 03:27 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\tjnet
2009-08-03 20:26 . 2009-08-11 20:18 -------- d-----w- c:\documents and settings\Administrator\Application Data\mjusbsp
2009-08-01 16:16 . 2009-08-01 16:16 95576 ----a-w- c:\documents and settings\Administrator\Application Data\mjusbsp\ug00000\magicJack.dll
2009-08-01 16:16 . 2009-08-01 16:16 6256600 ----a-w- c:\documents and settings\Administrator\Application Data\mjusbsp\ug00000\setup.exe
2009-08-01 16:16 . 2009-08-01 16:16 413304 ----a-w- c:\documents and settings\Administrator\Application Data\mjusbsp\magicJackLoader.exe
2009-08-01 16:16 . 2009-08-01 16:16 480608 ----a-w- c:\documents and settings\Administrator\Application Data\mjusbsp\octvqe1_apiw.dll
2009-08-01 16:16 . 2009-08-01 16:16 214360 ----a-w- c:\documents and settings\Administrator\Application Data\mjusbsp\TjVista.dll
2009-08-01 16:16 . 2009-08-01 16:16 325040 ----a-w- c:\documents and settings\Administrator\Application Data\mjusbsp\TjIpSys.dll
2009-08-01 16:16 . 2009-08-01 16:16 570736 ----a-w- c:\documents and settings\Administrator\Application Data\mjusbsp\SJHandsetMagicJack.dll
2009-08-01 16:15 . 2009-08-01 16:15 87384 ----a-w- c:\documents and settings\Administrator\Application Data\mjusbsp\st00000\mjsetup.exe
2009-08-01 16:15 . 2009-08-01 16:15 95576 ----a-w- c:\documents and settings\Administrator\Application Data\mjusbsp\st00000\magicJack.dll
2009-08-01 16:15 . 2009-08-01 16:15 95576 ----a-w- c:\documents and settings\Administrator\Application Data\mjusbsp\magicJack.dll
2009-08-01 16:13 . 2009-08-01 16:13 12231512 ----a-w- c:\documents and settings\Administrator\Application Data\mjusbsp\magicJack.exe
2009-08-01 16:12 . 2009-08-01 16:12 728600 ----a-w- c:\documents and settings\Administrator\Application Data\mjusbsp\ug00000\install.exe
2009-08-01 16:12 . 2009-08-01 16:12 87384 ----a-w- c:\documents and settings\Administrator\Application Data\mjusbsp\in00000\mjsetup.exe
2009-08-01 16:12 . 2009-08-01 16:12 95576 ----a-w- c:\documents and settings\Administrator\Application Data\mjusbsp\in00000\magicJack.dll
2009-08-01 16:11 . 2009-08-01 16:11 441704 ----a-w- c:\documents and settings\Administrator\Application Data\mjusbsp\ug00000\magicJackSplash.exe
2009-08-01 16:11 . 2009-08-01 16:11 441704 ----a-w- c:\documents and settings\Administrator\Application Data\mjusbsp\st00000\magicJackSplash.exe
2009-08-01 16:11 . 2009-08-01 16:11 441704 ----a-w- c:\documents and settings\Administrator\Application Data\mjusbsp\magicJackSplash.exe
2009-08-01 16:11 . 2009-08-01 16:11 441704 ----a-w- c:\documents and settings\Administrator\Application Data\mjusbsp\in00000\magicJackSplash.exe
2009-08-01 16:11 . 2009-08-01 16:11 50520 ----a-w- c:\documents and settings\Administrator\Application Data\mjusbsp\cdloader2.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-10 22:29 . 2008-04-29 22:29 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-08-09 15:39 . 2008-04-25 01:23 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-08 16:21 . 2009-01-20 01:14 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-08-07 13:55 . 2008-04-26 16:08 -------- d-----w- c:\documents and settings\Administrator\Application Data\AdobeUM
2009-07-26 13:57 . 2008-04-25 02:14 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-06-29 16:12 . 2001-08-18 12:00 827392 ----a-w- c:\windows\system32\wininet.dll
2009-06-29 16:12 . 2008-04-25 00:54 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 16:12 . 2001-08-18 12:00 17408 ------w- c:\windows\system32\corpol.dll
2009-06-18 12:43 . 2008-04-25 02:14 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-16 14:36 . 2001-08-18 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2001-08-18 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-03 19:09 . 2001-08-18 12:00 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-05-19 20:07 . 2009-05-19 20:07 27976 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll
2009-05-19 20:07 . 2009-05-19 20:07 126360 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll
2009-05-19 20:07 . 2009-05-19 20:07 46408 ----a-w- c:\program files\mozilla firefox\plugins\atmccli.dll
2009-05-19 20:07 . 2009-05-19 20:07 98712 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cdloader"="c:\documents and settings\Administrator\Application Data\mjusbsp\cdloader2.exe" [2009-08-01 50520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus CX4200 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE" [2005-03-08 98304]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-12 1948440]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-13 163840]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-13 135168]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PDF4 Registry Controller"="c:\program files\ScanSoft\PDF Converter 4\RegistryController.exe" [2006-12-19 46632]
"ScanSoft PDF Converter 4-reminder"="c:\program files\ScanSoft\PDF Converter 4\Ereg\Ereg.exe" [2006-11-16 35368]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-08 149280]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2008-04-14 169984]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2007-04-16 577536]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
PowerReg Scheduler.exe [2008-10-28 233472]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-11 12:29 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^HotSync Manager.lnk]
path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\HotSync Manager.lnk
backup=c:\windows\pss\HotSync Manager.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^Picture Motion Browser Media Check Tool.lnk]
path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk
backup=c:\windows\pss\Picture Motion Browser Media Check Tool.lnkStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\usmt\\migwiz.exe"=
"c:\\Program Files\\Mozilla Thunderbird\\thunderbird.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Documents and Settings\\Administrator\\Application Data\\mjusbsp\\magicJack.exe"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [8/9/2009 11:23 PM 130936]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [4/24/2008 10:14 PM 335752]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [4/24/2008 10:14 PM 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/28/2009 10:53 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/28/2009 10:53 AM 72944]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [6/18/2009 8:43 AM 907032]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [7/5/2008 8:41 AM 298776]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [3/17/2009 8:03 PM 92008]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [7/28/2009 10:53 AM 7408]
S3 PAC7302;PAC7302 VGA USB Camera;c:\windows\system32\drivers\PAC7302.SYS [8/9/2009 11:39 AM 457856]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [8/9/2009 11:23 PM 348752]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Open with ScanSoft PDF Converter 4.0 - c:\program files\ScanSoft\PDF Converter 4\cnvres_eng.dll /100
DPF: {3AD09ACB-EE3C-4B13-8371-38DD65947DCE} - hxxp://198.111.161.52/HD300CTL.cab
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wrn4kz2r.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/index.html
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npatgpc.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-11 16:31
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(576)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
.
Completion time: 2009-08-11 16:32
ComboFix-quarantined-files.txt 2009-08-11 20:32

Pre-Run: 85,087,019,008 bytes free
Post-Run: 85,510,639,616 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

249 --- E O F --- 2009-08-10 03:44

#11 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:44 AM

Posted 06 September 2009 - 11:28 AM

  • Delete your copy of Combofix from the desktop and download ComboFix from one of these locations:

    Link 1
    Link 2
    Link 3

    * IMPORTANT !!! Save ComboFix.exe to your Desktop


    Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Information on A/V control HERE)

    Open notepad (start > All Programs > Accessories > Notepad) and copy/paste the text in the code box below into it:

    File::
    C:\windows\system32\drivers\etc\hosts

    Save this as CFScript.txt, in the same location as ComboFix.exe


    Posted Image

    Referring to the picture above, drag CFScript into ComboFix.exe

    When finished, it shall produce a log for you ( "C:\ComboFix.txt"). Please copy and paste the log to your reply.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall


  • Please go to start => Run => Copy and paste the bold line in the run-box and click OK:

    "C:\Qoobox\Add-Remove Programs.txt"

    A text file opens up, copy and paste the content to your reply.


#12 liznarf

liznarf
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:44 PM

Posted 06 September 2009 - 12:03 PM

ComboFix 09-09-06.02 - Administrator 09/06/2009 12:52.6.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1527.765 [GMT -4:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2009-08-06 to 2009-09-06 )))))))))))))))))))))))))))))))
.

2009-09-06 15:51 . 2009-09-06 15:51 -------- d-----w- C:\HostsXXpert
2009-08-23 23:54 . 2009-08-23 23:54 -------- d-----w- c:\program files\Microsoft
2009-08-18 23:10 . 2009-08-18 23:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-18 23:10 . 2009-08-18 23:12 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-18 01:02 . 2008-10-16 18:06 268648 ----a-w- c:\windows\system32\mucltui.dll
2009-08-17 21:49 . 2009-09-06 16:33 -------- d-----w- c:\documents and settings\Administrator\Tracing
2009-08-17 21:48 . 2009-08-17 21:48 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-08-17 21:48 . 2009-08-17 21:48 -------- d-----w- c:\program files\Windows Live
2009-08-17 21:46 . 2009-08-17 21:46 -------- d-----w- c:\program files\Common Files\Windows Live
2009-08-17 00:27 . 2009-08-17 00:27 -------- d-----w- c:\documents and settings\Administrator\Application Data\MSN6
2009-08-17 00:27 . 2009-08-17 00:27 -------- d-----w- c:\documents and settings\All Users\Application Data\MSN6
2009-08-13 09:35 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-08-13 00:16 . 2009-08-13 00:16 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-08-13 00:15 . 2009-08-03 17:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-13 00:15 . 2009-08-13 01:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-13 00:15 . 2009-08-13 00:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-13 00:15 . 2009-08-03 17:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-10 22:43 . 2009-08-10 22:44 -------- d-----w- c:\windows\system32\NtmsData
2009-08-10 22:35 . 2009-09-02 00:47 230432 ----a-w- C:\PA7302.DAT
2009-08-10 22:25 . 2009-08-10 22:25 -------- d-----w- c:\windows\PixArt
2009-08-10 03:23 . 2008-12-11 12:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-08-10 03:23 . 2009-04-03 14:18 130936 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-08-10 03:23 . 2008-12-18 15:16 73840 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-08-10 03:23 . 2009-08-10 22:49 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-08-10 03:23 . 2009-08-10 03:24 -------- d-----w- c:\program files\Common Files\PC Tools
2009-08-10 03:23 . 2008-12-10 15:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-08-10 03:23 . 2009-08-10 03:25 -------- d-----w- c:\program files\Spyware Doctor
2009-08-10 03:23 . 2009-08-10 03:23 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-08-10 03:23 . 2009-08-10 03:23 -------- d-----w- c:\documents and settings\Administrator\Application Data\PC Tools
2009-08-09 19:16 . 2009-08-09 19:16 153104 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-08-09 17:19 . 2009-08-09 17:19 -------- d-----w- c:\windows\system32\XPSViewer
2009-08-09 17:19 . 2009-08-09 17:19 -------- d-----w- c:\program files\MSBuild
2009-08-09 17:19 . 2009-08-09 17:19 -------- d-----w- c:\program files\Reference Assemblies
2009-08-09 17:18 . 2009-08-09 17:18 -------- d-----w- C:\680620c7a931b91c2b
2009-08-09 17:18 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-08-09 17:18 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2009-08-09 17:18 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2009-08-09 17:18 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2009-08-09 17:18 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2009-08-09 17:18 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2009-08-09 17:18 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-08-09 17:18 . 2009-08-09 17:21 -------- d-----w- c:\windows\SxsCaPendDel
2009-08-09 15:39 . 2007-06-14 19:29 457856 ----a-w- c:\windows\system32\drivers\PAC7302.SYS
2009-08-09 15:39 . 2006-11-20 13:04 6656 ----a-w- c:\windows\system32\CoInst.dll
2009-08-09 15:39 . 2009-08-09 15:39 -------- d-----w- c:\program files\VGA USB Camera
2009-08-09 15:39 . 2009-08-09 15:39 -------- d-----w- c:\documents and settings\Administrator\Application Data\InstallShield
2009-08-08 20:41 . 2009-08-08 20:51 -------- d-----w- c:\documents and settings\Administrator\Application Data\Reg Tool
2009-08-08 20:41 . 2009-08-08 20:54 -------- d-----w- c:\program files\Reg Tool
2009-08-08 16:21 . 2009-08-08 16:21 -------- d-----w- c:\program files\Java

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-04 10:48 . 2008-04-29 22:29 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-08-30 14:49 . 2009-08-03 20:26 -------- d-----w- c:\documents and settings\Administrator\Application Data\mjusbsp
2009-08-17 21:49 . 2008-04-25 00:59 161688 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-17 13:14 . 2008-04-25 02:14 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-17 13:14 . 2008-04-25 02:14 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-17 13:14 . 2008-04-25 02:14 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-11 22:59 . 2008-04-26 16:08 -------- d-----w- c:\documents and settings\Administrator\Application Data\AdobeUM
2009-08-09 15:39 . 2008-04-25 01:23 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-08 16:21 . 2009-01-20 01:14 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-08-06 15:57 . 2009-08-06 15:57 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-08-06 15:57 . 2009-08-06 15:57 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-08-06 15:57 . 2009-08-06 15:57 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2009-08-06 15:56 . 2009-08-06 15:56 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-08-05 09:01 . 2001-08-18 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-26 20:44 . 2009-07-26 20:44 48448 ----a-w- c:\windows\system32\sirenacm.dll
2009-07-17 19:01 . 2001-08-18 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 03:43 . 2008-04-25 00:54 286208 ------w- c:\windows\system32\wmpdxm.dll
2009-06-29 16:12 . 2001-08-18 12:00 827392 ------w- c:\windows\system32\wininet.dll
2009-06-29 16:12 . 2008-04-25 00:54 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 16:12 . 2001-08-18 12:00 17408 ------w- c:\windows\system32\corpol.dll
2009-06-25 08:25 . 2001-08-18 12:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2001-08-18 12:00 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2001-08-18 12:00 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2001-08-18 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:25 . 2001-08-18 12:00 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:25 . 2001-08-18 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-24 11:18 . 2001-08-18 12:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-16 14:36 . 2001-08-18 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2001-08-18 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-12 12:31 . 2001-08-18 12:00 80896 ----a-w- c:\windows\system32\tlntsess.exe
2009-06-12 12:31 . 2001-08-18 12:00 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:13 . 2001-08-18 12:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 13:19 . 2008-04-25 03:08 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:14 . 2001-08-18 12:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-05-19 20:07 . 2009-05-19 20:07 27976 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll
2009-05-19 20:07 . 2009-05-19 20:07 126360 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll
2009-05-19 20:07 . 2009-05-19 20:07 46408 ----a-w- c:\program files\mozilla firefox\plugins\atmccli.dll
2009-05-19 20:07 . 2009-05-19 20:07 98712 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-08-11_20.31.28 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-11 23:41 . 2009-07-11 23:41 97280 c:\windows\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_473666fd\ATL80.dll
+ 2007-11-13 11:31 . 2009-07-14 11:03 46080 c:\windows\system32\tzchange.exe
+ 2008-04-25 00:51 . 2007-07-27 14:41 26488 c:\windows\system32\spupdsvc.exe
- 2008-04-25 00:51 . 2007-11-30 11:18 26488 c:\windows\system32\spupdsvc.exe
+ 2008-05-21 00:35 . 2009-05-26 11:40 17272 c:\windows\system32\spmsg.dll
- 2008-05-21 00:35 . 2007-11-30 11:18 17272 c:\windows\system32\spmsg.dll
+ 2009-06-25 08:25 . 2009-06-25 08:25 54272 c:\windows\system32\dllcache\wdigest.dll
+ 2009-06-12 12:31 . 2009-06-12 12:31 80896 c:\windows\system32\dllcache\tlntsess.exe
+ 2009-06-12 12:31 . 2009-06-12 12:31 76288 c:\windows\system32\dllcache\telnet.exe
- 2009-02-03 19:59 . 2009-02-03 19:59 56832 c:\windows\system32\dllcache\secur32.dll
+ 2009-02-03 19:59 . 2009-06-25 08:25 56832 c:\windows\system32\dllcache\secur32.dll
+ 2009-06-24 11:18 . 2009-06-24 11:18 92928 c:\windows\system32\dllcache\ksecdd.sys
+ 2009-06-10 14:13 . 2009-06-10 14:13 84992 c:\windows\system32\dllcache\avifil32.dll
+ 2009-07-17 19:01 . 2009-07-17 19:01 58880 c:\windows\system32\dllcache\atl.dll
+ 2009-08-23 23:53 . 2009-08-23 23:53 27136 c:\windows\Installer\1d59ec5b.msi
+ 2009-08-17 21:48 . 2009-08-17 21:48 83456 c:\windows\Installer\12973f26.msi
+ 2009-08-17 21:48 . 2009-08-17 21:48 59904 c:\windows\Installer\12973f21.msi
+ 2009-08-17 21:48 . 2009-08-17 21:48 62304 c:\windows\Installer\{F6BD194C-4190-4D73-B1B1-C48C99921BFE}\IconWlc.exe
+ 2009-08-23 23:54 . 2009-08-23 23:54 80395 c:\windows\Installer\{A85FD55B-891B-4314-97A5-EA96C0BD80B5}\MsblIco.Exe
+ 2009-08-17 21:49 . 2009-08-17 21:49 80395 c:\windows\Installer\{0AAA9C97-74D4-47CE-B089-0B147EF3553C}\MsblIco.Exe
+ 2008-04-24 19:32 . 2009-08-18 07:06 492272 c:\windows\system32\FNTCACHE.DAT
+ 2009-07-14 03:43 . 2009-07-14 03:43 286208 c:\windows\system32\dllcache\wmpdxm.dll
+ 2009-06-10 06:14 . 2009-06-10 06:14 132096 c:\windows\system32\dllcache\wkssvc.dll
+ 2008-12-05 06:54 . 2009-06-25 08:25 147456 c:\windows\system32\dllcache\schannel.dll
+ 2009-08-05 09:01 . 2009-08-05 09:01 204800 c:\windows\system32\dllcache\mswebdvd.dll
+ 2009-06-25 08:25 . 2009-06-25 08:25 136192 c:\windows\system32\dllcache\msv1_0.dll
+ 2009-04-15 00:05 . 2009-06-25 08:25 730112 c:\windows\system32\dllcache\lsasrv.dll
+ 2009-06-25 08:25 . 2009-06-25 08:25 301568 c:\windows\system32\dllcache\kerberos.dll
+ 2009-08-23 23:54 . 2009-08-23 23:54 430080 c:\windows\Installer\1d59ec83.msi
+ 2009-08-23 23:54 . 2009-08-23 23:54 155648 c:\windows\Installer\1d59ec67.msi
+ 2009-08-18 07:00 . 2009-08-18 07:00 248832 c:\windows\Installer\1490f8f6.msi
+ 2009-08-17 21:48 . 2009-08-17 21:48 140288 c:\windows\Installer\12973f35.msi
+ 2009-08-17 21:48 . 2009-08-17 21:48 202752 c:\windows\Installer\12973f30.msi
+ 2009-08-17 21:48 . 2009-08-17 21:48 152576 c:\windows\Installer\12973f2b.msi
+ 2009-08-17 21:48 . 2009-08-17 21:48 107008 c:\windows\Installer\12973f1c.msi
+ 2009-08-17 21:47 . 2009-08-17 21:47 301056 c:\windows\Installer\12973f17.msi
+ 2009-06-10 13:19 . 2009-06-10 13:19 2066432 c:\windows\system32\dllcache\mstscax.dll
- 2008-04-25 01:17 . 2009-08-09 15:40 2248192 c:\windows\Installer\119971.msi
+ 2008-04-25 01:17 . 2009-09-02 02:23 2248192 c:\windows\Installer\119971.msi
+ 2008-04-25 00:54 . 2009-07-14 03:43 10841088 c:\windows\system32\wmp.dll
+ 2008-04-26 12:52 . 2009-07-30 00:49 24281536 c:\windows\system32\MRT.exe
+ 2009-07-14 03:43 . 2009-07-14 03:43 10841088 c:\windows\system32\dllcache\wmp.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cdloader"="c:\documents and settings\Administrator\Application Data\mjusbsp\cdloader2.exe" [2009-08-01 50520]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPSON Stylus CX4200 Series"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIAEA.EXE" [2005-03-08 98304]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-13 163840]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-13 135168]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"ScanSoft PDF Converter 4-reminder"="c:\program files\ScanSoft\PDF Converter 4\Ereg\Ereg.exe" [2006-11-16 35368]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-08-08 149280]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-05-27 413696]
"PDF4 Registry Controller"="c:\program files\ScanSoft\PDF Converter 4\RegistryController.exe" [2006-12-19 46632]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-08-17 2007832]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2007-04-16 577536]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2008-12-24 344064]
PowerReg Scheduler.exe [2008-10-28 233472]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-17 13:14 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^Administrator^Start Menu^Programs^Startup^HotSync Manager.lnk]
path=c:\documents and settings\Administrator\Start Menu\Programs\Startup\HotSync Manager.lnk
backup=c:\windows\pss\HotSync Manager.lnkStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Thunderbird\\thunderbird.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Documents and Settings\\Administrator\\Application Data\\mjusbsp\\magicJack.exe"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [8/9/2009 11:23 PM 130936]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [4/24/2008 10:14 PM 335240]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [4/24/2008 10:14 PM 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/28/2009 10:53 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/28/2009 10:53 AM 72944]
R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [6/18/2009 8:43 AM 908056]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [7/5/2008 8:41 AM 297752]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [3/17/2009 8:03 PM 92008]
S3 PAC7302;PAC7302 VGA USB Camera;c:\windows\system32\drivers\PAC7302.SYS [8/9/2009 11:39 AM 457856]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [7/28/2009 10:53 AM 7408]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [8/9/2009 11:23 PM 348752]
.
.
------- Supplementary Scan -------
.
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Open with ScanSoft PDF Converter 4.0 - c:\program files\ScanSoft\PDF Converter 4\cnvres_eng.dll /100
DPF: {3AD09ACB-EE3C-4B13-8371-38DD65947DCE} - hxxp://198.111.161.52/HD300CTL.cab
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\wrn4kz2r.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (Eng)
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/index.html
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npatgpc.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-06 12:56
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(560)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(3752)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-09-06 12:58
ComboFix-quarantined-files.txt 2009-09-06 16:58
ComboFix2.txt 2009-09-01 02:11
ComboFix3.txt 2009-09-01 01:58
ComboFix4.txt 2009-08-13 01:36
ComboFix5.txt 2009-09-06 16:52

Pre-Run: 84,202,754,048 bytes free
Post-Run: 84,173,889,536 bytes free

253 --- E O F --- 2009-08-27 07:00






Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Reader 6.0
American Airlines TravelDesk
Apple Software Update
AVG Free 8.5
Critical Update for Windows Media Player 11 (KB959772)
EPSON Printer Software
EPSON Scan
Granite Bay II
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Intel® Graphics Media Accelerator Driver
Java™ 6 Update 15
LS_HSI
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Professional
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.5.2)
Mozilla Thunderbird (2.0.0.22)
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Nero Suite
Palm Desktop
Picasa 3
QuickTime
Realtek AC'97 Audio
ScanSoft PDF Converter 4
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Segoe UI
Sony Picture Utility
Sony USB Driver
Spybot - Search & Destroy
Spyware Doctor 6.1
SUPERAntiSpyware Free Edition
TaxCut Michigan 2008
TaxCut Premium + State + Efile 2008
TomTom HOME 2.6.1.1549
TomTom HOME Visual Studio Merge Modules
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
VGA USB Camera
WD Diagnostics
WebEx
WebFldrs XP
Winamp
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 7
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Service Pack 3

#13 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:44 AM

Posted 06 September 2009 - 12:11 PM

Are you sure you did the step with CFScript as instructed? I don't see it on the log. Let's see:

Go to start > Run copy/paste the following line in the run box and click OK.

notepad C:\windows\system32\drivers\etc\hosts

A text file opens. Please post its content to your reply.

#14 liznarf

liznarf
  • Topic Starter

  • Members
  • 62 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:44 PM

Posted 06 September 2009 - 01:02 PM

# Copyright © 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost
74.125.45.100 test1111.com
74.125.45.100 test1112.com
74.125.45.100 4-open-davinci.com
74.125.45.100 securitysoftwarepayments.com
74.125.45.100 privatesecuredpayments.com
74.125.45.100 secure.privatesecuredpayments.com
74.125.45.100 getantivirusplusnow.com
74.125.45.100 secure-plus-payments.com
74.125.45.100 www.getantivirusplusnow.com
74.125.45.100 www.secure-plus-payments.com
74.125.45.100 www.getavplusnow.com
74.125.45.100 www.securesoftwarebill.com
64.86.17.32 google.ae
64.86.17.32 google.as
64.86.17.32 google.at
64.86.17.32 google.az
64.86.17.32 google.ba
64.86.17.32 google.be
64.86.17.32 google.bg
64.86.17.32 google.bs
64.86.17.32 google.ca
64.86.17.32 google.cd
64.86.17.32 google.com.gh
64.86.17.32 google.com.hk
64.86.17.32 google.com.jm
64.86.17.32 google.com.mx
64.86.17.32 google.com.my
64.86.17.32 google.com.na
64.86.17.32 google.com.nf
64.86.17.32 google.com.ng
64.86.17.32 google.ch
64.86.17.32 google.com.np
64.86.17.32 google.com.pr
64.86.17.32 google.com.qa
64.86.17.32 google.com.sg
64.86.17.32 google.com.tj
64.86.17.32 google.com.tw
64.86.17.32 google.dj
64.86.17.32 google.de
64.86.17.32 google.dk
64.86.17.32 google.dm
64.86.17.32 google.ee
64.86.17.32 google.fi
64.86.17.32 google.fm
64.86.17.32 google.fr
64.86.17.32 google.ge
64.86.17.32 google.gg
64.86.17.32 google.gm
64.86.17.32 google.gr
64.86.17.32 google.ht
64.86.17.32 google.ie
64.86.17.32 google.im
64.86.17.32 google.in
64.86.17.32 google.it
64.86.17.32 google.ki
64.86.17.32 google.la
64.86.17.32 google.li
64.86.17.32 google.lv
64.86.17.32 google.ma
64.86.17.32 google.ms
64.86.17.32 google.mu
64.86.17.32 google.mw
64.86.17.32 google.nl
64.86.17.32 google.no
64.86.17.32 google.nr
64.86.17.32 google.nu
64.86.17.32 google.pl
64.86.17.32 google.pn
64.86.17.32 google.pt
64.86.17.32 google.ro
64.86.17.32 google.ru
64.86.17.32 google.rw
64.86.17.32 google.sc
64.86.17.32 google.se
64.86.17.32 google.sh
64.86.17.32 google.si
64.86.17.32 google.sm
64.86.17.32 google.sn
64.86.17.32 google.st
64.86.17.32 google.tl
64.86.17.32 google.tm
64.86.17.32 google.tt
64.86.17.32 google.us
64.86.17.32 google.vu
64.86.17.32 google.ws
64.86.17.32 google.co.ck
64.86.17.32 google.co.id
64.86.17.32 google.co.il
64.86.17.32 google.co.in
64.86.17.32 google.co.jp
64.86.17.32 google.co.kr
64.86.17.32 google.co.ls
64.86.17.32 google.co.ma
64.86.17.32 google.co.nz
64.86.17.32 google.co.tz
64.86.17.32 google.co.ug
64.86.17.32 google.co.uk
64.86.17.32 google.co.za
64.86.17.32 google.co.zm
64.86.17.32 google.com
64.86.17.32 google.com.af
64.86.17.32 google.com.ag
64.86.17.32 google.com.ar
64.86.17.32 google.com.au
64.86.17.32 google.com.bn
64.86.17.32 google.com.br
64.86.17.32 google.com.by
64.86.17.32 google.com.bz
64.86.17.32 google.com.cu
64.86.17.32 google.com.ec
64.86.17.32 google.com.fj
64.86.17.32 www.google.ae
64.86.17.32 www.google.as
64.86.17.32 www.google.at
64.86.17.32 www.google.az
64.86.17.32 www.google.ba
64.86.17.32 www.google.be
64.86.17.32 www.google.bg
64.86.17.32 www.google.bs
64.86.17.32 www.google.ca
64.86.17.32 www.google.cd
64.86.17.32 www.google.com.gh
64.86.17.32 www.google.com.hk
64.86.17.32 www.google.com.jm
64.86.17.32 www.google.com.mx
64.86.17.32 www.google.com.my
64.86.17.32 www.google.com.na
64.86.17.32 www.google.com.nf
64.86.17.32 www.google.com.ng
64.86.17.32 www.google.ch
64.86.17.32 www.google.com.np
64.86.17.32 www.google.com.pr
64.86.17.32 www.google.com.qa
64.86.17.32 www.google.com.sg
64.86.17.32 www.google.com.tj
64.86.17.32 www.google.com.tw
64.86.17.32 www.google.dj
64.86.17.32 www.google.de
64.86.17.32 www.google.dk
64.86.17.32 www.google.dm
64.86.17.32 www.google.ee
64.86.17.32 www.google.fi
64.86.17.32 www.google.fm
64.86.17.32 www.google.fr
64.86.17.32 www.google.ge
64.86.17.32 www.google.gg
64.86.17.32 www.google.gm
64.86.17.32 www.google.gr
64.86.17.32 www.google.ht
64.86.17.32 www.google.ie
64.86.17.32 www.google.im
64.86.17.32 www.google.in
64.86.17.32 www.google.it
64.86.17.32 www.google.ki
64.86.17.32 www.google.la
64.86.17.32 www.google.li
64.86.17.32 www.google.lv
64.86.17.32 www.google.ma
64.86.17.32 www.google.ms
64.86.17.32 www.google.mu
64.86.17.32 www.google.mw
64.86.17.32 www.google.nl
64.86.17.32 www.google.no
64.86.17.32 www.google.nr
64.86.17.32 www.google.nu
64.86.17.32 www.google.pl
64.86.17.32 www.google.pn
64.86.17.32 www.google.pt
64.86.17.32 www.google.ro
64.86.17.32 www.google.ru
64.86.17.32 www.google.rw
64.86.17.32 www.google.sc
64.86.17.32 www.google.se
64.86.17.32 www.google.sh
64.86.17.32 www.google.si
64.86.17.32 www.google.sm
64.86.17.32 www.google.sn
64.86.17.32 www.google.st
64.86.17.32 www.google.tl
64.86.17.32 www.google.tm
64.86.17.32 www.google.tt
64.86.17.32 www.google.us
64.86.17.32 www.google.vu
64.86.17.32 www.google.ws
64.86.17.32 www.google.co.ck
64.86.17.32 www.google.co.id
64.86.17.32 www.google.co.il
64.86.17.32 www.google.co.in
64.86.17.32 www.google.co.jp
64.86.17.32 www.google.co.kr
64.86.17.32 www.google.co.ls
64.86.17.32 www.google.co.ma
64.86.17.32 www.google.co.nz
64.86.17.32 www.google.co.tz
64.86.17.32 www.google.co.ug
64.86.17.32 www.google.co.uk
64.86.17.32 www.google.co.za
64.86.17.32 www.google.co.zm
64.86.17.32 www.google.com
64.86.17.32 www.google.com.af
64.86.17.32 www.google.com.ag
64.86.17.32 www.google.com.ar
64.86.17.32 www.google.com.au
64.86.17.32 www.google.com.bn
64.86.17.32 www.google.com.br
64.86.17.32 www.google.com.by
64.86.17.32 www.google.com.bz
64.86.17.32 www.google.com.cu
64.86.17.32 www.google.com.ec
64.86.17.32 www.google.com.fj
64.86.17.32 google.com
64.86.17.32 www.google.com
64.86.17.32 bing.com
64.86.17.32 www.bing.com
64.86.17.32 search.yahoo.com
64.86.17.32 www.search.yahoo.com
64.86.17.32 search.live.com
64.86.17.32 search.msn.com
64.86.17.32 googleads.g.doubleclick.net
64.86.17.32 www.googleads.g.doubleclick.net
64.86.17.32 pubads.g.doubleclick.net
64.86.17.32 www.pubads.g.doubleclick.net
64.86.17.32 partner.googleadservices.com
64.86.17.32 www.partner.googleadservices.com
64.86.17.32 www.partner.googleadservices.com

#15 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,719 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:44 AM

Posted 06 September 2009 - 01:16 PM

Please download the attached CFScript.txt file, drag it to Combofix and let it run. Post the log please.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users