Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Intermittent google redirects in firefox and IE


  • This topic is locked This topic is locked
5 replies to this topic

#1 OneEyedMan

OneEyedMan

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:13 AM

Posted 20 March 2010 - 06:52 PM

I'm a bit lost. I'd say it has been on the order of 13 or 14 years since I got my last computer virus but now something is wrong on my machine and I cannot find the source. From time to time (I would say about 1 in 3 times) when I do a google search instead of being taken to the link I click on in the search I go to a random ad related page that isn't what I clicked on. I thought it might be a problem from my various browser extensions but I'm having the same problem in IE. It also seems like my machine is slower but that could be my imagination.

I've run ad-aware, spybot, and a couple of other spyware searchers and have found nothing. I tried reinstalling firefox and the problem persisted. I wouldn't describe myself as a squeaky clean computer user but I always run a firewall (windows defender) and an anti-virus (CA antivirus) and I check all suspicious files.

I should note that when I ran the GMER script I unchecked the other drives on my computer as directed. However, MY Documents and My Downloads directories are on the other drive (p:\). If you like me to include that drive let me know and I will rerun everything.

_____________________Start DDS Output__________________________

DDS (Ver_10-03-17.01) - NTFSx86
Run by Benjamin Kay at 23:33:42.84 on Fri 03/19/2010
Internet Explorer: 8.0.6001.18882 BrowserJavaVersion: 1.6.0_17
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3325.1937 [GMT -7:00]

AV: CA Anti-Virus *On-access scanning enabled* (Updated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: CA Anti-Spyware *enabled* (Updated) {6B98D35F-BB76-41C0-876B-A50645ED099A}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============


============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Bar = Preserve
uInternet Settings,ProxyOverride = *.local;<local>
uInternet Settings,ProxyServer = asmodai.ucsd.edu:3128
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
uRun: [TranscodingService] c:\program files\tivo\desktop\plus\\TranscodingService.exe
uRun: [ieaudiodrv] rundll32.exe "c:\users\benjamin kay\appdata\local\ieaudiodrv\ieaudiodrv.dll", DllInit
uRun: [ExpanDrive] "c:\program files\expandrive\ExpanDrive.exe" /AUTORUN
uRun: [Evernote] "c:\program files\evernote\evernote3.5\evernote.exe" /minimized
uRun: [TivoServer] c:\program files\tivo\desktop\TiVoServer.exe /service /registry /auto:TivoServer
uRun: [TivoTransfer] c:\program files\tivo\desktop\TiVoTransfer.exe
uRun: [TivoNotify] c:\program files\tivo\desktop\TiVoNotify.exe /service /registry /auto:TivoNotify
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [cctray] "c:\program files\ca\ca internet security suite\cctray\cctray.exe"
mRun: [CAVRID] "c:\program files\ca\ca internet security suite\ca anti-virus\CAVRID.exe"
mRun: [dlcxmon.exe] "c:\program files\dell photo aio printer 926\dlcxmon.exe"
mRun: [DLCXCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCXtime.dll,_RunDLLEntry@16
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to &Evernote - c:\program files\evernote\evernote3.5\enbar.dll/2000
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223} - c:\program files\bonjour\ExplorerPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE} - c:\program files\evernote\evernote3.5\enbar.dll
LSP: c:\windows\system32\VetRedir.dll
Trusted Zone: filehippo.com\www
Trusted Zone: ucsd.edu\vpn
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www1.snapfish.com/SnapfishActivia.cab
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://vpn-2.ucsd.edu/CACHE/stc/1/binaries/vpnweb.cab
DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} - hxxps://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.3.4.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\users\benjam~1\appdata\roaming\mozilla\firefox\profiles\rv23l82c.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - www.3x3links.com/oneeyedman
FF - prefs.js: network.proxy.ftp - wwwproxy.ms.com
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.gopher - wwwproxy.ms.com
FF - prefs.js: network.proxy.gopher_port - 8080
FF - prefs.js: network.proxy.http - wwwproxy.ms.com
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - wwwproxy.ms.com
FF - prefs.js: network.proxy.socks_port - 8080
FF - prefs.js: network.proxy.ssl - wwwproxy.ms.com
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 2
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R? FontCache;Windows Font Cache Service
R? gupdate;Google Update Service (gupdate)
R? pbfilter;pbfilter
R? SASENUM;SASENUM
R? sshd;CYGWIN sshd
R? TivoBeacon2;TiVo Beacon Service
S? AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7
S? AERTFilters;Andrea RT Filters Service
S? CAISafe;CAISafe
S? dlcx_device;dlcx_device
S? Envy24HFS;ICE Envy24 Family Audio Controller WDM
S? ExpanDrive;ExpanDrive
S? PPCtlPriv;PPCtlPriv
S? SASDIFSV;SASDIFSV
S? SASKUTIL;SASKUTIL
S? VET-FILT;VET File System Filter
S? VET-REC;VET File System Recognizer
S? VETEBOOT;VET Boot Scan Engine
S? VETMONNT;VET File Monitor
S? VETMSGNT;VET Message Service
S? vpnagent;Cisco AnyConnect VPN Agent
S? WebUpdate4;Web Update Wizard Service V4
S? yeddef;YEDDEF driver

============== File Associations ===============

.txt=UltraEdit.txt

=============== Created Last 30 ================

2010-03-20 05:45:49 93056 ----a-w- C:\uwldrpow.sys
2010-03-20 05:36:48 528017998 ----a-w- c:\windows\MEMORY.DMP
2010-03-20 04:20:21 0 d-----w- c:\users\benjam~1\appdata\roaming\SUPERAntiSpyware.com
2010-03-20 04:20:21 0 d-----w- c:\programdata\SUPERAntiSpyware.com
2010-03-20 01:27:08 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-03-20 01:22:41 0 dc-h--w- c:\programdata\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-03-20 01:22:18 0 d-----w- c:\programdata\Lavasoft
2010-03-20 01:22:18 0 d-----w- c:\program files\Lavasoft
2010-03-20 00:20:29 0 d-----w- c:\program files\MozBackup
2010-03-18 16:39:36 0 d-----w- c:\programdata\TiVo
2010-03-18 16:39:36 0 d-----w- c:\program files\TiVo
2010-03-18 01:00:39 0 d-----w- c:\users\benjam~1\appdata\roaming\RenPy
2010-03-17 07:18:15 98304 ----a-w- c:\windows\system32\CNCLSU23.DLL
2010-03-17 07:18:14 81920 ----a-w- c:\windows\system32\CNCLSI23.DLL
2010-03-17 07:18:14 77824 ----a-w- c:\windows\system32\CNCLST23.DLL
2010-03-17 07:18:14 77824 ----a-w- c:\windows\system32\CNCLSC23.DLL
2010-03-17 07:18:14 106496 ----a-w- c:\windows\system32\CNCLSD23.DLL
2010-03-17 07:18:08 73728 ----a-w- c:\windows\system32\CNCL4100.DLL
2010-03-17 07:18:08 69632 ----a-w- c:\windows\system32\CNCI4100.DLL
2010-03-17 07:18:08 49152 ----a-w- c:\windows\system32\cncilsc.dll
2010-03-17 07:18:06 208896 ----a-w- c:\windows\system32\CNCC4100.DLL
2010-03-17 06:07:08 2412588 ----a-w- c:\windows\system32\iop.dll
2010-03-16 18:39:25 135168 ----a-w- c:\windows\system32\imgenh.dll
2010-03-16 18:38:23 827392 ----a-w- c:\windows\system32\scanintf.dll
2010-03-16 18:36:53 479232 ----a-w- c:\windows\system32\nbscor4m.dll
2010-03-16 18:35:11 36864 ----a-w- c:\windows\system32\nbs4mb.dll
2010-03-16 18:32:59 24576 ----a-w- c:\windows\system32\jda_cimg.dll
2010-03-16 18:30:54 98304 ----a-w- c:\windows\system32\rmslantc.dll
2010-03-15 16:39:08 0 d-----w- c:\programdata\Spybot - Search & Destroy
2010-03-15 16:39:08 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-03-11 18:25:15 0 d-----w- c:\program files\ExpanDrive
2010-03-11 18:13:59 0 d-----w- C:\rwc
2010-03-11 18:12:23 0 d-----w- c:\users\benjam~1\appdata\roaming\NetDrive
2010-03-11 11:01:41 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-03-11 11:01:41 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-03-11 11:01:41 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-03-09 04:45:55 0 d-----w- c:\program files\Windows Portable Devices
2010-03-09 04:42:51 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-03-09 04:33:47 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2010-03-09 04:33:47 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2010-03-09 04:33:47 234496 ----a-w- c:\windows\system32\oleacc.dll
2010-03-09 04:31:01 714240 ----a-w- c:\windows\system32\timedate.cpl
2010-03-09 04:30:58 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-03-09 04:30:57 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-03-09 04:30:57 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-03-09 04:30:57 471552 ----a-w- c:\windows\system32\secproc.dll
2010-03-09 04:30:57 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-03-09 04:30:57 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-03-09 04:30:57 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-03-09 04:30:57 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-03-09 04:30:56 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-03-09 04:30:45 310784 ----a-w- c:\windows\system32\unregmp2.exe
2010-03-09 04:30:44 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-03-09 04:29:13 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-03-09 04:29:13 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-03-09 04:29:12 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-03-07 17:46:06 0 d-----w- c:\users\benjam~1\appdata\roaming\lyx16
2010-03-07 16:32:18 94 ----a-w- c:\windows\family.ini
2010-02-27 03:18:05 0 d-----w- c:\program files\PeerBlock
2010-02-25 19:27:07 2016 ---ha-w- c:\users\benjamin kay\kk4151bc.st
2010-02-25 19:27:07 2016 ---ha-w- c:\users\benjam~1\appdata\roaming\fdd6fd5a.dat
2010-02-24 09:59:59 2048 ----a-w- c:\windows\system32\tzres.dll

==================== Find3M ====================

2010-03-17 07:19:08 51200 ----a-w- c:\windows\inf\infpub.dat
2010-03-17 07:19:08 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-03-17 07:19:07 143360 ----a-w- c:\windows\inf\infstor.dat
2010-03-09 04:45:53 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-02-24 17:16:06 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-10 02:24:00 1277496 ----a-w- c:\windows\system32\cryptopp.dll
2010-01-02 06:38:20 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32:33 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 06:32:33 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 04:57:00 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2008-07-04 20:04:59 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-14 16:46:05 245760 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-10-16 04:33:42 262144 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2007-02-21 19:49:52 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 23:38:59.49 ===============

_____________________End DDS Output__________________________

Attached Files



BC AdBot (Login to Remove)

 


#2 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:02:13 PM

Posted 22 March 2010 - 04:03 PM

Hello, and welcome.gif to the Malware Removal forum! My online alias is Blade Zephon, or Blade for short, and I will be assisting you with your malware issues!

If you have since resolved the original problem you were having, we would appreciate you letting us know.

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.

Before we begin cleaning your machine, I'd like to lay out some guidelines for us to follow while we are working together.
  • I will be assisting you with your malware issues. This may or may not resolve other problems you are having with your computer. If you are still having problems after your machine has been determined clean, I will be glad to direct you to the proper forum for assistance.
  • Even if things appear better, that does not mean we are finished. Please continue to follow my instructions until I give you the all clean. Absence of symptoms does not mean that all the malware has been removed. If a piece of the infection is left, it can regenerate and reinfect your machine.
  • Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • I ask that you please refrain from running tools other than those I suggest to you while I am cleaning up your computer. The reason for this is so I know what is going on with the machine at any time. If you act independently it will cause changes to your system that I will not be aware of, which will make the process of cleaning the machine a much slower and more difficult process. Additionally, some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you are unsure or confused about any instructions I give you, you should ask me to clarify before doing anything. Additionally, if you run into any problems while carrying out instructions, you should STOP and reply back here explaining what happened.
  • After 5 days if a topic is not replied to we assume it has been abandoned and it is closed. If you need additional time, that is perfectly alright; you just need to let us know beforehand. smile.gif

***************************************************

Please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

~Blade

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#3 OneEyedMan

OneEyedMan
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:13 AM

Posted 22 March 2010 - 06:39 PM

Thank you Blade Zephon for your help. This is a really nice thing you do for the community. I am still having the same problem. I also ran a MALWAREBYTES anti-malware full system scan which found some stuff (infected unused files and and a registry key which I removed (HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.) but I still have the problem of redirection.

I thought that I already ran the DDS program and that's where I generated the output above. However, I have followed the link you rerun the script and posted the output.


Below is my DDS Output and the attach file is zipped and attached.______________________________________

DDS (Ver_10-03-17.01) - NTFSx86
Run by Benjamin Kay at 16:26:25.97 on Mon 03/22/2010
Internet Explorer: 8.0.6001.18882 BrowserJavaVersion: 1.6.0_17
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3325.1043 [GMT -7:00]

AV: CA Anti-Virus *On-access scanning enabled* (Updated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: CA Anti-Spyware *enabled* (Updated) {6B98D35F-BB76-41C0-876B-A50645ED099A}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
C:\Windows\system32\AERTSrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Windows\system32\dlcxcoms.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\Windows\system32\WebUpdateSvc4.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\cavrid.exe
C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\ExpanDrive\ExpanDrive.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\Program Files\Evernote\Evernote3.5\Evernote.exe
C:\Program Files\TiVo\Desktop\TiVoServer.exe
C:\Program Files\TiVo\Desktop\TiVoTransfer.exe
C:\Program Files\TiVo\Desktop\TiVoNotify.exe
C:\Program Files\Google\Google Calendar Sync\GoogleCalendarSync.exe
C:\Program Files\Process Explorer\procexp.exe
C:\Users\Benjamin Kay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PureText.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\IDM Computer Solutions\UltraEdit-32\Uedit32.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsOrganizer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\VideoLAN\VLC\vlc.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Benjamin Kay\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Bar = Preserve
uInternet Settings,ProxyOverride = *.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
uRun: [TranscodingService] c:\program files\tivo\desktop\plus\\TranscodingService.exe
uRun: [ieaudiodrv] rundll32.exe "c:\users\benjamin kay\appdata\local\ieaudiodrv\ieaudiodrv.dll", DllInit
uRun: [ExpanDrive] "c:\program files\expandrive\ExpanDrive.exe" /AUTORUN
uRun: [Evernote] "c:\program files\evernote\evernote3.5\evernote.exe" /minimized
uRun: [TivoServer] c:\program files\tivo\desktop\TiVoServer.exe /service /registry /auto:TivoServer
uRun: [TivoTransfer] c:\program files\tivo\desktop\TiVoTransfer.exe
uRun: [TivoNotify] c:\program files\tivo\desktop\TiVoNotify.exe /service /registry /auto:TivoNotify
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [cctray] "c:\program files\ca\ca internet security suite\cctray\cctray.exe"
mRun: [CAVRID] "c:\program files\ca\ca internet security suite\ca anti-virus\CAVRID.exe"
mRun: [dlcxmon.exe] "c:\program files\dell photo aio printer 926\dlcxmon.exe"
mRun: [DLCXCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCXtime.dll,_RunDLLEntry@16
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
StartupFolder: c:\users\benjam~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\proces~1.lnk - c:\program files\process explorer\procexp.exe
StartupFolder: c:\users\benjamin kay\appdata\roaming\microsoft\windows\start menu\programs\startup\PureText.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\google~1.lnk - c:\program files\google\google calendar sync\GoogleCalendarSync.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to &Evernote - c:\program files\evernote\evernote3.5\enbar.dll/2000
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: {7F9DB11C-E358-4ca6-A83D-ACC663939424} - {9999A076-A9E2-4C99-8A2B-632FC9429223} - c:\program files\bonjour\ExplorerPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE} - c:\program files\evernote\evernote3.5\enbar.dll
LSP: c:\windows\system32\VetRedir.dll
Trusted Zone: ucsd.edu\vpn
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://www1.snapfish.com/SnapfishActivia.cab
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://vpn-2.ucsd.edu/CACHE/stc/1/binaries/vpnweb.cab
DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} - hxxps://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.3.4.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\benjam~1\appdata\roaming\mozilla\firefox\profiles\rv23l82c.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - www.3x3links.com/oneeyedman
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 ExpanDrive;ExpanDrive;c:\windows\system32\drivers\ExpanDrive.sys [2009-3-19 294472]
R1 VET-FILT;VET File System Filter;c:\windows\system32\drivers\vet-filt.sys [2007-9-26 26352]
R1 VET-REC;VET File System Recognizer;c:\windows\system32\drivers\vet-rec.sys [2007-9-26 21104]
R1 VETMONNT;VET File Monitor;c:\windows\system32\drivers\vetmonnt.sys [2007-9-26 32240]
R3 Envy24HFS;ICE Envy24 Family Audio Controller WDM;c:\windows\system32\drivers\Envy24HF.sys [2007-3-15 627840]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-3-21 38224]
R3 VETEBOOT;VET Boot Scan Engine;c:\windows\system32\drivers\veteboot.sys [2009-10-13 133520]
R3 yeddef;YEDDEF driver;c:\windows\system32\drivers\yeddef.sys [2007-1-26 19200]
S3 pbfilter;pbfilter;c:\program files\peerblock\pbfilter.sys [2010-2-26 16472]

============== File Associations ===============

.txt=UltraEdit.txt

=============== Created Last 30 ================

2010-03-21 20:55:07 0 d-----w- c:\users\benjam~1\appdata\roaming\Malwarebytes
2010-03-21 20:54:57 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-21 20:54:56 0 d-----w- c:\programdata\Malwarebytes
2010-03-21 20:54:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-21 20:54:54 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-21 01:06:17 7668 ----a-w- c:\windows\system32\drivers\RKREVEAL150.SYS
2010-03-21 00:58:36 0 ----a-w- c:\windows\system32\MTQ
2010-03-20 05:45:49 93056 ----a-w- C:\uwldrpow.sys
2010-03-20 05:36:48 528017998 ----a-w- c:\windows\MEMORY.DMP
2010-03-20 04:20:21 0 d-----w- c:\users\benjam~1\appdata\roaming\SUPERAntiSpyware.com
2010-03-20 04:20:21 0 d-----w- c:\programdata\SUPERAntiSpyware.com
2010-03-20 01:27:08 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-03-20 01:22:18 0 d-----w- c:\programdata\Lavasoft
2010-03-20 00:20:29 0 d-----w- c:\program files\MozBackup
2010-03-18 16:39:36 0 d-----w- c:\programdata\TiVo
2010-03-18 16:39:36 0 d-----w- c:\program files\TiVo
2010-03-18 01:00:39 0 d-----w- c:\users\benjam~1\appdata\roaming\RenPy
2010-03-17 07:18:15 98304 ----a-w- c:\windows\system32\CNCLSU23.DLL
2010-03-17 07:18:14 81920 ----a-w- c:\windows\system32\CNCLSI23.DLL
2010-03-17 07:18:14 77824 ----a-w- c:\windows\system32\CNCLST23.DLL
2010-03-17 07:18:14 77824 ----a-w- c:\windows\system32\CNCLSC23.DLL
2010-03-17 07:18:14 106496 ----a-w- c:\windows\system32\CNCLSD23.DLL
2010-03-17 07:18:08 73728 ----a-w- c:\windows\system32\CNCL4100.DLL
2010-03-17 07:18:08 69632 ----a-w- c:\windows\system32\CNCI4100.DLL
2010-03-17 07:18:08 49152 ----a-w- c:\windows\system32\cncilsc.dll
2010-03-17 07:18:06 208896 ----a-w- c:\windows\system32\CNCC4100.DLL
2010-03-17 06:07:08 2412588 ----a-w- c:\windows\system32\iop.dll
2010-03-16 18:39:25 135168 ----a-w- c:\windows\system32\imgenh.dll
2010-03-16 18:38:23 827392 ----a-w- c:\windows\system32\scanintf.dll
2010-03-16 18:36:53 479232 ----a-w- c:\windows\system32\nbscor4m.dll
2010-03-16 18:35:11 36864 ----a-w- c:\windows\system32\nbs4mb.dll
2010-03-16 18:32:59 24576 ----a-w- c:\windows\system32\jda_cimg.dll
2010-03-16 18:30:54 98304 ----a-w- c:\windows\system32\rmslantc.dll
2010-03-15 16:39:08 0 d-----w- c:\programdata\Spybot - Search & Destroy
2010-03-15 16:39:08 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-03-11 18:25:15 0 d-----w- c:\program files\ExpanDrive
2010-03-11 18:13:59 0 d-----w- C:\rwc
2010-03-11 18:12:23 0 d-----w- c:\users\benjam~1\appdata\roaming\NetDrive
2010-03-11 11:01:41 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-03-11 11:01:41 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-03-11 11:01:41 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-03-09 04:45:55 0 d-----w- c:\program files\Windows Portable Devices
2010-03-09 04:42:51 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-03-09 04:33:47 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2010-03-09 04:33:47 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2010-03-09 04:33:47 234496 ----a-w- c:\windows\system32\oleacc.dll
2010-03-09 04:31:01 714240 ----a-w- c:\windows\system32\timedate.cpl
2010-03-09 04:30:58 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-03-09 04:30:57 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-03-09 04:30:57 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-03-09 04:30:57 471552 ----a-w- c:\windows\system32\secproc.dll
2010-03-09 04:30:57 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-03-09 04:30:57 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-03-09 04:30:57 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-03-09 04:30:57 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-03-09 04:30:56 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-03-09 04:30:45 310784 ----a-w- c:\windows\system32\unregmp2.exe
2010-03-09 04:30:44 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-03-09 04:29:13 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-03-09 04:29:13 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-03-09 04:29:12 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-03-07 17:46:06 0 d-----w- c:\users\benjam~1\appdata\roaming\lyx16
2010-03-07 16:32:18 94 ----a-w- c:\windows\family.ini
2010-02-27 03:18:05 0 d-----w- c:\program files\PeerBlock
2010-02-25 19:27:07 2016 ---ha-w- c:\users\benjamin kay\kk4151bc.st
2010-02-25 19:27:07 2016 ---ha-w- c:\users\benjam~1\appdata\roaming\fdd6fd5a.dat
2010-02-24 09:59:59 2048 ----a-w- c:\windows\system32\tzres.dll

==================== Find3M ====================

2010-03-17 07:19:08 51200 ----a-w- c:\windows\inf\infpub.dat
2010-03-17 07:19:08 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-03-17 07:19:07 143360 ----a-w- c:\windows\inf\infstor.dat
2010-03-09 04:45:53 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-02-24 17:16:06 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-10 02:24:00 1277496 ----a-w- c:\windows\system32\cryptopp.dll
2010-01-02 06:38:20 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32:33 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 06:32:33 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 04:57:00 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2008-07-04 20:04:59 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-14 16:46:05 245760 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-10-16 04:33:42 262144 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2007-02-21 19:49:52 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 16:27:55.20 ===============

Attached Files



#4 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:02:13 PM

Posted 23 March 2010 - 07:59 AM

Download Combofix from any of the links below but rename it to renamed.exe before saving it to your desktop.


Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • VERY IMPORTANT: Disable all running antivirus, antimalware and firewall programs as they may interfere with the proper running of ComboFix. Click on this link to see a list of programs that should be disabled. NOTE: This list is not all-inclusive. If yours is not listed and you do not know how to disable it, please ask.
  • Double click on renamed.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


~Blade


In your next reply, please include the following:
ComboFix log

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#5 OneEyedMan

OneEyedMan
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:13 AM

Posted 23 March 2010 - 10:56 AM

Thank you for the continued help. I have run the combofix as directed. I am not sure if you wanted the log attached or included so I did both.



___________________Begin Log___________________________________________

ComboFix 10-03-22.03 - Benjamin Kay 03/23/2010 8:36.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3325.1981 [GMT -7:00]
Running from: c:\users\Benjamin Kay\Desktop\renamed.exe
AV: CA Anti-Virus *On-access scanning disabled* (Updated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}
SP: CA Anti-Spyware *disabled* (Updated) {6B98D35F-BB76-41C0-876B-A50645ED099A}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\users\Benjamin Kay\AppData\Local\ieaudiodrv\ieaudiodrv.dll
c:\windows\system32\Connect.dll
c:\windows\system32\images
c:\windows\system32\images\toolbar\calendar.gif
c:\windows\system32\images\toolbar\crlogo.gif
c:\windows\system32\images\toolbar\export.gif
c:\windows\system32\images\toolbar\export_over.gif
c:\windows\system32\images\toolbar\exportd.gif
c:\windows\system32\images\toolbar\First.gif
c:\windows\system32\images\toolbar\first_over.gif
c:\windows\system32\images\toolbar\Firstd.gif
c:\windows\system32\images\toolbar\gotopage.gif
c:\windows\system32\images\toolbar\gotopage_over.gif
c:\windows\system32\images\toolbar\gotopaged.gif
c:\windows\system32\images\toolbar\grouptree.gif
c:\windows\system32\images\toolbar\grouptree_over.gif
c:\windows\system32\images\toolbar\grouptreed.gif
c:\windows\system32\images\toolbar\grouptreepressed.gif
c:\windows\system32\images\toolbar\Last.gif
c:\windows\system32\images\toolbar\last_over.gif
c:\windows\system32\images\toolbar\Lastd.gif
c:\windows\system32\images\toolbar\Next.gif
c:\windows\system32\images\toolbar\next_over.gif
c:\windows\system32\images\toolbar\Nextd.gif
c:\windows\system32\images\toolbar\Prev.gif
c:\windows\system32\images\toolbar\prev_over.gif
c:\windows\system32\images\toolbar\Prevd.gif
c:\windows\system32\images\toolbar\print.gif
c:\windows\system32\images\toolbar\print_over.gif
c:\windows\system32\images\toolbar\printd.gif
c:\windows\system32\images\toolbar\Refresh.gif
c:\windows\system32\images\toolbar\refresh_over.gif
c:\windows\system32\images\toolbar\refreshd.gif
c:\windows\system32\images\toolbar\Search.gif
c:\windows\system32\images\toolbar\search_over.gif
c:\windows\system32\images\toolbar\searchd.gif
c:\windows\system32\images\toolbar\up.gif
c:\windows\system32\images\toolbar\up_over.gif
c:\windows\system32\images\toolbar\upd.gif
c:\windows\system32\images\tree\begindots.gif
c:\windows\system32\images\tree\beginminus.gif
c:\windows\system32\images\tree\beginplus.gif
c:\windows\system32\images\tree\blank.gif
c:\windows\system32\images\tree\blankdots.gif
c:\windows\system32\images\tree\dots.gif
c:\windows\system32\images\tree\lastdots.gif
c:\windows\system32\images\tree\lastminus.gif
c:\windows\system32\images\tree\lastplus.gif
c:\windows\system32\images\tree\Magnify.gif
c:\windows\system32\images\tree\minus.gif
c:\windows\system32\images\tree\minusbox.gif
c:\windows\system32\images\tree\plus.gif
c:\windows\system32\images\tree\plusbox.gif
c:\windows\system32\images\tree\singleminus.gif
c:\windows\system32\images\tree\singleplus.gif

.
((((((((((((((((((((((((( Files Created from 2010-02-23 to 2010-03-23 )))))))))))))))))))))))))))))))
.

2010-03-23 15:41 . 2010-03-23 15:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-03-21 20:55 . 2010-03-21 20:55 -------- d-----w- c:\users\Benjamin Kay\AppData\Roaming\Malwarebytes
2010-03-21 20:54 . 2010-01-07 23:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-21 20:54 . 2010-03-21 20:54 -------- d-----w- c:\programdata\Malwarebytes
2010-03-21 20:54 . 2010-03-21 20:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-21 20:54 . 2010-01-07 23:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-21 01:06 . 2010-03-21 01:06 7668 ----a-w- c:\windows\system32\drivers\RKREVEAL150.SYS
2010-03-20 05:45 . 2010-03-20 05:45 93056 ----a-w- C:\uwldrpow.sys
2010-03-20 04:20 . 2010-03-20 04:20 -------- d-----w- c:\users\Benjamin Kay\AppData\Roaming\SUPERAntiSpyware.com
2010-03-20 04:20 . 2010-03-20 04:20 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-03-20 01:27 . 2010-03-20 04:23 -------- dc----w- c:\windows\system32\DRVSTORE
2010-03-20 01:27 . 2010-03-20 01:27 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-03-20 01:22 . 2010-03-20 04:23 -------- d-----w- c:\programdata\Lavasoft
2010-03-20 00:52 . 2010-03-20 00:52 0 ----a-w- c:\windows\nsreg.dat
2010-03-20 00:20 . 2010-03-20 00:20 -------- d-----w- c:\program files\MozBackup
2010-03-18 16:39 . 2010-03-18 16:39 -------- d-----w- c:\programdata\TiVo
2010-03-18 16:39 . 2010-03-18 16:39 -------- d-----w- c:\program files\TiVo
2010-03-18 01:00 . 2010-03-18 01:00 -------- d-----w- c:\users\Benjamin Kay\AppData\Roaming\RenPy
2010-03-17 07:18 . 2007-01-25 17:03 98304 ----a-w- c:\windows\system32\CNCLSU23.DLL
2010-03-17 07:18 . 2007-01-25 17:04 81920 ----a-w- c:\windows\system32\CNCLSI23.DLL
2010-03-17 07:18 . 2007-01-25 17:04 106496 ----a-w- c:\windows\system32\CNCLSD23.DLL
2010-03-17 07:18 . 2007-01-25 17:03 77824 ----a-w- c:\windows\system32\CNCLSC23.DLL
2010-03-17 07:18 . 2007-01-25 17:03 77824 ----a-w- c:\windows\system32\CNCLST23.DLL
2010-03-17 07:18 . 2007-01-25 17:04 49152 ----a-w- c:\windows\system32\cncilsc.dll
2010-03-17 07:18 . 2007-01-25 17:03 73728 ----a-w- c:\windows\system32\CNCL4100.DLL
2010-03-17 07:18 . 2007-01-25 17:03 69632 ----a-w- c:\windows\system32\CNCI4100.DLL
2010-03-17 07:18 . 2007-01-25 17:03 208896 ----a-w- c:\windows\system32\CNCC4100.DLL
2010-03-17 06:07 . 2006-03-12 07:09 2412588 ----a-w- c:\windows\system32\iop.dll
2010-03-16 18:39 . 2003-01-29 10:45 135168 ----a-w- c:\windows\system32\imgenh.dll
2010-03-16 18:38 . 2003-01-29 10:45 827392 ----a-w- c:\windows\system32\scanintf.dll
2010-03-16 18:36 . 2001-09-11 00:44 479232 ----a-w- c:\windows\system32\nbscor4m.dll
2010-03-16 18:35 . 2001-09-11 00:44 36864 ----a-w- c:\windows\system32\nbs4mb.dll
2010-03-16 18:32 . 2002-06-12 22:27 24576 ----a-w- c:\windows\system32\jda_cimg.dll
2010-03-16 18:30 . 2001-09-11 00:44 98304 ----a-w- c:\windows\system32\rmslantc.dll
2010-03-15 16:39 . 2010-03-19 09:01 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-03-15 16:39 . 2010-03-15 16:45 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-03-11 18:25 . 2010-03-11 18:26 -------- d-----w- c:\program files\ExpanDrive
2010-03-11 18:13 . 2010-03-11 18:14 -------- d-----w- C:\rwc
2010-03-11 18:12 . 2010-03-11 18:17 -------- d-----w- c:\users\Benjamin Kay\AppData\Roaming\NetDrive
2010-03-11 17:37 . 2010-03-23 15:41 -------- d-----w- c:\users\Benjamin Kay\AppData\Local\ieaudiodrv
2010-03-11 11:01 . 2010-02-20 23:06 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-03-11 11:01 . 2010-02-20 23:05 30720 ----a-w- c:\windows\system32\httpapi.dll
2010-03-11 11:01 . 2010-02-20 20:53 411648 ----a-w- c:\windows\system32\drivers\http.sys
2010-03-09 04:45 . 2010-03-09 04:45 -------- d-----w- c:\program files\Windows Portable Devices
2010-03-09 04:33 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2010-03-09 04:33 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2010-03-09 04:33 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2010-03-09 04:30 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc_isv.dll
2010-03-09 04:30 . 2010-01-25 12:00 152576 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-03-09 04:30 . 2010-01-25 12:00 152064 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-03-09 04:30 . 2010-01-25 12:00 471552 ----a-w- c:\windows\system32\secproc.dll
2010-03-09 04:30 . 2010-01-25 08:21 526336 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-03-09 04:30 . 2010-01-25 08:21 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-03-09 04:30 . 2010-01-25 08:21 518144 ----a-w- c:\windows\system32\RMActivate.exe
2010-03-09 04:30 . 2010-01-25 08:21 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-03-09 04:30 . 2010-01-25 11:58 332288 ----a-w- c:\windows\system32\msdrm.dll
2010-03-09 04:30 . 2009-09-10 14:58 310784 ----a-w- c:\windows\system32\unregmp2.exe
2010-03-09 04:30 . 2009-09-10 14:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-03-09 04:29 . 2010-01-06 15:39 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-03-09 04:29 . 2010-01-06 15:38 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-03-09 04:29 . 2010-01-06 13:30 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-03-07 17:46 . 2010-03-07 17:55 -------- d-----w- c:\users\Benjamin Kay\AppData\Roaming\lyx16
2010-03-07 16:32 . 2010-03-07 16:32 -------- d-----w- c:\users\Benjamin Kay\AppData\Roaming\HotSync
2010-02-27 03:18 . 2010-03-11 17:38 -------- d-----w- c:\program files\PeerBlock
2010-02-24 09:59 . 2010-01-23 09:26 2048 ----a-w- c:\windows\system32\tzres.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-23 15:41 . 2007-09-27 01:37 -------- d-----w- c:\users\Benjamin Kay\AppData\Roaming\Skype
2010-03-23 15:18 . 2009-05-31 18:26 -------- d-----w- c:\users\Benjamin Kay\AppData\Roaming\vlc
2010-03-22 07:38 . 2009-08-30 19:32 -------- d-----r- c:\program files\Skype
2010-03-22 07:04 . 2007-09-27 03:25 -------- d-----w- c:\program files\WinSCP
2010-03-20 05:51 . 2007-09-30 23:24 -------- d-----w- c:\users\Benjamin Kay\AppData\Roaming\uTorrent
2010-03-18 06:45 . 2010-03-18 01:01 116 ----a-w- c:\users\Benjamin Kay\AppData\Roaming\RenPy\persistent\scoutshonour.com
2010-03-17 17:22 . 2009-12-22 18:07 -------- d-----w- c:\program files\Opera
2010-03-17 06:05 . 2008-12-30 19:08 -------- d-----w- c:\program files\Canon
2010-03-17 05:58 . 2007-09-27 00:17 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-17 05:54 . 2008-12-30 20:22 -------- d-----w- c:\users\Benjamin Kay\AppData\Roaming\NewSoft
2010-03-16 18:23 . 2007-11-26 16:57 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-03-12 05:01 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-03-11 18:02 . 2008-08-20 20:50 -------- d-----w- c:\program files\WebDrive
2010-03-11 11:06 . 2007-09-27 02:56 -------- d-----w- c:\programdata\Microsoft Help
2010-03-09 05:01 . 2007-09-26 23:43 128616 ----a-w- c:\users\Benjamin Kay\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-09 04:42 . 2010-03-09 04:42 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2010-03-07 17:46 . 2007-10-08 02:59 -------- d-----w- c:\program files\LyX15
2010-03-07 16:49 . 2007-10-08 04:09 56000 ----a-w- c:\programdata\Aspell\Dictionaries\Uninstall-AspellDict-en.exe
2010-03-07 16:48 . 2007-10-08 02:59 61966 ----a-w- c:\programdata\Aspell\Uninstall-AspellData.exe
2010-03-07 16:48 . 2008-12-10 04:06 -------- d-----w- c:\program files\LyX16
2010-03-07 16:45 . 2007-09-27 00:42 -------- d-----w- c:\program files\Google
2010-02-25 20:18 . 2010-02-25 19:27 2016 ---ha-w- c:\users\Benjamin Kay\AppData\Roaming\fdd6fd5a.dat
2010-02-25 19:52 . 2009-03-21 18:52 -------- d-----w- c:\program files\Paint.NET
2010-02-24 17:16 . 2009-10-02 22:27 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-22 01:40 . 2007-09-27 01:09 -------- d-----w- c:\program files\Common Files\Adobe
2010-02-22 01:36 . 2009-10-18 17:16 -------- d-----w- c:\program files\MyDefrag v4.2.3
2010-02-22 01:14 . 2007-10-20 19:17 -------- d-----w- c:\program files\Dl_cats
2010-02-22 00:48 . 2008-06-29 00:57 -------- d-----w- c:\program files\Microsoft Silverlight
2010-02-15 15:14 . 2009-07-28 03:02 -------- d-----w- c:\program files\Stata11
2010-02-10 02:24 . 2010-02-10 02:24 1277496 ----a-w- c:\windows\system32\cryptopp.dll
2010-02-06 16:21 . 2010-02-06 16:21 -------- d-----w- c:\program files\Evernote
2010-01-02 06:38 . 2010-01-22 11:41 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-01-22 11:41 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 06:32 . 2010-01-22 11:41 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 04:57 . 2010-01-22 11:41 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-26 14:18 . 2009-12-26 14:18 658184 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-12-25 15:10 . 2009-12-25 15:10 2232 ----a-w- c:\users\Benjamin Kay\ia_remove.sh7666.tmp
2007-02-21 19:49 . 2007-02-21 19:49 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TranscodingService"="c:\program files\TiVo\Desktop\Plus\\TranscodingService.exe" [2009-11-02 856280]
"ExpanDrive"="c:\program files\ExpanDrive\ExpanDrive.exe" [2010-03-11 483776]
"Evernote"="c:\program files\Evernote\Evernote3.5\evernote.exe" [2010-03-10 3788736]
"TivoServer"="c:\program files\TiVo\Desktop\TiVoServer.exe" [2009-11-02 2195160]
"TivoTransfer"="c:\program files\TiVo\Desktop\TiVoTransfer.exe" [2009-11-02 604888]
"TivoNotify"="c:\program files\TiVo\Desktop\TiVoNotify.exe" [2009-11-02 430808]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-17 4907008]
"cctray"="c:\program files\CA\CA Internet Security Suite\cctray\cctray.exe" [2009-07-31 177392]
"CAVRID"="c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe" [2009-12-02 230664]
"dlcxmon.exe"="c:\program files\Dell Photo AIO Printer 926\dlcxmon.exe" [2007-01-12 292336]
"DLCXCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll" [2006-10-16 106496]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-09-17 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-17 8497696]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-17 81920]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]

c:\users\Benjamin Kay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Process Explorer.lnk - c:\program files\Process Explorer\procexp.exe [2009-4-6 3550592]
PureText.exe [2003-8-21 28672]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Google Calendar Sync.lnk - c:\program files\Google\Google Calendar Sync\GoogleCalendarSync.exe [2008-10-2 546288]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Users^Benjamin Kay^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Sync with Asmodai using SCP.lnk]
path=c:\users\Benjamin Kay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sync with Asmodai using SCP.lnk
backup=c:\windows\pss\Sync with Asmodai using SCP.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2008-06-12 05:43 640376 ----a-w- c:\program files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2009-12-11 23:57 948672 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray.exe]
2008-01-19 07:33 125952 ----a-w- c:\windows\ehome\ehtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2005-02-17 00:15 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MemoryCardManager]
2006-11-03 22:04 304008 ----a-w- c:\program files\Dell Photo AIO Printer 926\memcard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RoxWatchTray]
2006-11-05 18:22 221184 ----a-w- c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-10-25 17:03 210472 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WrtMon.exe]
2006-09-20 16:35 20480 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\WrtMon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(cool.gif:3b,78,fa,00,e1,59,ca,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3698801109-3439187496-1604348225-1000]
"EnableNotificationsRef"=dword:00000001

R1 SASDIFSV;SASDIFSV;c:\users\BENJAM~1\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV.SYS [x]
R1 SASKUTIL;SASKUTIL;c:\users\BENJAM~1\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL.sys [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 135664]
R2 sshd;CYGWIN sshd;c:\cygwin\bin\cygrunsrv.exe [2006-06-19 43008]
R2 WebUpdate4;Web Update Wizard Service V4;c:\windows\system32\WebUpdateSvc4.exe [2007-06-25 229592]
R3 ISCDC;ISCDC;c:\users\BENJAM~1\AppData\Local\Temp\ISCDC.exe [x]
R3 NFJ;NFJ;c:\users\BENJAM~1\AppData\Local\Temp\NFJ.exe [x]
R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [2009-09-28 16472]
R3 SASENUM;SASENUM;c:\users\BENJAM~1\AppData\Local\Temp\SAS_SelfExtract\SASENUM.SYS [x]
R4 TivoBeacon2;TiVo Beacon Service;c:\program files\TiVo\Desktop\TiVoBeacon.exe [2009-11-02 1098968]
S1 ExpanDrive;ExpanDrive;c:\windows\system32\drivers\ExpanDrive.sys [2009-03-19 294472]
S2 AdobeActiveFileMonitor7.0;Adobe Active File Monitor V7;c:\program files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe [2008-09-16 169312]
S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2007-12-05 77824]
S2 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe [2006-10-11 532480]
S3 Envy24HFS;ICE Envy24 Family Audio Controller WDM;c:\windows\system32\drivers\Envy24HF.sys [2007-03-15 627840]
S3 PPCtlPriv;PPCtlPriv;c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe [2007-09-27 189704]
S3 yeddef;YEDDEF driver;c:\windows\system32\Drivers\yeddef.sys [2007-01-26 19200]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-03-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 03:33]

2010-03-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-01 03:33]

2010-03-23 c:\windows\Tasks\User_Feed_Synchronization-{E9861F33-F5C9-4674-A32E-F2F57DB4D86D}.job
- c:\windows\system32\msfeedssync.exe [2010-01-22 04:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
IE: Add to &Evernote - c:\program files\Evernote\Evernote3.5\enbar.dll/2000
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: {{E0B8C461-F8FB-49b4-8373-FE32E92528A6} - {BC0E0A5D-AB5A-4fa4-A5FA-280E1D58EEEE} - c:\program files\Evernote\Evernote3.5\enbar.dll
LSP: c:\windows\system32\VetRedir.dll
Trusted Zone: ucsd.edu\vpn
DPF: {55963676-2F5E-4BAF-AC28-CF26AA587566} - hxxps://vpn-2.ucsd.edu/CACHE/stc/1/binaries/vpnweb.cab
FF - ProfilePath - c:\users\Benjamin Kay\AppData\Roaming\Mozilla\Firefox\Profiles\rv23l82c.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - www.3x3links.com/oneeyedman
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
.
------- File Associations -------
.
.txt=UltraEdit.txt
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
ShellIconOverlayIdentifiers-{04466240-beb3-11d1-be1c-00aa006b77f4} - (no file)
ShellIconOverlayIdentifiers-{37D70BD3-073C-4180-ADD9-C032EA5A7204} - (no file)
HKCU-Run-ieaudiodrv - c:\users\Benjamin Kay\AppData\Local\ieaudiodrv\ieaudiodrv.dll
MSConfigStartUp-googletalk - c:\program files\Google\Google Talk\googletalk.exe
MSConfigStartUp-OpAgent - OpAgent.exe



**************************************************************************
scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCXCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files:

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3698801109-3439187496-1604348225-1000\Software\SecuROM\License information*]
"datasecu"=hex:87,c1,f9,aa,c1,02,67,7a,6e,4e,31,5f,f8,e4,9c,ea,96,2c,d3,da,1a,
2d,7b,f3,94,a6,e7,e2,e8,3d,48,1b,0b,b3,0e,4f,9b,84,c3,9b,ed,aa,f2,38,74,98,\
"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(816)
c:\program files\CA\SharedComponents\PPRT\bin\CACheck.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAHook.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAServer.dll

- - - - - - - > 'Explorer.exe'(448)
c:\program files\CA\SharedComponents\PPRT\bin\CACheck.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAHook.dll
c:\program files\CA\SharedComponents\PPRT\bin\CAServer.dll
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
c:\program files\WinSCP\DragExt.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
c:\program files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\WUDFHost.exe
c:\windows\System32\rundll32.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Windows Media Player\wmplayer.exe
c:\users\Benjamin Kay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PureText.exe
c:\program files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
c:\program files\CA\CA Internet Security Suite\ccprovsp.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2010-03-23 08:52:08 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-23 15:51

Pre-Run: 137,798,434,816 bytes free
Post-Run: 137,526,554,624 bytes free

- - End Of File - - A41F51130E395E817E46D1CA3D2601D7

Attached Files

  • Attached File  log.txt   28.17KB   2 downloads


#6 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:02:13 PM

Posted 24 March 2010 - 09:28 PM

Hello OneEyedMan

How is the computer running now?

Please go to the Kaspersky website and perform an online antivirus scan.
  1. Read through the requirements and privacy statement and click on Accept button.
  2. It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  3. When the downloads have finished, click on Settings.
  4. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
  5. Click on My Computer under Scan.
  6. Once the scan is complete, it will display the results. Click on View Scan Report.
  7. You will see a list of infected items there. Click on Save Report As....
  8. Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  9. Please post this log in your next reply .

~Blade


In your next reply, please include the following:
Kaspersky Online Scan Log
How is the computer running?

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users