Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Redirected Webpages to Infected Webpages


  • This topic is locked This topic is locked
29 replies to this topic

#1 MayQueen

MayQueen

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:41 PM

Posted 08 April 2010 - 10:37 PM

mellow.gif


DDS.txt


DDS (Ver_10-03-17.01) - NTFSx86
Run by Ti'Ericka at 22:54:16.44 on Thu 04/08/2010
Internet Explorer: 8.0.6001.18882
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2942.1280 [GMT -4:00]

AV: Norton Internet Security *On-access scanning enabled* (Outdated) {E10A9785-9598-4754-B552-92431C1C35F8}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: Norton Internet Security *enabled* (Outdated) {CBB7EE13-8244-4DAB-8B55-D5C7AA91E59A}
FW: Norton Internet Security *enabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\zHotkey.exe
C:\Windows\ModPS2Key.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Spare Backup\SpareBackup.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Napster\napster.exe
C:\Program Files\Ulead Systems\Ulead Photo Express My Scrapbook 2.0\CalCheck.exe
C:\Program Files\Common Files\microsoft shared\Works Shared\WkUFind.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Dealio\kb124\Dealio Deskbar.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\MSN Toolbar\Platform\5.0.1430.0\mswinext.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\BigFix\bigfix.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\iTunes\iTunes.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Users\Ti'Ericka\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ALU2JR94\Defogger[1].exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\notepad.exe
C:\Users\Ti'Ericka\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.msn.com
uWindow Title = Internet Explorer, optimized for Bing and MSN
uDefault_Page_URL = hxxp://www.msn.com
mStart Page = hxxp://www.yahoo.com/
mDefault_Page_URL = hxxp://www.yahoo.com/
mDefault_Search_URL = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
mSearch Page = hxxp://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*http://www.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://www.gateway.com/g/sidepanel.html?Ch=Retail&SubCH=nofound&Br=GTW&Loc=ENG_US&Sys=DTP&M=GT5656
uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
uURLSearchHooks: BitZipperSearch Toolbar: {97bceb59-cfcd-4b16-a863-b3f72cf9f196} - c:\program files\bitzippersearch\tbBit0.dll
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
mURLSearchHooks: BitZipperSearch Toolbar: {97bceb59-cfcd-4b16-a863-b3f72cf9f196} - c:\program files\bitzippersearch\tbBit0.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: HP Print Clips: {053f9267-dc04-4294-a72c-58f732d338c0} - c:\program files\hp\smart web printing\hpswp_framework.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: NCO 2.0 IE BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\common files\symantec shared\coshared\browser\2.0\coIEPlg.dll
BHO: DealioBHO Class: {6a87b991-a31f-4130-ae72-6d0c294bf082} - c:\program files\dealio\kb124\Dealio.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\common~1\symant~1\ids\IPSBHO.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: BitZipperSearch Toolbar: {97bceb59-cfcd-4b16-a863-b3f72cf9f196} - c:\program files\bitzippersearch\tbBit0.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\windows\system32\BAE.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\5.0.1430.0\npwinext.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: EpsonToolBandKicker Class: {e99421fb-68dd-40f0-b4ac-b7027cae2f1a} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: Show Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\common files\symantec shared\coshared\browser\2.0\CoIEPlg.dll
TB: EPSON Web-To-Page: {ee5d279f-081b-4404-994d-c6b60aaeba6d} - c:\program files\epson\epson web-to-page\EPSON Web-To-Page.dll
TB: Dealio: {e67c74f4-a00a-4f2c-9fec-fd9dc004a67f} - c:\program files\dealio\kb124\Dealio.dll
TB: BitZipperSearch Toolbar: {97bceb59-cfcd-4b16-a863-b3f72cf9f196} - c:\program files\bitzippersearch\tbBit0.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: @c:\program files\msn toolbar\platform\5.0.1430.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\5.0.1430.0\npwinext.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
EB: Dealio: {5c4c24d0-28b6-4b6b-b70f-e09848367f10} - c:\program files\dealio\kb124\Dealio.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [EPSON Stylus Photo RX595 Series] c:\windows\system32\spool\drivers\w32x86\3\e_faticla.exe /fu "c:\users\ti'eri~1\appdata\local\temp\E_SF69F.tmp" /EF "HKCU"
uRun: [MsnMsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [EPSON Stylus Photo RX595 Series (Copy 1)] c:\windows\system32\spool\drivers\w32x86\3\e_faticla.exe /fu "c:\users\ti'eri~1\appdata\local\temp\E_S56A6.tmp" /EF "HKCU"
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Installer] c:\users\ti'ericka\appdata\local\microsoft\windows\temporary internet files\content.ie5\ank6rgzq\setup_241_3777_[1].exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [CHotkey] zHotkey.exe
mRun: [ShowWnd] ShowWnd.exe
mRun: [ModPS2] ModPS2Key.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [Spare Backup] "c:\program files\spare backup\SpareBackup.exe" /silent
mRun: [NapsterShell] c:\program files\napster\napster.exe /systray
mRun: [Ulead Photo Express Calendar Checker] c:\program files\ulead systems\ulead photo express my scrapbook 2.0\calcheck.exe
mRun: [Microsoft Works Update Detection] c:\program files\common files\microsoft shared\works shared\WkUFind.exe
mRun: [au] c:\program files\dealio\DealioAU.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Bing Bar] "c:\program files\msn toolbar\platform\5.0.1430.0\mswinext.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
StartupFolder: c:\users\ti'eri~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\bigfix.lnk - c:\program files\bigfix\bigfix.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\common files\microsoft shared\works shared\wkcalrem.exe
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Search
IE: Compare Prices with &Dealio - c:\users\ti'ericka\appdata\locallow\dealio\kb124\res\DealioSearch.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\users\ti'ericka\appdata\roaming\microsoft\windows\start menu\programs\imvu\Run IMVU.lnk
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_01\bin\ssv.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {E908B145-C847-4e85-B315-07E2E70DECF8} - {9F038672-0425-4792-BC9C-36DE3308E8AA} - c:\program files\dealio\kb124\Dealio.dll
LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-3-9 207280]
R1 IDSvix86;Symantec Intrusion Prevention Driver;c:\progra~2\symantec\defini~1\symcdata\ipsdefs\20080512.002\IDSvix86.sys [2008-5-13 261680]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2010-3-9 112592]
R2 LiveUpdate Notice;LiveUpdate Notice;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-3-20 149864]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2010-3-9 365280]
R2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2010-3-9 1141712]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-3-18 24652]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2008-5-18 109616]
R3 Symantec Core LC;Symantec Core LC;c:\progra~1\common~1\symant~1\ccpd-lc\symlcsvc.exe [2008-3-19 1251720]
R3 SYMNDISV;SYMNDISV;c:\windows\system32\drivers\symndisv.sys [2009-2-19 41008]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-31 135664]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2007-5-29 23888]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2009-11-10 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-1-4 30192]
S3 NETw2v32;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\drivers\NETw2v32.sys [2006-11-2 2589184]

=============== Created Last 30 ================

2010-04-09 02:40:26 0 ----a-w- c:\users\ti'ericka\defogger_reenable
2010-04-09 01:44:53 65536 ----a-w- c:\windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.dpx
2010-04-09 01:44:53 2883584 ----a-w- c:\windows\ocsetup_install_MicrosoftWindowsPowerShell.etl
2010-04-09 01:44:53 196608 ----a-w- c:\windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.perf
2010-04-09 01:44:49 0 d-----w- c:\program files\Microsoft ATS
2010-04-09 01:37:50 0 d-----w- C:\NVIDIA
2010-04-09 01:36:32 93889920 ----a-w- C:\197.13_desktop_win7_winvista_32bit_english_whql.exe
2010-04-09 01:19:15 0 d-----w- C:\cabs
2010-04-08 23:50:43 5442934 ----a-w- c:\users\ti'ericka\5uh.mp3
2010-04-08 23:48:09 3465529 ----a-w- c:\users\ti'ericka\1905629456.mp3
2010-04-08 23:45:31 3681645 ----a-w- c:\users\ti'ericka\them crooked vultures - new fang.mp3
2010-04-08 23:43:39 4536738 ----a-w- c:\users\ti'ericka\tvo-wol.mp3
2010-04-08 23:02:38 4826817 ----a-w- c:\users\ti'ericka\them crooked vultures - caligulove.mp3
2010-04-08 22:00:57 5523455 ----a-w- c:\users\ti'ericka\38478.mp3
2010-04-08 16:46:35 0 d--h--w- c:\windows\msdownld.tmp
2010-04-08 16:45:20 0 d-----w- c:\program files\MSN Toolbar
2010-04-08 16:43:56 0 d-----w- c:\program files\Bing Bar Installer
2010-04-08 16:43:15 747680 ----a-w- c:\users\ti'ericka\BOIE8_ENUS_VISL.EXE
2010-04-07 18:09:15 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-04-07 18:09:15 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-04-07 18:07:56 0 d-----w- c:\program files\iPod
2010-04-07 18:05:02 97525032 ----a-w- c:\users\ti'ericka\iTunesSetup.exe
2010-04-05 01:25:34 0 d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-01 10:18:06 0 d-----w- c:\program files\Bonjour
2010-04-01 03:46:21 6087 ----a-w- c:\users\ti'ericka\rawvideo.htm
2010-03-31 20:30:29 0 ----a-w- c:\users\ti'ericka\j3.mp4
2010-03-31 03:49:16 420387992 ----a-w- c:\windows\MEMORY.DMP
2010-03-27 18:14:06 0 d-----w- c:\programdata\NOS
2010-03-18 01:53:42 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-03-18 01:53:42 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-03-17 03:10:23 0 d-----w- C:\YouTubeDownload
2010-03-17 03:10:22 0 d-----w- C:\ConverterOutput
2010-03-17 03:10:00 92326 ----a-w- c:\windows\system32\HKCU_GNU.reg
2010-03-17 03:10:00 7680 ----a-w- c:\windows\system32\ff_vfw.dll
2010-03-17 03:10:00 6700 ----a-w- c:\windows\system32\HKLM_GNU.reg
2010-03-17 03:10:00 6144 ----a-w- c:\windows\system32\ff_acm.acm
2010-03-17 03:10:00 60273 ----a-w- c:\windows\system32\pthreadGC2.dll
2010-03-17 03:10:00 547 ----a-w- c:\windows\system32\ff_vfw.dll.manifest
2010-03-17 03:09:57 98304 ----a-w- c:\windows\system32\L3CODECX.AX
2010-03-17 03:09:57 372736 ----a-w- c:\windows\system32\xvid.ax
2010-03-17 03:09:57 14909 ----a-w- c:\windows\system32\A_reg.reg
2010-03-17 03:09:55 114688 ----a-w- c:\windows\system32\PropListCtrl.ocx
2010-03-17 03:09:53 0 d-----w- c:\program files\Cucusoft
2010-03-14 12:31:55 0 d-----w- c:\program files\Rhapsody
2010-03-10 04:52:47 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-03-10 04:52:41 411136 ----a-w- c:\windows\system32\drivers\http.sys
2010-03-10 04:52:41 31232 ----a-w- c:\windows\system32\httpapi.dll

==================== Find3M ====================

2010-04-09 01:12:47 86016 ----a-w- c:\windows\inf\infstor.dat
2010-04-09 01:12:47 51200 ----a-w- c:\windows\inf\infpub.dat
2010-04-09 01:12:47 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-03-30 04:46:30 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-30 04:45:52 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-13 02:15:54 30808 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont
2010-03-13 01:59:42 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-02-24 14:16:06 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-12 15:46:14 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-02-12 15:46:14 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-01-25 12:48:34 472576 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-25 12:48:34 151040 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-25 12:48:34 151040 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-25 12:48:06 472064 ----a-w- c:\windows\system32\secproc.dll
2010-01-25 12:45:56 329216 ----a-w- c:\windows\system32\msdrm.dll
2010-01-25 08:35:01 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-25 08:35:00 523776 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-25 08:34:56 511488 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-25 08:34:56 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-23 09:44:02 2048 ----a-w- c:\windows\system32\tzres.dll
2008-12-23 21:29:03 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-03-17 21:03:18 16384 --sha-w- c:\windows\temp\cookies\index.dat
2009-03-17 21:03:18 16384 --sha-w- c:\windows\temp\history\history.ie5\index.dat
2009-03-17 21:03:18 32768 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat

============= FINISH: 22:56:46.10 ===============

Attached Files


I won't let this build up inside of me.

BC AdBot (Login to Remove)

 


#2 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:10:41 PM

Posted 08 April 2010 - 11:08 PM

Hello, and welcome.gif to the Malware Removal forum! My online alias is Blade Zephon, or Blade for short, and I will be assisting you with your malware issues!

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.

Before we begin cleaning your machine, I'd like to lay out some guidelines for us to follow while we are working together.
  • I will be assisting you with your malware issues. This may or may not resolve other problems you are having with your computer. If you are still having problems after your machine has been determined clean, I will be glad to direct you to the proper forum for assistance.
  • Even if things appear better, that does not mean we are finished. Please continue to follow my instructions until I give you the all clean. Absence of symptoms does not mean that all the malware has been removed. If a piece of the infection is left, it can regenerate and reinfect your machine.
  • Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • I ask that you please refrain from running tools other than those I suggest to you while I am cleaning up your computer. The reason for this is so I know what is going on with the machine at any time. If you act independently it will cause changes to your system that I will not be aware of, which will make the process of cleaning the machine a much slower and more difficult process. Additionally, some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you are unsure or confused about any instructions I give you, you should ask me to clarify before doing anything. Additionally, if you run into any problems while carrying out instructions, you should STOP and reply back here explaining what happened.
  • After 5 days if a topic is not replied to we assume it has been abandoned and it is closed. If you need additional time, that is perfectly alright; you just need to let us know beforehand. smile.gif
***************************************************

Please perform the following steps below so we can have a look at the current condition of your machine.

Download Combofix from any of the links below but rename it to renamed.exe before saving it to your desktop.


Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • VERY IMPORTANT: Disable all running antivirus, antimalware and firewall programs as they may interfere with the proper running of ComboFix. Click on this link to see a list of programs that should be disabled. NOTE: This list is not all-inclusive. If yours is not listed and you do not know how to disable it, please ask.
Double click on renamed.exe & follow the prompts.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


~Blade


In your next reply, please include the following:
ComboFix Log

Edited by Blade Zephon, 08 April 2010 - 11:10 PM.

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#3 MayQueen

MayQueen
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:41 PM

Posted 09 April 2010 - 10:33 PM

QUOTE(Blade Zephon @ Apr 9 2010, 12:08 AM) View Post
Hello, and welcome.gif to the Malware Removal forum! My online alias is Blade Zephon, or Blade for short, and I will be assisting you with your malware issues!

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.

Before we begin cleaning your machine, I'd like to lay out some guidelines for us to follow while we are working together.
  • I will be assisting you with your malware issues. This may or may not resolve other problems you are having with your computer. If you are still having problems after your machine has been determined clean, I will be glad to direct you to the proper forum for assistance.
  • Even if things appear better, that does not mean we are finished. Please continue to follow my instructions until I give you the all clean. Absence of symptoms does not mean that all the malware has been removed. If a piece of the infection is left, it can regenerate and reinfect your machine.
  • Attention to detail is important! Since I cannot see or directly interact with your computer I am dependent on you to "be my eyes" and provide as much information as you can regarding the current state of your computer.
  • I ask that you please refrain from running tools other than those I suggest to you while I am cleaning up your computer. The reason for this is so I know what is going on with the machine at any time. If you act independently it will cause changes to your system that I will not be aware of, which will make the process of cleaning the machine a much slower and more difficult process. Additionally, some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you are unsure or confused about any instructions I give you, you should ask me to clarify before doing anything. Additionally, if you run into any problems while carrying out instructions, you should STOP and reply back here explaining what happened.
  • After 5 days if a topic is not replied to we assume it has been abandoned and it is closed. If you need additional time, that is perfectly alright; you just need to let us know beforehand. smile.gif
***************************************************

Please perform the following steps below so we can have a look at the current condition of your machine.

Download Combofix from any of the links below but rename it to renamed.exe before saving it to your desktop.


Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • VERY IMPORTANT: Disable all running antivirus, antimalware and firewall programs as they may interfere with the proper running of ComboFix. Click on this link to see a list of programs that should be disabled. NOTE: This list is not all-inclusive. If yours is not listed and you do not know how to disable it, please ask.
Double click on renamed.exe & follow the prompts.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


~Blade


In your next reply, please include the following:
ComboFix Log


I'm having trouble turning off Norton.
I won't let this build up inside of me.

#4 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:10:41 PM

Posted 10 April 2010 - 02:31 AM

Do these instructions not work? http://service1.symantec.com/SUPPORT/nip.n...003071515220236

If you can't get it disabled, uninstall it. We can always reinstall it later.

~Blade

Edited by Blade Zephon, 10 April 2010 - 02:32 AM.

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#5 MayQueen

MayQueen
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:41 PM

Posted 12 April 2010 - 05:37 PM

QUOTE(Blade Zephon @ Apr 10 2010, 03:31 AM) View Post
Do these instructions not work? http://service1.symantec.com/SUPPORT/nip.n...003071515220236

If you can't get it disabled, uninstall it. We can always reinstall it later.

~Blade


Those don't appear to be options. My trial expired and do I need to turn off Windows defender? I'm sorry it's taking a while to respond. School has started again.
I won't let this build up inside of me.

#6 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:10:41 PM

Posted 12 April 2010 - 06:26 PM

Hi MayQueen.

Don't worry about the delay. Just make sure you let me know if you're going to be delayed more than five days so I don't close your topic.

Yes, go ahead and turn off Windows Defender too.

If your Antivirus Trial expired, then definitely go ahead and uninstall it. We'll get you a proper, free, antivirus set up when we're done here.

~Blade

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#7 MayQueen

MayQueen
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:41 PM

Posted 17 April 2010 - 01:47 PM

QUOTE(Blade Zephon @ Apr 12 2010, 07:26 PM) View Post
Hi MayQueen.

Don't worry about the delay. Just make sure you let me know if you're going to be delayed more than five days so I don't close your topic.

Yes, go ahead and turn off Windows Defender too.

If your Antivirus Trial expired, then definitely go ahead and uninstall it. We'll get you a proper, free, antivirus set up when we're done here.

~Blade


ok.
I won't let this build up inside of me.

#8 MayQueen

MayQueen
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:41 PM

Posted 18 April 2010 - 12:29 AM

QUOTE(MayQueen @ Apr 17 2010, 02:47 PM) View Post
QUOTE(Blade Zephon @ Apr 12 2010, 07:26 PM) View Post
Hi MayQueen.

Don't worry about the delay. Just make sure you let me know if you're going to be delayed more than five days so I don't close your topic.

Yes, go ahead and turn off Windows Defender too.

If your Antivirus Trial expired, then definitely go ahead and uninstall it. We'll get you a proper, free, antivirus set up when we're done here.

~Blade


ok.


Combofix.txt



ComboFix 10-04-17.02 - Ti'Ericka 04/18/2010 0:40.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2942.1862 [GMT -4:00]
Running from: c:\users\Ti'Ericka\Desktop\renamed.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1132875369-1015598020-352595266-500
c:\users\Ti'Ericka\AppData\Local\Microsoft\Windows\Temporary Internet Files\0aMba.jpg
c:\users\Ti'Ericka\AppData\Local\Microsoft\Windows\Temporary Internet Files\5a8KXxL1.jpg
c:\users\Ti'Ericka\AppData\Local\Microsoft\Windows\Temporary Internet Files\6tjw0.jpg
c:\users\Ti'Ericka\AppData\Local\Microsoft\Windows\Temporary Internet Files\7BAxy5A.jpg
c:\users\Ti'Ericka\AppData\Local\Microsoft\Windows\Temporary Internet Files\7JtWw1.jpg
c:\users\Ti'Ericka\AppData\Local\Microsoft\Windows\Temporary Internet Files\hdQ876.jpg
c:\users\Ti'Ericka\AppData\Local\Microsoft\Windows\Temporary Internet Files\M6OiWR5.jpg
c:\users\Ti'Ericka\AppData\Local\Microsoft\Windows\Temporary Internet Files\N30Ma.jpg
c:\users\Ti'Ericka\AppData\Roaming\Microsoft\Windows\Recent\T.I. Feat. Rihanna - Live Your Life _ 2oo8 _ _ www.MzHipHop.pif
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.0.inf
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf
c:\windows\Downloaded Program Files\f3initialsetup1.0.1.3.inf
c:\windows\system32\AutoRun.inf
c:\windows\TEMP\logishrd\LVPrcInj05.dll
D:\Autorun.inf

Infected copy of c:\windows\system32\DRIVERS\nvstor32.sys was found and disinfected
Restored copy from - Kitty ate it tongue.gif
.
((((((((((((((((((((((((( Files Created from 2010-03-18 to 2010-04-18 )))))))))))))))))))))))))))))))
.

2010-04-18 04:54 . 2010-04-18 04:57 -------- d-----w- c:\users\Ti'Ericka\AppData\Local\temp
2010-04-18 04:54 . 2010-04-18 04:54 -------- d-----w- c:\users\La Rhonda\AppData\Local\temp
2010-04-18 04:54 . 2010-04-18 04:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-04-17 19:32 . 2009-06-23 13:23 331776 ----a-w- c:\windows\system32\TwcToolbarIe7.dll
2010-04-17 19:32 . 2008-07-22 17:24 98304 ----a-w- c:\windows\system32\TwcToolbarBho.dll
2010-04-17 19:32 . 2007-12-03 16:36 25600 ----a-w- c:\windows\system32\TwcToolInstDll.dll
2010-04-17 19:32 . 2010-04-17 19:33 -------- d-----w- c:\program files\The Weather Channel Toolbar
2010-04-17 19:15 . 2010-04-17 19:15 -------- d-----w- c:\programdata\Office Genuine Advantage
2010-04-09 01:44 . 2010-04-09 01:47 -------- d-----w- c:\program files\Microsoft ATS
2010-04-09 01:37 . 2010-04-09 01:37 -------- d-----w- C:\NVIDIA
2010-04-09 01:36 . 2010-04-09 01:37 93889920 ----a-w- C:\197.13_desktop_win7_winvista_32bit_english_whql.exe
2010-04-09 01:19 . 2010-04-09 01:19 -------- d-----w- C:\cabs
2010-04-08 16:46 . 2010-04-08 16:46 -------- d--h--w- c:\windows\msdownld.tmp
2010-04-08 16:43 . 2010-04-08 16:43 747680 ----a-w- c:\users\Ti'Ericka\BOIE8_ENUS_VISL.EXE
2010-04-07 18:09 . 2009-05-18 17:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-04-07 18:09 . 2008-04-17 16:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-04-07 18:07 . 2010-04-07 18:07 -------- d-----w- c:\program files\iPod
2010-04-07 18:06 . 2010-04-07 18:06 -------- d-----w- c:\program files\Apple Software Update
2010-04-07 18:05 . 2010-04-07 18:05 97525032 ----a-w- c:\users\Ti'Ericka\iTunesSetup.exe
2010-04-05 01:25 . 2010-04-05 01:26 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-01 10:24 . 2010-04-01 10:25 -------- d-----w- c:\program files\QuickTime
2010-04-01 10:18 . 2010-04-01 10:18 -------- d-----w- c:\program files\Bonjour
2010-04-01 10:15 . 2010-04-01 10:16 -------- d-----w- c:\program files\Safari
2010-03-27 18:14 . 2010-03-27 18:14 -------- d-----w- c:\programdata\NOS
2010-03-27 18:14 . 2010-03-27 18:14 -------- d-----w- c:\program files\NOS
2010-03-20 00:16 . 2010-03-20 00:16 -------- d-----w- c:\users\La Rhonda\Office Genuine Advantage

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-17 20:05 . 2008-03-22 14:37 -------- d-----w- c:\users\Ti'Ericka\AppData\Roaming\Spare Backup
2010-04-17 19:56 . 2008-01-05 00:36 -------- d-----w- c:\program files\BigFix
2010-04-17 19:45 . 2008-01-05 00:23 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-17 19:45 . 2008-01-05 00:43 -------- d-----w- c:\programdata\Napster
2010-04-17 19:36 . 2009-08-04 04:52 -------- d-----w- c:\program files\InterActual
2010-04-17 19:14 . 2008-01-05 00:27 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-04-17 19:12 . 2008-01-05 00:27 -------- d-----w- c:\programdata\Symantec
2010-04-16 05:09 . 2009-03-22 06:47 -------- d-----w- c:\programdata\DriverCure
2010-04-13 18:53 . 2008-01-05 01:42 -------- d-----w- c:\programdata\NVIDIA
2010-04-13 01:21 . 2009-06-12 18:59 1356 ----a-w- c:\users\Ti'Ericka\AppData\Local\d3d9caps.dat
2010-04-09 03:57 . 2008-03-19 01:06 -------- d-----w- c:\program files\Common Files\AOL
2010-04-09 03:57 . 2009-12-02 04:05 -------- d-----w- c:\program files\AIM
2010-04-09 03:56 . 2009-10-02 22:35 -------- d-----w- c:\program files\Core Design
2010-04-07 18:09 . 2009-01-01 06:11 -------- d-----w- c:\program files\iTunes
2010-04-07 18:07 . 2009-01-01 03:04 -------- d-----w- c:\program files\Common Files\Apple
2010-04-07 14:25 . 2009-01-04 01:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-05 01:19 . 2009-01-01 06:12 -------- d-----w- c:\users\Ti'Ericka\AppData\Roaming\Apple Computer
2010-04-01 23:31 . 2008-12-21 11:59 -------- d-----w- c:\program files\AVS4YOU
2010-04-01 23:31 . 2008-05-11 23:53 -------- d-----w- c:\programdata\HP Product Assistant
2010-03-31 03:55 . 2008-03-10 09:56 -------- d-----w- c:\users\La Rhonda\AppData\Roaming\Spare Backup
2010-03-30 04:46 . 2009-01-04 01:25 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-30 04:45 . 2009-01-04 01:25 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-26 02:30 . 2010-03-14 12:31 -------- d-----w- c:\program files\Rhapsody
2010-03-17 03:09 . 2010-03-17 03:09 -------- d-----w- c:\program files\Cucusoft
2010-03-14 23:18 . 2010-02-16 02:39 -------- d-----w- c:\users\Ti'Ericka\AppData\Roaming\Facebook
2010-03-14 06:14 . 2009-04-18 01:59 -------- d-----w- c:\users\Ti'Ericka\AppData\Roaming\IMVU
2010-03-13 02:59 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2010-03-13 02:59 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-03-13 02:59 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2010-03-13 02:59 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2010-03-13 02:59 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2010-03-13 02:59 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2010-03-13 02:59 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2010-03-11 00:50 . 2008-12-23 06:36 -------- d-----w- c:\program files\BitZipperSearch
2010-03-10 05:01 . 2008-01-05 00:33 -------- d-----w- c:\programdata\Microsoft Help
2010-03-10 03:34 . 2008-03-10 09:56 209576 ----a-w- c:\users\La Rhonda\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-10 03:27 . 2009-12-06 21:05 -------- d-----w- c:\program files\Acoustica Mixcraft 4
2010-03-10 00:34 . 2008-04-06 00:31 -------- d-----w- c:\program files\Yahoo!
2010-03-10 00:32 . 2008-04-06 00:33 -------- d-----w- c:\programdata\Yahoo!
2010-03-10 00:32 . 2008-04-06 00:32 -------- d-----w- c:\users\Ti'Ericka\AppData\Roaming\Yahoo!
2010-02-25 00:25 . 2008-03-22 14:37 209576 ----a-w- c:\users\Ti'Ericka\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-24 14:16 . 2009-11-11 00:37 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-20 23:39 . 2010-03-10 04:52 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-02-20 23:37 . 2010-03-10 04:52 31232 ----a-w- c:\windows\system32\httpapi.dll
2010-02-20 21:18 . 2010-03-10 04:52 411136 ----a-w- c:\windows\system32\drivers\http.sys
2010-02-12 15:46 . 2010-02-12 15:46 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-02-12 15:46 . 2010-02-12 15:46 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-01-25 12:48 . 2010-02-23 19:39 472576 ----a-w- c:\windows\system32\secproc_isv.dll
2010-01-25 12:48 . 2010-02-23 19:39 151040 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-01-25 12:48 . 2010-02-23 19:39 151040 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-01-25 12:48 . 2010-02-23 19:39 472064 ----a-w- c:\windows\system32\secproc.dll
2010-01-25 12:45 . 2010-02-23 19:39 329216 ----a-w- c:\windows\system32\msdrm.dll
2010-01-25 08:35 . 2010-02-23 19:39 346624 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-01-25 08:35 . 2010-02-23 19:39 523776 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-01-25 08:34 . 2010-02-23 19:39 511488 ----a-w- c:\windows\system32\RMActivate.exe
2010-01-25 08:34 . 2010-02-23 19:39 347136 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-01-23 09:44 . 2010-02-23 19:39 2048 ----a-w- c:\windows\system32\tzres.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{97bceb59-cfcd-4b16-a863-b3f72cf9f196}"= "c:\program files\BitZipperSearch\tbBit0.dll" [2010-03-11 2349080]

[HKEY_CLASSES_ROOT\clsid\{97bceb59-cfcd-4b16-a863-b3f72cf9f196}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{97bceb59-cfcd-4b16-a863-b3f72cf9f196}]
2010-03-11 00:50 2349080 ----a-w- c:\program files\BitZipperSearch\tbBit0.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{97bceb59-cfcd-4b16-a863-b3f72cf9f196}"= "c:\program files\BitZipperSearch\tbBit0.dll" [2010-03-11 2349080]

[HKEY_CLASSES_ROOT\clsid\{97bceb59-cfcd-4b16-a863-b3f72cf9f196}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{97BCEB59-CFCD-4B16-A863-B3F72CF9F196}"= "c:\program files\BitZipperSearch\tbBit0.dll" [2010-03-11 2349080]

[HKEY_CLASSES_ROOT\clsid\{97bceb59-cfcd-4b16-a863-b3f72cf9f196}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-29 39408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2009-10-08 818288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"CHotkey"="zHotkey.exe" [2006-11-07 547840]
"ShowWnd"="ShowWnd.exe" [2005-01-27 36864]
"ModPS2"="ModPS2Key.exe" [2006-11-07 53248]
"RtHDVCpl"="RtHDVCpl.exe" [2007-04-23 4435968]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-12-09 30192]
"Spare Backup"="c:\program files\Spare Backup\SpareBackup.exe" [2007-09-14 5252936]
"Ulead Photo Express Calendar Checker"="c:\program files\Ulead Systems\Ulead Photo Express My Scrapbook 2.0\calcheck.exe" [2003-09-20 69632]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2001-08-17 28738]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-17 47392]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-02-13 564496]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-02-13 2196240]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-07-06 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-07-06 8466432]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-07-06 81920]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-03-30 1086856]

c:\users\Ti'Ericka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2009-6-4 66864]
Microsoft Works Calendar Reminders.lnk - c:\program files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [2000-6-29 24633]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"VistaSp2"=hex(cool.gif:e0,61,f9,eb,5d,90,ca,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1132875369-1015598020-352595266-1001]
"EnableNotificationsRef"=dword:00000001

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 135664]
R3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2009-12-09 30192]
R3 NETw2v32;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\DRIVERS\NETw2v32.sys [2006-11-02 2589184]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-04-17 c:\windows\Tasks\DriverCure.job
- c:\program files\ParetoLogic\DriverCure\DriverCure.exe [2009-08-07 19:36]

2010-04-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 18:54]

2010-04-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 18:54]

2010-04-17 c:\windows\Tasks\ParetoLogic Registration.job
- c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2009-01-13 14:59]

2010-04-16 c:\windows\Tasks\ParetoLogic Update Version2.job
- c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2009-01-13 14:59]

2010-04-18 c:\windows\Tasks\User_Feed_Synchronization-{6A61144B-2EFE-4714-894C-41B4824AF11A}.job
- c:\windows\system32\msfeedssync.exe [2010-01-22 04:56]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.msn.com
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\users\Ti'Ericka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
HKLM-Run-NapsterShell - c:\program files\Napster\napster.exe
SafeBoot-dmboot.sys
SafeBoot-dmio.sys
SafeBoot-dmload.sys
SafeBoot-dmadmin
SafeBoot-dmserver
SafeBoot-SRService



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-18 00:57
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(9180)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\DRIVERS\xaudio.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\DllHost.exe
c:\windows\system32\vssvc.exe
.
**************************************************************************
.
Completion time: 2010-04-18 01:15:06 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-18 05:14

Pre-Run: 320,533,204,992 bytes free
Post-Run: 320,422,690,816 bytes free

- - End Of File - - 804A1D581961A357A5357FF6FB227184


CoboFix-quarantined-files.txt

2010-04-18 05:12:42 . 2010-04-18 05:12:42 550 ----a-w- C:\Qoobox\Quarantine\Registry_backups\SafeBoot-SRService.reg.dat
2010-04-18 05:12:42 . 2010-04-18 05:12:42 546 ----a-w- C:\Qoobox\Quarantine\Registry_backups\SafeBoot-dmserver.reg.dat
2010-04-18 05:12:42 . 2010-04-18 05:12:42 542 ----a-w- C:\Qoobox\Quarantine\Registry_backups\SafeBoot-dmadmin.reg.dat
2010-04-18 05:12:42 . 2010-04-18 05:12:42 550 ----a-w- C:\Qoobox\Quarantine\Registry_backups\SafeBoot-dmload.sys.reg.dat
2010-04-18 05:12:42 . 2010-04-18 05:12:42 542 ----a-w- C:\Qoobox\Quarantine\Registry_backups\SafeBoot-dmio.sys.reg.dat
2010-04-18 05:12:42 . 2010-04-18 05:12:42 550 ----a-w- C:\Qoobox\Quarantine\Registry_backups\SafeBoot-dmboot.sys.reg.dat
2010-04-18 05:10:25 . 2010-04-18 05:10:25 147 ----a-w- C:\Qoobox\Quarantine\Registry_backups\HKLM-Run-NapsterShell.reg.dat
2010-04-18 05:10:13 . 2010-04-18 05:10:13 171 ----a-w- C:\Qoobox\Quarantine\Registry_backups\WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C}.reg.dat
2010-04-18 04:57:06 . 2004-05-01 00:01:00 53 ----a-w- C:\Qoobox\Quarantine\D\Autorun.inf.vir
2010-04-18 04:51:48 . 2010-04-18 04:51:48 4,338 ----a-w- C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2010-04-18 04:39:34 . 2008-02-05 22:20:30 109,080 ----a-w- C:\Qoobox\Quarantine\C\Windows\Temp\logishrd\LVPrcInj05.dll.vir
2010-04-18 04:33:36 . 2010-04-18 04:40:29 113 ----a-w- C:\Qoobox\Quarantine\catchme.log
2010-03-15 23:55:20 . 2010-03-15 23:55:20 5,819 ----a-w- C:\Qoobox\Quarantine\C\Users\Ti'Ericka\AppData\Local\Microsoft\Windows\Temporary Internet Files\hdQ876.jpg.vir
2010-03-15 23:55:20 . 2010-03-15 23:55:20 776 ----a-w- C:\Qoobox\Quarantine\C\Users\Ti'Ericka\AppData\Local\Microsoft\Windows\Temporary Internet Files\M6OiWR5.jpg.vir
2010-03-15 23:55:20 . 2010-03-15 23:55:20 2,259 ----a-w- C:\Qoobox\Quarantine\C\Users\Ti'Ericka\AppData\Local\Microsoft\Windows\Temporary Internet Files\7JtWw1.jpg.vir
2010-03-15 23:55:20 . 2010-03-15 23:55:20 949 ----a-w- C:\Qoobox\Quarantine\C\Users\Ti'Ericka\AppData\Local\Microsoft\Windows\Temporary Internet Files\6tjw0.jpg.vir
2010-03-09 23:45:43 . 2010-03-09 23:45:43 5,819 ----a-w- C:\Qoobox\Quarantine\C\Users\Ti'Ericka\AppData\Local\Microsoft\Windows\Temporary Internet Files\N30Ma.jpg.vir
2010-03-09 23:45:43 . 2010-03-09 23:45:43 776 ----a-w- C:\Qoobox\Quarantine\C\Users\Ti'Ericka\AppData\Local\Microsoft\Windows\Temporary Internet Files\0aMba.jpg.vir
2010-03-09 23:45:43 . 2010-03-09 23:45:43 2,259 ----a-w- C:\Qoobox\Quarantine\C\Users\Ti'Ericka\AppData\Local\Microsoft\Windows\Temporary Internet Files\7BAxy5A.jpg.vir
2010-03-09 23:45:43 . 2010-03-09 23:45:43 949 ----a-w- C:\Qoobox\Quarantine\C\Users\Ti'Ericka\AppData\Local\Microsoft\Windows\Temporary Internet Files\5a8KXxL1.jpg.vir
2008-10-07 03:28:05 . 2008-10-07 03:28:05 2,855 ----a-w- C:\Qoobox\Quarantine\C\Users\Ti'Ericka\AppData\Roaming\Microsoft\Windows\Recent\T.I. Feat. Rihanna - Live Your Life _ 2oo8 _ _ www.MzHipHop.pif.vir
2008-01-05 01:01:16 . 2007-07-03 00:37:08 110,112 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\drivers\nvstor32.sys.vir
2007-09-05 18:26:36 . 2007-09-05 18:26:36 513,149 ----a-w- C:\Qoobox\Quarantine\C\Windows\System32\autorun.inf.vir
2007-04-24 18:11:14 . 2007-04-24 18:11:14 365 ----a-w- C:\Qoobox\Quarantine\C\Windows\Downloaded Program Files\f3initialsetup1.0.1.1.inf.vir
2007-04-24 18:11:14 . 2007-04-24 18:11:14 365 ----a-w- C:\Qoobox\Quarantine\C\Windows\Downloaded Program Files\f3initialsetup1.0.1.3.inf.vir
2007-04-24 17:11:14 . 2007-04-24 17:11:14 365 ----a-w- C:\Qoobox\Quarantine\C\Windows\Downloaded Program Files\f3initialsetup1.0.1.0.inf.vir

I won't let this build up inside of me.

#9 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:10:41 PM

Posted 19 April 2010 - 02:59 AM

Hello MayQueen

1. Open notepad and copy/paste the text in the codebox below into it:

CODE
http://www.bleepingcomputer.com/forums/t/308260/redirected-webpages-to-infected-webpages/

Suspect::[97]

c:\users\Ti'Ericka\BOIE8_ENUS_VISL.EXE

Registry::

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=-

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=-

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=-


Save this as CFScript.txt, in the same location as renamed.exe

2. Close any open browsers.

3. VERY IMPORTANT: Disable all running antivirus, antimalware and firewall programs as they may interfere with the proper running of ComboFix. Click on this link to see a list of programs that should be disabled. NOTE: This list is not all-inclusive. If yours is not listed and you do not know how to disable it, please ask.



Refering to the picture above, drag CFScript into renamed.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.

~Blade


In your next reply, please include the following:
ComboFix Log

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#10 MayQueen

MayQueen
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:41 PM

Posted 23 April 2010 - 01:01 AM

yeah, ill have it up tomorrow.
I won't let this build up inside of me.

#11 MayQueen

MayQueen
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:41 PM

Posted 23 April 2010 - 01:01 AM

yeah, ill have it up tomorrow.
I won't let this build up inside of me.

#12 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:10:41 PM

Posted 25 April 2010 - 12:06 AM

okay. . . will expect them shortly.

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#13 MayQueen

MayQueen
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:41 PM

Posted 25 April 2010 - 09:01 PM

QUOTE(Blade Zephon @ Apr 25 2010, 01:06 AM) View Post
okay. . . will expect them shortly.


LOG

ComboFix 10-04-21.01 - Ti'Ericka 04/25/2010 21:33:57.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2942.1698 [GMT -4:00]
Running from: c:\users\Ti'Ericka\Desktop\renamed.exe
Command switches used :: c:\users\Ti'Ericka\Desktop\CFScript.txt
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

file zipped: c:\users\Ti'Ericka\BOIE8_ENUS_VISL.EXE
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\TEMP\logishrd\LVPrcInj01.dll

.
((((((((((((((((((((((((( Files Created from 2010-03-26 to 2010-04-26 )))))))))))))))))))))))))))))))
.

2010-04-26 01:47 . 2010-04-26 01:47 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-04-26 01:47 . 2010-04-26 01:47 -------- d-----w- c:\users\La Rhonda\AppData\Local\temp
2010-04-26 01:47 . 2010-04-26 01:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-04-26 01:47 . 2010-04-26 01:47 -------- d-----w- c:\users\AppData\AppData\Local\temp
2010-04-18 05:15 . 2010-04-26 01:51 -------- d-----w- c:\users\Ti'Ericka\AppData\Local\temp
2010-04-18 05:15 . 2009-12-23 12:43 171520 ----a-w- c:\windows\system32\wintrust.dll
2010-04-18 05:15 . 2010-01-15 00:04 98304 ----a-w- c:\windows\system32\cabview.dll
2010-04-17 19:32 . 2009-06-23 13:23 331776 ----a-w- c:\windows\system32\TwcToolbarIe7.dll
2010-04-17 19:32 . 2008-07-22 17:24 98304 ----a-w- c:\windows\system32\TwcToolbarBho.dll
2010-04-17 19:32 . 2007-12-03 16:36 25600 ----a-w- c:\windows\system32\TwcToolInstDll.dll
2010-04-17 19:32 . 2010-04-17 19:33 -------- d-----w- c:\program files\The Weather Channel Toolbar
2010-04-17 19:15 . 2010-04-17 19:15 -------- d-----w- c:\programdata\Office Genuine Advantage
2010-04-09 01:44 . 2010-04-09 01:47 -------- d-----w- c:\program files\Microsoft ATS
2010-04-09 01:37 . 2010-04-09 01:37 -------- d-----w- C:\NVIDIA
2010-04-09 01:36 . 2010-04-09 01:37 93889920 ----a-w- C:\197.13_desktop_win7_winvista_32bit_english_whql.exe
2010-04-09 01:19 . 2010-04-09 01:19 -------- d-----w- C:\cabs
2010-04-08 16:46 . 2010-04-08 16:46 -------- d--h--w- c:\windows\msdownld.tmp
2010-04-08 16:43 . 2010-04-08 16:43 747680 ----a-w- c:\users\Ti'Ericka\BOIE8_ENUS_VISL.EXE
2010-04-07 18:09 . 2009-05-18 17:17 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2010-04-07 18:09 . 2008-04-17 16:12 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2010-04-07 18:07 . 2010-04-07 18:07 -------- d-----w- c:\program files\iPod
2010-04-07 18:06 . 2010-04-07 18:06 -------- d-----w- c:\program files\Apple Software Update
2010-04-07 18:05 . 2010-04-07 18:05 97525032 ----a-w- c:\users\Ti'Ericka\iTunesSetup.exe
2010-04-05 01:25 . 2010-04-05 01:26 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-01 10:24 . 2010-04-01 10:25 -------- d-----w- c:\program files\QuickTime
2010-04-01 10:18 . 2010-04-01 10:18 -------- d-----w- c:\program files\Bonjour
2010-04-01 10:15 . 2010-04-01 10:16 -------- d-----w- c:\program files\Safari
2010-03-27 18:14 . 2010-03-27 18:14 -------- d-----w- c:\programdata\NOS
2010-03-27 18:14 . 2010-03-27 18:14 -------- d-----w- c:\program files\NOS

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-25 18:19 . 2008-03-22 14:37 -------- d-----w- c:\users\Ti'Ericka\AppData\Roaming\Spare Backup
2010-04-23 12:15 . 2010-04-23 12:15 658184 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2010-04-23 05:09 . 2009-03-22 06:47 -------- d-----w- c:\programdata\DriverCure
2010-04-18 18:37 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2010-04-18 18:37 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2010-04-18 18:37 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-04-18 18:37 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2010-04-18 18:37 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2010-04-18 18:37 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2010-04-18 18:37 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2010-04-18 18:22 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2010-04-18 18:10 . 2008-01-05 01:42 -------- d-----w- c:\programdata\NVIDIA
2010-04-18 07:08 . 2008-01-05 00:33 -------- d-----w- c:\programdata\Microsoft Help
2010-04-17 19:56 . 2008-01-05 00:36 -------- d-----w- c:\program files\BigFix
2010-04-17 19:45 . 2008-01-05 00:23 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-17 19:45 . 2008-01-05 00:43 -------- d-----w- c:\programdata\Napster
2010-04-17 19:36 . 2009-08-04 04:52 -------- d-----w- c:\program files\InterActual
2010-04-17 19:14 . 2008-01-05 00:27 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-04-17 19:12 . 2008-01-05 00:27 -------- d-----w- c:\programdata\Symantec
2010-04-13 01:21 . 2009-06-12 18:59 1356 ----a-w- c:\users\Ti'Ericka\AppData\Local\d3d9caps.dat
2010-04-09 03:57 . 2008-03-19 01:06 -------- d-----w- c:\program files\Common Files\AOL
2010-04-09 03:57 . 2009-12-02 04:05 -------- d-----w- c:\program files\AIM
2010-04-09 03:56 . 2009-10-02 22:35 -------- d-----w- c:\program files\Core Design
2010-04-07 18:09 . 2009-01-01 06:11 -------- d-----w- c:\program files\iTunes
2010-04-07 18:07 . 2009-01-01 03:04 -------- d-----w- c:\program files\Common Files\Apple
2010-04-07 14:25 . 2009-01-04 01:25 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-07 14:23 . 2010-04-07 14:23 5918776 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-04-05 01:19 . 2009-01-01 06:12 -------- d-----w- c:\users\Ti'Ericka\AppData\Roaming\Apple Computer
2010-04-01 23:31 . 2008-12-21 11:59 -------- d-----w- c:\program files\AVS4YOU
2010-04-01 23:31 . 2008-05-11 23:53 -------- d-----w- c:\programdata\HP Product Assistant
2010-04-01 10:13 . 2010-04-01 10:13 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\Safari 5.31.22.7\SetupAdmin.exe
2010-03-31 03:55 . 2008-03-10 09:56 -------- d-----w- c:\users\La Rhonda\AppData\Roaming\Spare Backup
2010-03-30 04:46 . 2009-01-04 01:25 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-30 04:45 . 2009-01-04 01:25 20824 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-26 05:48 . 2010-03-26 05:48 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.1.0.79\SetupAdmin.exe
2010-03-26 02:30 . 2010-03-14 12:31 -------- d-----w- c:\program files\Rhapsody
2010-03-17 03:09 . 2010-03-17 03:09 -------- d-----w- c:\program files\Cucusoft
2010-03-14 23:18 . 2010-02-16 02:39 -------- d-----w- c:\users\Ti'Ericka\AppData\Roaming\Facebook
2010-03-14 23:18 . 2010-02-16 02:39 50354 ----a-w- c:\users\Ti'Ericka\AppData\Roaming\Facebook\uninstall.exe
2010-03-14 06:14 . 2009-04-18 01:59 -------- d-----w- c:\users\Ti'Ericka\AppData\Roaming\IMVU
2010-03-11 00:50 . 2008-12-23 06:36 -------- d-----w- c:\program files\BitZipperSearch
2010-03-10 03:34 . 2008-03-10 09:56 209576 ----a-w- c:\users\La Rhonda\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-10 03:27 . 2009-12-06 21:05 -------- d-----w- c:\program files\Acoustica Mixcraft 4
2010-03-10 00:34 . 2008-04-06 00:31 -------- d-----w- c:\program files\Yahoo!
2010-03-10 00:32 . 2008-04-06 00:33 -------- d-----w- c:\programdata\Yahoo!
2010-03-10 00:32 . 2008-04-06 00:32 -------- d-----w- c:\users\Ti'Ericka\AppData\Roaming\Yahoo!
2010-03-06 05:30 . 2010-03-06 05:30 5582848 ----a-w- c:\users\Ti'Ericka\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
2010-03-05 14:01 . 2010-04-18 05:18 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-25 00:25 . 2008-03-22 14:37 209576 ----a-w- c:\users\Ti'Ericka\AppData\Local\GDIPFONTCACHEV1.DAT
2010-02-24 14:16 . 2009-11-11 00:37 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-23 11:32 . 2010-04-18 05:18 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-02-23 11:32 . 2010-04-18 05:18 78848 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-02-23 11:32 . 2010-04-18 05:18 105984 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-23 06:39 . 2010-04-18 05:18 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-23 06:33 . 2010-04-18 05:18 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-02-23 06:33 . 2010-04-18 05:18 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-02-23 04:55 . 2010-04-18 05:18 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-02-20 23:39 . 2010-03-10 04:52 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-02-20 23:37 . 2010-03-10 04:52 31232 ----a-w- c:\windows\system32\httpapi.dll
2010-02-20 21:18 . 2010-03-10 04:52 411136 ----a-w- c:\windows\system32\drivers\http.sys
2010-02-18 14:49 . 2010-04-18 05:18 898952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-02-18 14:49 . 2010-04-18 05:18 3598216 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-18 14:49 . 2010-04-18 05:18 3545992 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-18 14:11 . 2010-04-18 05:18 190464 ----a-w- c:\windows\system32\iphlpsvc.dll
2010-02-18 11:52 . 2010-04-18 05:18 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2010-02-17 00:00 . 2009-04-18 01:59 76774 ----a-w- c:\users\Ti'Ericka\AppData\Roaming\IMVUClient\Uninstall.exe
2010-02-16 23:58 . 2009-11-10 23:21 24472904 ----a-w- c:\users\Ti'Ericka\AppData\Roaming\IMVUClient\installer\SetupImvu_update.exe
2010-02-12 15:46 . 2010-02-12 15:46 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-02-12 15:46 . 2010-02-12 15:46 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-02-11 17:13 . 2010-02-11 17:13 92320 ----a-w- c:\users\Ti'Ericka\AppData\Roaming\IMVUClient\IMVUupdater.exe
2010-02-11 17:13 . 2010-02-11 17:13 52992 ----a-w- c:\users\Ti'Ericka\AppData\Roaming\IMVUClient\IMVUClient.exe
2010-02-11 17:13 . 2010-02-11 17:13 21760 ----a-w- c:\users\Ti'Ericka\AppData\Roaming\IMVUClient\imvuqualityagent.exe
2010-02-11 17:10 . 2010-02-11 17:10 121856 ----a-w- c:\users\Ti'Ericka\AppData\Roaming\IMVUClient\WriteMiniDump.exe
2010-02-11 17:08 . 2010-02-11 17:08 1258496 ----a-w- c:\users\Ti'Ericka\AppData\Roaming\IMVUClient\SceneWindow.dll
2010-02-11 17:08 . 2010-02-11 17:08 45568 ----a-w- c:\users\Ti'Ericka\AppData\Roaming\IMVUClient\ui\plugins\npvivoxproxy.dll
2010-02-11 17:08 . 2010-02-11 17:08 54784 ----a-w- c:\users\Ti'Ericka\AppData\Roaming\IMVUClient\ui\plugins\nphwndproxy.dll
2010-02-11 17:07 . 2010-02-11 17:07 16896 ----a-w- c:\users\Ti'Ericka\AppData\Roaming\IMVUClient\MemoryHook.dll
2010-02-11 17:06 . 2010-02-11 17:06 320000 ----a-w- c:\users\Ti'Ericka\AppData\Roaming\IMVUClient\cal3d.dll
2010-02-11 17:06 . 2010-02-11 17:06 198656 ----a-w- c:\users\Ti'Ericka\AppData\Roaming\IMVUClient\boost_python.dll
2010-02-11 17:06 . 2010-02-11 17:06 29184 ----a-w- c:\users\Ti'Ericka\AppData\Roaming\IMVUClient\CallStack.dll
2010-02-11 17:06 . 2010-02-11 17:06 260096 ----a-w- c:\users\Ti'Ericka\AppData\Roaming\IMVUClient\audiere.dll
2010-02-09 17:01 . 2010-02-09 17:01 7506576 ----a-w- c:\users\Ti'Ericka\AppData\Roaming\IMVUClient\1VivoxVoice.exe
2010-02-09 17:01 . 2010-02-09 17:01 4780688 ----a-w- c:\users\Ti'Ericka\AppData\Roaming\IMVUClient\vivoxsdk.dll
2010-02-09 17:01 . 2010-02-09 17:01 330896 ----a-w- c:\users\Ti'Ericka\AppData\Roaming\IMVUClient\libsndfile-1.dll
2010-02-09 17:01 . 2010-02-09 17:01 275088 ----a-w- c:\users\Ti'Ericka\AppData\Roaming\IMVUClient\vivoxoal.dll
2010-02-09 17:01 . 2010-02-09 17:01 266384 ----a-w- c:\users\Ti'Ericka\AppData\Roaming\IMVUClient\npvivoxvoiceplugin.dll
2010-02-09 17:01 . 2010-02-09 17:01 246416 ----a-w- c:\users\Ti'Ericka\AppData\Roaming\IMVUClient\ortp.dll
2010-02-09 17:01 . 2010-02-09 17:01 1034896 ----a-w- c:\users\Ti'Ericka\AppData\Roaming\IMVUClient\dbghelp.dll
2010-02-01 22:04 . 2010-02-01 22:04 847040 ----a-w- c:\users\Ti'Ericka\AppData\Roaming\Facebook\axfbootloader.dll
2010-02-01 22:04 . 2010-02-01 22:04 5578752 ----a-w- c:\users\Ti'Ericka\AppData\Roaming\Facebook\npfbplugin_1_0_1.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{97bceb59-cfcd-4b16-a863-b3f72cf9f196}"= "c:\program files\BitZipperSearch\tbBit0.dll" [2010-03-11 2349080]

[HKEY_CLASSES_ROOT\clsid\{97bceb59-cfcd-4b16-a863-b3f72cf9f196}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{97bceb59-cfcd-4b16-a863-b3f72cf9f196}]
2010-03-11 00:50 2349080 ----a-w- c:\program files\BitZipperSearch\tbBit0.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{97bceb59-cfcd-4b16-a863-b3f72cf9f196}"= "c:\program files\BitZipperSearch\tbBit0.dll" [2010-03-11 2349080]

[HKEY_CLASSES_ROOT\clsid\{97bceb59-cfcd-4b16-a863-b3f72cf9f196}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{97BCEB59-CFCD-4B16-A863-B3F72CF9F196}"= "c:\program files\BitZipperSearch\tbBit0.dll" [2010-03-11 2349080]

[HKEY_CLASSES_ROOT\clsid\{97bceb59-cfcd-4b16-a863-b3f72cf9f196}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-03-29 39408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2009-10-08 818288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"CHotkey"="zHotkey.exe" [2006-11-07 547840]
"ShowWnd"="ShowWnd.exe" [2005-01-27 36864]
"ModPS2"="ModPS2Key.exe" [2006-11-07 53248]
"RtHDVCpl"="RtHDVCpl.exe" [2007-04-23 4435968]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2009-12-09 30192]
"Spare Backup"="c:\program files\Spare Backup\SpareBackup.exe" [2007-09-14 5252936]
"Ulead Photo Express Calendar Checker"="c:\program files\Ulead Systems\Ulead Photo Express My Scrapbook 2.0\calcheck.exe" [2003-09-20 69632]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2001-08-17 28738]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-12 49152]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-03-17 47392]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-02-13 564496]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-02-13 2196240]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-03-26 142120]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-03-30 1086856]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-06-20 13535776]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-06-20 92704]
"Skytel"="Skytel.exe" [2007-04-13 1822720]

c:\users\Ti'Ericka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-3-11 210520]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2009-6-4 66864]
Microsoft Works Calendar Reminders.lnk - c:\program files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe [2000-6-29 24633]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~1\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
"VistaSp2"=hex(cool.gif:e0,61,f9,eb,5d,90,ca,01

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-1132875369-1015598020-352595266-1001]
"EnableNotificationsRef"=dword:00000001

R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 135664]
R3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [2009-12-09 30192]
R3 NETw2v32;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\DRIVERS\NETw2v32.sys [2006-11-02 2589184]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-04-25 c:\windows\Tasks\DriverCure.job
- c:\program files\ParetoLogic\DriverCure\DriverCure.exe [2009-08-07 19:36]

2010-04-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 18:54]

2010-04-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-31 18:54]

2010-04-25 c:\windows\Tasks\ParetoLogic Registration.job
- c:\program files\Common Files\ParetoLogic\UUS2\UUS.dll [2009-01-13 14:59]

2010-04-23 c:\windows\Tasks\ParetoLogic Update Version2.job
- c:\program files\Common Files\ParetoLogic\UUS2\Pareto_Update.exe [2009-01-13 14:59]

2010-04-26 c:\windows\Tasks\User_Feed_Synchronization-{6A61144B-2EFE-4714-894C-41B4824AF11A}.job
- c:\windows\system32\msfeedssync.exe [2010-04-18 04:54]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.msn.com
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\users\Ti'Ericka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-25 21:51
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(7536)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\DRIVERS\xaudio.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2010-04-25 21:59:08 - machine was rebooted
ComboFix-quarantined-files.txt 2010-04-26 01:58
ComboFix2.txt 2010-04-18 05:15

Pre-Run: 301,215,182,848 bytes free
Post-Run: 301,611,204,608 bytes free

- - End Of File - - E9CC84DCEC56689732D428F2B6036110
Upload was successful

I won't let this build up inside of me.

#14 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:10:41 PM

Posted 27 April 2010 - 10:41 AM

Hello MayQueen.

How is the computer running now?

~Blade

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#15 MayQueen

MayQueen
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:41 PM

Posted 27 April 2010 - 06:01 PM

QUOTE(Blade Zephon @ Apr 27 2010, 11:41 AM) View Post
Hello MayQueen.

How is the computer running now?

~Blade


Great! thumbup.gif
I won't let this build up inside of me.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users