Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser redirects and cannot access Microsoft to update :(


  • This topic is locked This topic is locked
12 replies to this topic

#1 froggDogger

froggDogger

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:24 AM

Posted 18 May 2010 - 07:34 PM

The redirects happen randomly in Firefox and IE. I have tried many times to access Microsoft to update patches and so on but I get a 'Cannot connect to server" blank screen everytime. Some of my computer functions have become slow while using software requiring a reboot and it will get hung up requiring a hard reboot. Very frustrating as all of my virus software does not help. AVG, Malwarebytes, Spybot.

My Hijack this log is below I use XP 32 bit. Any help would be appreciated, thanks.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:56:50 PM, on 5/18/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17023)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\AGEIA Technologies\TrayIcon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\DAEMON Tools Pro\DTProAgent.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Adobe\Adobe Photoshop CS3\Photoshop.exe
C:\Program Files\Vuze\Azureus.exe
C:\Documents and Settings\End User\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cbc.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: PriceGong - {D2A2595C-4FE4-4315-AA9B-19DBD6271B71} - C:\Program Files\PriceGong\1.2.0\PriceGongIE.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam10\QuickCam10.exe" /hide
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] C:\Program Files\AGEIA Technologies\TrayIcon.exe
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\End User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTProAgent.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.1...toUploader5.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by119fd.bay119.hotmail.msn.com/resources/MsnPUpld.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: FLEXnet Licensing Service (FLEXnet Licensing Service-BackupByDreamweaverPortable) - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe



BC AdBot (Login to Remove)

 


#2 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:24 AM

Posted 19 May 2010 - 04:26 PM

Hi,

My name is Extremeboy (or EB for short), and I will be helping you with your log.

If you still require assistance we would like to see the current condition of your system so please post a new set of DDS Logs as well as a GMER log and a description of any remaining problems or symptoms you may still have please.

If for any reason you did not post a DDS log or GMER log please refer to this page and in step #6 and Step #7 and Step #8 for further instructions on downloading and running DDS & GMER. If you have any problems when running the tools or unable to produce a report for any reason, just let me know in your next reply.


For your next reply I would like to see:
-The DDS logs
---DDS.txt and Attach logs
-GMER log
-Description of any remaining problems you may still have.


With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#3 froggDogger

froggDogger
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:24 AM

Posted 21 May 2010 - 01:54 PM

Thanks for getting back to me Extremeboy.

I have completed the steps noted and I will be attaching files. I cannot attach the Gmer file becuase when I run that program it crashes my computer, this happend twice in a row.
Probs I am still having are I cannot access any microsoft page to for updates I get a blank "connection reset" page. All operations on my computer seem to lag. Browsing even typing this there is a lag. The lag is very noticeable when watching video, youtube or from hard drive, all my apps lag.

DDS

DDS (Ver_10-03-17.01) - NTFSx86
Run by End User at 14:07:02.79 on Fri 05/21/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2045.1027 [GMT -4:00]

AV: Spyware Doctor with AntiVirus *On-access scanning enabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\common files\logishrd\lvmvfm\LVPrcSrv.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam10\QuickCam10.exe
C:\Program Files\AGEIA Technologies\TrayIcon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\LVComSX.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\rundll32.exe
C:\Documents and Settings\End User\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.cbc.ca/
uSearch Page =
uSearch Bar =
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant =
uURLSearchHooks: H - No File
mWinlogon: Userinit=c:\windows\system32\Userinit.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: PriceGongCtrl Class: {d2a2595c-4fe4-4315-aa9b-19dbd6271b71} - c:\program files\pricegong\1.2.0\PriceGongIE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {D0523BB4-21E7-11DD-9AB7-415B56D89593} - No File
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Google Update] "c:\documents and settings\end user\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [eMuleAutoStart] c:\program files\emule\emule.exe -AutoStart
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [TrojanScanner] c:\program files\trojan remover\Trjscan.exe /boot
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam10\QuickCam10.exe" /hide
mRun: [AGEIA PhysX SysTray] c:\program files\ageia technologies\TrayIcon.exe
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /install
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [PWRISOVM.EXE] c:\program files\poweriso\PWRISOVM.EXE
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://by119fd.bay119.hotmail.msn.com/resources/MsnPUpld.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: LMIinit - LMIinit.dll
Notify: puinsd - puinsd.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\wvUNFVMf
mASetup: ccc-core-static - msiexec /fums {A75BF1D0-C7C3-CB55-EE17-3225387FD154} /qb
Hosts: 89.149.225.59 www.google.ua
Hosts: 89.149.225.59 www.google.th
Hosts: 89.149.225.59 www.google.tr
Hosts: 89.149.225.59 www.google.hu
Hosts: 89.149.225.59 www.google.cr

Note: multiple HOSTS entries found. Please refer to Attach.txt

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\enduse~1\applic~1\mozilla\firefox\profiles\vtbzei0z.default\
FF - prefs.js: browser.startup.homepage - www.cbc.ca
FF - plugin: c:\documents and settings\end user\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\end user\local settings\application data\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-2-2 64288]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-5-19 218592]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2010-5-19 112592]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-2-4 1314704]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-8-11 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-12-24 47640]
R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2010-5-19 366840]
R2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2010-5-19 1142224]
S0 ati0nrxx;ati0nrxx;c:\windows\system32\drivers\ati0nrxx.sys --> c:\windows\system32\drivers\ati0nrxx.sys [?]
S0 ati7joxx;ati7joxx;c:\windows\system32\drivers\ati7joxx.sys --> c:\windows\system32\drivers\ati7joxx.sys [?]
S0 oftuiop;oftuiop; [x]
S1 f5327d7c;f5327d7c;c:\windows\system32\drivers\f5327d7c.sys [2009-8-14 0]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-19 135664]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2010-5-12 1691480]
S3 cpuz132;cpuz132;\??\c:\docume~1\enduse~1\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\enduse~1\locals~1\temp\cpuz132\cpuz132_x32.sys [?]
S3 FLEXnet Licensing Service-BackupByDreamweaverPortable;FLEXnet Licensing Service;c:\program files\common files\macrovision shared\flexnet publisher\FNPLicensingService.exe [2009-2-23 655624]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]

=============== Created Last 30 ================

2010-05-21 17:53:14 174 ----a-w- c:\documents and settings\end user\defogger_reenable
2010-05-21 14:59:49 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-05-20 13:24:35 22528 ----a-w- c:\windows\system32\puinsd.dll
2010-05-19 15:21:49 882 ----a-w- c:\windows\RegSDImport.xml
2010-05-19 15:21:49 879 ----a-w- c:\windows\RegISSImport.xml
2010-05-19 15:21:49 767952 ----a-w- c:\windows\BDTSupport.dll
2010-05-19 15:21:49 149456 ----a-w- c:\windows\SGDetectionTool.dll
2010-05-19 15:21:48 165840 ----a-w- c:\windows\PCTBDRes.dll
2010-05-19 15:21:48 1652688 ----a-w- c:\windows\PCTBDCore.dll
2010-05-19 15:21:48 131 ----a-w- c:\windows\IDB.zip
2010-05-19 15:21:48 1152444 ----a-w- c:\windows\UDB.zip
2010-05-19 15:13:26 7387 ----a-w- c:\windows\system32\drivers\pctgntdi.cat
2010-05-19 15:13:26 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-05-19 15:13:22 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-05-19 15:13:22 7412 ----a-w- c:\windows\system32\drivers\PCTAppEvent.cat
2010-05-19 15:13:22 7383 ----a-w- c:\windows\system32\drivers\pctcore.cat
2010-05-19 15:13:22 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-05-19 15:13:15 7383 ----a-w- c:\windows\system32\drivers\pctplsg.cat
2010-05-19 15:13:14 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-05-19 15:13:08 0 d-----w- c:\program files\common files\PC Tools
2010-05-19 15:13:08 0 d-----w- c:\docume~1\enduse~1\applic~1\PC Tools
2010-05-19 15:13:08 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
2010-05-18 15:03:28 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-05-18 14:09:29 0 d-----w- c:\program files\Spyware Doctor
2010-05-13 00:37:31 358944 ----a-w- c:\windows\vncutil.exe
2010-05-13 00:37:27 51232 ----a-w- c:\windows\system32\RtkCoInstXP.dll
2010-05-13 00:37:27 129568 ----a-w- c:\windows\RtkAudioService.exe
2010-05-13 00:37:25 1395800 ----a-w- c:\windows\system32\drivers\Monfilt.sys
2010-05-13 00:37:24 1691480 ----a-w- c:\windows\system32\drivers\Ambfilt.sys
2010-05-10 17:49:19 0 d-----w- c:\program files\eMule
2010-05-10 17:22:17 0 d-----w- c:\program files\Trend Micro
2010-05-09 14:23:49 0 d-----w- c:\program files\Eusing Free Registry Cleaner
2010-05-04 20:54:13 0 d-----w- c:\docume~1\alluse~1\applic~1\DivX
2010-05-04 16:27:23 86016 ------w- c:\windows\system32\Epfb5cpl.dll
2010-05-04 16:27:23 47104 ------w- c:\windows\system32\escimgd.dll
2010-05-04 16:27:23 33280 ------w- c:\windows\system32\esccm.dll
2010-05-04 16:27:23 27648 ------w- c:\windows\system32\escimg.dll
2010-05-04 16:27:23 22528 ------w- c:\windows\system32\esccmd.dll
2010-05-04 16:27:21 0 d-----w- C:\EPSON
2010-05-04 16:20:40 77824 ----a-w- c:\windows\system32\Esintpl.dll
2010-05-04 16:20:40 66048 ----a-w- c:\windows\system32\escwian.dll
2010-05-04 16:20:40 65536 ----a-w- c:\windows\system32\epcomdd.dll
2010-05-04 16:20:40 61952 ----a-w- c:\windows\system32\escwiad.dll
2010-05-04 16:20:40 53248 ----a-w- c:\windows\system32\ESICM.dll
2010-05-04 16:20:40 3584 ----a-w- c:\windows\system32\eswiaml.dll
2010-05-04 16:20:40 32256 ----a-w- c:\windows\system32\escwiab.dll
2010-05-04 16:20:40 172032 ----a-w- c:\windows\system32\esdtr.dll
2010-05-04 16:20:40 126976 ----a-w- c:\windows\system32\Esint23.dll
2010-05-02 06:15:53 552 ----a-w- c:\windows\system32\d3d8caps.dat
2010-05-02 06:15:26 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-27 16:44:12 0 d-----w- c:\docume~1\enduse~1\applic~1\Malwarebytes
2010-04-27 16:44:01 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-27 16:43:59 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-04-27 16:43:58 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-27 16:43:58 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-04-27 16:11:19 0 d-----w- c:\program files\Sun
2010-04-27 16:11:08 411368 ----a-w- c:\windows\system32\deployJava1.dll

==================== Find3M ====================

2010-05-18 15:08:37 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-04-30 21:22:46 84512 ----a-w- c:\windows\SOUNDMAN.EXE
2010-04-30 21:22:46 1833504 ----a-w- c:\windows\SkyTel.exe
2010-04-30 21:22:40 9721888 ----a-w- c:\windows\RTLCPL.EXE
2010-04-30 21:22:40 1489440 ----a-w- c:\windows\RtlUpd.exe
2010-04-30 21:22:34 19523616 ----a-w- c:\windows\RTHDCPL.EXE
2010-04-30 21:22:28 2177568 ----a-w- c:\windows\MicCal.exe
2010-04-30 21:22:22 64032 ----a-w- c:\windows\ALCMTR.EXE
2010-04-30 21:22:22 2815520 ----a-w- c:\windows\ALCWZRD.EXE
2010-04-30 20:56:24 6032928 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
2010-04-28 22:45:24 1251872 ----a-w- c:\windows\RtlExUpd.dll
2010-03-11 12:38:54 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:38:52 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:38:51 17408 ----a-w- c:\windows\system32\corpol.dll
2010-03-09 11:09:18 430080 ----a-w- c:\windows\system32\vbscript.dll
2009-01-26 01:37:29 16384 -csha-w- c:\windows\temp\cookies\index.dat
2009-01-26 01:37:29 16384 -csha-w- c:\windows\temp\history\history.ie5\index.dat
2009-01-26 01:37:29 32768 -csha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat

============= FINISH: 14:08:28.73 ===============


Attach

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 10/7/2008 2:04:02 PM
System Uptime: 5/21/2010 1:54:43 PM (1 hours ago)

Motherboard: Intel Corporation | | DG31PR
Processor: Intel Pentium III Xeon processor | J3E1 | 2500/800mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 466 GiB total, 120.233 GiB free.
D: is CDROM ()
E: is FIXED (FAT32) - 30 GiB total, 29.639 GiB free.
F: is FIXED (NTFS) - 436 GiB total, 284.228 GiB free.
G: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: AVG miniport driver
Device ID: ROOT\GR_AVGFWMP\0001
Manufacturer: AVG Technologies
Name: WAN Miniport (IP) - AVG miniport driver
PNP Device ID: ROOT\GR_AVGFWMP\0001
Service: Avgfwdx

==== System Restore Points ===================

RP562: 2/18/2010 11:19:04 PM - System Checkpoint
RP563: 2/23/2010 8:40:46 PM - System Checkpoint
RP564: 2/24/2010 3:00:14 AM - Software Distribution Service 3.0
RP565: 2/25/2010 3:10:38 AM - System Checkpoint
RP566: 2/26/2010 4:05:43 AM - System Checkpoint
RP567: 3/1/2010 8:33:39 AM - System Checkpoint
RP568: 3/2/2010 8:28:41 PM - System Checkpoint
RP569: 3/4/2010 12:44:29 AM - System Checkpoint
RP570: 3/6/2010 12:04:04 AM - System Checkpoint
RP571: 3/7/2010 1:00:42 AM - System Checkpoint
RP572: 3/9/2010 5:49:25 PM - System Checkpoint
RP573: 3/10/2010 3:00:16 AM - Software Distribution Service 3.0
RP574: 3/11/2010 3:07:04 AM - System Checkpoint
RP575: 3/12/2010 4:07:08 AM - System Checkpoint
RP576: 3/14/2010 8:20:16 PM - System Checkpoint
RP577: 3/15/2010 4:34:48 PM - Installed Microsoft Office Enterprise 2007
RP578: 3/15/2010 4:40:51 PM - Printer Driver Send To Microsoft OneNote Driver Installed
RP579: 3/16/2010 3:00:25 AM - Software Distribution Service 3.0
RP580: 3/17/2010 3:00:27 AM - Software Distribution Service 3.0
RP581: 3/18/2010 8:45:21 AM - Avg8 Update
RP582: 3/18/2010 8:46:06 AM - Avg8 Update
RP583: 3/20/2010 3:31:29 PM - System Checkpoint
RP584: 3/22/2010 12:02:11 AM - System Checkpoint
RP585: 3/23/2010 12:36:15 AM - System Checkpoint
RP586: 3/24/2010 1:35:11 AM - System Checkpoint
RP587: 3/25/2010 2:35:11 AM - System Checkpoint
RP588: 3/26/2010 3:35:09 AM - System Checkpoint
RP589: 3/27/2010 4:35:10 AM - System Checkpoint
RP590: 3/28/2010 5:35:10 AM - System Checkpoint
RP591: 3/29/2010 6:35:13 AM - System Checkpoint
RP592: 3/30/2010 7:35:14 AM - System Checkpoint
RP593: 3/31/2010 3:00:16 AM - Software Distribution Service 3.0
RP594: 4/1/2010 3:21:40 AM - System Checkpoint
RP595: 4/2/2010 4:21:39 AM - System Checkpoint
RP596: 4/3/2010 5:21:37 AM - System Checkpoint
RP597: 4/4/2010 6:20:23 AM - System Checkpoint
RP598: 4/5/2010 6:21:44 AM - System Checkpoint
RP599: 4/6/2010 7:21:41 AM - System Checkpoint
RP600: 4/7/2010 8:21:39 AM - System Checkpoint
RP601: 4/8/2010 10:17:37 AM - System Checkpoint
RP602: 4/10/2010 6:55:58 PM - System Checkpoint
RP603: 4/11/2010 8:46:10 PM - System Checkpoint
RP604: 4/12/2010 9:21:40 PM - System Checkpoint
RP605: 4/14/2010 2:28:16 PM - System Checkpoint
RP606: 4/15/2010 6:23:19 PM - System Checkpoint
RP607: 4/16/2010 7:17:00 PM - System Checkpoint
RP608: 4/17/2010 7:38:11 PM - System Checkpoint
RP609: 4/18/2010 8:38:15 PM - System Checkpoint
RP610: 4/20/2010 3:19:58 PM - System Checkpoint
RP611: 4/21/2010 6:59:41 PM - System Checkpoint
RP612: 4/24/2010 11:50:51 PM - System Checkpoint
RP613: 4/27/2010 12:09:38 PM - Installed Java™ SE Development Kit 6 Update 20
RP614: 4/27/2010 12:10:49 PM - Installed Java™ 6 Update 20
RP615: 4/28/2010 6:35:40 PM - System Checkpoint
RP616: 4/30/2010 9:49:45 AM - Avg8 Update
RP617: 5/1/2010 11:11:49 AM - System Checkpoint
RP618: 5/4/2010 12:20:38 PM - Installed EPSON TWAIN 5
RP619: 5/4/2010 12:23:20 PM - Installed EPSON TWAIN 5
RP620: 5/4/2010 12:27:21 PM - Installed EPSON TWAIN 5
RP621: 5/6/2010 3:00:27 AM - Software Distribution Service 3.0
RP622: 5/7/2010 3:00:23 AM - Software Distribution Service 3.0
RP623: 5/8/2010 7:28:32 AM - System Checkpoint
RP624: 5/9/2010 7:59:56 AM - System Checkpoint
RP625: 5/10/2010 8:23:59 AM - System Checkpoint
RP626: 5/10/2010 1:22:15 PM - Installed HiJackThis
RP627: 5/11/2010 1:58:08 PM - System Checkpoint
RP628: 5/13/2010 11:20:03 AM - Removed AVG 8.5
RP629: 5/13/2010 11:21:28 AM - Installed AVG 8.5
RP630: 5/16/2010 8:29:19 PM - System Checkpoint
RP631: 5/17/2010 8:51:16 PM - System Checkpoint
RP632: 5/18/2010 10:31:38 PM - System Checkpoint
RP633: 5/19/2010 9:04:01 PM - Installed Realtek High Definition Audio Driver

==== Hosts File Hijack ======================

Hosts: 89.149.225.59 www.google.ua
Hosts: 89.149.225.59 www.google.th
Hosts: 89.149.225.59 www.google.tr
Hosts: 89.149.225.59 www.google.hu
Hosts: 89.149.225.59 www.google.cr
Hosts: 89.149.225.59 www.google.vn
Hosts: 89.149.225.59 www.google.ve
Hosts: 89.149.225.59 www.google.sw

==== Installed Programs ======================


AAC Decoder
AC3Filter (remove only)
Acrobat.com
Ad-Aware
Ad-Aware Email Scanner for Outlook
Adobe AIR
Adobe Anchor Service CS3
Adobe Anchor Service CS4
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge CS4
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe Color Video Profiles CS CS4
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS3
Adobe Device Central CS4
Adobe Drive CS4
Adobe ExtendScript Toolkit 2
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Linguistics CS3
Adobe Linguistics CS4
Adobe Media Player
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS3
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Reader 9.1.1
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe Stock Photos CS3
Adobe Type Support CS4
Adobe Update Manager CS3
Adobe Update Manager CS4
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
AGEIA PhysX v7.05.17
AMD Processor Driver
Apple Mobile Device Support
Apple Software Update
AutoUpdate
Bonjour
Browser Defender 2.0.6.15
BurnInTest v5.3 Pro
Casino Verite Blackjack V5
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization Czech
Catalyst Control Center Localization Danish
Catalyst Control Center Localization Dutch
Catalyst Control Center Localization Finnish
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Greek
Catalyst Control Center Localization Hungarian
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Norwegian
Catalyst Control Center Localization Polish
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Russian
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Swedish
Catalyst Control Center Localization Thai
Catalyst Control Center Localization Turkish
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Connect
DirectVobSub (remove only)
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
Driver Detective
Emote-Launcher (remove only)
eMule
EPSON TWAIN 5
Eusing Free Registry Cleaner
FileZilla Client 3.3.2.1
Flickr Uploadr 3.1.3
gBurner
Google Chrome
Google Earth
Google Talk Plugin
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
H.264 Decoder
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
iTunes
Java Auto Updater
Java DB 10.5.3.0
Java™ 6 Update 20
Java™ SE Development Kit 6 Update 20
kuler
Lernout & Hauspie TruVoice American English TTS Engine
Logitech QuickCam
Logitech® Camera Driver
LogMeIn
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
MKV Splitter
Mozilla Firefox (3.6.3)
mpegable DS decoder
MSN
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 7 Essentials
neroxml
NVIDIA Drivers
NVIDIA nView Desktop Manager
PDF Settings CS4
Photoshop Camera Raw
PowerISO
PriceGong 1.2.0
QuickTime
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB978380)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft Office Excel 2007 (KB978382)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB980470)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB969604)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981349)
Skins
Skype™ 4.1
SmartFTP Client
SmartFTP Client 3.0 Setup Files (remove only)
Spybot - Search & Destroy
Spyware Doctor 7.0
Suite Shared Configuration CS4
System Requirements Lab
Trojan Remover 6.8.1
Update for 2007 Microsoft Office System (KB967642)
Update for 2007 Microsoft Office System (KB981715)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office InfoPath 2007 (KB976416)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Outlook 2007 Junk Email Filter (kb981433)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows XP (KB898461)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.4053
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 1.0.3
Vuze
WebFldrs XP
Winamp
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 7
Windows Media Format Runtime
Winferno Registry Power Cleaner
WinRAR archiver
World of Warcraft

==== Event Viewer Messages From Past Week ========

5/19/2010 9:05:26 PM, error: Service Control Manager [7011] - Timeout (30000 milliseconds) waiting for a transaction response from the stisvc service.
5/19/2010 8:48:39 PM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
5/18/2010 9:05:15 PM, error: Service Control Manager [7034] - The PC Tools Security Service service terminated unexpectedly. It has done this 1 time(s).
5/18/2010 10:59:56 AM, error: Service Control Manager [7031] - The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
5/14/2010 10:10:25 AM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
5/14/2010 10:10:25 AM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
5/14/2010 10:10:22 AM, error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

==== End Of File ===========================


Thanks EB


#4 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:24 AM

Posted 22 May 2010 - 09:15 AM

Hello again,

I do see some infections. Particularly rogues and vundos and a bit of other randomly named drivers. Let's begin with Combofix and see how much is removed and we can continue from there removing anything else.

Download and Run ComboFix

Note to readers of this post other than the starter of this thread:
ComboFix is a VERY POWERFUL tool which should NOT BE USED without guidance of an expert.

Download Combofix from any of the links below, and save it to your desktop.
Link 1
Link 2

Please refer to this page for full instructions on how to run ComboFix.
  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Double click ComboFix.exe to start the program. Agree to the prompts.
  • When ComboFix is finished, a log report (C:\ComboFix.txt) will open. Post back with it.
Leave your computer alone while ComboFix is running.

ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may call it to stall.

Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#5 froggDogger

froggDogger
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:24 AM

Posted 22 May 2010 - 01:02 PM

Ok, followed all steps and have attached log file from combofix.
Thanks, getting there...

Attached Files

  • Attached File  log.txt   20.88KB   2 downloads
  • Attached File  log.txt   20.88KB   2 downloads

Edited by froggDogger, 22 May 2010 - 01:02 PM.


#6 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:24 AM

Posted 22 May 2010 - 04:33 PM

Hello.

Combofix appears to have been ran twice. I see some Daemon related drivers that are stopped. Do you still use Daemon Tools? If not, I suggest you uninstall it.

Run ComboFix with CFScript

We will run ComboFix again. This time, the instructions are slightly different.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are unsure how.
  • Open notepad (Start>Run>"notepad") and copy/paste the text in the quotebox below into it:
    CODE
    Driver::
    oftuiop
    f5327d7c
    File::
    c:\windows\system32\drivers\f5327d7c.sys
    Save this as CFScript.txt, in the same location as ComboFix.exe. (This should be your desktop.)

    Refering to the picture above, drag CFScript into ComboFix.exe.
When finished, it shall produce a log for you at "C:\ComboFix.txt". Post back with that log.

Do not mouseclick ComboFix's window while it's running. That may cause it to stall

Update and Scan with MalwareBytes Anti-Malware
  • Launch Malwarebytes' Anti-Malware
  • Go to the Update tab
  • Select Check for Update and let MBAM download and install any available updates.
  • After the update is complete go to the Scanner tab.
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.




Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#7 froggDogger

froggDogger
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:24 AM

Posted 22 May 2010 - 08:19 PM

Everything is working much better, thanks so much for your assistance, much appreciated.
I have attached new logs.

Attached Files



#8 froggDogger

froggDogger
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:24 AM

Posted 23 May 2010 - 03:38 PM

Thanks you so much everything works very well now!

Attached Files



#9 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:24 AM

Posted 23 May 2010 - 06:13 PM

Hello.

You're very welcome. smile.gif

Logs look good as well. Just two more steps before we are done here. Please continue this until I give you the "all-clean" and provide you with some prevention tips, hopefully next post.

I just need you to run one more online scan to confirm. The logs look good, I do not see any active infections. Let's see if there's anything else.

Run ESET Online Scan
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push
You can refer to this animation by neomage if needed.

Then, Take a new DDS run afterward and post back with both the DDS and Attach logs in your next reply. Also, let me know how your computer is running and if you have any more problems, issues or symptoms left.

Thanks.

With Regards,
Extremeboy


Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#10 froggDogger

froggDogger
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:24 AM

Posted 23 May 2010 - 10:35 PM

Ok, all is done everything is working fine, hope this does it looking forward to some preventative advice this took a lot out of me, thought I was going to have to wipe my hard drive.
Thanks!

Attached Files



#11 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:24 AM

Posted 24 May 2010 - 01:03 PM

Hello again. smile.gif

That looks good. The ESET scan didn't find much. 2 of them were just system restore points that aren't active and harmless unless you restore to a certain date. More information and configuring System Restore point can be read here. Another one was just a quarantine item from Combofix which are harmless as well since it's under quarantine. These will all be removed once we uninstall Combofix which we will do momentarily. The .mp3 file was infected which was removed -that's good.

Previously I see you had Spyware Doctor with Anti-Virus installed, but not any more. This means you have no anti-virus software installed which is bad. Having an anti-virus software is essential for safe surfing while on the computer/the internet. Therefore, please go and install an Anti-Virus software from here: http://computermalwaresecurity.blogspot.co...tware-list.html under the Anti-Virus software Category. Download and install one and update it once done.

Once you have done that, let's wrap up and provide you wish some prevention tips.

Please follow/read the steps below to remove the tools we used and for some more information. smile.gif


Uninstall ComboFix

Remove Combofix now that we're done with it.
  • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
  • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")
  • Please follow the prompts to uninstall Combofix.
  • You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.
This will uninstall Combofix and anything assoicated with it.

Download and Run OTC

We will now remove the tools we used during this fix using OTC.
  • Download OTC by OldTimer and save it to your desktop.
  • Double click icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big button.
  • You will get a prompt saying "Being Cleanup Process". Please select Yes.
  • Restart your computer when prompted.


Congratulations! You now appear clean! specool.gif

Now that you are clean, please follow and read some of the prevention tips >over here<. Is your system a bit slow? If so, try some of the points and things suggested here.

If you would like, visit my http://computermalwaresecurity.blogspot.com/ and Subscribe/Follow along.


If you have no more questions, comments or problems please tell us, so we can close off the topic.

Thanks.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.

#12 froggDogger

froggDogger
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:03:24 AM

Posted 24 May 2010 - 04:06 PM

Thanks for all your help Extremeboy, purrs like a kitten now!
Yes, close off topic.

#13 extremeboy

extremeboy

  • Malware Response Team
  • 12,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:24 AM

Posted 24 May 2010 - 04:36 PM

Hello.

Since the problem appears to be resolved, this topic is now Closed. Glad we could help smile.gif
If you need this topic reopened, please Send Me a Message. In your message please include the address of this thread in your request.

This applies only to the original topic starter

Everyone else please start a new topic.

With Regards,
Extremeboy
Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.

If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

The help you receive here is always free but if you wish to show your appreciation, you may wish to Posted Image.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users