Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect, Can't Install Printers & More


  • This topic is locked This topic is locked
22 replies to this topic

#1 YellowDogSigns

YellowDogSigns

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:16 PM

Posted 20 May 2010 - 10:23 AM

Symptoms:
1. When searching in Google on Firefox the results will sometimes redirect to other sites that aren't the intended target. When it is redirecting, the favicon is a blue green colored capital Q (looks like the number 2.)

2. A tab will occasionally open on it's own and it will be igoogle.com

3. All of my printers are uninstalled, not by me. When I try to reinstall, it says 'Operation could not be completed. The print spooler service is not running.' Going into the Services I try to start Print Spooler and it says 'Could not start the Print Spooler service on Local Computer. Error 1068: The dependency service or group failed to start.' If I right click on Print Spooler and click Properties, nothing happens.

4. Not a big thing, but any programs I have open, do not show up in the taskbar. When I minimize, it shrinks down to just to a short title bar above the taskbar.

5. I can right click on a file and choose copy, but paste is always greyed out. Possibly along those same lines, I cannot drag a file into another window. The ghosting of the file doesn't appear at all.

I have no idea if these are all connected or if it is many different causes. I've run multiple anti virus/malware programs. The have found some things, but nothing that has changed any of the symptoms. I ran 'dds' which came up with the DOS looking black screen, but when it disappeared, nothing else happened. So I don't have any .txt files from it to post. The GMER results are attached. Any help will be very greatly appreciated. Thanks!

Attached Files

  • Attached File  ark.txt   350.43KB   6 downloads


BC AdBot (Login to Remove)

 


#2 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:12:16 AM

Posted 21 May 2010 - 11:28 AM



Hello YellowDogSigns smile.gif Welcome to the BC HijackThis Log and Analysis forum. I will be assisting you in cleaning up your system.


I ask that you refrain from running tools other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.



In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond the your topic and facilitate the cleaning of your machine.


Please keep in mind that we have a large backlog of users just like yourself waiting to be helped so try to be as timely as possible in your replies. Since we do this on a part-time voluntary basis we are limited on how many logs we can respond to and keep open due to time restraints. If you have to be away or can't answer for some other reason just let me know. Thank you for your understanding.



After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.




Please advise me on what kind of Operating System you have on your machine.












Thanks,



thewall





If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#3 YellowDogSigns

YellowDogSigns
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:16 PM

Posted 21 May 2010 - 11:58 AM

Windows XP Professional Version 2002 Service Pack 3

#4 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:12:16 AM

Posted 21 May 2010 - 12:27 PM

Alright, please try to perform the following. Download both programs before you run them and then right before running ComboFix run Rkill.



RKill by Grinler
Link #1
Link #2
Link #3
Link #4
  • Download Link #1.
  • Save it to your Desktop.
  • Double click the RKill desktop icon.
    If you are using Vista please right click and run as Admin!
  • A black screen will briefly flash indicating a successful run.
  • If this does not occur please delete that application and download Link #2.
  • Continue process until the tool runs.
  • If the tool does not run from any of the links tell me about it.





Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. Instruction can be found HERE
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.




Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:





Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply. Post the log in the reply window and do not make it an attachment.





If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#5 YellowDogSigns

YellowDogSigns
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:16 PM

Posted 21 May 2010 - 04:38 PM

After running rkill.scr & ComboFix, I'm currently not having any google redirects. Also all of my printers are back, open programs are in the taskbar & I can drag & drop and copy & paste again. I can't see anything wrong, but I still attached the combofix log in case you see anything I still need to take care of.

ComboFix 10-05-20.A4 - SignsPlus 05/21/2010 13:44:14.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1543 [GMT -7:00]
Running from: c:\documents and settings\SignsPlus\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\SignsPlus\g2mdlhlpx.exe
c:\program files\Common Files\mcroso~1.net
c:\program files\Common Files\racle~1
c:\program files\Common Files\racle~2
c:\program files\Common Files\smbols~1
c:\program files\Common Files\sstem3~1
c:\program files\smbols~1
c:\program files\sstem~1
c:\program files\ymante~1
c:\windows\appatc~1
c:\windows\asks~1
c:\windows\icroso~1
c:\windows\PRAGMAnfypdripmt
c:\windows\PRAGMAnfypdripmt\PRAGMAcfg.ini
c:\windows\PRAGMAnfypdripmt\PRAGMAsrcr.dat
c:\windows\ssembl~1
c:\windows\stem32~1
c:\windows\system32\Codejock.Controls.v12.0.1.ocx
c:\windows\system32\csftxctl.ocx
c:\windows\system32\curity~1
c:\windows\system32\twain.dll
c:\windows\system32\Vb40032.dll

Infected copy of c:\windows\system32\DRIVERS\isapnp.sys was found and disinfected
Restored copy from - Kitty had a snack tongue.gif
Infected copy of c:\windows\system32\DRIVERS\isapnp.sys was found and disinfected
Restored copy from - Kitty had a snack tongue.gif
Infected copy of c:\windows\system32\DRIVERS\isapnp.sys was found and disinfected
Restored copy from - Kitty had a snack tongue.gif
Infected copy of c:\windows\system32\DRIVERS\isapnp.sys was found and disinfected
Restored copy from - Kitty had a snack tongue.gif
Infected copy of c:\windows\system32\DRIVERS\isapnp.sys was found and disinfected
Restored copy from - Kitty had a snack tongue.gif
Infected copy of c:\windows\system32\DRIVERS\isapnp.sys was found and disinfected
Restored copy from - Kitty had a snack tongue.gif
Infected copy of c:\windows\system32\DRIVERS\isapnp.sys was found and disinfected
Restored copy from - Kitty had a snack tongue.gif
Infected copy of c:\windows\system32\DRIVERS\isapnp.sys was found and disinfected
Restored copy from - Kitty had a snack tongue.gif
Infected copy of c:\windows\system32\DRIVERS\isapnp.sys was found and disinfected
Restored copy from - Kitty had a snack tongue.gif
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_PRAGMANFYPDRIPMT
-------\Service_PRAGMAnfypdripmt


((((((((((((((((((((((((( Files Created from 2010-04-21 to 2010-05-21 )))))))))))))))))))))))))))))))
.

2010-05-21 20:40 . 2008-04-13 18:36 37248 -c--a-w- c:\windows\system32\dllcache\isapnp.sys
2010-05-21 20:40 . 2008-04-13 18:36 37248 ----a-w- c:\windows\system32\drivers\isapnp.sys
2010-05-21 19:50 . 2010-05-21 19:50 -------- d-----w- C:\VritualRoot
2010-05-19 01:13 . 2010-05-21 17:38 -------- d-----w- c:\documents and settings\SignsPlus\Application Data\QuickScan
2010-05-19 00:49 . 2010-05-19 00:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2010-05-18 04:38 . 2010-05-18 04:38 -------- d-----w- c:\program files\ESET
2010-05-18 00:44 . 2010-05-18 00:44 -------- d-----w- C:\stdtsa
2010-05-17 17:49 . 2010-05-17 17:49 -------- d-----w- c:\documents and settings\LocalService.NT AUTHORITY.000\Local Settings\Application Data\Microsoft
2010-05-17 17:45 . 2010-05-17 17:45 -------- d-sh--w- c:\documents and settings\All Users.WINDOWS.0\DRM
2010-05-17 17:41 . 2010-05-17 17:41 -------- d-----w- c:\program files\HashTab Shell Extension
2010-05-17 17:41 . 2010-05-17 17:41 -------- d-----w- c:\program files\Unlocker
2010-05-17 17:41 . 2010-05-17 17:41 -------- d-----w- c:\program files\Microsoft PowerToys
2010-05-17 10:25 . 2010-05-17 17:47 -------- d--h--w- c:\documents and settings\Default User.WINDOWS.0
2010-05-17 10:25 . 2010-05-17 17:45 -------- d-----w- c:\documents and settings\All Users.WINDOWS.0
2010-05-17 10:21 . 2010-05-17 18:01 -------- d-----w- C:\WINDOWS.0
2010-05-13 19:00 . 2010-05-19 20:27 12872 ----a-w- c:\windows\system32\bootdelete.exe
2010-05-13 17:20 . 2010-05-13 17:20 -------- d-----w- c:\documents and settings\SignsPlus\Local Settings\Application Data\Threat Expert
2010-05-13 17:04 . 2010-05-21 18:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo
2010-05-13 17:01 . 2010-05-21 20:34 267728 ----a-w- c:\windows\system32\drivers\sfi.dat
2010-05-13 16:58 . 2010-05-21 20:29 -------- d-----w- c:\program files\COMODO
2010-05-13 16:57 . 2010-05-13 16:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo Downloader
2010-05-13 14:17 . 2010-05-13 14:17 -------- d-----w- c:\documents and settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Apple Computer
2010-05-12 20:03 . 2010-05-12 20:03 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-05-12 20:03 . 2010-05-12 20:03 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-05-12 20:03 . 2010-05-12 20:03 -------- d-----w- c:\documents and settings\SignsPlus\Application Data\SUPERAntiSpyware.com
2010-05-12 17:49 . 2010-05-12 17:49 -------- d-s---w- c:\documents and settings\LocalService.NT AUTHORITY\UserData
2010-05-12 15:50 . 2010-05-12 15:50 -------- d-----w- c:\documents and settings\NetworkService.NT AUTHORITY\Local Settings\Application Data\Apple
2010-05-12 00:46 . 2010-05-19 20:19 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-05-12 00:45 . 2010-05-12 00:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Hitman Pro
2010-05-12 00:45 . 2010-05-12 00:45 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-05-10 19:10 . 2010-05-10 19:10 -------- d-s---w- c:\documents and settings\NetworkService.NT AUTHORITY\UserData
2010-05-10 16:15 . 2010-05-10 16:15 -------- d-----w- c:\documents and settings\LocalService.NT AUTHORITY\Local Settings\Application Data\Google
2010-04-22 21:26 . 2010-04-22 21:26 -------- d-----w- c:\program files\MSECache

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-21 20:56 . 2010-03-31 19:09 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-05-21 17:58 . 2008-07-02 16:17 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2010-05-17 23:48 . 2010-05-19 01:13 702120 ----a-w- c:\documents and settings\SignsPlus\Application Data\Mozilla\Firefox\Profiles\a0nl5m1z.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
2010-05-17 23:48 . 2010-05-19 01:13 868456 ----a-w- c:\documents and settings\SignsPlus\Application Data\Mozilla\Firefox\Profiles\a0nl5m1z.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
2010-05-13 16:49 . 2007-04-25 00:56 -------- d-----w- c:\program files\CCleaner
2010-05-12 20:03 . 2006-02-17 03:55 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-05-12 01:39 . 2010-04-02 03:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-11 00:23 . 2010-04-21 16:35 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-05-07 16:50 . 2008-07-02 16:17 -------- d-----w- c:\program files\AVG
2010-04-29 22:39 . 2010-04-02 03:11 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 22:39 . 2010-04-02 03:11 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-22 21:20 . 2007-10-08 19:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-04-21 17:12 . 2006-06-09 19:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-04-16 18:14 . 2004-06-16 22:10 585520 -c--a-w- c:\documents and settings\SignsPlus\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-04-15 22:25 . 2004-06-14 15:57 -------- d-----w- c:\windows\Fonts\ATMFolder
2010-04-14 15:58 . 2009-11-25 16:55 -------- d-----w- c:\program files\QuickTime
2010-04-14 15:57 . 2010-04-14 15:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-04-02 03:12 . 2010-04-02 03:12 -------- d-----w- c:\documents and settings\SignsPlus\Application Data\Malwarebytes
2010-04-02 03:11 . 2010-04-02 03:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-03-31 19:40 . 2010-03-31 19:40 4096 ----a-w- C:\conf.dat
2010-03-31 19:37 . 2010-03-31 19:10 -------- d-----w- c:\program files\Spyware Doctor
2010-03-31 19:37 . 2010-03-31 19:37 -------- d-----w- c:\program files\TeaTimer (Spybot - Search & Destroy)
2010-03-31 19:37 . 2010-03-31 19:37 -------- d-----w- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2010-03-31 19:37 . 2010-03-31 19:37 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2010-03-31 19:17 . 2010-03-31 19:10 -------- d-----w- c:\program files\Common Files\PC Tools
2010-03-31 19:10 . 2010-03-31 19:10 -------- d-----w- c:\documents and settings\SignsPlus\Application Data\PC Tools
2010-03-31 19:10 . 2010-03-31 19:10 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2010-03-29 19:02 . 2010-03-19 16:07 -------- d-----w- c:\program files\Insiderbaseball 2010
2010-03-26 17:33 . 2010-05-05 15:28 1496064 ----a-w- c:\documents and settings\SignsPlus\Application Data\Mozilla\Firefox\Profiles\a0nl5m1z.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-03-26 17:33 . 2010-05-05 15:28 43008 ----a-w- c:\documents and settings\SignsPlus\Application Data\Mozilla\Firefox\Profiles\a0nl5m1z.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-03-26 17:33 . 2010-05-05 15:28 339456 ----a-w- c:\documents and settings\SignsPlus\Application Data\Mozilla\Firefox\Profiles\a0nl5m1z.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-03-26 17:32 . 2010-05-05 15:28 346112 ----a-w- c:\documents and settings\SignsPlus\Application Data\Mozilla\Firefox\Profiles\a0nl5m1z.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2010-03-25 18:25 . 2007-06-01 00:36 -------- d-----w- c:\program files\Mozy
2010-03-09 11:09 . 2001-08-23 12:00 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-02-26 05:43 . 2004-01-08 22:23 667136 ----a-w- c:\windows\system32\wininet.dll
2010-02-26 05:43 . 2004-08-04 07:56 81920 ------w- c:\windows\system32\ieencode.dll
2010-02-24 13:11 . 2001-08-23 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2007-08-09 20:08 . 2006-12-06 20:00 8784 -c--a-w- c:\program files\mozilla firefox\plugins\ractrlkeyhook.dll
2007-08-09 20:10 . 2006-12-06 20:00 245408 -c--a-w- c:\program files\mozilla firefox\plugins\unicows.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]
@="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"
[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]
2008-10-06 20:45 3044656 ----a-w- c:\program files\Mozy\mozyshell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]
@="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"
[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]
2008-10-06 20:45 3044656 ----a-w- c:\program files\Mozy\mozyshell.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE" [2005-07-26 77824]
"CorelDRAW Graphics Suite 11b"="c:\program files\Corel\Corel Graphics 12\Languages\EN\Programs\Registration.exe" [2003-11-25 729088]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-16 16:31 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2008-10-17 16:11 87352 ----a-w- c:\windows\system32\LMIinit.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^hueyTray.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\hueyTray.lnk
backup=c:\windows\pss\hueyTray.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Mozy Status.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Mozy Status.lnk
backup=c:\windows\pss\Mozy Status.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MozyHome Status.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\MozyHome Status.lnk
backup=c:\windows\pss\MozyHome Status.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Shortcut to AcroTray.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Shortcut to AcroTray.lnk
backup=c:\windows\pss\Shortcut to AcroTray.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^SignsPlus^Start Menu^Programs^Startup^Adobe Media Player.lnk]
path=c:\documents and settings\SignsPlus\Start Menu\Programs\Startup\Adobe Media Player.lnk
backup=c:\windows\pss\Adobe Media Player.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]
2010-03-19 15:13 2046816 ----a-w- c:\progra~1\AVG\AVG8\avgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter2.0]
2004-06-14 16:28 851968 ----a-w- c:\program files\Brother\ControlCenter2\brctrcen.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FreeRAM XP]
2006-03-23 07:13 1591808 ----a-w- c:\program files\YourWare Solutions\FreeRAM XP Pro\FreeRAM XP Pro.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2007-08-24 14:00 33648 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HitmanPro35]
2010-05-12 00:43 5937984 ----a-w- c:\program files\Hitman Pro 3.5\HitmanPro35.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-05-08 23:24 54840 ----a-w- c:\program files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]
2005-12-04 23:39 461584 ----a-w- c:\program files\Microsoft IntelliPoint\ipoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
2007-04-17 21:03 63048 ----a-w- c:\program files\LogMeIn\x86\LogMeInSystray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 18:50 155648 -c--a-w- c:\windows\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 04:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2009-03-05 23:07 2260480 --sha-r- c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StatusClient 2.6]
2004-02-11 22:08 61440 ----a-w- c:\program files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2010-05-07 00:04 2017280 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2007-06-22 01:23 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2007-11-02 21:09 185632 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomcatStartup 2.5]
2004-04-09 15:33 184320 -c--a-w- c:\program files\Hewlett-Packard\Toolbox\hpbpsttp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\type32]
2005-03-15 09:46 196608 ----a-w- c:\program files\Microsoft IntelliType Pro\type32.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"mozybackup"=2 (0x2)
"Bonjour Service"=2 (0x2)
"cmdAgent"=2 (0x2)
"CLPSLS"=2 (0x2)
"avg8wd"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Corel\\Graphics10\\Register\\NAVBrowser.exe"=
"c:\\Program Files\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\Hewlett-Packard\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\SEH Computertechnik GmbH\\InterCon-NetTool\\InterCon-NetTool.exe"=
"c:\\CADlink\\SignLab7.1\\SignLab71.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\FlexiSIGN-PRO 7.6v2\\Program\\App.exe"=
"c:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Protection Server\\WinNT\\spnsrvnt.exe"=
"c:\\Program Files\\Common Files\\SafeNet Sentinel\\Sentinel Keys Server\\sntlkeyssrvr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\FlexiSIGN-PRO 8.1v1\\Program\\App2.exe"=

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [3/31/2010 12:10 PM 207280]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [7/2/2008 9:17 AM 335240]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/6/2010 5:10 PM 68168]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [3/31/2010 12:16 PM 112592]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [5/31/2007 10:08 AM 12856]
R2 SAiDownloader;SAiDownloader;c:\windows\system32\SAiDownloader.exe [2/21/2008 11:52 AM 438272]
R2 SentinelKeysServer;Sentinel Keys Server;c:\program files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe [4/27/2007 2:00 AM 316992]
S1 AEC671X;AEC671X;c:\windows\system32\drivers\aec671x.sys [10/18/2004 1:23 PM 12128]
S1 DMX3191;DMX3191;c:\windows\system32\drivers\DMX3191.SYS [12/13/1999 3:45 PM 17700]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/17/2010 6:00 PM 135664]
S2 UDNT;UDNT;c:\windows\system32\drivers\udnt.sys [10/18/2004 1:23 PM 76260]
S3 cbserial;Cyber Port Driver;c:\windows\system32\drivers\cbserial.sys [8/7/2002 11:21 AM 53248]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [4/1/2010 8:11 PM 38224]
S3 portmon2;Cyber20x Driver;c:\windows\system32\drivers\portmon2.sys [11/11/2003 5:10 PM 6784]
S3 scsiscan;SCSI Scanner Driver;c:\windows\system32\DRIVERS\scsiscan.sys --> c:\windows\system32\DRIVERS\scsiscan.sys [?]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [3/31/2010 12:10 PM 365280]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?]
S3 SNXPCARD;Sunix PCI Multi I/O Card Driver;c:\windows\system32\drivers\snxpcard.sys [6/29/2004 11:40 AM 20864]
S3 SNXPPALX;Sunix PCI Parallel Port Driver;c:\windows\system32\drivers\snxppalx.sys [6/29/2004 11:40 AM 75264]
S4 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2/5/2009 10:45 AM 297752]
.
Contents of the 'Scheduled Tasks' folder

2010-05-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 19:34]

2010-05-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-18 01:00]

2010-05-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-18 01:00]

2010-05-21 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-05-12 05:18]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uDefault_Search_URL = about:blank
mSearch Bar =
uInternet Settings,ProxyOverride = <local>;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
TCP: {BC4CE234-36F2-48EC-93E4-A6636FD8CA4E} = 156.154.70.22,156.154.71.22
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\SignsPlus\Application Data\Mozilla\Firefox\Profiles\a0nl5m1z.default\
FF - prefs.js: browser.startup.homepage - hxxp://start.mozilla.org/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - component: c:\documents and settings\SignsPlus\Application Data\Mozilla\Firefox\Profiles\a0nl5m1z.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\SignsPlus\Application Data\Mozilla\Firefox\Profiles\a0nl5m1z.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
FF - plugin: c:\documents and settings\SignsPlus\Application Data\Mozilla\Firefox\Profiles\a0nl5m1z.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npRACtrl.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{768F2E70-C39C-903D-CCEA-97FC2DFEE6E7} - (no file)
URLSearchHooks-{F2B38612-6EDA-6773-A6AB-151332D26C95} - (no file)
BHO-{768F2E70-C39C-903D-CCEA-97FC2DFEE6E7} - (no file)
BHO-{F2B38612-6EDA-6773-A6AB-151332D26C95} - (no file)
MSConfigStartUp-COMODO Internet Security - c:\program files\COMODO\COMODO Internet Security\cfp.exe
MSConfigStartUp-RunDLL - c:\windows\Downloaded Program Files\bridge.dll



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-21 13:57
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1547161642-602609370-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{AA0DE8EE-97DF-53FA-BA7E-5D78D8716848}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AC5EC8EA-F03A-7E76-6FCF50BA2694CCE9}\{13CB29A0-AAF4-495B-CD9D16CF8052283A}\{B6B6C4AE-9CB1-C034-3E7F909216A0BA21}*]
"63AUOURV1X6YIYB2ELIFO4LTRC1"=hex:01,00,01,00,00,00,00,00,87,da,ad,38,2b,26,f8,
c3,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(840)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\LMIinit.dll
c:\windows\system32\LMIRfsClientNP.dll

- - - - - - - > 'lsass.exe'(896)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll

- - - - - - - > 'explorer.exe'(3240)
c:\program files\Mozy\mozyshell.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVG\AVG8\avgrsx.exe
c:\windows\system32\brss01a.exe
c:\windows\system32\Brmfrmps.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
c:\windows\SOUNDMAN.EXE
c:\windows\system32\devldr32.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-05-21 14:05:29 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-21 21:05

Pre-Run: 6,289,977,344 bytes free
Post-Run: 6,473,261,056 bytes free

- - End Of File - - 6FBEE76C6C2CE5A7A53AA524F8AFC963

#6 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:12:16 AM

Posted 21 May 2010 - 07:15 PM

Looks good but we still have some things we need to do so stick with me.


Download and run PragmaFix by noahdfear.

Follow the prompts in the command window and post the log that pops up when done.

Note: You will need an active Internet connection for this to run.
If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#7 YellowDogSigns

YellowDogSigns
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:16 PM

Posted 21 May 2010 - 07:32 PM

PragmaFix log:

Fri 05/21/2010 17:31:27.32

HKLM\SYSTEM\ControlSet001\Services\PRAGMAnfypdripmt
HKLM\SYSTEM\ControlSet002\Services\PRAGMAnfypdripmt
HKLM\SYSTEM\CurrentControlSet\Services\PRAGMAnfypdripmt

#8 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:12:16 AM

Posted 21 May 2010 - 11:31 PM

Next thing to do:


Click Start > Run and type pragmafix -auto in the runbox. Press enter.

Post the Pragmafix log when done.
If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#9 YellowDogSigns

YellowDogSigns
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:16 PM

Posted 23 May 2010 - 12:11 PM

'pragmafix -auto' log:

Sun 05/23/2010 10:09:50.85


HKLM\SYSTEM\ControlSet001\Services\PRAGMAnfypdripmt

Delete? (y/n) Key successfully deleted.


HKLM\SYSTEM\ControlSet002\Services\PRAGMAnfypdripmt

Delete? (y/n) Key successfully deleted.

#10 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:12:16 AM

Posted 23 May 2010 - 01:54 PM

OK, let's run a scan and see how we are:



It's important to run this online scan to search for any remnants. It can take some time, so please be patient and allow it to run it's full course:



Please perform a scan with Kaspersky Online Virus Scanner.
-- Requires free Java Runtime Environment (JRE) to be installed before scanning for malware as ActiveX is no longer being used.
-- This scan will not remove any detected file threats but it will show where they are located so they can be cleaned with other tools.
  • Vista users need to right-click the IE or FF Start Menu or Quick Launch Bar icons and Run As Administrator from the context menu.
  • Read the "Advantages - Requirements and Limitations" then press the ... button.
  • You will be prompted to install an application from Kaspersky. Click the Run button. It will start downloading and installing the scanner and virus definitions.
  • When the downloads have finished, you should see 'Database is updated. Ready to scan'. Click on the ... button.
  • Make sure these boxes are checked. By default, they should be. If not, please check them and click on the ... button afterwards:
    • Detect malicious programs of the following categories:
      Viruses, Worms, Trojan Horses, Rootkits
      Spyware, Adware, Dialers and other potentially dangerous programs
    • Scan compound files (doesn't apply to the File scan area):
      Archives
      Mail databases
  • Click on My Computer under the Scan section. OK any warnings from your protection programs.
  • The scan will take a while so be patient and do NOT use the computer while the scan is running. Keep all other programs and windows closed.
  • Once the scan is complete (the 'status' will show complete), click on View Scan Report and any infected objects will be shown.
  • Click on Save Report As... and change the Files of type to Text file (.txt)
  • Name the file KAVScan_ddmmyy (day, month, year) before clicking on the Save button and save it to your Desktop.
  • Copy and paste (Ctrl+C) the saved scan results from that file in your next reply.
-- Note: Some online scanners will detect existing anti-virus software and refuse to cooperate. You may have to disable the real-time protection components of your existing anti-virus and try running the scan again. If you do this, remember to turn them back on after you are finished.
If I have helped you then please consider donating so I can continue the fight against malware Posted Image
All donations go directly to the helper

Posted Image

Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

#11 YellowDogSigns

YellowDogSigns
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:09:16 PM

Posted 24 May 2010 - 11:03 AM

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Monday, May 24, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Sunday, May 23, 2010 13:54:50
Records in database: 4168602
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
G:\

Scan statistics:
Objects scanned: 303907
Threats found: 6
Infected objects found: 9
Suspicious objects found: 0
Scan duration: 06:03:54


File name / Threat / Threats count
C:\CADlink\SignLab7.1\VNCHooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.b 1
C:\CADlink\SignLab7.1\winvnc.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.h 1
C:\Documents and Settings\SignsPlus\Application Data\Sun\Java\Deployment\cache\6.0\13\2cea244d-754e389a Infected: Exploit.Java.Agent.f 1
C:\Documents and Settings\SignsPlus\Application Data\Sun\Java\Deployment\cache\6.0\13\2cea244d-754e389a Infected: Trojan-Downloader.Java.Agent.ax 2
C:\Qoobox\Quarantine\C\WINDOWS\system32\Drivers\isapnp.sys.vir_ Infected: Rootkit.Win32.TDSS.ap 1
C:\System Volume Information\_restore{6D06B5A0-4DD7-4213-8F15-61EB730BC18A}\RP1286\A0093774.sys Infected: Trojan.Win32.Genome.jsah 1
E:\CADlink\SignLab7\VNCHooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.b 1
E:\CADlink\SignLab7\winvnc.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.h 1

Selected area has been scanned.


#12 thewall

thewall

  • Malware Response Team
  • 6,425 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:12:16 AM

Posted 24 May 2010 - 11:57 AM

Not a whole lot there to be worried about. The Qoobox entry system restore will be taken care of when we remove ComboFix.


Go to the following link and follow the instructions for emptying your Java cache:


http://support.f-secure.com/enu/home/virus...javacache.shtml



When you have completed this try running DDS again and post the logs it produces. You can post both of them in the reply window, no need to make an attachment. I'll give you the instructions again in case you have removed the program from your computer




Download DDS and save it to your desktop from here or here.
Disable any script blocker, and then double click dds.scr to run the tool.
  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt
  • Save both reports to your desktop, post them in the reply window.

  • If I have helped you then please consider donating so I can continue the fight against malware Posted Image
    All donations go directly to the helper

    Posted Image

    Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

    #13 YellowDogSigns

    YellowDogSigns
    • Topic Starter

    • Members
    • 15 posts
    • OFFLINE
    •  
    • Local time:09:16 PM

    Posted 24 May 2010 - 12:28 PM


    DDS (Ver_10-03-17.01) - NTFSx86
    Run by SignsPlus at 10:24:03.51 on Mon 05/24/2010
    Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_20
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1193 [GMT -7:00]


    ============== Running Processes ===============

    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    C:\Program Files\AVG\AVG8\avgrsx.exe
    svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\brsvc01a.exe
    C:\WINDOWS\system32\brss01a.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\WINDOWS\system32\Brmfrmps.exe
    C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\system32\SAiDownloader.exe
    C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
    C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Protection Server\WinNT\spnsrvnt.exe
    C:\WINDOWS\System32\svchost.exe -k imgsvc
    C:\WINDOWS\system32\devldr32.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\SignsPlus\Desktop\dds.scr

    ============== Pseudo HJT Report ===============

    uStart Page = about:blank
    uDefault_Search_URL = about:blank
    mSearch Bar =
    uInternet Settings,ProxyOverride = <local>;*.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 5.0\acrobat\activex\AcroIEHelper.ocx
    BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
    BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
    BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll
    EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
    mRun: [SoundMan] SOUNDMAN.EXE
    mRun: [CorelDRAW Graphics Suite 11b] c:\program files\corel\corel graphics 12\languages\en\programs\Registration.exe /title="CorelDRAW Graphics Suite 12" /date=062406 serial=DR12WUS-8007635-CHS lang=EN
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll
    DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
    DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/wmv9dmo.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38145.7642476852
    DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    TCP: {BC4CE234-36F2-48EC-93E4-A6636FD8CA4E} = 156.154.70.22,156.154.71.22
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
    Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
    Notify: avgrsstarter - avgrsstx.dll
    Notify: LMIinit - LMIinit.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\signsp~1\applic~1\mozilla\firefox\profiles\a0nl5m1z.default\
    FF - prefs.js: browser.startup.homepage - hxxp://start.mozilla.org/firefox?client=firefox-a&rls=org.mozilla:en-US:official
    FF - component: c:\documents and settings\signsplus\application data\mozilla\firefox\profiles\a0nl5m1z.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
    FF - component: c:\documents and settings\signsplus\application data\mozilla\firefox\profiles\a0nl5m1z.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
    FF - plugin: c:\documents and settings\signsplus\application data\mozilla\firefox\profiles\a0nl5m1z.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
    FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npRACtrl.dll
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

    ============= SERVICES / DRIVERS ===============

    R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-3-31 207280]
    R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-7-2 335240]
    R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2006-12-4 27784]
    R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
    R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-6 68168]
    R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2010-3-31 112592]
    R2 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [2010-3-8 12672]
    R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2007-5-31 12856]
    R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2007-5-31 47640]
    R2 SAiDownloader;SAiDownloader;c:\windows\system32\SAiDownloader.exe [2008-2-21 438272]
    R2 SentinelKeysServer;Sentinel Keys Server;c:\program files\common files\safenet sentinel\sentinel keys server\sntlkeyssrvr.exe [2007-4-27 316992]
    S1 AEC671X;AEC671X;c:\windows\system32\drivers\aec671x.sys [2004-10-18 12128]
    S1 DMX3191;DMX3191;c:\windows\system32\drivers\DMX3191.SYS [1999-12-13 17700]
    S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-17 135664]
    S2 UDNT;UDNT;c:\windows\system32\drivers\udnt.sys [2004-10-18 76260]
    S3 cbserial;Cyber Port Driver;c:\windows\system32\drivers\cbserial.sys [2002-8-7 53248]
    S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2010-4-1 38224]
    S3 portmon2;Cyber20x Driver;c:\windows\system32\drivers\portmon2.sys [2003-11-11 6784]
    S3 scsiscan;SCSI Scanner Driver;c:\windows\system32\drivers\scsiscan.sys --> c:\windows\system32\drivers\scsiscan.sys [?]
    S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2010-3-31 365280]
    S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2010-3-31 1141712]
    S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?]
    S3 SNXPCARD;Sunix PCI Multi I/O Card Driver;c:\windows\system32\drivers\snxpcard.sys [2004-6-29 20864]
    S3 SNXPPALX;Sunix PCI Parallel Port Driver;c:\windows\system32\drivers\snxppalx.sys [2004-6-29 75264]
    S4 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-2-5 297752]
    S4 LMIRfsClientNP;LMIRfsClientNP; [x]

    =============== Created Last 30 ================

    2010-05-23 19:36:02 411368 ----a-w- c:\windows\system32\deployJava1.dll
    2010-05-22 00:31:24 162616 ----a-w- c:\windows\RegDelNull.exe
    2010-05-21 20:40:12 37248 -c--a-w- c:\windows\system32\dllcache\isapnp.sys
    2010-05-21 20:40:12 37248 ----a-w- c:\windows\system32\drivers\isapnp.sys
    2010-05-21 19:50:58 0 d-----w- C:\VritualRoot
    2010-05-21 18:39:56 0 d-sha-r- C:\cmdcons
    2010-05-21 18:35:35 98816 ----a-w- c:\windows\sed.exe
    2010-05-21 18:35:35 77312 ----a-w- c:\windows\MBR.exe
    2010-05-21 18:35:35 256512 ----a-w- c:\windows\PEV.exe
    2010-05-21 18:35:35 161792 ----a-w- c:\windows\SWREG.exe
    2010-05-20 00:55:26 0 ----a-w- c:\documents and settings\signsplus\defogger_reenable
    2010-05-19 01:13:47 0 d-----w- c:\docume~1\signsp~1\applic~1\QuickScan
    2010-05-19 00:49:04 0 d-----w- c:\docume~1\alluse~1\applic~1\Kaspersky Lab Setup Files
    2010-05-18 04:38:01 0 d-----w- c:\program files\ESET
    2010-05-18 00:44:54 0 d-----w- C:\stdtsa
    2010-05-17 17:41:56 0 d-----w- c:\program files\HashTab Shell Extension
    2010-05-17 17:41:55 0 d-----w- c:\program files\Unlocker
    2010-05-17 17:41:55 0 d-----w- c:\program files\Microsoft PowerToys
    2010-05-17 10:21:17 0 d-----w- C:\WINDOWS.0
    2010-05-13 19:00:43 12872 ----a-w- c:\windows\system32\bootdelete.exe
    2010-05-13 17:04:27 0 d-----w- c:\docume~1\alluse~1\applic~1\Comodo
    2010-05-13 17:01:44 267728 ----a-w- c:\windows\system32\drivers\sfi.dat
    2010-05-13 16:58:26 0 d-----w- c:\program files\COMODO
    2010-05-13 16:57:40 0 d-----w- c:\docume~1\alluse~1\applic~1\Comodo Downloader
    2010-05-12 20:03:57 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
    2010-05-12 20:03:37 0 d-----w- c:\program files\SUPERAntiSpyware
    2010-05-12 20:03:37 0 d-----w- c:\docume~1\signsp~1\applic~1\SUPERAntiSpyware.com
    2010-05-12 10:05:52 173 ----a-w- c:\windows\system32\MRT.INI
    2010-05-12 00:54:41 4912 ----a-w- c:\windows\system32\.crusader
    2010-05-12 00:46:40 15944 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
    2010-05-12 00:45:54 0 d-----w- c:\docume~1\alluse~1\applic~1\Hitman Pro
    2010-05-12 00:45:50 0 d-----w- c:\program files\Hitman Pro 3.5

    ==================== Find3M ====================

    2010-04-29 22:39:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-04-29 22:39:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-04-15 22:44:16 576928 -c--a-w- c:\windows\fonts\AdobeFnt.lst
    2010-04-15 22:44:16 382835 -c--a-w- c:\windows\fonts\atmfolder\AdobeFnt.lst
    2010-03-31 19:40:07 4096 ----a-w- C:\conf.dat
    2010-03-11 02:05:46 106092 ----a-w- c:\windows\fonts\atmfolder\Catull.ttf
    2010-03-09 11:09:18 430080 ----a-w- c:\windows\system32\vbscript.dll
    2010-02-26 05:43:57 667136 ----a-w- c:\windows\system32\wininet.dll
    2010-02-26 05:43:54 81920 ------w- c:\windows\system32\ieencode.dll

    ============= FINISH: 10:24:54.90 ===============



    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT

    DDS (Ver_10-03-17.01)

    Microsoft Windows XP Professional
    Boot Device: \Device\HarddiskVolume1
    Install Date: 6/20/2006 3:56:02 PM
    System Uptime: 5/23/2010 10:02:08 AM (24 hours ago)

    Motherboard: ASUSTeK Computer INC. | | K8N-E
    Processor: AMD Athlon™ 64 Processor 3400+ | Socket 754 | 2411/200mhz

    ==== Disk Partitions =========================

    A: is Removable
    C: is FIXED (NTFS) - 37 GiB total, 6.076 GiB free.
    D: is CDROM ()
    E: is FIXED (NTFS) - 75 GiB total, 13.331 GiB free.
    G: is Removable

    ==== Disabled Device Manager Items =============

    Class GUID:
    Description:
    Device ID: ACPI\ATK0110\1010110
    Manufacturer:
    Name:
    PNP Device ID: ACPI\ATK0110\1010110
    Service:

    Class GUID: {4D36E97D-E325-11CE-BFC1-08002BE10318}
    Description: Logical Disk Manager
    Device ID: ROOT\DMIO\0000
    Manufacturer: (Standard system devices)
    Name: Logical Disk Manager
    PNP Device ID: ROOT\DMIO\0000
    Service: dmio

    ==== System Restore Points ===================

    RP1260: 4/16/2010 3:01:20 AM - Software Distribution Service 3.0
    RP1261: 4/17/2010 3:00:40 AM - Software Distribution Service 3.0
    RP1262: 4/18/2010 3:00:33 AM - Software Distribution Service 3.0
    RP1263: 4/19/2010 3:01:00 AM - Software Distribution Service 3.0
    RP1264: 4/20/2010 3:01:08 AM - Software Distribution Service 3.0
    RP1265: 4/21/2010 3:00:49 AM - Software Distribution Service 3.0
    RP1266: 4/22/2010 3:00:48 AM - Software Distribution Service 3.0
    RP1267: 4/22/2010 2:27:00 PM - Installed Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
    RP1268: 4/23/2010 3:01:05 AM - Software Distribution Service 3.0
    RP1269: 4/24/2010 3:01:25 AM - Software Distribution Service 3.0
    RP1270: 4/25/2010 3:00:36 AM - Software Distribution Service 3.0
    RP1271: 4/26/2010 3:00:57 AM - Software Distribution Service 3.0
    RP1272: 4/27/2010 3:01:13 AM - Software Distribution Service 3.0
    RP1273: 4/28/2010 3:02:00 AM - Software Distribution Service 3.0
    RP1274: 4/29/2010 3:00:41 AM - Software Distribution Service 3.0
    RP1275: 4/30/2010 3:00:54 AM - Software Distribution Service 3.0
    RP1276: 5/1/2010 3:00:46 AM - Software Distribution Service 3.0
    RP1277: 5/2/2010 3:00:43 AM - Software Distribution Service 3.0
    RP1278: 5/3/2010 3:00:57 AM - Software Distribution Service 3.0
    RP1279: 5/4/2010 3:00:53 AM - Software Distribution Service 3.0
    RP1280: 5/5/2010 3:00:30 AM - Software Distribution Service 3.0
    RP1281: 5/6/2010 3:01:09 AM - Software Distribution Service 3.0
    RP1282: 5/7/2010 3:00:45 AM - Software Distribution Service 3.0
    RP1283: 5/8/2010 3:00:32 AM - Software Distribution Service 3.0
    RP1284: 5/9/2010 3:00:25 AM - Software Distribution Service 3.0
    RP1285: 5/10/2010 3:00:24 AM - Software Distribution Service 3.0
    RP1286: 5/11/2010 3:00:31 AM - Software Distribution Service 3.0
    RP1287: 5/12/2010 3:00:28 AM - Software Distribution Service 3.0
    RP1288: 5/13/2010 9:38:24 AM - Software Distribution Service 3.0
    RP1289: 5/13/2010 9:59:31 AM - Installed COMODO Internet Security
    RP1290: 5/21/2010 11:46:30 AM - Software Distribution Service 3.0
    RP1291: 5/21/2010 1:29:56 PM - Removed COMODO livePCsupport
    RP1292: 5/21/2010 1:33:24 PM - Removed COMODO Internet Security
    RP1293: 5/22/2010 3:00:19 AM - Software Distribution Service 3.0
    RP1294: 5/23/2010 10:04:50 AM - Software Distribution Service 3.0
    RP1295: 5/23/2010 12:35:38 PM - Installed Java™ 6 Update 20
    RP1296: 5/24/2010 3:00:22 AM - Software Distribution Service 3.0

    ==== Installed Programs ======================

    µTorrent
    2007 Microsoft Office Suite Service Pack 1 (SP1)
    Ad-Aware SE Personal
    Adobe Acrobat 5.0
    Adobe AIR
    Adobe Anchor Service CS3
    Adobe Anchor Service CS4
    Adobe Asset Services CS3
    Adobe Bridge 1.0
    Adobe Bridge CS3
    Adobe Bridge Start Meeting
    Adobe Camera Raw 4.0
    Adobe CMaps
    Adobe Color - Photoshop Specific
    Adobe Color Common Settings
    Adobe Color EU Extra Settings
    Adobe Color JA Extra Settings
    Adobe Color NA Recommended Settings
    Adobe Common File Installer
    Adobe Creative Suite 4 Master Collection
    Adobe Default Language CS3
    Adobe Device Central CS3
    Adobe ExtendScript Toolkit 2
    Adobe Flash Player 10 Plugin
    Adobe Flash Player ActiveX
    Adobe Fonts All
    Adobe Help Center 1.0
    Adobe Help Viewer CS3
    Adobe Illustrator CS
    Adobe Illustrator CS2
    Adobe Linguistics CS3
    Adobe PDF Library Files
    Adobe Photoshop 7.0
    Adobe Photoshop CS2
    Adobe Photoshop CS3
    Adobe Premiere Elements 7.0
    Adobe Reader 6.0.1
    Adobe Setup
    Adobe Stock Photos 1.0
    Adobe Stock Photos CS3
    Adobe Support Advisor
    Adobe SVG Viewer 3.0
    Adobe Type Support
    Adobe Update Manager CS3
    Adobe Version Cue CS3 Client
    Adobe WinSoft Linguistics Plugin
    Adobe XMP Panels CS3
    Adobe XMP Panels CS4
    AdobeSupportAdvisor
    Advanced WindowsCare 2.55 Personal
    Alien Skin Eye Candy 5 Impact
    Alien Skin Eye Candy 5 Nature
    Alien Skin Eye Candy 5 Textures
    Apple Application Support
    Apple Software Update
    AVG Free 8.5
    BenVista PhotoZoom Pro 3.0.6
    Brother MFL-Pro Suite
    Browser Defender 2.0.6.11
    CCleaner
    CleanUp!
    CorelDRAW 10
    CorelDRAW Graphics Suite 12
    CPUID CPU-Z 1.53.1
    Defraggler (remove only)
    DivX Web Player
    eMule
    ESET Online Scanner v3
    ESPN Java Check
    EVEREST Home Edition v1.51
    FlexiSIGN-PRO 7.6v2
    FlexiSIGN-PRO 8.1v1
    GdiplusUpgrade
    Google Toolbar for Internet Explorer
    Google Update Helper
    GoToMeeting 4.0.0.320
    GraphixCALC Pro v1.2.0
    HASP Device Driver
    HASP HL Device Driver
    HighMAT Extension to Microsoft Windows XP CD Writing Wizard
    Hitman Pro 3.5
    Hotfix for Windows XP (KB976098-v2)
    Hotfix for Windows XP (KB979306)
    hp color LaserJet 2550 series
    HP Software Update
    HP Update
    huey 1.0
    Image Resizer Powertoy for Windows XP
    InsiderBaseball 2006
    InsiderBaseball 2007
    InsiderBaseball 2009
    InsiderBaseball 2010
    Ipswitch WS_FTP Home
    J2SE Runtime Environment 5.0
    J2SE Runtime Environment 5.0 Update 10
    J2SE Runtime Environment 5.0 Update 11
    J2SE Runtime Environment 5.0 Update 2
    J2SE Runtime Environment 5.0 Update 4
    J2SE Runtime Environment 5.0 Update 6
    J2SE Runtime Environment 5.0 Update 9
    Java Auto Updater
    Java™ 6 Update 2
    Java™ 6 Update 20
    Java™ 6 Update 3
    Java™ SE Runtime Environment 6 Update 1
    LogMeIn
    Macromedia Flash Player 8
    Malwarebytes' Anti-Malware
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Hotfix (KB928366)
    Microsoft Color Control Panel Applet for Windows XP
    Microsoft Data Access Components KB870669
    Microsoft IntelliPoint 5.5
    Microsoft IntelliType Pro 5.3
    Microsoft Office Access 2003 Runtime
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
    Microsoft Silverlight
    Microsoft Software Update for Web Folders (English) 12
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft XML Parser and SDK
    Mozilla Firefox (3.5.9)
    MozyHome Remote Backup
    MSN Music Assistant
    MSXML 4.0 SP2 (KB927978)
    MSXML 4.0 SP2 (KB936181)
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Nero Suite
    NVIDIA Drivers
    Panda ActiveScan
    PaperPort
    PCDrafter 2008
    PDF Settings
    Peggle Nights Deluxe 1.0
    Photocopier Pro Version 3.04
    PhotoMAX SE
    PowerISO
    Print and Cut Manager 2.0 (C:\CADlink\Print Cut Manager)
    PrintScreen
    QuickTime
    RAR Repair Tool v.4.0.1
    RealPlayer
    Realtek AC'97 Audio
    Rhapsody Player Engine
    S3 S3Display
    S3 S3Gamma2
    S3 S3Info2
    S3 S3Overlay
    SAi Production Suite
    Security Update for 2007 Microsoft Office System (KB951550)
    Security Update for 2007 Microsoft Office System (KB951944)
    Security Update for 2007 Microsoft Office System (KB958439)
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft Office Excel 2007 (KB958437)
    Security Update for Microsoft Office OneNote 2007 (KB950130)
    Security Update for Microsoft Office PowerPoint 2007 (KB951338)
    Security Update for Microsoft Office Publisher 2007 (KB950114)
    Security Update for Microsoft Office system 2007 (KB954326)
    Security Update for Microsoft Office system 2007 (KB956828)
    Security Update for Microsoft Office Word 2007 (KB956358)
    Security Update for Visio 2007 (KB947590)
    Security Update for Windows Media Player (KB954155)
    Security Update for Windows XP (KB958869)
    Security Update for Windows XP (KB969059)
    Security Update for Windows XP (KB969947)
    Security Update for Windows XP (KB970430)
    Security Update for Windows XP (KB971468)
    Security Update for Windows XP (KB971486)
    Security Update for Windows XP (KB972270)
    Security Update for Windows XP (KB973525)
    Security Update for Windows XP (KB973904)
    Security Update for Windows XP (KB974112)
    Security Update for Windows XP (KB974318)
    Security Update for Windows XP (KB974392)
    Security Update for Windows XP (KB974455)
    Security Update for Windows XP (KB974571)
    Security Update for Windows XP (KB975025)
    Security Update for Windows XP (KB975467)
    Security Update for Windows XP (KB975560)
    Security Update for Windows XP (KB975561)
    Security Update for Windows XP (KB975713)
    Security Update for Windows XP (KB976325)
    Security Update for Windows XP (KB977165)
    Security Update for Windows XP (KB977816)
    Security Update for Windows XP (KB977914)
    Security Update for Windows XP (KB978037)
    Security Update for Windows XP (KB978251)
    Security Update for Windows XP (KB978262)
    Security Update for Windows XP (KB978338)
    Security Update for Windows XP (KB978542)
    Security Update for Windows XP (KB978601)
    Security Update for Windows XP (KB978706)
    Security Update for Windows XP (KB979309)
    Security Update for Windows XP (KB979683)
    Security Update for Windows XP (KB980232)
    Security Update for Windows XP (KB981349)
    SEH InterCon-NetTool 1.8.28
    SEH Print Monitor 4.4.9
    Sentinel Protection Installer 7.4.0
    SignLab (C:\CADlink\SignLab5)
    SignLab Print and Cut (C:\CADlink\SignLab7.1)
    SmartFTP Client 2.0
    SmartFTP Client 2.0 Setup Files (remove only)
    Spybot - Search & Destroy
    Spyware Doctor 7.0
    Suite Shared Configuration CS4
    SUPERAntiSpyware Free Edition
    The Big Box of Art
    UniChrome IGP Driver and Utilities
    Uninstall PGEDemo
    Update for Microsoft Office Outlook 2007 (KB952142)
    Update for Office 2007 (KB946691)
    Update for Outlook 2007 Junk Email Filter (kb959141)
    Update for Windows XP (KB955759)
    Update for Windows XP (KB971737)
    Update for Windows XP (KB973687)
    Update for Windows XP (KB976749)
    Update for Windows XP (KB978207)
    Update for Windows XP (KB980182)
    WebFldrs XP
    Windows Media Format Runtime
    Windows Media Player 10
    Windows XP Service Pack 3
    WinRAR archiver

    ==== Event Viewer Messages From Past Week ========

    5/21/2010 12:04:22 PM, error: Service Control Manager [7031] - The AVG8 WatchDog service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
    5/21/2010 11:47:43 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft .NET Framework 1.1 Service Pack 1 Security Update for Windows 2000, Windows XP, Windows Vista, Windows Server 2008, Windows 7, and Windows Server 2008 R2 (KB953297).
    5/21/2010 11:47:43 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8007006e: Security Update for Microsoft Office Web Components (KB947319).
    5/21/2010 11:45:09 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: dmio
    5/21/2010 11:45:09 AM, error: Service Control Manager [7000] - The UDNT service failed to start due to the following error: The system cannot find the device specified.
    5/21/2010 11:44:51 AM, error: LDMS [3016] - Failed to initialize DmServer service. The service is not running. Error: C000003A
    5/21/2010 11:44:51 AM, error: LDMS [3004] - Failed to open event VxKernel2VoldEvent, Error=C000003A.
    5/21/2010 11:44:11 AM, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\system32\SHELL32.dll. Reference error message: The operation completed successfully. .
    5/21/2010 1:53:07 PM, error: PlugPlayManager [11] - The device Root\LEGACY_PRAGMANFYPDRIPMT\0000 disappeared from the system without first being prepared for removal.
    5/21/2010 1:44:30 PM, error: Service Control Manager [7016] - The BrSplService service has reported an invalid current state 0.
    5/18/2010 8:34:04 AM, error: SideBySide [59] - Generate Activation Context failed for System Default Context. Reference error message: The operation completed successfully. .
    5/18/2010 6:15:06 PM, error: SideBySide [59] - Resolve Partial Assembly failed for Microsoft.Windows.Common-Controls. Reference error message: Access is denied. .
    5/18/2010 6:15:06 PM, error: SideBySide [59] - Generate Activation Context failed for C:\WINDOWS\system32\WININET.dll. Reference error message: The operation completed successfully. .
    5/17/2010 8:12:42 PM, information: Windows File Protection [64004] - The protected system file msihnd.dll could not be restored to its original, valid version. The file version of the bad file is 3.1.4001.5512 The specific error code is 0x00000426 [The service has not been started. ].
    5/17/2010 8:12:42 PM, information: Windows File Protection [64004] - The protected system file msiexec.exe could not be restored to its original, valid version. The file version of the bad file is 3.1.4001.5512 The specific error code is 0x00000426 [The service has not been started. ].
    5/17/2010 8:12:37 PM, information: Windows File Protection [64004] - The protected system file msi.dll could not be restored to its original, valid version. The file version of the bad file is 3.1.4001.5512 The specific error code is 0x00000426 [The service has not been started. ].
    5/17/2010 6:17:50 PM, information: Windows File Protection [64004] - The protected system file msihnd.dll could not be restored to its original, valid version. The file version of the bad file is unknown The specific error code is 0x00000426 [The service has not been started. ].
    5/17/2010 6:17:36 PM, information: Windows File Protection [64004] - The protected system file msiexec.exe could not be restored to its original, valid version. The file version of the bad file is unknown The specific error code is 0x00000426 [The service has not been started. ].
    5/17/2010 6:17:21 PM, information: Windows File Protection [64004] - The protected system file msi.dll could not be restored to its original, valid version. The file version of the bad file is unknown The specific error code is 0x00000426 [The service has not been started. ].

    ==== End Of File ===========================




    #14 thewall

    thewall

    • Malware Response Team
    • 6,425 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:Florida
    • Local time:12:16 AM

    Posted 24 May 2010 - 12:56 PM

    Just a couple of more thing to take care of:


    Please uninstall older version of Adobe Reader before installing the latest version

    * Click Start
    * Control Panel
    * Double clicking on Add/Remove Programs
    * Locate older version of Adobe Reader and click on Change/Remove to uninstall it
    * Click HERE to download the latest version of Adobe Acrobat Reader.
    * Select your Windows version and click onDownload. If you are using Internet Explorer, you will receive prompts. Allow the installation to be ran and it will be installed automatically for you. If you are using other browsers, it will prompt you to save a file. Save this file to your desktop and run it to install the latest version of Adobe Reader.
    * Close your Internet browser and open it again.






    Although you have the latest version of Java you also have a lot of older versions still showing in your Add/Remove. All of these older versions leave you vulnerable to exploitation by Malware. Please remove all of the following:



    J2SE Runtime Environment 5.0
    J2SE Runtime Environment 5.0 Update 10
    J2SE Runtime Environment 5.0 Update 11
    J2SE Runtime Environment 5.0 Update 2
    J2SE Runtime Environment 5.0 Update 4
    J2SE Runtime Environment 5.0 Update 6
    J2SE Runtime Environment 5.0 Update 9
    Java Auto Updater
    Java™ 6 Update 2
    Java™ 6 Update 3
    Java™ SE Runtime Environment 6 Update 1







    When completed let me know if the computer is still running OK and we will finish up in my next post.

    If I have helped you then please consider donating so I can continue the fight against malware Posted Image
    All donations go directly to the helper

    Posted Image

    Due to the large amount of backlogs we have I cannot respond to PMs for help unless I am already working with you

    #15 YellowDogSigns

    YellowDogSigns
    • Topic Starter

    • Members
    • 15 posts
    • OFFLINE
    •  
    • Local time:09:16 PM

    Posted 24 May 2010 - 01:27 PM

    Thanks for all of this help. It is greatly appreciated.

    I removed the old Adobe Reader and installed the new one. Restarted browser and everything seems fine.

    I was not able to uninstall any of the old Java entries. I tried all of them and received 'Error Applying Transforms' or it wanted the location of jre1.5.0-iftw.msi.






    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users