Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google Redirect Virus and other small problems.


  • This topic is locked This topic is locked
9 replies to this topic

#1 jakeandchase

jakeandchase

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:10:53 PM

Posted 04 June 2010 - 10:03 AM

Hey guise, i orignally posted in this thread, but was unsure what exactly i was supposed to do to find the name of the infection. Orange blossom reffered me to some instructions and asked me to post here.
Well this seems to be causing some small issues like random freezing and my task bar becoming white on startup sometimes. But the big and main issue is most of the time when i click a link on google i am redirected to a sometimes harmful advertisement site. The sites are always different so i can't really pick them out.

Have also had this random pop-up "Just-in-Time" Bugging every now and then. I think it's to do with an unresponsive script or something. I have to spam "no" a number of times for it to stop appearing.
The redirecting happens on all my browsers, IE, Safari, Firefox and even my freshly downloaded Opera.


I have scanned with:
AVG
SuperAntiSpyware
Spybot S&D
Malbytes Malware

They found some infections, i cleaned them all up but none fixed this issue.

Have thought of searching with combofix, but although i am quite well at computers; i am not a trained professional.

NOTE: My laptop seems to bluescreen then restart everytime i scan with GMER.exe It seems to happen when i hit a certain file.
DDS log:



DDS (Ver_10-03-17.01) - NTFSx86
Run by Scott at 1:00:11.46 on Sat 05/06/2010
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Professional 5.1.2600.3.1252.61.1033.18.1015.200 [GMT 10:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\System32\svchost.exe -k Cognizance
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cobian Backup 10\cbVSCService.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\PnkBstrA.exe
C:\Documents and Settings\Scott\My Documents\Jakes\Sandboxie\SbieSvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\TVersity\Media Server\MediaServer.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe
C:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
C:\Program Files\Pure Networks\Network Magic\nmapp.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Winamp Remote\bin\OrbTray.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Winamp Remote\bin\Orb.exe
C:\Program Files\Ventrilo\Ventrilo.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Scott\Desktop\dds.scr
C:\WINDOWS\system32\NOTEPAD.EXE

============== Pseudo HJT Report ===============

uSearch Bar =
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com.au/keyword/%s
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: Winamp Toolbar Loader: {25cee8ec-5730-41bc-8b58-22ddc8ab8c20} - c:\program files\winamp toolbar\winamptb.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Credential Manager for HP ProtectTools: {df21f1db-80c6-11d3-9483-b03d0ec10000} - c:\program files\hewlett-packard\iam\bin\ItIEAddIn.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - c:\program files\winamp toolbar\winamptb.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
uRun: [NetMeter] c:\documents and settings\scott\my documents\downloads\NetMeter114beta_4.exe
uRun: [\\KITCHEN\EPSON Stylus CX3900 Series (Copy 1)] c:\windows\system32\spool\drivers\w32x86\3\e_fatibep.exe /fu "c:\windows\temp\E_S428.tmp" /EF "HKCU"
uRun: [\\KITCHEN\EPSON Stylus CX3900 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatibep.exe /fu "c:\windows\temp\E_S42B.tmp" /EF "HKCU"
uRun: [Orb] "c:\program files\winamp remote\bin\OrbTray.exe" /background
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [SoundMAX] c:\program files\analog devices\soundmax\Smax4.exe /tray
mRun: [PTHOSTTR] c:\program files\hewlett-packard\hp protecttools security manager\PTHOSTTR.EXE /Start
mRun: [CognizanceTS] rundll32.exe c:\progra~1\hewlet~1\iam\bin\ASTSVCC.dll,RegisterModule
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
mRun: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [nmctxth] "c:\program files\common files\pure networks shared\platform\nmctxth.exe"
mRun: [nmapp] "c:\program files\pure networks\network magic\nmapp.exe" -autorun -nosplash
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {F4430FE8-2638-42e5-B849-800749B94EED} - c:\program files\partygaming.net\partypokernet\RunPF.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-AU/a-UNO1/GAME_UNO1.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1217465890748
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
TCP: {83F05F0F-249F-4995-9FAA-57BEC73C8291} = 192.168.0.1,192.168.0.1
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - c:\program files\common files\pure networks shared\platform\puresp4.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
Notify: OneCard - c:\program files\hewlett-packard\iam\bin\ASWLNPkg.dll
AppInit_DLLs: APSHook.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages = SbHpNp scecli ASWLNPkg

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\scott\applic~1\mozilla\firefox\profiles\4njogirh.default\
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\scott\application data\facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\documents and settings\scott\application data\mozilla\plugins\np-mswmp.dll
FF - plugin: c:\program files\ahnlab\asp\mykeydefense 2.5\npmkd25aos.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\web platform installer\NPWPIDetector.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 SafeBoot;SafeBoot;c:\windows\system32\drivers\SafeBoot.sys [2007-4-22 100095]
R0 SbAlg;SbAlg;c:\windows\system32\drivers\SbAlg.sys [2006-10-9 44720]
R0 SbFsLock;SbFsLock;c:\windows\system32\drivers\SbFsLock.sys [2007-3-29 13696]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-8-29 216200]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-8-29 29512]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-8-29 242896]
R1 RsvLock;RsvLock;c:\windows\system32\drivers\rsvlock.sys [2007-4-22 5808]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-18 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-11 67656]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2009-2-20 353672]
R2 ASBroker;Logon Session Broker;c:\windows\system32\svchost.exe -k Cognizance [2006-2-28 14336]
R2 ASChannel;Local Communication Channel;c:\windows\system32\svchost.exe -k Cognizance [2006-2-28 14336]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-4-15 308064]
R2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service;c:\program files\cobian backup 10\cbVSCService.exe [2010-6-4 67584]
R2 HpFkCryptService;Drive Encryption Service;c:\program files\hewlett-packard\drive encryption\HpFkCrypt.exe [2007-4-22 221184]
R2 SWIHPWMI;SWIHPWMI;c:\program files\hpq\shared\sierra wireless\win32\unicode\SWIHPWMI.exe [2006-12-4 292384]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [2008-7-31 44800]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [2008-1-14 21632]
R3 SbieDrv;SbieDrv;c:\documents and settings\scott\my documents\jakes\sandboxie\SbieDrv.sys [2009-9-30 116736]
S3 HP24X;HP PC Card Smart Card Reader;c:\windows\system32\drivers\HP24X.sys [2008-7-31 33024]
S3 Ipapdispdseice;Ipapdispdseice; [x]
S3 Mkd2kfNt;Mkd2kfNt;c:\windows\system32\drivers\Mkd2kfNT.sys [2010-3-6 133632]
S3 Mkd2Nadr;Mkd2Nadr;c:\windows\system32\drivers\Mkd2Nadr.sys [2010-3-6 79360]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2009-3-31 47128]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [2009-3-30 239336]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2009-3-30 366936]

=============== Created Last 30 ================

2010-06-04 07:40:39 20 ------w- c:\documents and settings\scott\defogger_reenable
2010-06-04 07:18:36 0 d-----w- c:\program files\Cobian Backup 10
2010-05-29 08:59:57 0 d-----w- c:\docume~1\scott\applic~1\SUPERAntiSpyware.com
2010-05-29 08:59:57 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-05-29 08:59:17 0 d-----w- c:\program files\SUPERAntiSpyware
2010-05-24 07:59:38 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2010-05-24 07:59:34 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2010-05-24 07:59:03 0 d-----w- c:\program files\Winamp Detect
2010-05-24 07:49:01 0 d-----w- c:\program files\Winamp Toolbar
2010-05-24 07:49:01 0 d-----w- c:\docume~1\alluse~1\applic~1\Winamp Toolbar
2010-05-24 07:48:27 0 d-----w- c:\docume~1\alluse~1\applic~1\OrbNetworks
2010-05-24 07:48:19 0 d-----w- c:\program files\Winamp Remote
2010-05-24 07:46:33 129520 ------w- c:\windows\system32\pxafs.dll
2010-05-12 07:25:40 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-12 07:24:09 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-05-08 22:41:21 0 d-----w- c:\docume~1\alluse~1\applic~1\151F
2010-05-08 22:38:30 483328 ----a-w- c:\windows\system32\actskn45.ocx
2010-05-08 22:38:18 0 d-----w- c:\program files\BearShare Applications

==================== Find3M ====================

2010-06-03 07:43:59 42 -c----w- c:\documents and settings\scott\jagex_runescape_preferences.dat
2010-06-03 07:43:58 41 ------w- c:\documents and settings\scott\jagex__preferences3.dat
2010-06-03 07:40:24 87 ------w- c:\documents and settings\scott\jagex_runescape_preferences2.dat
2010-04-29 05:39:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 05:39:26 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-23 14:58:48 354 ------w- c:\documents and settings\scott\fix.reg
2010-04-23 14:40:12 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-04-15 03:47:23 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-04-15 03:46:01 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-04-08 03:20:02 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 03:20:02 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-03-23 07:08:52 69868 -c-ha-w- c:\windows\system32\mlfcache.dat
2010-03-11 12:38:54 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:38:52 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:38:51 17408 ----a-w- c:\windows\system32\corpol.dll

============= FINISH: 1:02:14.93 ===============

Attached Files


Edited by jakeandchase, 04 June 2010 - 10:08 AM.


BC AdBot (Login to Remove)

 


#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:06:53 AM

Posted 06 June 2010 - 01:55 PM

Hello jakeandchase,



Don't worry about GMER for now. That happens a lot. If we need it later, we'll get it to run. smile.gif

Let's do ComboFix then, and you can see what it's all about :

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

1. Download this file - combofix.exe
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

2. Double click combofix.exe & follow the prompts.
3. When finished, it will produce a log for you. Post that log in your next reply please.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall.

If you have trouble running it the first time, then rename ComboFix.exe to jakeandchase.exe and try again.

Thanks,
tea


Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 jakeandchase

jakeandchase
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:10:53 PM

Posted 08 June 2010 - 01:29 AM

Hey, I feel abit uncomfortable about using combofix? Will it crash my system?

#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:06:53 AM

Posted 08 June 2010 - 10:45 AM

Hello,

No......GMER probably did worse. wink.gif I would never ask you to do something I knew to be bad for your computer. The precautions are put into place for the people that decide to use ComboFix without experienced help. It is a powerful tool and there is more to it than meets the eye.
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#5 jakeandchase

jakeandchase
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:10:53 PM

Posted 09 June 2010 - 06:59 AM

Hey, Thanks! Combofox found a rootkit, and deleted a few files. Haven't tried using google yet. I'll upload the log too if that makes it any easier.

ComboFix 10-06-08.03 - Scott 09/06/2010 21:01:25.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.61.1033.18.1015.420 [GMT 10:00]
Running from: c:\documents and settings\Scott\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Toolbar4
c:\documents and settings\Scott\Application Data\inst.exe
c:\windows\system32\scvideo.dll
c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIBEP.exe

Infected copy of c:\windows\system32\drivers\PCI.sys was found and disinfected
Restored copy from - Kitty had a snack tongue.gif
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF


((((((((((((((((((((((((( Files Created from 2010-05-09 to 2010-06-09 )))))))))))))))))))))))))))))))
.

2010-06-08 12:44 . 2010-06-08 12:44 1571304 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1409082233-602162358-839522115-1003-0.dat
2010-06-08 12:44 . 2010-06-08 12:44 374482 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2010-06-07 09:57 . 2010-06-07 09:57 -------- d-----w- c:\program files\Microsoft Synchronization Services
2010-06-07 09:44 . 2010-06-07 09:44 -------- d-----w- c:\windows\symbols
2010-06-07 09:43 . 2010-06-07 09:47 -------- d-----w- c:\program files\HTML Help Workshop
2010-06-07 09:43 . 2010-06-07 09:50 -------- d-----w- c:\program files\Microsoft Visual Studio 10.0
2010-06-07 09:43 . 2010-06-07 09:48 -------- d-----w- c:\program files\Common Files\Merge Modules
2010-06-07 09:43 . 2010-06-07 09:43 -------- d-----w- c:\program files\Microsoft Help Viewer
2010-06-06 09:43 . 2010-05-07 16:01 30024 ----a-w- c:\windows\system32\uxtuneup.dll
2010-06-06 09:36 . 2010-05-07 16:06 30536 ----a-w- c:\windows\system32\TURegOpt.exe
2010-06-06 09:35 . 2010-06-06 09:35 -------- d-----w- c:\documents and settings\Scott\Application Data\TuneUp Software
2010-06-06 09:33 . 2010-06-06 09:44 -------- d-----w- c:\program files\TuneUp Utilities 2010
2010-06-06 09:31 . 2010-06-06 09:33 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software
2010-06-06 09:30 . 2010-06-06 09:30 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2010-06-04 07:20 . 2010-06-04 07:20 -------- d-----w- c:\documents and settings\Scott\Local Settings\Application Data\Safe mirror
2010-06-04 07:18 . 2010-06-04 07:19 -------- d-----w- c:\program files\Cobian Backup 10
2010-05-31 05:43 . 2010-05-31 05:43 -------- d-----w- c:\documents and settings\Scott\Local Settings\Application Data\Opera
2010-05-31 05:42 . 2010-05-31 05:42 -------- d-----w- c:\program files\Opera
2010-05-29 08:59 . 2010-05-29 08:59 -------- d-----w- c:\documents and settings\Scott\Application Data\SUPERAntiSpyware.com
2010-05-29 08:59 . 2010-05-29 08:59 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-05-29 08:59 . 2010-05-29 08:59 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-05-27 09:14 . 2010-05-27 09:14 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer
2010-05-27 09:14 . 2010-05-27 09:14 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Apple Computer
2010-05-24 12:23 . 2010-05-24 12:23 -------- d-----w- c:\documents and settings\Scott\Local Settings\Application Data\Winamp Toolbar
2010-05-24 07:59 . 2009-09-04 07:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2010-05-24 07:59 . 2006-09-28 06:05 2414360 ----a-w- c:\windows\system32\d3dx9_31.dll
2010-05-24 07:59 . 2010-05-24 07:59 -------- d-----w- c:\program files\Winamp Detect
2010-05-24 07:49 . 2010-05-24 07:49 -------- d-----w- c:\program files\Winamp Toolbar
2010-05-24 07:49 . 2010-05-24 07:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Winamp Toolbar
2010-05-24 07:48 . 2010-05-24 08:05 -------- d-----w- c:\documents and settings\All Users\Application Data\OrbNetworks
2010-05-24 07:48 . 2010-06-08 06:40 -------- d-----w- c:\program files\Winamp Remote
2010-05-24 07:46 . 2009-04-28 20:20 129520 ------w- c:\windows\system32\pxafs.dll
2010-05-24 07:46 . 2010-05-25 06:44 -------- d-----w- c:\program files\Winamp
2010-05-24 07:46 . 2010-05-25 06:03 -------- d-----w- c:\documents and settings\Scott\Application Data\Winamp
2010-05-17 04:20 . 2010-05-17 04:22 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-05-12 07:25 . 2010-05-12 07:25 411368 ----a-w- c:\windows\system32\deployJava1.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-09 11:23 . 2008-12-08 08:02 -------- d-----w- c:\program files\DNA
2010-06-09 11:23 . 2008-12-08 08:02 -------- d-----w- c:\documents and settings\Scott\Application Data\DNA
2010-06-09 08:45 . 2009-09-10 06:50 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-06-09 07:30 . 2009-09-21 12:12 87 ----a-w- c:\documents and settings\Scott\jagex_runescape_preferences2.dat
2010-06-09 07:20 . 2008-10-04 01:06 42 -c--a-w- c:\documents and settings\Scott\jagex_runescape_preferences.dat
2010-06-09 07:20 . 2008-12-24 13:13 0 -c--a-w- c:\documents and settings\Scott\Local Settings\Application Data\prvlcl.dat
2010-06-09 07:10 . 2010-04-07 11:30 41 ----a-w- c:\documents and settings\Scott\jagex__preferences3.dat
2010-06-07 09:43 . 2008-10-22 09:08 -------- d-----w- c:\program files\MSBuild
2010-06-07 09:35 . 2010-02-07 02:09 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2010-06-07 02:57 . 2006-02-28 12:00 68224 ----a-w- c:\windows\system32\drivers\PCI.sys
2010-06-06 14:34 . 2008-12-27 14:32 -------- d-----w- c:\documents and settings\Scott\Application Data\uTorrent
2010-06-06 14:21 . 2008-07-31 00:05 -------- d-----w- c:\program files\Microsoft.NET
2010-06-06 00:31 . 2008-12-27 14:32 -------- d-----w- c:\program files\uTorrent
2010-06-04 16:42 . 2009-05-17 07:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-06-04 16:20 . 2009-05-17 07:26 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-06-04 16:16 . 2008-08-29 01:03 242896 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-06-04 16:16 . 2008-08-29 01:03 29584 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-06-02 12:50 . 2010-03-24 07:08 -------- d-----w- c:\program files\Simple Port Forwarding
2010-05-31 06:32 . 2008-11-23 12:24 -------- d-----w- c:\program files\Safari
2010-05-31 06:27 . 2010-02-07 02:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-05-29 23:49 . 2008-10-10 02:53 -------- d-----w- c:\program files\Steam
2010-05-29 22:27 . 2010-05-08 22:38 -------- d-----w- c:\program files\BearShare Applications
2010-05-29 13:51 . 2010-04-23 15:04 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-29 09:44 . 2009-11-07 11:47 -------- d-----w- c:\documents and settings\Scott\Application Data\id Software
2010-05-28 12:10 . 2008-09-26 10:01 -------- d-----w- c:\program files\Messenger Plus! Live
2010-05-23 23:14 . 2010-03-18 02:11 -------- d-----w- c:\program files\Launchy
2010-05-17 04:40 . 2008-10-12 11:38 -------- d-----w- c:\program files\SwiftKit
2010-05-12 07:26 . 2008-10-13 05:19 -------- d-----w- c:\program files\Sun
2010-05-12 07:19 . 2008-10-13 05:18 -------- d-----w- c:\program files\Java
2010-05-12 06:46 . 2010-02-22 08:10 -------- d-----w- c:\documents and settings\Scott\Application Data\IceChat
2010-05-08 22:41 . 2010-05-08 22:41 -------- d-----w- c:\documents and settings\All Users\Application Data\151F
2010-04-29 05:39 . 2010-04-23 15:05 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 05:39 . 2010-04-23 15:05 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-28 07:21 . 2008-11-26 20:48 -------- d-----w- c:\program files\iTunes
2010-04-28 07:20 . 2010-04-28 07:20 -------- d-----w- c:\program files\iPod
2010-04-28 07:20 . 2008-08-01 09:57 -------- d-----w- c:\program files\Common Files\Apple
2010-04-28 07:07 . 2010-04-28 07:07 -------- d-----w- c:\program files\Bonjour
2010-04-23 15:55 . 2010-04-23 15:36 -------- d-----w- c:\documents and settings\Scott\Application Data\FileZilla
2010-04-23 15:06 . 2010-04-23 15:06 -------- d-----w- c:\documents and settings\Scott\Application Data\Malwarebytes
2010-04-23 15:05 . 2010-04-23 15:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-04-23 14:58 . 2010-04-23 14:58 354 ------w- c:\documents and settings\Scott\fix.reg
2010-04-23 14:47 . 2010-04-23 13:43 -------- d-----w- c:\program files\TeamViewer
2010-04-18 11:44 . 2009-12-06 10:43 -------- d-----w- c:\documents and settings\Scott\Application Data\Vso
2010-04-15 07:28 . 2010-04-15 07:27 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-04-15 07:24 . 2010-04-15 07:24 -------- d-----w- c:\program files\QuickTime
2010-04-15 03:47 . 2010-04-15 03:47 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-04-15 03:46 . 2008-08-29 01:03 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-04-12 13:01 . 2010-04-12 13:01 -------- d-----w- c:\documents and settings\Scott\Application Data\TeamViewer
2010-04-12 03:55 . 2008-08-05 09:14 -------- d-----w- c:\program files\iDump
2010-04-08 03:20 . 2010-04-08 03:20 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 03:20 . 2010-04-08 03:20 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-03-23 07:08 . 2008-11-26 11:37 69868 -c-ha-w- c:\windows\system32\mlfcache.dat
2010-03-19 04:02 . 2010-03-19 04:02 843864 ----a-w- c:\windows\system32\hha.dll
2010-03-18 19:17 . 2010-03-18 19:17 65872 ----a-w- c:\windows\system32\VSCover100.dll
2010-03-18 19:17 . 2010-03-18 19:17 111440 ----a-w- c:\windows\system32\VSPerf100.dll
2010-03-18 13:21 . 2010-03-18 13:21 269144 ----a-w- c:\windows\system32\vsjitdebugger.exe
2010-03-18 06:47 . 2010-03-18 06:47 17760 ----a-w- c:\windows\system32\aspnet_counters.dll
2010-03-18 03:16 . 2010-03-18 03:16 771424 ----a-w- c:\windows\system32\msvcr100_clr0400.dll
2010-03-18 03:16 . 2010-03-18 03:16 70472 ----a-w- c:\windows\system32\dxva2.dll
2010-03-18 03:16 . 2010-03-18 03:16 486216 ----a-w- c:\windows\system32\evr.dll
2010-03-18 00:09 . 2010-03-18 00:09 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-03-18 00:09 . 2010-03-18 00:09 49488 ----a-w- c:\windows\system32\netfxperf.dll
2010-03-18 00:09 . 2010-03-18 00:09 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-03-18 00:09 . 2010-03-18 00:09 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-03-11 12:38 . 2006-02-28 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-03-11 12:38 . 2006-02-28 12:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-11 12:38 . 2006-02-28 12:00 17408 ----a-w- c:\windows\system32\corpol.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-09-29 06:24 325000 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-29 325000]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-29 325000]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-09-02 23:45 77824 ------w- c:\documents and settings\Scott\Application Data\Dropbox\bin\DropboxExt.3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-09-02 23:45 77824 ------w- c:\documents and settings\Scott\Application Data\Dropbox\bin\DropboxExt.3.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-09-02 23:45 77824 ------w- c:\documents and settings\Scott\Application Data\Dropbox\bin\DropboxExt.3.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-01-15 147456]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-11-13 323392]
"Orb"="c:\program files\Winamp Remote\bin\OrbTray.exe" [2008-04-01 507904]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-05-18 2397424]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PTHOSTTR"="c:\program files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2007-01-09 145184]
"CognizanceTS"="c:\progra~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2003-12-22 17920]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2007-01-05 872448]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-12 827392]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-05-11 472632]
"QlbCtrl"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2007-11-06 177456]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-04-12 47392]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-20 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-20 166424]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-20 137752]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-15 981384]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2009-04-07 642856]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2010-01-13 467240]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-13 611712]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2010-05-19 37888]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-13 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-7-31 113664]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-2-6 561213]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-04-15 03:47 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OneCard]
2007-02-07 01:30 74240 ----a-r- c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\APSHook.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ SbHpNp scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^Scott^Start Menu^Programs^Startup^Dropbox.lnk]
path=c:\documents and settings\Scott\Start Menu\Programs\Startup\Dropbox.lnk
backup=c:\windows\pss\Dropbox.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Scott^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\documents and settings\Scott\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-04-23 13:51 691656 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SandboxieControl]
2009-09-30 09:15 387584 ----a-w- c:\documents and settings\Scott\My Documents\Jakes\Sandboxie\SbieCtrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Warcraft III\\Frozen Throne.exe"=
"c:\\Program Files\\Steam\\steamapps\\macka654\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\Common Files\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=
"c:\\Program Files\\TVersity\\Media Server\\MediaServer.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe"= c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe:LocalSubNet,0.0.0.0/255.255.255.255:Enabled:Pure Networks Platform Service

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6112:TCP"= 6112:TCP:Warcraft 3 Battle.net
"67:UDP"= 67:UDP:DHCP Discovery Service
"58219:TCP"= 58219:TCP:Pando Media Booster
"58219:UDP"= 58219:UDP:Pando Media Booster
"5353:TCP"= 5353:TCP:Adobe CSI CS4
"3689:TCP"= 3689:TCP:SPF Port 3689 TCP
"5353:UDP"= 5353:UDP:SPF Port 5353 UDP
"1900:TCP"= 1900:TCP:SPF Port 1900 UDP
"3074:UDP"= 3074:UDP:SPF Port 3074 UDP
"3074:TCP"= 3074:TCP:SPF Port 3074 TCP
"3390:TCP"= 3390:TCP:SPF Port 3390 TCP
"3690:TCP"= 3690:TCP:SPF Port 3690 TCP
"3776:UDP"= 3776:UDP:SPF Port 3776 UDP
"3932:TCP"= 3932:TCP:SPF Port 3932 TCP
"4125:TCP"= 4125:TCP:SPF Port 4125 TCP
"5555:TCP"= 5555:TCP:SPF Port 5555 TCP
"7777:UDP"= 7777:UDP:SPF Port 7777 UDP
"8602:UDP"= 8602:UDP:SPF Port 8602 UDP
"8602:TCP"= 8602:TCP:SPF Port 8602 TCP
"88:UDP"= 88:UDP:SPF Port 88 UDP
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"41952:TCP"= 41952:TCP:SPF Port 41952 TCP
"8190:UDP"= 8190:UDP:SPF Port 8190 UDP
"8190:TCP"= 8190:TCP:SPF Port 8190 TCP

R0 SafeBoot;SafeBoot;c:\windows\system32\drivers\SafeBoot.sys [22/04/2007 4:24 PM 100095]
R0 SbAlg;SbAlg;c:\windows\system32\drivers\SbAlg.sys [9/10/2006 1:31 PM 44720]
R0 SbFsLock;SbFsLock;c:\windows\system32\drivers\SbFsLock.sys [29/03/2007 4:54 PM 13696]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [29/08/2008 11:03 AM 216200]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [29/08/2008 11:03 AM 242896]
R1 RsvLock;RsvLock;c:\windows\system32\drivers\rsvlock.sys [22/04/2007 4:25 PM 5808]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [18/02/2010 4:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [11/05/2010 4:41 AM 67656]
R2 ASBroker;Logon Session Broker;c:\windows\System32\svchost.exe -k Cognizance [28/02/2006 10:00 PM 14336]
R2 ASChannel;Local Communication Channel;c:\windows\System32\svchost.exe -k Cognizance [28/02/2006 10:00 PM 14336]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [15/04/2010 1:47 PM 308064]
R2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service;c:\program files\Cobian Backup 10\cbVSCService.exe [4/06/2010 5:19 PM 67584]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 1:16 PM 130384]
R2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [22/04/2007 4:32 PM 221184]
R2 SWIHPWMI;SWIHPWMI;c:\program files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe [4/12/2006 4:13 PM 292384]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [8/05/2010 2:04 AM 1051976]
R3 IFXTPM;IFXTPM;c:\windows\system32\drivers\ifxtpm.sys [31/07/2008 9:38 AM 44800]
R3 ManyCam;ManyCam Virtual Webcam, WDM Video Capture Driver;c:\windows\system32\drivers\ManyCam.sys [14/01/2008 8:06 PM 21632]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [25/02/2010 11:18 AM 10064]
S3 HP24X;HP PC Card Smart Card Reader;c:\windows\system32\drivers\HP24X.sys [31/07/2008 9:24 AM 33024]
S3 Ipapdispdseice;Ipapdispdseice; [x]
S3 Mkd2kfNt;Mkd2kfNt;c:\windows\system32\drivers\Mkd2kfNT.sys [6/03/2010 3:01 PM 133632]
S3 Mkd2Nadr;Mkd2Nadr;c:\windows\system32\drivers\Mkd2Nadr.sys [6/03/2010 3:01 PM 79360]
S3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\VSPerfDrv100.sys [8/12/2009 9:24 PM 48128]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 1:16 PM 753504]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\sqladhlp.exe [31/03/2009 6:44 PM 47128]
S4 RsFx0103;RsFx0103 Driver;c:\windows\system32\drivers\RsFx0103.sys [30/03/2009 2:09 AM 239336]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [18/10/2009 9:55 PM 721904]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [30/03/2009 2:23 AM 366936]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASBroker ASChannel
getPlusHelper REG_MULTI_SZ getPlusHelper

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2010-06-03 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 02:34]

2010-06-09 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 05:07]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com.au/keyword/%s
TCP: {83F05F0F-249F-4995-9FAA-57BEC73C8291} = 192.168.0.1,192.168.0.1
FF - ProfilePath - c:\documents and settings\Scott\Application Data\Mozilla\Firefox\Profiles\4njogirh.default\
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\Scott\Application Data\Facebook\npfbplugin_1_0_1.dll
FF - plugin: c:\documents and settings\Scott\Application Data\Mozilla\plugins\np-mswmp.dll
FF - plugin: c:\program files\AhnLab\ASP\MyKeyDefense 2.5\npmkd25aos.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Microsoft\Web Platform Installer\NPWPIDetector.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-connections-per-server - 6
FF - user.js: network.http.max-persistent-connections-per-server - 3
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-\\KITCHEN\EPSON Stylus CX3900 Series (Copy 1) - c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIBEP.EXE
HKCU-Run-\\KITCHEN\EPSON Stylus CX3900 Series - c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIBEP.EXE
MSConfigStartUp-Raptr - c:\progra~1\Raptr\RaptrStub.exe
AddRemove-18_is1 - g:\imported files\Games\RBO\RAGNAROK BATTLE OFFLINE\unins000.exe
AddRemove-35_is1 - g:\imported files\Games\RBO\RAGNAROK BATTLE OFFLINE\unins001.exe
AddRemove-36_is1 - g:\imported files\Games\RBO\RAGNAROK BATTLE OFFLINE\unins002.exe
AddRemove-Microsoft SQL Server 10 - c:\program files\Microsoft SQL Server\100\Setup Bootstrap\Release\x86\SetupARP.exe
AddRemove-Ragnarok Battle Offline - g:\imported files\Games\RBO\Uninstal.exe
AddRemove-Soldat_is1 - f:\imported files\Games\Soldat\unins000.exe
AddRemove-EliteSwitch - c:\program files\Covey Inc\EliteSwitch\Uninstal.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-09 21:25
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1524)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\program files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
c:\program files\Hewlett-Packard\IAM\bin\ItMsg.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
c:\windows\SbHpNp.DLL
c:\program files\Hewlett-Packard\IAM\Bin\TrayIcon.dll
c:\program files\Hewlett-Packard\IAM\bin\HPBrand.dll
c:\program files\Hewlett-Packard\IAM\Bin\ASChnl.dll

- - - - - - - > 'lsass.exe'(1612)
c:\windows\SbHpNp.dll

- - - - - - - > 'explorer.exe'(3196)
c:\windows\system32\WININET.dll
c:\windows\system32\APSHook.dll
c:\documents and settings\Scott\Application Data\Dropbox\bin\DropboxExt.3.dll
c:\windows\system32\btmmhook.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\msi.dll
c:\program files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\System32\SCardSvr.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\windows\system32\PnkBstrA.exe
c:\documents and settings\Scott\My Documents\Jakes\Sandboxie\SbieSvc.exe
c:\program files\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
c:\program files\Windows Media Player\WMPNetwk.exe
c:\program files\Hewlett-Packard\IAM\bin\asghost.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\Winamp Remote\bin\Orb.exe
c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
.
**************************************************************************
.
Completion time: 2010-06-09 21:54:35 - machine was rebooted
ComboFix-quarantined-files.txt 2010-06-09 11:54

Pre-Run: 14,443,241,472 bytes free
Post-Run: 13,751,910,400 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - AF810E8D2D0278F64CEB223650EB97BB

Attached Files



#6 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:06:53 AM

Posted 09 June 2010 - 02:10 PM

Hello again,

You're most welcome. smile.gif

Now that some time has passed how is it running?

Please make sure your SAS is updated and have a run with it. Post the report if there is anything to post. smile.gif

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#7 jakeandchase

jakeandchase
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:10:53 PM

Posted 10 June 2010 - 01:16 AM

Seems to be all good! ;D Not experiencing any redirects or ads so far! My system seems to be faster too! If i come across an odd pop up or riderect in the next 2 or so days i'll post here! If not, it's all good! Thank you so much!

Btw, SAS is super antispyware?

#8 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:06:53 AM

Posted 10 June 2010 - 02:20 PM

Excellent thumbup2.gif
QUOTE
Btw, SAS is super antispyware?
It is. I want to be sure there are no leftovers lurking. smile.gif

In your original log I noticed that you have at least one old version of Java on your system. Old Java is exploitable and takes up a lot of space. So even though you have the latest version, you'll need to uninstall any old versions you have still in Add/Remove programs.

Get rid of Bear Share. It's dangerous, and if you must do things like this there are much better programs to use. For example, Lime Wire. The program itself is fine......however you have to be careful what you download no matter which one you use. An AntiVirus or other security program like SAS cannot keep out what you tell them to let in.

Please delete ComboFix and its folder C:\Qoobox. Empty your recycle bin and reboot.

Thanks,
tea

Edited by teacup61, 10 June 2010 - 02:20 PM.
typo

Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#9 jakeandchase

jakeandchase
  • Topic Starter

  • Members
  • 54 posts
  • OFFLINE
  •  
  • Local time:10:53 PM

Posted 11 June 2010 - 09:13 AM

Thank you! SAS found nothing (tracking cookies, but they're nothing).
Yeah i don't use that p2p stuff, i have younger sisters. I uninstalled it, just forgot about the toolbar installed.

Once again thank you! And go Australia in the Fifa World Cup!

#10 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:06:53 AM

Posted 21 June 2010 - 09:27 AM

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users