Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

browser redirect


  • This topic is locked This topic is locked
39 replies to this topic

#1 adibranch

adibranch

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:56 AM

Posted 07 August 2010 - 05:10 AM

Hi all, had a browsr redirect on google results for a while now.. i've been ignoring it as its only occasionally it happens, but thought i'd finally best get rid.

Hijackthis log below.. can anyone give me any pointers?

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:08:25, on 07/08/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\PixArt\Pac7302\Monitor.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\LiveZilla\LiveZilla.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\KWorld MultiMedia\TiVme\ScheduleAgent.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Windows\Speech\Common\sapisvr.exe
C:\Windows\System32\regsvr32.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\Explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10h_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [PAC7302_Monitor] C:\Windows\PixArt\PAC7302\Monitor.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [LiveZilla] "C:\Program Files\LiveZilla\LiveZilla.exe" -minimize
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [TiVme Agent] C:\Program Files\KWorld Multimedia\TiVme\ScheduleAgent.exe srec
O4 - HKCU\..\Run: [Speech Recognition] "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
O4 - HKCU\..\Run: [InvisibleContent] regsvr32 /s /u "C:\Users\adi\AppData\Local\Invisible\InvisibleContent.dll"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: (no name) - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - (no file)
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - (no file)
O9 - Extra button: (no name) - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (no file)
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll/206 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.5.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Adobe Active File Monitor V8 (AdobeActiveFileMonitor8.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: NMSAccess - Unknown owner - C:\Windows\system32\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

--
End of file - 8663 bytes


BC AdBot (Login to Remove)

 


#2 adibranch

adibranch
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:56 AM

Posted 14 August 2010 - 10:23 AM

hi all, got an occasional google search results redirect... doesnt happen every time, but i reckon once in every twenty clicks of a result. Unsure which one it is, and cant find anything. Attached dds as follows:
(do i need to post the gder text file?

DDS (Ver_10-03-17.01) - NTFSx86
Run by adi at 17:46:19.63 on 07/08/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_20
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.3070.1615 [GMT 1:00]

SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
C:\Windows\system32\svchost.exe -k apphost
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
C:\Windows\system32\NMSAccessU.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k iissvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\PixArt\Pac7302\Monitor.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\LiveZilla\LiveZilla.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\KWorld MultiMedia\TiVme\ScheduleAgent.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Windows\System32\regsvr32.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\DllHost.exe
C:\Windows\Explorer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10h_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\adi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SGKD0HI0\Defogger[1].exe
C:\Windows\system32\conhost.exe
c:\program files\windows defender\MpCmdRun.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\adi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BVSX2VS6\dds[1].scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.3.7.16.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [TiVme Agent] c:\program files\kworld multimedia\tivme\ScheduleAgent.exe srec
uRun: [Speech Recognition] "c:\windows\speech\common\sapisvr.exe" -SpeechUX -Startup
uRun: [InvisibleContent] regsvr32 /s /u "c:\users\adi\appdata\local\invisible\InvisibleContent.dll"
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Sony Ericsson PC Suite] "c:\program files\sony ericsson\sony ericsson pc suite\SEPCSuite.exe" /systray /nologon
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [PAC7302_Monitor] c:\windows\pixart\pac7302\Monitor.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [LiveZilla] "c:\program files\livezilla\LiveZilla.exe" -minimize
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.3.7.16.dll/206
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.5.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\adi\appdata\roaming\mozilla\firefox\profiles\8rh88wk3.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - www.google.co.uk
FF - component: c:\users\adi\appdata\roaming\mozilla\firefox\profiles\8rh88wk3.default\extensions\{22119944-ed35-4ab1-910b-e619ea06a115}\components\rfproxy_31.dll
FF - component: c:\users\adi\appdata\roaming\mozilla\firefox\profiles\8rh88wk3.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\sony\media go\npmediago.dll
FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-1-16 165456]
R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\adobe\elements organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-9 169312]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-1-16 17744]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-1-16 50256]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-7 40384]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\sony ericsson\sony ericsson pc suite\SupServ.exe [2010-3-5 90112]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-5-24 1153368]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-7 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-7 40384]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-3-2 139776]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-29 135664]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [2010-3-5 86824]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [2010-3-5 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [2010-3-5 114600]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [2010-3-5 108328]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [2010-3-5 26024]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [2010-3-5 104616]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [2010-3-5 109736]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-6-8 1343400]

=============== Created Last 30 ================

2010-08-07 16:45:47 0 ----a-w- c:\users\adi\defogger_reenable
2010-08-07 09:58:55 0 d-sh--w- C:\$RECYCLE.BIN
2010-08-07 09:43:12 98816 ----a-w- c:\windows\sed.exe
2010-08-07 09:43:12 77312 ----a-w- c:\windows\MBR.exe
2010-08-07 09:43:12 256512 ----a-w- c:\windows\PEV.exe
2010-08-07 09:43:12 161792 ----a-w- c:\windows\SWREG.exe
2010-08-07 09:12:43 0 d-----w- c:\program files\Trend Micro
2010-07-23 20:04:47 0 d-----w- c:\program files\PlayReady
2010-07-22 09:04:19 0 d-----w- c:\programdata\{7269BE79-5722-4259-B764-61F0045B02FF}
2010-07-22 09:04:10 0 d-----w- c:\program files\LiveZilla
2010-07-21 13:59:25 71096 ----a-w- c:\windows\system32\NMSAccessU.exe
2010-07-21 13:59:25 17408 ----a-w- c:\windows\system32\SyncBackPro.dll
2010-07-19 10:18:57 0 d-----w- c:\users\adi\appdata\roaming\mIRC
2010-07-16 11:24:47 0 d-----w- c:\users\adi\appdata\roaming\DassaultSystemes
2010-07-16 11:24:47 0 d-----w- c:\programdata\DassaultSystemes

==================== Find3M ====================

2010-07-02 09:53:58 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-06-28 20:57:33 38848 ----a-w- c:\windows\avastSS.scr
2010-06-28 20:32:56 50256 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-06-07 23:57:00 9712744 ----a-w- c:\windows\system32\nvd3dum.dll
2010-06-07 23:57:00 56936 ----a-w- c:\windows\system32\OpenCL.dll
2010-06-07 23:57:00 4513384 ----a-w- c:\windows\system32\nvcuda.dll
2010-06-07 23:57:00 2632296 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-06-07 23:57:00 232040 ----a-w- c:\windows\system32\nvcod1921.dll
2010-06-07 23:57:00 232040 ----a-w- c:\windows\system32\nvcod.dll
2010-06-07 23:57:00 2145896 ----a-w- c:\windows\system32\nvcuvid.dll
2010-06-07 23:57:00 1592424 ----a-w- c:\windows\system32\nvapi.dll
2010-06-07 23:57:00 15764072 ----a-w- c:\windows\system32\nvoglv32.dll
2010-06-07 23:57:00 10263144 ----a-w- c:\windows\system32\nvcompiler.dll
2010-06-07 16:47:34 1691752 ----a-w- c:\windows\system32\nvsvcr.dll
2010-06-07 16:47:34 13917800 ----a-w- c:\windows\system32\nvcpl.dll
2010-06-07 16:47:34 1331816 ----a-w- c:\windows\system32\nvsvc.dll
2010-06-07 16:47:34 129640 ----a-w- c:\windows\system32\nvvsvc.exe
2010-06-07 16:47:34 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-06-07 08:17:13 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-27 07:24:13 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-27 03:49:37 293888 ----a-w- c:\windows\system32\atmfd.dll
2010-05-21 13:14:28 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-21 05:18:06 977920 ----a-w- c:\windows\system32\wininet.dll
2010-05-14 11:33:46 230436 ----a-w- C:\PA7302.DAT
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 17:46:57.27 ===============

Attached Files



#3 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:56 AM

Posted 14 August 2010 - 11:03 AM

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.
  1. Do not run any other tool untill instructed to do so!
  2. Please Do not Attach logs or put in code boxes.
  3. Tell me about any problems that have occurred during the fix.
  4. Tell me of any other symptoms you may be having as these can help also.
  5. Do not run anything while running a fix.

In the upper right hand corner of the topic you will see a button called Options. If you click on this in the drop-down menu you can choose Track this topic. By doing this and then choosing Immediate E-Mail notification and then clicking on Proceed you will be advised when we respond to your topic and facilitate the cleaning of your machine.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

In order for me to see the status of the infection I will need a new set of logs to start with.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

DeFogger:
    Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
    • The application window will appear
    • Click the Disable button to disable your CD Emulation drivers
    • Click Yes to continue
    • A 'Finished!' message will appear
    • Click OK
    • DeFogger may ask you to reboot the machine, if it does - click OK
    Do not re-enable these drivers until otherwise instructed.

Download DDS:
    Please download DDS by sUBs from one of the links below and save it to your desktop:


    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.
    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
      • DDS.txt
      • Attach.txt
    • A window will open instructing you save & post the logs
    • Save the logs to a convenient place such as your desktop
    • Copy the contents of both logs & post in your next reply

Scan With RKUnHooker
  • Please Download Rootkit Unhooker Save it to your desktop.
  • Now double-click on RKUnhookerLE.exe to run it.
  • Click the Report tab, then click Scan.
  • Check (Tick) Drivers, Stealth,. Uncheck the rest. then Click OK.
  • Wait till the scanner has finished and then click File, Save Report.
  • Save the report somewhere where you can find it. Click Close.
Copy the entire contents of the report and paste it in a reply here.

Note** you may get this warning it is ok, just ignore

"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"


MBRCheck

Please also download MBRCheck to your desktop
  • Double click MBRCheck.exe to run (vista and Win 7 right click and select Run as Administrator)
  • It will show a Black screen with some data on it
  • a report called MBRcheck will be on your desktop
  • open this report
  • Right click on the screen and select > Select All
  • Press Control+C
  • now please copy that report to this thread


information and logs:
    In your next post I need the following
      1.logs from DDS
      2.log from RKUnHooker
      3. report from MBRchecker
      4.let me know of any problems you may have had

Gringo


I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#4 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,804 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:10:56 AM

Posted 14 August 2010 - 07:00 PM

Hello adibranch,

I have merged your latest topic with your previously existing topic on the same issue. It now appears as post 2. You posted that shortly before Gringo responded to your first topic. Please read and follow the instructions Gringo gave you. Please keep all posts regarding this issue to this topic by using the Add Reply button found near the bottom. Starting new topics confuses things for all concerned and delays the assistance you receive.

Back to you Gringo,

Orange Blossom fruits_cherry.gif
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:56 AM

Posted 14 August 2010 - 07:05 PM

Thank you Orange Blossom thumbup2.gif


adibranch

Pleaase send me the rest of the logs that I ask for and we can get started



Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 adibranch

adibranch
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:56 AM

Posted 15 August 2010 - 04:20 AM

thanks both of you.. logs as below..


DDS (Ver_10-03-17.01) - NTFSx86
Run by adi at 10:08:15.41 on 15/08/2010
Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_20
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.3070.1660 [GMT 1:00]

SP: Spybot - Search and Destroy *enabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
C:\Windows\system32\svchost.exe -k apphost
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\IEInspector\HTTPAnalyzerFullV5\InjectWinSockServiceV5.exe
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
C:\Windows\system32\NMSAccessU.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
C:\Windows\system32\svchost.exe -k iissvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\PixArt\Pac7302\Monitor.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\LiveZilla\LiveZilla.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\KWorld MultiMedia\TiVme\ScheduleAgent.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Windows\System32\regsvr32.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Windows\ehome\ehRecvr.exe
C:\Windows\ehome\mcGlidHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Windows\system32\Macromed\Flash\FlashUtil10i_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
D:\USERFILES\adi\Desktop\dds.scr
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.3.7.16.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
BHO: IEInspector Browser Helper: {9b43b7b1-bf56-4708-81d2-332d708b0dd9} - c:\progra~1\ieinsp~1\httpan~1\IEINSP~1.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: IE HTTPAnalyzer V5: {a8404868-2818-48f0-84eb-2fdadd10385d} - c:\progra~1\ieinsp~1\httpan~1\IEHTTP~1.DLL
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [TiVme Agent] c:\program files\kworld multimedia\tivme\ScheduleAgent.exe srec
uRun: [Speech Recognition] "c:\windows\speech\common\sapisvr.exe" -SpeechUX -Startup
uRun: [InvisibleContent] regsvr32 /s /u "c:\users\adi\appdata\local\invisible\InvisibleContent.dll"
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Sony Ericsson PC Suite] "c:\program files\sony ericsson\sony ericsson pc suite\SEPCSuite.exe" /systray /nologon
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [PAC7302_Monitor] c:\windows\pixart\pac7302\Monitor.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui
mRun: [EvtMgr6] c:\program files\logitech\setpointp\SetPoint.exe /launchGaming
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [LiveZilla] "c:\program files\livezilla\LiveZilla.exe" -minimize
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.3.7.16.dll/206
IE: {858CFDE9-D018-453E-80D9-FD4FC3EF631E} - {A8404868-2818-48F0-84EB-2FDADD10385D} - c:\progra~1\ieinsp~1\httpan~1\IEHTTP~1.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.5.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\adi\appdata\roaming\mozilla\firefox\profiles\8rh88wk3.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - www.google.co.uk
FF - component: c:\program files\ieinspector\httpanalyzerfullv5\firefox\components\HttpAnalyzerFFV5.dll
FF - component: c:\users\adi\appdata\roaming\mozilla\firefox\profiles\8rh88wk3.default\extensions\{22119944-ed35-4ab1-910b-e619ea06a115}\components\rfproxy_31.dll
FF - component: c:\users\adi\appdata\roaming\mozilla\firefox\profiles\8rh88wk3.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\sony\media go\npmediago.dll
FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-1-16 165456]
R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\adobe\elements organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-9 169312]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-1-16 17744]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-1-16 50256]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-7 40384]
R2 HttpAnalyzerV5 DllInjectService;HttpAnalyzerV5 CodeHook service;c:\program files\ieinspector\httpanalyzerfullv5\InjectWinSockServiceV5.exe [2010-8-12 268608]
R2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\sony ericsson\sony ericsson pc suite\SupServ.exe [2010-3-5 90112]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2010-5-24 1153368]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-7 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-7 40384]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-3-2 139776]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-29 135664]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\drivers\s0017bus.sys [2010-3-5 86824]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\drivers\s0017mdfl.sys [2010-3-5 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\drivers\s0017mdm.sys [2010-3-5 114600]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0017mgmt.sys [2010-3-5 108328]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\drivers\s0017nd5.sys [2010-3-5 26024]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\drivers\s0017obex.sys [2010-3-5 104616]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\drivers\s0017unic.sys [2010-3-5 109736]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-6-8 1343400]

=============== Created Last 30 ================

2010-08-13 08:21:09 0 d-sh--w- c:\windows\system32\%APPDATA%
2010-08-12 08:50:41 0 d-----w- c:\program files\IEInspector
2010-08-07 16:45:47 0 ----a-w- c:\users\adi\defogger_reenable
2010-08-07 09:58:55 0 d-sh--w- C:\$RECYCLE.BIN
2010-08-07 09:43:12 98816 ----a-w- c:\windows\sed.exe
2010-08-07 09:43:12 77312 ----a-w- c:\windows\MBR.exe
2010-08-07 09:43:12 256512 ----a-w- c:\windows\PEV.exe
2010-08-07 09:43:12 161792 ----a-w- c:\windows\SWREG.exe
2010-08-07 09:12:43 0 d-----w- c:\program files\Trend Micro
2010-07-23 20:04:47 0 d-----w- c:\program files\PlayReady
2010-07-22 09:04:19 0 d-----w- c:\programdata\{7269BE79-5722-4259-B764-61F0045B02FF}
2010-07-22 09:04:10 0 d-----w- c:\program files\LiveZilla
2010-07-21 13:59:25 71096 ----a-w- c:\windows\system32\NMSAccessU.exe
2010-07-21 13:59:25 17408 ----a-w- c:\windows\system32\SyncBackPro.dll
2010-07-19 10:18:57 0 d-----w- c:\users\adi\appdata\roaming\mIRC
2010-07-16 11:24:47 0 d-----w- c:\users\adi\appdata\roaming\DassaultSystemes
2010-07-16 11:24:47 0 d-----w- c:\programdata\DassaultSystemes

==================== Find3M ====================

2010-08-12 11:59:20 230436 ----a-w- C:\PA7302.DAT
2010-07-29 06:30:49 197632 ----a-w- c:\windows\system32\ir32_32.dll
2010-07-29 06:30:34 82944 ----a-w- c:\windows\system32\iccvid.dll
2010-07-02 09:53:58 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-06-30 06:25:31 978432 ----a-w- c:\windows\system32\wininet.dll
2010-06-28 20:57:33 38848 ----a-w- c:\windows\avastSS.scr
2010-06-28 20:32:56 50256 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-06-22 02:47:35 310784 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-22 02:47:21 307200 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-06-22 02:47:13 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-06-19 06:33:29 3955080 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-06-19 06:33:29 3899784 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-06-19 06:23:50 37376 ----a-w- c:\windows\system32\rtutils.dll
2010-06-19 04:07:18 2326016 ----a-w- c:\windows\system32\win32k.sys
2010-06-16 05:48:35 224256 ----a-w- c:\windows\system32\schannel.dll
2010-06-08 06:02:06 1233920 ----a-w- c:\windows\system32\msxml3.dll
2010-06-07 23:57:00 9712744 ----a-w- c:\windows\system32\nvd3dum.dll
2010-06-07 23:57:00 56936 ----a-w- c:\windows\system32\OpenCL.dll
2010-06-07 23:57:00 4513384 ----a-w- c:\windows\system32\nvcuda.dll
2010-06-07 23:57:00 2632296 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-06-07 23:57:00 232040 ----a-w- c:\windows\system32\nvcod1921.dll
2010-06-07 23:57:00 232040 ----a-w- c:\windows\system32\nvcod.dll
2010-06-07 23:57:00 2145896 ----a-w- c:\windows\system32\nvcuvid.dll
2010-06-07 23:57:00 1592424 ----a-w- c:\windows\system32\nvapi.dll
2010-06-07 23:57:00 15764072 ----a-w- c:\windows\system32\nvoglv32.dll
2010-06-07 23:57:00 10263144 ----a-w- c:\windows\system32\nvcompiler.dll
2010-06-07 16:47:34 1691752 ----a-w- c:\windows\system32\nvsvcr.dll
2010-06-07 16:47:34 13917800 ----a-w- c:\windows\system32\nvcpl.dll
2010-06-07 16:47:34 1331816 ----a-w- c:\windows\system32\nvsvc.dll
2010-06-07 16:47:34 129640 ----a-w- c:\windows\system32\nvvsvc.exe
2010-06-07 16:47:34 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-06-07 08:17:13 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-05-27 07:24:13 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-27 03:49:37 293888 ----a-w- c:\windows\system32\atmfd.dll
2010-05-21 13:14:28 221568 ------w- c:\windows\system32\MpSigStub.exe
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42 31548 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42 291294 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57 174 --sha-w- c:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2009-06-10 21:26:35 9633792 --sha-r- c:\windows\fonts\StaticCache.dat
2009-07-14 01:14:45 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 10:08:59.01 ===============








UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 16/01/2010 13:53:54
System Uptime: 14/08/2010 23:23:41 (11 hours ago)

Motherboard: Gigabyte Technology Co., Ltd. | | G31M-S2L
Processor: Intel® Core™2 Duo CPU E7300 @ 2.66GHz | Socket 775 | 1867/266mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 98 GiB total, 10.676 GiB free.
D: is FIXED (NTFS) - 368 GiB total, 84.202 GiB free.
E: is CDROM ()
F: is FIXED (NTFS) - 466 GiB total, 111.394 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP164: 15/08/2010 00:12:06 - Scheduled Checkpoint

==== Installed Programs ======================

A1 Sitemap Generator
ABBYY FineReader 6.0 Sprint
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Photoshop Elements 8.0
Adobe Reader 9.3.3
Apple Application Support
Apple Software Update
avast! Free Antivirus
AVS Video Converter 6
Beyond Compare version 3.0.0
Bing Maps 3D
Camera RAW Plug-In for EPSON Creativity Suite
CCleaner
DivX Setup
Easy Edit Software
Epson Easy Photo Print 2
EPSON Printer Software
EPSON Scan
Epson Stylus SX210_SX410_TX210_TX410 Manual
EPSON SX210 Series Printer Uninstall
eReg
Google Chrome
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
HiJackThis
HTTP Analyzer V5.3.1
HyperCam 2
HyperSnap 6
Java Auto Updater
Java™ 6 Update 20
KWorld USB DVB-T BDA Driver
LinkAssistant
LiveZilla
Logitech SetPoint 6.0
MAGIX Music Maker 16 Premium Download Version
Media Go
Memory-Map OS Edition Version 5
Microsoft .NET Compact Framework 2.0
Microsoft .NET Compact Framework 3.5
Microsoft .NET Framework 4 Client Profile
Microsoft Office Live Add-in 1.5
Microsoft Office Professional Plus 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox (3.6.8)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
nLite 1.4.9.1
NVIDIA Display Control Panel
NVIDIA Drivers
OGA Notifier 2.0.0048.0
Pinnacle Instant DVD Recorder
Pinnacle Studio 12
Pinnacle Studio 12 Ultimate Plugins
Pinnacle Video Driver
PlayReady PC Runtime x86
PlayStation®Store
QuickTime
Safari
SeaMonkey (2.0.3)
Sony Ericsson PC Suite 6.011.00
Spb Pocket Plus
Spybot - Search & Destroy
SyncBackPro
Tag&Rename 3.5
Text-To-Speech-Runtime
TiVme Software
Uninstall 1.0.0.1
VC80CRTRedist - 8.0.50727.4053
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Visual Pinball VPInstaller 1.0.3
VisualRoute 2010
VLC media player 1.0.5
Windows Live ID Sign-in Assistant
Windows Mobile Device Center
Windows Mobile Update KB975353 - DST Update August 2009
WinSCP 4.2.6
Xenu's Link Sleuth
Xvid 1.2.2 final uninstall
YouTube Downloader 2.5.3

==== Event Viewer Messages From Past Week ========

14/08/2010 23:49:12, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
14/08/2010 16:21:24, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {B77C4C36-0154-4C52-AB49-FAA03837E47F} and APPID {EA022610-0748-4C24-B229-6C507EBDFDBB} to the user main-pc\adi SID (S-1-5-21-2898719966-2778896740-2132148912-1000) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
11/08/2010 16:54:13, Error: Schannel [36888] - The following fatal alert was generated: 10. The internal error state is 10.
09/08/2010 09:10:46, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.

==== End Of File ===========================








RkU Version: 3.8.388.590, Type LE (SR2)
==============================================
OS Name: Windows 7
Version 6.1.7600
Number of processors #2
==============================================
>Stealth
==============================================
0x0EDF0000 Hidden Image-->LiveZilla.ProductManager.dll [ EPROCESS 0x852C7D40 ] PID: 3912, 1036288 bytes
0x04B60000 Hidden Image-->LiveZilla.Lib.dll [ EPROCESS 0x852C7D40 ] PID: 3912, 1642496 bytes
0x04210000 Hidden Image-->LiveZilla.Web.dll [ EPROCESS 0x852C7D40 ] PID: 3912, 192512 bytes
0x03960000 Hidden Image-->SRPOTimer.dll [ EPROCESS 0x85266718 ] PID: 2240, 28672 bytes
0x05FD0000 Hidden Image-->LiveZilla.Database.dll [ EPROCESS 0x852C7D40 ] PID: 3912, 36864 bytes
0x004B0000 Hidden Image-->ScheduledRecording.dll [ EPROCESS 0x85266718 ] PID: 2240, 45056 bytes
0x9F08DF2E Unknown thread object [ ETHREAD 0x85D37D48 ] , 600 bytes
0x0A600000 Hidden Image-->LiveZilla.NativeApi.dll [ EPROCESS 0x852C7D40 ] PID: 3912, 61440 bytes
0x07980000 Hidden Image-->Microsoft.mshtml.dll [ EPROCESS 0x852C7D40 ] PID: 3912, 8015872 bytes


!!POSSIBLE ROOTKIT ACTIVITY DETECTED!! =)






MBRCheck, version 1.2.3
© 2010, AD

Command-line:
Windows Version: Windows 7 Home Premium Edition
Windows Information: (build 7600), 32-bit
Base Board Manufacturer: Gigabyte Technology Co., Ltd.
BIOS Manufacturer: Award Software International, Inc.
System Manufacturer: Gigabyte Technology Co., Ltd.
System Product Name: G31M-S2L
Logical Drives Mask: 0x0000007d

Kernel Drivers (total 162):
0x82A48000 \SystemRoot\system32\ntkrnlpa.exe
0x82A11000 \SystemRoot\system32\halmacpi.dll
0x80BB5000 \SystemRoot\system32\kdcom.dll
0x8AA0E000 \SystemRoot\system32\mcupdate_GenuineIntel.dll
0x8AA86000 \SystemRoot\system32\PSHED.dll
0x8AA97000 \SystemRoot\system32\BOOTVID.dll
0x8AA9F000 \SystemRoot\system32\CLFS.SYS
0x8AAE1000 \SystemRoot\system32\CI.dll
0x8AB8C000 \SystemRoot\system32\drivers\Wdf01000.sys
0x8AA00000 \SystemRoot\system32\drivers\WDFLDR.SYS
0x8AC14000 \SystemRoot\system32\DRIVERS\ACPI.sys
0x8AC5C000 \SystemRoot\system32\DRIVERS\WMILIB.SYS
0x8AC65000 \SystemRoot\system32\DRIVERS\msisadrv.sys
0x8AC6D000 \SystemRoot\system32\DRIVERS\pci.sys
0x8AC97000 \SystemRoot\system32\DRIVERS\vdrvroot.sys
0x8ACA2000 \SystemRoot\System32\drivers\partmgr.sys
0x8ACB3000 \SystemRoot\system32\DRIVERS\volmgr.sys
0x8ACC3000 \SystemRoot\System32\drivers\volmgrx.sys
0x8AD0E000 \SystemRoot\system32\DRIVERS\intelide.sys
0x8AD15000 \SystemRoot\system32\DRIVERS\PCIIDEX.SYS
0x8AD23000 \SystemRoot\System32\drivers\mountmgr.sys
0x8AD39000 \SystemRoot\system32\DRIVERS\atapi.sys
0x8AD42000 \SystemRoot\system32\DRIVERS\ataport.SYS
0x8AD65000 \SystemRoot\system32\DRIVERS\amdxata.sys
0x8AD6E000 \SystemRoot\system32\drivers\fltmgr.sys
0x8ADA2000 \SystemRoot\system32\drivers\fileinfo.sys
0x8ADB3000 \SystemRoot\System32\Drivers\PxHelp20.sys
0x8AE07000 \SystemRoot\System32\Drivers\Ntfs.sys
0x8AF36000 \SystemRoot\System32\Drivers\msrpc.sys
0x8AF61000 \SystemRoot\System32\Drivers\ksecdd.sys
0x8AF74000 \SystemRoot\System32\Drivers\cng.sys
0x8AFD1000 \SystemRoot\System32\drivers\pcw.sys
0x8AFDF000 \SystemRoot\System32\Drivers\Fs_Rec.sys
0x8B009000 \SystemRoot\system32\drivers\ndis.sys
0x8B0C0000 \SystemRoot\system32\drivers\NETIO.SYS
0x8B0FE000 \SystemRoot\System32\Drivers\ksecpkg.sys
0x8B21D000 \SystemRoot\System32\drivers\tcpip.sys
0x8B366000 \SystemRoot\System32\drivers\fwpkclnt.sys
0x8B397000 \SystemRoot\system32\DRIVERS\volsnap.sys
0x8B3D6000 \SystemRoot\System32\Drivers\spldr.sys
0x8B123000 \SystemRoot\System32\drivers\rdyboost.sys
0x8B3DE000 \SystemRoot\System32\Drivers\mup.sys
0x8B3EE000 \SystemRoot\System32\drivers\hwpolicy.sys
0x8B150000 \SystemRoot\System32\DRIVERS\fvevol.sys
0x8B200000 \SystemRoot\system32\DRIVERS\disk.sys
0x8B182000 \SystemRoot\system32\DRIVERS\CLASSPNP.SYS
0x8B1C5000 \SystemRoot\system32\DRIVERS\cdrom.sys
0x8B1E4000 \SystemRoot\System32\Drivers\Null.SYS
0x8B1EB000 \SystemRoot\System32\Drivers\Beep.SYS
0x8B1F2000 \SystemRoot\System32\drivers\vga.sys
0x8ADBD000 \SystemRoot\System32\drivers\VIDEOPRT.SYS
0x8AFE8000 \SystemRoot\System32\drivers\watchdog.sys
0x8B000000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0x8AFF5000 \SystemRoot\system32\drivers\rdpencdd.sys
0x8ADDE000 \SystemRoot\system32\drivers\rdprefmp.sys
0x8ADE6000 \SystemRoot\System32\Drivers\Msfs.SYS
0x8ADF1000 \SystemRoot\System32\Drivers\Npfs.SYS
0x90C29000 \SystemRoot\system32\DRIVERS\tdx.sys
0x90C40000 \SystemRoot\system32\DRIVERS\TDI.SYS
0x90C4B000 \SystemRoot\System32\Drivers\aswTdi.SYS
0x90C55000 \SystemRoot\system32\drivers\afd.sys
0x90CAF000 \SystemRoot\System32\Drivers\aswRdr.SYS
0x90CB4000 \SystemRoot\System32\DRIVERS\netbt.sys
0x90CE6000 \SystemRoot\system32\DRIVERS\wfplwf.sys
0x90CED000 \SystemRoot\system32\DRIVERS\pacer.sys
0x90D0C000 \SystemRoot\system32\DRIVERS\netbios.sys
0x90D1A000 \SystemRoot\system32\DRIVERS\serial.sys
0x90D34000 \SystemRoot\system32\DRIVERS\wanarp.sys
0x90D47000 \SystemRoot\system32\DRIVERS\termdd.sys
0x90D57000 \SystemRoot\System32\Drivers\SCDEmu.SYS
0x90D65000 \SystemRoot\system32\DRIVERS\rdbss.sys
0x90DA6000 \SystemRoot\system32\drivers\nsiproxy.sys
0x90DB0000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0x90DBA000 \SystemRoot\System32\drivers\discache.sys
0x90DC6000 \SystemRoot\System32\Drivers\dfsc.sys
0x90DDE000 \SystemRoot\system32\DRIVERS\blbdrive.sys
0x90C00000 \SystemRoot\System32\Drivers\aswSP.SYS
0x90614000 \SystemRoot\system32\DRIVERS\tunnel.sys
0x90635000 \SystemRoot\system32\DRIVERS\intelppm.sys
0x91222000 \SystemRoot\system32\DRIVERS\nvlddmkm.sys
0x91C83000 \SystemRoot\system32\DRIVERS\nvBridge.kmd
0x91C85000 \SystemRoot\System32\drivers\dxgkrnl.sys
0x91D3C000 \SystemRoot\System32\drivers\dxgmms1.sys
0x91D75000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0x91D94000 \SystemRoot\system32\DRIVERS\Rt86win7.sys
0x91DB9000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0x90647000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0x91DC4000 \SystemRoot\system32\DRIVERS\usbehci.sys
0x91DD3000 \SystemRoot\system32\DRIVERS\fdc.sys
0x91DDE000 \SystemRoot\system32\DRIVERS\serenum.sys
0x91DE8000 \SystemRoot\system32\DRIVERS\parport.sys
0x91200000 \SystemRoot\system32\DRIVERS\CompositeBus.sys
0x9120D000 \SystemRoot\system32\DRIVERS\AgileVpn.sys
0x90692000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0x906AA000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0x906B5000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0x906D7000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0x906EF000 \SystemRoot\system32\DRIVERS\raspptp.sys
0x90706000 \SystemRoot\system32\DRIVERS\rassstp.sys
0x9071D000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0x9072A000 \SystemRoot\system32\DRIVERS\mouclass.sys
0x9121F000 \SystemRoot\system32\DRIVERS\swenum.sys
0x90737000 \SystemRoot\system32\DRIVERS\ks.sys
0x9076B000 \SystemRoot\system32\DRIVERS\MarvinBus.sys
0x90799000 \SystemRoot\system32\DRIVERS\umbus.sys
0x907A7000 \SystemRoot\system32\DRIVERS\usbhub.sys
0x907EB000 \SystemRoot\system32\DRIVERS\flpydisk.sys
0x90600000 \SystemRoot\System32\Drivers\NDProxy.SYS
0x92406000 \SystemRoot\system32\drivers\HdAudio.sys
0x92456000 \SystemRoot\system32\drivers\portcls.sys
0x92485000 \SystemRoot\system32\drivers\drmk.sys
0x9249E000 \SystemRoot\System32\Drivers\crashdmp.sys
0x924AB000 \SystemRoot\System32\Drivers\dump_dumpata.sys
0x924B6000 \SystemRoot\System32\Drivers\dump_atapi.sys
0x924BF000 \SystemRoot\System32\Drivers\dump_dumpfve.sys
0x99090000 \SystemRoot\System32\win32k.sys
0x924D0000 \SystemRoot\System32\drivers\Dxapi.sys
0x924DA000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0x924F1000 \SystemRoot\system32\DRIVERS\USBD.SYS
0x924F3000 \SystemRoot\system32\DRIVERS\hidusb.sys
0x924FE000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0x92511000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0x92518000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys
0x92520000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0x9252C000 \SystemRoot\system32\DRIVERS\mouhid.sys
0x92537000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys
0x9253F000 \SystemRoot\system32\DRIVERS\AF15BDA.sys
0x925B5000 \SystemRoot\system32\DRIVERS\BdaSup.SYS
0x925B8000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0x8C201000 \SystemRoot\system32\DRIVERS\PAC7302.SYS
0x8C272000 \SystemRoot\system32\DRIVERS\STREAM.SYS
0x8C280000 \SystemRoot\system32\drivers\usbaudio.sys
0x8C294000 \SystemRoot\system32\DRIVERS\monitor.sys
0x992F0000 \SystemRoot\System32\TSDDD.dll
0x99340000 \SystemRoot\System32\ATMFD.DLL
0x8C29F000 \SystemRoot\system32\drivers\luafv.sys
0x8C2BA000 \??\C:\Windows\system32\drivers\aswMonFlt.sys
0x8C2D1000 \SystemRoot\System32\Drivers\aswFsBlk.SYS
0x8C2D4000 \SystemRoot\system32\drivers\WudfPf.sys
0x8C2EE000 \SystemRoot\system32\DRIVERS\lltdio.sys
0x8C2FE000 \SystemRoot\system32\DRIVERS\rspndr.sys
0x8C311000 \SystemRoot\system32\drivers\HTTP.sys
0x8C396000 \SystemRoot\system32\DRIVERS\bowser.sys
0x8C3AF000 \SystemRoot\System32\drivers\mpsdrv.sys
0x8C3C1000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0x9F438000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys
0x9F473000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys
0x9F48E000 \SystemRoot\system32\DRIVERS\parvdm.sys
0x9F495000 \SystemRoot\system32\drivers\peauth.sys
0x9F52C000 \SystemRoot\System32\Drivers\secdrv.SYS
0x9F536000 \SystemRoot\System32\DRIVERS\srvnet.sys
0x9F557000 \SystemRoot\System32\drivers\tcpipreg.sys
0x9F564000 \SystemRoot\System32\DRIVERS\srv2.sys
0x9F012000 \SystemRoot\System32\DRIVERS\srv.sys
0x9F0CD000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0x9F0D6000 \SystemRoot\system32\drivers\MSPQM.sys
0x9F0D8000 \SystemRoot\system32\drivers\MSPCLOCK.sys
0x99000000 \SystemRoot\System32\cdd.dll
0x77C50000 \Windows\System32\ntdll.dll
0x48020000 \Windows\System32\smss.exe
0x77E90000 \Windows\System32\apisetschema.dll
0x00740000 \Windows\System32\autochk.exe

Processes (total 79):
0 System Idle Process
4 System
364 C:\Windows\System32\smss.exe
476 csrss.exe
548 C:\Windows\System32\wininit.exe
560 csrss.exe
612 C:\Windows\System32\services.exe
620 C:\Windows\System32\lsass.exe
628 C:\Windows\System32\lsm.exe
700 C:\Windows\System32\winlogon.exe
792 C:\Windows\System32\svchost.exe
872 C:\Windows\System32\nvvsvc.exe
912 C:\Windows\System32\svchost.exe
976 C:\Windows\System32\svchost.exe
1044 C:\Windows\System32\svchost.exe
1088 C:\Windows\System32\svchost.exe
1216 C:\Windows\System32\svchost.exe
1332 C:\Windows\System32\svchost.exe
1416 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
1468 C:\Windows\System32\nvvsvc.exe
1720 C:\Windows\System32\spoolsv.exe
1748 C:\Windows\System32\svchost.exe
1856 C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
1936 C:\Windows\System32\svchost.exe
1968 C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
2012 C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
380 C:\Windows\System32\svchost.exe
896 C:\Program Files\IEInspector\HTTPAnalyzerFullV5\InjectWinSockServiceV5.exe
1796 C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
1200 C:\Windows\System32\NMSAccessU.exe
752 C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
2120 C:\Windows\System32\svchost.exe
2216 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
2444 C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
2736 C:\Windows\System32\SearchIndexer.exe
2872 C:\Windows\System32\svchost.exe
3164 C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
3732 C:\Windows\System32\svchost.exe
3816 C:\Windows\System32\svchost.exe
3876 C:\Program Files\Windows Media Player\wmpnetwk.exe
1304 C:\Windows\System32\taskhost.exe
2940 C:\Windows\System32\dwm.exe
2340 C:\Windows\explorer.exe
3232 C:\Windows\PixArt\Pac7302\Monitor.exe
3720 C:\Windows\WindowsMobile\wmdc.exe
3712 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
3764 C:\Program Files\Logitech\SetPointP\SetPoint.exe
1444 C:\Program Files\Common Files\Java\Java Update\jusched.exe
3800 C:\Program Files\DivX\DivX Update\DivXUpdate.exe
3912 C:\Program Files\LiveZilla\LiveZilla.exe
2888 C:\Program Files\Windows Live\Messenger\msnmsgr.exe
2240 C:\Program Files\KWorld MultiMedia\TiVme\ScheduleAgent.exe
3320 C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
1452 C:\Windows\System32\regsvr32.exe
2076 C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
3968 C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
600 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
4240 C:\Windows\System32\svchost.exe
5236 dllhost.exe
5292 taskhost.exe
5400 C:\Program Files\Common Files\Java\Java Update\jucheck.exe
4532 C:\Windows\ehome\ehrecvr.exe
4916 mcGlidHost.exe
5496 C:\Windows\System32\audiodg.exe
3988 C:\Program Files\Internet Explorer\iexplore.exe
4812 C:\Program Files\Internet Explorer\iexplore.exe
5700 C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
1000 C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
3492 C:\Windows\System32\Macromed\Flash\FlashUtil10i_ActiveX.exe
1384 C:\Program Files\Internet Explorer\iexplore.exe
1436 C:\Windows\System32\notepad.exe
488 C:\Windows\System32\notepad.exe
4324 C:\Windows\System32\SearchProtocolHost.exe
3460 C:\Windows\System32\SearchFilterHost.exe
4380 C:\Program Files\Internet Explorer\iexplore.exe
3648 C:\Windows\System32\SearchProtocolHost.exe
3700 D:\USERFILES\adi\Desktop\MBRCheck.exe
3588 C:\Windows\System32\conhost.exe
5776 C:\Windows\System32\dllhost.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00100000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000018`6a100000 (NTFS)
\\.\F: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: SAMSUNGHD501LJ, Rev: CR100-12
PhysicalDrive1 Model Number: ST3500820AS, Rev:

Size Device Name MBR Status
--------------------------------------------
465 GB \\.\PhysicalDrive0 Windows 7 MBR code detected
SHA1: 4379A3D43019B46FA357F7DD6A53B45A3CA8FB79
465 GB \\.\PhysicalDrive1 MBR Code Faked!
SHA1: 16ABE7D42A7BA1438FA652FDCF4638CA18052F0A


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:56 AM

Posted 15 August 2010 - 04:26 AM

Hello

Please do The following.


It may be helpful for you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.


:run combofix:
    Please visit this webpage for download links, and instructions for running the tool:

    http://www.bleepingcomputer.com/combofix/how-to-use-combofix

    Please ensure you read this guide carefully

    Please continue as follows:
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Click Yes to allow ComboFix to continue scanning for malware.

    When the tool is finished, it will produce a report for you.

    Please include the report in your next post:

    C:\ComboFix.txt

"information and logs"
    In your next post I need the following
    1. Log From Combofix
    2. let me know of any problems you may have had
    3. How is the computer doing now?

Gringo


I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 adibranch

adibranch
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:56 AM

Posted 15 August 2010 - 05:48 AM

logo from combo as below....


ComboFix 10-08-14.02 - adi 15/08/2010 10:37:05.2.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.3070.1780 [GMT 1:00]
Running from: c:\users\adi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MF5GIRGG\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\adi\AppData\Local\Temp\BFB2.tmp
c:\windows\system32\%appdata%

.
((((((((((((((((((((((((( Files Created from 2010-07-15 to 2010-08-15 )))))))))))))))))))))))))))))))
.

2010-08-15 09:43 . 2010-08-15 09:43 -------- d-----w- c:\users\sally\AppData\Local\temp
2010-08-15 09:43 . 2010-08-15 09:43 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-08-15 09:43 . 2010-08-15 09:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-12 08:50 . 2010-08-12 08:50 -------- d-----w- c:\program files\IEInspector
2010-08-07 09:12 . 2010-08-07 09:12 -------- d-----w- c:\program files\Trend Micro
2010-07-23 20:04 . 2010-07-23 20:04 -------- d-----w- c:\program files\PlayReady
2010-07-22 09:04 . 2010-07-22 09:04 -------- d-----w- c:\programdata\{7269BE79-5722-4259-B764-61F0045B02FF}
2010-07-22 09:04 . 2010-07-22 09:04 -------- d-----w- c:\program files\LiveZilla
2010-07-21 13:59 . 2009-01-12 07:15 71096 ----a-w- c:\windows\system32\NMSAccessU.exe
2010-07-21 13:59 . 2008-11-10 09:48 17408 ----a-w- c:\windows\system32\SyncBackPro.dll
2010-07-19 10:18 . 2010-07-19 10:19 -------- d-----w- c:\users\adi\AppData\Roaming\mIRC
2010-07-16 11:24 . 2010-07-17 08:13 -------- d-----w- c:\users\adi\AppData\Local\DassaultSystemes
2010-07-16 11:24 . 2010-07-16 11:25 -------- d-----w- c:\users\adi\AppData\Roaming\DassaultSystemes
2010-07-16 11:24 . 2010-07-16 11:24 -------- d-----w- c:\programdata\DassaultSystemes

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-14 12:09 . 2010-02-24 10:36 -------- d-----w- c:\users\adi\AppData\Roaming\vlc
2010-08-14 11:06 . 2010-01-16 14:24 -------- d-----w- c:\programdata\FLEXnet
2010-08-13 08:25 . 2010-01-17 09:42 -------- d-----w- c:\programdata\Microsoft Help
2010-08-12 11:59 . 2010-02-13 09:28 230436 ----a-w- C:\PA7302.DAT
2010-08-10 16:07 . 2010-01-18 18:17 -------- d-----w- c:\users\adi\AppData\Roaming\FileZilla
2010-08-07 09:12 . 2010-08-07 09:12 388096 ----a-r- c:\users\adi\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-08-07 08:52 . 2010-02-26 10:39 -------- d-----w- c:\program files\AVS4YOU
2010-07-30 17:16 . 2010-01-28 20:22 -------- d-----w- c:\program files\Safari
2010-07-30 17:14 . 2010-07-30 17:14 72488 ----a-w- c:\programdata\Apple Computer\Installer Cache\Safari 5.33.17.8\SetupAdmin.exe
2010-07-29 06:30 . 2010-08-12 09:29 197632 ----a-w- c:\windows\system32\ir32_32.dll
2010-07-29 06:30 . 2010-08-12 09:29 82944 ----a-w- c:\windows\system32\iccvid.dll
2010-07-23 16:22 . 2010-08-07 11:55 1496064 ----a-w- c:\users\adi\AppData\Roaming\Mozilla\Firefox\Profiles\8rh88wk3.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-07-23 16:22 . 2010-08-07 11:55 43008 ----a-w- c:\users\adi\AppData\Roaming\Mozilla\Firefox\Profiles\8rh88wk3.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-07-23 16:22 . 2010-08-07 11:55 338944 ----a-w- c:\users\adi\AppData\Roaming\Mozilla\Firefox\Profiles\8rh88wk3.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-07-23 16:22 . 2010-08-07 11:55 346112 ----a-w- c:\users\adi\AppData\Roaming\Mozilla\Firefox\Profiles\8rh88wk3.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2010-07-21 14:00 . 2010-05-12 08:52 -------- d-----w- c:\program files\2BrightSparks
2010-07-02 16:21 . 2010-07-02 16:21 71992 ----a-w- c:\programdata\Apple Computer\Installer Cache\Safari 5.33.16.0\SetupAdmin.exe
2010-07-02 09:53 . 2010-07-02 09:53 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-07-02 09:53 . 2010-07-02 09:53 -------- d-----w- c:\programdata\Hitman Pro
2010-07-02 09:53 . 2010-07-02 09:53 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-07-01 15:25 . 2010-01-18 18:16 -------- d-----w- c:\program files\FileZilla FTP Client
2010-06-30 06:25 . 2010-08-12 09:29 978432 ----a-w- c:\windows\system32\wininet.dll
2010-06-28 20:57 . 2010-07-07 09:01 38848 ----a-w- c:\windows\avastSS.scr
2010-06-28 20:57 . 2010-01-16 14:44 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-28 20:37 . 2010-01-16 14:44 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-28 20:37 . 2010-01-16 14:44 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-28 20:33 . 2010-01-16 14:44 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-28 20:32 . 2010-01-16 14:44 50256 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-06-28 20:32 . 2010-01-16 14:44 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-27 13:56 . 2010-01-24 22:51 -------- d-----w- c:\programdata\NVIDIA
2010-06-27 13:50 . 2010-06-27 13:50 -------- d-----w- c:\programdata\NVIDIA Corporation
2010-06-27 13:50 . 2010-01-24 22:50 -------- d-----w- c:\program files\NVIDIA Corporation
2010-06-25 21:07 . 2010-01-17 09:44 -------- d-----w- c:\program files\Microsoft.NET
2010-06-23 08:26 . 2010-06-23 08:26 501936 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb2DF.tmp.exe
2010-06-22 16:14 . 2010-01-22 11:36 -------- d-----w- c:\program files\HyCam2
2010-06-22 02:47 . 2010-08-12 09:29 310784 ----a-w- c:\windows\system32\drivers\srv.sys
2010-06-22 02:47 . 2010-08-12 09:29 307200 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-06-22 02:47 . 2010-08-12 09:29 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-06-19 14:48 . 2010-01-16 14:07 155328 ----a-w- c:\users\sally\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-19 08:35 . 2010-01-16 14:25 155328 ----a-w- c:\users\adi\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-19 08:12 . 2010-06-19 08:12 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-06-19 08:11 . 2010-01-16 14:16 -------- d-----w- c:\program files\Common Files\Adobe
2010-06-19 06:33 . 2010-08-12 09:29 3955080 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-06-19 06:33 . 2010-08-12 09:29 3899784 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-06-19 06:23 . 2010-08-12 09:29 37376 ----a-w- c:\windows\system32\rtutils.dll
2010-06-19 04:07 . 2010-08-12 09:29 2326016 ----a-w- c:\windows\system32\win32k.sys
2010-06-16 20:08 . 2010-06-16 20:08 -------- d-----w- c:\users\sally\AppData\Roaming\EPSON
2010-06-16 05:48 . 2010-08-12 09:29 224256 ----a-w- c:\windows\system32\schannel.dll
2010-06-14 06:12 . 2010-08-12 09:29 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-06-09 09:15 . 2010-06-09 09:15 2594584 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2010-06-09 09:14 . 2010-06-09 09:14 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2010-06-08 15:25 . 2010-06-08 15:25 57344 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-06-08 06:02 . 2010-08-12 09:29 1233920 ----a-w- c:\windows\system32\msxml3.dll
2010-06-07 23:57 . 2010-06-27 13:34 56936 ----a-w- c:\windows\system32\OpenCL.dll
2010-06-07 23:57 . 2010-06-27 13:34 15764072 ----a-w- c:\windows\system32\nvoglv32.dll
2010-06-07 23:57 . 2010-06-27 13:34 10888168 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2010-06-07 23:57 . 2010-06-27 13:34 4513384 ----a-w- c:\windows\system32\nvcuda.dll
2010-06-07 23:57 . 2010-06-27 13:34 2632296 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-06-07 23:57 . 2010-06-27 13:34 232040 ----a-w- c:\windows\system32\nvcod1921.dll
2010-06-07 23:57 . 2010-06-27 13:34 232040 ----a-w- c:\windows\system32\nvcod.dll
2010-06-07 23:57 . 2010-06-27 13:34 2145896 ----a-w- c:\windows\system32\nvcuvid.dll
2010-06-07 23:57 . 2010-06-27 13:34 10263144 ----a-w- c:\windows\system32\nvcompiler.dll
2010-06-07 23:57 . 2010-01-24 22:49 1592424 ----a-w- c:\windows\system32\nvapi.dll
2010-06-07 23:57 . 2009-06-10 21:19 9712744 ----a-w- c:\windows\system32\nvd3dum.dll
2010-06-07 16:47 . 2010-06-07 16:47 1691752 ----a-w- c:\windows\system32\nvsvcr.dll
2010-06-07 16:47 . 2010-06-07 16:47 13917800 ----a-w- c:\windows\system32\nvcpl.dll
2010-06-07 16:47 . 2010-06-07 16:47 1331816 ----a-w- c:\windows\system32\nvsvc.dll
2010-06-07 16:47 . 2010-06-07 16:47 129640 ----a-w- c:\windows\system32\nvvsvc.exe
2010-06-07 16:47 . 2010-06-07 16:47 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-06-07 08:17 . 2010-06-07 08:17 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-04 14:30 . 2010-06-04 14:30 63488 ----a-w- c:\users\sally\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-06-04 14:30 . 2010-06-04 14:30 52224 ----a-w- c:\users\sally\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-06-04 14:30 . 2010-06-04 14:30 117760 ----a-w- c:\users\sally\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-05-28 12:23 . 2010-01-22 17:44 38784 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-05-27 07:24 . 2010-06-09 16:55 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-27 03:49 . 2010-06-09 16:55 293888 ----a-w- c:\windows\system32\atmfd.dll
2010-05-24 21:38 . 2010-05-24 21:38 10134 ----a-r- c:\users\adi\AppData\Roaming\Microsoft\Installer\{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}\ARPPRODUCTICON.exe
2010-05-21 13:14 . 2010-01-16 14:07 221568 ------w- c:\windows\system32\MpSigStub.exe
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"TiVme Agent"="c:\program files\KWorld Multimedia\TiVme\ScheduleAgent.exe" [2009-12-11 113664]
"Speech Recognition"="c:\windows\Speech\Common\sapisvr.exe" [2009-07-14 51712]
"InvisibleContent"="c:\users\adi\AppData\Local\Invisible\InvisibleContent.dll" [2010-08-05 94208]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2009-11-20 434176]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-06-05 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2007-12-10 323584]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-06-28 2837864]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-01-27 1312848]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]
"LiveZilla"="c:\program files\LiveZilla\LiveZilla.exe" [2010-05-17 2651576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-01-29 21:17 64592 ----a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 135664]
R3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\DRIVERS\s0017bus.sys [2008-10-21 86824]
R3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0017mdfl.sys [2008-10-21 15016]
R3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0017mdm.sys [2008-10-21 114600]
R3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0017mgmt.sys [2008-10-21 108328]
R3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\DRIVERS\s0017nd5.sys [2008-10-21 26024]
R3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0017obex.sys [2008-10-21 104616]
R3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\DRIVERS\s0017unic.sys [2008-10-21 109736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-08 1343400]
S1 aswSP;aswSP; [x]
S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-09 169312]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-06-28 50256]
S2 HttpAnalyzerV5 DllInjectService;HttpAnalyzerV5 CodeHook service;c:\program files\IEInspector\HTTPAnalyzerFullV5\InjectWinSockServiceV5.exe [2010-04-06 268608]
S2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-01 139776]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Contents of the 'Scheduled Tasks' folder

2010-08-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 20:13]

2010-08-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 20:13]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
FF - ProfilePath - c:\users\adi\AppData\Roaming\Mozilla\Firefox\Profiles\8rh88wk3.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - www.google.co.uk
FF - component: c:\program files\IEInspector\HTTPAnalyzerFullV5\firefox\components\HttpAnalyzerFFV5.dll
FF - component: c:\users\adi\AppData\Roaming\Mozilla\Firefox\Profiles\8rh88wk3.default\extensions\{22119944-ED35-4ab1-910B-E619EA06A115}\components\rfproxy_31.dll
FF - component: c:\users\adi\AppData\Roaming\Mozilla\Firefox\Profiles\8rh88wk3.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Sony\Media Go\npmediago.dll
FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(4404)
c:\users\adi\AppData\Local\Invisible\InvisibleContent.dll
c:\program files\WinSCP\DragExt.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\programdata\EPSON\EPW!3 SSRP\E_S40ST7.EXE
c:\programdata\EPSON\EPW!3 SSRP\E_S40RP7.EXE
c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\NMSAccessU.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\conhost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
c:\windows\System32\regsvr32.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\sppsvc.exe
c:\windows\system32\DllHost.exe
c:\windows\system32\consent.exe
.
**************************************************************************
.
Completion time: 2010-08-15 10:54:15 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-15 09:54
ComboFix2.txt 2010-08-07 09:59

Pre-Run: 14,538,584,064 bytes free
Post-Run: 14,504,615,936 bytes free

- - End Of File - - D513CB7DE866F588638107AD73FB7650


#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:56 AM

Posted 15 August 2010 - 05:50 AM

extra combofix report

I need to see one of the extra reports combofix makes
  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box
CODE
C:\qoobox\ComboFix2.txt
  • click ok
  • copy and paste the report into this topic for me to review


I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 adibranch

adibranch
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:56 AM

Posted 15 August 2010 - 05:55 AM

ComboFix 10-08-06.03 - adi 07/08/2010 10:45:23.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.3070.1653 [GMT 1:00]
Running from: c:\users\adi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VWIUW3IU\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\hpe50E2.dll
c:\users\adi\AppData\Local\Temp\1C75.tmp
c:\users\adi\AppData\Roaming\Microsoft\~DFK147f7.tmp
c:\users\adi\AppData\Roaming\Microsoft\1eaadjc.dll
c:\users\adi\AppData\Roaming\Microsoft\AdjMmsVista.dll
c:\users\adi\AppData\Roaming\Microsoft\bass.dll
c:\users\adi\AppData\Roaming\Microsoft\engine_vx.dll
c:\users\adi\AppData\Roaming\Microsoft\kfgresk.dll
c:\users\adi\AppData\Roaming\Microsoft\mjcriu.dll
c:\users\adi\AppData\Roaming\Microsoft\peaadje.dll
c:\users\adi\AppData\Roaming\Microsoft\qwadjb.dll
c:\users\adi\AppData\Roaming\Microsoft\rsaadjd.dll
c:\windows\system32\%appdata%

.
((((((((((((((((((((((((( Files Created from 2010-07-07 to 2010-08-07 )))))))))))))))))))))))))))))))
.

2010-08-07 09:51 . 2010-08-07 09:51 -------- d-----w- c:\users\sally\AppData\Local\temp
2010-08-07 09:51 . 2010-08-07 09:51 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-08-07 09:12 . 2010-08-07 09:12 388096 ----a-r- c:\users\adi\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-08-07 09:12 . 2010-08-07 09:12 -------- d-----w- c:\program files\Trend Micro
2010-07-30 17:14 . 2010-07-30 17:14 72488 ----a-w- c:\programdata\Apple Computer\Installer Cache\Safari 5.33.17.8\SetupAdmin.exe
2010-07-23 20:04 . 2010-07-23 20:04 -------- d-----w- c:\program files\PlayReady
2010-07-22 09:04 . 2010-07-22 09:04 -------- d-----w- c:\programdata\{7269BE79-5722-4259-B764-61F0045B02FF}
2010-07-22 09:04 . 2010-05-17 08:40 575060 ----a-w- c:\programdata\{7269BE79-5722-4259-B764-61F0045B02FF}\mia.dll
2010-07-22 09:04 . 2010-05-17 08:40 2204306 ----a-w- c:\programdata\{7269BE79-5722-4259-B764-61F0045B02FF}\LiveZilla_3.1.8.6_Full.exe
2010-07-22 09:04 . 2010-07-22 09:04 -------- d-----w- c:\program files\LiveZilla
2010-07-21 13:59 . 2009-01-12 07:15 71096 ----a-w- c:\windows\system32\NMSAccessU.exe
2010-07-21 13:59 . 2008-11-10 09:48 17408 ----a-w- c:\windows\system32\SyncBackPro.dll
2010-07-19 10:18 . 2010-07-19 10:19 -------- d-----w- c:\users\adi\AppData\Roaming\mIRC
2010-07-16 11:24 . 2010-07-17 08:13 -------- d-----w- c:\users\adi\AppData\Local\DassaultSystemes
2010-07-16 11:24 . 2010-07-16 11:25 -------- d-----w- c:\users\adi\AppData\Roaming\DassaultSystemes
2010-07-16 11:24 . 2010-07-16 11:24 -------- d-----w- c:\programdata\DassaultSystemes

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-08-07 08:52 . 2010-02-26 10:39 -------- d-----w- c:\program files\AVS4YOU
2010-07-31 12:23 . 2010-01-18 18:17 -------- d-----w- c:\users\adi\AppData\Roaming\FileZilla
2010-07-30 17:16 . 2010-01-28 20:22 -------- d-----w- c:\program files\Safari
2010-07-21 14:00 . 2010-05-12 08:52 -------- d-----w- c:\program files\2BrightSparks
2010-07-19 11:14 . 2010-02-24 10:36 -------- d-----w- c:\users\adi\AppData\Roaming\vlc
2010-07-14 22:16 . 2010-01-17 09:42 -------- d-----w- c:\programdata\Microsoft Help
2010-07-02 16:21 . 2010-07-02 16:21 71992 ----a-w- c:\programdata\Apple Computer\Installer Cache\Safari 5.33.16.0\SetupAdmin.exe
2010-07-02 09:53 . 2010-07-02 09:53 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-07-02 09:53 . 2010-07-02 09:53 -------- d-----w- c:\programdata\Hitman Pro
2010-07-02 09:53 . 2010-07-02 09:53 -------- d-----w- c:\program files\Hitman Pro 3.5
2010-07-01 15:25 . 2010-01-18 18:16 -------- d-----w- c:\program files\FileZilla FTP Client
2010-07-01 12:52 . 2010-07-06 15:09 1496064 ----a-w- c:\users\adi\AppData\Roaming\Mozilla\Firefox\Profiles\8rh88wk3.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-07-01 12:51 . 2010-07-06 15:09 43008 ----a-w- c:\users\adi\AppData\Roaming\Mozilla\Firefox\Profiles\8rh88wk3.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-07-01 12:51 . 2010-07-06 15:09 338944 ----a-w- c:\users\adi\AppData\Roaming\Mozilla\Firefox\Profiles\8rh88wk3.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-07-01 12:51 . 2010-07-06 15:09 346112 ----a-w- c:\users\adi\AppData\Roaming\Mozilla\Firefox\Profiles\8rh88wk3.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2010-06-28 20:57 . 2010-07-07 09:01 38848 ----a-w- c:\windows\avastSS.scr
2010-06-28 20:57 . 2010-01-16 14:44 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-28 20:37 . 2010-01-16 14:44 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-28 20:37 . 2010-01-16 14:44 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-28 20:33 . 2010-01-16 14:44 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-28 20:32 . 2010-01-16 14:44 50256 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-06-28 20:32 . 2010-01-16 14:44 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-27 13:56 . 2010-01-24 22:51 -------- d-----w- c:\programdata\NVIDIA
2010-06-27 13:50 . 2010-06-27 13:50 -------- d-----w- c:\programdata\NVIDIA Corporation
2010-06-27 13:50 . 2010-01-24 22:50 -------- d-----w- c:\program files\NVIDIA Corporation
2010-06-25 21:07 . 2010-01-17 09:44 -------- d-----w- c:\program files\Microsoft.NET
2010-06-23 08:26 . 2010-06-23 08:26 501936 ----a-w- c:\programdata\Google\Google Toolbar\Update\gtb2DF.tmp.exe
2010-06-22 16:14 . 2010-01-22 11:36 -------- d-----w- c:\program files\HyCam2
2010-06-19 14:48 . 2010-01-16 14:07 155328 ----a-w- c:\users\sally\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-19 08:35 . 2010-01-16 14:25 155328 ----a-w- c:\users\adi\AppData\Local\GDIPFONTCACHEV1.DAT
2010-06-19 08:35 . 2010-01-16 14:24 -------- d-----w- c:\programdata\FLEXnet
2010-06-19 08:12 . 2010-06-19 08:12 -------- d-----w- c:\program files\Common Files\PX Storage Engine
2010-06-19 08:11 . 2010-01-16 14:16 -------- d-----w- c:\program files\Common Files\Adobe
2010-06-16 20:08 . 2010-06-16 20:08 -------- d-----w- c:\users\sally\AppData\Roaming\EPSON
2010-06-12 10:59 . 2010-01-16 15:17 -------- d-----w- c:\program files\Yahoo!
2010-06-11 09:39 . 2010-03-12 09:17 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2010-06-11 08:41 . 2010-05-24 21:37 -------- d-----w- c:\program files\Sony
2010-06-09 14:34 . 2010-06-09 14:34 -------- d-----w- c:\program files\Xvid
2010-06-09 09:42 . 2010-06-08 18:22 -------- d-----w- c:\programdata\Norton
2010-06-09 09:15 . 2010-06-09 09:15 2594584 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2010-06-09 09:14 . 2010-06-09 09:14 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2010-06-08 18:22 . 2010-06-08 18:22 -------- d-----w- c:\programdata\Symantec
2010-06-08 18:21 . 2010-06-08 18:21 -------- d-----w- c:\programdata\NortonInstaller
2010-06-08 15:32 . 2010-06-08 15:32 -------- d-----w- c:\users\adi\AppData\Roaming\DivX
2010-06-08 15:25 . 2010-06-08 15:25 57344 ----a-w- c:\programdata\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-06-08 15:25 . 2010-06-08 15:20 -------- d-----w- c:\programdata\DivX
2010-06-07 23:57 . 2010-06-27 13:34 56936 ----a-w- c:\windows\system32\OpenCL.dll
2010-06-07 23:57 . 2010-06-27 13:34 15764072 ----a-w- c:\windows\system32\nvoglv32.dll
2010-06-07 23:57 . 2010-06-27 13:34 10888168 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2010-06-07 23:57 . 2010-06-27 13:34 4513384 ----a-w- c:\windows\system32\nvcuda.dll
2010-06-07 23:57 . 2010-06-27 13:34 2632296 ----a-w- c:\windows\system32\nvcuvenc.dll
2010-06-07 23:57 . 2010-06-27 13:34 232040 ----a-w- c:\windows\system32\nvcod1921.dll
2010-06-07 23:57 . 2010-06-27 13:34 232040 ----a-w- c:\windows\system32\nvcod.dll
2010-06-07 23:57 . 2010-06-27 13:34 2145896 ----a-w- c:\windows\system32\nvcuvid.dll
2010-06-07 23:57 . 2010-06-27 13:34 10263144 ----a-w- c:\windows\system32\nvcompiler.dll
2010-06-07 23:57 . 2010-01-24 22:49 1592424 ----a-w- c:\windows\system32\nvapi.dll
2010-06-07 23:57 . 2009-06-10 21:19 9712744 ----a-w- c:\windows\system32\nvd3dum.dll
2010-06-07 16:47 . 2010-06-07 16:47 1691752 ----a-w- c:\windows\system32\nvsvcr.dll
2010-06-07 16:47 . 2010-06-07 16:47 13917800 ----a-w- c:\windows\system32\nvcpl.dll
2010-06-07 16:47 . 2010-06-07 16:47 1331816 ----a-w- c:\windows\system32\nvsvc.dll
2010-06-07 16:47 . 2010-06-07 16:47 129640 ----a-w- c:\windows\system32\nvvsvc.exe
2010-06-07 16:47 . 2010-06-07 16:47 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-06-07 08:17 . 2010-06-07 08:17 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-06-04 14:30 . 2010-06-04 14:30 63488 ----a-w- c:\users\sally\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-06-04 14:30 . 2010-06-04 14:30 52224 ----a-w- c:\users\sally\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-06-04 14:30 . 2010-06-04 14:30 117760 ----a-w- c:\users\sally\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-05-28 12:23 . 2010-01-22 17:44 38784 ----a-w- c:\users\adi\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-05-28 12:23 . 2010-01-22 17:44 38784 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-05-27 07:24 . 2010-06-09 16:55 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-27 03:49 . 2010-06-09 16:55 293888 ----a-w- c:\windows\system32\atmfd.dll
2010-05-24 21:38 . 2010-05-24 21:38 10134 ----a-r- c:\users\adi\AppData\Roaming\Microsoft\Installer\{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}\ARPPRODUCTICON.exe
2010-05-21 13:14 . 2010-01-16 14:07 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-21 05:18 . 2010-06-09 16:55 977920 ----a-w- c:\windows\system32\wininet.dll
2010-05-14 11:33 . 2010-02-13 09:28 230436 ----a-w- C:\PA7302.DAT
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"TiVme Agent"="c:\program files\KWorld Multimedia\TiVme\ScheduleAgent.exe" [2009-12-11 113664]
"Speech Recognition"="c:\windows\Speech\Common\sapisvr.exe" [2009-07-14 51712]
"InvisibleContent"="c:\users\adi\AppData\Local\Invisible\InvisibleContent.dll" [2010-08-05 94208]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" [2009-11-20 434176]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-06-05 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2007-12-10 323584]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-06-28 2837864]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-01-27 1312848]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]
"LiveZilla"="c:\program files\LiveZilla\LiveZilla.exe" [2010-05-17 2651576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2010-01-29 21:17 64592 ----a-w- c:\program files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 135664]
R3 s0017bus;Sony Ericsson Device 0017 driver (WDM);c:\windows\system32\DRIVERS\s0017bus.sys [2008-10-21 86824]
R3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter;c:\windows\system32\DRIVERS\s0017mdfl.sys [2008-10-21 15016]
R3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver;c:\windows\system32\DRIVERS\s0017mdm.sys [2008-10-21 114600]
R3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM);c:\windows\system32\DRIVERS\s0017mgmt.sys [2008-10-21 108328]
R3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS);c:\windows\system32\DRIVERS\s0017nd5.sys [2008-10-21 26024]
R3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface;c:\windows\system32\DRIVERS\s0017obex.sys [2008-10-21 104616]
R3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM);c:\windows\system32\DRIVERS\s0017unic.sys [2008-10-21 109736]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-08 1343400]
S1 aswSP;aswSP; [x]
S2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [2009-10-09 169312]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-06-28 50256]
S2 OMSI download service;Sony Ericsson OMSI download service;c:\program files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-01 139776]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Contents of the 'Scheduled Tasks' folder

2010-08-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 20:13]

2010-08-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-29 20:13]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
FF - ProfilePath - c:\users\adi\AppData\Roaming\Mozilla\Firefox\Profiles\8rh88wk3.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - www.google.co.uk
FF - component: c:\users\adi\AppData\Roaming\Mozilla\Firefox\Profiles\8rh88wk3.default\extensions\{22119944-ED35-4ab1-910B-E619EA06A115}\components\rfproxy_31.dll
FF - component: c:\users\adi\AppData\Roaming\Mozilla\Firefox\Profiles\8rh88wk3.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Sony\Media Go\npmediago.dll
FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-AdobeBridge - (no file)


.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(1268)
c:\users\adi\AppData\Local\Invisible\InvisibleContent.dll
c:\program files\WinSCP\DragExt.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\programdata\EPSON\EPW!3 SSRP\E_S40ST7.EXE
c:\programdata\EPSON\EPW!3 SSRP\E_S40RP7.EXE
c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
c:\windows\system32\NMSAccessU.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
c:\windows\System32\regsvr32.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\sppsvc.exe
c:\windows\system32\DllHost.exe
.
**************************************************************************
.
Completion time: 2010-08-07 10:59:42 - machine was rebooted
ComboFix-quarantined-files.txt 2010-08-07 09:59

Pre-Run: 50,413,477,888 bytes free
Post-Run: 50,098,728,960 bytes free

- - End Of File - - 49661F1863D8BC2446543CBF33EE9751

Edited by adibranch, 15 August 2010 - 06:31 AM.


#11 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:56 AM

Posted 15 August 2010 - 12:28 PM

Hello

How have the redirects been doing you havent said anything about them

Clear your Java Cache
  • click on Start-> Control Panel (Classic View)-> Java (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
        Applications and Applets
        Trace and Log Files
    • Click OK on Delete Temporary Files Window
      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
    • Click OK to leave the Temporary Files Window
    • Click OK to leave the Java Control Panel.

TFC(Temp File Cleaner):
  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

: Malwarebytes' Anti-Malware :
    Please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to
    • Update Malwarebytes' Anti-Malware
    • and Launch Malwarebytes' Anti-Malware
  • then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


Download HijackThis
  • Go Here to download HijackThis Installer
  • Save HijackThis Installer to your desktop.
  • Double-click on the HijackThis Installer icon on your desktop. (Vista and Win 7 right click and run as admin)
  • By default it will install to C:\Program Files\Trend Micro\HijackThis .
  • Click on Install.
  • It will create a HijackThis icon on the desktop.
  • Once installed it will launch Hijackthis.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on Edit > Select All then click on Edit > Copy to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT use the AnalyseThis button its findings are dangerous if misinterpreted.
  • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.

"information and logs"
    In your next post I need the following
    1. Log From MBAM
    2. report from Hijackthis
    3. let me know of any problems you may have had
    4. How is the computer doing now?

Gringo



I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#12 adibranch

adibranch
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:56 AM

Posted 15 August 2010 - 03:39 PM

yep redirects still happening on occasions.

ran malwarebytes but wasnt able to do this following bit as the option never came up..
"•Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected."

Log as follows. nothing found, but there are several 'adware.ecobar' items in quarantine (i may have run malwarebytes before some time ago)


mbam-log

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4433

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

15/08/2010 21:32:42
mbam-log-2010-08-15 (21-32-42).txt

Scan type: Quick scan
Objects scanned: 149121
Time elapsed: 4 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)




Hijack this log...


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:38:17, on 15/08/2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Windows\PixArt\Pac7302\Monitor.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\LiveZilla\LiveZilla.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\KWorld MultiMedia\TiVme\ScheduleAgent.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Windows\Speech\Common\sapisvr.exe
C:\Windows\System32\regsvr32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10i_ActiveX.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O2 - BHO: IEInspector Browser Helper - {9B43B7B1-BF56-4708-81D2-332D708B0DD9} - C:\PROGRA~1\IEINSP~1\HTTPAN~1\IEINSP~1.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [PAC7302_Monitor] C:\Windows\PixArt\PAC7302\Monitor.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKLM\..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [LiveZilla] "C:\Program Files\LiveZilla\LiveZilla.exe" -minimize
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [TiVme Agent] C:\Program Files\KWorld Multimedia\TiVme\ScheduleAgent.exe srec
O4 - HKCU\..\Run: [Speech Recognition] "C:\Windows\Speech\Common\sapisvr.exe" -SpeechUX -Startup
O4 - HKCU\..\Run: [InvisibleContent] regsvr32 /s /u "C:\Users\adi\AppData\Local\Invisible\InvisibleContent.dll"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: (no name) - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - (no file)
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - (no file)
O9 - Extra button: IE HTTPAnalyzer V5 - {858CFDE9-D018-453E-80D9-FD4FC3EF631E} - C:\PROGRA~1\IEINSP~1\HTTPAN~1\IEHTTP~1.DLL
O9 - Extra 'Tools' menuitem: IE HTTPAnalyzer V5 - {858CFDE9-D018-453E-80D9-FD4FC3EF631E} - C:\PROGRA~1\IEINSP~1\HTTPAN~1\IEHTTP~1.DLL
O9 - Extra button: (no name) - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (no file)
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files\BitComet\tools\BitCometBHO_1.3.7.16.dll/206 (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.4.5.cab
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2009.0...oUploader55.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Adobe Active File Monitor V8 (AdobeActiveFileMonitor8.0) - Adobe Systems Incorporated - C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HttpAnalyzerV5 CodeHook service (HttpAnalyzerV5 DllInjectService) - Unknown owner - C:\Program Files\IEInspector\HTTPAnalyzerFullV5\InjectWinSockServiceV5.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: NMSAccess - Unknown owner - C:\Windows\system32\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

--
End of file - 9301 bytes

Edited by adibranch, 15 August 2010 - 03:39 PM.


#13 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:56 AM

Posted 15 August 2010 - 05:50 PM

we are going to check the router

Create and Run Batch File
    Open Notepad and copy/paste the entire contents of the codebox below, into Notepad:
CODE
@echo off
>Log1.txt (
ipconfig /all
nslookup google.com
nslookup yahoo.com
ping -n 2 google.com
ping -n 2 yahoo.com
route print
)
start Log1.txt
del %0
    Save this as router.bat Choose to Save type as - All Files and where to save - Desktop - then close the Notepad file.

    It should look like this: <--XP
    Double-click on router.bat to run it. it will open notepad when done please post back the results
gringo

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#14 adibranch

adibranch
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:56 AM

Posted 16 August 2010 - 03:21 AM

thanks ... as follows..


Windows IP Configuration

Host Name . . . . . . . . . . . . : main-pc
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.20)
Physical Address. . . . . . . . . : 00-1F-D0-07-22-4A
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::f0f3:512b:eaf0:8702%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.2(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : 15 August 2010 20:26:31
Lease Expires . . . . . . . . . . : 17 August 2010 08:26:31
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 234889168
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-12-E3-7A-97-00-1F-D0-07-22-4A
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.{B851A074-B84C-45BB-B349-26360A89C698}:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 11:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fd:3c95:3734:ac26:4e0f(Preferred)
Link-local IPv6 Address . . . . . : fe80::3c95:3734:ac26:4e0f%13(Preferred)
Default Gateway . . . . . . . . . : ::
NetBIOS over Tcpip. . . . . . . . : Disabled
Server: www.routerlogin.com
Address: 192.168.1.1

Name: google.com
Address: 173.194.37.104

Server: www.routerlogin.com
Address: 192.168.1.1

Name: yahoo.com
Addresses: 67.195.160.76
69.147.125.65
72.30.2.43
98.137.149.56
209.191.122.70


Pinging google.com [173.194.37.104] with 32 bytes of data:
Reply from 173.194.37.104: bytes=32 time=632ms TTL=54
Request timed out.

Ping statistics for 173.194.37.104:
Packets: Sent = 2, Received = 1, Lost = 1 (50% loss),
Approximate round trip times in milli-seconds:
Minimum = 632ms, Maximum = 632ms, Average = 632ms

Pinging yahoo.com [67.195.160.76] with 32 bytes of data:
Reply from 67.195.160.76: bytes=32 time=827ms TTL=49
Reply from 67.195.160.76: bytes=32 time=978ms TTL=49

Ping statistics for 67.195.160.76:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 827ms, Maximum = 978ms, Average = 902ms
===========================================================================
Interface List
11...00 1f d0 07 22 4a ......Realtek RTL8168C(P)/8111C(P) Family PCI-E Gigabit Ethernet NIC (NDIS 6.20)
1...........................Software Loopback Interface 1
12...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.2 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
192.168.1.0 255.255.255.0 On-link 192.168.1.2 276
192.168.1.2 255.255.255.255 On-link 192.168.1.2 276
192.168.1.255 255.255.255.255 On-link 192.168.1.2 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.2 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.2 276
===========================================================================
Persistent Routes:
None

IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
13 58 ::/0 On-link
1 306 ::1/128 On-link
13 58 2001::/32 On-link
13 306 2001:0:5ef5:79fd:3c95:3734:ac26:4e0f/128
On-link
11 276 fe80::/64 On-link
13 306 fe80::/64 On-link
13 306 fe80::3c95:3734:ac26:4e0f/128
On-link
11 276 fe80::f0f3:512b:eaf0:8702/128
On-link
1 306 ff00::/8 On-link
13 306 ff00::/8 On-link
11 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None


#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:10:56 AM

Posted 16 August 2010 - 03:36 AM

Hello

that looks good please run this for me


Internet Explorer Proxy settings:
  • Open Internet Explorer > click Tools > Internet Options > Connections tab.
  • Click the LAN Settings... button and uncheck "Use a proxy server for your LAN"
    or change the settings to the proxy you normally use if you previously reconfigured it.
  • Remove any unknown addresses from the Address box. 80 is the default Port so it does not have to be changed.
  • Click OK... then click OK again.
  • Close Internet Explorer and -restart- the computer.
  • An example of how to do this with screenshots can be found >here<

Firefox Proxy settings:
  • Open Firefox, click Tools > Options > Advanced and click the Network Tab.
  • Under the Connection section click on the Settings... button.
  • Under Configure Proxies to Access the Internet, check No proxy. This is the default option if you don't use a proxy.
  • Click OK... then click OK again.
  • Close Firefox and -restart- the computer.
  • An example of how to do this with screenshots can be found >here<

For other browsers, please refer to How to configure browser proxy settings.

flush the DNS:

Can you please flush the DNS:
  • click on Start
  • select run
  • enter cmd and hit enter
  • a black window will open.
  • please enter the following text into that window and hit enter:
      ipconfig /flushdns



GooredFix

Please downloadGooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Ensure all Firefox windows are closed.
  • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
  • When prompted to run the scan, click Yes.
  • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).
gringo

Edited by gringo_pr, 16 August 2010 - 03:37 AM.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users