Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Another victim of a redirect virus...


  • Please log in to reply
25 replies to this topic

#1 alaskatrekker

alaskatrekker

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:01 AM

Posted 27 October 2010 - 12:26 AM

Having a redirect problem with Google search results, similar to the problem being posted by many other users it seems. I've scanned through those threads and followed some of the steps but nothing has worked so far.

Here is my DDS.txt log:



DDS (Ver_10-10-21.02) - NTFSx86
Run by Andrew Skurka at 10:24:26.60 on Wed 10/27/2010
Internet Explorer: 8.0.6001.18241 BrowserJavaVersion: 1.6.0_17
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2038.1073 [GMT -6:00]

AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning enabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
SP: Lavasoft Ad-Watch Live! *enabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\System32\bgsvcgen.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Users\Andrew Skurka\AppData\Local\Temp\dwm.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\sttray.exe
C:\Users\Andrew Skurka\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe
"C:\Users\Andrew Skurka\AppData\Roaming\Microsoft\svchost.exe"
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Users\Andrew Skurka\AppData\Roaming\Microsoft\Windows\shell.exe
C:\Users\Andrew Skurka\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Andrew Skurka\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wuauclt.exe
C:\Users\Andrew Skurka\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Andrew Skurka\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uWindow Title = Internet Explorer provided by Dell
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.nytimes.com/
mDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uInternet Settings,ProxyServer = http=127.0.0.1:50370
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uWinlogon: Shell=explorer.exe,c:\users\andrew skurka\appdata\roaming\microsoft\windows\shell.exe
uWindows: Load=c:\users\andrew~1\appdata\local\temp\dwm.exe
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [Google Update] "c:\users\andrew skurka\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Dell AIO Printer A920] "c:\program files\dell aio printer a920\dlbkbmgr.exe"
mRun: [SigmatelSysTrayApp] sttray.exe
mRun: [svchost] c:\users\andrew skurka\appdata\roaming\microsoft\svchost.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\andrew~1\appdata\roaming\mozilla\firefox\profiles\lcfg61hc.default\
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 50370
FF - prefs.js: network.proxy.type - 1
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\users\andrew skurka\appdata\local\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\users\andrew skurka\appdata\roaming\facebook\npfbplugin_1_0_3.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-10-5 64288]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-8-12 1357464]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-9-12 133104]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2010-10-14 21504]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-8-12 15008]

=============== Created Last 30 ================

2010-10-27 16:17:12 108544 ----a-w- c:\users\andrew~1\appdata\roaming\microsoft\windows\shell.exe
2010-10-27 16:16:55 98816 ----a-w- c:\users\andrew~1\appdata\roaming\microsoft\svchost.exe
2010-10-27 15:51:57 -------- d-----w- c:\users\andrew~1\appdata\roaming\Malwarebytes
2010-10-27 15:51:48 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-27 15:51:47 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-27 15:51:47 -------- d-----w- c:\program files\Malwarebytes
2010-10-27 15:51:47 -------- d-----w- c:\progra~2\Malwarebytes
2010-10-26 13:17:30 6146896 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{a3115df3-7d1a-4788-8ce9-7c96907c44c7}\mpengine.dll
2010-10-14 16:45:44 -------- d-----w- c:\program files\NCH Software
2010-10-14 16:45:41 -------- d-----w- c:\users\andrew~1\appdata\roaming\NCH Software
2010-10-14 15:21:25 -------- d-----w- c:\windows\en
2010-10-14 15:15:46 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2010-10-14 15:15:46 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2010-10-14 15:15:45 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2010-10-14 15:10:50 94040 ----a-w- c:\program files\common files\windows live\.cache\fac03cfb1cb6bb103\DSETUP.dll
2010-10-14 15:10:50 525656 ----a-w- c:\program files\common files\windows live\.cache\fac03cfb1cb6bb103\DXSETUP.exe
2010-10-14 15:10:50 1691480 ----a-w- c:\program files\common files\windows live\.cache\fac03cfb1cb6bb103\dsetup32.dll
2010-10-14 15:10:37 94040 ----a-w- c:\program files\common files\windows live\.cache\f008018b1cb6bb102\DSETUP.dll
2010-10-14 15:10:37 525656 ----a-w- c:\program files\common files\windows live\.cache\f008018b1cb6bb102\DXSETUP.exe
2010-10-14 15:10:37 1691480 ----a-w- c:\program files\common files\windows live\.cache\f008018b1cb6bb102\dsetup32.dll
2010-10-14 15:09:21 -------- d-----w- c:\users\andrew~1\appdata\local\Windows Live
2010-10-14 14:32:15 -------- d-----w- c:\program files\Windows Portable Devices
2010-10-14 14:23:12 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2010-10-14 14:23:00 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-10-14 14:16:27 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2010-10-14 14:16:27 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2010-10-14 14:16:26 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2010-10-14 14:14:57 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2010-10-14 14:13:11 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2010-10-14 14:13:11 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2010-10-14 14:13:11 234496 ----a-w- c:\windows\system32\oleacc.dll
2010-10-14 14:07:38 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-10-14 14:07:38 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-10-14 14:07:38 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-10-14 14:07:38 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-10-14 14:07:38 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-10-14 14:03:34 2048 ----a-w- c:\windows\system32\tzres.dll
2010-10-14 14:03:23 304128 ----a-w- c:\windows\system32\drivers\srv.sys
2010-10-14 14:03:23 17920 ----a-w- c:\windows\system32\netevent.dll
2010-10-14 14:03:23 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-10-14 14:03:23 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-10-14 14:03:23 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-10-14 14:02:03 168960 ----a-w- c:\program files\windows media player\wmplayer.exe
2010-10-14 14:02:02 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-10-14 14:01:41 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-10-14 14:01:40 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-10-14 14:01:36 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2010-10-14 14:01:09 1316864 ----a-w- c:\windows\system32\ole32.dll
2010-10-14 14:01:08 339968 ----a-w- c:\program files\windows nt\accessories\wordpad.exe
2010-10-14 14:01:04 3600768 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-10-14 14:01:02 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-10-14 14:01:00 2038272 ----a-w- c:\windows\system32\win32k.sys
2010-10-14 13:59:58 739328 ----a-w- c:\windows\system32\inetcomm.dll
2010-10-14 13:50:37 531968 ----a-w- c:\windows\system32\comctl32.dll
2010-10-14 11:09:54 -------- d-----w- c:\windows\system32\eu-ES
2010-10-14 11:09:54 -------- d-----w- c:\windows\system32\ca-ES
2010-10-14 11:09:53 -------- d-----w- c:\windows\system32\vi-VN
2010-10-14 10:58:05 -------- d-----w- c:\windows\system32\SPReview
2010-10-14 10:33:55 928768 ----a-w- c:\windows\system32\scavenge.dll
2010-10-14 10:33:29 57856 ----a-w- c:\windows\system32\compcln.exe
2010-10-14 10:30:59 75264 ----a-w- c:\windows\system32\dot3msm.dll
2010-10-14 10:29:59 48128 ----a-w- c:\windows\system32\l2nacp.dll
2010-10-14 10:28:54 842240 ----a-w- c:\windows\system32\systemcpl.dll
2010-10-14 10:28:32 324608 ----a-w- c:\program files\windows nt\tabletextservice\TableTextService.dll
2010-10-14 07:42:34 -------- d-----w- C:\PerfLogs
2010-10-14 06:49:59 90112 ----a-w- c:\program files\common files\system\ole db\msdaosp.dll
2010-10-14 06:48:59 44032 ----a-w- c:\windows\system32\dssec.dll
2010-10-14 06:47:59 92160 ----a-w- c:\windows\system32\wlancfg.dll
2010-10-14 05:41:02 -------- d-----w- c:\windows\system32\EventProviders
2010-10-14 04:10:38 -------- d-----w- c:\program files\common files\Windows Live
2010-10-13 04:01:28 45568 ----a-w- c:\windows\system32\QuickThumb.dll
2010-10-05 19:17:30 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-10-05 19:17:27 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-10-05 18:58:56 -------- d-----w- c:\users\andrew~1\appdata\local\Sunbelt Software
2010-10-05 18:57:55 -------- dc-h--w- c:\progra~2\{ECC164E0-3133-4C70-A831-F08DB2940F70}
2010-09-30 02:11:01 -------- d-----w- c:\program files\iPod
2010-09-30 02:11:00 -------- d-----w- c:\progra~2\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-09-30 02:08:58 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll
2010-09-30 02:08:58 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll
2010-09-30 02:08:58 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll
2010-09-30 02:08:57 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll
2010-09-30 02:08:57 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll
2010-09-30 02:08:57 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll
2010-09-30 02:08:57 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll
2010-09-30 02:02:37 -------- d-----w- c:\program files\Bonjour

==================== Find3M ====================

2010-10-19 17:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-14 07:24:14 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2010-10-14 07:23:42 82432 ----a-w- c:\windows\system32\axaltocm.dll
2010-09-23 06:32:56 301936 ----a-w- c:\windows\WLXPGSS.SCR
2010-09-08 17:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 17:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-08-26 16:37:45 157184 ----a-w- c:\windows\system32\t2embed.dll
2010-08-20 16:05:07 867328 ----a-w- c:\windows\system32\wmpmde.dll
2010-08-17 14:11:37 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-12 12:15:20 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-08-10 15:53:15 274944 ----a-w- c:\windows\system32\schannel.dll

============= FINISH: 10:25:30.12 ===============

Requested attachments in this post...

EDIT: Posts merged ~BP

Attached Files


Edited by Budapest, 27 October 2010 - 03:52 PM.


BC AdBot (Login to Remove)

 


#2 IndiGenus

IndiGenus

    Anti-Malware Buddha


  • Members
  • 115 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:01 AM

Posted 30 October 2010 - 09:29 AM

Hello alaskatrekker and welcome to the forums here at Bleeping Computer.

:welcome:

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.
IndiGenus

The help you receive here is free, but if you would like to help me continue the fight against Malware then Posted Image

"To find perfect composure in the midst of change is to find ourselves in nirvana."

Suzuki Roshi


#3 alaskatrekker

alaskatrekker
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:01 AM

Posted 30 October 2010 - 12:17 PM

I may have already solved the problem by running a few other anti-malware programs (I'm no longer having redirect issues) but if you don't mind I'd appreciate running through some basic logs to make sure there's nothing still suspicious.

Here's the ComboFix log, also attached:


ComboFix 10-10-29.04 - Andrew Skurka 10/30/2010 10:48:25.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2038.1134 [GMT -6:00]
Running from: c:\users\Andrew Skurka\Desktop\ComboFix.exe
AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning enabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
SP: Lavasoft Ad-Watch Live! *enabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Andrew Skurka\AppData\Roaming\Microsoft\stor.cfg

.
((((((((((((((((((((((((( Files Created from 2010-09-28 to 2010-10-30 )))))))))))))))))))))))))))))))
.

2010-10-30 16:59 . 2010-10-30 16:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-10-29 08:18 . 2010-10-07 23:21 6146896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B1A3A269-A001-46DF-A486-1B483BCE7A10}\mpengine.dll
2010-10-27 18:29 . 2010-02-05 15:18 100136 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2010-10-27 18:29 . 2010-02-05 15:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-10-27 18:29 . 2010-03-29 16:06 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-10-27 18:29 . 2009-11-23 19:54 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-10-27 18:29 . 2010-04-08 20:29 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-10-27 18:29 . 2010-10-30 16:39 -------- d-----w- c:\program files\Spyware Doctor
2010-10-27 18:29 . 2010-10-27 18:30 -------- d-----w- c:\program files\Common Files\PC Tools
2010-10-27 18:29 . 2010-10-27 18:29 -------- d-----w- c:\users\Andrew Skurka\AppData\Roaming\PC Tools
2010-10-27 18:29 . 2010-10-27 18:29 -------- d-----w- c:\programdata\PC Tools
2010-10-27 17:56 . 2010-10-28 15:56 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-10-27 16:51 . 2010-10-27 17:10 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-10-27 16:51 . 2010-10-27 17:07 -------- d-----w- c:\programdata\Hitman Pro
2010-10-27 15:51 . 2010-10-27 15:51 -------- d-----w- c:\users\Andrew Skurka\AppData\Roaming\Malwarebytes
2010-10-27 15:51 . 2010-10-27 15:51 -------- d-----w- c:\programdata\Malwarebytes
2010-10-14 16:45 . 2010-10-14 16:45 -------- d-----w- c:\programdata\NCH Software
2010-10-14 16:45 . 2010-10-26 17:18 -------- d-----w- c:\program files\NCH Software
2010-10-14 16:45 . 2010-10-14 16:45 -------- d-----w- c:\users\Andrew Skurka\AppData\Roaming\NCH Software
2010-10-14 15:21 . 2010-10-14 15:21 -------- d-----w- c:\windows\en
2010-10-14 15:15 . 2009-09-04 23:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2010-10-14 15:15 . 2009-09-04 23:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2010-10-14 15:15 . 2009-09-04 23:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2010-10-14 15:15 . 2010-10-14 15:15 -------- d-----w- c:\programdata\WindowsSearch
2010-10-14 15:09 . 2010-10-14 16:13 -------- d-----w- c:\users\Andrew Skurka\AppData\Local\Windows Live
2010-10-14 14:32 . 2010-10-14 14:32 -------- d-----w- c:\program files\Windows Portable Devices
2010-10-14 14:24 . 2010-10-26 17:28 -------- d-----w- c:\program files\Windows Live
2010-10-14 14:23 . 2006-11-29 19:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2010-10-14 14:23 . 2010-10-14 14:23 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-10-14 14:16 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2010-10-14 14:16 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2010-10-14 14:16 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2010-10-14 14:14 . 2009-10-01 01:02 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2010-10-14 14:13 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2010-10-14 14:13 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2010-10-14 14:13 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2010-10-14 14:07 . 2009-11-08 16:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-10-14 14:07 . 2009-11-08 16:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-10-14 14:07 . 2009-11-08 16:55 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-10-14 14:07 . 2009-11-08 16:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-10-14 14:07 . 2009-11-08 16:55 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-10-14 14:03 . 2010-06-22 13:30 2048 ----a-w- c:\windows\system32\tzres.dll
2010-10-14 14:03 . 2010-09-06 16:20 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-10-14 14:03 . 2010-09-06 16:19 17920 ----a-w- c:\windows\system32\netevent.dll
2010-10-14 14:03 . 2010-09-06 13:45 304128 ----a-w- c:\windows\system32\drivers\srv.sys
2010-10-14 14:03 . 2010-09-06 13:45 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-10-14 14:03 . 2010-09-06 13:45 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-10-14 14:02 . 2010-09-13 13:56 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2010-10-14 14:02 . 2010-09-13 13:56 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-10-14 14:01 . 2010-08-31 15:46 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-10-14 14:01 . 2010-08-31 15:46 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-10-14 14:01 . 2010-04-05 17:02 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2010-10-14 14:01 . 2010-06-28 17:00 1316864 ----a-w- c:\windows\system32\ole32.dll
2010-10-14 14:01 . 2010-06-28 14:54 339968 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe
2010-10-14 14:01 . 2010-06-08 17:35 3600768 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-10-14 14:01 . 2010-06-08 17:35 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-10-14 14:01 . 2010-08-31 13:27 2038272 ----a-w- c:\windows\system32\win32k.sys
2010-10-14 13:59 . 2010-05-27 20:08 739328 ----a-w- c:\windows\system32\inetcomm.dll
2010-10-14 13:50 . 2010-08-31 15:44 531968 ----a-w- c:\windows\system32\comctl32.dll
2010-10-14 11:09 . 2010-10-14 11:10 -------- d-----w- c:\windows\system32\ca-ES
2010-10-14 11:09 . 2010-10-14 11:10 -------- d-----w- c:\windows\system32\eu-ES
2010-10-14 11:09 . 2010-10-14 11:10 -------- d-----w- c:\windows\system32\vi-VN
2010-10-14 10:58 . 2010-10-14 10:58 -------- d-----w- c:\windows\system32\SPReview
2010-10-14 10:33 . 2009-04-11 05:28 928768 ----a-w- c:\windows\system32\scavenge.dll
2010-10-14 10:33 . 2009-04-11 05:27 57856 ----a-w- c:\windows\system32\compcln.exe
2010-10-14 10:30 . 2009-04-11 05:28 75264 ----a-w- c:\windows\system32\dot3msm.dll
2010-10-14 10:29 . 2009-04-11 05:28 48128 ----a-w- c:\windows\system32\l2nacp.dll
2010-10-14 10:28 . 2009-04-11 05:28 842240 ----a-w- c:\windows\system32\systemcpl.dll
2010-10-14 10:28 . 2009-04-11 05:28 324608 ----a-w- c:\program files\Windows NT\TableTextService\TableTextService.dll
2010-10-14 07:42 . 2010-10-14 07:42 -------- d-----w- C:\PerfLogs
2010-10-14 06:49 . 2008-01-19 05:38 215096 ----a-w- c:\program files\Windows Defender\MsMpCom.dll
2010-10-14 06:48 . 2008-01-19 05:34 44032 ----a-w- c:\windows\system32\dssec.dll
2010-10-14 06:47 . 2008-01-19 05:36 92160 ----a-w- c:\windows\system32\wlancfg.dll
2010-10-14 05:41 . 2010-10-14 05:41 -------- d-----w- c:\windows\system32\EventProviders
2010-10-14 04:46 . 2010-10-14 04:46 -------- d-----w- c:\programdata\Office Genuine Advantage
2010-10-14 04:10 . 2010-10-14 04:10 -------- d-----w- c:\program files\Common Files\Windows Live
2010-10-13 04:01 . 2010-10-13 04:01 45568 ----a-w- c:\windows\system32\QuickThumb.dll
2010-10-09 15:55 . 2010-10-09 15:55 -------- d-----w- c:\program files\Safari
2010-10-05 19:17 . 2010-10-05 19:17 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-10-05 18:58 . 2010-10-05 18:58 -------- d-----w- c:\users\Andrew Skurka\AppData\Local\Sunbelt Software

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-19 17:41 . 2009-10-05 03:38 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-14 07:24 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2010-10-14 07:23 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
2010-09-23 06:32 . 2010-09-23 06:32 301936 ----a-w- c:\windows\WLXPGSS.SCR
2010-09-08 17:17 . 2010-09-08 17:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 17:17 . 2010-09-08 17:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Andrew Skurka\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Andrew Skurka\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Andrew Skurka\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\users\Andrew Skurka\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-02-25 135664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-27 1540096]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-17 815104]
"SigmatelSysTrayApp"="sttray.exe" [2007-02-08 303104]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2009-08-13 21:51 177440 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-09-24 08:10 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 17:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-09-13 133104]
R3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [2010-10-27 16968]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [x]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [x]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2010-03-11 366840]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [x]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-03-29 218592]


--- Other Services/Drivers In Memory ---

*Deregistered* - PCTSDInjDriver32

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-10-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-13 05:34]

2010-10-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-13 05:34]

2010-10-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2805480622-3685897249-449281717-1000Core.job
- c:\users\Andrew Skurka\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-08 22:14]

2010-10-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2805480622-3685897249-449281717-1000UA.job
- c:\users\Andrew Skurka\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-08 22:14]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.nytimes.com/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Andrew Skurka\AppData\Roaming\Mozilla\Firefox\Profiles\lcfg61hc.default\
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 50370
FF - prefs.js: network.proxy.type - 1
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\users\Andrew Skurka\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-Dell AIO Printer A920 - c:\program files\Dell AIO Printer A920\dlbkbmgr.exe
MSConfigStartUp-Dell AIO Printer A920 - c:\program files\Dell AIO Printer A920\dlbkbmgr.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-10-30 11:00
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aac\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flac\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.spx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-10-30 11:07:03
ComboFix-quarantined-files.txt 2010-10-30 17:07

Pre-Run: 23,920,697,344 bytes free
Post-Run: 23,604,457,472 bytes free

- - End Of File - - A12AAA0D19B636FA3E5FCB3253B355D2

P.S. I'm not sure why LavaSoft is still running since I uninstalled the program the other day and deleted the folders off my hard-drive.

Attached Files



#4 IndiGenus

IndiGenus

    Anti-Malware Buddha


  • Members
  • 115 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:01 AM

Posted 30 October 2010 - 12:47 PM

Okay, so no more symptoms of infection?

Go ahead and run DDS again if you would and post the logs.

P.S. I'm not sure why LavaSoft is still running since I uninstalled the program the other day and deleted the folders off my hard-drive.

Hmm? Looks like it's still there in some form as not all of it was removed. Did you remove through Control Panel/Add or Remove Programs? I don't believe they make a removal tool like many of the other AV programs have. You may need to try something like Revo Uninstaller to completely remove it. They have a free/trial version that works well. Let me know if you have any questions on that.

So you are not running any Antivirus program now then?
IndiGenus

The help you receive here is free, but if you would like to help me continue the fight against Malware then Posted Image

"To find perfect composure in the midst of change is to find ourselves in nirvana."

Suzuki Roshi


#5 alaskatrekker

alaskatrekker
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:01 AM

Posted 31 October 2010 - 11:36 AM

Below is the DDS Log. The Attach.txt file is attached.

DDS (Ver_10-10-31.01) - NTFSx86
Run by Andrew Skurka at 10:33:51.91 on Sun 10/31/2010
Internet Explorer: 8.0.6001.18241 BrowserJavaVersion: 1.6.0_17
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2038.969 [GMT -6:00]

AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning enabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
SP: Lavasoft Ad-Watch Live! *enabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\WLTRYSVC.EXE
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\System32\bgsvcgen.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\sttray.exe
C:\Users\Andrew Skurka\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\PrintScreen\PrintScreen.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Users\Andrew Skurka\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Andrew Skurka\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Andrew Skurka\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Andrew Skurka\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\Andrew Skurka\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskeng.exe
C:\Users\Andrew Skurka\Desktop\dds.scr

============== Pseudo HJT Report ===============

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.nytimes.com/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [Google Update] "c:\users\andrew skurka\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SigmatelSysTrayApp] sttray.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\andrew~1\appdata\roaming\mozilla\firefox\profiles\lcfg61hc.default\
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 50370
FF - prefs.js: network.proxy.type - 1
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-10-27 218592]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-9-12 133104]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2010-10-14 21504]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [2010-10-27 16968]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2010-10-31 27192]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2010-10-27 366840]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2010-10-27 1142224]

=============== Created Last 30 ================

2010-10-31 16:31:54 -------- d-----w- c:\users\andrew~1\appdata\local\VS Revo Group
2010-10-31 16:31:51 27192 ----a-w- c:\windows\system32\drivers\revoflt.sys
2010-10-31 16:31:49 -------- d-----w- c:\program files\Revo Uninstaller Pro
2010-10-30 17:07:09 -------- d-sh--w- C:\$RECYCLE.BIN
2010-10-30 16:44:11 98816 ----a-w- c:\windows\sed.exe
2010-10-30 16:44:11 85504 ----a-w- c:\windows\MBR.exe
2010-10-30 16:44:11 256512 ----a-w- c:\windows\PEV.exe
2010-10-30 16:44:11 161792 ----a-w- c:\windows\SWREG.exe
2010-10-29 08:18:51 6146896 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{b1a3a269-a001-46df-a486-1b483bce7a10}\mpengine.dll
2010-10-27 18:29:43 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-10-27 18:29:43 100136 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2010-10-27 18:29:34 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-10-27 18:29:34 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-10-27 18:29:29 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-10-27 18:29:06 -------- d-----w- c:\users\andrew~1\appdata\roaming\PC Tools
2010-10-27 18:29:06 -------- d-----w- c:\program files\Spyware Doctor
2010-10-27 18:29:06 -------- d-----w- c:\program files\common files\PC Tools
2010-10-27 18:29:06 -------- d-----w- c:\progra~2\PC Tools
2010-10-27 17:56:11 -------- d-----w- c:\progra~2\Spybot - Search & Destroy
2010-10-27 16:51:58 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-10-27 16:51:17 -------- d-----w- c:\progra~2\Hitman Pro
2010-10-27 15:51:57 -------- d-----w- c:\users\andrew~1\appdata\roaming\Malwarebytes
2010-10-27 15:51:47 -------- d-----w- c:\progra~2\Malwarebytes
2010-10-14 16:45:44 -------- d-----w- c:\program files\NCH Software
2010-10-14 16:45:41 -------- d-----w- c:\users\andrew~1\appdata\roaming\NCH Software
2010-10-14 15:21:25 -------- d-----w- c:\windows\en
2010-10-14 15:15:46 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2010-10-14 15:15:46 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2010-10-14 15:15:45 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2010-10-14 15:10:50 94040 ----a-w- c:\program files\common files\windows live\.cache\fac03cfb1cb6bb103\DSETUP.dll
2010-10-14 15:10:50 525656 ----a-w- c:\program files\common files\windows live\.cache\fac03cfb1cb6bb103\DXSETUP.exe
2010-10-14 15:10:50 1691480 ----a-w- c:\program files\common files\windows live\.cache\fac03cfb1cb6bb103\dsetup32.dll
2010-10-14 15:10:37 94040 ----a-w- c:\program files\common files\windows live\.cache\f008018b1cb6bb102\DSETUP.dll
2010-10-14 15:10:37 525656 ----a-w- c:\program files\common files\windows live\.cache\f008018b1cb6bb102\DXSETUP.exe
2010-10-14 15:10:37 1691480 ----a-w- c:\program files\common files\windows live\.cache\f008018b1cb6bb102\dsetup32.dll
2010-10-14 15:09:21 -------- d-----w- c:\users\andrew~1\appdata\local\Windows Live
2010-10-14 14:32:15 -------- d-----w- c:\program files\Windows Portable Devices
2010-10-14 14:23:12 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2010-10-14 14:23:00 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-10-14 14:16:27 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2010-10-14 14:16:27 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2010-10-14 14:16:26 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2010-10-14 14:14:57 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2010-10-14 14:13:11 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2010-10-14 14:13:11 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2010-10-14 14:13:11 234496 ----a-w- c:\windows\system32\oleacc.dll
2010-10-14 14:07:38 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-10-14 14:07:38 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-10-14 14:07:38 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-10-14 14:07:38 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-10-14 14:07:38 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-10-14 14:03:34 2048 ----a-w- c:\windows\system32\tzres.dll
2010-10-14 14:03:23 304128 ----a-w- c:\windows\system32\drivers\srv.sys
2010-10-14 14:03:23 17920 ----a-w- c:\windows\system32\netevent.dll
2010-10-14 14:03:23 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-10-14 14:03:23 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-10-14 14:03:23 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-10-14 14:02:03 168960 ----a-w- c:\program files\windows media player\wmplayer.exe
2010-10-14 14:02:02 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-10-14 14:01:41 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-10-14 14:01:40 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-10-14 14:01:36 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2010-10-14 14:01:09 1316864 ----a-w- c:\windows\system32\ole32.dll
2010-10-14 14:01:08 339968 ----a-w- c:\program files\windows nt\accessories\wordpad.exe
2010-10-14 14:01:04 3600768 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-10-14 14:01:02 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-10-14 14:01:00 2038272 ----a-w- c:\windows\system32\win32k.sys
2010-10-14 13:59:58 739328 ----a-w- c:\windows\system32\inetcomm.dll
2010-10-14 13:50:37 531968 ----a-w- c:\windows\system32\comctl32.dll
2010-10-14 11:09:54 -------- d-----w- c:\windows\system32\eu-ES
2010-10-14 11:09:54 -------- d-----w- c:\windows\system32\ca-ES
2010-10-14 11:09:53 -------- d-----w- c:\windows\system32\vi-VN
2010-10-14 10:58:05 -------- d-----w- c:\windows\system32\SPReview
2010-10-14 10:33:55 928768 ----a-w- c:\windows\system32\scavenge.dll
2010-10-14 10:33:29 57856 ----a-w- c:\windows\system32\compcln.exe
2010-10-14 10:30:59 75264 ----a-w- c:\windows\system32\dot3msm.dll
2010-10-14 10:29:59 48128 ----a-w- c:\windows\system32\l2nacp.dll
2010-10-14 10:28:54 842240 ----a-w- c:\windows\system32\systemcpl.dll
2010-10-14 10:28:32 324608 ----a-w- c:\program files\windows nt\tabletextservice\TableTextService.dll
2010-10-14 07:42:34 -------- d-----w- C:\PerfLogs
2010-10-14 06:49:59 90112 ----a-w- c:\program files\common files\system\ole db\msdaosp.dll
2010-10-14 06:48:59 44032 ----a-w- c:\windows\system32\dssec.dll
2010-10-14 06:47:59 92160 ----a-w- c:\windows\system32\wlancfg.dll
2010-10-14 05:41:02 -------- d-----w- c:\windows\system32\EventProviders
2010-10-14 04:10:38 -------- d-----w- c:\program files\common files\Windows Live
2010-10-13 04:01:28 45568 ----a-w- c:\windows\system32\QuickThumb.dll
2010-10-05 19:17:27 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-10-05 18:58:56 -------- d-----w- c:\users\andrew~1\appdata\local\Sunbelt Software

==================== Find3M ====================

2010-10-19 17:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-14 07:24:14 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2010-10-14 07:23:42 82432 ----a-w- c:\windows\system32\axaltocm.dll
2010-09-23 06:32:56 301936 ----a-w- c:\windows\WLXPGSS.SCR
2010-09-08 17:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 17:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-08-26 16:37:45 157184 ----a-w- c:\windows\system32\t2embed.dll
2010-08-20 16:05:07 867328 ----a-w- c:\windows\system32\wmpmde.dll
2010-08-17 14:11:37 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-10 15:53:15 274944 ----a-w- c:\windows\system32\schannel.dll

============= FINISH: 10:34:36.90 ===============

#6 alaskatrekker

alaskatrekker
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:01 AM

Posted 31 October 2010 - 11:39 AM

Re anti-virus software, I'm running Spyware Doctor by PC Tools and the Windows Defender. Adequate?

#7 IndiGenus

IndiGenus

    Anti-Malware Buddha


  • Members
  • 115 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:01 AM

Posted 31 October 2010 - 12:27 PM

It shows Win Defender is disabled, which is fine because in my opinion is pretty much useless.

SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

I also don't see the attached file. You can just post it if you like. What version of PC Tools are you running?
IndiGenus

The help you receive here is free, but if you would like to help me continue the fight against Malware then Posted Image

"To find perfect composure in the midst of change is to find ourselves in nirvana."

Suzuki Roshi


#8 alaskatrekker

alaskatrekker
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:01 AM

Posted 31 October 2010 - 01:32 PM

Attach.txt file:



UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-10-31.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 11/6/2007 7:52:56 PM
System Uptime: 10/31/2010 6:02:29 AM (4 hours ago)

Motherboard: Dell Inc. | | 0MG532
Processor: Intel® Core™ Duo CPU T2350 @ 1.86GHz | Microprocessor | 1867/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 137 GiB total, 20.505 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 5.834 GiB free.
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP571: 10/29/2010 2:18:13 AM - Windows Update
RP572: 10/29/2010 9:52:07 PM - Scheduled Checkpoint

==== Installed Programs ======================

Acrobat.com
Adobe AIR
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Photoshop Elements 2.0
Adobe Reader 9.2
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Bonjour
Canon Utilities Digital Photo Professional 3.7
Conexant HDA D110 MDC V.92 Modem
CutePDF Writer 2.7
D3DX10
Dell System Customization Wizard
Dell Wireless WLAN Card
Digital Studio v5 5
Dropbox
EPSON Printer Software
Facebook Plug-In
Gadwin PrintScreen
Google Chrome
Google Earth
Google Update Helper
Google Updater
HD Writer Ver1.0E for SD1
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HTML-Kit
Intel® Graphics Media Accelerator Driver
Internet Service Offers Launcher
iTunes
Java™ 6 Update 17
Java™ 6 Update 3
Java™ 6 Update 5
Java™ 6 Update 7
Java™ SE Runtime Environment 6
Memory-Map Navigator
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
MobileMe Control Panel
Modem Diagnostic Tool
Mozilla Firefox (3.6.10)
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
OGA Notifier 2.0.0048.0
Pinnacle VideoSpin
Product Documentation Launcher
QuickTime
Revo Uninstaller Pro 2.4.1
Safari
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB2288953)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Segoe UI
SigmaTel Audio
SILKYPIX Developer Studio 3.0 SE
Skype™ 3.6
Sonic Activation Module
Spyware Doctor 7.0
SSH Secure Shell
Synaptics Pointing Device Driver
SyncBack
TOPO! 4
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Outlook 2007 Junk Email Filter (kb2410711)
User's Guides
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Media Player Firefox Plugin

==== Event Viewer Messages From Past Week ========

10/30/2010 6:49:10 PM, Error: Microsoft-Windows-SpoolerWin32SPL [3] - The print spooler failed to reopen an existing printer connection because it could not read the configuration information from the registry key S-1-5-21-2805480622-3685897249-449281717-1000\Printers\Connections\S-1-5-21-2805480622-3685897249-449281717-1000\Printers\Connections. This can occur if the key name or values are malformed or missing.
10/30/2010 12:10:47 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Lbd
10/30/2010 11:00:22 AM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
10/30/2010 10:48:11 AM, Error: Service Control Manager [7034] - The Dell Wireless WLAN Tray Service service terminated unexpectedly. It has done this 1 time(s).
10/30/2010 10:47:53 AM, Error: Service Control Manager [7034] - The XAudioService service terminated unexpectedly. It has done this 1 time(s).
10/28/2010 9:50:12 AM, Error: Service Control Manager [7000] - The Lbd service failed to start due to the following error: The system cannot find the file specified.
10/28/2010 11:25:15 PM, Error: volsnap [27] - The shadow copies of volume C: were aborted during detection because a critical control file could not be opened.
10/28/2010 11:23:12 PM, Error: volsnap [25] - The shadow copies of volume C: were deleted because the shadow copy storage could not grow in time. Consider reducing the IO load on the system or choose a shadow copy storage volume that is not being shadow copied.
10/27/2010 11:50:29 AM, Error: EventLog [6008] - The previous system shutdown at 11:46:23 AM on 10/27/2010 was unexpected.
10/27/2010 11:40:02 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
10/27/2010 11:39:41 AM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
10/27/2010 11:37:54 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC NetBIOS netbt nsiproxy PSched RasAcd rdbss Smb spldr tdx Wanarpv6
10/27/2010 11:37:54 AM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
10/27/2010 11:37:54 AM, Error: Service Control Manager [7001] - The WebDav Client Redirector Driver service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
10/27/2010 11:37:54 AM, Error: Service Control Manager [7001] - The WebClient service depends on the WebDav Client Redirector Driver service which failed to start because of the following error: The dependency service or group failed to start.
10/27/2010 11:37:54 AM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
10/27/2010 11:37:54 AM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
10/27/2010 11:37:54 AM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
10/27/2010 11:37:54 AM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
10/27/2010 11:37:54 AM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service service which failed to start because of the following error: A device attached to the system is not functioning.
10/27/2010 11:37:54 AM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
10/27/2010 11:37:54 AM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
10/27/2010 11:37:54 AM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
10/27/2010 11:37:54 AM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
10/27/2010 11:37:54 AM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancilliary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
10/27/2010 11:37:54 AM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
10/27/2010 11:37:25 AM, Error: EventLog [6008] - The previous system shutdown at 11:31:55 AM on 10/27/2010 was unexpected.
10/27/2010 11:10:22 AM, Error: Service Control Manager [7024] - The Hitman Pro 3.5 Crusader (Boot) service terminated with service-specific error 0 (0x0).
10/26/2010 6:46:45 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Netman service.

==== End Of File ===========================

#9 IndiGenus

IndiGenus

    Anti-Malware Buddha


  • Members
  • 115 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:01 AM

Posted 31 October 2010 - 01:38 PM

Let's continue with the clean up. Please let me know if you are still having symptoms of the infection.


Go to Kaspersky website and perform an online antivirus scan.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

IndiGenus

The help you receive here is free, but if you would like to help me continue the fight against Malware then Posted Image

"To find perfect composure in the midst of change is to find ourselves in nirvana."

Suzuki Roshi


#10 alaskatrekker

alaskatrekker
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:01 AM

Posted 31 October 2010 - 02:28 PM

I'm struggling to get Kapersky to run for me, despite downloading Opera 9 and already having the most recent version of Java (6 w/update 22 I think). Do you have another preferred scan system?

#11 IndiGenus

IndiGenus

    Anti-Malware Buddha


  • Members
  • 115 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:01 AM

Posted 31 October 2010 - 02:46 PM

It can be troubling sometimes. Did you uninstall all the old versions of Java? Make sure to do so if not.

Eset Online Scanner
Run with Internet Explorer
  • Place a check mark in the box YES, I accept the Terms Of Use
  • Click the Start button.
  • Now click the Install button, or click the notification bar at the top of the window and choose to install.
  • Click Start. The scanner engine will initialize and update.
  • Do Not place a check mark in the box beside Remove found threats.
  • Click the Scan button. The scan will now run, please be patient.
  • When the scan finishes click the Details tab.
  • Copy and paste the contents of the C:\ProgramFiles\EsetOnlineScanner\log.txt into your next reply.

Please also let me know how it's running.
IndiGenus

The help you receive here is free, but if you would like to help me continue the fight against Malware then Posted Image

"To find perfect composure in the midst of change is to find ourselves in nirvana."

Suzuki Roshi


#12 alaskatrekker

alaskatrekker
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:01 AM

Posted 01 November 2010 - 10:47 AM

Ran Eset Scanner last night. Below are the results. Looks like it found something...


C:\Users\Andrew Skurka\AppData\Roaming\Mozilla\Firefox\Profiles\lcfg61hc.default\prefs.js Win32/Agent.RQD.Gen trojan
C:\Users\Andrew Skurka\AppData\Roaming\Mozilla\Firefox\Profiles\lcfg61hc.default\prefs.js.BAK Win32/Agent.RQD.Gen trojan

#13 IndiGenus

IndiGenus

    Anti-Malware Buddha


  • Members
  • 115 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:01 AM

Posted 01 November 2010 - 04:41 PM

We can use combofix to remove them. Update if it prompts you to, and it probably will.

1. Open Notepad

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\Users\Andrew Skurka\AppData\Roaming\Mozilla\Firefox\Profiles\lcfg61hc.default\prefs.js  
C:\Users\Andrew Skurka\AppData\Roaming\Mozilla\Firefox\Profiles\lcfg61hc.default\prefs.js.BAK


3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new DDS log. Just DDS.txt. .

Also let me know how it's running?
IndiGenus

The help you receive here is free, but if you would like to help me continue the fight against Malware then Posted Image

"To find perfect composure in the midst of change is to find ourselves in nirvana."

Suzuki Roshi


#14 alaskatrekker

alaskatrekker
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:01 AM

Posted 01 November 2010 - 06:18 PM

Here's the ComboFix log:


ComboFix 10-11-01.01 - Andrew Skurka 11/01/2010 16:42:54.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2038.1000 [GMT -6:00]
Running from: c:\users\Andrew Skurka\Desktop\ComboFix.exe
Command switches used :: c:\users\Andrew Skurka\Desktop\CFScript.txt
AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning enabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
SP: Lavasoft Ad-Watch Live! *enabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
* Created a new restore point

FILE ::
"c:\users\Andrew Skurka\AppData\Roaming\Mozilla\Firefox\Profiles\lcfg61hc.default\prefs.js"
"c:\users\Andrew Skurka\AppData\Roaming\Mozilla\Firefox\Profiles\lcfg61hc.default\prefs.js.BAK"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Andrew Skurka\AppData\Roaming\Mozilla\Firefox\Profiles\lcfg61hc.default\prefs.js
c:\users\Andrew Skurka\AppData\Roaming\Mozilla\Firefox\Profiles\lcfg61hc.default\prefs.js.BAK

.
((((((((((((((((((((((((( Files Created from 2010-10-01 to 2010-11-01 )))))))))))))))))))))))))))))))
.

2010-11-01 22:57 . 2010-11-01 22:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-11-01 15:45 . 2010-03-05 14:01 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-11-01 00:51 . 2010-11-01 00:51 -------- d-----w- c:\program files\ESET
2010-10-31 20:52 . 2010-08-26 04:23 13312 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2010-10-31 20:38 . 2009-03-08 11:31 45568 ----a-w- c:\windows\system32\mshta.exe
2010-10-31 20:37 . 2010-10-31 20:56 -------- d--h--w- c:\windows\msdownld.tmp
2010-10-31 19:05 . 2010-10-31 20:29 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-10-31 18:54 . 2010-10-31 18:54 61440 ----a-r- c:\users\Andrew Skurka\AppData\Roaming\Microsoft\Installer\{2E48A9E4-C531-4B71-ADF1-F80403413914}\ARPPRODUCTICON.exe
2010-10-31 18:54 . 2010-10-31 18:54 -------- d-----w- c:\program files\Opera
2010-10-31 18:53 . 2010-10-31 18:54 -------- d-----w- c:\users\Andrew Skurka\AppData\Roaming\GetRightToGo
2010-10-31 16:31 . 2010-10-31 16:31 -------- d-----w- c:\users\Andrew Skurka\AppData\Local\VS Revo Group
2010-10-31 16:31 . 2009-12-30 18:21 27192 ----a-w- c:\windows\system32\drivers\revoflt.sys
2010-10-31 16:31 . 2010-10-31 16:31 -------- d-----w- c:\program files\Revo Uninstaller Pro
2010-10-29 08:18 . 2010-10-07 23:21 6146896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B1A3A269-A001-46DF-A486-1B483BCE7A10}\mpengine.dll
2010-10-27 18:29 . 2010-02-05 15:18 100136 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2010-10-27 18:29 . 2010-02-05 15:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-10-27 18:29 . 2010-03-29 16:06 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-10-27 18:29 . 2009-11-23 19:54 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-10-27 18:29 . 2010-04-08 20:29 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-10-27 18:29 . 2010-10-30 16:39 -------- d-----w- c:\program files\Spyware Doctor
2010-10-27 18:29 . 2010-10-27 18:30 -------- d-----w- c:\program files\Common Files\PC Tools
2010-10-27 18:29 . 2010-10-27 18:29 -------- d-----w- c:\users\Andrew Skurka\AppData\Roaming\PC Tools
2010-10-27 18:29 . 2010-10-27 18:29 -------- d-----w- c:\programdata\PC Tools
2010-10-27 17:56 . 2010-10-28 15:56 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-10-27 16:51 . 2010-10-27 17:10 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-10-27 16:51 . 2010-10-27 17:07 -------- d-----w- c:\programdata\Hitman Pro
2010-10-27 15:51 . 2010-10-27 15:51 -------- d-----w- c:\users\Andrew Skurka\AppData\Roaming\Malwarebytes
2010-10-27 15:51 . 2010-10-27 15:51 -------- d-----w- c:\programdata\Malwarebytes
2010-10-14 16:45 . 2010-10-14 16:45 -------- d-----w- c:\programdata\NCH Software
2010-10-14 16:45 . 2010-10-26 17:18 -------- d-----w- c:\program files\NCH Software
2010-10-14 16:45 . 2010-10-14 16:45 -------- d-----w- c:\users\Andrew Skurka\AppData\Roaming\NCH Software
2010-10-14 15:21 . 2010-10-14 15:21 -------- d-----w- c:\windows\en
2010-10-14 15:15 . 2009-09-04 23:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2010-10-14 15:15 . 2009-09-04 23:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2010-10-14 15:15 . 2009-09-04 23:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2010-10-14 15:15 . 2010-10-14 15:15 -------- d-----w- c:\programdata\WindowsSearch
2010-10-14 15:09 . 2010-11-01 03:37 -------- d-----w- c:\users\Andrew Skurka\AppData\Local\Windows Live
2010-10-14 14:32 . 2010-10-14 14:32 -------- d-----w- c:\program files\Windows Portable Devices
2010-10-14 14:24 . 2010-10-26 17:28 -------- d-----w- c:\program files\Windows Live
2010-10-14 14:23 . 2006-11-29 19:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2010-10-14 14:23 . 2010-10-14 14:23 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-10-14 14:16 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2010-10-14 14:16 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2010-10-14 14:16 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2010-10-14 14:14 . 2009-10-01 01:02 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2010-10-14 14:13 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2010-10-14 14:13 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2010-10-14 14:13 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2010-10-14 14:07 . 2009-11-08 16:55 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-10-14 14:07 . 2009-11-08 16:55 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-10-14 14:07 . 2009-11-08 16:55 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-10-14 14:07 . 2009-11-08 16:55 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-10-14 14:07 . 2009-11-08 16:55 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-10-14 14:03 . 2010-06-22 13:30 2048 ----a-w- c:\windows\system32\tzres.dll
2010-10-14 14:03 . 2010-09-06 16:20 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-10-14 14:03 . 2010-09-06 16:19 17920 ----a-w- c:\windows\system32\netevent.dll
2010-10-14 14:03 . 2010-09-06 13:45 304128 ----a-w- c:\windows\system32\drivers\srv.sys
2010-10-14 14:03 . 2010-09-06 13:45 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-10-14 14:03 . 2010-09-06 13:45 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-10-14 14:02 . 2010-09-13 13:56 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2010-10-14 14:02 . 2010-09-13 13:56 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-10-14 14:01 . 2010-08-31 15:46 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-10-14 14:01 . 2010-08-31 15:46 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-10-14 14:01 . 2010-04-05 17:02 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2010-10-14 14:01 . 2010-06-28 17:00 1316864 ----a-w- c:\windows\system32\ole32.dll
2010-10-14 14:01 . 2010-06-28 14:54 339968 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe
2010-10-14 14:01 . 2010-06-08 17:35 3600768 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-10-14 14:01 . 2010-06-08 17:35 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-10-14 14:01 . 2010-08-31 13:27 2038272 ----a-w- c:\windows\system32\win32k.sys
2010-10-14 13:59 . 2010-05-27 20:08 739328 ----a-w- c:\windows\system32\inetcomm.dll
2010-10-14 13:50 . 2010-08-31 15:44 531968 ----a-w- c:\windows\system32\comctl32.dll
2010-10-14 11:09 . 2010-10-14 11:10 -------- d-----w- c:\windows\system32\ca-ES
2010-10-14 11:09 . 2010-10-14 11:10 -------- d-----w- c:\windows\system32\eu-ES
2010-10-14 11:09 . 2010-10-14 11:10 -------- d-----w- c:\windows\system32\vi-VN
2010-10-14 10:58 . 2010-10-14 10:58 -------- d-----w- c:\windows\system32\SPReview
2010-10-14 10:33 . 2009-04-11 05:28 928768 ----a-w- c:\windows\system32\scavenge.dll
2010-10-14 10:33 . 2009-04-11 05:27 57856 ----a-w- c:\windows\system32\compcln.exe
2010-10-14 10:30 . 2009-04-11 05:28 75264 ----a-w- c:\windows\system32\dot3msm.dll
2010-10-14 10:29 . 2009-04-11 05:28 48128 ----a-w- c:\windows\system32\l2nacp.dll
2010-10-14 10:28 . 2009-04-11 05:28 842240 ----a-w- c:\windows\system32\systemcpl.dll
2010-10-14 10:28 . 2009-04-11 05:28 324608 ----a-w- c:\program files\Windows NT\TableTextService\TableTextService.dll
2010-10-14 07:42 . 2010-10-14 07:42 -------- d-----w- C:\PerfLogs
2010-10-14 06:49 . 2008-01-19 05:38 215096 ----a-w- c:\program files\Windows Defender\MsMpCom.dll
2010-10-14 06:48 . 2008-01-19 05:34 44032 ----a-w- c:\windows\system32\dssec.dll
2010-10-14 06:47 . 2008-01-19 05:36 92160 ----a-w- c:\windows\system32\wlancfg.dll
2010-10-14 05:41 . 2010-10-14 05:41 -------- d-----w- c:\windows\system32\EventProviders
2010-10-14 04:46 . 2010-10-14 04:46 -------- d-----w- c:\programdata\Office Genuine Advantage
2010-10-14 04:10 . 2010-10-14 04:10 -------- d-----w- c:\program files\Common Files\Windows Live
2010-10-13 04:01 . 2010-10-13 04:01 45568 ----a-w- c:\windows\system32\QuickThumb.dll
2010-10-09 15:55 . 2010-10-09 15:55 -------- d-----w- c:\program files\Safari
2010-10-05 19:17 . 2010-10-05 19:17 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-10-05 18:58 . 2010-10-05 18:58 -------- d-----w- c:\users\Andrew Skurka\AppData\Local\Sunbelt Software

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-19 17:41 . 2009-10-05 03:38 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-14 07:24 . 2006-11-02 10:32 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2010-10-14 07:23 . 2006-11-02 10:32 82432 ----a-w- c:\windows\system32\axaltocm.dll
2010-09-23 06:32 . 2010-09-23 06:32 301936 ----a-w- c:\windows\WLXPGSS.SCR
2010-09-08 17:17 . 2010-09-08 17:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 17:17 . 2010-09-08 17:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Andrew Skurka\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Andrew Skurka\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\users\Andrew Skurka\AppData\Roaming\Dropbox\bin\DropboxExt.13.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\users\Andrew Skurka\AppData\Local\Google\Update\GoogleUpdate.exe" [2010-02-25 135664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-27 1540096]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-17 815104]
"SigmatelSysTrayApp"="sttray.exe" [2007-02-08 303104]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2009-08-13 21:51 177440 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-09-24 08:10 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 17:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-09-13 133104]
R3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [2010-10-27 16968]
R3 ivusb;Initio Driver for USB Default Controller;c:\windows\system32\DRIVERS\ivusb.sys [x]
R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 27192]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [2010-03-11 366840]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam.sys [x]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-03-29 218592]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-11-01 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-12-02 18:26]

2010-11-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-13 05:34]

2010-11-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-09-13 05:34]

2010-11-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2805480622-3685897249-449281717-1000Core.job
- c:\users\Andrew Skurka\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-08 22:14]

2010-11-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2805480622-3685897249-449281717-1000UA.job
- c:\users\Andrew Skurka\AppData\Local\Google\Update\GoogleUpdate.exe [2010-09-08 22:14]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.msn.com
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath -
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-01 16:58
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aac\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flac\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.spx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-11-01 17:06:45
ComboFix-quarantined-files.txt 2010-11-01 23:06
ComboFix2.txt 2010-10-30 17:07

Pre-Run: 23,958,708,224 bytes free
Post-Run: 24,110,960,640 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=5 Sets=1,2,3,4,5
- - End Of File - - EC7920A3593FFECC0753E3B8B313D0FF

#15 alaskatrekker

alaskatrekker
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:08:01 AM

Posted 01 November 2010 - 06:19 PM

Here's the DDS log:



DDS (Ver_10-10-31.01) - NTFSx86
Run by Andrew Skurka at 17:19:05.54 on Mon 11/01/2010
Internet Explorer: 8.0.6001.18975 BrowserJavaVersion: 1.6.0_22
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2038.942 [GMT -6:00]

AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning enabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
SP: Lavasoft Ad-Watch Live! *enabled* (Updated) {67844DAE-4F77-4D69-9457-98E8CFFDAA22}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\bcmwltry.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\System32\bgsvcgen.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\sttray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Users\Andrew Skurka\AppData\Local\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\Windows\system32\notepad.exe
C:\Windows\explorer.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Users\Andrew Skurka\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Andrew Skurka\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Andrew Skurka\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.msn.com
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
uRun: [Google Update] "c:\users\andrew skurka\appdata\local\google\update\GoogleUpdate.exe" /c
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SigmatelSysTrayApp] sttray.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll

================= FIREFOX ===================

FF - ProfilePath -
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-10-27 218592]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-9-12 133104]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2010-10-14 21504]
S3 hitmanpro35;Hitman Pro 3.5 Support Driver;c:\windows\system32\drivers\hitmanpro35.sys [2010-10-27 16968]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2010-10-31 27192]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2010-10-27 366840]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2010-10-27 1142224]

=============== Created Last 30 ================

2010-11-01 23:07:00 -------- d-sh--w- C:\$RECYCLE.BIN
2010-11-01 23:06:52 -------- d-----w- c:\users\andrew~1\appdata\local\temp
2010-11-01 15:45:02 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-11-01 00:51:08 -------- d-----w- c:\program files\ESET
2010-10-31 20:52:13 13312 ----a-w- c:\program files\internet explorer\iecompat.dll
2010-10-31 20:38:57 45568 ----a-w- c:\windows\system32\mshta.exe
2010-10-31 20:37:03 -------- d--h--w- c:\windows\msdownld.tmp
2010-10-31 19:05:41 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2010-10-31 19:05:40 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-10-31 18:54:31 61440 ----a-r- c:\users\andrew~1\appdata\roaming\microsoft\installer\{2e48a9e4-c531-4b71-adf1-f80403413914}\ARPPRODUCTICON.exe
2010-10-31 18:53:24 -------- d-----w- c:\users\andrew~1\appdata\roaming\GetRightToGo
2010-10-31 16:31:54 -------- d-----w- c:\users\andrew~1\appdata\local\VS Revo Group
2010-10-31 16:31:51 27192 ----a-w- c:\windows\system32\drivers\revoflt.sys
2010-10-31 16:31:49 -------- d-----w- c:\program files\Revo Uninstaller Pro
2010-10-30 16:44:11 98816 ----a-w- c:\windows\sed.exe
2010-10-30 16:44:11 86528 ----a-w- c:\windows\MBR.exe
2010-10-30 16:44:11 256512 ----a-w- c:\windows\PEV.exe
2010-10-30 16:44:11 161792 ----a-w- c:\windows\SWREG.exe
2010-10-29 08:18:51 6146896 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{b1a3a269-a001-46df-a486-1b483bce7a10}\mpengine.dll
2010-10-27 18:29:43 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-10-27 18:29:43 100136 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2010-10-27 18:29:34 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-10-27 18:29:34 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-10-27 18:29:29 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-10-27 18:29:06 -------- d-----w- c:\users\andrew~1\appdata\roaming\PC Tools
2010-10-27 18:29:06 -------- d-----w- c:\program files\Spyware Doctor
2010-10-27 18:29:06 -------- d-----w- c:\program files\common files\PC Tools
2010-10-27 18:29:06 -------- d-----w- c:\progra~2\PC Tools
2010-10-27 17:56:11 -------- d-----w- c:\progra~2\Spybot - Search & Destroy
2010-10-27 16:51:58 16968 ----a-w- c:\windows\system32\drivers\hitmanpro35.sys
2010-10-27 16:51:17 -------- d-----w- c:\progra~2\Hitman Pro
2010-10-27 15:51:57 -------- d-----w- c:\users\andrew~1\appdata\roaming\Malwarebytes
2010-10-27 15:51:47 -------- d-----w- c:\progra~2\Malwarebytes
2010-10-14 16:45:44 -------- d-----w- c:\program files\NCH Software
2010-10-14 16:45:41 -------- d-----w- c:\users\andrew~1\appdata\roaming\NCH Software
2010-10-14 15:21:25 -------- d-----w- c:\windows\en
2010-10-14 15:15:46 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2010-10-14 15:15:46 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2010-10-14 15:15:45 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2010-10-14 15:10:50 94040 ----a-w- c:\program files\common files\windows live\.cache\fac03cfb1cb6bb103\DSETUP.dll
2010-10-14 15:10:50 525656 ----a-w- c:\program files\common files\windows live\.cache\fac03cfb1cb6bb103\DXSETUP.exe
2010-10-14 15:10:50 1691480 ----a-w- c:\program files\common files\windows live\.cache\fac03cfb1cb6bb103\dsetup32.dll
2010-10-14 15:10:37 94040 ----a-w- c:\program files\common files\windows live\.cache\f008018b1cb6bb102\DSETUP.dll
2010-10-14 15:10:37 525656 ----a-w- c:\program files\common files\windows live\.cache\f008018b1cb6bb102\DXSETUP.exe
2010-10-14 15:10:37 1691480 ----a-w- c:\program files\common files\windows live\.cache\f008018b1cb6bb102\dsetup32.dll
2010-10-14 15:09:21 -------- d-----w- c:\users\andrew~1\appdata\local\Windows Live
2010-10-14 14:32:15 -------- d-----w- c:\program files\Windows Portable Devices
2010-10-14 14:23:12 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2010-10-14 14:23:00 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-10-14 14:16:27 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2010-10-14 14:16:27 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2010-10-14 14:16:26 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2010-10-14 14:14:57 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2010-10-14 14:13:11 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2010-10-14 14:13:11 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2010-10-14 14:13:11 234496 ----a-w- c:\windows\system32\oleacc.dll
2010-10-14 14:07:38 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-10-14 14:07:38 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-10-14 14:07:38 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-10-14 14:07:38 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-10-14 14:07:38 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-10-14 14:03:34 2048 ----a-w- c:\windows\system32\tzres.dll
2010-10-14 14:03:23 304128 ----a-w- c:\windows\system32\drivers\srv.sys
2010-10-14 14:03:23 17920 ----a-w- c:\windows\system32\netevent.dll
2010-10-14 14:03:23 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-10-14 14:03:23 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-10-14 14:03:23 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-10-14 14:02:03 168960 ----a-w- c:\program files\windows media player\wmplayer.exe
2010-10-14 14:02:02 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-10-14 14:01:41 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-10-14 14:01:40 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-10-14 14:01:36 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2010-10-14 14:01:09 1316864 ----a-w- c:\windows\system32\ole32.dll
2010-10-14 14:01:08 339968 ----a-w- c:\program files\windows nt\accessories\wordpad.exe
2010-10-14 14:01:04 3600768 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-10-14 14:01:02 3548040 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-10-14 14:01:00 2038272 ----a-w- c:\windows\system32\win32k.sys
2010-10-14 13:59:58 739328 ----a-w- c:\windows\system32\inetcomm.dll
2010-10-14 13:50:37 531968 ----a-w- c:\windows\system32\comctl32.dll
2010-10-14 11:09:54 -------- d-----w- c:\windows\system32\eu-ES
2010-10-14 11:09:54 -------- d-----w- c:\windows\system32\ca-ES
2010-10-14 11:09:53 -------- d-----w- c:\windows\system32\vi-VN
2010-10-14 10:58:05 -------- d-----w- c:\windows\system32\SPReview
2010-10-14 10:33:55 928768 ----a-w- c:\windows\system32\scavenge.dll
2010-10-14 10:33:29 57856 ----a-w- c:\windows\system32\compcln.exe
2010-10-14 10:30:59 75264 ----a-w- c:\windows\system32\dot3msm.dll
2010-10-14 10:29:59 48128 ----a-w- c:\windows\system32\l2nacp.dll
2010-10-14 10:28:54 842240 ----a-w- c:\windows\system32\systemcpl.dll
2010-10-14 10:28:32 324608 ----a-w- c:\program files\windows nt\tabletextservice\TableTextService.dll
2010-10-14 07:42:34 -------- d-----w- C:\PerfLogs
2010-10-14 06:49:59 90112 ----a-w- c:\program files\common files\system\ole db\msdaosp.dll
2010-10-14 06:48:59 44032 ----a-w- c:\windows\system32\dssec.dll
2010-10-14 06:47:59 92160 ----a-w- c:\windows\system32\wlancfg.dll
2010-10-14 05:41:02 -------- d-----w- c:\windows\system32\EventProviders
2010-10-14 04:10:38 -------- d-----w- c:\program files\common files\Windows Live
2010-10-13 04:01:28 45568 ----a-w- c:\windows\system32\QuickThumb.dll
2010-10-05 19:17:27 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-10-05 18:58:56 -------- d-----w- c:\users\andrew~1\appdata\local\Sunbelt Software

==================== Find3M ====================

2010-10-19 17:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-10-14 07:24:14 101888 ----a-w- c:\windows\system32\ifxcardm.dll
2010-10-14 07:23:42 82432 ----a-w- c:\windows\system32\axaltocm.dll
2010-09-23 06:32:56 301936 ----a-w- c:\windows\WLXPGSS.SCR
2010-09-08 17:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 17:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-08 06:01:28 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 05:57:18 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-08 05:57:05 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-08 05:56:53 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-09-08 05:56:53 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-09-08 05:04:36 385024 ----a-w- c:\windows\system32\html.iec
2010-09-08 04:26:46 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-09-08 04:25:15 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-08-26 16:37:45 157184 ----a-w- c:\windows\system32\t2embed.dll
2010-08-20 16:05:07 867328 ----a-w- c:\windows\system32\wmpmde.dll
2010-08-17 14:11:37 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-10 15:53:15 274944 ----a-w- c:\windows\system32\schannel.dll

============= FINISH: 17:19:38.91 ===============




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users