Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Firefox Google redirect / TDSS infection


  • This topic is locked This topic is locked
16 replies to this topic

#1 ivantaylor

ivantaylor

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:07 PM

Posted 05 January 2011 - 03:49 PM

I have tried various methods of removing the TDSS infection. Everything is working properly for a day then it re-appears.

I have used Malwarebytes and SuperAntiSpyware (both in regular and safe mode). Sometimes I get an indication of a trojan and remove it but then it returns.

I have made sure the hosts file is correct. I have used Symantec's TDSS killer as well as the Kaspersky killer on this site. Also, I have followed the removal steps in the Bleeping Computer Guide. Still no success. Below is the log information that you requested.

I was able to generate the DSS and Attach logs, but the GMER application failed to stop at the end so I could save a log for it. I have run GMER multiple times with it shutting down after a short time (3-5 minutes) or taking more than 30 minutes. I never get an opportunity to save any log from it. That's why I have no ark.txt file for you.

My system is a Pentium computer running XP Pro fully updated.

Hopefully you can determine what is infected, so I can remove it once and for all. Thank you for your time and help.

Ivan


DDS (Ver_10-12-12.02) - NTFSx86
Run by Ivan at 0:44:47.57 on Wed 01/05/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1145 [GMT -8:00]

AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\Program Files\utils\Zentimo\ZentimoService.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
svchost.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Mediafour\MacDrive 8\MacDrive8Service.exe
C:\WINDOWS\system32\nvsvc32.exe
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\utils\Contour Shuttle\ShuttleEngine.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
C:\Program Files\utils\UltraVNC\WinVNC.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\WFXSVC.EXE
C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
C:\Program Files\utils\UltraVNC\WinVNC.exe
C:\Program Files\apps\winfax\WFXMOD32.EXE
C:\WINDOWS\System32\ezSP_Px.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\system32\kmw_run.exe
C:\Program Files\apps\OmniPagePro14.0\Opware14.exe
C:\Program Files\utils\Contour Shuttle\ShuttleHelper.exe
C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\WINDOWS\system32\KMW_SHOW.EXE
C:\PROGRA~1\apps\winfax\WFXSWTCH.exe
C:\WINDOWS\system32\wfxsnt40.exe
C:\PROGRA~1\Avast5\avastUI.exe
C:\Program Files\Mediafour\MacDrive 8\MacDrive.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\utils\LClock\lclock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\utils\Launchy\Launchy.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\utils\DAEMON Tools Pro\DTShellHlp.exe
C:\Documents and Settings\Ivan\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.sony.com/vaiopeople
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
mURLSearchHooks: H - No File
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\mmedia\orbitdownloader\orbitcth.dll
BHO: MetaProducts Inquiry Helper: {001165c1-a640-11d7-9fd9-0080481ada61} - c:\program files\apps\metaproducts inquiry\inquiry.dll
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\mmedia\techsmith\snagit 10\SnagitBHO.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\utils\spybot\SDHelper.dll
BHO: SearchGT: {684b7df7-51de-4852-acf8-7ba3934d9bd1} - c:\program files\utils\searchgt\SearchGTShell.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: TextAloud: {f053c368-5458-45b2-9b4d-d8914bdddbff} - c:\progra~1\apps\textal~1\TAForIE.dll
TB: WebFerret: {a58686ed-fc46-44c3-95c6-4a812ab776f1} - c:\program files\apps\webferret\FerretBand.dll
TB: 2nd &Speech Center: {cfe40ed8-564e-4693-a9d9-80db70c8e460} - c:\progra~1\apps\2ndspe~1\tts4ie.dll
TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\program files\mmedia\orbitdownloader\GrabPro.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll
TB: MetaProducts Inquiry Bar: {b8238b20-ff2c-11d7-9fd9-0080481ada61} - c:\program files\apps\metaproducts inquiry\inquiry.dll
TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\mmedia\techsmith\snagit 10\SnagitIEAddin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No File
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
EB: MetaProducts &Inquiry: {579f8165-8aaf-11d7-9fd9-0080481ada61} - c:\program files\apps\metaproducts inquiry\inquiry.dll
EB: &SurfSaver: {a6418a39-8884-11d3-a846-00104b8825b9} - c:\program files\apps\surfsaver\SurfBar.dll
uRun: [LClock] c:\program files\utils\lclock\lclock.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [ezShieldProtector for Px] c:\windows\system32\ezSP_Px.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [kmw_run.exe] kmw_run.exe
mRun: [Opware14] "c:\program files\apps\omnipagepro14.0\Opware14.exe"
mRun: [Contour Shuttle Device Helper] c:\program files\utils\contour shuttle\ShuttleHelper.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [TrueImageMonitor.exe] c:\program files\acronis\trueimagehome\TrueImageMonitor.exe
mRun: [WFXSwtch] c:\progra~1\apps\winfax\WFXSWTCH.exe
mRun: [WinFaxAppPortStarter] wfxsnt40.exe
mRun: [Acronis Scheduler2 Service] "c:\program files\common files\acronis\schedule2\schedhlp.exe"
mRun: [avast5] c:\progra~1\avast5\avastUI.exe /nogui
mRun: [MacDrive 8 application] "c:\program files\mediafour\macdrive 8\MacDrive.exe"
mRun: [Getting started with MacDrive 8] "c:\program files\mediafour\macdrive 8\MDGetStarted.exe" /auto
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
dRunOnce: [nltide_2] regsvr32 /s /n /i:U shell32
StartupFolder: c:\docume~1\ivan\startm~1\programs\startup\launchy.lnk - c:\program files\utils\launchy\Launchy.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\launchy.lnk - c:\program files\utils\launchy\Launchy.exe
uPolicies-explorer: NoStrCmpLogical = 01000000
mPolicies-system: EnableLUA = 0 (0x0)
IE: &Download by Orbit - c:\program files\mmedia\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\mmedia\orbitdownloader\orbitmxt.dll/204
IE: Add to EverNote - c:\program files\apps\evernote\enbar.dll/2000
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Do&wnload selected by Orbit - c:\program files\mmedia\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\mmedia\orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Open RSS Feed - c:\program files\apps\feed mix\getlink.htm
IE: Save &frame with MetaProducts Inquiry - c:\program files\apps\metaproducts inquiry\inquiry.dll/saveframe.htm
IE: Save &image with MetaProducts Inquiry - c:\program files\apps\metaproducts inquiry\inquiry.dll/saveimg.htm
IE: Save &page with MetaProducts Inquiry - c:\program files\apps\metaproducts inquiry\inquiry.dll/savepage.htm
IE: Save &selection with MetaProducts Inquiry - c:\program files\apps\metaproducts inquiry\inquiry.dll/savesel.htm
IE: Search Using Copernic Agent - c:\program files\apps\copernic agent\CopernicAgentExt.dll/INTEGRATION_MENU_SEARCHEXT
IE: Sothink SWF Catcher - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: SurfSaver &QuickSave - c:\program files\apps\surfsaver\QuickSave.htm
IE: SurfSaver Sav&e... - c:\program files\apps\surfsaver\Add.htm
IE: SurfSaver Searc&h... - c:\program files\apps\surfsaver\Search.htm
IE: { - c:\program files\messenger\msmsgs.exe
IE: {193B17B0-7C9F-4D5B-AEAB-8D3605EFC084} - c:\progra~1\apps\copern~1\COPERN~1.EXE
IE: {688DC797-DC11-46A7-9F1B-445F4F58CE6E} - c:\progra~1\apps\copern~1\COPERN~1.EXE
IE: {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - c:\program files\apps\aim\aim.exe
IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {FDD900B6-E210-462A-8526-8F225845B3B3}
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {49B46060-8AC4-11D7-9FD9-0080481ADA61} - {579F8165-8AAF-11D7-9FD9-0080481ADA61} - c:\program files\apps\metaproducts inquiry\inquiry.dll
IE: {55AD98FF-3CB9-4718-B28B-E18F932D7FAB} - {6766A865-215F-465A-B266-9CB9C7BA71FA} - c:\program files\apps\metaproducts inquiry\inquiry.dll
IE: {7FDB9AEE-D04A-440C-8D1D-52B807115C59} - {D1917456-D76D-48DF-9981-B3978EACCD8F} - c:\program files\apps\metaproducts inquiry\inquiry.dll
IE: {8F36E80B-AD7C-434E-AB92-DA3938EA01E5} - {3680299D-8B37-4F8A-9975-EDD867F10E94} - c:\program files\apps\metaproducts inquiry\inquiry.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {A5ABA0BB-F195-40d8-A5E9-0801153E6597} - {2151DA8C-C5B6-4B4F-86AB-BDA449BF8747} - c:\program files\apps\evernote\enbar.dll
IE: {B98EEB00-A0F2-11D7-9FD9-0080481ADA61} - {F1F3B320-A0F9-11D7-9FD9-0080481ADA61} - c:\program files\apps\metaproducts inquiry\inquiry.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\utils\spybot\SDHelper.dll
DPF: DirectAnimation Java Classes
DPF: Microsoft XML Parser for Java
DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} - hxxp://esupport.sony.com/VaioInfo.CAB
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1228985848750
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1228427285093
DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} - hxxps://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {BDEE1959-AB6B-4745-A29B-F492861102CC}
DPF: {CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: asksam - {F9FF9EDA-4916-11D1-B6C1-002018305A61} - c:\program files\apps\surfsaver\AS_AIPP.dll
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: copernicagent - {A979B6BD-E40B-4A07-ABDD-A62C64A4EBF6} - c:\progra~1\apps\copern~1\COPERN~1.DLL
Handler: copernicagentcache - {AAC34CFD-274D-4A9D-B0DC-C74C05A67E1D} - c:\progra~1\apps\copern~1\COPERN~1.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\skype\recorder\Skype4COM.dll
Notify: !SASWinLogon - c:\program files\utils\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxsrvc.dll
AppInit_DLLs: c:\windows\system32\FileMonitor32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Eudora's Shell Extension: {edb0e980-90bd-11d4-8599-0008c7d3b6f8} - c:\program files\apps\eudora\EuShlExt.dll
SEH: CRXShellExecuteHook Object: {1214fbe7-4464-4a7e-9958-b5851a7a30a3} - c:\program files\utils\recentx\RXShell.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\utils\superantispyware\SASSEH.DLL
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
SEH: WinFax PRO IShellExecuteHook: {a213b520-c6c2-11d0-af9d-008029e1027e} - c:\program files\apps\winfax\WfxSeh32.Dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\ivan\applic~1\mozilla\firefox\profiles\jxegbc6z.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Crack Spider
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=FF&o=14594&locale=en_US&q=
FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
FF - component: c:\documents and settings\ivan\application data\mozilla\firefox\profiles\jxegbc6z.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\ivan\application data\mozilla\firefox\profiles\jxegbc6z.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
FF - component: c:\documents and settings\ivan\application data\mozilla\firefox\profiles\jxegbc6z.default\extensions\{6ac85730-7d0f-4de0-b3fa-21142dd85326}\platform\winnt\components\ColorZilla.dll
FF - component: c:\documents and settings\ivan\application data\mozilla\firefox\profiles\jxegbc6z.default\extensions\{6ff1d3c4-61bc-4021-89b7-af8a8f784ebb}\components\snagitmozextension.dll
FF - component: c:\documents and settings\ivan\application data\mozilla\firefox\profiles\jxegbc6z.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc_fireftp.dll
FF - component: c:\documents and settings\ivan\application data\mozilla\firefox\profiles\jxegbc6z.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
FF - plugin: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\mozillaplugins\nprphtml5videoshim.dll
FF - plugin: c:\documents and settings\ivan\application data\mozilla\firefox\profiles\jxegbc6z.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\documents and settings\ivan\local settings\application data\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mmedia\divx\divx player\npDivxPlayerPlugin.dll
FF - plugin: c:\program files\mmedia\videolan\vlc\npvlc.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdrmv2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdsplay.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPMGWRAP.DLL
FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwmsdrm.dll
FF - plugin: c:\program files\opera\program\plugins\npdivx32.dll
FF - plugin: c:\program files\opera\program\plugins\NPEvery.dll
FF - plugin: c:\program files\opera\program\plugins\NPExpFTP.dll
FF - plugin: c:\program files\opera\program\plugins\npjpi160_03.dll
FF - plugin: c:\program files\opera\program\plugins\nporbit.dll
FF - plugin: c:\program files\quicktime\plugins\npqtplugin8.dll
FF - plugin: c:\program files\tabletplugins\npwacom.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - Ext: ScrapBook: {53A03D43-5363-4669-8190-99061B2DEBA5} - %profile%\extensions\{53A03D43-5363-4669-8190-99061B2DEBA5}
FF - Ext: ChatZilla: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2} - %profile%\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
FF - Ext: ColorZilla: {6AC85730-7D0F-4de0-B3FA-21142DD85326} - %profile%\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
FF - Ext: IE View: {6e84150a-d526-41f1-a480-a67d3fed910d} - %profile%\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d}
FF - Ext: MeasureIt: {75CEEE46-9B64-46f8-94BF-54012DE155F0} - %profile%\extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}
FF - Ext: FireFTP: {a7c6cf7f-112c-4500-a7ea-39801a327e5f} - %profile%\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
FF - Ext: Tab Mix Plus: {dc572301-7619-498c-a57d-39143191b318} - %profile%\extensions\{dc572301-7619-498c-a57d-39143191b318}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: MR Tech Toolkit: {9669CC8F-B388-42FE-86F4-CB5E7F5A8BDC} - %profile%\extensions\{9669CC8F-B388-42FE-86F4-CB5E7F5A8BDC}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Media Converter: {6e764c17-863a-450f-bdd0-6772bd5aaa18} - %profile%\extensions\{6e764c17-863a-450f-bdd0-6772bd5aaa18}
FF - Ext: S3 Firefox Organizer(S3Fox): {7CEA821D-3DAB-4238-B424-BF7324531750} - %profile%\extensions\{7CEA821D-3DAB-4238-B424-BF7324531750}
FF - Ext: Web Developer: {c45c406e-ab73-11d8-be73-000a95be3b12} - %profile%\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com
FF - Ext: Book Burro: {c7d1f80d-de65-49ee-852b-2b00b3b19a5d} - %profile%\extensions\{c7d1f80d-de65-49ee-852b-2b00b3b19a5d}
FF - Ext: Snagit Firefox Extension: {6FF1D3C4-61BC-4021-89B7-AF8A8F784EBB} - %profile%\extensions\{6FF1D3C4-61BC-4021-89B7-AF8A8F784EBB}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: BitDefender QuickScan: {e001c731-5e37-4538-a5cb-8168736a2360} - %profile%\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\Ext

============= SERVICES / DRIVERS ===============

R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [2009-6-4 40560]
R0 MDFSYSNT;MacDrive file system driver;c:\windows\system32\drivers\MDFSYSNT.SYS [2010-2-4 231016]
R0 MDPMGRNT;MacDrive partition driver;c:\windows\system32\drivers\MDPMGRNT.SYS [2010-1-22 29792]
R0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);c:\windows\system32\drivers\tdrpm258.sys [2009-12-30 911680]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-4-27 165584]
R1 CBDisk;CBDisk;c:\windows\system32\drivers\CBDisk.sys [2010-12-23 57800]
R1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [2010-5-30 7936]
R1 SASDIFSV;SASDIFSV;c:\program files\utils\superantispyware\SASDIFSV.SYS [2009-1-15 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\utils\superantispyware\SASKUTIL.SYS [2009-1-15 55024]
R1 StarPortLite;StarPort Storage Controller (Lite);c:\windows\system32\drivers\StarPortLite.sys [2008-8-14 95592]
R2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\common files\acronis\cdp\afcdpsrv.exe [2009-10-30 2480048]
R2 ASTRA32;ASTRA32 Kernel Driver 5.2.1.0;c:\program files\utils\astra32\astra32.sys [2007-2-22 30864]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-4-27 17744]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast5\AvastSvc.exe [2010-4-27 40384]
R2 CoLinuxDriver;CoLinuxDriver;c:\temp\portable_ubuntu\linux.sys [2009-4-5 68096]
R2 MacDrive8Service;MacDrive 8 service;c:\program files\mediafour\macdrive 8\MacDrive8Service.exe [2010-1-7 192512]
R2 TabletServiceWacom;TabletServiceWacom;c:\program files\tablet\wacom\Wacom_Tablet.exe [2010-10-15 4807536]
R2 uvnc_service;uvnc_service;c:\program files\utils\ultravnc\winvnc.exe [2009-6-16 1737200]
R2 VDDriver;Virtual Disk Driver;c:\program files\virtual disk\VDDriver.sys [2009-5-22 40952]
R2 ZentimoService;Zentimo Assistant;c:\program files\utils\zentimo\ZentimoService.exe [2010-11-3 240976]
R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [2009-10-30 160704]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\avast5\AvastSvc.exe [2010-4-27 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\avast5\AvastSvc.exe [2010-4-27 40384]
R3 DsAudioDevice_286;DsAudioDevice_286;c:\windows\system32\drivers\DsAudioDevice_286.sys [2008-12-24 16640]
R3 m4cxw2k3;NDIS5.1 Miniport Driver for D-Link DGE-5xx Gigabit Ethernet Adapter;c:\windows\system32\drivers\m4cxw2k3.sys [2007-12-3 298752]
R3 mv2;mv2;c:\windows\system32\drivers\mv2.sys [2010-12-25 10688]
R3 TotRec7;Total Recorder WDM audio driver;c:\windows\system32\drivers\TotRec7.sys [2008-8-14 130128]
R3 TotRec8;Total Recorder WDM audio filter driver;c:\windows\system32\drivers\TotRec8.sys [2010-4-21 90192]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [2009-5-14 16640]
S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?]
S0 PCGenFAM;PCGenFAM;c:\windows\system32\drivers\PCGenFAM.sys [2010-6-12 179144]
S2 mrtRate;mrtRate; [x]
S2 VRDVC20;Sony VRD-VC20 [Video Capture];c:\windows\system32\drivers\VRDVC20X.SYS [2007-12-14 31104]
S3 ASTSRV;Nalpeiron Licensing Service;c:\windows\system32\ASTSRV.EXE [2008-12-6 57344]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-12-8 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-12-8 8456]
S3 FNETTBOH;FNETTBOH;c:\windows\system32\drivers\FNETTBOH.SYS [2010-5-30 23680]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-6 34064]
S3 Otis;Audible Otis Service;c:\windows\system32\drivers\OtisPlay.sys [2005-6-23 9472]
S3 palmusb;USB Comm driver (WDM);c:\windows\system32\drivers\palmusb.sys [2001-12-20 72800]
S3 PortRST;BaromTec HMS30C6001 Reset Driver;c:\windows\system32\drivers\PortRST.sys [2005-6-23 12721]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-5-28 14896]
S3 RIOUSB;RioPort.Com Rio500 USB Driver;c:\windows\system32\drivers\RioUSB.sys [2005-6-23 10020]
S3 SASENUM;SASENUM;c:\program files\utils\superantispyware\SASENUM.SYS [2009-1-15 7408]
S3 scsiscan;SCSI Scanner Driver;c:\windows\system32\drivers\scsiscan.sys --> c:\windows\system32\drivers\scsiscan.sys [?]
S3 SkLaggProtocol;Marvell Link Aggregation Protocol;c:\windows\system32\drivers\yk51x86l.sys [2009-9-22 60928]
S3 SkVlanProtocol;Marvell VLAN Protocol;c:\windows\system32\drivers\yk51x86v.sys [2009-8-27 20992]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\verizo~1\vzacce~1\SMSIVZAM5.SYS [2009-5-25 32408]
S3 Sr31a0;Sr31a0;c:\windows\system32\drivers\ati1ttxx.sys [2005-6-19 21343]
S3 STVqx3;Intel Play QX3 Microscope;c:\windows\system32\drivers\STVqx3.SYS [2009-6-7 131776]
S3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys --> c:\windows\system32\drivers\vaxscsi.sys [?]
S3 XIRLINK;IBM PC Camera;c:\windows\system32\drivers\C-itNT.sys [2006-8-14 899884]
S3 XLoader;PLEXTOR EZ-USB FX2 FIRMWARE LOADER (XLoader.sys);c:\windows\system32\drivers\XLoader.sys [2004-1-21 13696]
S4 SolutoService;Soluto PCGenome Core Service;"c:\program files\soluto\solutoservice.exe" --> c:\program files\soluto\SolutoService.exe [?]
S4 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2007-5-28 275968]
S4 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]

=============== File Associations ===============

txtfile="c:\program files\apps\editpadlite\EditPad.exe" "%1"

=============== Created Last 30 ================

2011-01-03 04:05:26 40960 ----a-r- c:\docume~1\ivan\applic~1\microsoft\installer\{ff1c72e2-203c-4e95-8d24-735196d29e04}\NewShortcut1_DC5EDBF7D08241849400BC64FF8DD4BE.exe
2011-01-03 03:58:45 499712 ----a-w- c:\windows\system32\msvcp71.3
2011-01-03 03:58:41 835584 ----a-w- c:\windows\tls7912d.dll
2011-01-03 03:58:41 40960 ----a-w- c:\windows\uninstallrq.exe
2011-01-03 03:58:41 278528 ----a-w- c:\windows\hpzjut01.dll
2010-12-31 05:24:59 -------- d-----w- c:\docume~1\ivan\applic~1\JGsoft
2010-12-29 18:31:25 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-12-27 12:54:27 108032 --sha-r- c:\windows\system32\usrsdpiad.dll
2010-12-25 09:30:48 20672 ----a-w- c:\windows\system32\mv2.dll
2010-12-25 09:30:48 10688 ----a-w- c:\windows\system32\drivers\mv2.sys
2010-12-24 11:06:55 6273872 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\windows defender\definition updates\{29df3b89-6cc3-4767-a673-43f421934b2e}\mpengine.dll
2010-12-23 21:23:56 -------- d-----w- c:\docume~1\ivan\applic~1\QuickScan
2010-12-23 09:36:59 57800 ----a-w- c:\windows\system32\drivers\CBDisk.sys
2010-12-23 08:01:38 -------- d-----w- c:\docume~1\ivan\applic~1\Enplase
2010-12-21 08:14:45 -------- d-----w- c:\program files\SWFObject 2 generator v1.2 AIR
2010-12-12 23:09:11 -------- d-----w- c:\docume~1\alluse~1\applic~1\Avanquest
2010-12-08 23:15:27 14848 ----a-w- c:\windows\system32\EuEpmGdi.dll
2010-12-08 23:15:26 86408 ----a-w- c:\windows\system32\setupempdrv03.exe
2010-12-08 23:15:26 8456 ----a-w- c:\windows\system32\EuGdiDrv.sys
2010-12-08 23:15:26 2217088 ----a-w- c:\windows\system32\BootMan.exe
2010-12-08 23:15:26 13192 ----a-w- c:\windows\system32\epmntdrv.sys
2010-12-08 20:00:55 -------- d-----w- c:\documents and settings\ivan\Tracing
2010-12-08 19:59:41 82696 ----a-w- c:\windows\system32\lmdimon8.dll
2010-12-08 19:59:41 82184 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\lmdippr8.dll
2010-12-08 19:56:13 -------- d-----w- c:\docume~1\alluse~1\applic~1\Applications

==================== Find3M ====================

2011-01-05 06:01:15 7304 ----a-w- c:\windows\TMP0001.TMP
2010-12-29 18:30:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-12-21 09:03:40 73 ----a-w- c:\windows\system32\ssprs.dll
2010-12-21 09:03:40 205 ----a-w- c:\windows\system32\lsprst7.dll
2010-11-30 01:38:30 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-30 01:38:30 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-15 19:08:08 644976 ----a-w- c:\windows\system32\Wacom_Tablet.dll
2010-11-15 19:08:08 506736 ----a-w- c:\windows\system32\Wintab32.dll
2010-11-06 00:26:58 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26:58 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26:58 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25:54 385024 ----a-w- c:\windows\system32\html.iec
2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 15:07:36 64512 ----a-w- c:\windows\system32\nlssrv32.exe
2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys
2010-10-20 14:56:22 74 ----a-w- c:\docume~1\ivan\applic~1\fspro2_0.tmp
2010-10-20 14:56:20 66 ----a-w- c:\docume~1\ivan\applic~1\ispro4_0.tmp
2010-10-20 14:56:19 66 ----a-w- c:\docume~1\ivan\applic~1\ispresenter4_0.tmp
2010-10-20 06:40:59 74 ----a-w- c:\docume~1\ivan\applic~1\fspro2_1.tmp
2010-10-20 06:40:57 66 ----a-w- c:\docume~1\ivan\applic~1\ispro4_1.tmp
2010-10-20 06:40:57 66 ----a-w- c:\docume~1\ivan\applic~1\ispresenter4_1.tmp
2010-10-19 18:41:44 222080 ------w- c:\windows\system32\MpSigStub.exe
2006-05-03 09:06:54 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47:16 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 12:30:52 216064 --sh--r- c:\windows\system32\nbDX.dll

============= FINISH: 0:46:49.92 ===============

BC AdBot (Login to Remove)

 


#2 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:07 AM

Posted 10 January 2011 - 07:18 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.
If you are unable to create a log because your computer cannot start up successfully please provide detailed information about the Windows version you are using: What we in particular need to know is version, edition and if it is a 32bit or a 64bit system.
If you are unsure about any of these caracteristics, just let us know and we'll help you figuring it out. Please also tell us if you have your Windows CD/DVD handy.


Please include a clear description of the problems you're having, along with any steps you may have performed so far.

Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.

Even if you have already provided information about your PC, we need a new log to see what has changed since you originally posted your problem.
We need to create an OTL Report
  • Please download OTL from one of the following mirrors:
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • In the custom scan box paste the following:
    msconfig
    safebootminimal
    activex
    drivers32
    netsvcs
    %SYSTEMDRIVE%\*.exe
    /md5start
    explorer.exe
    winlogon.exe
    wininit.exe
    hlp.dat
    /md5stop
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt<--Will be minimized

In the upper right hand corner of the topic you will see a button called Watch Topic.I suggest you click it and select Immediate E-Mail notification and click on Proceed. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

After 5 days if a topic is not replied to we assume it has been abandoned and it is closed.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#3 ivantaylor

ivantaylor
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:07 PM

Posted 10 January 2011 - 04:16 PM

I can paste the information into the box. When I click Add Reply I receive the following:

Your post was too long. Please go back and shorten it a little.

I cannot send you the information requested.

Ivan

#4 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:07 AM

Posted 10 January 2011 - 04:19 PM

Hi

can you try to attach that log to your post instead?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#5 ivantaylor

ivantaylor
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:07 PM

Posted 10 January 2011 - 04:29 PM

This message has the attached files you requested.

I wanted to mention that I think I have corrected the redirect problem. Through various scans, in regular and Safe mode, of Malwarebytes, Avast and turning things off and turning some on, the problem has gone away. The main file that I remove, through some effort, was usrsdpiad.dll. Once I deleted it, the redirects have stopped.

I would like you to take a look at my logs and tell me if I missed something, need to remove more or if it is a clean system.

Thank you for your time and efforts.

Ivan

Attached Files



#6 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:07 AM

Posted 10 January 2011 - 05:24 PM

I see you ran combofix. Could you please post the log in your next reply. You should find it at C:\combofix.txt. Please post it into your reply if possible.

So you don't have any symptoms anymore?
regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#7 ivantaylor

ivantaylor
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:07 PM

Posted 10 January 2011 - 06:18 PM

I ran ComboFix September 10, 2010 to fix a problem at that time. I have not used it since. Do you want me to run it again?

I think if found the cause of the redirect when I removed the suspect dll file. The symptoms have not returned. Last month I thought I removed the problem with Malwarebytes and a virus scan, but it returned 3 days later and was with me until last Friday when I removed the usrsdpiad.dll file.

Two questions: Should we continue with this topic (don't want to needlessly take too much of your time when there are so many others in line)? Do you want me to run ComboFix again?

I want to ensure that before we close this topic, I have a clean system and it's not a situation that I got lucky when I removed the one file. Thanks again.

Ivan

#8 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:07 AM

Posted 10 January 2011 - 07:03 PM

Hi,

I think there may be some leftovers of the infection, namely:

C:\WINDOWS\tasks\GlaryInitialize.job
C:\WINDOWS\tasks\Skukymlg.job

could you please upload these two files ontothis site and follow the instructions for uploading the file.

Just FYI this does not seem to be a TDL/TDSS infection.

regards myrti

Edited by myrti, 10 January 2011 - 07:04 PM.

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#9 ivantaylor

ivantaylor
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:07 PM

Posted 11 January 2011 - 01:48 AM

When I go to the page you indicated and try to upload the files you want the following happens:

I navigate to the Windows/Tasks folder. When I click the Open button, the dialog box closes, the path is put in the location box and nothing can be uploaded.

When I looked inside the Tasks folder, it shows a number of files with a red X in the lower left part of the icon. I can click on the file, but I cannot do anything with it. If I try to drag it out of the folder, I get an error message. If I right click on it, the contextual menu does NOT open so I can pick a command.

If you want the files, I could, presumably, boot from a Linux CD, move them to a flash drive and then upload from there. I don't know if it will work but I am willing to try if it will help you.

Please let me know what you would like me to do next. Thank you.

Ivan

#10 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:07 AM

Posted 11 January 2011 - 02:46 PM

Hi,

it might be either to collect them with ComboFix. could you therefore please run ComboFix to see if the files get targeted:
Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop
  • Temporarily disable isable your AntiVirus and AntiSpyware applications. They may otherwise interfere with our tools
    Usually this can be done via a right click on the System Tray icon, check this tutorial for disabling the most common security programs: Link

  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply.

This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#11 ivantaylor

ivantaylor
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:07 PM

Posted 12 January 2011 - 04:24 AM

Sorry for the delay in getting back to you. Here is the ComboFix log. Let me know what you find. Thanks.

Ivan


ComboFix 11-01-10.08 - Ivan 01/11/2011 13:03:28.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1231 [GMT -8:00]
Running from: c:\documents and settings\Ivan\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Ivan\g2mdlhlpx.exe
c:\windows\system32\lsprst7.dll
c:\windows\system32\ssprs.dll

.
((((((((((((((((((((((((( Files Created from 2010-12-11 to 2011-01-11 )))))))))))))))))))))))))))))))
.

2011-01-07 04:25 . 2011-01-07 04:25 -------- d-----w- c:\program files\ESET
2011-01-07 04:20 . 2011-01-07 04:20 -------- d-----w- C:\downloads
2011-01-03 04:05 . 2011-01-03 04:05 40960 ----a-r- c:\documents and settings\Ivan\Application Data\Microsoft\Installer\{FF1C72E2-203C-4E95-8D24-735196D29E04}\NewShortcut1_DC5EDBF7D08241849400BC64FF8DD4BE.exe
2011-01-03 03:58 . 2004-05-20 10:41 499712 ----a-w- c:\windows\system32\msvcp71.3
2011-01-03 03:58 . 2007-06-09 01:39 278528 ----a-w- c:\windows\hpzjut01.dll
2011-01-03 03:58 . 2007-04-27 04:06 40960 ----a-w- c:\windows\uninstallrq.exe
2011-01-03 03:58 . 2006-05-26 08:27 835584 ----a-w- c:\windows\tls7912d.dll
2010-12-31 05:24 . 2010-12-31 05:24 -------- d-----w- c:\documents and settings\Ivan\Application Data\JGsoft
2010-12-29 18:31 . 2010-12-29 18:30 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-12-25 09:34 . 2010-12-25 09:34 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-12-25 09:30 . 2010-12-25 09:30 20672 ----a-w- c:\windows\system32\mv2.dll
2010-12-25 09:30 . 2010-12-25 09:30 10688 ----a-w- c:\windows\system32\drivers\mv2.sys
2010-12-24 11:21 . 2010-12-24 11:26 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2010-12-24 11:06 . 2010-11-10 04:33 6273872 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{29DF3B89-6CC3-4767-A673-43F421934B2E}\mpengine.dll
2010-12-23 21:23 . 2010-12-23 21:24 -------- d-----w- c:\documents and settings\Ivan\Application Data\QuickScan
2010-12-23 09:36 . 2010-01-13 19:15 57800 ----a-w- c:\windows\system32\drivers\CBDisk.sys
2010-12-23 08:01 . 2010-12-23 08:01 -------- d-----w- c:\documents and settings\Ivan\Application Data\Enplase
2010-12-21 08:14 . 2010-12-21 08:14 -------- d-----w- c:\program files\SWFObject 2 generator v1.2 AIR
2010-12-12 23:09 . 2010-12-12 23:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Avanquest

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-11 07:50 . 2005-11-06 01:29 7304 ----a-w- c:\windows\TMP0001.TMP
2011-01-10 02:07 . 2009-10-08 06:55 74 ----a-w- c:\documents and settings\Ivan\Application Data\fspro2_0.tmp
2011-01-10 02:07 . 2009-10-08 06:55 66 ----a-w- c:\documents and settings\Ivan\Application Data\ispro4_0.tmp
2011-01-10 02:07 . 2010-01-29 02:34 66 ----a-w- c:\documents and settings\Ivan\Application Data\ispresenter4_0.tmp
2010-12-31 20:06 . 2010-06-29 20:08 38848 ----a-w- c:\windows\avastSS.scr
2010-12-31 20:06 . 2010-04-27 09:40 188216 ----a-w- c:\windows\system32\aswBoot.exe
2010-12-31 20:00 . 2010-04-27 09:40 293968 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-12-31 19:59 . 2010-04-27 09:40 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-12-31 19:59 . 2010-04-27 09:40 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-12-31 19:59 . 2010-04-27 09:40 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-12-31 19:56 . 2010-04-27 09:40 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-12-31 19:56 . 2010-04-27 09:40 29264 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-12-31 19:56 . 2010-04-27 09:40 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-12-29 18:30 . 2010-05-04 23:47 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-12-21 02:09 . 2009-01-21 23:28 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-21 02:08 . 2009-01-21 23:28 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-30 01:38 . 2010-11-30 01:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-30 01:38 . 2010-11-30 01:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-18 18:12 . 2006-07-28 08:41 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-15 19:08 . 2008-11-05 01:31 644976 ----a-w- c:\windows\system32\Wacom_Tablet.dll
2010-11-15 19:08 . 2008-11-05 01:31 506736 ----a-w- c:\windows\system32\Wintab32.dll
2010-11-10 04:33 . 2009-07-05 05:24 6273872 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2010-11-06 00:26 . 2008-07-12 19:10 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26 . 2008-04-23 00:16 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26 . 2008-04-23 00:16 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25 . 2008-07-12 19:09 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2008-04-14 08:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-11-01 05:08 . 2007-12-02 04:05 57344 ----a-r- c:\documents and settings\Ivan\Application Data\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe
2010-10-28 20:23 . 2010-12-08 23:15 2217088 ----a-w- c:\windows\system32\BootMan.exe
2010-10-28 13:13 . 2008-04-14 08:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 15:07 . 2010-10-26 15:07 64512 ----a-w- c:\windows\system32\nlssrv32.exe
2010-10-26 13:25 . 2008-04-14 08:00 1853312 ----a-w- c:\windows\system32\win32k.sys
2010-10-25 16:50 . 2010-12-08 19:59 82696 ----a-w- c:\windows\system32\lmdimon8.dll
2010-10-25 16:50 . 2010-12-08 19:59 82184 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\lmdippr8.dll
2010-10-20 06:40 . 2010-10-18 07:09 74 ----a-w- c:\documents and settings\Ivan\Application Data\fspro2_1.tmp
2010-10-20 06:40 . 2010-10-18 07:09 66 ----a-w- c:\documents and settings\Ivan\Application Data\ispro4_1.tmp
2010-10-20 06:40 . 2010-10-18 07:09 66 ----a-w- c:\documents and settings\Ivan\Application Data\ispresenter4_1.tmp
2010-10-19 18:41 . 2009-10-05 16:47 222080 ------w- c:\windows\system32\MpSigStub.exe
2009-06-10 16:55 . 2008-08-14 00:22 28488 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll
2009-09-29 22:19 . 2008-08-14 00:22 185232 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll
2005-09-16 01:26 . 2008-08-14 00:21 44153 ----a-w- c:\program files\mozilla firefox\components\inspector.dll
2006-05-03 09:06 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 12:30 216064 --sh--r- c:\windows\system32\nbDX.dll
.

------- Sigcheck -------

[-] 2008-07-12 . 362BC5AF8EAF712832C58CC13AE05750 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Ivan\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Ivan\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Ivan\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LClock"="c:\program files\utils\LClock\lclock.exe" [2004-09-19 65536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ezShieldProtector for Px"="c:\windows\System32\ezSP_Px.exe" [2002-08-20 40960]
"AGRSMMSG"="AGRSMMSG.exe" [2004-07-22 88361]
"kmw_run.exe"="kmw_run.exe" [2006-08-03 106496]
"Opware14"="c:\program files\apps\OmniPagePro14.0\Opware14.exe" [2004-03-08 57344]
"Contour Shuttle Device Helper"="c:\program files\utils\Contour Shuttle\ShuttleHelper.exe" [2007-02-23 118784]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2010-03-27 5107232]
"WFXSwtch"="c:\progra~1\apps\winfax\WFXSWTCH.exe" [2002-12-12 28160]
"WinFaxAppPortStarter"="wfxsnt40.exe" [2002-12-12 45568]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2010-03-27 362232]
"avast5"="c:\progra~1\Avast5\avastUI.exe" [2010-12-31 3395600]
"MacDrive 8 application"="c:\program files\Mediafour\MacDrive 8\MacDrive.exe" [2010-02-04 289368]
"Getting started with MacDrive 8"="c:\program files\Mediafour\MacDrive 8\MDGetStarted.exe" [2009-04-01 141312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]

c:\documents and settings\Ivan\Start Menu\Programs\Startup\
Launchy.lnk - c:\program files\utils\Launchy\Launchy.exe [2009-8-16 380928]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-6-20 110592]
Launchy.lnk - c:\program files\utils\Launchy\Launchy.exe [2009-8-16 380928]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStrCmpLogical"= 01000000

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= "c:\program files\apps\Eudora\EuShlExt.dll" [2005-06-08 86016]
"{1214FBE7-4464-4A7E-9958-B5851A7A30A3}"= "c:\program files\utils\RecentX\RXShell.dll" [2008-06-12 77824]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\utils\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
"{A213B520-C6C2-11d0-AF9D-008029E1027E}"= "c:\program files\apps\winfax\WfxSeh32.Dll" [1998-07-27 38400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 19:05 356352 ----a-w- c:\program files\utils\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"wave"=DrvTrNTm.dll
"mixer"=DrvTrNTm.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ASTSRV]
@="service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2010-09-23 21:36 624056 ----a-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2008-12-12 05:29 133104 ----atw- c:\documents and settings\Ivan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-12-14 01:16 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NexusServer]
2007-03-27 01:45 389120 ----a-w- c:\program files\Common Files\Grass Valley\ProCoder 3\Kernel\PNXSERVR.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-30 01:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 19:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-01-27 01:36 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-08-25 02:39 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vspdfprsrv.exe]
2007-07-03 02:58 1179648 ----a-w- c:\program files\utils\eXPert PDF 5\vspdfprsrv.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\support.com\\client\\bin\\tgcmd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\apps\\aol9\\waol.exe"=
"c:\\Program Files\\apps\\AIM\\aim.exe"=
"c:\\Program Files\\utils\\SmartFTP\\SmartFTP.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\mmedia\\River Past\\PlayDV\\PlayDV.exe"=
"c:\\Program Files\\mmedia\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\mmedia\\Orbitdownloader\\orbitnet.exe"=
"c:\\Program Files\\mmedia\\CyberLink\\PowerDVD8\\PowerDVD8\\PowerDVD8.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Gizmo5\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\utils\\UltraVNC\\winvnc.exe"=
"c:\\Program Files\\utils\\UltraVNC\\vncviewer.exe"=
"c:\\Documents and Settings\\Ivan\\Application Data\\Dropbox\\bin\\Dropbox.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"5900:TCP"= 5900:TCP:vnc5900
"5800:TCP"= 5800:TCP:vnc5800

R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [6/4/2009 5:10 PM 40560]
R0 MDFSYSNT;MacDrive file system driver;c:\windows\system32\drivers\MDFSYSNT.SYS [2/4/2010 10:52 AM 231016]
R0 MDPMGRNT;MacDrive partition driver;c:\windows\system32\drivers\MDPMGRNT.SYS [1/22/2010 11:20 AM 29792]
R0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);c:\windows\system32\drivers\tdrpm258.sys [12/30/2009 1:49 AM 911680]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [4/27/2010 1:40 AM 293968]
R1 CBDisk;CBDisk;c:\windows\system32\drivers\CBDisk.sys [12/23/2010 1:36 AM 57800]
R1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [5/30/2010 6:59 AM 7936]
R1 SASDIFSV;SASDIFSV;c:\program files\utils\SUPERAntiSpyware\SASDIFSV.SYS [1/15/2009 4:17 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\utils\SUPERAntiSpyware\SASKUTIL.SYS [1/15/2009 4:17 PM 55024]
R1 StarPortLite;StarPort Storage Controller (Lite);c:\windows\system32\drivers\StarPortLite.sys [8/14/2008 2:47 PM 95592]
R2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [10/30/2009 10:44 PM 2480048]
R2 ASTRA32;ASTRA32 Kernel Driver 5.2.1.0;c:\program files\utils\ASTRA32\astra32.sys [2/22/2007 10:28 AM 30864]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [4/27/2010 1:40 AM 17744]
R2 CoLinuxDriver;CoLinuxDriver;c:\temp\Portable_Ubuntu\linux.sys [4/5/2009 11:46 AM 68096]
R2 MacDrive8Service;MacDrive 8 service;c:\program files\Mediafour\MacDrive 8\MacDrive8Service.exe [1/7/2010 10:22 AM 192512]
R2 TabletServiceWacom;TabletServiceWacom;c:\program files\Tablet\Wacom\Wacom_Tablet.exe [10/15/2010 11:42 PM 4807536]
R2 uvnc_service;uvnc_service;c:\program files\utils\UltraVNC\winvnc.exe [6/16/2009 10:50 PM 1737200]
R2 VDDriver;Virtual Disk Driver;c:\program files\Virtual Disk\VDDriver.sys [5/22/2009 9:24 PM 40952]
R2 ZentimoService;Zentimo Assistant;c:\program files\utils\Zentimo\ZentimoService.exe [11/3/2010 11:41 AM 240976]
R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [10/30/2009 10:44 PM 160704]
R3 DsAudioDevice_286;DsAudioDevice_286;c:\windows\system32\drivers\DsAudioDevice_286.sys [12/24/2008 7:50 PM 16640]
R3 m4cxw2k3;NDIS5.1 Miniport Driver for D-Link DGE-5xx Gigabit Ethernet Adapter;c:\windows\system32\drivers\m4cxw2k3.sys [12/3/2007 6:28 PM 298752]
R3 mv2;mv2;c:\windows\system32\drivers\mv2.sys [12/25/2010 1:30 AM 10688]
R3 TotRec7;Total Recorder WDM audio driver;c:\windows\system32\drivers\TotRec7.sys [8/14/2008 10:02 PM 130128]
R3 TotRec8;Total Recorder WDM audio filter driver;c:\windows\system32\drivers\TotRec8.sys [4/21/2010 3:03 PM 90192]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [5/14/2009 1:57 PM 16640]
S0 PCGenFAM;PCGenFAM;c:\windows\system32\drivers\PCGenFAM.sys [6/12/2010 7:33 PM 179144]
S2 VRDVC20;Sony VRD-VC20 [Video Capture];c:\windows\system32\drivers\VRDVC20X.SYS [12/14/2007 6:13 PM 31104]
S3 ASTSRV;Nalpeiron Licensing Service;c:\windows\system32\ASTSRV.EXE [12/6/2008 12:25 AM 57344]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [12/8/2010 3:15 PM 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [12/8/2010 3:15 PM 8456]
S3 FNETTBOH;FNETTBOH;c:\windows\system32\drivers\FNETTBOH.SYS [5/30/2010 6:59 AM 23680]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [11/6/2007 12:22 PM 34064]
S3 Otis;Audible Otis Service;c:\windows\system32\drivers\OtisPlay.sys [6/23/2005 12:15 PM 9472]
S3 palmusb;USB Comm driver (WDM);c:\windows\system32\drivers\palmusb.sys [12/20/2001 8:21 PM 72800]
S3 PortRST;BaromTec HMS30C6001 Reset Driver;c:\windows\system32\drivers\PortRST.sys [6/23/2005 12:15 PM 12721]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [5/28/2010 3:04 AM 14896]
S3 RIOUSB;RioPort.Com Rio500 USB Driver;c:\windows\system32\drivers\RioUSB.sys [6/23/2005 12:16 PM 10020]
S3 SASENUM;SASENUM;c:\program files\utils\SUPERAntiSpyware\SASENUM.SYS [1/15/2009 4:17 PM 7408]
S3 SkLaggProtocol;Marvell Link Aggregation Protocol;c:\windows\system32\drivers\yk51x86l.sys [9/22/2009 1:10 AM 60928]
S3 SkVlanProtocol;Marvell VLAN Protocol;c:\windows\system32\drivers\yk51x86v.sys [8/27/2009 1:10 AM 20992]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS [5/25/2009 2:43 PM 32408]
S3 Sr31a0;Sr31a0;c:\windows\system32\drivers\ati1ttxx.sys [6/19/2005 10:53 AM 21343]
S3 STVqx3;Intel Play QX3 Microscope;c:\windows\system32\drivers\STVqx3.SYS [6/7/2009 2:53 PM 131776]
S3 XIRLINK;IBM PC Camera;c:\windows\system32\drivers\C-itNT.sys [8/14/2006 7:48 PM 899884]
S3 XLoader;PLEXTOR EZ-USB FX2 FIRMWARE LOADER (XLoader.sys);c:\windows\system32\drivers\XLoader.sys [1/21/2004 6:55 PM 13696]
S4 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S4 mrtRate;mrtRate; [x]
S4 scsiscan;SCSI Scanner Driver;c:\windows\system32\DRIVERS\scsiscan.sys --> c:\windows\system32\DRIVERS\scsiscan.sys [?]
S4 SolutoService;Soluto PCGenome Core Service;"c:\program files\Soluto\SolutoService.exe" --> c:\program files\Soluto\SolutoService.exe [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1/22/2007 5:26 PM 697328]
S4 vaxscsi;vaxscsi;c:\windows\system32\Drivers\vaxscsi.sys --> c:\windows\system32\Drivers\vaxscsi.sys [?]
S4 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-04-19 20:23 452136 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2006-07-29 c:\windows\Tasks\1 Copernic Intra-Daily ~IVAN_VAIO Ivan.job
- c:\program files\apps\Copernic Agent\CopernicAgent.exe [2005-08-01 02:16]

2006-07-29 c:\windows\Tasks\2 Copernic Daily ~IVAN_VAIO Ivan.job
- c:\program files\apps\Copernic Agent\CopernicAgent.exe [2005-08-01 02:16]

2006-07-29 c:\windows\Tasks\3 Copernic Weekly ~IVAN_VAIO Ivan.job
- c:\program files\apps\Copernic Agent\CopernicAgent.exe [2005-08-01 02:16]

2006-07-29 c:\windows\Tasks\4 Copernic Monthly ~IVAN_VAIO Ivan.job
- c:\program files\apps\Copernic Agent\CopernicAgent.exe [2005-08-01 02:16]

2011-01-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 18:50]

2011-01-11 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-12-06 16:00]

2011-01-11 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 02:20]

2011-01-11 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3755968889-2878311043-70394834-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 10:02]

2011-01-11 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3755968889-2878311043-70394834-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 10:02]

2011-01-08 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-02-04 23:50]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.sony.com/vaiopeople
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Download by Orbit - c:\program files\mmedia\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\mmedia\Orbitdownloader\orbitmxt.dll/204
IE: Add to EverNote - c:\program files\apps\EverNote\enbar.dll/2000
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Do&wnload selected by Orbit - c:\program files\mmedia\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\mmedia\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Open RSS Feed - c:\program files\apps\Feed Mix\getlink.htm
IE: Save &frame with MetaProducts Inquiry - c:\program files\apps\MetaProducts Inquiry\inquiry.dll/saveframe.htm
IE: Save &image with MetaProducts Inquiry - c:\program files\apps\MetaProducts Inquiry\inquiry.dll/saveimg.htm
IE: Save &page with MetaProducts Inquiry - c:\program files\apps\MetaProducts Inquiry\inquiry.dll/savepage.htm
IE: Save &selection with MetaProducts Inquiry - c:\program files\apps\MetaProducts Inquiry\inquiry.dll/savesel.htm
IE: Search Using Copernic Agent - c:\program files\apps\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_MENU_SEARCHEXT
IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
IE: SurfSaver &QuickSave - c:\program files\apps\SurfSaver\QuickSave.htm
IE: SurfSaver Sav&e... - c:\program files\apps\SurfSaver\Add.htm
IE: SurfSaver Searc&h... - c:\program files\apps\SurfSaver\Search.htm
IE: { - c:\program files\Messenger\msmsgs.exe
IE: {{FDD900B6-E210-462A-8526-8F225845B3B3}
IE: {{55AD98FF-3CB9-4718-B28B-E18F932D7FAB} - {6766A865-215F-465A-B266-9CB9C7BA71FA} - c:\program files\apps\MetaProducts Inquiry\inquiry.dll
IE: {{7FDB9AEE-D04A-440C-8D1D-52B807115C59} - {D1917456-D76D-48DF-9981-B3978EACCD8F} - c:\program files\apps\MetaProducts Inquiry\inquiry.dll
IE: {{8F36E80B-AD7C-434E-AB92-DA3938EA01E5} - {3680299D-8B37-4F8A-9975-EDD867F10E94} - c:\program files\apps\MetaProducts Inquiry\inquiry.dll
IE: {{B98EEB00-A0F2-11D7-9FD9-0080481ADA61} - {F1F3B320-A0F9-11D7-9FD9-0080481ADA61} - c:\program files\apps\MetaProducts Inquiry\inquiry.dll
Handler: asksam - {F9FF9EDA-4916-11D1-B6C1-002018305A61} - c:\program files\apps\SurfSaver\AS_AIPP.dll
Handler: copernicagent - {A979B6BD-E40B-4A07-ABDD-A62C64A4EBF6} - c:\progra~1\apps\COPERN~1\COPERN~1.DLL
Handler: copernicagentcache - {AAC34CFD-274D-4A9D-B0DC-C74C05A67E1D} - c:\progra~1\apps\COPERN~1\COPERN~1.DLL
DPF: DirectAnimation Java Classes
DPF: Microsoft XML Parser for Java
DPF: {BDEE1959-AB6B-4745-A29B-F492861102CC}
FF - ProfilePath - c:\documents and settings\Ivan\Application Data\Mozilla\Firefox\Profiles\jxegbc6z.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Crack Spider
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=FF&o=14594&locale=en_US&q=
FF - Ext: ScrapBook: {53A03D43-5363-4669-8190-99061B2DEBA5} - %profile%\extensions\{53A03D43-5363-4669-8190-99061B2DEBA5}
FF - Ext: ChatZilla: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2} - %profile%\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
FF - Ext: ColorZilla: {6AC85730-7D0F-4de0-B3FA-21142DD85326} - %profile%\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
FF - Ext: IE View: {6e84150a-d526-41f1-a480-a67d3fed910d} - %profile%\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d}
FF - Ext: MeasureIt: {75CEEE46-9B64-46f8-94BF-54012DE155F0} - %profile%\extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}
FF - Ext: FireFTP: {a7c6cf7f-112c-4500-a7ea-39801a327e5f} - %profile%\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
FF - Ext: Tab Mix Plus: {dc572301-7619-498c-a57d-39143191b318} - %profile%\extensions\{dc572301-7619-498c-a57d-39143191b318}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: MR Tech Toolkit: {9669CC8F-B388-42FE-86F4-CB5E7F5A8BDC} - %profile%\extensions\{9669CC8F-B388-42FE-86F4-CB5E7F5A8BDC}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Media Converter: {6e764c17-863a-450f-bdd0-6772bd5aaa18} - %profile%\extensions\{6e764c17-863a-450f-bdd0-6772bd5aaa18}
FF - Ext: S3 Firefox Organizer(S3Fox): {7CEA821D-3DAB-4238-B424-BF7324531750} - %profile%\extensions\{7CEA821D-3DAB-4238-B424-BF7324531750}
FF - Ext: Web Developer: {c45c406e-ab73-11d8-be73-000a95be3b12} - %profile%\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com
FF - Ext: Book Burro: {c7d1f80d-de65-49ee-852b-2b00b3b19a5d} - %profile%\extensions\{c7d1f80d-de65-49ee-852b-2b00b3b19a5d}
FF - Ext: Snagit Firefox Extension: {6FF1D3C4-61BC-4021-89B7-AF8A8F784EBB} - %profile%\extensions\{6FF1D3C4-61BC-4021-89B7-AF8A8F784EBB}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: BitDefender QuickScan: {e001c731-5e37-4538-a5cb-8168736a2360} - %profile%\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
.
.
------- File Associations -------
.
txtfile="c:\program files\apps\EditPadLite\EditPadLite.exe" "%1"
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - c:\program files\Ask.com\GenericAskToolbar.dll
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
ShellIconOverlayIdentifiers-MacDrive volume icons - (no file)
AddRemove-HijackThis - c:\program files\Trend Micro\HijackThis\HijackThis.exe
AddRemove-Ingenious - c:\program files\games\Ingenious\Uninstal.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-11 13:16
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{238B46B1-DB3F-FF9F-817885D113BABB65}\{C7A1A506-D491-606A-8FAD8C1E4DD81C50}\{5DBD0FCF-797E-7771-3B3D82FCE9F240F9}*]
"1D1OWFM6WKF6TLM3S2BGKKUUDG1"=hex:01,00,01,00,00,00,00,00,71,4a,e0,45,b7,4f,44,
fb,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{44BD4CEF-0E4D-C558-6DFE23FFC881A6CD}\{A2EC7C34-2018-E83B-27DF1E7548223FEC}\{5151FD78-1E6F-B5B8-7B478C2CB67D678B}*]
"1D1OWFM6WKF6TLM3S2BGKKUUDG1"=hex:01,00,01,00,00,00,00,00,71,4a,e0,45,b7,4f,44,
fb,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{4E801B1F-2C34-C71B-55752B4DE71FAE4A}\{6707E13D-DFA5-4083-2A160A7F601D7F5F}\{38345692-AD4C-2D4A-1F4885FC450939AB}*]
"{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1"=hex:01,00,01,00,0c,00,00,00,09,8b,ba,
a2,1d,9e,dc,aa,73,95,c6,08,e2,24,2a,ef,a9,dd,02,7e,a2,5a,30,8f,25,80,32,b7,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{580924E7-4534-80EF-AD4675C17646FF10}\{0EFB2AA0-1A3E-507D-F9B34D5CF29081CD}\{BBABFA65-B0A6-C96D-B621BCAFF6A8D6D6}*]
"1D1OWFM6WKF6TLM3S2BGKKUUDG1"=hex:01,00,01,00,00,00,00,00,71,4a,e0,45,b7,4f,44,
fb,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{8AC0FFDC-D68A-4D5F-75BF0D842EDCB137}\{3647E330-7B13-5DC9-623E15C2DE512604}\{FDA52484-33A0-4DF1-40A7FB2F70E68E7D}*]
"1D1OWFM6WKF6TLM3S2BGKKUUDG1"=hex:01,00,01,00,00,00,00,00,71,4a,e0,45,b7,4f,44,
fb,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{966E1176-98BD-E3A3-1649E4659438A716}\{7D188DDB-E560-5BB6-20EABCAAB28395D5}\{0998E78C-7C0A-2C8B-9F05FD29FB8035CC}*]
"{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1"=hex:01,00,01,00,0c,00,00,00,09,8b,ba,
a2,1d,9e,dc,aa,73,95,c6,08,e2,24,2a,ef,a9,dd,02,7e,a2,5a,30,8f,25,80,32,b7,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AD7DA6D0-C8A5-2AB7-AFAFBAF6CCA2EFA4}\{BFF22B84-84BD-C376-CF902D4CFF2D2B8A}\{C30500AE-8022-F8A1-791309212C4775E7}*]
"{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1"=hex:01,00,01,00,0c,00,00,00,09,8b,ba,
a2,1d,9e,dc,aa,73,95,c6,08,e2,24,2a,ef,a9,dd,02,7e,a2,5a,30,8f,25,80,32,b7,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B9046776-195D-89EA-3E66F9BC5DAE5B9B}\{E7989E73-D3F8-C437-CB8470F59A56421D}\{FFD68A1F-1364-19C2-ECF1A15A7898EBE6}*]
"{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1"=hex:01,00,01,00,0c,00,00,00,09,8b,ba,
a2,1d,9e,dc,aa,73,95,c6,08,e2,24,2a,ef,a9,dd,02,7e,a2,5a,30,8f,25,80,32,b7,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:f8,8c,ff,40,38,f3,d9,1b,2a,2c,53,27,f3,1d,a9,2d,cc,41,e2,32,14,
71,81,51,a8,c2,71,ef,57,c0,82,cd,ec,e6,65,a7,ff,59,2e,a5,1f,58,00,02,c0,9c,\

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\|"|w*]
"5E7CEC10DF0760D4F8DAFB12FDC06CCD"="02:\\Software\\Adobe\\FeatureSubscriptions\\DVAAdobeDocMeta\\{01CEC7E5-70FD-4D06-8FAD-BF21DF0CC6DC}\\Registered"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\ؕ||A~*]
"AB141C35E9F4BF344B9FC010BB17F68A"="02:\\Software\\Adobe\\FeatureSubscriptions\\DVAAdobeDocMeta\\{53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}\\Registered"

[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:f8,8c,ff,40,38,f3,d9,1b,2a,2c,53,27,f3,1d,a9,2d,cc,41,e2,32,14,
71,81,51,a8,c2,71,ef,57,c0,82,cd,ec,e6,65,a7,ff,59,2e,a5,1f,58,00,02,c0,9c,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(800)
c:\windows\system32\FileMonitor32.dll
c:\program files\utils\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'lsass.exe'(856)
c:\windows\system32\FileMonitor32.dll
.
Completion time: 2011-01-11 13:23:07
ComboFix-quarantined-files.txt 2011-01-11 21:22

Pre-Run: 36,928,831,488 bytes free
Post-Run: 36,938,362,880 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 35AC4A11B269155419ACCA261C37243B

#12 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:07 AM

Posted 12 January 2011 - 07:21 AM

Hi,

ok, please run the script to collect the entries:
Open notepad and copy/paste the text in the quotebox below into it:

http://www.bleepingcomputer.com/forums/topic371580.html
Suspect::[100]
C:\WINDOWS\tasks\GlaryInitialize.job
C:\WINDOWS\tasks\Skukymlg.job

Save this as CFScript.txt


Posted Image


Refering to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you. Post that log in your next reply.

**Note**

When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#13 ivantaylor

ivantaylor
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:07 PM

Posted 14 January 2011 - 03:51 AM

Here is the CFScript.txt log

Ivan

ComboFix 11-01-12.04 - Ivan 01/13/2011 14:31:48.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1427 [GMT -8:00]
Running from: d:\download\virus_tools\ComboFix.exe
Command switches used :: d:\download\virus_tools\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((( Files Created from 2010-12-13 to 2011-01-13 )))))))))))))))))))))))))))))))
.

2011-01-07 04:25 . 2011-01-07 04:25 -------- d-----w- c:\program files\ESET
2011-01-07 04:20 . 2011-01-07 04:20 -------- d-----w- C:\downloads
2011-01-03 04:05 . 2011-01-03 04:05 40960 ----a-r- c:\documents and settings\Ivan\Application Data\Microsoft\Installer\{FF1C72E2-203C-4E95-8D24-735196D29E04}\NewShortcut1_DC5EDBF7D08241849400BC64FF8DD4BE.exe
2011-01-03 03:58 . 2004-05-20 10:41 499712 ----a-w- c:\windows\system32\msvcp71.3
2011-01-03 03:58 . 2007-06-09 01:39 278528 ----a-w- c:\windows\hpzjut01.dll
2011-01-03 03:58 . 2007-04-27 04:06 40960 ----a-w- c:\windows\uninstallrq.exe
2011-01-03 03:58 . 2006-05-26 08:27 835584 ----a-w- c:\windows\tls7912d.dll
2010-12-31 05:24 . 2010-12-31 05:24 -------- d-----w- c:\documents and settings\Ivan\Application Data\JGsoft
2010-12-29 18:31 . 2010-12-29 18:30 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-12-25 09:34 . 2010-12-25 09:34 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-12-25 09:30 . 2010-12-25 09:30 20672 ----a-w- c:\windows\system32\mv2.dll
2010-12-25 09:30 . 2010-12-25 09:30 10688 ----a-w- c:\windows\system32\drivers\mv2.sys
2010-12-24 11:21 . 2010-12-24 11:26 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2010-12-24 11:06 . 2010-11-10 04:33 6273872 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{29DF3B89-6CC3-4767-A673-43F421934B2E}\mpengine.dll
2010-12-23 21:23 . 2010-12-23 21:24 -------- d-----w- c:\documents and settings\Ivan\Application Data\QuickScan
2010-12-23 09:36 . 2010-01-13 19:15 57800 ----a-w- c:\windows\system32\drivers\CBDisk.sys
2010-12-23 08:01 . 2010-12-23 08:01 -------- d-----w- c:\documents and settings\Ivan\Application Data\Enplase
2010-12-21 08:14 . 2010-12-21 08:14 -------- d-----w- c:\program files\SWFObject 2 generator v1.2 AIR

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-12 17:30 . 2005-11-06 01:29 7304 ----a-w- c:\windows\TMP0001.TMP
2011-01-10 02:07 . 2009-10-08 06:55 74 ----a-w- c:\documents and settings\Ivan\Application Data\fspro2_0.tmp
2011-01-10 02:07 . 2009-10-08 06:55 66 ----a-w- c:\documents and settings\Ivan\Application Data\ispro4_0.tmp
2011-01-10 02:07 . 2010-01-29 02:34 66 ----a-w- c:\documents and settings\Ivan\Application Data\ispresenter4_0.tmp
2010-12-31 20:06 . 2010-06-29 20:08 38848 ----a-w- c:\windows\avastSS.scr
2010-12-31 20:06 . 2010-04-27 09:40 188216 ----a-w- c:\windows\system32\aswBoot.exe
2010-12-31 20:00 . 2010-04-27 09:40 293968 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-12-31 19:59 . 2010-04-27 09:40 47440 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-12-31 19:59 . 2010-04-27 09:40 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-12-31 19:59 . 2010-04-27 09:40 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-12-31 19:56 . 2010-04-27 09:40 23632 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-12-31 19:56 . 2010-04-27 09:40 29264 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-12-31 19:56 . 2010-04-27 09:40 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-12-29 18:30 . 2010-05-04 23:47 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-12-21 02:09 . 2009-01-21 23:28 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-21 02:08 . 2009-01-21 23:28 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-30 01:38 . 2010-11-30 01:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-30 01:38 . 2010-11-30 01:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-18 18:12 . 2006-07-28 08:41 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-15 19:08 . 2008-11-05 01:31 644976 ----a-w- c:\windows\system32\Wacom_Tablet.dll
2010-11-15 19:08 . 2008-11-05 01:31 506736 ----a-w- c:\windows\system32\Wintab32.dll
2010-11-10 04:33 . 2009-07-05 05:24 6273872 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2010-11-09 14:52 . 2008-04-14 08:00 249856 ----a-w- c:\windows\system32\odbc32.dll
2010-11-06 00:26 . 2008-07-12 19:10 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26 . 2008-04-23 00:16 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26 . 2008-04-23 00:16 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25 . 2008-07-12 19:09 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2008-04-14 08:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-11-01 05:08 . 2007-12-02 04:05 57344 ----a-r- c:\documents and settings\Ivan\Application Data\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe
2010-10-28 20:23 . 2010-12-08 23:15 2217088 ----a-w- c:\windows\system32\BootMan.exe
2010-10-28 13:13 . 2008-04-14 08:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 15:07 . 2010-10-26 15:07 64512 ----a-w- c:\windows\system32\nlssrv32.exe
2010-10-26 13:25 . 2008-04-14 08:00 1853312 ----a-w- c:\windows\system32\win32k.sys
2010-10-25 16:50 . 2010-12-08 19:59 82696 ----a-w- c:\windows\system32\lmdimon8.dll
2010-10-25 16:50 . 2010-12-08 19:59 82184 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\lmdippr8.dll
2010-10-20 06:40 . 2010-10-18 07:09 74 ----a-w- c:\documents and settings\Ivan\Application Data\fspro2_1.tmp
2010-10-20 06:40 . 2010-10-18 07:09 66 ----a-w- c:\documents and settings\Ivan\Application Data\ispro4_1.tmp
2010-10-20 06:40 . 2010-10-18 07:09 66 ----a-w- c:\documents and settings\Ivan\Application Data\ispresenter4_1.tmp
2010-10-19 18:41 . 2009-10-05 16:47 222080 ------w- c:\windows\system32\MpSigStub.exe
2009-06-10 16:55 . 2008-08-14 00:22 28488 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll
2009-09-29 22:19 . 2008-08-14 00:22 185232 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll
2005-09-16 01:26 . 2008-08-14 00:21 44153 ----a-w- c:\program files\mozilla firefox\components\inspector.dll
2006-05-03 09:06 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 12:30 216064 --sh--r- c:\windows\system32\nbDX.dll
.

------- Sigcheck -------

[-] 2008-07-12 . 362BC5AF8EAF712832C58CC13AE05750 . 1614848 . . [5.1.2600.5512] . . c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((( SnapShot@2011-01-11_21.16.35 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-01-12 17:31 . 2011-01-12 17:31 16384 c:\windows\Temp\Perflib_Perfdata_a1c.dat
- 2009-08-23 22:56 . 2007-11-30 12:39 17272 c:\windows\system32\spmsg.dll
+ 2009-08-23 22:56 . 2010-02-22 14:23 17272 c:\windows\system32\spmsg.dll
- 2009-09-01 08:11 . 2010-12-16 01:05 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
+ 2009-09-01 08:11 . 2011-01-12 17:12 35088 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
- 2009-09-01 08:11 . 2010-12-16 01:05 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
+ 2009-09-01 08:11 . 2011-01-12 17:12 18704 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\mspicons.exe
- 2009-01-29 06:21 . 2010-12-16 01:05 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
+ 2009-01-29 06:21 . 2011-01-12 17:12 20240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
- 2008-04-14 08:00 . 2008-04-14 08:00 249856 c:\windows\system32\dllcache\odbc32.dll
+ 2008-04-14 08:00 . 2010-11-09 14:52 249856 c:\windows\system32\dllcache\odbc32.dll
- 2006-07-28 08:41 . 2008-04-14 08:00 102400 c:\windows\system32\dllcache\msjro.dll
+ 2006-07-28 08:41 . 2010-11-09 14:52 102400 c:\windows\system32\dllcache\msjro.dll
+ 2006-07-28 08:41 . 2010-11-09 14:52 200704 c:\windows\system32\dllcache\msadox.dll
- 2006-07-28 08:41 . 2008-04-14 08:00 200704 c:\windows\system32\dllcache\msadox.dll
+ 2006-07-28 08:41 . 2010-11-09 14:52 180224 c:\windows\system32\dllcache\msadomd.dll
- 2006-07-28 08:41 . 2008-04-14 08:00 180224 c:\windows\system32\dllcache\msadomd.dll
- 2006-07-28 08:41 . 2008-04-14 08:00 536576 c:\windows\system32\dllcache\msado15.dll
+ 2006-07-28 08:41 . 2010-11-09 14:52 536576 c:\windows\system32\dllcache\msado15.dll
+ 2006-07-28 08:41 . 2010-11-09 14:52 143360 c:\windows\system32\dllcache\msadco.dll
- 2006-07-28 08:41 . 2008-04-14 08:00 143360 c:\windows\system32\dllcache\msadco.dll
- 2009-09-01 08:11 . 2010-12-16 01:05 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-09-01 08:11 . 2011-01-12 17:12 888080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
+ 2009-09-01 08:11 . 2011-01-12 17:12 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2009-09-01 08:11 . 2010-12-16 01:05 272648 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
- 2009-09-01 08:11 . 2010-12-16 01:05 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2009-09-01 08:11 . 2011-01-12 17:12 922384 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
+ 2009-09-01 08:11 . 2011-01-12 17:12 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
- 2009-09-01 08:11 . 2010-12-16 01:05 845584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
+ 2009-09-01 08:11 . 2011-01-12 17:12 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
- 2009-09-01 08:11 . 2010-12-16 01:05 217864 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
+ 2009-09-01 08:11 . 2011-01-12 17:12 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
- 2009-09-01 08:11 . 2010-12-16 01:05 184080 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
+ 2009-09-01 08:11 . 2011-01-12 17:12 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
- 2009-09-01 08:11 . 2010-12-16 01:05 159504 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
+ 2010-12-17 08:17 . 2010-12-17 08:17 3362304 c:\windows\Installer\2f9f3fd.msp
+ 2009-09-01 08:11 . 2011-01-12 17:12 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
- 2009-09-01 08:11 . 2010-12-16 01:05 1172240 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
- 2009-09-01 08:11 . 2010-12-16 01:05 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2009-09-01 08:11 . 2011-01-12 17:12 1165584 c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
+ 2005-06-19 19:10 . 2011-01-12 17:12 37403080 c:\windows\system32\MRT.exe
+ 2010-12-21 21:06 . 2010-12-21 21:06 11570688 c:\windows\Installer\2f9f3e5.msp
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Ivan\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Ivan\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2009-12-09 01:19 94208 ----a-w- c:\documents and settings\Ivan\Application Data\Dropbox\bin\DropboxExt.13.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LClock"="c:\program files\utils\LClock\lclock.exe" [2004-09-19 65536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ezShieldProtector for Px"="c:\windows\System32\ezSP_Px.exe" [2002-08-20 40960]
"AGRSMMSG"="AGRSMMSG.exe" [2004-07-22 88361]
"kmw_run.exe"="kmw_run.exe" [2006-08-03 106496]
"Opware14"="c:\program files\apps\OmniPagePro14.0\Opware14.exe" [2004-03-08 57344]
"Contour Shuttle Device Helper"="c:\program files\utils\Contour Shuttle\ShuttleHelper.exe" [2007-02-23 118784]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2010-03-27 5107232]
"WFXSwtch"="c:\progra~1\apps\winfax\WFXSWTCH.exe" [2002-12-12 28160]
"WinFaxAppPortStarter"="wfxsnt40.exe" [2002-12-12 45568]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2010-03-27 362232]
"avast5"="c:\progra~1\Avast5\avastUI.exe" [2010-12-31 3395600]
"MacDrive 8 application"="c:\program files\Mediafour\MacDrive 8\MacDrive.exe" [2010-02-04 289368]
"Getting started with MacDrive 8"="c:\program files\Mediafour\MacDrive 8\MDGetStarted.exe" [2009-04-01 141312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_2"="shell32" [X]

c:\documents and settings\Ivan\Start Menu\Programs\Startup\
Launchy.lnk - c:\program files\utils\Launchy\Launchy.exe [2009-8-16 380928]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-6-20 110592]
Launchy.lnk - c:\program files\utils\Launchy\Launchy.exe [2009-8-16 380928]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoStrCmpLogical"= 01000000

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= "c:\program files\apps\Eudora\EuShlExt.dll" [2005-06-08 86016]
"{1214FBE7-4464-4A7E-9958-B5851A7A30A3}"= "c:\program files\utils\RecentX\RXShell.dll" [2008-06-12 77824]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\utils\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
"{A213B520-C6C2-11d0-AF9D-008029E1027E}"= "c:\program files\apps\winfax\WfxSeh32.Dll" [1998-07-27 38400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 19:05 356352 ----a-w- c:\program files\utils\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"wave"=DrvTrNTm.dll
"mixer"=DrvTrNTm.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ASTSRV]
@="service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
2010-09-23 21:36 624056 ----a-w- c:\program files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 18:37 932288 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2008-12-12 05:29 133104 ----atw- c:\documents and settings\Ivan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-12-14 01:16 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NexusServer]
2007-03-27 01:45 389120 ----a-w- c:\program files\Common Files\Grass Valley\ProCoder 3\Kernel\PNXSERVR.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-30 01:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 19:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2009-01-27 01:36 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
2010-08-25 02:39 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vspdfprsrv.exe]
2007-07-03 02:58 1179648 ----a-w- c:\program files\utils\eXPert PDF 5\vspdfprsrv.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\support.com\\client\\bin\\tgcmd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\apps\\aol9\\waol.exe"=
"c:\\Program Files\\apps\\AIM\\aim.exe"=
"c:\\Program Files\\utils\\SmartFTP\\SmartFTP.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\mmedia\\River Past\\PlayDV\\PlayDV.exe"=
"c:\\Program Files\\mmedia\\Orbitdownloader\\orbitdm.exe"=
"c:\\Program Files\\mmedia\\Orbitdownloader\\orbitnet.exe"=
"c:\\Program Files\\mmedia\\CyberLink\\PowerDVD8\\PowerDVD8\\PowerDVD8.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Gizmo5\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version6\\TeamViewer_Service.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\utils\\UltraVNC\\winvnc.exe"=
"c:\\Program Files\\utils\\UltraVNC\\vncviewer.exe"=
"c:\\Documents and Settings\\Ivan\\Application Data\\Dropbox\\bin\\Dropbox.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"5900:TCP"= 5900:TCP:vnc5900
"5800:TCP"= 5800:TCP:vnc5800

R0 hotcore3;hc3ServiceName;c:\windows\system32\drivers\hotcore3.sys [6/4/2009 5:10 PM 40560]
R0 MDFSYSNT;MacDrive file system driver;c:\windows\system32\drivers\MDFSYSNT.SYS [2/4/2010 10:52 AM 231016]
R0 MDPMGRNT;MacDrive partition driver;c:\windows\system32\drivers\MDPMGRNT.SYS [1/22/2010 11:20 AM 29792]
R0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);c:\windows\system32\drivers\tdrpm258.sys [12/30/2009 1:49 AM 911680]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [4/27/2010 1:40 AM 293968]
R1 CBDisk;CBDisk;c:\windows\system32\drivers\CBDisk.sys [12/23/2010 1:36 AM 57800]
R1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [5/30/2010 6:59 AM 7936]
R1 SASDIFSV;SASDIFSV;c:\program files\utils\SUPERAntiSpyware\SASDIFSV.SYS [1/15/2009 4:17 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\utils\SUPERAntiSpyware\SASKUTIL.SYS [1/15/2009 4:17 PM 55024]
R1 StarPortLite;StarPort Storage Controller (Lite);c:\windows\system32\drivers\StarPortLite.sys [8/14/2008 2:47 PM 95592]
R2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [10/30/2009 10:44 PM 2480048]
R2 ASTRA32;ASTRA32 Kernel Driver 5.2.1.0;c:\program files\utils\ASTRA32\astra32.sys [2/22/2007 10:28 AM 30864]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [4/27/2010 1:40 AM 17744]
R2 CoLinuxDriver;CoLinuxDriver;c:\temp\Portable_Ubuntu\linux.sys [4/5/2009 11:46 AM 68096]
R2 MacDrive8Service;MacDrive 8 service;c:\program files\Mediafour\MacDrive 8\MacDrive8Service.exe [1/7/2010 10:22 AM 192512]
R2 TabletServiceWacom;TabletServiceWacom;c:\program files\Tablet\Wacom\Wacom_Tablet.exe [10/15/2010 11:42 PM 4807536]
R2 uvnc_service;uvnc_service;c:\program files\utils\UltraVNC\winvnc.exe [6/16/2009 10:50 PM 1737200]
R2 VDDriver;Virtual Disk Driver;c:\program files\Virtual Disk\VDDriver.sys [5/22/2009 9:24 PM 40952]
R2 ZentimoService;Zentimo Assistant;c:\program files\utils\Zentimo\ZentimoService.exe [11/3/2010 11:41 AM 240976]
R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [10/30/2009 10:44 PM 160704]
R3 DsAudioDevice_286;DsAudioDevice_286;c:\windows\system32\drivers\DsAudioDevice_286.sys [12/24/2008 7:50 PM 16640]
R3 m4cxw2k3;NDIS5.1 Miniport Driver for D-Link DGE-5xx Gigabit Ethernet Adapter;c:\windows\system32\drivers\m4cxw2k3.sys [12/3/2007 6:28 PM 298752]
R3 mv2;mv2;c:\windows\system32\drivers\mv2.sys [12/25/2010 1:30 AM 10688]
R3 TotRec7;Total Recorder WDM audio driver;c:\windows\system32\drivers\TotRec7.sys [8/14/2008 10:02 PM 130128]
R3 TotRec8;Total Recorder WDM audio filter driver;c:\windows\system32\drivers\TotRec8.sys [4/21/2010 3:03 PM 90192]
R3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\system32\drivers\WsAudio_DeviceS(1).sys [5/14/2009 1:57 PM 16640]
S0 PCGenFAM;PCGenFAM;c:\windows\system32\drivers\PCGenFAM.sys [6/12/2010 7:33 PM 179144]
S2 VRDVC20;Sony VRD-VC20 [Video Capture];c:\windows\system32\drivers\VRDVC20X.SYS [12/14/2007 6:13 PM 31104]
S3 ASTSRV;Nalpeiron Licensing Service;c:\windows\system32\ASTSRV.EXE [12/6/2008 12:25 AM 57344]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [12/8/2010 3:15 PM 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [12/8/2010 3:15 PM 8456]
S3 FNETTBOH;FNETTBOH;c:\windows\system32\drivers\FNETTBOH.SYS [5/30/2010 6:59 AM 23680]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [11/6/2007 12:22 PM 34064]
S3 Otis;Audible Otis Service;c:\windows\system32\drivers\OtisPlay.sys [6/23/2005 12:15 PM 9472]
S3 palmusb;USB Comm driver (WDM);c:\windows\system32\drivers\palmusb.sys [12/20/2001 8:21 PM 72800]
S3 PortRST;BaromTec HMS30C6001 Reset Driver;c:\windows\system32\drivers\PortRST.sys [6/23/2005 12:15 PM 12721]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [5/28/2010 3:04 AM 14896]
S3 RIOUSB;RioPort.Com Rio500 USB Driver;c:\windows\system32\drivers\RioUSB.sys [6/23/2005 12:16 PM 10020]
S3 SASENUM;SASENUM;c:\program files\utils\SUPERAntiSpyware\SASENUM.SYS [1/15/2009 4:17 PM 7408]
S3 SkLaggProtocol;Marvell Link Aggregation Protocol;c:\windows\system32\drivers\yk51x86l.sys [9/22/2009 1:10 AM 60928]
S3 SkVlanProtocol;Marvell VLAN Protocol;c:\windows\system32\drivers\yk51x86v.sys [8/27/2009 1:10 AM 20992]
S3 SMSIVZAM5;SMSIVZAM5 NDIS Protocol Driver;c:\progra~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS [5/25/2009 2:43 PM 32408]
S3 Sr31a0;Sr31a0;c:\windows\system32\drivers\ati1ttxx.sys [6/19/2005 10:53 AM 21343]
S3 STVqx3;Intel Play QX3 Microscope;c:\windows\system32\drivers\STVqx3.SYS [6/7/2009 2:53 PM 131776]
S3 XIRLINK;IBM PC Camera;c:\windows\system32\drivers\C-itNT.sys [8/14/2006 7:48 PM 899884]
S3 XLoader;PLEXTOR EZ-USB FX2 FIRMWARE LOADER (XLoader.sys);c:\windows\system32\drivers\XLoader.sys [1/21/2004 6:55 PM 13696]
S4 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S4 mrtRate;mrtRate; [x]
S4 scsiscan;SCSI Scanner Driver;c:\windows\system32\DRIVERS\scsiscan.sys --> c:\windows\system32\DRIVERS\scsiscan.sys [?]
S4 SolutoService;Soluto PCGenome Core Service;"c:\program files\Soluto\SolutoService.exe" --> c:\program files\Soluto\SolutoService.exe [?]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1/22/2007 5:26 PM 697328]
S4 vaxscsi;vaxscsi;c:\windows\system32\Drivers\vaxscsi.sys --> c:\windows\system32\Drivers\vaxscsi.sys [?]
S4 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-04-19 20:23 452136 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2006-07-29 c:\windows\Tasks\1 Copernic Intra-Daily ~IVAN_VAIO Ivan.job
- c:\program files\apps\Copernic Agent\CopernicAgent.exe [2005-08-01 02:16]

2006-07-29 c:\windows\Tasks\2 Copernic Daily ~IVAN_VAIO Ivan.job
- c:\program files\apps\Copernic Agent\CopernicAgent.exe [2005-08-01 02:16]

2006-07-29 c:\windows\Tasks\3 Copernic Weekly ~IVAN_VAIO Ivan.job
- c:\program files\apps\Copernic Agent\CopernicAgent.exe [2005-08-01 02:16]

2006-07-29 c:\windows\Tasks\4 Copernic Monthly ~IVAN_VAIO Ivan.job
- c:\program files\apps\Copernic Agent\CopernicAgent.exe [2005-08-01 02:16]

2011-01-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 18:50]

2011-01-13 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-12-06 16:00]

2011-01-13 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 02:20]

2011-01-13 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3755968889-2878311043-70394834-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 10:02]

2011-01-13 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3755968889-2878311043-70394834-1005.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 10:02]

2011-01-08 c:\windows\Tasks\Scheduled Update for Ask Toolbar.job
- c:\program files\Ask.com\UpdateTask.exe [2010-02-04 23:50]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://www.sony.com/vaiopeople
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Download by Orbit - c:\program files\mmedia\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\mmedia\Orbitdownloader\orbitmxt.dll/204
IE: Add to EverNote - c:\program files\apps\EverNote\enbar.dll/2000
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Do&wnload selected by Orbit - c:\program files\mmedia\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\mmedia\Orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: Open RSS Feed - c:\program files\apps\Feed Mix\getlink.htm
IE: Save &frame with MetaProducts Inquiry - c:\program files\apps\MetaProducts Inquiry\inquiry.dll/saveframe.htm
IE: Save &image with MetaProducts Inquiry - c:\program files\apps\MetaProducts Inquiry\inquiry.dll/saveimg.htm
IE: Save &page with MetaProducts Inquiry - c:\program files\apps\MetaProducts Inquiry\inquiry.dll/savepage.htm
IE: Save &selection with MetaProducts Inquiry - c:\program files\apps\MetaProducts Inquiry\inquiry.dll/savesel.htm
IE: Search Using Copernic Agent - c:\program files\apps\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_MENU_SEARCHEXT
IE: Sothink SWF Catcher - c:\program files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
IE: SurfSaver &QuickSave - c:\program files\apps\SurfSaver\QuickSave.htm
IE: SurfSaver Sav&e... - c:\program files\apps\SurfSaver\Add.htm
IE: SurfSaver Searc&h... - c:\program files\apps\SurfSaver\Search.htm
IE: { - c:\program files\Messenger\msmsgs.exe
IE: {{FDD900B6-E210-462A-8526-8F225845B3B3}
IE: {{55AD98FF-3CB9-4718-B28B-E18F932D7FAB} - {6766A865-215F-465A-B266-9CB9C7BA71FA} - c:\program files\apps\MetaProducts Inquiry\inquiry.dll
IE: {{7FDB9AEE-D04A-440C-8D1D-52B807115C59} - {D1917456-D76D-48DF-9981-B3978EACCD8F} - c:\program files\apps\MetaProducts Inquiry\inquiry.dll
IE: {{8F36E80B-AD7C-434E-AB92-DA3938EA01E5} - {3680299D-8B37-4F8A-9975-EDD867F10E94} - c:\program files\apps\MetaProducts Inquiry\inquiry.dll
IE: {{B98EEB00-A0F2-11D7-9FD9-0080481ADA61} - {F1F3B320-A0F9-11D7-9FD9-0080481ADA61} - c:\program files\apps\MetaProducts Inquiry\inquiry.dll
Handler: asksam - {F9FF9EDA-4916-11D1-B6C1-002018305A61} - c:\program files\apps\SurfSaver\AS_AIPP.dll
Handler: copernicagent - {A979B6BD-E40B-4A07-ABDD-A62C64A4EBF6} - c:\progra~1\apps\COPERN~1\COPERN~1.DLL
Handler: copernicagentcache - {AAC34CFD-274D-4A9D-B0DC-C74C05A67E1D} - c:\progra~1\apps\COPERN~1\COPERN~1.DLL
DPF: DirectAnimation Java Classes
DPF: Microsoft XML Parser for Java
DPF: {BDEE1959-AB6B-4745-A29B-F492861102CC}
FF - ProfilePath - c:\documents and settings\Ivan\Application Data\Mozilla\Firefox\Profiles\jxegbc6z.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Crack Spider
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=FF&o=14594&locale=en_US&q=
FF - Ext: ScrapBook: {53A03D43-5363-4669-8190-99061B2DEBA5} - %profile%\extensions\{53A03D43-5363-4669-8190-99061B2DEBA5}
FF - Ext: ChatZilla: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2} - %profile%\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
FF - Ext: ColorZilla: {6AC85730-7D0F-4de0-B3FA-21142DD85326} - %profile%\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
FF - Ext: IE View: {6e84150a-d526-41f1-a480-a67d3fed910d} - %profile%\extensions\{6e84150a-d526-41f1-a480-a67d3fed910d}
FF - Ext: MeasureIt: {75CEEE46-9B64-46f8-94BF-54012DE155F0} - %profile%\extensions\{75CEEE46-9B64-46f8-94BF-54012DE155F0}
FF - Ext: FireFTP: {a7c6cf7f-112c-4500-a7ea-39801a327e5f} - %profile%\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}
FF - Ext: Tab Mix Plus: {dc572301-7619-498c-a57d-39143191b318} - %profile%\extensions\{dc572301-7619-498c-a57d-39143191b318}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: MR Tech Toolkit: {9669CC8F-B388-42FE-86F4-CB5E7F5A8BDC} - %profile%\extensions\{9669CC8F-B388-42FE-86F4-CB5E7F5A8BDC}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: Media Converter: {6e764c17-863a-450f-bdd0-6772bd5aaa18} - %profile%\extensions\{6e764c17-863a-450f-bdd0-6772bd5aaa18}
FF - Ext: S3 Firefox Organizer(S3Fox): {7CEA821D-3DAB-4238-B424-BF7324531750} - %profile%\extensions\{7CEA821D-3DAB-4238-B424-BF7324531750}
FF - Ext: Web Developer: {c45c406e-ab73-11d8-be73-000a95be3b12} - %profile%\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}
FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com
FF - Ext: Book Burro: {c7d1f80d-de65-49ee-852b-2b00b3b19a5d} - %profile%\extensions\{c7d1f80d-de65-49ee-852b-2b00b3b19a5d}
FF - Ext: Snagit Firefox Extension: {6FF1D3C4-61BC-4021-89B7-AF8A8F784EBB} - %profile%\extensions\{6FF1D3C4-61BC-4021-89B7-AF8A8F784EBB}
FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
FF - Ext: BitDefender QuickScan: {e001c731-5e37-4538-a5cb-8168736a2360} - %profile%\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{00000000-6E41-4FD3-8538-502F5495E5FC} - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-13 14:45
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{238B46B1-DB3F-FF9F-817885D113BABB65}\{C7A1A506-D491-606A-8FAD8C1E4DD81C50}\{5DBD0FCF-797E-7771-3B3D82FCE9F240F9}*]
"1D1OWFM6WKF6TLM3S2BGKKUUDG1"=hex:01,00,01,00,00,00,00,00,71,4a,e0,45,b7,4f,44,
fb,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{44BD4CEF-0E4D-C558-6DFE23FFC881A6CD}\{A2EC7C34-2018-E83B-27DF1E7548223FEC}\{5151FD78-1E6F-B5B8-7B478C2CB67D678B}*]
"1D1OWFM6WKF6TLM3S2BGKKUUDG1"=hex:01,00,01,00,00,00,00,00,71,4a,e0,45,b7,4f,44,
fb,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{4E801B1F-2C34-C71B-55752B4DE71FAE4A}\{6707E13D-DFA5-4083-2A160A7F601D7F5F}\{38345692-AD4C-2D4A-1F4885FC450939AB}*]
"{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1"=hex:01,00,01,00,0c,00,00,00,09,8b,ba,
a2,1d,9e,dc,aa,73,95,c6,08,e2,24,2a,ef,a9,dd,02,7e,a2,5a,30,8f,25,80,32,b7,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{580924E7-4534-80EF-AD4675C17646FF10}\{0EFB2AA0-1A3E-507D-F9B34D5CF29081CD}\{BBABFA65-B0A6-C96D-B621BCAFF6A8D6D6}*]
"1D1OWFM6WKF6TLM3S2BGKKUUDG1"=hex:01,00,01,00,00,00,00,00,71,4a,e0,45,b7,4f,44,
fb,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{8AC0FFDC-D68A-4D5F-75BF0D842EDCB137}\{3647E330-7B13-5DC9-623E15C2DE512604}\{FDA52484-33A0-4DF1-40A7FB2F70E68E7D}*]
"1D1OWFM6WKF6TLM3S2BGKKUUDG1"=hex:01,00,01,00,00,00,00,00,71,4a,e0,45,b7,4f,44,
fb,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{966E1176-98BD-E3A3-1649E4659438A716}\{7D188DDB-E560-5BB6-20EABCAAB28395D5}\{0998E78C-7C0A-2C8B-9F05FD29FB8035CC}*]
"{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1"=hex:01,00,01,00,0c,00,00,00,09,8b,ba,
a2,1d,9e,dc,aa,73,95,c6,08,e2,24,2a,ef,a9,dd,02,7e,a2,5a,30,8f,25,80,32,b7,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{AD7DA6D0-C8A5-2AB7-AFAFBAF6CCA2EFA4}\{BFF22B84-84BD-C376-CF902D4CFF2D2B8A}\{C30500AE-8022-F8A1-791309212C4775E7}*]
"{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1"=hex:01,00,01,00,0c,00,00,00,09,8b,ba,
a2,1d,9e,dc,aa,73,95,c6,08,e2,24,2a,ef,a9,dd,02,7e,a2,5a,30,8f,25,80,32,b7,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B9046776-195D-89EA-3E66F9BC5DAE5B9B}\{E7989E73-D3F8-C437-CB8470F59A56421D}\{FFD68A1F-1364-19C2-ECF1A15A7898EBE6}*]
"{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1"=hex:01,00,01,00,0c,00,00,00,09,8b,ba,
a2,1d,9e,dc,aa,73,95,c6,08,e2,24,2a,ef,a9,dd,02,7e,a2,5a,30,8f,25,80,32,b7,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:f8,8c,ff,40,38,f3,d9,1b,2a,2c,53,27,f3,1d,a9,2d,cc,41,e2,32,14,
71,81,51,a8,c2,71,ef,57,c0,82,cd,ec,e6,65,a7,ff,59,2e,a5,1f,58,00,02,c0,9c,\

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\|"|w*]
"5E7CEC10DF0760D4F8DAFB12FDC06CCD"="02:\\Software\\Adobe\\FeatureSubscriptions\\DVAAdobeDocMeta\\{01CEC7E5-70FD-4D06-8FAD-BF21DF0CC6DC}\\Registered"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\ؕ||A~*]
"AB141C35E9F4BF344B9FC010BB17F68A"="02:\\Software\\Adobe\\FeatureSubscriptions\\DVAAdobeDocMeta\\{53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}\\Registered"

[HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:f8,8c,ff,40,38,f3,d9,1b,2a,2c,53,27,f3,1d,a9,2d,cc,41,e2,32,14,
71,81,51,a8,c2,71,ef,57,c0,82,cd,ec,e6,65,a7,ff,59,2e,a5,1f,58,00,02,c0,9c,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(800)
c:\program files\utils\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(1440)
c:\windows\system32\WININET.dll
c:\windows\system32\kmw_dll.dll
c:\windows\system32\WOW32.dll
c:\program files\apps\OmniPagePro14.0\OpHook14.dll
c:\documents and settings\Ivan\Application Data\Dropbox\bin\DropboxExt.13.dll
c:\windows\system32\ieframe.dll
c:\program files\utils\LClock\LC.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-01-13 14:52:12
ComboFix-quarantined-files.txt 2011-01-13 22:51
ComboFix2.txt 2011-01-11 21:23

Pre-Run: 36,488,511,488 bytes free
Post-Run: 36,480,040,960 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=4 Sets=1,2,3,4
- - End Of File - - 559DB141CE3BC099BF7E62761FA55467

#14 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,779 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:07:07 AM

Posted 16 January 2011 - 06:46 AM

Hi,

the files seem to have vanished? Do you remember if one of your security programs detected soemthing in the last two days?

regards myrti

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+


#15 ivantaylor

ivantaylor
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:09:07 PM

Posted 17 January 2011 - 12:23 AM

I was able to access my Windows computer from my Mac. I removed the files (copied to the Mac and later deleted them) and did the further testing you wanted. I wanted to ensure that there were no remnants from the infection. Since you are telling me that nothing else was found, I believe that the infection is gone. The problems with redirecting have not resurfaced. Everything is acting as it should. I think we an close this topic.

Thank you for all of your help. It has been a learning experience and I appreciate your service. Hopefully I won't need your services in the near future, but it is comforting to know that there are those out there so willing to help. Again, thank you for your time and professionalism.

Ivan




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users