Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Search engine redirects to ther sites


  • This topic is locked This topic is locked
19 replies to this topic

#1 mzche

mzche

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:05:42 AM

Posted 27 February 2011 - 01:57 PM

Referred from here: http://www.bleepingcomputer.com/forums/topic379929.html/ ~ OB

When I search for something in any browser, when clicking on the search result it redirects to a totally different website and sometimes even say "content is protected...". It also redirects sometimes after I am on a website for less than a minute to something else.

I ran DDS and posted the results below. I tried to run Gmer but it froze and had to restart the computer twice so I'm guessing its not going to work. What can I do to stop, remove, and prevent this?


DDS (Ver_10-12-12.02) - NTFSx86
Run by dearshay at 12:07:28.26 on Sun 02/27/2011
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.318.95 [GMT -5:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\FileZilla Server\FileZilla Server.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\NETGEAR\WPN111\wpn111.exe
C:\Documents and Settings\dearshay\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://www.hotmail.com/secure/start?action=compose&to=&subject=Check%20out%20this%20shop%20on%20Etsy&body=Hi%20there,%0D%0A%0D%0AI%20saw%20this%20on%20Etsy%20and%20I%20liked%20it%20so%20much%20I%20wanted%20to%20share%20it%20with%20you.%0D%0A%0D%0Ahttp://delishbeads.etsy.com%20%0D%0A%0D%0AEtsy%20is%20an%20online%20marketplace%20for%20buying%20and%20selling%20all%20things%20handmade.
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
uURLSearchHooks: H - No File
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wpn111\wpn111.exe
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {0b83c99c-1efa-4259-858f-bcb33e007a5b} - {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} - hxxp://www.myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1239907088979
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\dearshay\applic~1\mozilla\firefox\profiles\synroa4e.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4b29489d&v=6.010.006.004&i=26&tp=ab&iy=&ychte=us&lng=en-US&q=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\google\google updater\2.4.1868.6292\npCIDetect14.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\avg\avg9\Firefox
FF - Ext: AVG Security Toolbar em:version=6.010.006.004 em:displayname=AVG Security Toolbar em:iconURL=chrome://tavgp/skin/logo.ico em:creator=AVG Technologies em:description=AVG Security Toolbar em:homepageURL=http://www.avg.com >: avg@igeared - c:\program files\avg\avg9\toolbar\firefox\avg@igeared
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: XULRunner: {0CD982FE-5693-4900-AB6B-18F8944A74E8} - c:\documents and settings\dearshay\local settings\application data\{0CD982FE-5693-4900-AB6B-18F8944A74E8}
FF - Ext: XULRunner: {4D53DC0E-10EE-449B-9246-AEB82B89C07F} - c:\documents and settings\temp\local settings\application data\{4D53DC0E-10EE-449B-9246-AEB82B89C07F}

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2011-2-17 239168]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2011-2-17 338880]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-4-16 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-4-16 29584]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-4-16 243024]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 avg9emc;AVG E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-6-21 921952]
R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-6-21 308136]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-6-11 24652]
R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2009-4-16 17149]
R3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\drivers\WPN111.sys [2009-4-16 362944]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-3-4 135664]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2010-10-27 517448]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\lavasoft\ad-aware\kernexplorer.sys --> c:\program files\lavasoft\ad-aware\KernExplorer.sys [?]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-2-17 12872]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\pc tools security\pctsAuxs.exe [2011-2-17 366840]
S3 sdCoreService;PC Tools Security Service;c:\program files\pc tools security\pctsSvc.exe [2011-2-17 1150936]

=============== Created Last 30 ================

2011-02-26 04:04:11 25048 ----a-w- c:\program files\mozilla firefox\components\browserdirprovider.dll
2011-02-26 04:04:11 140248 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2011-02-26 04:01:54 912344 ----a-w- c:\program files\mozilla firefox\nsc18.tmp\firefox.exe
2011-02-22 20:11:05 -------- d-----w- c:\program files\ESET
2011-02-21 07:31:13 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-21 07:31:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-21 04:24:55 -------- d-----w- c:\docume~1\dearshay\applic~1\PC Tools
2011-02-17 20:07:09 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2011-02-17 20:07:09 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys
2011-02-17 20:07:08 249616 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2011-02-17 20:07:02 239168 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2011-02-17 20:07:02 160448 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2011-02-17 20:06:52 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2011-02-17 20:06:36 -------- d-----w- c:\program files\PC Tools Security
2011-02-17 20:06:36 -------- d-----w- c:\program files\common files\PC Tools
2011-02-17 20:06:36 -------- d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
2011-02-17 01:01:42 -------- d-----w- c:\docume~1\dearshay\applic~1\SUPERAntiSpyware.com
2011-02-17 00:27:10 -------- d-----w- c:\docume~1\dearshay\applic~1\Malwarebytes
2011-02-13 04:05:17 16856 ----a-w- c:\program files\mozilla firefox\plugin-container.exe
2011-02-13 04:05:13 719832 ----a-w- c:\program files\mozilla firefox\mozcpp19.dll
2011-02-11 05:56:22 -------- d-----w- c:\docume~1\dearshay\locals~1\applic~1\Nova Development
2011-02-11 00:57:43 -------- d-----w- c:\documents and settings\dearshay\.thumbnails
2011-02-11 00:49:54 -------- d-----w- c:\documents and settings\dearshay\.gimp-2.6
2011-02-10 06:11:45 -------- d-----w- c:\docume~1\dearshay\applic~1\AVG9
2011-02-09 18:53:06 -------- d-----w- c:\docume~1\dearshay\locals~1\applic~1\Google
2011-02-09 06:00:56 -------- d-----w- c:\docume~1\dearshay\locals~1\applic~1\AVG Security Toolbar
2011-02-09 04:30:45 -------- d-----w- c:\docume~1\dearshay\locals~1\applic~1\Adobe
2011-02-09 04:12:01 -------- d-----w- c:\docume~1\dearshay\locals~1\applic~1\{0CD982FE-5693-4900-AB6B-18F8944A74E8}
2011-02-03 16:02:59 0 ----a-w- c:\windows\Imobuyozewah.bin

==================== Find3M ====================

2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34:28 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 22:15:52 667136 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 22:15:52 61952 ----a-w- c:\windows\system32\tdc.ocx
2010-12-20 17:26:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-09 15:15:09 718336 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 14:30:22 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-12-09 13:38:47 2192768 ------w- c:\windows\system32\ntoskrnl.exe
2010-12-09 13:07:05 2069376 ------w- c:\windows\system32\ntkrnlpa.exe
1998-12-09 07:53:54 99840 ----a-w- c:\program files\common files\IRAABOUT.DLL
1998-12-09 07:53:54 70144 ----a-w- c:\program files\common files\IRAMDMTR.DLL
1998-12-09 07:53:54 48640 ----a-w- c:\program files\common files\IRALPTTR.DLL
1998-12-09 07:53:54 31744 ----a-w- c:\program files\common files\IRAWEBTR.DLL
1998-12-09 07:53:54 186368 ----a-w- c:\program files\common files\IRAREG.DLL
1998-12-09 07:53:54 17920 ----a-w- c:\program files\common files\IRASRIAL.DLL

============= FINISH: 12:08:54.68 ===============

Attached Files


Edited by Orange Blossom, 27 February 2011 - 08:13 PM.


BC AdBot (Login to Remove)

 


#2 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:12:42 PM

Posted 03 March 2011 - 07:21 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Please take note:

  • If you have since resolved the original problem you were having, we would appreciate you letting us know.
  • If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.
  • If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.
  • If you have already posted a DDS log, please do so again, as your situation may have changed.
  • Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


Thanks and again sorry for the delay.


Regards,
Georgi :hello:

cXfZ4wS.png


#3 mzche

mzche
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:05:42 AM

Posted 03 March 2011 - 07:13 PM

Referred from here: http://www.bleepingcomputer.com/forums/topic379929.html/

When I search for something in any browser, when clicking on the search result it redirects to a totally different website and sometimes even say "content is protected...". It also redirects sometimes after I am on a website for less than a minute to something else. What can I do to stop, remove, and prevent the redirect?

When I I tried to run Gmer, it freezes, I guess I have a 64bit computer, I don't know. But here are my system information:

I have a Windows XP Professional Version 2002. Service Pack 3. I do not have the original Windows CD.




Here is an updated version of my DDS Log:

DDS (Ver_10-12-12.02) - NTFSx86
Run by dearshay at 13:57:59.15 on Thu 03/03/2011
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.318.109 [GMT -5:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\FileZilla Server\FileZilla Server.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NETGEAR\WPN111\wpn111.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\dearshay\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://www.hotmail.com/secure/start?action=compose&to=&subject=Check%20out%20this%20shop%20on%20Etsy&body=Hi%20there,%0D%0A%0D%0AI%20saw%20this%20on%20Etsy%20and%20I%20liked%20it%20so%20much%20I%20wanted%20to%20share%20it%20with%20you.%0D%0A%0D%0Ahttp://delishbeads.etsy.com%20%0D%0A%0D%0AEtsy%20is%20an%20online%20marketplace%20for%20buying%20and%20selling%20all%20things%20handmade.
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
uURLSearchHooks: H - No File
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil10l_Plugin.exe -update plugin
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wpn111\wpn111.exe
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {0b83c99c-1efa-4259-858f-bcb33e007a5b} - {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} - hxxp://www.myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1239907088979
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\dearshay\applic~1\mozilla\firefox\profiles\synroa4e.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4b29489d&v=6.010.006.004&i=26&tp=ab&iy=&ychte=us&lng=en-US&q=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\google\google updater\2.4.1868.6292\npCIDetect14.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\avg\avg9\Firefox
FF - Ext: AVG Security Toolbar em:version=6.010.006.004 em:displayname=AVG Security Toolbar em:iconURL=chrome://tavgp/skin/logo.ico em:creator=AVG Technologies em:description=AVG Security Toolbar em:homepageURL=http://www.avg.com >: avg@igeared - c:\program files\avg\avg9\toolbar\firefox\avg@igeared
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: XULRunner: {0CD982FE-5693-4900-AB6B-18F8944A74E8} - c:\documents and settings\dearshay\local settings\application data\{0CD982FE-5693-4900-AB6B-18F8944A74E8}
FF - Ext: XULRunner: {4D53DC0E-10EE-449B-9246-AEB82B89C07F} - c:\documents and settings\temp\local settings\application data\{4D53DC0E-10EE-449B-9246-AEB82B89C07F}

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2011-2-17 239168]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2011-2-17 338880]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-4-16 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-4-16 29584]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-4-16 243024]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 avg9emc;AVG E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-6-21 921952]
R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-6-21 308136]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-6-11 24652]
R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2009-4-16 17149]
R3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\drivers\WPN111.sys [2009-4-16 362944]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-3-4 135664]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2010-10-27 517448]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\lavasoft\ad-aware\kernexplorer.sys --> c:\program files\lavasoft\ad-aware\KernExplorer.sys [?]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-2-17 12872]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\pc tools security\pctsAuxs.exe [2011-2-17 366840]
S3 sdCoreService;PC Tools Security Service;c:\program files\pc tools security\pctsSvc.exe [2011-2-17 1150936]

=============== Created Last 30 ================

2011-02-26 04:04:11 25048 ----a-w- c:\program files\mozilla firefox\components\browserdirprovider.dll
2011-02-26 04:04:11 140248 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2011-02-26 04:01:54 912344 ----a-w- c:\program files\mozilla firefox\nsc18.tmp\firefox.exe
2011-02-22 20:11:05 -------- d-----w- c:\program files\ESET
2011-02-21 07:31:13 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-21 07:31:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-21 04:24:55 -------- d-----w- c:\docume~1\dearshay\applic~1\PC Tools
2011-02-17 20:07:09 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2011-02-17 20:07:09 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys
2011-02-17 20:07:08 249616 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2011-02-17 20:07:02 239168 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2011-02-17 20:07:02 160448 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2011-02-17 20:06:52 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2011-02-17 20:06:36 -------- d-----w- c:\program files\PC Tools Security
2011-02-17 20:06:36 -------- d-----w- c:\program files\common files\PC Tools
2011-02-17 20:06:36 -------- d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
2011-02-17 01:01:42 -------- d-----w- c:\docume~1\dearshay\applic~1\SUPERAntiSpyware.com
2011-02-17 00:27:10 -------- d-----w- c:\docume~1\dearshay\applic~1\Malwarebytes
2011-02-13 04:05:17 16856 ----a-w- c:\program files\mozilla firefox\plugin-container.exe
2011-02-13 04:05:13 719832 ----a-w- c:\program files\mozilla firefox\mozcpp19.dll
2011-02-11 05:56:22 -------- d-----w- c:\docume~1\dearshay\locals~1\applic~1\Nova Development
2011-02-11 00:57:43 -------- d-----w- c:\documents and settings\dearshay\.thumbnails
2011-02-11 00:49:54 -------- d-----w- c:\documents and settings\dearshay\.gimp-2.6
2011-02-10 06:11:45 -------- d-----w- c:\docume~1\dearshay\applic~1\AVG9
2011-02-09 18:53:06 -------- d-----w- c:\docume~1\dearshay\locals~1\applic~1\Google
2011-02-09 06:00:56 -------- d-----w- c:\docume~1\dearshay\locals~1\applic~1\AVG Security Toolbar
2011-02-09 04:30:45 -------- d-----w- c:\docume~1\dearshay\locals~1\applic~1\Adobe
2011-02-09 04:12:01 -------- d-----w- c:\docume~1\dearshay\locals~1\applic~1\{0CD982FE-5693-4900-AB6B-18F8944A74E8}
2011-02-03 16:02:59 0 ----a-w- c:\windows\Imobuyozewah.bin

==================== Find3M ====================

2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34:28 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 22:15:52 667136 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 22:15:52 61952 ----a-w- c:\windows\system32\tdc.ocx
2010-12-20 17:26:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-09 15:15:09 718336 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 14:30:22 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-12-09 13:38:47 2192768 ------w- c:\windows\system32\ntoskrnl.exe
2010-12-09 13:07:05 2069376 ------w- c:\windows\system32\ntkrnlpa.exe
1998-12-09 07:53:54 99840 ----a-w- c:\program files\common files\IRAABOUT.DLL
1998-12-09 07:53:54 70144 ----a-w- c:\program files\common files\IRAMDMTR.DLL
1998-12-09 07:53:54 48640 ----a-w- c:\program files\common files\IRALPTTR.DLL
1998-12-09 07:53:54 31744 ----a-w- c:\program files\common files\IRAWEBTR.DLL
1998-12-09 07:53:54 186368 ----a-w- c:\program files\common files\IRAREG.DLL
1998-12-09 07:53:54 17920 ----a-w- c:\program files\common files\IRASRIAL.DLL

============= FINISH: 14:00:56.46 ===============

Attached Files



#4 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:42 AM

Posted 05 March 2011 - 09:17 AM

Hello, mzche.
My name is etavares and I will be helping you with this log.

Here are some guidelines to ensure we are able to get your machine back under your control.

  • Please do not run any unsupervised scans, fixes, etc. We can work against each other and end up in a worse place.
  • Please subscribe to this topic if you have not already done so. Please check back just in case, as the email system can fail at times.
  • Just because your machine is running better does not mean it is completely cleaned. Please wait for the 'all clear' from me to say when we are done.
  • Please reply within 3 days to be fair to other people asking for help.
  • When in doubt, please stop and ask first. There's no harm in asking questions!




You did have a TDSS infection before, so I do need to warn you about backdoor rootkits. You do still have signs of malware in your logs.

Backdoor Warning
One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and download and execute files.

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall

We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. If you do decide to proceed, please continue with the fix below.







Viewpoint (foistware) Warning"

Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This changed from what we know in 2006 read this article:

http://www.clickz.com/clickz/news/1714488/viewpoint-plunge-into-adware

I suggest you remove the program now. Click on start > run > and then paste the following into the "open" field: appwiz.cpl and press OK. From within Add or Remove Programs uninstall the following if they exist: Viewpoint, Viewpoint Manager, Viewpoint Media Player.








Step 1

ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first. We can reinstall it when we're done with CF. Please let me know if you do uninstall it.

Next, please download ComboFix from one of these locations:
* IMPORTANT !!! Save ComboFix.exe to your Desktop as etavaresCF.exe
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on etavaresCF.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply, along with any symptoms that are present after it runs.

Note: After running Combofix, you may receive an error about "illegal operation on a registry key that has been marked for deletion." If you receive this error, please reboot and it should disappear.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#5 mzche

mzche
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:05:42 AM

Posted 05 March 2011 - 01:10 PM

ComboFix 11-03-04.06 - dearshay 03/05/2011 12:47:34.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.318.137 [GMT -5:00]
Running from: c:\documents and settings\dearshay\Desktop\etavaresCF.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\dearshay\Local Settings\Application Data\{0CD982FE-5693-4900-AB6B-18F8944A74E8}
c:\documents and settings\dearshay\Local Settings\Application Data\{0CD982FE-5693-4900-AB6B-18F8944A74E8}\chrome.manifest
c:\documents and settings\dearshay\Local Settings\Application Data\{0CD982FE-5693-4900-AB6B-18F8944A74E8}\chrome\content\_cfg.js
c:\documents and settings\dearshay\Local Settings\Application Data\{0CD982FE-5693-4900-AB6B-18F8944A74E8}\chrome\content\overlay.xul
c:\documents and settings\dearshay\Local Settings\Application Data\{0CD982FE-5693-4900-AB6B-18F8944A74E8}\install.rdf
c:\documents and settings\master\Local Settings\Application Data\{5B750B81-9D01-431B-84B7-71E0F0FF0E00}
c:\documents and settings\master\Local Settings\Application Data\{5B750B81-9D01-431B-84B7-71E0F0FF0E00}\chrome.manifest
c:\documents and settings\master\Local Settings\Application Data\{5B750B81-9D01-431B-84B7-71E0F0FF0E00}\chrome\content\_cfg.js
c:\documents and settings\master\Local Settings\Application Data\{5B750B81-9D01-431B-84B7-71E0F0FF0E00}\chrome\content\overlay.xul
c:\documents and settings\master\Local Settings\Application Data\{5B750B81-9D01-431B-84B7-71E0F0FF0E00}\install.rdf
c:\documents and settings\TEMP\Local Settings\Application Data\{4D53DC0E-10EE-449B-9246-AEB82B89C07F}
c:\documents and settings\TEMP\Local Settings\Application Data\{4D53DC0E-10EE-449B-9246-AEB82B89C07F}\chrome.manifest
c:\documents and settings\TEMP\Local Settings\Application Data\{4D53DC0E-10EE-449B-9246-AEB82B89C07F}\chrome\content\_cfg.js
c:\documents and settings\TEMP\Local Settings\Application Data\{4D53DC0E-10EE-449B-9246-AEB82B89C07F}\chrome\content\overlay.xul
c:\documents and settings\TEMP\Local Settings\Application Data\{4D53DC0E-10EE-449B-9246-AEB82B89C07F}\install.rdf
.
.
((((((((((((((((((((((((( Files Created from 2011-02-05 to 2011-03-05 )))))))))))))))))))))))))))))))
.
.
2011-03-05 16:44 . 2011-03-05 16:44 -------- d-----w- c:\documents and settings\dearshay\Local Settings\Application Data\AOL
2011-02-26 04:04 . 2011-03-05 07:41 25048 ----a-w- c:\program files\Mozilla Firefox\components\browserdirprovider.dll
2011-02-26 04:04 . 2011-03-05 07:41 140248 ----a-w- c:\program files\Mozilla Firefox\components\brwsrcmp.dll
2011-02-26 04:01 . 2011-02-13 04:05 912344 ----a-w- c:\program files\Mozilla Firefox\nsc18.tmp\firefox.exe
2011-02-22 20:11 . 2011-02-22 20:11 -------- d-----w- c:\program files\ESET
2011-02-21 08:03 . 2011-02-21 08:03 -------- d-----w- c:\documents and settings\netta\Application Data\Malwarebytes
2011-02-21 07:31 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-21 07:31 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-21 04:24 . 2011-02-21 04:24 -------- d-----w- c:\documents and settings\dearshay\Application Data\PC Tools
2011-02-17 20:07 . 2010-07-16 19:59 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2011-02-17 20:07 . 2010-07-16 19:59 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys
2011-02-17 20:07 . 2010-11-17 15:19 249616 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2011-02-17 20:07 . 2010-11-25 15:53 160448 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2011-02-17 20:07 . 2010-11-25 15:43 239168 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2011-02-17 20:06 . 2010-11-25 15:42 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2011-02-17 20:06 . 2011-02-21 06:29 -------- d-----w- c:\program files\PC Tools Security
2011-02-17 20:06 . 2011-02-21 04:25 -------- d-----w- c:\program files\Common Files\PC Tools
2011-02-17 20:06 . 2011-02-21 04:24 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2011-02-17 01:01 . 2011-02-17 01:01 -------- d-----w- c:\documents and settings\dearshay\Application Data\SUPERAntiSpyware.com
2011-02-17 00:27 . 2011-02-17 00:27 -------- d-----w- c:\documents and settings\dearshay\Application Data\Malwarebytes
2011-02-13 04:05 . 2011-03-05 07:42 16856 ----a-w- c:\program files\Mozilla Firefox\plugin-container.exe
2011-02-13 04:05 . 2011-03-05 07:42 719832 ----a-w- c:\program files\Mozilla Firefox\mozcpp19.dll
2011-02-11 05:56 . 2011-02-11 05:56 -------- d-----w- c:\documents and settings\dearshay\Local Settings\Application Data\Nova Development
2011-02-11 00:58 . 2011-02-11 06:32 -------- d-----w- c:\documents and settings\dearshay\Application Data\gtk-2.0
2011-02-11 00:57 . 2011-02-11 06:08 -------- d-----w- c:\documents and settings\dearshay\.thumbnails
2011-02-11 00:49 . 2011-02-11 06:01 -------- d-----w- c:\documents and settings\dearshay\.gimp-2.6
2011-02-10 06:11 . 2011-02-10 06:11 -------- d-----w- c:\documents and settings\dearshay\Application Data\AVG9
2011-02-09 18:53 . 2011-02-21 08:11 -------- d-----w- c:\documents and settings\dearshay\Local Settings\Application Data\Google
2011-02-09 06:00 . 2011-02-09 06:00 -------- d-----w- c:\documents and settings\dearshay\Local Settings\Application Data\AVG Security Toolbar
2011-02-09 06:00 . 2011-03-05 16:53 -------- d-----w- c:\documents and settings\dearshay\Application Data\HPAppData
2011-02-09 04:30 . 2011-02-21 04:40 -------- d-----w- c:\documents and settings\dearshay\Local Settings\Application Data\Adobe
2011-02-09 04:26 . 2011-02-09 04:26 -------- d-----w- c:\documents and settings\dearshay\Application Data\ArcSoft
2011-02-08 16:04 . 2011-02-08 16:05 -------- d-----w- c:\documents and settings\TEMP
2011-02-08 03:47 . 2011-02-08 03:47 -------- d-----w- c:\documents and settings\master\Local Settings\Application Data\Nova Development
2011-02-08 03:31 . 2011-02-08 03:36 -------- d-----w- c:\documents and settings\master\Local Settings\Application Data\Adobe
2011-02-07 15:38 . 2011-02-07 15:38 -------- d-----w- c:\documents and settings\master\Local Settings\Application Data\Temp
2011-02-07 15:37 . 2011-02-07 15:42 -------- d-----w- c:\documents and settings\master\Local Settings\Application Data\Google
2011-02-04 23:04 . 2011-02-04 23:04 -------- d-----w- c:\documents and settings\master\Local Settings\Application Data\HP
2011-02-04 19:33 . 2011-02-04 22:39 -------- d-----w- c:\documents and settings\master\Application Data\gtk-2.0
2011-02-04 19:33 . 2011-02-04 19:33 -------- d-----w- c:\documents and settings\master\.thumbnails
2011-02-04 01:47 . 2011-02-08 16:07 0 ----a-w- c:\documents and settings\master\Local Settings\Application Data\Imobuyozewah.bin
2011-02-03 18:20 . 2011-02-04 22:55 -------- d-----w- c:\documents and settings\master\.gimp-2.6
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-21 03:03 . 2008-04-14 12:00 5504 ----a-w- c:\windows\system32\drivers\intelide.sys
2011-01-21 14:44 . 2008-04-14 12:00 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2008-04-14 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10 . 2008-04-14 12:00 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2008-04-14 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 22:15 . 2008-04-14 12:00 667136 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 22:15 . 2008-04-14 12:00 61952 ----a-w- c:\windows\system32\tdc.ocx
2010-12-20 17:26 . 2008-04-14 12:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-09 15:15 . 2008-04-14 12:00 718336 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 14:30 . 2008-04-14 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-12-09 13:38 . 2008-04-14 12:00 2192768 ------w- c:\windows\system32\ntoskrnl.exe
2010-12-09 13:07 . 2008-04-14 00:01 2069376 ------w- c:\windows\system32\ntkrnlpa.exe
1998-12-09 07:53 . 1998-12-09 07:53 99840 ----a-w- c:\program files\Common Files\IRAABOUT.DLL
1998-12-09 07:53 . 1998-12-09 07:53 70144 ----a-w- c:\program files\Common Files\IRAMDMTR.DLL
1998-12-09 07:53 . 1998-12-09 07:53 48640 ----a-w- c:\program files\Common Files\IRALPTTR.DLL
1998-12-09 07:53 . 1998-12-09 07:53 31744 ----a-w- c:\program files\Common Files\IRAWEBTR.DLL
1998-12-09 07:53 . 1998-12-09 07:53 186368 ----a-w- c:\program files\Common Files\IRAREG.DLL
1998-12-09 07:53 . 1998-12-09 07:53 17920 ----a-w- c:\program files\Common Files\IRASRIAL.DLL
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
NETGEAR WPN111 Smart Wizard.lnk - c:\program files\NETGEAR\WPN111\wpn111.exe [2009-4-16 884838]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Monitor.lnk
backup=c:\windows\pss\Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Symantec Fax Starter Edition Port.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Symantec Fax Starter Edition Port.lnk
backup=c:\windows\pss\Symantec Fax Starter Edition Port.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^eFax 4.4.lnk]
path=c:\documents and settings\User\Start Menu\Programs\Startup\eFax 4.4.lnk
backup=c:\windows\pss\eFax 4.4.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 03:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 08:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 12:00 15360 ------w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eFax 4.4]
2010-07-02 18:24 95744 ----a-w- c:\program files\eFax Messenger 4.4\J2GDllCmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FileZilla Server Interface]
2009-03-03 10:19 1224704 ----a-w- c:\program files\FileZilla Server\FileZilla Server Interface.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Quick Search Box]
2010-12-20 18:32 126976 ----a-w- c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-10-15 04:17 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2007-08-22 23:31 80896 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-11-11 05:40 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 18:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 16:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ReminderApp]
2006-11-02 18:21 156160 ----a-w- c:\program files\Nova Development\Greeting Card Factory Photo Card Maker\ReminderApp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2003-11-01 02:42 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-05-21 15:34 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2010-02-18 21:40 2012912 ----a-w- c:\program files\SUPERAntiSpyware\c6ca2ef7-4195-4582-b595-278a3fe14d3e.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\netta\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqfxt08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2/17/2011 3:07 PM 239168]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2/17/2011 3:07 PM 338880]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67656]
R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [4/16/2009 10:08 PM 17149]
R3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\drivers\WPN111.sys [4/16/2009 10:21 PM 362944]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3/4/2010 11:10 PM 135664]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe --> c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [?]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2010 1:15 PM 12872]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools Security\pctsAuxs.exe [2/17/2011 3:06 PM 366840]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - PCTSDInjDriver32
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
2011-03-05 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-03-05 04:05]
.
2011-03-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-05 04:10]
.
2011-03-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-05 04:10]
.
2011-03-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-343818398-842925246-1011Core.job
- c:\documents and settings\master\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-02-07 19:27]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = hxxp://www.hotmail.com/secure/start?action=compose&to=&subject=Check%20out%20this%20shop%20on%20Etsy&body=Hi%20there,%0D%0A%0D%0AI%20saw%20this%20on%20Etsy%20and%20I%20liked%20it%20so%20much%20I%20wanted%20to%20share%20it%20with%20you.%0D%0A%0D%0Ahttp://delishbeads.etsy.com%20%0D%0A%0D%0AEtsy%20is%20an%20online%20marketplace%20for%20buying%20and%20selling%20all%20things%20handmade.
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} - hxxp://www.myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dll
FF - ProfilePath - c:\documents and settings\dearshay\Application Data\Mozilla\Firefox\Profiles\synroa4e.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4b29489d&v=6.010.006.004&i=26&tp=ab&iy=&ychte=us&lng=en-US&q=
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
- - - - ORPHANS REMOVED - - - -
.
Notify-avgrsstarter - avgrsstx.dll
SafeBoot-klmdb.sys
MSConfigStartUp-506E7F42_ 0 - c:\docume~1\User\LOCALS~1\Temp\tvcastb.exe
MSConfigStartUp-avgnt - c:\program files\Avira\AntiVir Desktop\avgnt.exe
MSConfigStartUp-binupdt700max - c:\documents and settings\User\Application Data\C5D7274121EAE67FBF21BB00A2F97F74\binupdt700max.exe
MSConfigStartUp-cdloader - c:\documents and settings\User\Application Data\mjusbsp\cdloader2.exe
MSConfigStartUp-CE8SIIFGSU - c:\docume~1\User\LOCALS~1\Temp\Cmo.exe
MSConfigStartUp-Fkebapes - c:\windows\opukamosarevegub.dll
MSConfigStartUp-Google Update - c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
MSConfigStartUp-H3O8CABBPI - c:\docume~1\User\LOCALS~1\Temp\Cml.exe
MSConfigStartUp-JP595IR86O - c:\docume~1\User\LOCALS~1\Temp\Cmn.exe
MSConfigStartUp-mqatorln - c:\docume~1\dearshay\LOCALS~1\Temp\dbniyhxpe\nlktlsssikk.exe
MSConfigStartUp-Svojagifinosob - c:\windows\picdpi32.dll
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-05 12:59
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(584)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
Completion time: 2011-03-05 13:05:14
ComboFix-quarantined-files.txt 2011-03-05 18:05
.
Pre-Run: 60,923,191,296 bytes free
Post-Run: 60,919,128,064 bytes free
.
- - End Of File - - DFCCC2A9D1E48A5C006A33CE16A7BC0F

#6 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:42 AM

Posted 06 March 2011 - 11:57 AM

Hello, mzche.

OK, you can reinstall your antivirus after this run of Combofix. The Goored infection that causes redirections was removed...are you still redirected now?



Step 1

ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first. We can reinstall it when we're done with CF. Please let me know if you do uninstall it.

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open Notepad and copy/paste the text in the codebox below into Notepad:

File::
c:\documents and settings\master\Local Settings\Application Data\Imobuyozewah.bin
DDS::
uInternet Connection Wizard,ShellNext = hxxp://www.hotmail.com/secure/start?action=compose&to=&subject=Check%20out%20this%20shop%20on%20Etsy&body=Hi%20there,%0D%0A%0D%0AI%20saw%20this%20on%20Etsy%20and%20I%20liked%20it%20so%20much%20I%20wanted%20to%20share%20it%20with%20you.%0D%0A%0D%0Ahttp://delishbeads.etsy.com%20%0D%0A%0D%0AEtsy%20is%20an%20online%20marketplace%20for%20buying%20and%20selling%20all%20things%20handmade.

Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Note: After running Combofix, you may receive an error about "illegal operation on a registry key that has been marked for deletion." If you receive this error, please reboot and it should disappear.

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#7 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:42 AM

Posted 09 March 2011 - 02:08 PM

still with me?


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#8 mzche

mzche
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:05:42 AM

Posted 09 March 2011 - 04:31 PM

Yes, I was out for a few days, but I'm back. About to run combo fix.

#9 mzche

mzche
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:05:42 AM

Posted 09 March 2011 - 05:36 PM

ComboFix 11-03-09.01 - dearshay 03/09/2011 17:15:15.4.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.318.182 [GMT -5:00]
Running from: c:\documents and settings\dearshay\Desktop\etavaresCF.exe
Command switches used :: c:\documents and settings\dearshay\Desktop\CFScript.txt
.
FILE ::
"c:\documents and settings\master\Local Settings\Application Data\Imobuyozewah.bin"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\master\Local Settings\Application Data\Imobuyozewah.bin
.
.
((((((((((((((((((((((((( Files Created from 2011-02-09 to 2011-03-09 )))))))))))))))))))))))))))))))
.
.
2011-03-09 21:19 . 2011-03-09 21:19 -------- d-----w- c:\windows\LastGood
2011-03-05 21:57 . 2011-03-05 22:38 -------- d-----w- c:\documents and settings\dearshay\Local Settings\Application Data\WMTools Downloaded Files
2011-03-05 16:44 . 2011-03-05 16:44 -------- d-----w- c:\documents and settings\dearshay\Local Settings\Application Data\AOL
2011-02-26 04:04 . 2011-03-05 07:41 25048 ----a-w- c:\program files\Mozilla Firefox\components\browserdirprovider.dll
2011-02-26 04:04 . 2011-03-05 07:41 140248 ----a-w- c:\program files\Mozilla Firefox\components\brwsrcmp.dll
2011-02-26 04:01 . 2011-02-13 04:05 912344 ----a-w- c:\program files\Mozilla Firefox\nsc18.tmp\firefox.exe
2011-02-22 20:11 . 2011-02-22 20:11 -------- d-----w- c:\program files\ESET
2011-02-21 08:03 . 2011-02-21 08:03 -------- d-----w- c:\documents and settings\netta\Application Data\Malwarebytes
2011-02-21 07:31 . 2010-12-20 23:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-21 07:31 . 2010-12-20 23:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-21 04:24 . 2011-02-21 04:24 -------- d-----w- c:\documents and settings\dearshay\Application Data\PC Tools
2011-02-17 20:07 . 2010-07-16 19:59 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2011-02-17 20:07 . 2010-07-16 19:59 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys
2011-02-17 20:07 . 2010-11-17 15:19 249616 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2011-02-17 20:07 . 2010-11-25 15:53 160448 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2011-02-17 20:07 . 2010-11-25 15:43 239168 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2011-02-17 20:06 . 2010-11-25 15:42 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2011-02-17 20:06 . 2011-02-21 06:29 -------- d-----w- c:\program files\PC Tools Security
2011-02-17 20:06 . 2011-02-21 04:25 -------- d-----w- c:\program files\Common Files\PC Tools
2011-02-17 20:06 . 2011-02-21 04:24 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2011-02-17 01:01 . 2011-02-17 01:01 -------- d-----w- c:\documents and settings\dearshay\Application Data\SUPERAntiSpyware.com
2011-02-17 00:27 . 2011-02-17 00:27 -------- d-----w- c:\documents and settings\dearshay\Application Data\Malwarebytes
2011-02-13 04:05 . 2011-03-05 07:42 16856 ----a-w- c:\program files\Mozilla Firefox\plugin-container.exe
2011-02-13 04:05 . 2011-03-05 07:42 719832 ----a-w- c:\program files\Mozilla Firefox\mozcpp19.dll
2011-02-11 05:56 . 2011-02-11 05:56 -------- d-----w- c:\documents and settings\dearshay\Local Settings\Application Data\Nova Development
2011-02-11 00:58 . 2011-03-05 23:34 -------- d-----w- c:\documents and settings\dearshay\Application Data\gtk-2.0
2011-02-11 00:57 . 2011-02-11 06:08 -------- d-----w- c:\documents and settings\dearshay\.thumbnails
2011-02-11 00:49 . 2011-03-05 23:34 -------- d-----w- c:\documents and settings\dearshay\.gimp-2.6
2011-02-10 06:11 . 2011-02-10 06:11 -------- d-----w- c:\documents and settings\dearshay\Application Data\AVG9
2011-02-09 18:53 . 2011-02-21 08:11 -------- d-----w- c:\documents and settings\dearshay\Local Settings\Application Data\Google
2011-02-09 06:00 . 2011-02-09 06:00 -------- d-----w- c:\documents and settings\dearshay\Local Settings\Application Data\AVG Security Toolbar
2011-02-09 06:00 . 2011-03-05 16:53 -------- d-----w- c:\documents and settings\dearshay\Application Data\HPAppData
2011-02-09 04:30 . 2011-02-21 04:40 -------- d-----w- c:\documents and settings\dearshay\Local Settings\Application Data\Adobe
2011-02-09 04:26 . 2011-02-09 04:26 -------- d-----w- c:\documents and settings\dearshay\Application Data\ArcSoft
2011-02-08 16:04 . 2011-02-08 16:05 -------- d-----w- c:\documents and settings\TEMP
2011-02-08 03:47 . 2011-02-08 03:47 -------- d-----w- c:\documents and settings\master\Local Settings\Application Data\Nova Development
2011-02-08 03:31 . 2011-02-08 03:36 -------- d-----w- c:\documents and settings\master\Local Settings\Application Data\Adobe
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-21 03:03 . 2008-04-14 12:00 5504 ----a-w- c:\windows\system32\drivers\intelide.sys
2011-01-21 14:44 . 2008-04-14 12:00 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2008-04-14 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10 . 2008-04-14 12:00 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2008-04-14 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 22:15 . 2008-04-14 12:00 667136 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 22:15 . 2008-04-14 12:00 61952 ----a-w- c:\windows\system32\tdc.ocx
2010-12-20 17:26 . 2008-04-14 12:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
1998-12-09 07:53 . 1998-12-09 07:53 99840 ----a-w- c:\program files\Common Files\IRAABOUT.DLL
1998-12-09 07:53 . 1998-12-09 07:53 70144 ----a-w- c:\program files\Common Files\IRAMDMTR.DLL
1998-12-09 07:53 . 1998-12-09 07:53 48640 ----a-w- c:\program files\Common Files\IRALPTTR.DLL
1998-12-09 07:53 . 1998-12-09 07:53 31744 ----a-w- c:\program files\Common Files\IRAWEBTR.DLL
1998-12-09 07:53 . 1998-12-09 07:53 186368 ----a-w- c:\program files\Common Files\IRAREG.DLL
1998-12-09 07:53 . 1998-12-09 07:53 17920 ----a-w- c:\program files\Common Files\IRASRIAL.DLL
.
.
((((((((((((((((((((((((((((( SnapShot@2011-03-05_17.59.33 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-03-09 21:16 . 2011-03-09 21:16 16384 c:\windows\Temp\Perflib_Perfdata_7f4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
NETGEAR WPN111 Smart Wizard.lnk - c:\program files\NETGEAR\WPN111\wpn111.exe [2009-4-16 884838]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Monitor.lnk
backup=c:\windows\pss\Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Symantec Fax Starter Edition Port.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Symantec Fax Starter Edition Port.lnk
backup=c:\windows\pss\Symantec Fax Starter Edition Port.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^eFax 4.4.lnk]
path=c:\documents and settings\User\Start Menu\Programs\Startup\eFax 4.4.lnk
backup=c:\windows\pss\eFax 4.4.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 03:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 08:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 12:00 15360 ------w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eFax 4.4]
2010-07-02 18:24 95744 ----a-w- c:\program files\eFax Messenger 4.4\J2GDllCmd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FileZilla Server Interface]
2009-03-03 10:19 1224704 ----a-w- c:\program files\FileZilla Server\FileZilla Server Interface.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Quick Search Box]
2010-12-20 18:32 126976 ----a-w- c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2007-10-15 04:17 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\hpqSRMon]
2007-08-22 23:31 80896 ----a-w- c:\program files\HP\Digital Imaging\bin\HpqSRmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-11-11 05:40 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 18:50 155648 ----a-w- c:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-09-08 16:17 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ReminderApp]
2006-11-02 18:21 156160 ----a-w- c:\program files\Nova Development\Greeting Card Factory Photo Card Maker\ReminderApp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2003-11-01 02:42 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-05-21 15:34 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2010-02-18 21:40 2012912 ----a-w- c:\program files\SUPERAntiSpyware\c6ca2ef7-4195-4582-b595-278a3fe14d3e.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\netta\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqfxt08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Smart Web Printing\\SmartWebPrintExe.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2/17/2011 3:07 PM 239168]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2/17/2011 3:07 PM 338880]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67656]
R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [4/16/2009 10:08 PM 17149]
R3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\drivers\WPN111.sys [4/16/2009 10:21 PM 362944]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3/4/2010 11:10 PM 135664]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe --> c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [?]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/17/2010 1:15 PM 12872]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools Security\pctsAuxs.exe [2/17/2011 3:06 PM 366840]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - PCTSDInjDriver32
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
.
2011-03-09 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2010-03-05 04:05]
.
2011-03-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-05 04:10]
.
2011-03-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-05 04:10]
.
2011-03-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-343818398-842925246-1011Core.job
- c:\documents and settings\master\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-02-07 19:27]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} - hxxp://www.myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dll
FF - ProfilePath - c:\documents and settings\dearshay\Application Data\Mozilla\Firefox\Profiles\synroa4e.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4b29489d&v=6.010.006.004&i=26&tp=ab&iy=&ychte=us&lng=en-US&q=
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-09 17:27
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(584)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
Completion time: 2011-03-09 17:32:31
ComboFix-quarantined-files.txt 2011-03-09 22:32
ComboFix2.txt 2011-03-09 21:58
ComboFix3.txt 2011-03-05 18:05
.
Pre-Run: 60,776,968,192 bytes free
Post-Run: 60,761,591,808 bytes free
.
- - End Of File - - 21446E659734B099A46B3894FF2FF620

#10 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:42 AM

Posted 09 March 2011 - 06:27 PM

Hello, mzche.

Making progress. Are you getting redirects, or have we solved that?



Step 1

Next, we need to update Java.
Your Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system. Please follow these steps to remove older version Java components and update:
  • Download the latest version of Java Runtime Environment (JRE) Version 24..
  • Save it to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE) or Java™ in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version(s) shown below:
    Java 6 Update 14
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u24-windows-i586-s.exe to install the newest version.




Step 2

Please pull anything out of the recycle bin that you want to save. Part of this fix will empty temp files, and that does include the recycle bin.


After running, your desktop icons and taskbar may disappear. That's normal.

Please download TFC by OldTimer and save it to your desktop.
alternate download link


  • Save any unsaved work. TFC will close ALL open programs including your browser!
  • Double-click on TFC.exe to run it. If you are using Vista or Windows 7, right-click on the file and choose Run As Administrator.
  • Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
  • Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.




Step 3

I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the Posted Image button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the Posted Image icon on your desktop.
  • Check Posted Image
  • Click the Posted Image button.
  • Accept any security warnings from your browser.
  • Check Posted Image
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push Posted Image
  • Push Posted Image, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the Posted Image button.
  • Push Posted Image

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#11 mzche

mzche
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:05:42 AM

Posted 11 March 2011 - 06:33 AM

I completed all of the steps. ESET did not find any threats and did not produce a log. So far, there are no redirects.

#12 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:42 AM

Posted 11 March 2011 - 06:27 PM

OK, please post one last OTL Quick Scan for me to review. i think we're done here short of cleaning up.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#13 mzche

mzche
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:05:42 AM

Posted 12 March 2011 - 09:06 PM

Could you send me the link to download OTL, please?

#14 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:42 AM

Posted 13 March 2011 - 06:53 AM

Sorry about that...when I bump a log, I ask for OTL scans. I forgot that I didn't bump this one! A new DDS scan is fine.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#15 mzche

mzche
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:05:42 AM

Posted 13 March 2011 - 03:37 PM

DDS (Ver_10-12-12.02) - NTFSx86
Run by dearshay at 16:28:02.51 on Sun 03/13/2011
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_24
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.318.155 [GMT -4:00]

AV: AVG Anti-Virus Free Edition 2011 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\FileZilla Server\FileZilla Server.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\NETGEAR\WPN111\wpn111.exe
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Documents and Settings\dearshay\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uURLSearchHooks: H - No File
mURLSearchHooks: H - No File
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wpn111\wpn111.exe
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} - hxxp://www.myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1239907088979
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\dearshay\applic~1\mozilla\firefox\profiles\synroa4e.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4b29489d&v=6.010.006.004&i=26&tp=ab&iy=&ychte=us&lng=en-US&q=
FF - prefs.js: network.proxy.type - 0
FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\program files\google\google updater\2.4.1868.6292\npCIDetect14.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: AVG Security Toolbar em:version=6.011.025.001 em:displayname=AVG Security Toolbar em:iconURL=chrome://tavgp/skin/logo.ico em:creator=AVG Technologies em:description=AVG Security Toolbar em:homepageURL=http://www.avg.com >: avg@igeared - c:\program files\avg\avg10\toolbar\firefox\avg@igeared
FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\avg\avg10\Firefox

============= SERVICES / DRIVERS ===============

R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2011-2-17 239168]
R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [2011-2-17 338880]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 251728]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-12 299984]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-3 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-3 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-3 26192]
R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2009-4-16 17149]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\lavasoft\ad-aware\kernexplorer.sys --> c:\program files\lavasoft\ad-aware\KernExplorer.sys [?]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-2-17 12872]

=============== Created Last 30 ================

2011-03-11 03:22:20 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-03-11 03:22:18 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2011-03-11 03:22:16 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-03-09 23:53:06 -------- d-----w- c:\docume~1\dearshay\applic~1\AVG10
2011-03-09 23:47:01 -------- d--h--w- c:\docume~1\alluse~1\applic~1\Common Files
2011-03-09 23:36:05 -------- d-----w- c:\windows\system32\drivers\AVG
2011-03-09 23:36:05 -------- d-----w- c:\docume~1\alluse~1\applic~1\AVG10
2011-03-09 23:12:55 -------- d-----w- c:\docume~1\alluse~1\applic~1\MFAData
2011-03-05 21:57:45 -------- d-----w- c:\docume~1\dearshay\locals~1\applic~1\WMTools Downloaded Files
2011-03-05 17:43:15 98816 ----a-w- c:\windows\sed.exe
2011-03-05 17:43:15 161792 ----a-w- c:\windows\SWREG.exe
2011-03-05 16:44:54 -------- d-----w- c:\docume~1\dearshay\locals~1\applic~1\AOL
2011-02-26 04:04:11 25048 ----a-w- c:\program files\mozilla firefox\components\browserdirprovider.dll
2011-02-26 04:04:11 140248 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
2011-02-26 04:01:54 912344 ----a-w- c:\program files\mozilla firefox\nsc18.tmp\firefox.exe
2011-02-22 20:11:05 -------- d-----w- c:\program files\ESET
2011-02-21 07:31:13 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-02-21 07:31:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-02-21 04:24:55 -------- d-----w- c:\docume~1\dearshay\applic~1\PC Tools
2011-02-17 20:07:09 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys
2011-02-17 20:07:09 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys
2011-02-17 20:07:08 249616 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2011-02-17 20:07:02 239168 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2011-02-17 20:07:02 160448 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2011-02-17 20:06:52 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2011-02-17 20:06:36 -------- d-----w- c:\program files\PC Tools Security
2011-02-17 20:06:36 -------- d-----w- c:\program files\common files\PC Tools
2011-02-17 20:06:36 -------- d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
2011-02-17 01:01:42 -------- d-----w- c:\docume~1\dearshay\applic~1\SUPERAntiSpyware.com
2011-02-17 00:27:10 -------- d-----w- c:\docume~1\dearshay\applic~1\Malwarebytes
2011-02-13 04:05:17 16856 ----a-w- c:\program files\mozilla firefox\plugin-container.exe
2011-02-13 04:05:13 719832 ----a-w- c:\program files\mozilla firefox\mozcpp19.dll

==================== Find3M ====================

2011-02-13 00:57:45 0 ----a-w- c:\windows\Imobuyozewah.bin
2011-02-09 13:53:52 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53:52 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34:28 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 22:15:52 667136 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 22:15:52 61952 ----a-w- c:\windows\system32\tdc.ocx
2010-12-20 17:26:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
1998-12-09 07:53:54 99840 ----a-w- c:\program files\common files\IRAABOUT.DLL
1998-12-09 07:53:54 70144 ----a-w- c:\program files\common files\IRAMDMTR.DLL
1998-12-09 07:53:54 48640 ----a-w- c:\program files\common files\IRALPTTR.DLL
1998-12-09 07:53:54 31744 ----a-w- c:\program files\common files\IRAWEBTR.DLL
1998-12-09 07:53:54 186368 ----a-w- c:\program files\common files\IRAREG.DLL
1998-12-09 07:53:54 17920 ----a-w- c:\program files\common files\IRASRIAL.DLL

============= FINISH: 16:30:47.90 ===============

Attached Files






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users