[SOLVED] Virus that Redirects, Disables Programs and Drivers

EffedByVirus · 06-16-2009, 01:47 PM

I got a virus and I've tried to use several programs to try and locate the files. Many files have been removed but I still have several issues. My searches on IE and Firefox are being redirected, my DVDRW and DVD drives both think they are only CD players, and several programs that could potentially help me seem to be disabled somehow.

I managed to run Avira and it found some files and quarantined them but these problems remain. Here are the other programs I have tried to use and what has happened:

Hijackthis: I can download it but when i click it to run, nothing happens. I downloaded the older version, same thing.

Spybot: Cant remember the error message, but something about not being able to update definitions, I think.

AdAware AE: I can download and run this, but when I try to update definitions it says I should check my connection settings.

MalwareBytes: Same issue as Hijack this.

Oh... also I tried uninstalling and deleting everything firefox and reinstalling it. Didnt solve the redirect problem...

Here is my log and I've attached everything. Let me know if there is anything else and thanks in advance for any help. It is greatly appreciated!

DDS (Ver_09-05-14.01) - NTFSx86
Run by Owner at 14:38:14.43 on Tue 06/16/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2047.1287 [GMT -5:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}
AV: Cox Security Suite Anti-Virus *On-access scanning enabled* (Updated) {2565CEEE-6BDB-4A6D-AD6D-F682F2695014}
FW: Cox Security Suite Firewall *enabled* {38254411-9AEC-4967-913E-F892C2A4DF89}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\HP\HP Officejet Pro K550 Series\Toolbox\HPWUTBX.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\DIGStream\digstream.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Nikon\NkView6\NkvMon.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\trlrm\RMHSvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Owner\Desktop\Tech Support\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://www.dellnet.com
uSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uDefault_Search_URL = hxxp://www.internet-search.info/searchbar
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.yahoo.com/
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = localhost
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
mWinlogon: Userinit=userinit.exe
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: EyeOnIE Class: {316aef8d-3c37-423e-9e6e-13820a9dc37a} - c:\progra~1\theshi~1\hsmack\progra~1\farstone\hacker~1\IrlOnIE.dll
BHO: AuthPopupBHO01.cBHO: {3c7195f6-d788-4d50-ba72-2ee212edac78} - c:\program files\cox\applications\app\popupbho01.dll
BHO: {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - No File
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: ST: {9394ede7-c8b5-483e-8773-474bf36af6e4} - c:\program files\msn apps\st\01.03.0000.1005\en-xu\stmain.dll
BHO: {BCD92B33-763C-330A-FA0C-14F2641C38C9} - No File
BHO: MSNToolBandBHO: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\msn apps\msn toolbar\msn toolbar\01.02.5000.1021\en-us\msntb.dll
BHO: Trlokom IE Toolbar: {c5af4d9b-0b55-4bac-9486-218ea2c6bc3e} - c:\program files\spywall\TrlIETool.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: PopupBlocker Class: {e22f9b9d-1a1f-473e-bed6-d8bc152441f4} - c:\program files\farstone\hackersmacker\FarPopupBlocker.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {5EC42754-122E-DADA-C37A-72E27547A2C9} - No File
TB: MSN: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\msn apps\msn toolbar\msn toolbar\01.02.5000.1021\en-us\msntb.dll
TB: Cox Popup Blocker: {2c0a5f28-48d8-408b-9172-9c6121025bce} - c:\program files\cox\applications\app\popupbho01.dll
TB: Trlokom IE Toolbar: {c5af4d9b-0b55-4bac-9486-218ea2c6bc3e} - c:\program files\spywall\TrlIETool.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - No File
TB: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
EB: &Discuss: {bdeade7f-c265-11d0-bced-00a0c90ab50f} - shdocvw.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [HPWUTOOLBOX] c:\program files\hp\hp officejet pro k550 series\toolbox\HPWUTBX.exe "-i"
mRun: [zBrowser Launcher] c:\program files\logitech\itouch\iTouch.exe
mRun: [nwiz] nwiz.exe /install
mRun: [LogitechVideoTray] c:\program files\logitech\video\LogiTray.exe
mRun: [LogitechVideoRepair] c:\program files\logitech\video\ISStart.exe
mRun: [DIGStream] c:\program files\digstream\digstream.exe
mRun: [AdaptecDirectCD] "c:\program files\roxio\easy cd creator 5\directcd\DirectCD.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [IPHSend] c:\program files\common files\aol\iphsend\IPHSend.exe
mRun: [System Guards] c:\program files\systemguards.com\systemguards\SysGuards.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRunOnce: [ATTToolbar uninstall] c:\program files\atttoolbar\uninstall.exe
dRun: [ALUAlert] c:\program files\symantec\liveupdate\ALUNotify.exe
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop messenger\8876480\program\LDMConf.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\nkvmon~1.lnk - c:\program files\nikon\nkview6\NkvMon.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: &AOL Toolbar search - c:\program files\aol toolbar\toolbar.dll/SEARCH.HTML
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: turbotax.com
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {0000000A-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/8/B/E/8BE028EC-F134-4AA0-84AB-64F76D6B9842/wmsp9dmo.cab
DPF: {084F552D-19EB-4668-9788-984CBC781A8F} - hxxp://survey.otxresearch.com/Preloader.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://active.macromedia.com/director/cabs/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {1B4F9DD7-2D7C-44B5-9126-73206DA0AE75} - hxxp://www3.authentium.com/cssrelease/bin/wizard.exe
DPF: {33363249-0000-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/i263_32.cab
DPF: {33564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab
DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photos.walmart.com/WalmartActivia.cab
DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - hxxp://aolcc.aol.com/computercheckup/qdiagcc.cab
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,72/mcinsctl.cab
DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - hxxp://software-dl.real.com/133d259ae2fa92ef1103/netzip/RdxIE2.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase2895.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1124593400464
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1147308657031
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {A8683C98-5341-421B-B23C-8514C05354F1} - hxxp://photo.walmart.com/photo/uploads/FujifilmUploadClient.cab
DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} - hxxp://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - hxxp://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/autocomplete.cab
DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - hxxp://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,15/mcgdmgr.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E856B973-45FD-4559-8F82-EAB539144667} - hxxp://pccheckup.dellfix.com/rel/41/install/gtdownde.cab
DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} - hxxp://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
TCP: NameServer = 85.255.112.230,85.255.112.114
TCP: {2A5BE09C-F5D7-4DE1-82A4-B7EF57E91D09} = 85.255.112.230,85.255.112.114
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Notify: LMIinit - LMIinit.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
LSA: Authentication Packages = msv1_0 c:\windows\system32\ddaya.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\8a66h16x.default\
FF - plugin: c:\program files\mozilla firefox\plugins\npitunes.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-6-15 64160]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-6-12 11608]
R1 trlkprot;Trlokom Application scan driver;c:\windows\system32\drivers\trlkprot.sys [2009-6-12 186880]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-6-12 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-6-12 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-6-12 55640]
R2 IntuitUpdateService;Intuit Update Service;c:\program files\common files\intuit\update service\IntuitUpdateService.exe [2008-10-10 13088]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 951632]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-7-24 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-6-13 47640]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S2 ESXGUGDB;ESXGUGDB;\??\c:\windows\system32\esxgugdb.jvf --> c:\windows\system32\esxgugdb.jvf [?]
S2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0;c:\program files\common files\nero\nero backitup 4\nbservice.exe --> c:\program files\common files\nero\nero backitup 4\NBService.exe [?]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\nos\bin\getPlus_HelperSvc.exe [2008-10-12 33752]
S3 IFA_Moore Service;IFA_Moore Service;c:\program files\common files\primal pictures shared\service\IFA_Moore Service File.exe [2009-6-14 68096]
S3 KLIF;KLIF;\??\c:\progra~1\pctool~1\klif.sys --> c:\progra~1\pctool~1\KLIF.SYS [?]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]

=============== Created Last 30 ================

2009-06-16 14:32 260 a------- c:\windows\_delis32.ini
2009-06-16 14:13 <DIR> --d----- c:\program files\Cox
2009-06-15 22:31 183,169 a------- C:\hijackthis1982.zip
2009-06-15 21:37 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-06-15 21:36 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-06-15 21:34 <DIR> --d----- c:\program files\Trend Micro
2009-06-15 21:34 40,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-15 21:33 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-06-15 21:33 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-06-15 21:33 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-06-15 21:31 410,984 a------- c:\windows\system32\deploytk.dll
2009-06-15 21:31 73,728 a------- c:\windows\system32\javacpl.cpl
2009-06-14 14:40 <DIR> --d----- c:\docume~1\owner\applic~1\Primal Pictures
2009-06-14 14:39 <DIR> --d----- c:\program files\common files\Primal Pictures Shared
2009-06-14 14:39 339,456 a------- c:\windows\system32\tx32.dll
2009-06-14 14:39 251,392 a------- c:\windows\system32\tx4ole.ocx
2009-06-14 14:39 69,120 a------- c:\windows\system32\txtls32.dll
2009-06-14 14:39 59,904 a------- c:\windows\system32\tx_rtf32.dll
2009-06-14 14:39 47,104 a------- c:\windows\system32\wndtls32.dll
2009-06-14 14:39 <DIR> --d----- c:\program files\Primal 3D Anatomy
2009-06-13 13:21 <DIR> --d----- c:\docume~1\alluse~1\applic~1\LogMeIn
2009-06-13 13:21 28,984 a------- c:\windows\system32\LMIport.dll
2009-06-13 13:21 83,288 a------- c:\windows\system32\LMIRfsClientNP.dll
2009-06-13 13:21 47,640 a------- c:\windows\system32\drivers\LMIRfsDriver.sys
2009-06-13 13:21 87,352 a------- c:\windows\system32\LMIinit.dll
2009-06-13 13:21 1,024 a------- C:\.rnd
2009-06-13 13:21 <DIR> --d----- c:\program files\LogMeIn
2009-06-13 01:54 16,409,960 a------- C:\spybotsd162.exe
2009-06-13 00:37 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Trlokom
2009-06-12 23:52 186,880 a------- c:\windows\system32\drivers\trlkprot.sys
2009-06-12 23:52 <DIR> --d----- c:\windows\trlrm
2009-06-12 23:52 36 ----hr-- c:\windows\sued.dat
2009-06-12 23:52 <DIR> --d----- c:\program files\SpyWall
2009-06-12 19:20 55,640 a------- c:\windows\system32\drivers\avgntflt.sys
2009-06-12 19:20 <DIR> --d----- c:\program files\Avira
2009-06-12 19:20 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Avira
2009-06-10 16:00 <DIR> --d----- c:\program files\common files\DivX Shared
2009-06-09 14:32 246,272 -------- c:\windows\system32\dllcache\ieproxy.dll
2009-06-09 14:32 1,985,024 -------- c:\windows\system32\dllcache\iertutil.dll
2009-06-09 14:32 12,800 -------- c:\windows\system32\dllcache\xpshims.dll
2009-06-09 14:32 11,064,832 -------- c:\windows\system32\dllcache\ieframe.dll
2009-06-08 19:27 <DIR> --dsh--- c:\documents and settings\owner\IECompatCache
2009-06-07 06:39 325 ---shr-- c:\windows\system32\pcsl.ldd
2009-06-07 06:39 40 ---shr-- c:\windows\system32\puma77.lic
2009-06-07 06:38 <DIR> --d----- c:\program files\Tinnitus Masker Pro
2009-06-07 05:43 <DIR> --d----- c:\program files\WinAce
2009-06-07 04:54 <DIR> --d----- c:\docume~1\owner\applic~1\Ambience Pods
2009-06-02 16:35 <DIR> --d----- c:\docume~1\owner\applic~1\SharePod
2009-06-02 15:33 151 a------- c:\windows\PhotoSnapViewer.INI
2009-05-31 01:19 <DIR> --dsh--- c:\documents and settings\owner\PrivacIE
2009-05-30 18:13 <DIR> --dsh--- c:\documents and settings\owner\IETldCache
2009-05-30 12:10 <DIR> --d----- c:\windows\ie8updates
2009-05-30 12:08 102,912 -------- c:\windows\system32\dllcache\iecompat.dll
2009-05-30 12:04 <DIR> -cd-h--- c:\windows\ie8
2009-05-24 15:48 <DIR> --d----- c:\docume~1\owner\applic~1\uTorrent
2009-05-24 03:23 <DIR> --d----- c:\program files\usmle
2009-05-23 23:48 <DIR> --d----- C:\Downloads
2009-05-20 17:03 129,024 a------- c:\windows\system32\AVERM.dll
2009-05-20 17:03 <DIR> --d----- c:\program files\Movie DVD Maker
2009-05-20 16:34 <DIR> --d----- c:\program files\WinAVI Video Converter
2009-05-20 16:19 131,856 a------- c:\windows\system32\MSADODC.ocx
2009-05-20 16:19 1,435,272 a------- c:\windows\system32\Flash8.ocx
2009-05-20 16:19 1,140,472 a------- c:\windows\system32\IGUltraGrid20.ocx
2009-05-20 16:19 512,688 a------- c:\windows\system32\XceedCry.dll
2009-05-20 16:19 11,012 a------- c:\windows\system32\threadapi.tlb
2009-05-20 16:17 0 a------- C:\Debug.QC6
2009-05-20 16:10 245,760 a------- c:\windows\system32\mp4sds32.ax
2009-05-20 16:10 420,240 a------- c:\windows\system32\mpg4c32.dll
2009-05-20 16:09 101,888 a------- c:\windows\system32\VB6STKIT.DLL
2009-05-19 23:00 39 a------- c:\windows\Irremote.ini
2009-05-19 22:09 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Nero
2009-05-19 20:20 <DIR> --d----- c:\docume~1\owner\applic~1\Canneverbe_Limited

==================== Find3M ====================

2009-06-16 14:30 54,134 a------- c:\program files\INSTALL.LOG
2009-05-20 16:25 16,642,288 a------- c:\documents and settings\owner\ATT_SST_Installer.exe
2009-05-14 13:05 530,083 a------- C:\HC4DecommissionScheduler.exe
2009-05-13 00:15 5,936,128 a------- c:\windows\system32\dllcache\mshtml.dll
2009-05-13 00:15 915,456 a------- c:\windows\system32\wininet.dll
2009-05-13 00:15 915,456 a------- c:\windows\system32\dllcache\wininet.dll
2009-05-07 10:32 345,600 a------- c:\windows\system32\localspl.dll
2009-05-07 10:32 345,600 -------- c:\windows\system32\dllcache\localspl.dll
2009-05-01 16:03 129,784 -------- c:\windows\system32\pxafs.dll
2009-05-01 16:03 120,056 -------- c:\windows\system32\pxcpyi64.exe
2009-05-01 16:03 118,520 -------- c:\windows\system32\pxinsi64.exe
2009-05-01 16:03 43,528 -------- c:\windows\system32\drivers\PxHelp20.sys
2009-05-01 16:02 90,112 a------- c:\windows\system32\dpl100.dll
2009-05-01 16:02 823,296 a------- c:\windows\system32\divx_xx0c.dll
2009-05-01 16:02 823,296 a------- c:\windows\system32\divx_xx07.dll
2009-05-01 16:02 815,104 a------- c:\windows\system32\divx_xx0a.dll
2009-05-01 16:02 811,008 a------- c:\windows\system32\divx_xx16.dll
2009-05-01 16:02 802,816 a------- c:\windows\system32\divx_xx11.dll
2009-05-01 16:02 685,056 a------- c:\windows\system32\DivX.dll
2009-04-30 16:22 1,207,808 a------- c:\windows\system32\dllcache\urlmon.dll
2009-04-30 16:22 25,600 -------- c:\windows\system32\dllcache\jsproxy.dll
2009-04-30 16:22 385,536 -------- c:\windows\system32\dllcache\iedkcs32.dll
2009-04-30 06:21 173,056 -------- c:\windows\system32\dllcache\ie4uinit.exe
2009-04-17 07:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-17 07:26 1,847,168 -------- c:\windows\system32\dllcache\win32k.sys
2009-04-15 09:51 585,216 a------- c:\windows\system32\rpcrt4.dll
2009-04-15 09:51 585,216 -------- c:\windows\system32\dllcache\rpcrt4.dll
2009-03-21 09:06 989,696 -------- c:\windows\system32\dllcache\kernel32.dll
2006-04-05 21:45 85,656 ac------ c:\docume~1\owner\applic~1\GDIPFONTCACHEV1.DAT
2005-01-31 23:41 147,456 a------- c:\program files\Financial.doc
2004-07-02 21:10 74,888 a------- c:\program files\bbcurdu.exe
2004-07-02 18:24 30,720 a------- c:\program files\pptico.exe
2004-07-01 21:18 2,592,386 a------- c:\program files\trillian-v0.74i.exe
2004-06-26 22:02 765,001 a------- c:\program files\slsk152.exe
2004-06-09 00:06 281,600 ac------ c:\program files\Spring 2004 Syllabus.doc
2004-06-02 23:46 2,592,499 a------- c:\program files\trillian-v0.74h.exe
2004-06-02 12:15 8,858,985 a------- c:\program files\wildcards-setup.exe
2004-05-24 19:11 3,519,514 a------- c:\program files\eMule0.42g-Installer.exe
2004-05-23 14:39 4,912,595 a------- c:\program files\orbital-setup.exe
2004-05-20 22:35 1,014,727 a------- c:\program files\setup.exe
2004-05-17 21:07 18,082 a------- c:\program files\MA1328100Q02_closed_tax_lot.txf
2004-12-28 04:33 56 ---shr-- c:\windows\system32\2DADE8ED9C.sys
2008-02-17 19:36 203,294 ---sh--- c:\windows\system32\ayadd.bak1
2008-02-20 20:39 236,476 ---sh--- c:\windows\system32\ayadd.bak2
2008-02-20 23:08 273,278 ---sh--- c:\windows\system32\ayadd.ini2
2007-10-14 09:30 56,022 ---sh--- c:\windows\system32\ihhkj.bak1
2007-10-23 21:14 55,730 ---sh--- c:\windows\system32\ihhkj.bak2
2007-11-04 17:34 53,137 ---sh--- c:\windows\system32\ihkmp.bak1
2007-11-11 16:44 78,176 ---sh--- c:\windows\system32\ihkmp.bak2
2007-10-14 09:30 55,953 ---sh--- c:\windows\system32\opqss.bak1
2007-10-13 09:30 55,694 ---sh--- c:\windows\system32\opqss.bak2
2007-09-24 06:03 6,440 ---sh--- c:\windows\system32\wvvwa.bak1

============= FINISH: 14:38:44.53 ===============

EffedByVirus · 06-16-2009, 01:50 PM

Oh, also I know it says in the instructions to only have one antivirus. I tried to uninstall Cox Security Suite. It said it uninstalled but the DDS log still says its running. No clue...

EffedByVirus · 06-17-2009, 06:14 PM

Update: I was able to run HijackThis by renaming it. I can include the log if asked. No such luck with MalwareBytes.

EffedByVirus · 06-18-2009, 11:26 AM

So I was able to run SUPERAntispyware and resolved several issues. I'm going to close this thread but I will redo my logs and post another thread probably tonight. I think there are still virus/malware files on my computer, but far less than in the logs here.

Thanks to the experts on this site. The information on other threads is the only reason I have gotten this far.

06-16-2009, 01:50 PM	#2 (permalink)
EffedByVirus Registered User Join Date: Jun 2009 Posts: 5 OS: xp	Re: Virus that Redirects, Disables Programs and Drivers Oh, also I know it says in the instructions to only have one antivirus. I tried to uninstall Cox Security Suite. It said it uninstalled but the DDS log still says its running. No clue...

06-17-2009, 06:14 PM	#3 (permalink)
EffedByVirus Registered User Join Date: Jun 2009 Posts: 5 OS: xp	Re: Virus that Redirects, Disables Programs and Drivers Update: I was able to run HijackThis by renaming it. I can include the log if asked. No such luck with MalwareBytes.

06-18-2009, 11:26 AM	#4 (permalink)
EffedByVirus Registered User Join Date: Jun 2009 Posts: 5 OS: xp	Re: Virus that Redirects, Disables Programs and Drivers So I was able to run SUPERAntispyware and resolved several issues. I'm going to close this thread but I will redo my logs and post another thread probably tonight. I think there are still virus/malware files on my computer, but far less than in the logs here. Thanks to the experts on this site. The information on other threads is the only reason I have gotten this far.