Help please!!! IE pop up while using FF, then google search results redirect.

JackVT · 10-31-2009, 02:52 PM

Good Evening!
My name is Jack and i'm new to the forum. I'm using Window Vista Business(with install disk), McAfee antivirus. A few days ago, my firefox browser started to acting strange, everytime i tried to open a webpage, a IE window would pop up and go to some Antivirus or ads websites...Also my google search results keep redirecting me to some weird websites (pretty much like KBWood here: http://forums.techguy.org/malware-re...redirects.html).
After lots of searching and such, I'd tried many programs like Malwarebytes, Spyware search and destroy or SuperAntispyware but could only got rid of the IE pop-up.
Here is my DDS log:

DDS (Ver_09-10-26.01) - NTFSx86
Run by Jack Nguyen at 7:22:23.75 on Sun 01/11/2009
Internet Explorer: 8.0.6001.18828 BrowserJavaVersion: 1.6.0_16
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.61.1033.18.1914.929 [GMT 11:00]

SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\RtkAudioService.exe
C:\Program Files\Protector Suite QL\upeksvr.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Windows\system32\rundll32.exe
C:\PROGRA~1\McAfee\VirusScan\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Sony\VAIO Power Management\SPMService.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
C:\Windows\system32\DllHost.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Sony\VAIO Mode Switch\VMSwitch.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\McAfee\Anti-Theft\McPvTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Sony\VAIO Care\VCsystray.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VirusScan\mcsysmon.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Program Files\NetMeter\NetMeter.exe
C:\Program Files\FlashGet\flashget.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\explorer.exe
C:\Users\Jack Nguyen\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://google.com/
uInternet Settings,ProxyOverride = *.local
BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - c:\program files\flashget\jccatch.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\progra~1\mcafee\virusscan\scriptsn.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\siteadvisor\mcieplg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo layers client\YontooIEClient.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\siteadvisor\mcieplg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [SmartRAM] "c:\program files\iobit\advanced systemcare 3\Sup_SmartRAM.exe" /m
uRun: [IDMan] c:\program files\internet download manager\IDMan.exe /onboot
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [VMSwitch] "c:\program files\sony\vaio mode switch\VMSwitch.exe"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [ISBMgr.exe] "c:\program files\sony\isb utility\ISBMgr.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [McENUI] c:\progra~1\mcafee\mhn\McENUI.exe /hide
mRun: [McPvTray] c:\program files\mcafee\anti-theft\McPvTray.exe
mRun: [iolo Startup] "c:\program files\iolo\common\lib\ioloLManager.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Flashget] c:\program files\flashget\flashget.exe /min
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
uPolicies-explorer: NoRecentDocsNetHood = 0 (0x0)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: DisableCAD = 1 (0x1)
IE: &Download All with FlashGet - c:\program files\flashget\jc_all.htm
IE: &Download with FlashGet - c:\program files\flashget\jc_link.htm
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\internet download manager\IEGetVL.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\program files\flashget\FlashGet.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - c:\program files\intuit\quickbooks 2008\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\siteadvisor\McIEPlg.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
Notify: psfus - c:\windows\system32\psqlpwd.dll
Notify: VESWinlogon - VESWinlogon.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages = scecli psqlpwd

================= FIREFOX ===================

FF - ProfilePath - c:\users\jackng~1\appdata\roaming\mozilla\firefox\profiles\fs4sqyrx.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - component: c:\program files\mozilla firefox\components\pbgk1_9.dll
FF - component: c:\users\jack nguyen\appdata\roaming\idm\idmmzcc3\components\idmmzcc.dll
FF - component: c:\users\jack nguyen\appdata\roaming\mozilla\firefox\profiles\fs4sqyrx.default\extensions\dttoolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - fales
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: browser.xul.error_pages.enabled - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 8191
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-10-29 64288]
R0 McPvDrv;McPvDrv;c:\windows\system32\drivers\McPvDrv.sys [2008-5-28 61688]
R0 shpf;Sony HDD Protection Filter Driver;c:\windows\system32\drivers\shpf.sys [2008-8-9 22944]
R1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\elrawdsk.sys [2009-8-14 20392]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-10-12 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-10-12 74480]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-18 11032]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2008-8-9 29736]
R3 NETw5v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\system32\drivers\NETw5v32.sys [2008-4-29 3658752]
R3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2008-8-9 9344]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-10-12 7408]

============== File Associations ===============

JSEFile=NOTEPAD.EXE %1

=============== Created Last 30 ================

2009-10-31 17:36:03 0 d-----w- c:\programdata\F-Secure
2009-10-29 13:59:05 312344 ----a-w- c:\windows\system32\drivers\iaStor.sys
2009-10-29 13:55:57 0 d-----w- C:\ComboFix
2009-10-29 13:37:39 77312 ----a-w- c:\windows\MBR.exe
2009-10-29 13:37:37 236544 ----a-w- c:\windows\PEV.exe
2009-10-29 13:37:37 161792 ----a-w- c:\windows\SWREG.exe
2009-10-29 13:37:36 98816 ----a-w- c:\windows\sed.exe
2009-10-29 12:35:08 0 d-----w- c:\programdata\Spybot - Search & Destroy
2009-10-29 12:35:08 0 d-----w- c:\program files\Spybot - Search & Destroy
2009-10-29 12:34:30 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-10-29 12:34:20 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-10-29 12:33:03 0 dc-h--w- c:\programdata\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-10-29 12:32:40 0 d-----w- c:\programdata\Lavasoft
2009-10-29 12:32:40 0 d-----w- c:\program files\Lavasoft
2009-10-29 11:52:27 0 d-----w- c:\program files\CleanUp!
2009-10-29 11:34:00 0 d-----w- c:\program files\Windows Portable Devices
2009-10-29 11:33:42 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-10-29 11:28:35 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2009-10-29 11:28:33 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2009-10-29 11:28:32 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2009-10-29 11:26:00 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2009-10-29 11:25:59 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-10-29 11:25:59 234496 ----a-w- c:\windows\system32\oleacc.dll
2009-10-29 11:21:29 0 d-----w- c:\program files\Trend Micro
2009-10-29 04:22:18 0 d-----w- c:\programdata\SUPERAntiSpyware.com
2009-10-29 04:21:07 0 d-----w- c:\users\jackng~1\appdata\roaming\SUPERAntiSpyware.com
2009-10-29 04:21:07 0 d-----w- c:\program files\SUPERAntiSpyware
2009-10-29 01:16:22 0 d-----w- C:\Program Files (x86)
2009-10-29 01:16:21 559616 ----a-w- C:\seatoolsforwindowssetup.msi
2009-10-28 20:42:54 0 d-----w- c:\program files\common files\Wise Installation Wizard
2009-10-28 17:05:43 65536 --sha-w- c:\users\jack nguyen\ntuser.dat{9863edc8-c3e2-11de-a0e8-806e6f6e6963}.TM.blf
2009-10-28 17:05:43 524288 --sha-w- c:\users\jack nguyen\ntuser.dat{9863edc8-c3e2-11de-a0e8-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms
2009-10-28 17:05:43 524288 --sha-w- c:\users\jack nguyen\ntuser.dat{9863edc8-c3e2-11de-a0e8-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms
2009-10-28 13:47:55 0 d-----w- c:\users\jackng~1\appdata\roaming\Malwarebytes
2009-10-28 13:47:45 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-28 13:47:43 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-28 13:47:43 0 d-----w- c:\programdata\Malwarebytes
2009-10-28 13:47:43 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-28 13:18:02 0 d-----w- c:\program files\Exterminate It!
2009-10-28 12:58:45 0 d-----w- c:\windows\system32\URTTEMP
2009-10-28 10:56:23 310784 ----a-w- c:\windows\system32\unregmp2.exe
2009-10-28 10:56:11 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-10-16 18:35:39 0 d-----w- c:\programdata\WindowsSearch
2009-10-15 08:25:42 0 d-----w- c:\windows\SQL9_KB970892_ENU
2009-10-15 08:14:59 60928 ----a-w- c:\windows\system32\msasn1.dll
2009-10-15 08:14:55 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-10-15 08:14:53 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2009-10-11 04:07:09 0 d-----w- c:\program files\Yontoo Layers Client
2009-10-11 04:07:08 0 d-----w- c:\programdata\Tarma Installer
2009-10-09 21:23:24 0 d-----w- c:\users\jackng~1\appdata\roaming\LimeWire
2009-10-06 18:15:09 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-10-06 18:14:30 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-10-06 18:14:05 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-10-06 18:14:05 171608 ----a-w- c:\windows\system32\wuwebv.dll

==================== Find3M ====================

2009-10-29 11:33:46 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-10-29 11:33:46 51200 ----a-w- c:\windows\inf\infpub.dat
2009-10-29 11:33:45 86016 ----a-w- c:\windows\inf\infstor.dat
2009-10-29 11:33:45 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-10-22 06:46:04 93096 ----a-w- c:\windows\system32\IncContxMenu.dll
2009-10-22 06:45:56 2115496 ----a-w- c:\windows\system32\Incinerator.dll
2009-10-01 01:02:17 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2009-10-01 01:02:05 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2009-10-01 01:02:04 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-10-01 01:02:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2009-10-01 01:02:00 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2009-10-01 01:01:59 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2009-10-01 01:01:59 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-10-01 01:01:56 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2009-10-01 01:01:56 350208 ----a-w- c:\windows\system32\WPDSp.dll
2009-10-01 01:01:56 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2009-10-01 01:01:56 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2009-10-01 01:01:54 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2009-09-25 02:10:10 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2009-09-25 02:07:08 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2009-09-25 02:04:32 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2009-09-25 01:49:22 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2009-09-25 01:48:08 351232 ----a-w- c:\windows\system32\XpsPrint.dll
2009-09-25 01:38:29 847360 ----a-w- c:\windows\system32\OpcServices.dll
2009-09-25 01:36:13 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2009-09-25 01:35:31 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2009-09-25 01:33:25 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2009-09-25 01:33:15 829440 ----a-w- c:\windows\system32\d3d10warp.dll
2009-09-25 01:33:01 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2009-09-25 01:32:59 252928 ----a-w- c:\windows\system32\dxdiag.exe
2009-09-25 01:31:53 519680 ----a-w- c:\windows\system32\d3d11.dll
2009-09-25 01:31:26 486912 ----a-w- c:\windows\system32\d3d10level9.dll
2009-09-25 01:31:21 161280 ----a-w- c:\windows\system32\d3d10_1.dll
2009-09-25 01:31:19 218112 ----a-w- c:\windows\system32\d3d10_1core.dll
2009-09-25 01:31:16 1030144 ----a-w- c:\windows\system32\d3d10.dll
2009-09-25 01:31:15 828928 ----a-w- c:\windows\system32\d2d1.dll
2009-09-25 01:30:23 481792 ----a-w- c:\windows\system32\dxgi.dll
2009-09-25 01:30:23 190464 ----a-w- c:\windows\system32\d3d10core.dll
2009-09-25 01:27:25 634880 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2009-09-25 01:27:04 793088 ----a-w- c:\windows\system32\FntCache.dll
2009-09-25 01:27:04 37888 ----a-w- c:\windows\system32\cdd.dll
2009-09-25 01:27:04 1064448 ----a-w- c:\windows\system32\DWrite.dll
2009-09-24 22:54:55 258048 ----a-w- c:\windows\system32\winspool.drv
2009-09-24 22:54:53 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2009-09-24 22:54:52 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2009-09-24 09:28:00 37665 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont
2009-09-15 23:22:48 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-09-15 23:22:48 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-09-15 23:22:48 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-09-15 23:22:48 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-09-15 23:22:14 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-09-10 16:48:01 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-08-29 00:27:49 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:14:38 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-27 05:22:28 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 05:17:43 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-08-27 05:17:43 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-08-27 03:42:29 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-08-26 05:42:00 30208 ----a-w- c:\windows\system32\iolobtdfg.exe
2009-08-26 05:42:00 12288 ----a-w- c:\windows\system32\smrgdf.exe
2009-08-17 12:33:52 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-16 15:08:36 178176 ----a-w- c:\windows\system32\unrar.dll
2009-08-14 15:53:34 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 13:49:20 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 13:49:18 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 13:49:18 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 13:49:15 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 13:49:14 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 13:49:14 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 13:49:13 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-14 13:48:02 105984 ----a-w- c:\windows\system32\netiohlp.dll
2009-08-14 11:40:36 74703 ----a-w- c:\windows\system32\mfc45.dll
2009-08-04 12:34:19 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-08-04 12:34:19 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2008-01-21 02:43:58 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:07 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:07 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:07 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:07 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 7:23:46.39 ===============

Thank you very much!!!!!!

extremeboy · 11-06-2009, 02:31 PM

Hello and welcome to TSF.

I Apologize for the late response.

If you still require assistance, we would like to see the latest state of your system. So, please post a fresh DDS log and a new GMER log as described in this topic. In your reply, I would also like to know any symptoms you may still have and how your computer is running at the moment.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Please note that the forum is very busy and if I don’t hear from you in three-five days this thread will be closed.

With Regards,
Extremeboy

extremeboy · 11-09-2009, 02:43 PM

Hello.

Are you still there?

If you are please follow the instructions in my previous post.

If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic.

Please reply back telling us so. The forums here at TSF is always a busy place and if I don't hear you from within 5 days since my last reply, the topic will need to be closed.

Thanks for understanding.

With Regards,
Extremeboy

JackVT · 11-11-2009, 03:35 PM

Hi Extremeboy,
Thank you very much for your reply.
I am very sorry for the late reply, actually a few days ago, the redirection did not happen, so i thought it was ok, but then today while searching on google, it happened again.

Here's my fresh DDS log:

DDS (Ver_09-10-26.01) - NTFSx86
Run by Jack Nguyen at 9:19:05.55 on Thu 12/11/2009
Internet Explorer: 8.0.6001.18828 BrowserJavaVersion: 1.6.0_17
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.61.1033.18.1914.934 [GMT 11:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Protector Suite QL\upeksvr.exe
C:\Windows\RtkAudioService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files\iolo\common\lib\ioloServiceManager.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\Windows\system32\rundll32.exe
C:\PROGRA~1\McAfee\VirusScan\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Sony\VAIO Power Management\SPMService.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\iolo\System Mechanic\SMTrayNotify.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Windows\Explorer.EXE
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe
C:\Program Files\Sony\VAIO Mode Switch\VMSwitch.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\McAfee\Anti-Theft\McPvTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Sony\VAIO Care\VCsystray.exe
C:\PROGRA~1\McAfee\VirusScan\mcsysmon.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\NetMeter\NetMeter.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Jack Nguyen\Desktop\dds.com
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://giangho.biz
uInternet Settings,ProxyOverride = *.local
BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - c:\program files\flashget\jccatch.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\progra~1\mcafee\virusscan\scriptsn.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.3.4501.1418\swg.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\siteadvisor\mcieplg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Yontoo Layers: {fd72061e-9fde-484d-a58a-0bab4151cad8} - c:\program files\yontoo layers client\YontooIEClient.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\siteadvisor\mcieplg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [SmartRAM] "c:\program files\iobit\advanced systemcare 3\Sup_SmartRAM.exe" /m
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [IDMan] c:\program files\internet download manager\IDMan.exe /onboot
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [VMSwitch] "c:\program files\sony\vaio mode switch\VMSwitch.exe"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [ISBMgr.exe] "c:\program files\sony\isb utility\ISBMgr.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [McENUI] c:\progra~1\mcafee\mhn\McENUI.exe /hide
mRun: [McPvTray] c:\program files\mcafee\anti-theft\McPvTray.exe
mRun: [iolo Startup] "c:\program files\iolo\common\lib\ioloLManager.exe"
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
uPolicies-explorer: NoRecentDocsNetHood = 0 (0x0)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: DisableCAD = 1 (0x1)
IE: &Download All with FlashGet - c:\program files\flashget\jc_all.htm
IE: &Download with FlashGet - c:\program files\flashget\jc_link.htm
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\internet download manager\IEGetVL.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\program files\flashget\FlashGet.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~1\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - c:\program files\intuit\quickbooks 2008\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\siteadvisor\McIEPlg.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
Notify: psfus - c:\windows\system32\psqlpwd.dll
Notify: VESWinlogon - VESWinlogon.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages = scecli psqlpwd

================= FIREFOX ===================

FF - ProfilePath - c:\users\jackng~1\appdata\roaming\mozilla\firefox\profiles\fs4sqyrx.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - component: c:\program files\mozilla firefox\components\pbgk1_9.dll
FF - component: c:\users\jack nguyen\appdata\roaming\idm\idmmzcc3\components\idmmzcc.dll
FF - component: c:\users\jack nguyen\appdata\roaming\mozilla\firefox\profiles\fs4sqyrx.default\extensions\dttoolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - fales
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: browser.xul.error_pages.enabled - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 8191
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\elrawdsk.sys [2009-8-14 20392]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2008-8-9 29736]

============== File Associations ===============

JSEFile=NOTEPAD.EXE %1

=============== Created Last 30 ================

2009-11-11 12:54:47 0 d-s---w- C:\ComboFix
2009-11-09 03:58:08 108144 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-11-08 05:27:51 0 d-----w- c:\program files\Counter-Strike
2009-11-08 02:04:27 0 d-----w- c:\program files\ESET
2009-11-08 01:36:55 0 d-----w- c:\users\jack nguyen\.SunDownloadManager
2009-11-07 10:48:45 0 d-----w- c:\program files\2D Audition Offline
2009-11-06 17:46:23 65536 --sha-w- c:\users\jack nguyen\ntuser.dat{fb0292eb-caf1-11de-9820-806e6f6e6963}.TM.blf
2009-11-06 17:46:23 524288 --sha-w- c:\users\jack nguyen\ntuser.dat{fb0292eb-caf1-11de-9820-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms
2009-11-06 17:46:23 524288 --sha-w- c:\users\jack nguyen\ntuser.dat{fb0292eb-caf1-11de-9820-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms
2009-11-06 06:33:15 34816 ----a-w- c:\windows\system32\drivers\rootrepeal.sys
2009-11-04 16:09:48 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2009-11-04 13:52:19 120 ----a-w- c:\windows\CIS_Setup_3.12.111745.560_XP_Vista_x32.INI
2009-11-02 02:04:43 0 d-----w- c:\program files\Tsukihime
2009-10-31 21:53:08 0 d-----w- C:\$RECYCLE.BIN
2009-10-31 17:36:03 0 d-----w- c:\programdata\F-Secure
2009-10-29 13:59:05 312344 ----a-w- c:\windows\system32\drivers\iaStor.sys
2009-10-29 12:35:08 0 d-----w- c:\programdata\Spybot - Search & Destroy
2009-10-29 12:35:08 0 d-----w- c:\program files\Spybot - Search & Destroy
2009-10-29 12:34:20 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-10-29 12:32:40 0 d-----w- c:\programdata\Lavasoft
2009-10-29 11:34:00 0 d-----w- c:\program files\Windows Portable Devices
2009-10-29 11:33:42 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-10-29 11:28:35 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2009-10-29 11:28:33 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2009-10-29 11:28:32 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2009-10-29 11:26:00 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2009-10-29 11:25:59 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-10-29 11:25:59 234496 ----a-w- c:\windows\system32\oleacc.dll
2009-10-29 11:21:29 0 d-----w- c:\program files\Trend Micro
2009-10-29 04:22:18 0 d-----w- c:\programdata\SUPERAntiSpyware.com
2009-10-29 04:21:07 0 d-----w- c:\users\jackng~1\appdata\roaming\SUPERAntiSpyware.com
2009-10-29 04:21:07 0 d-----w- c:\program files\SUPERAntiSpyware
2009-10-29 01:16:22 0 d-----w- C:\Program Files (x86)
2009-10-29 01:16:21 559616 ----a-w- C:\seatoolsforwindowssetup.msi
2009-10-28 20:42:54 0 d-----w- c:\program files\common files\Wise Installation Wizard
2009-10-28 17:05:43 65536 --sha-w- c:\users\jack nguyen\ntuser.dat{9863edc8-c3e2-11de-a0e8-806e6f6e6963}.TM.blf
2009-10-28 17:05:43 524288 --sha-w- c:\users\jack nguyen\ntuser.dat{9863edc8-c3e2-11de-a0e8-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms
2009-10-28 17:05:43 524288 --sha-w- c:\users\jack nguyen\ntuser.dat{9863edc8-c3e2-11de-a0e8-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms
2009-10-28 13:47:55 0 d-----w- c:\users\jackng~1\appdata\roaming\Malwarebytes
2009-10-28 13:47:45 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-28 13:47:43 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-28 13:47:43 0 d-----w- c:\programdata\Malwarebytes
2009-10-28 13:47:43 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-28 12:58:45 0 d-----w- c:\windows\system32\URTTEMP
2009-10-28 10:56:23 310784 ----a-w- c:\windows\system32\unregmp2.exe
2009-10-28 10:56:11 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-10-16 18:35:39 0 d-----w- c:\programdata\WindowsSearch
2009-10-15 08:25:42 0 d-----w- c:\windows\SQL9_KB970892_ENU
2009-10-15 08:14:59 60928 ----a-w- c:\windows\system32\msasn1.dll
2009-10-15 08:14:55 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-10-15 08:14:53 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2009-10-15 06:09:10 210352 ----a-w- c:\windows\system32\idmmbc.dll

==================== Find3M ====================

2009-11-08 01:53:17 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-29 11:33:46 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-10-29 11:33:46 51200 ----a-w- c:\windows\inf\infpub.dat
2009-10-29 11:33:45 86016 ----a-w- c:\windows\inf\infstor.dat
2009-10-29 11:33:45 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-10-22 06:46:04 93096 ----a-w- c:\windows\system32\IncContxMenu.dll
2009-10-22 06:45:56 2115496 ----a-w- c:\windows\system32\Incinerator.dll
2009-10-01 01:02:17 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2009-10-01 01:02:05 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2009-10-01 01:02:04 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-10-01 01:02:02 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2009-10-01 01:02:00 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2009-10-01 01:01:59 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2009-10-01 01:01:59 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-10-01 01:01:56 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2009-10-01 01:01:56 350208 ----a-w- c:\windows\system32\WPDSp.dll
2009-10-01 01:01:56 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2009-10-01 01:01:56 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2009-10-01 01:01:54 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2009-09-25 02:10:10 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2009-09-25 02:07:08 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2009-09-25 02:04:32 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2009-09-25 01:49:22 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2009-09-25 01:48:08 351232 ----a-w- c:\windows\system32\XpsPrint.dll
2009-09-25 01:38:29 847360 ----a-w- c:\windows\system32\OpcServices.dll
2009-09-25 01:36:13 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2009-09-25 01:35:31 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2009-09-25 01:33:25 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2009-09-25 01:33:15 829440 ----a-w- c:\windows\system32\d3d10warp.dll
2009-09-25 01:33:01 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2009-09-25 01:32:59 252928 ----a-w- c:\windows\system32\dxdiag.exe
2009-09-25 01:31:53 519680 ----a-w- c:\windows\system32\d3d11.dll
2009-09-25 01:31:26 486912 ----a-w- c:\windows\system32\d3d10level9.dll
2009-09-25 01:31:21 161280 ----a-w- c:\windows\system32\d3d10_1.dll
2009-09-25 01:31:19 218112 ----a-w- c:\windows\system32\d3d10_1core.dll
2009-09-25 01:31:16 1030144 ----a-w- c:\windows\system32\d3d10.dll
2009-09-25 01:31:15 828928 ----a-w- c:\windows\system32\d2d1.dll
2009-09-25 01:30:23 481792 ----a-w- c:\windows\system32\dxgi.dll
2009-09-25 01:30:23 190464 ----a-w- c:\windows\system32\d3d10core.dll
2009-09-25 01:27:25 634880 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2009-09-25 01:27:04 793088 ----a-w- c:\windows\system32\FntCache.dll
2009-09-25 01:27:04 37888 ----a-w- c:\windows\system32\cdd.dll
2009-09-25 01:27:04 1064448 ----a-w- c:\windows\system32\DWrite.dll
2009-09-24 22:54:55 258048 ----a-w- c:\windows\system32\winspool.drv
2009-09-24 22:54:53 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2009-09-24 22:54:52 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2009-09-24 09:28:00 37665 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont
2009-09-15 23:22:48 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-09-15 23:22:48 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-09-15 23:22:48 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-09-15 23:22:48 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-09-15 23:22:14 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-09-10 16:48:01 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-08-29 00:27:49 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:14:38 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-27 05:22:28 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 05:17:43 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-08-27 05:17:43 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-08-27 03:42:29 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-08-26 05:42:00 30208 ----a-w- c:\windows\system32\iolobtdfg.exe
2009-08-26 05:42:00 12288 ----a-w- c:\windows\system32\smrgdf.exe
2009-08-17 12:33:52 1193832 ----a-w- c:\windows\system32\FM20.DLL
2009-08-16 15:08:36 178176 ----a-w- c:\windows\system32\unrar.dll
2009-08-14 15:53:34 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 13:49:20 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 13:49:18 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 13:49:18 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 13:49:15 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 13:49:14 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 13:49:14 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 13:49:13 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-14 13:48:02 105984 ----a-w- c:\windows\system32\netiohlp.dll
2009-08-14 11:40:36 74703 ----a-w- c:\windows\system32\mfc45.dll
2008-01-21 02:43:58 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:07 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:07 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:07 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:07 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat

============= FINISH: 9:20:48.66 ===============

JackVT · 11-11-2009, 03:43 PM

And my apology, I could not get a GMER log, because my laptop's suddenly shutdown during the scan, (I tried several times but no luck). What do you suggest i should do?

extremeboy · 11-11-2009, 03:44 PM

Could you run the GMER scan and post the log as well?

If GMER doesn't work you can try RootRepeal...
Download and run RootRepeal CR

Please download RootRepeal from the following location and save it to your desktop.

Direct Download (Recommended)
Zip Mirrors (Recommended if you have a slower connection or if the Direct Download mirror is down)

Unzip the RootRepeal.zip file it to it's own folder. (If you did not use the "Direct Download" mirror to download RootRepeal).
Close/Disable all other programs especially your security programs (anti-spyware, anti-virus, and firewall) Refer to this page, if you are unsure how.
Physically disconnect your machine from the internet as your system will be unprotected.
Double-click on RootRepeal.exe to run it. If you are using Vista, please right-click and run as Administrator...
Click the tab at the bottom.
Now press the button.
A box will pop up, check the boxes beside All Seven options/scan area
Now click OK.
Another box will open, check the boxes beside all the drives, eg : C:\, then click OK.
The scan will take a little while to run, so let it go unhindered.
Once it is done, click the Save Report button.
Save it as RepealScan and save it to your desktop
Reconnect to the internet.
Post the contents of that log in your reply please.

JackVT · 11-11-2009, 04:16 PM

Hi again Extremeboy,

I'm not sure why, but I've manage to get a GMER log this time

.(maybe because I disconnected my internet)

extremeboy · 11-11-2009, 04:49 PM

Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Refer to this page on instructions on doing so.

Please include the C:\ComboFix.txt in your next reply for further review.

JackVT · 11-13-2009, 10:10 PM

Hi ExtremeBoy,

Sorry for the late reply, I'm a little busy lately.

Here the combofix log:
ComboFix 09-11-11.02 - Jack Nguyen 14/11/2009 15:39.6.2 - NTFSx86
Microsoft® Windows Vista™ Business 6.0.6002.2.1252.61.1033.18.1914.999 [GMT 11:00]
Running from: c:\users\Jack Nguyen\Desktop\ComboFix.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2009-10-14 to 2009-11-14 )))))))))))))))))))))))))))))))
.

2009-11-14 04:50 . 2009-11-14 04:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-11-14 04:34 . 2009-11-14 04:34 99 ----a-w- c:\users\Jack Nguyen\AppData\Local\fusioncache.dat
2009-11-13 16:09 . 2009-11-13 16:09 -------- d-----w- c:\program files\Redbana
2009-11-12 03:36 . 2009-11-12 03:36 -------- d-----w- c:\program files\uTorrent
2009-11-12 03:35 . 2009-11-12 03:40 4096 d-----w- c:\users\Jack Nguyen\AppData\Roaming\uTorrent
2009-11-11 22:55 . 2009-11-11 22:56 34816 ----a-w- c:\windows\system32\drivers\rootrepeal_2.sys
2009-11-11 12:40 . 2009-08-14 13:27 2036736 ----a-w- c:\windows\system32\win32k.sys
2009-11-11 12:39 . 2009-08-10 12:35 355328 ----a-w- c:\windows\system32\WSDApi.dll
2009-11-11 05:31 . 2009-11-11 05:31 -------- d-----w- c:\users\Jack Nguyen\AppData\Local\Apple
2009-11-11 05:31 . 2009-11-11 05:31 -------- d-----w- c:\users\Jack Nguyen\AppData\Local\Apple Computer
2009-11-09 04:01 . 2009-11-09 04:01 -------- d-----w- c:\users\Jack Nguyen\AppData\Local\Electronic Arts
2009-11-09 03:58 . 2009-11-09 03:58 -------- d--h--r- c:\users\Jack Nguyen\AppData\Roaming\SecuROM
2009-11-09 03:58 . 2009-11-09 03:58 108144 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-11-09 03:46 . 2009-11-09 03:46 -------- d-----w- c:\program files\Electronic Arts
2009-11-08 05:51 . 2009-11-08 05:51 -------- d-----w- c:\users\Jack Nguyen\AppData\Local\Adobe
2009-11-08 05:27 . 2009-11-11 07:23 12288 d-----w- c:\program files\Counter-Strike
2009-11-08 02:04 . 2009-11-08 02:04 -------- d-----w- c:\program files\ESET
2009-11-08 01:36 . 2009-11-08 01:45 4096 d-----w- c:\users\Jack Nguyen\.SunDownloadManager
2009-11-07 10:48 . 2009-11-13 02:00 4096 d-----w- c:\program files\2D Audition Offline
2009-11-06 12:31 . 2009-11-06 12:31 -------- d-----w- c:\users\Default\AppData\Roaming\iolo
2009-11-06 06:33 . 2009-11-06 06:49 34816 ----a-w- c:\windows\system32\drivers\rootrepeal.sys
2009-11-02 02:04 . 2009-11-03 23:44 8192 d-----w- c:\program files\Tsukihime
2009-11-02 01:47 . 2009-11-02 01:47 -------- d-----w- c:\program files\Smart Projects
2009-10-31 17:36 . 2009-10-31 17:36 -------- d-----w- c:\programdata\F-Secure
2009-10-29 14:12 . 2009-11-14 04:51 8192 d-----w- c:\users\Jack Nguyen\AppData\Local\temp
2009-10-29 13:59 . 2008-04-22 00:20 312344 ----a-w- c:\windows\system32\drivers\iaStor.sys
2009-10-29 12:35 . 2009-11-08 04:55 4096 d-----w- c:\programdata\Spybot - Search & Destroy
2009-10-29 12:35 . 2009-11-08 04:55 4096 d-----w- c:\program files\Spybot - Search & Destroy
2009-10-29 12:34 . 2009-10-29 12:34 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-10-29 12:32 . 2009-11-03 08:19 -------- d-----w- c:\programdata\Lavasoft
2009-10-29 11:34 . 2009-10-29 11:34 -------- d-----w- c:\program files\Windows Portable Devices
2009-10-29 11:28 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2009-10-29 11:28 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2009-10-29 11:28 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2009-10-29 11:26 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2009-10-29 11:25 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-10-29 11:25 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2009-10-29 11:25 . 2009-11-14 04:35 4096 d-----w- c:\users\Jack Nguyen\AppData\Local\ApplicationHistory
2009-10-29 11:21 . 2009-10-29 11:21 -------- d-----w- c:\program files\Trend Micro
2009-10-29 04:24 . 2009-11-07 12:19 117760 ----a-w- c:\users\Jack Nguyen\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-10-29 04:22 . 2009-10-29 04:22 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2009-10-29 04:21 . 2009-10-29 04:21 4096 d-----w- c:\program files\SUPERAntiSpyware
2009-10-29 04:21 . 2009-10-29 04:21 -------- d-----w- c:\users\Jack Nguyen\AppData\Roaming\SUPERAntiSpyware.com
2009-10-29 01:16 . 2009-10-29 01:16 -------- d-----w- C:\Program Files (x86)
2009-10-29 01:16 . 2009-10-29 01:16 559616 ----a-w- C:\seatoolsforwindowssetup.msi
2009-10-28 20:42 . 2009-10-28 20:42 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-10-28 13:47 . 2009-10-28 13:47 -------- d-----w- c:\users\Jack Nguyen\AppData\Roaming\Malwarebytes
2009-10-28 13:47 . 2009-09-10 03:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-28 13:47 . 2009-10-28 13:47 4096 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-28 13:47 . 2009-10-28 13:47 -------- d-----w- c:\programdata\Malwarebytes
2009-10-28 13:47 . 2009-09-10 03:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-28 12:58 . 2009-10-28 12:58 -------- d-----w- c:\windows\system32\URTTEMP
2009-10-28 10:56 . 2009-09-10 14:58 310784 ----a-w- c:\windows\system32\unregmp2.exe
2009-10-28 10:56 . 2009-09-10 14:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-10-16 18:35 . 2009-10-16 18:35 -------- d-----w- c:\programdata\WindowsSearch
2009-10-15 08:25 . 2009-10-15 08:25 4096 d-----w- c:\windows\SQL9_KB970892_ENU
2009-10-15 08:14 . 2009-09-04 11:41 60928 ----a-w- c:\windows\system32\msasn1.dll
2009-10-15 08:14 . 2009-09-14 09:29 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-10-15 08:14 . 2009-05-08 12:53 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2009-10-15 06:09 . 2009-09-09 10:43 210352 ----a-w- c:\windows\system32\idmmbc.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-14 04:34 . 2009-08-14 10:28 4096 d-----w- c:\programdata\McAfee
2009-11-14 04:28 . 2009-03-22 08:25 -------- d-----w- c:\users\Jack Nguyen\AppData\Roaming\DMCache
2009-11-14 04:16 . 2008-08-08 18:26 12 ----a-w- c:\windows\bthservsdp.dat
2009-11-13 16:09 . 2008-08-08 18:51 8192 d--h--w- c:\program files\InstallShield Installation Information
2009-11-12 10:16 . 2009-04-30 16:10 -------- d-----w- c:\users\Jack Nguyen\AppData\Roaming\MTD
2009-11-12 10:15 . 2009-04-30 16:09 8192 d-----w- c:\program files\mtd9
2009-11-12 08:31 . 2006-11-02 11:18 4096 d-----w- c:\program files\Windows Mail
2009-11-12 07:06 . 2009-03-22 23:16 12288 d-----w- c:\programdata\Microsoft Help
2009-11-11 06:29 . 2009-03-22 08:21 4096 d-----w- c:\program files\FlashGet
2009-11-10 02:05 . 2009-08-01 16:50 4096 d-----w- c:\users\Jack Nguyen\AppData\Roaming\mIRC
2009-11-10 02:01 . 2009-08-01 16:50 4096 d-----w- c:\program files\mIRC
2009-11-09 05:11 . 2009-03-22 08:24 8192 d-----w- c:\program files\Internet Download Manager
2009-11-08 17:28 . 2009-03-22 08:25 4096 d-----w- c:\users\Jack Nguyen\AppData\Roaming\IDM
2009-11-08 07:04 . 2009-05-05 05:24 198064 ----a-w- c:\users\Jack Nguyen\AppData\Roaming\IDM\idmmzcc3\components\idmmzcc.dll
2009-11-08 06:31 . 2009-03-22 05:55 106160 ----a-w- c:\users\Jack Nguyen\AppData\Local\GDIPFONTCACHEV1.DAT
2009-11-08 05:52 . 2009-03-22 07:19 -------- d-----w- c:\users\Jack Nguyen\AppData\Roaming\U3
2009-11-08 04:57 . 2009-03-23 04:05 -------- d-----w- c:\program files\IObit
2009-11-08 01:53 . 2009-06-02 04:13 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-11-08 01:41 . 2008-08-08 20:54 4096 d-----w- c:\program files\Common Files\Adobe
2009-11-06 17:43 . 2009-08-14 11:39 4096 d-----w- c:\programdata\iolo
2009-11-06 14:37 . 2009-08-14 13:55 518 ----a-w- c:\users\Jack Nguyen\AppData\Roaming\iolo\Registry\Last\restore.bat
2009-10-29 16:03 . 2009-03-22 11:07 -------- d-----w- c:\users\Jack Nguyen\AppData\Roaming\vghd
2009-10-29 15:21 . 2008-08-08 20:56 4096 d-----w- c:\program files\Java
2009-10-29 11:33 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-10-29 11:33 . 2009-10-29 11:33 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-10-28 16:26 . 2009-08-14 12:56 1311 ----a-w- c:\users\Jack Nguyen\AppData\Roaming\iolo\restore.bat
2009-10-28 14:56 . 2009-10-09 21:23 4096 d-----w- c:\users\Jack Nguyen\AppData\Roaming\LimeWire
2009-10-23 09:23 . 2009-08-14 10:46 4096 d-----w- c:\program files\McAfee
2009-10-22 06:46 . 2009-08-14 12:32 93096 ----a-w- c:\windows\system32\IncContxMenu.dll
2009-10-22 06:45 . 2009-08-14 12:32 2115496 ----a-w- c:\windows\system32\Incinerator.dll
2009-10-15 08:26 . 2009-03-22 23:19 -------- d-----w- c:\program files\Microsoft SQL Server
2009-10-11 04:07 . 2009-10-11 04:07 -------- d-----w- c:\program files\Yontoo Layers Client
2009-10-11 04:07 . 2009-10-11 04:07 -------- d-----w- c:\programdata\Tarma Installer
2009-10-01 01:02 . 2009-10-29 11:27 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2009-10-01 01:02 . 2009-10-29 11:27 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2009-10-01 01:02 . 2009-10-29 11:27 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-10-01 01:02 . 2009-10-29 11:27 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2009-10-01 01:02 . 2009-10-29 11:27 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2009-10-01 01:01 . 2009-10-29 11:27 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2009-10-01 01:01 . 2009-10-29 11:27 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-10-01 01:01 . 2009-10-29 11:27 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2009-10-01 01:01 . 2009-10-29 11:27 350208 ----a-w- c:\windows\system32\WPDSp.dll
2009-10-01 01:01 . 2009-10-29 11:27 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2009-10-01 01:01 . 2009-10-29 11:27 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2009-10-01 01:01 . 2009-10-29 11:27 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2009-09-30 14:08 . 2009-09-30 14:08 -------- d-----w- c:\program files\illusion
2009-09-29 01:30 . 2009-10-11 04:07 108032 --s-a-r- c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll
2009-09-29 01:30 . 2009-10-11 04:07 161792 --s-a-r- c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll
2009-09-25 08:49 . 2009-09-25 08:49 -------- d-----w- c:\users\Jack Nguyen\AppData\Roaming\Intel
2009-09-25 02:10 . 2009-10-29 11:27 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2009-09-25 02:07 . 2009-10-29 11:27 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2009-09-25 02:04 . 2009-10-29 11:27 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2009-09-25 01:49 . 2009-10-29 11:27 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2009-09-25 01:48 . 2009-10-29 11:27 351232 ----a-w- c:\windows\system32\XpsPrint.dll
2009-09-25 01:38 . 2009-10-29 11:27 847360 ----a-w- c:\windows\system32\OpcServices.dll
2009-09-25 01:36 . 2009-10-29 11:27 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2009-09-25 01:35 . 2009-10-29 11:27 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2009-09-25 01:33 . 2009-10-29 11:27 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2009-09-25 01:33 . 2009-10-29 11:27 829440 ----a-w- c:\windows\system32\d3d10warp.dll
2009-09-25 01:33 . 2009-10-29 11:27 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2009-09-25 01:32 . 2009-10-29 11:27 252928 ----a-w- c:\windows\system32\dxdiag.exe
2009-09-25 01:31 . 2009-10-29 11:27 519680 ----a-w- c:\windows\system32\d3d11.dll
2009-09-25 01:31 . 2009-10-29 11:27 486912 ----a-w- c:\windows\system32\d3d10level9.dll
2009-09-25 01:31 . 2009-10-29 11:27 161280 ----a-w- c:\windows\system32\d3d10_1.dll
2009-09-25 01:31 . 2009-10-29 11:27 218112 ----a-w- c:\windows\system32\d3d10_1core.dll
2009-09-25 01:31 . 2009-10-29 11:27 1030144 ----a-w- c:\windows\system32\d3d10.dll
2009-09-25 01:31 . 2009-10-29 11:27 828928 ----a-w- c:\windows\system32\d2d1.dll
2009-09-25 01:30 . 2009-10-29 11:27 481792 ----a-w- c:\windows\system32\dxgi.dll
2009-09-25 01:30 . 2009-10-29 11:27 190464 ----a-w- c:\windows\system32\d3d10core.dll
2009-09-25 01:27 . 2009-10-29 11:27 634880 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2009-09-25 01:27 . 2009-10-29 11:27 37888 ----a-w- c:\windows\system32\cdd.dll
2009-09-25 01:27 . 2009-10-29 11:27 793088 ----a-w- c:\windows\system32\FntCache.dll
2009-09-25 01:27 . 2009-10-29 11:27 1064448 ----a-w- c:\windows\system32\DWrite.dll
2009-09-24 22:54 . 2009-10-29 11:27 258048 ----a-w- c:\windows\system32\winspool.drv
2009-09-24 22:54 . 2009-10-29 11:27 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2009-09-24 22:54 . 2009-10-29 11:27 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2009-09-24 09:39 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-09-24 09:39 . 2006-11-02 12:37 4096 d-----w- c:\program files\Windows Sidebar
2009-09-24 09:39 . 2006-11-02 12:37 4096 d-----w- c:\program files\Windows Journal
2009-09-24 09:39 . 2006-11-02 12:37 4096 d-----w- c:\program files\Windows Collaboration
2009-09-24 09:39 . 2006-11-02 12:37 4096 d-----w- c:\program files\Windows Photo Gallery
2009-09-24 09:39 . 2006-11-02 12:37 4096 d-----w- c:\program files\Windows Defender
2009-09-20 05:29 . 2009-09-20 05:29 -------- d-----w- c:\program files\Common Files\Real
2009-09-20 05:29 . 2009-09-20 05:29 -------- d-----w- c:\program files\Common Files\xing shared
2009-09-20 05:29 . 2009-09-20 05:29 -------- d-----w- c:\program files\Real
2009-09-20 05:23 . 2009-04-20 16:36 4096 d-----w- c:\program files\Free iPod Video Converter
2009-09-20 05:04 . 2009-04-20 16:42 4096 d-----w- c:\program files\K-Lite Codec Pack
2009-09-15 23:22 . 2009-08-14 10:46 79816 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-09-15 23:22 . 2009-08-14 10:46 40552 ----a-w- c:\windows\system32\drivers\mfesmfk.sys
2009-09-15 23:22 . 2009-08-14 10:46 35272 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-09-15 23:22 . 2009-07-08 03:44 214664 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-09-15 23:22 . 2009-08-14 10:35 34248 ----a-w- c:\windows\system32\drivers\mferkdk.sys
2009-09-11 06:41 . 2009-10-11 04:06 224256 --s---r- c:\programdata\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe
2009-09-10 16:48 . 2009-10-15 08:15 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-08-29 00:27 . 2009-09-02 21:31 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:14 . 2009-09-02 21:31 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-27 05:22 . 2009-10-15 08:15 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 05:17 . 2009-10-15 08:15 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-08-27 05:17 . 2009-10-15 08:15 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-08-27 03:42 . 2009-10-15 08:15 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2008-06-19 18:59 . 2009-03-29 05:27 889856 ------w- c:\program files\mozilla firefox\components\pbgk1_9.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2009-09-25 19:22 194912 ------w- c:\program files\Yontoo Layers Client\YontooIEClient.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AOLOverlayIcon]
@="{AB0C8BE3-041C-47d6-8195-E089D32B38DD}"
[HKEY_CLASSES_ROOT\CLSID\{AB0C8BE3-041C-47d6-8195-E089D32B38DD}]
2008-06-14 00:07 303104 ------w- c:\ddi\OverIcon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2008-06-19 19:04 2957312 ----a-w- c:\program files\Protector Suite QL\farchns.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2008-06-19 19:04 2957312 ----a-w- c:\program files\Protector Suite QL\farchns.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"SmartRAM"="c:\program files\IObit\Advanced SystemCare 3\Sup_SmartRAM.exe" [2009-02-19 202064]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-07-13 39408]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-11-08 3134896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"VMSwitch"="c:\program files\Sony\VAIO Mode Switch\VMSwitch.exe" [2008-07-25 534368]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-10 835584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-07-04 145944]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2008-04-04 317280]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-07-04 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-07-04 170520]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-10-01 289576]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-09-17 645328]
"McENUI"="c:\progra~1\McAfee\MHN\McENUI.exe" [2009-07-07 1176808]
"McPvTray"="c:\program files\McAfee\Anti-Theft\McPvTray.exe" [2008-05-27 655360]
"iolo Startup"="c:\program files\iolo\Common\Lib\ioloLManager.exe" [2009-10-21 313784]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-02 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-08 149280]
"McAfee Backup"="c:\program files\McAfee\MBK\McAfeeDataBackup.exe" [2009-07-08 5134864]
"RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2008-07-18 6295552]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-7-2 768552]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"DisableCAD"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoRecentDocsNetHood"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-12 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 04:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\psfus]
2008-06-19 18:51 90112 ----a-w- c:\windows\System32\psqlpwd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2008-07-16 01:04 98304 ----a-w- c:\windows\System32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mfehidk]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mfehidk.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mferkdk]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mferkdk.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mfetdik]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mfetdik.sys]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^AOLDDI.LNK]
backup=c:\windows\pss\AOLDDI.LNK.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPN Client.lnk]
backup=c:\windows\pss\VPN Client.lnk.CommonStartup
backupExtension=.CommonStartup

[HKLM\~\startupfolder\C:^Users^Jack Nguyen^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^DesktopVideoPlayer.LNK]
backup=c:\windows\pss\DesktopVideoPlayer.LNK.Startup
backupExtension=.Startup

[HKLM\~\startupfolder\C:^Users^Jack Nguyen^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
backup=c:\windows\pss\LimeWire On Startup.lnk.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):66,a3,37,f1,fb,3c,ca,01

R0 McPvDrv;McPvDrv;c:\windows\System32\drivers\McPvDrv.sys [28/05/2008 10:32 AM 61688]
R0 shpf;Sony HDD Protection Filter Driver;c:\windows\System32\drivers\shpf.sys [9/08/2008 6:17 AM 22944]
R1 ElRawDisk;ElRawDisk;c:\windows\System32\drivers\elrawdsk.sys [14/08/2009 10:44 PM 20392]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [12/10/2009 9:24 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/10/2009 9:24 PM 74480]
R2 regi;regi;c:\windows\System32\drivers\regi.sys [18/04/2007 2:09 PM 11032]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\System32\drivers\btwl2cap.sys [9/08/2008 5:55 AM 29736]
R3 NETw5v32;Intel(R) Wireless WiFi Link Adapter Driver for Windows Vista 32 Bit ;c:\windows\System32\drivers\NETw5v32.sys [29/04/2008 12:29 AM 3658752]
R3 SFEP;Sony Firmware Extension Parser;c:\windows\System32\drivers\SFEP.sys [9/08/2008 6:17 AM 9344]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [21/01/2008 1:24 PM 21504]
S3 rootrepeal_2;rootrepeal_2;c:\windows\System32\drivers\rootrepeal_2.sys [12/11/2009 9:55 AM 34816]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [12/10/2009 9:24 PM 7408]

--- Other Services/Drivers In Memory ---

*Deregistered* - mbr
*Deregistered* - PROCEXP113

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2009-11-14 c:\windows\Tasks\AWC AutoSweep.job
- c:\program files\IObit\Advanced SystemCare 3\AutoSweep.exe [2009-08-14 05:35]

2009-11-14 c:\windows\Tasks\AWC Startup.job
- c:\program files\IObit\Advanced SystemCare 3\AWC.exe [2009-08-14 23:55]

2009-10-14 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-21 01:22]

2009-10-31 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-21 01:22]

2009-11-11 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2009-07-16 23:22]

2009-11-14 c:\windows\Tasks\User_Feed_Synchronization-{C8D4F444-3891-4F04-AB73-4987DCC9CBD5}.job
- c:\windows\system32\msfeedssync.exe [2009-10-15 03:41]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://giangho.biz
uInternet Settings,ProxyOverride = *.local
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download FLV video content with IDM - c:\program files\Internet Download Manager\IEGetVL.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\Jack Nguyen\AppData\Roaming\Mozilla\Firefox\Profiles\fs4sqyrx.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: c:\program files\Mozilla Firefox\components\pbgk1_9.dll
FF - component: c:\users\Jack Nguyen\AppData\Roaming\IDM\idmmzcc3\components\idmmzcc.dll
FF - component: c:\users\Jack Nguyen\AppData\Roaming\Mozilla\Firefox\Profiles\fs4sqyrx.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - fales
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: browser.xul.error_pages.enabled - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 3000000
FF - user.js: content.maxtextrun - 8191
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 32
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 8
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-14 15:51
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\collsvc.exe\" \"/service\" \"/counter=\Processor(_Total)\% Processor Time:5\" \"/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:5\" \"/counter=\Network Interface(*)\Bytes Total/sec:5\" \"/directory=inteldata\""
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,79,00,73,00,\

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(740)
c:\windows\system32\psqlpwd.dll
c:\program files\Protector Suite QL\homefus2.dll
c:\program files\Protector Suite QL\infra.dll

- - - - - - - > 'Explorer.exe'(2564)
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\ddi\overicon.dll
c:\program files\Protector Suite QL\farchns.dll
c:\program files\Protector Suite QL\infra.dll
c:\windows\system32\btmmhook.dll
.
Completion time: 2009-11-14 15:54
ComboFix-quarantined-files.txt 2009-11-14 04:54

Pre-Run: 47,986,372,096 bytes free
Post-Run: 47,740,778,496 bytes free

- - End Of File - - AE0B3EDD93C992A86C54F1EC2D3D5DD3

extremeboy · 11-14-2009, 06:23 PM

Hello.

How's the computer running now? Better?

Download and run MalwareBytes Anti-Malware

Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1

Make sure you are connected to the Internet.
Double-click on Download_mbam-setup.exe to install the application.
When the installation begins, follow the prompts and do not make any changes to default settings.
When installation has finished, make sure you leave both of these checked:
- Update Malwarebytes' Anti-Malware
- Launch Malwarebytes' Anti-Malware
Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
- Make sure the "Perform Quick Scan" option is selected.
- Then click on the Scan button.
If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
Make sure that everything is checked, and click Remove Selected.
When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
Copy and paste the contents of that report in your next reply and exit MBAM.

Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

For complete or visual instructions on installing and running Malwarebytes Anti-Malware please read this link

Take a new DDS run afterward and post back with both the DDS and Attach logs in your next reply. Also, let me know how your computer is running and if you have any more problems, issues or symptoms left. Redirects still there?

Thanks.

With Regards,
Extremeboy

JackVT · 11-14-2009, 11:03 PM

Hi and thank you again, ExtremeBoy
My laptop's running fine, but the redirection still happen.
Here's the Malware bytes log:

Malwarebytes' Anti-Malware 1.41
Database version: 3173
Windows 6.0.6002 Service Pack 2

15/11/2009 4:54:55 PM
mbam-log-2009-11-15 (16-54-55).txt

Scan type: Quick Scan
Objects scanned: 102407
Time elapsed: 8 minute(s), 11 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\AppID\{fa8edcdd-efa2-477b-b00a-7f28f02cd37e} (Spyware.OnlineGames) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

And I've attached the DDS and Attach logs.

extremeboy · 11-15-2009, 09:31 AM

Quote:

My laptop's running fine, but the redirection still happen.

Can you be a bit more specific? Where do you get redirected to? Where does it happen?

Run a new GMER scan for me and post back with the log. Main Mirror for downloading GMER.

Thanks.

With Regards,
Extremeboy

extremeboy · 11-25-2009, 12:14 PM

Hello.

Due to lack of feedback, this topic will now be archived.
If you need continued support, please begin a new thread.

This applies only to the original topic starter.

Everyone else please begin a New Topic by following the steps outlined here:

http://www.techsupportforum.com/secu...oval-help.html

Thanks.

With Regards,
Extremeboy

11-06-2009, 02:31 PM	#2 (permalink)
extremeboy Analyst, Security Team Join Date: Jan 2009 Posts: 553 OS: N/A	Re: Help please!!! IE pop up while using FF, then google search results redirect. Hello and welcome to TSF. I Apologize for the late response. If you still require assistance, we would like to see the latest state of your system. So, please post a fresh DDS log and a new GMER log as described in this topic. In your reply, I would also like to know any symptoms you may still have and how your computer is running at the moment. Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe. Please note that the forum is very busy and if I don’t hear from you in three-five days this thread will be closed. With Regards, Extremeboy __________________ If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

11-09-2009, 02:43 PM	#3 (permalink)
extremeboy Analyst, Security Team Join Date: Jan 2009 Posts: 553 OS: N/A	Re: Help please!!! IE pop up while using FF, then google search results redirect. Hello. Are you still there? If you are please follow the instructions in my previous post. If you still need help, follow the instructions I have given in my response. If you have since had your problem solved, we would appreciate you letting us know so we can close the topic. Please reply back telling us so. The forums here at TSF is always a busy place and if I don't hear you from within 5 days since my last reply, the topic will need to be closed. Thanks for understanding. With Regards, Extremeboy __________________ If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

11-11-2009, 03:43 PM	#5 (permalink)
JackVT Registered User Join Date: Oct 2009 Posts: 6 OS: Window Vista Business	Re: Help please!!! IE pop up while using FF, then google search results redirect. And my apology, I could not get a GMER log, because my laptop's suddenly shutdown during the scan, (I tried several times but no luck). What do you suggest i should do?

11-11-2009, 03:44 PM	#6 (permalink)
extremeboy Analyst, Security Team Join Date: Jan 2009 Posts: 553 OS: N/A	Re: Help please!!! IE pop up while using FF, then google search results redirect. Could you run the GMER scan and post the log as well? If GMER doesn't work you can try RootRepeal... Download and run RootRepeal CR Please download RootRepeal from the following location and save it to your desktop. Direct Download (Recommended) Primary Mirror Secondary Mirror Secondary Mirror Secondary Mirror Zip Mirrors (Recommended if you have a slower connection or if the Direct Download mirror is down) Primary Mirror Secondary Mirror Secondary Mirror Unzip the RootRepeal.zip file it to it's own folder. (If you did not use the "Direct Download" mirror to download RootRepeal). Close/Disable all other programs especially your security programs (anti-spyware, anti-virus, and firewall) Refer to this page, if you are unsure how. Physically disconnect your machine from the internet as your system will be unprotected. Double-click on RootRepeal.exe to run it. If you are using Vista, please right-click and run as Administrator... Click the tab at the bottom. Now press the button. A box will pop up, check the boxes beside All Seven options/scan area Now click OK. Another box will open, check the boxes beside all the drives, eg : C:\, then click OK. The scan will take a little while to run, so let it go unhindered. Once it is done, click the Save Report button. Save it as RepealScan and save it to your desktop Reconnect to the internet. Post the contents of that log in your reply please. __________________ If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

11-11-2009, 04:49 PM	#8 (permalink)
extremeboy Analyst, Security Team Join Date: Jan 2009 Posts: 553 OS: N/A	Re: Help please!!! IE pop up while using FF, then google search results redirect. Please visit this webpage for instructions for downloading and running ComboFix: http://www.bleepingcomputer.com/comb...o-use-combofix * Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Refer to this page on instructions on doing so. Please include the C:\ComboFix.txt in your next reply for further review. __________________ If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

11-14-2009, 06:23 PM	#10 (permalink)
extremeboy Analyst, Security Team Join Date: Jan 2009 Posts: 553 OS: N/A	Re: Help please!!! IE pop up while using FF, then google search results redirect. Hello. How's the computer running now? Better? Download and run MalwareBytes Anti-Malware Please download Malwarebytes Anti-Malware and save it to your desktop. alternate download link 1 Make sure you are connected to the Internet. Double-click on Download_mbam-setup.exe to install the application. When the installation begins, follow the prompts and do not make any changes to default settings. When installation has finished, make sure you leave both of these checked: Update Malwarebytes' Anti-Malware Launch Malwarebytes' Anti-Malware Then click Finish. MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install. On the Scanner tab: Make sure the "Perform Quick Scan" option is selected. Then click on the Scan button. If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button. The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient. When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found". Click OK to close the message box and continue with the removal process. Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found. Make sure that *everything is checked, and click Remove Selected. When removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)* The log is automatically saved and can be viewed by clicking the Logs tab in MBAM. Copy and paste the contents of that report in your next reply and exit MBAM. Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware. For complete or visual instructions on installing and running Malwarebytes Anti-Malware please read this link Take a new DDS run afterward and post back with both the DDS and Attach logs in your next reply. Also, let me know how your computer is running and if you have any more problems, issues or symptoms left. Redirects still there? Thanks. With Regards, Extremeboy __________________ If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.

11-25-2009, 12:14 PM	#13 (permalink)
extremeboy Analyst, Security Team Join Date: Jan 2009 Posts: 553 OS: N/A	Re: Help please!!! IE pop up while using FF, then google search results redirect. Hello. Due to lack of feedback, this topic will now be archived. If you need continued support, please begin a new thread. This applies only to the original topic starter. Everyone else please begin a New Topic by following the steps outlined here: http://www.techsupportforum.com/secu...oval-help.html Thanks. With Regards, Extremeboy __________________ If I'm helping you and I don't reply within 48 hours please feel free to send me a PM.