HELP: Popups in both IE and Firefox

Zanevalon · 02-20-2009, 10:52 AM

I need some help removing spyware/malware from my computer. For a couple weeks now i've been getting popups in IE from a site called zedo.com and bluesquaremedia.com and as of recently it's begun to happen in firefox as well. These popups occur about every two minutes regardless of if the internet is connected or not.

Ad-aware and Kaspersky were unable to find them and completely delete the spyware that's been affecting my computer. Instead of just restarting the whole system i would like to remove the files manually and keep all my junk. Can someone tell me which Logs and Scans i should be preforming to solve the problem.

Below are the requested Logs from the Sticky: New Instructions...

DDS (Ver_09-02-01.01) - NTFSx86
Run by Samuel at 12:40:09.31 on Fri 02/20/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_12
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.894.326 [GMT -5:00]

AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\GetPack\GetPack30.exe
C:\Program Files\GetModule\GetModule37.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Documents and Settings\Samuel\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
mWinlogon: SfcDisable=-99 (0xffffff9d)
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\smart web printing\hpswp_printenhancer.dll
BHO: HP Print Clips: {053f9267-dc04-4294-a72c-58f732d338c0} - c:\program files\hp\smart web printing\hpswp_framework.dll
BHO: CPV: {15421b84-3488-49a7-ad18-cbf84a3efaf6} - c:\program files\webshow\WebShow.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky anti-virus 2009\ievkbd.dll
BHO: Debro IE Helper: {836a4b93-6f4a-4d61-ad3d-b8225d921f42} - c:\program files\debropack\DebroPack.dll
BHO: HelloWorldBHO: {d88e1558-7c2d-407a-953a-c044f5607cea} - Mjcore Class
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
EB: Internet Speed Monitor: {1b7f9277-46dc-4938-a28e-910497149e72} - c:\program files\debropack\DebroPack.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [RocketDock] "c:\windows\bricopacks\vista inspirat 2\rocketdock\RocketDock.exe"
uRun: [cogad] "c:\documents and settings\samuel\application data\cogad\cogad.exe" 61A847B5BBF72813359231466188719AB689201522886B092CBD44BD8689220221DD3257
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [GetPack30] "c:\program files\getpack\GetPack30.exe"
uRun: [GetModule37] c:\program files\getmodule\GetModule37.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky anti-virus 2009\avp.exe"
dRunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32
StartupFolder: c:\docume~1\samuel\startm~1\programs\startup\rocket~1.lnk - c:\windows\bricopacks\vista inspirat 2\rocketdock\RocketDock.exe
StartupFolder: c:\docume~1\samuel\startm~1\programs\startup\ubericon.lnk - c:\windows\bricopacks\vista inspirat 2\ubericon\UberIcon Manager.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6} - c:\program files\kaspersky lab\kaspersky anti-virus 2009\SCIEPlgn.dll
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs: c:\progra~1\kasper~1\kasper~1\mzvkbd.dll,c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\samuel\applic~1\mozilla\firefox\profiles\nrjvjmhm.default\

============= SERVICES / DRIVERS ===============

R0 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2008-7-21 121872]
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-1-29 33808]
R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2009-2-17 226832]
R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-5-12 611664]
R2 AVP;Kaspersky Anti-Virus;c:\program files\kaspersky lab\kaspersky anti-virus 2009\avp.exe [2008-11-11 206088]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-4-30 24592]
S2 Network Monitor;Network Monitor;c:\program files\network monitor\netmon.exe service --> c:\program files\network monitor\netmon.exe service [?]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [2001-8-23 3584]
S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter;c:\windows\system32\drivers\NSDriver.sys [2008-4-29 15648]
S3 Ad-Watch Real-Time Scanner;AW Real-Time Scanner;c:\windows\system32\drivers\Awrtpd.sys [2008-4-29 12960]

============== File Associations ===============

regfile="regedit.exe" "%1"

=============== Created Last 30 ================

2009-02-20 12:26 <DIR> --d----- c:\program files\DebroPack
2009-02-18 00:59 <DIR> --d----- c:\docume~1\samuel\applic~1\GetModule
2009-02-18 00:59 <DIR> --d----- c:\program files\GetModule
2009-02-17 00:39 101,287 a------- c:\windows\system32\drivers\klin.dat
2009-02-17 00:39 89,601 a------- c:\windows\system32\drivers\klick.dat
2009-02-17 00:38 4,100,128 a--sh--- c:\windows\system32\drivers\fidbox.dat
2009-02-17 00:38 286,752 a--sh--- c:\windows\system32\drivers\fidbox2.dat
2009-02-17 00:38 36,256 a--sh--- c:\windows\system32\drivers\fidbox.idx
2009-02-17 00:38 3,108 a--sh--- c:\windows\system32\drivers\fidbox2.idx
2009-02-17 00:38 <DIR> --d----- c:\program files\Kaspersky Lab
2009-02-17 00:38 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Kaspersky Lab
2009-02-17 00:37 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Kaspersky Lab Setup Files
2009-02-16 16:55 <DIR> --d----- c:\program files\Lavasoft
2009-02-16 16:54 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-02-15 00:10 <DIR> --d----- c:\program files\GetPack
2009-02-12 21:46 <DIR> --d----- c:\docume~1\samuel\applic~1\Juce VST Host
2009-02-11 00:19 69 a------- c:\windows\NeroDigital.ini
2009-02-10 23:26 <DIR> --d----- c:\documents and settings\samuel\.housecall6.6
2009-02-10 23:24 73,728 a------- c:\windows\system32\javacpl.cpl
2009-02-08 23:58 <DIR> --d----- c:\program files\Nero
2009-02-08 23:58 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Nero
2009-02-08 23:28 <DIR> --d----- c:\program files\DVD Shrink
2009-02-08 23:05 <DIR> --d----- c:\program files\DVD Decrypter
2009-02-08 20:26 <DIR> --d----- c:\docume~1\samuel\applic~1\LimeWire
2009-02-08 20:26 410,984 a------- c:\windows\system32\deploytk.dll
2009-02-08 20:24 <DIR> --d----- c:\program files\LimeWire
2009-02-08 14:29 5,702 a---h--- c:\windows\nod32restoretemdono.reg
2009-02-08 14:29 568 a---h--- c:\windows\nod32fixtemdono.reg
2009-02-08 14:28 <DIR> --d----- c:\program files\ESET
2009-02-07 23:54 <DIR> --dsh--- c:\windows\U3RldmVuIFNhbXVlbA
2009-02-07 23:49 <DIR> --d----- c:\windows\rrqf
2009-02-07 23:49 <DIR> --d----- c:\program files\common files\rrqf
2009-02-07 23:44 <DIR> --d----- c:\program files\VnrPack
2009-02-07 23:44 <DIR> --d----- c:\program files\iCheck
2009-02-07 23:33 <DIR> --d----- c:\docume~1\samuel\applic~1\Twain
2009-02-07 23:28 <DIR> --d----- c:\program files\WebShow
2009-02-07 23:23 <DIR> --d----- c:\program files\Mjcore
2009-02-06 23:22 <DIR> --d----- c:\program files\ASIO4ALL v2
2009-02-06 23:22 225,280 a------- c:\windows\system32\rewire.dll
2009-02-06 23:22 <DIR> --d----- c:\program files\VstPlugins
2009-02-06 23:22 1,294,336 a------- c:\windows\system32\vorbis.acm
2009-02-06 23:21 <DIR> --d----- c:\program files\Outsim
2009-02-06 23:20 <DIR> --d----- c:\program files\Image-Line
2009-02-06 23:20 <DIR> --d----- c:\docume~1\samuel\applic~1\cogad
2009-01-24 19:11 <DIR> --d----- c:\program files\Audacity 1.3 Beta (Unicode)
2009-01-24 01:29 <DIR> --d----- c:\docume~1\alluse~1\applic~1\vsosdk
2009-01-24 00:59 <DIR> --d----- c:\docume~1\alluse~1\applic~1\WEBREG
2009-01-23 22:35 <DIR> --d----- c:\program files\common files\HP
2009-01-23 22:34 <DIR> --d----- c:\program files\common files\Hewlett-Packard
2009-01-23 22:34 118,272 a------- c:\windows\system32\hpz3l5ha.dll
2009-01-23 22:34 15,104 a------- c:\windows\system32\drivers\usbscan.sys
2009-01-23 22:33 21,568 a------- c:\windows\system32\drivers\HPZius12.sys
2009-01-23 22:33 16,496 a------- c:\windows\system32\drivers\HPZipr12.sys
2009-01-23 22:33 49,920 a------- c:\windows\system32\drivers\HPZid412.sys
2009-01-23 22:33 267,864 a------- c:\windows\system32\hpzids01.dll
2009-01-23 22:33 958,464 a------- c:\windows\system32\hpotiop4.dll
2009-01-23 22:33 675,840 a------- c:\windows\system32\hpowiax4.dll
2009-01-23 22:33 364,544 a------- c:\windows\system32\hppldcoi.dll
2009-01-23 22:33 309,760 a------- c:\windows\system32\difxapi.dll
2009-01-23 22:33 303,104 a------- c:\windows\system32\hpovst11.dll
2009-01-23 22:33 <DIR> --d----- c:\program files\HP
2009-01-23 22:31 139,671 a------- c:\windows\hpoins15.dat
2009-01-23 22:31 1,039 -------- c:\windows\hpomdl15.dat
2009-01-23 22:29 505,214 a------- c:\windows\system32\autorun.inf

==================== Find3M ====================

2009-02-17 00:49 33,808 a------- c:\windows\system32\drivers\klbg.sys
2009-01-16 04:16 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-01-15 23:57 87,608 a------- c:\docume~1\samuel\applic~1\inst.exe
2009-01-15 23:57 47,360 a------- c:\windows\system32\drivers\pcouffin.sys
2009-01-15 23:57 47,360 a------- c:\docume~1\samuel\applic~1\pcouffin.sys
2009-01-15 23:42 218,624 a------- c:\windows\system32\uxtheme.dll
2009-01-15 23:42 52,477 a------- c:\windows\BricoPackUninst.cmd
2009-01-15 23:42 6,116 a------- c:\windows\BricoPackFoldersDelete.cmd
2009-01-15 04:07 21,640 a------- c:\windows\system32\emptyregdb.dat
2009-01-08 15:12 361,600 a------- c:\windows\system32\drivers\tcpip.sys
2009-01-08 15:12 140,288 a------- c:\windows\system32\sfc_os.dll
2009-01-08 15:10 4,096 a------- c:\windows\system32\wmvdmoe2.dll
2009-01-08 15:10 4,096 a------- c:\windows\system32\wmvdmod.dll
2009-01-08 15:10 1,329,152 a------- c:\windows\system32\wmspdmoe.dll
2009-01-08 15:10 603,648 a------- c:\windows\system32\wmspdmod.dll
2009-01-08 15:09 8,231,936 a------- c:\windows\system32\wmploc.dll
2009-01-08 15:09 99,840 a------- c:\windows\system32\wmpshell.dll
2009-01-08 15:09 4,096 a------- c:\windows\system32\wmsdmoe2.dll
2009-01-08 15:09 4,096 a------- c:\windows\system32\wmsdmod.dll
2009-01-08 15:09 314,880 a------- c:\windows\system32\wmpdxm.dll
2009-01-08 15:09 242,688 a------- c:\windows\system32\wmpasf.dll
2009-01-08 15:09 938,496 a------- c:\windows\system32\wmnetmgr.dll
2009-01-08 15:09 157,184 a------- c:\windows\system32\wmidx.dll
2009-01-08 15:09 227,328 a------- c:\windows\system32\wmerror.dll
2009-01-08 14:41 1,614,848 a------- c:\windows\system32\sfcfiles.dll
2009-01-08 14:38 323,641 a------- c:\windows\system32\usrdtea.dll
2009-01-08 14:23 1,246,720 a------- c:\windows\system32\syssetup.dll
2009-01-08 14:23 24,576 a------- c:\windows\system32\nlsdl.dll
2009-01-08 14:23 26,112 a------- c:\windows\system32\idndl.dll
2009-01-08 14:23 23,552 a------- c:\windows\system32\normaliz.dll
2009-01-08 14:22 156,160 a------- c:\windows\system32\msls31.dll
2009-01-08 14:22 48,128 a------- c:\windows\system32\mshtmler.dll
2009-01-08 14:22 45,568 a------- c:\windows\system32\mshta.exe
2009-01-08 14:21 40,960 a------- c:\windows\system32\licmgr10.dll
2009-01-08 14:21 36,352 a------- c:\windows\system32\imgutil.dll
2009-01-08 14:21 55,296 a------- c:\windows\system32\iesetup.dll
2009-01-08 14:20 78,336 a------- c:\windows\system32\ieencode.dll
2009-01-08 14:20 17,408 a------- c:\windows\system32\corpol.dll
2009-01-08 14:20 71,680 a------- c:\windows\system32\admparse.dll
2009-01-08 14:15 323,696 a------- c:\windows\system32\msdrm.dll
2009-01-08 14:15 465,920 a------- c:\windows\system32\imapi2fs.dll
2009-01-08 14:15 317,952 a------- c:\windows\system32\imapi2.dll
2009-01-08 14:15 151,552 a------- c:\windows\system32\ifxcardm.dll
2009-01-08 14:15 633,344 a------- c:\windows\system32\gpprefcl.dll
2009-01-08 14:15 6,144 a------- c:\windows\system32\FontReg.exe
2009-01-08 14:15 96,792 a------- c:\windows\system32\basecsp.dll
2009-01-08 14:15 25,600 a------- c:\windows\system32\bcsprsrc.dll
2009-01-08 14:15 133,120 a------- c:\windows\system32\axaltocm.dll
2009-01-08 14:15 383,488 a------- c:\windows\system32\wzcdlg.dll
2009-01-08 14:14 23,576 a------- c:\windows\system32\wuauserv.dll
2009-01-08 14:14 194,520 a------- c:\windows\system32\wuaueng1.dll
2009-01-08 14:14 292,312 a------- c:\windows\system32\wuauclt1.exe
2009-01-08 14:14 90,112 a------- c:\windows\system32\wshext.dll
2009-01-08 14:14 155,648 a------- c:\windows\system32\wscript.exe
2009-01-08 14:14 134,144 a------- c:\windows\system32\wkssvc.dll
2009-01-08 14:14 177,664 a------- c:\windows\system32\wintrust.dll
2009-01-08 14:14 294,400 a------- c:\windows\system32\winsrv.dll
2009-01-08 14:14 104,960 a------- c:\windows\system32\win32spl.dll
2009-01-08 14:14 1,846,912 a------- c:\windows\system32\win32k.sys
2009-01-08 14:13 347,648 a------- c:\windows\system32\windowscodecsext.dll
2009-01-08 14:13 712,704 a------- c:\windows\system32\windowscodecs.dll
2009-01-08 14:13 52,736 a------- c:\windows\system32\w32tm.exe
2009-01-08 14:13 175,616 a------- c:\windows\system32\w32time.dll
2009-01-08 14:13 430,080 a------- c:\windows\system32\vbscript.dll
2009-01-08 14:13 144,128 a------- c:\windows\system32\drivers\usbport.sys
2009-01-08 14:13 17,152 a------- c:\windows\system32\drivers\usbohci.sys
2009-01-08 14:13 30,336 a------- c:\windows\system32\drivers\usbehci.sys
2009-01-08 14:13 123,392 a------- c:\windows\system32\umpnpmgr.dll
2009-01-08 14:13 225,856 a------- c:\windows\system32\drivers\tcpip6.sys
2009-01-08 14:13 249,856 a------- c:\windows\system32\tapisrv.dll
2009-01-08 14:13 713,216 a------- c:\windows\system32\sxs.dll
2009-01-08 14:12 247,326 a------- c:\windows\system32\strmdll.dll
2009-01-08 14:12 333,824 a------- c:\windows\system32\drivers\srv.sys
2009-01-08 14:12 446,464 a------- c:\windows\system32\sqlsrv32.dll
2009-01-08 14:12 66,048 a------- c:\windows\system32\shimeng.dll
2009-01-08 14:11 985,088 a------- c:\windows\system32\setupapi.dll
2009-01-08 14:11 172,032 a------- c:\windows\system32\scrrun.dll
2009-01-08 14:11 180,224 a------- c:\windows\system32\scrobj.dll
2009-01-08 14:11 144,896 a------- c:\windows\system32\schannel.dll
2009-01-08 14:11 203,136 a------- c:\windows\system32\drivers\RMCast.sys
2009-01-08 14:11 139,656 a------- c:\windows\system32\drivers\rdpwd.sys
2009-01-08 14:11 174,848 a------- c:\windows\system32\drivers\rdbss.sys
2009-01-08 14:11 1,288,192 a------- c:\windows\system32\quartz.dll
2009-01-08 14:11 97,280 a------- c:\windows\system32\psbase.dll
2009-01-08 14:10 215,552 a------- c:\windows\system32\osk.exe
2009-01-08 14:10 1,288,192 a------- c:\windows\system32\ole32.dll
2009-01-08 14:10 61,824 a------- c:\windows\system32\drivers\ohci1394.sys
2009-01-08 14:10 24,576 a------- c:\windows\system32\odbcbcp.dll
2009-01-08 14:10 249,856 a------- c:\windows\system32\odbc32.dll
2009-01-08 14:10 270,336 a------- c:\windows\system32\oakley.dll
2009-01-08 14:10 2,145,280 a------- c:\windows\system32\ntoskrnl.exe
2009-01-08 14:08 304,152 a------- c:\windows\system32\msexcl40.dll
2009-01-08 14:08 299,520 a------- c:\windows\system32\MSCTF.dll
2009-01-08 14:08 74,240 a------- c:\windows\system32\mscms.dll
2009-01-08 14:07 455,936 a------- c:\windows\system32\drivers\mrxsmb.sys
2009-01-08 14:07 179,712 a------- c:\windows\system32\drivers\mrxdav.sys
2009-01-08 14:07 397,312 a------- c:\windows\system32\mmcex.dll
2009-01-08 14:07 728,064 a------- c:\windows\system32\lsasrv.dll
2009-01-08 14:07 343,552 a------- c:\windows\system32\localspl.dll
2009-01-08 14:07:44 A------- 2,089,984 c:\windows\system32\mstscax.dll

============= FINISH: 12:40:25.84 ===============

tetonbob · 02-22-2009, 10:09 AM

Disable resident protections (Antivirus...); re-enable them after the scan

Download ToolBar S&D < here

Double-click ToolBar S&D.exe
Choose the language, then choose Option 1 (Search)
Wait till the end of the scan
Post the log which was created: (%SystemDrive%\TB.txt)

Zanevalon · 02-22-2009, 10:43 AM

-----------\\ ToolBar S&D 1.2.8 XP/Vista

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : AMD Athlon(tm) 64 X2 Dual Core Processor 4200+ )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : Samuel ( Not Administrator ! )
BOOT : Normal boot
Antivirus : Kaspersky Anti-Virus 8.0.0.506 (Not Activated)
C:\ (Local Disk) - NTFS - Total:24 Go (Free:8 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)
F:\ (USB)
G:\ (USB)
H:\ (USB)
I:\ (USB)
K:\ (Local Disk) - NTFS - Total:24 Go (Free:17 Go)
L:\ (Local Disk) - NTFS - Total:249 Go (Free:249 Go)
Z:\ (Local Disk) - NTFS - Total:698 Go (Free:288 Go)

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [1] ( Sun 02/22/2009|12:42 )

-----------\\ Searching for Files - Folders ...

C:\DOCUME~1\Samuel\Cookies\samuel@alot[1].txt
C:\DOCUME~1\Samuel\Cookies\samuel@h.alot[1].txt
C:\DOCUME~1\Samuel\Cookies\samuel@try.alot[1].txt

-----------\\ Extensions

(Children) - {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} => adblockplus

(Samuel) - {4BBDD651-70CF-4821-84F8-2B918CF89CA3} => febe
(Samuel) - {582195F5-92E7-40a0-A127-DB71295901D7} => gmanager
(Samuel) - {6E1A2A2E-AE2A-4A26-A812-46F54288379E} => fullflat
(Samuel) - {888d99e7-e8b5-46a3-851e-1ec45da1e644} => reloadevery
(Samuel) - {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} => adblockplus
(Samuel) - {d33c2f7c-b1e6-4d46-ab0e-be1f6d05c904} => tinymenu
(Samuel) - {d650973c-0444-4ac7-9d00-19e3613c83b9} => chrome

-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Url"="http://go.microsoft.com/fwlink/?LinkId=68928"
"Url"="http://go.microsoft.com/fwlink/?LinkId=68929"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

--------------------\\ Searching for other infections

No other infections found !

1 - "C:\ToolBar SD\TB_1.txt" - Sun 02/22/2009|12:40 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - Sun 02/22/2009|12:42 - Option : [1]

-----------\\ Scan completed at 12:42:58.39

tetonbob · 02-22-2009, 01:12 PM

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper at this forum.

---------------------------------------------------------------------------------------------

Please visit this webpage for download links, and instructions for running combofix:

http://www.bleepingcomputer.com/comb...o-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Zanevalon · 02-22-2009, 04:17 PM

ComboFix 09-02-21.01 - Samuel 2009-02-22 18:09:07.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.894.568 [GMT -5:00]
Running from: c:\documents and settings\Samuel\Desktop\ComboFix.exe
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\Samuel\LOCALS~1\Temp\install_flash_player.exe
c:\documents and settings\Children\Local Settings\Temporary Internet Files\CPV.stt
c:\documents and settings\Diane\Local Settings\Temporary Internet Files\CPV.stt
c:\documents and settings\LocalService\Application Data\NetMon
c:\documents and settings\LocalService\Application Data\NetMon\domains.txt
c:\documents and settings\LocalService\Application Data\NetMon\log.txt
c:\documents and settings\Samuel\Application Data\GetModule
c:\documents and settings\Samuel\Application Data\GetModule\dicik.gz
c:\documents and settings\Samuel\Application Data\GetModule\kwdik.gz
c:\documents and settings\Samuel\Application Data\GetModule\ofadik.gz
c:\documents and settings\Samuel\Application Data\inst.exe
c:\documents and settings\Samuel\Application Data\twain\Twain.exe
c:\documents and settings\Samuel\Local Settings\Temporary Internet Files\bestwiner.stt
c:\documents and settings\Samuel\Local Settings\Temporary Internet Files\CPV.stt
c:\documents and settings\Samuel\Local Settings\Temporary Internet Files\fbk.sts
c:\program files\GetModule
c:\program files\GetModule\GetModule37.exe
c:\program files\GetPack
c:\program files\GetPack\dictame.gz
c:\program files\GetPack\GetPack30.exe
c:\program files\GetPack\trgtame.gz
c:\program files\iCheck
c:\program files\iCheck\Uninstall.exe
c:\program files\Mjcore
c:\program files\VnrPack
c:\program files\VnrPack\dicts.gz
c:\program files\VnrPack\trgts.gz
c:\program files\VnrPack\Uninstall.exe
c:\program files\VnrPack\VnrPack25.exe
c:\windows\system32\AutoRun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NETWORK_MONITOR
-------\Service_Network Monitor

((((((((((((((((((((((((( Files Created from 2009-01-22 to 2009-02-22 )))))))))))))))))))))))))))))))
.

2009-02-22 18:11 . 2009-02-22 18:11 <DIR> d-------- c:\windows\system32\xircom
2009-02-22 18:11 . 2009-02-22 18:11 <DIR> d-------- c:\program files\microsoft frontpage
2009-02-22 12:39 . 2009-02-22 12:42 <DIR> d-------- C:\ToolBar SD
2009-02-20 12:41 . 2009-02-20 12:41 250 --a------ c:\windows\gmer.ini
2009-02-20 12:26 . 2009-02-20 12:26 <DIR> d-------- c:\program files\DebroPack
2009-02-17 00:39 . 2009-02-17 00:49 101,287 --a------ c:\windows\system32\drivers\klin.dat
2009-02-17 00:39 . 2009-02-17 00:49 89,601 --a------ c:\windows\system32\drivers\klick.dat
2009-02-17 00:38 . 2009-02-17 00:38 <DIR> d-------- c:\program files\Kaspersky Lab
2009-02-17 00:38 . 2009-02-22 15:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-02-17 00:38 . 2009-02-22 18:11 4,189,728 --ahs---- c:\windows\system32\drivers\fidbox.dat
2009-02-17 00:38 . 2009-02-22 18:11 319,520 --ahs---- c:\windows\system32\drivers\fidbox2.dat
2009-02-17 00:38 . 2009-02-22 18:11 36,956 --ahs---- c:\windows\system32\drivers\fidbox.idx
2009-02-17 00:38 . 2009-02-22 18:11 3,220 --ahs---- c:\windows\system32\drivers\fidbox2.idx
2009-02-17 00:37 . 2009-02-17 00:37 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-02-16 16:55 . 2009-02-16 16:55 <DIR> d-------- c:\program files\Lavasoft
2009-02-16 16:55 . 2009-02-16 17:14 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2009-02-16 16:54 . 2009-02-16 16:54 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-02-15 17:56 . 2009-02-15 17:56 <DIR> d-------- c:\documents and settings\Samuel\Application Data\dvdcss
2009-02-12 21:46 . 2009-02-12 21:47 <DIR> d-------- c:\documents and settings\Samuel\Application Data\Juce VST Host
2009-02-11 00:19 . 2009-02-21 02:06 69 --a------ c:\windows\NeroDigital.ini
2009-02-10 23:26 . 2009-02-10 23:27 <DIR> d-------- c:\documents and settings\Samuel\.housecall6.6
2009-02-10 23:24 . 2009-02-10 23:24 <DIR> d-------- c:\program files\Java
2009-02-10 23:24 . 2009-02-10 23:24 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-02-10 23:20 . 2009-02-10 23:20 <DIR> d-------- c:\windows\Sun
2009-02-10 20:33 . 2009-02-17 16:55 <DIR> d-------- c:\documents and settings\Children\Application Data\Ahead
2009-02-09 00:02 . 2009-02-16 14:58 <DIR> d-------- c:\documents and settings\Samuel\Application Data\Ahead
2009-02-09 00:02 . 2009-02-09 00:02 <DIR> d-------- c:\documents and settings\All Users\Application Data\Ahead
2009-02-08 23:58 . 2009-02-08 23:58 <DIR> d-------- c:\program files\Nero
2009-02-08 23:58 . 2009-02-09 00:01 <DIR> d-------- c:\program files\Common Files\Ahead
2009-02-08 23:58 . 2009-02-08 23:58 <DIR> d-------- c:\documents and settings\All Users\Application Data\Nero
2009-02-08 23:28 . 2009-02-08 23:28 <DIR> d-------- c:\program files\DVD Shrink
2009-02-08 23:28 . 2009-02-08 23:32 <DIR> d-------- c:\documents and settings\All Users\Application Data\DVD Shrink
2009-02-08 23:05 . 2009-02-08 23:05 <DIR> d-------- c:\program files\DVD Decrypter
2009-02-08 20:26 . 2009-02-16 18:57 <DIR> d-------- c:\documents and settings\Samuel\Application Data\LimeWire
2009-02-08 20:26 . 2009-02-10 23:24 410,984 --a------ c:\windows\system32\deploytk.dll
2009-02-08 20:24 . 2009-02-08 20:26 <DIR> d-------- c:\program files\LimeWire
2009-02-08 14:29 . 2008-03-03 14:25 5,702 --ah----- c:\windows\nod32restoretemdono.reg
2009-02-08 14:29 . 2008-03-03 18:21 568 --ah----- c:\windows\nod32fixtemdono.reg
2009-02-08 14:28 . 2009-02-08 14:28 <DIR> d-------- c:\program files\ESET
2009-02-08 14:28 . 2009-02-08 14:28 <DIR> d-------- c:\documents and settings\All Users\Application Data\ESET
2009-02-07 23:54 . 2009-02-08 20:21 <DIR> d--hs---- c:\windows\U3RldmVuIFNhbXVlbA
2009-02-07 23:49 . 2009-02-07 23:49 <DIR> d-------- c:\windows\rrqf
2009-02-07 23:49 . 2009-02-08 14:41 <DIR> d-------- c:\program files\Common Files\rrqf
2009-02-07 23:33 . 2009-02-22 18:09 <DIR> d-------- c:\documents and settings\Samuel\Application Data\Twain
2009-02-07 23:28 . 2009-02-07 23:28 <DIR> d-------- c:\program files\WebShow
2009-02-06 23:22 . 2009-02-06 23:22 <DIR> d-------- c:\program files\VstPlugins
2009-02-06 23:22 . 2009-02-06 23:22 <DIR> d-------- c:\program files\ASIO4ALL v2
2009-02-06 23:22 . 2002-07-07 17:14 1,294,336 --a------ c:\windows\system32\vorbis.acm
2009-02-06 23:22 . 2006-06-20 03:56 225,280 --a------ c:\windows\system32\rewire.dll
2009-02-06 23:21 . 2009-02-06 23:21 <DIR> d-------- c:\program files\Outsim
2009-02-06 23:20 . 2009-02-06 23:22 <DIR> d-------- c:\program files\Image-Line
2009-02-06 23:20 . 2009-02-08 17:53 <DIR> d-------- c:\documents and settings\Samuel\Application Data\cogad
2009-02-05 23:01 . 2009-02-05 23:01 <DIR> d-------- c:\documents and settings\Samuel\Application Data\HP
2009-01-26 16:20 . 2009-01-26 16:20 <DIR> d-------- c:\documents and settings\Diane\Application Data\HPAppData
2009-01-24 20:15 . 2009-01-24 20:15 <DIR> d-------- c:\documents and settings\Children\Application Data\HPAppData
2009-01-24 19:11 . 2009-01-24 19:11 <DIR> d-------- c:\program files\Audacity 1.3 Beta (Unicode)
2009-01-24 19:11 . 2009-02-16 16:22 <DIR> d-------- c:\documents and settings\Samuel\Application Data\Audacity
2009-01-24 01:29 . 2009-01-24 01:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\vsosdk
2009-01-24 00:59 . 2009-01-24 00:59 <DIR> d-------- c:\documents and settings\All Users\Application Data\WEBREG
2009-01-23 22:36 . 2009-01-23 22:36 <DIR> d-------- c:\documents and settings\Samuel\Application Data\HPAppData
2009-01-23 22:36 . 2009-01-23 22:36 <DIR> d-------- c:\documents and settings\All Users\Application Data\HPSSUPPLY
2009-01-23 22:35 . 2009-01-23 22:35 <DIR> d-------- c:\program files\Common Files\HP
2009-01-23 22:35 . 2009-01-23 22:35 <DIR> d-------- c:\documents and settings\All Users\Application Data\HP Product Assistant
2009-01-23 22:35 . 2009-01-23 22:35 <DIR> d-------- c:\documents and settings\All Users\Application Data\HP
2009-01-23 22:34 . 2009-01-23 22:34 <DIR> d-------- c:\program files\Common Files\Hewlett-Packard
2009-01-23 22:34 . 2009-01-23 22:34 <DIR> d-------- c:\documents and settings\All Users\Application Data\Hewlett-Packard
2009-01-23 22:34 . 2007-03-28 14:01 118,272 --a------ c:\windows\system32\hpz3l5ha.dll
2009-01-23 22:34 . 2008-04-14 00:15 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2009-01-23 22:33 . 2009-01-23 22:36 <DIR> d-------- c:\program files\HP
2009-01-23 22:33 . 2007-03-17 15:39 958,464 --a------ c:\windows\system32\hpotiop4.dll
2009-01-23 22:33 . 2007-03-17 15:39 675,840 --a------ c:\windows\system32\hpowiax4.dll
2009-01-23 22:33 . 2007-03-08 14:20 364,544 --a------ c:\windows\system32\hppldcoi.dll
2009-01-23 22:33 . 2007-03-08 14:20 309,760 --a------ c:\windows\system32\difxapi.dll
2009-01-23 22:33 . 2007-03-17 15:39 303,104 --a------ c:\windows\system32\hpovst11.dll
2009-01-23 22:33 . 2007-03-31 00:29 267,864 --a------ c:\windows\system32\hpzids01.dll
2009-01-23 22:33 . 2007-03-08 14:20 49,920 --a------ c:\windows\system32\drivers\HPZid412.sys
2009-01-23 22:33 . 2007-03-08 14:20 21,568 --a------ c:\windows\system32\drivers\HPZius12.sys
2009-01-23 22:33 . 2007-03-08 14:20 16,496 --a------ c:\windows\system32\drivers\HPZipr12.sys
2009-01-23 22:31 . 2009-01-23 22:37 139,671 --a------ c:\windows\hpoins15.dat
2009-01-23 22:31 . 2007-09-21 07:46 1,039 --------- c:\windows\hpomdl15.dat
2009-01-23 22:03 . 2009-01-23 22:03 <DIR> d-------- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-01-23 17:40 . 2009-01-23 17:40 <DIR> d-------- c:\documents and settings\Children\Application Data\Apple Computer

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-22 23:04 --------- d-----w c:\documents and settings\Samuel\Application Data\uTorrent
2009-02-22 17:37 --------- d-----w c:\documents and settings\Samuel\Application Data\Vso
2009-02-19 04:13 --------- d-----w c:\documents and settings\Children\Application Data\uTorrent
2009-02-17 05:49 33,808 ----a-w c:\windows\system32\drivers\klbg.sys
2009-02-05 03:26 --------- d-----w c:\documents and settings\Samuel\Application Data\Apple Computer
2009-01-18 19:45 --------- d-----w c:\documents and settings\Guest\Application Data\uTorrent
2009-01-18 15:01 --------- d-----w c:\documents and settings\Guest\Application Data\Apple Computer
2009-01-17 23:53 --------- d-----w c:\documents and settings\Guest\Application Data\vlc
2009-01-16 18:13 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-01-16 18:12 --------- d-----w c:\program files\Microsoft Works
2009-01-16 05:01 --------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet
2009-01-16 04:59 --------- d-----w c:\program files\Common Files\Adobe
2009-01-16 04:57 47,360 ----a-w c:\windows\system32\drivers\pcouffin.sys
2009-01-16 04:57 47,360 ----a-w c:\documents and settings\Samuel\Application Data\pcouffin.sys
2009-01-16 04:57 --------- d-----w c:\program files\VSO
2009-01-16 04:53 --------- d-----w c:\program files\Common Files\Macrovision Shared
2009-01-16 04:42 6,116 ----a-w c:\windows\BricoPackFoldersDelete.cmd
2009-01-16 04:42 52,477 ----a-w c:\windows\BricoPackUninst.cmd
2009-01-16 04:42 218,624 ----a-w c:\windows\system32\uxtheme.dll
2009-01-16 04:16 --------- d-----w c:\program files\uTorrent
2009-01-15 23:37 --------- d-----w c:\documents and settings\Children\Application Data\vlc
2009-01-15 21:10 --------- d-----w c:\documents and settings\Samuel\Application Data\vlc
2009-01-15 21:09 --------- d-----w c:\program files\XP Codec Pack
2009-01-15 21:08 --------- d-----w c:\program files\VideoLAN
2009-01-15 19:43 --------- d-----w c:\program files\QuickTime
2009-01-15 19:43 --------- d-----w c:\program files\iTunes
2009-01-15 19:43 --------- d-----w c:\program files\iPod
2009-01-15 19:43 --------- d-----w c:\program files\Bonjour
2009-01-15 19:43 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2009-01-15 19:43 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-01-15 19:42 --------- d-----w c:\program files\Common Files\Apple
2009-01-15 19:42 --------- d-----w c:\program files\Apple Software Update
2009-01-15 19:42 --------- d-----w c:\documents and settings\All Users\Application Data\Apple
2009-01-15 09:42 --------- d-----w c:\program files\CONEXANT
2009-01-15 09:19 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-15 09:19 --------- d-----w c:\program files\Hewlett-Packard
2009-01-15 09:18 --------- d-----w c:\program files\Common Files\InstallShield
2009-01-15 09:06 --------- d-----w c:\program files\Windows Media Connect 2
2009-01-08 20:12 361,600 ----a-w c:\windows\system32\drivers\tcpip.sys
2009-01-08 20:12 140,288 ----a-w c:\windows\system32\sfc_os.dll
2009-01-08 20:10 603,648 ----a-w c:\windows\system32\wmspdmod.dll
2009-01-08 20:10 4,096 ----a-w c:\windows\system32\wmvdmoe2.dll
2009-01-08 20:10 4,096 ----a-w c:\windows\system32\wmvdmod.dll
2009-01-08 20:10 1,329,152 ----a-w c:\windows\system32\wmspdmoe.dll
2009-01-08 20:09 99,840 ----a-w c:\windows\system32\wmpshell.dll
2009-01-08 20:09 938,496 ----a-w c:\windows\system32\wmnetmgr.dll
2009-01-08 20:09 8,231,936 ----a-w c:\windows\system32\wmploc.dll
2009-01-08 20:09 4,096 ----a-w c:\windows\system32\wmsdmoe2.dll
2009-01-08 20:09 4,096 ----a-w c:\windows\system32\wmsdmod.dll
2009-01-08 20:09 314,880 ----a-w c:\windows\system32\wmpdxm.dll
2009-01-08 20:09 242,688 ----a-w c:\windows\system32\wmpasf.dll
2009-01-08 20:09 227,328 ----a-w c:\windows\system32\wmerror.dll
2009-01-08 20:09 157,184 ----a-w c:\windows\system32\wmidx.dll
2009-01-08 19:41 80,128 ----a-w c:\windows\system32\drivers\parport.sys
2009-01-08 19:38 86,073 ----a-w c:\windows\system32\usrfaxa.dll
2009-01-08 19:23 26,112 ----a-w c:\windows\system32\idndl.dll
2009-01-08 19:23 24,576 ----a-w c:\windows\system32\nlsdl.dll
2009-01-08 19:23 23,552 ----a-w c:\windows\system32\normaliz.dll
2009-01-08 19:23 1,246,720 ----a-w c:\windows\system32\syssetup.dll
2009-01-08 19:22 48,128 ----a-w c:\windows\system32\mshtmler.dll
2009-01-08 19:22 45,568 ----a-w c:\windows\system32\mshta.exe
2009-01-08 19:22 156,160 ----a-w c:\windows\system32\msls31.dll
2009-01-08 19:21 55,296 ----a-w c:\windows\system32\iesetup.dll
2009-01-08 19:21 40,960 ----a-w c:\windows\system32\licmgr10.dll
2009-01-08 19:21 36,352 ----a-w c:\windows\system32\imgutil.dll
2009-01-08 19:20 78,336 ----a-w c:\windows\system32\ieencode.dll
2009-01-08 19:20 71,680 ----a-w c:\windows\system32\admparse.dll
2009-01-08 19:20 17,408 ----a-w c:\windows\system32\corpol.dll
2009-01-08 19:15 96,792 ----a-w c:\windows\system32\basecsp.dll
2009-01-08 19:15 633,344 ----a-w c:\windows\system32\gpprefcl.dll
2009-01-08 19:15 6,144 ----a-w c:\windows\system32\FontReg.exe
2009-01-08 19:15 465,920 ----a-w c:\windows\system32\imapi2fs.dll
2009-01-08 19:15 383,488 ----a-w c:\windows\system32\wzcdlg.dll
2009-01-08 19:15 323,696 ----a-w c:\windows\system32\msdrm.dll
2009-01-08 19:15 317,952 ----a-w c:\windows\system32\imapi2.dll
2009-01-08 19:15 25,600 ----a-w c:\windows\system32\bcsprsrc.dll
2009-01-08 19:15 202,776 ----a-w c:\windows\system32\wuweb.dll
2009-01-08 19:15 151,552 ----a-w c:\windows\system32\ifxcardm.dll
2009-01-08 19:15 133,120 ----a-w c:\windows\system32\axaltocm.dll
2009-01-08 19:13 713,216 ----a-w c:\windows\system32\sxs.dll
2009-01-08 19:13 712,704 ----a-w c:\windows\system32\windowscodecs.dll
2009-01-08 19:13 52,736 ----a-w c:\windows\system32\w32tm.exe
2009-01-08 19:13 430,080 ----a-w c:\windows\system32\vbscript.dll
2009-01-08 19:13 347,648 ----a-w c:\windows\system32\windowscodecsext.dll
2009-01-08 19:13 30,336 ----a-w c:\windows\system32\drivers\usbehci.sys
2009-01-08 19:13 249,856 ----a-w c:\windows\system32\tapisrv.dll
2009-01-08 19:13 225,856 ----a-w c:\windows\system32\drivers\tcpip6.sys
2009-01-08 19:13 175,616 ----a-w c:\windows\system32\w32time.dll
2009-01-08 19:13 17,152 ----a-w c:\windows\system32\drivers\usbohci.sys
2009-01-08 19:13 144,128 ----a-w c:\windows\system32\drivers\usbport.sys
2009-01-08 19:13 123,392 ----a-w c:\windows\system32\umpnpmgr.dll
2009-01-08 19:12 66,048 ----a-w c:\windows\system32\shimeng.dll
2009-01-08 19:12 446,464 ----a-w c:\windows\system32\sqlsrv32.dll
2009-01-08 19:12 333,824 ----a-w c:\windows\system32\drivers\srv.sys
2009-01-08 19:12 247,326 ----a-w c:\windows\system32\strmdll.dll
2009-01-08 19:11 985,088 ----a-w c:\windows\system32\setupapi.dll
2009-01-08 19:11 97,280 ----a-w c:\windows\system32\psbase.dll
2009-01-08 19:11 203,136 ----a-w c:\windows\system32\drivers\RMCast.sys
2009-01-08 19:11 180,224 ----a-w c:\windows\system32\scrobj.dll
2009-01-08 19:11 174,848 ----a-w c:\windows\system32\drivers\rdbss.sys
.

------- Sigcheck -------

2008-10-16 15:24 827904 0d5b75171ff51775b630a431b6c667e8 c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\wininet.dll
2008-10-16 14:38 817152 5044269d9dc59326d8ee54c28acd7003 c:\windows\system32\wininet.dll
2008-10-16 15:38 826368 6741eaf7b7f110e803a6e38f6e5fa6b0 c:\windows\system32\dllcache\wininet.dll

2009-01-08 15:12 361600 5ae1c2695f6523ad98b948f2887d8c5e c:\windows\system32\drivers\tcpip.sys

2009-01-08 14:07 975872 4f6b3a9f4b7c96a8e22a5261773c16b3 c:\windows\explorer.exe

2009-01-08 14:14 66584 2275f45e257d46e6500558b2930cb9a4 c:\windows\system32\wuauclt.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{836A4B93-6F4A-4d61-AD3D-B8225D921F42}]
2009-02-17 15:02 133120 --a------ c:\program files\DebroPack\DebroPack.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"RocketDock"="c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [2007-03-18 630784]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-05-09 7311360]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-05-09 86016]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-10 148888]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2009-02-17 206088]
"nwiz"="nwiz.exe" [2006-05-09 c:\windows\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-10-25 c:\windows\RTHDCPL.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_2"="shell32" [X]

c:\documents and settings\Samuel\Start Menu\Programs\Startup\
RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-18 630784]
UberIcon.lnk - c:\windows\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-05-21 180224]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= ffdshow.ax
"msacm.ac3filter"= ac3filter.acm

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 33808]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-04-30 24592]
S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [2001-08-23 3584]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2009-02-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-cogad - c:\documents and settings\Samuel\Application Data\cogad\cogad.exe
HKCU-Run-GetPack30 - c:\program files\GetPack\GetPack30.exe
HKCU-Run-GetModule37 - c:\program files\GetModule\GetModule37.exe
HKCU-Run-VnrPack25 - c:\program files\VnrPack\VnrPack25.exe

.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Samuel\Application Data\Mozilla\Firefox\Profiles\nrjvjmhm.default\
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-22 18:12:19
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-02-22 18:14:04 - machine was rebooted
ComboFix-quarantined-files.txt 2009-02-22 23:14:01

Pre-Run: 9,238,798,336 bytes free
Post-Run: 11,500,036,096 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
;
;Warning: Boot.ini is used on Windows XP and earlier operating systems.
;Warning: Use BCDEDIT.exe to modify Windows Vista boot options.
;
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /NOEXECUTE=OPTIN /FASTDETECT

344

tetonbob · 02-22-2009, 04:29 PM

Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. Ensure that there aren't any opened browsers when you are carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix.

It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence.

---------------------------------------------------------------------------------------------

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.

Open notepad and copy/paste the text in the quotebox below into it:

Quote:

http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/348253-help-popups-both-ie-firefox.html#post1984584

Folder::
c:\windows\U3RldmVuIFNhbXVlbA
c:\windows\rrqf
c:\Program Files\Common Files\rrqf
c:\documents and settings\Samuel\Application Data\Twain
c:\Program Files\WebShow
c:\documents and settings\Samuel\Application Data\cogad
File::
c:\windows\nod32restoretemdono.reg
c:\windows\nod32fixtemdono.reg
Driver::
NOD32FiXTemDono
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000000
Collect::
c:\program files\DebroPack\DebroPack.dll
c:\program files\webshow\WebShow.dll

Save this as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe

Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

When ComboFix finishes running, the ComboFix log will open along with a message box--do not be alarmed.. With the above script, ComboFix will capture a file to submit for analysis.

Ensure you are connected to the internet and click OK. Follow the prompts.
Ensure your AntiVirus and AntiSpyware applications are re-enabled.

---------------------------------------------------------------------------------------------

Zanevalon · 02-22-2009, 05:16 PM

ComboFix 09-02-21.01 - Samuel 2009-02-22 19:11:24.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.894.519 [GMT -5:00]
Running from: c:\documents and settings\Samuel\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Samuel\Desktop\CFScript.txt
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated)
* Created a new restore point

FILE ::
c:\windows\nod32fixtemdono.reg
c:\windows\nod32restoretemdono.reg
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Samuel\Application Data\cogad
c:\documents and settings\Samuel\Application Data\Twain
c:\program files\Common Files\rrqf
c:\program files\Common Files\rrqf\rrqfa.lck
c:\program files\Common Files\rrqf\rrqfd\class-barrel
c:\program files\Common Files\rrqf\rrqfh
c:\program files\Common Files\rrqf\rrqfl.lck
c:\program files\Common Files\rrqf\rrqfm.lck
c:\program files\DebroPack\DebroPack.dll
c:\program files\WebShow
c:\program files\webshow\WebShow.dll
c:\windows\nod32fixtemdono.reg
c:\windows\nod32restoretemdono.reg
c:\windows\rrqf
c:\windows\rrqf\rrqf.dat
c:\windows\rrqf\wu
c:\windows\U3RldmVuIFNhbXVlbA

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_NOD32FiXTemDono

((((((((((((((((((((((((( Files Created from 2009-01-23 to 2009-02-23 )))))))))))))))))))))))))))))))
.

2009-02-22 18:11 . 2009-02-22 18:11 <DIR> d-------- c:\windows\system32\xircom
2009-02-22 18:11 . 2009-02-22 18:11 <DIR> d-------- c:\program files\microsoft frontpage
2009-02-22 12:39 . 2009-02-22 12:42 <DIR> d-------- C:\ToolBar SD
2009-02-20 12:41 . 2009-02-20 12:41 250 --a------ c:\windows\gmer.ini
2009-02-20 12:26 . 2009-02-22 19:11 <DIR> d-------- c:\program files\DebroPack
2009-02-17 00:39 . 2009-02-17 00:49 101,287 --a------ c:\windows\system32\drivers\klin.dat
2009-02-17 00:39 . 2009-02-17 00:49 89,601 --a------ c:\windows\system32\drivers\klick.dat
2009-02-17 00:38 . 2009-02-17 00:38 <DIR> d-------- c:\program files\Kaspersky Lab
2009-02-17 00:38 . 2009-02-22 15:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-02-17 00:38 . 2009-02-22 19:13 4,189,728 --ahs---- c:\windows\system32\drivers\fidbox.dat
2009-02-17 00:38 . 2009-02-22 19:13 335,904 --ahs---- c:\windows\system32\drivers\fidbox2.dat
2009-02-17 00:38 . 2009-02-22 19:13 36,956 --ahs---- c:\windows\system32\drivers\fidbox.idx
2009-02-17 00:38 . 2009-02-22 19:13 3,276 --ahs---- c:\windows\system32\drivers\fidbox2.idx
2009-02-17 00:37 . 2009-02-17 00:37 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-02-16 16:55 . 2009-02-16 16:55 <DIR> d-------- c:\program files\Lavasoft
2009-02-16 16:55 . 2009-02-16 17:14 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2009-02-16 16:54 . 2009-02-16 16:54 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard
2009-02-15 17:56 . 2009-02-15 17:56 <DIR> d-------- c:\documents and settings\Samuel\Application Data\dvdcss
2009-02-12 21:46 . 2009-02-12 21:47 <DIR> d-------- c:\documents and settings\Samuel\Application Data\Juce VST Host
2009-02-11 00:19 . 2009-02-21 02:06 69 --a------ c:\windows\NeroDigital.ini
2009-02-10 23:26 . 2009-02-10 23:27 <DIR> d-------- c:\documents and settings\Samuel\.housecall6.6
2009-02-10 23:24 . 2009-02-10 23:24 <DIR> d-------- c:\program files\Java
2009-02-10 23:24 . 2009-02-10 23:24 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-02-10 23:20 . 2009-02-10 23:20 <DIR> d-------- c:\windows\Sun
2009-02-10 20:33 . 2009-02-17 16:55 <DIR> d-------- c:\documents and settings\Children\Application Data\Ahead
2009-02-09 00:02 . 2009-02-16 14:58 <DIR> d-------- c:\documents and settings\Samuel\Application Data\Ahead
2009-02-09 00:02 . 2009-02-09 00:02 <DIR> d-------- c:\documents and settings\All Users\Application Data\Ahead
2009-02-08 23:58 . 2009-02-08 23:58 <DIR> d-------- c:\program files\Nero
2009-02-08 23:58 . 2009-02-09 00:01 <DIR> d-------- c:\program files\Common Files\Ahead
2009-02-08 23:58 . 2009-02-08 23:58 <DIR> d-------- c:\documents and settings\All Users\Application Data\Nero
2009-02-08 23:28 . 2009-02-08 23:28 <DIR> d-------- c:\program files\DVD Shrink
2009-02-08 23:28 . 2009-02-08 23:32 <DIR> d-------- c:\documents and settings\All Users\Application Data\DVD Shrink
2009-02-08 23:05 . 2009-02-08 23:05 <DIR> d-------- c:\program files\DVD Decrypter
2009-02-08 20:26 . 2009-02-16 18:57 <DIR> d-------- c:\documents and settings\Samuel\Application Data\LimeWire
2009-02-08 20:26 . 2009-02-10 23:24 410,984 --a------ c:\windows\system32\deploytk.dll
2009-02-08 20:24 . 2009-02-08 20:26 <DIR> d-------- c:\program files\LimeWire
2009-02-08 14:28 . 2009-02-08 14:28 <DIR> d-------- c:\program files\ESET
2009-02-08 14:28 . 2009-02-08 14:28 <DIR> d-------- c:\documents and settings\All Users\Application Data\ESET
2009-02-06 23:22 . 2009-02-06 23:22 <DIR> d-------- c:\program files\VstPlugins
2009-02-06 23:22 . 2009-02-06 23:22 <DIR> d-------- c:\program files\ASIO4ALL v2
2009-02-06 23:22 . 2002-07-07 17:14 1,294,336 --a------ c:\windows\system32\vorbis.acm
2009-02-06 23:22 . 2006-06-20 03:56 225,280 --a------ c:\windows\system32\rewire.dll
2009-02-06 23:21 . 2009-02-06 23:21 <DIR> d-------- c:\program files\Outsim
2009-02-06 23:20 . 2009-02-06 23:22 <DIR> d-------- c:\program files\Image-Line
2009-02-05 23:01 . 2009-02-05 23:01 <DIR> d-------- c:\documents and settings\Samuel\Application Data\HP
2009-01-26 16:20 . 2009-01-26 16:20 <DIR> d-------- c:\documents and settings\Diane\Application Data\HPAppData
2009-01-24 20:15 . 2009-01-24 20:15 <DIR> d-------- c:\documents and settings\Children\Application Data\HPAppData
2009-01-24 19:11 . 2009-01-24 19:11 <DIR> d-------- c:\program files\Audacity 1.3 Beta (Unicode)
2009-01-24 19:11 . 2009-02-16 16:22 <DIR> d-------- c:\documents and settings\Samuel\Application Data\Audacity
2009-01-24 01:29 . 2009-01-24 01:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\vsosdk
2009-01-24 00:59 . 2009-01-24 00:59 <DIR> d-------- c:\documents and settings\All Users\Application Data\WEBREG
2009-01-23 22:36 . 2009-01-23 22:36 <DIR> d-------- c:\documents and settings\Samuel\Application Data\HPAppData
2009-01-23 22:36 . 2009-01-23 22:36 <DIR> d-------- c:\documents and settings\All Users\Application Data\HPSSUPPLY
2009-01-23 22:35 . 2009-01-23 22:35 <DIR> d-------- c:\program files\Common Files\HP
2009-01-23 22:35 . 2009-01-23 22:35 <DIR> d-------- c:\documents and settings\All Users\Application Data\HP Product Assistant
2009-01-23 22:35 . 2009-01-23 22:35 <DIR> d-------- c:\documents and settings\All Users\Application Data\HP
2009-01-23 22:34 . 2009-01-23 22:34 <DIR> d-------- c:\program files\Common Files\Hewlett-Packard
2009-01-23 22:34 . 2009-01-23 22:34 <DIR> d-------- c:\documents and settings\All Users\Application Data\Hewlett-Packard
2009-01-23 22:34 . 2007-03-28 14:01 118,272 --a------ c:\windows\system32\hpz3l5ha.dll
2009-01-23 22:34 . 2008-04-14 00:15 15,104 --a------ c:\windows\system32\drivers\usbscan.sys
2009-01-23 22:33 . 2009-01-23 22:36 <DIR> d-------- c:\program files\HP
2009-01-23 22:33 . 2007-03-17 15:39 958,464 --a------ c:\windows\system32\hpotiop4.dll
2009-01-23 22:33 . 2007-03-17 15:39 675,840 --a------ c:\windows\system32\hpowiax4.dll
2009-01-23 22:33 . 2007-03-08 14:20 364,544 --a------ c:\windows\system32\hppldcoi.dll
2009-01-23 22:33 . 2007-03-08 14:20 309,760 --a------ c:\windows\system32\difxapi.dll
2009-01-23 22:33 . 2007-03-17 15:39 303,104 --a------ c:\windows\system32\hpovst11.dll
2009-01-23 22:33 . 2007-03-31 00:29 267,864 --a------ c:\windows\system32\hpzids01.dll
2009-01-23 22:33 . 2007-03-08 14:20 49,920 --a------ c:\windows\system32\drivers\HPZid412.sys
2009-01-23 22:33 . 2007-03-08 14:20 21,568 --a------ c:\windows\system32\drivers\HPZius12.sys
2009-01-23 22:33 . 2007-03-08 14:20 16,496 --a------ c:\windows\system32\drivers\HPZipr12.sys
2009-01-23 22:31 . 2009-01-23 22:37 139,671 --a------ c:\windows\hpoins15.dat
2009-01-23 22:31 . 2007-09-21 07:46 1,039 --------- c:\windows\hpomdl15.dat
2009-01-23 22:03 . 2009-01-23 22:03 <DIR> d-------- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2009-01-23 17:40 . 2009-01-23 17:40 <DIR> d-------- c:\documents and settings\Children\Application Data\Apple Computer

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-22 23:04 --------- d-----w c:\documents and settings\Samuel\Application Data\uTorrent
2009-02-22 17:37 --------- d-----w c:\documents and settings\Samuel\Application Data\Vso
2009-02-19 04:13 --------- d-----w c:\documents and settings\Children\Application Data\uTorrent
2009-02-17 05:49 33,808 ----a-w c:\windows\system32\drivers\klbg.sys
2009-02-05 03:26 --------- d-----w c:\documents and settings\Samuel\Application Data\Apple Computer
2009-01-18 19:45 --------- d-----w c:\documents and settings\Guest\Application Data\uTorrent
2009-01-18 15:01 --------- d-----w c:\documents and settings\Guest\Application Data\Apple Computer
2009-01-17 23:53 --------- d-----w c:\documents and settings\Guest\Application Data\vlc
2009-01-16 18:13 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-01-16 18:12 --------- d-----w c:\program files\Microsoft Works
2009-01-16 05:01 --------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet
2009-01-16 04:59 --------- d-----w c:\program files\Common Files\Adobe
2009-01-16 04:57 47,360 ----a-w c:\windows\system32\drivers\pcouffin.sys
2009-01-16 04:57 47,360 ----a-w c:\documents and settings\Samuel\Application Data\pcouffin.sys
2009-01-16 04:57 --------- d-----w c:\program files\VSO
2009-01-16 04:53 --------- d-----w c:\program files\Common Files\Macrovision Shared
2009-01-16 04:42 6,116 ----a-w c:\windows\BricoPackFoldersDelete.cmd
2009-01-16 04:42 52,477 ----a-w c:\windows\BricoPackUninst.cmd
2009-01-16 04:42 218,624 ----a-w c:\windows\system32\uxtheme.dll
2009-01-16 04:16 --------- d-----w c:\program files\uTorrent
2009-01-15 23:37 --------- d-----w c:\documents and settings\Children\Application Data\vlc
2009-01-15 21:10 --------- d-----w c:\documents and settings\Samuel\Application Data\vlc
2009-01-15 21:09 --------- d-----w c:\program files\XP Codec Pack
2009-01-15 21:08 --------- d-----w c:\program files\VideoLAN
2009-01-15 19:43 --------- d-----w c:\program files\QuickTime
2009-01-15 19:43 --------- d-----w c:\program files\iTunes
2009-01-15 19:43 --------- d-----w c:\program files\iPod
2009-01-15 19:43 --------- d-----w c:\program files\Bonjour
2009-01-15 19:43 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer
2009-01-15 19:43 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-01-15 19:42 --------- d-----w c:\program files\Common Files\Apple
2009-01-15 19:42 --------- d-----w c:\program files\Apple Software Update
2009-01-15 19:42 --------- d-----w c:\documents and settings\All Users\Application Data\Apple
2009-01-15 09:42 --------- d-----w c:\program files\CONEXANT
2009-01-15 09:19 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-15 09:19 --------- d-----w c:\program files\Hewlett-Packard
2009-01-15 09:18 --------- d-----w c:\program files\Common Files\InstallShield
2009-01-15 09:06 --------- d-----w c:\program files\Windows Media Connect 2
2009-01-08 20:12 361,600 ----a-w c:\windows\system32\drivers\tcpip.sys
2009-01-08 20:12 140,288 ----a-w c:\windows\system32\sfc_os.dll
2009-01-08 20:10 603,648 ----a-w c:\windows\system32\wmspdmod.dll
2009-01-08 20:10 4,096 ----a-w c:\windows\system32\wmvdmoe2.dll
2009-01-08 20:10 4,096 ----a-w c:\windows\system32\wmvdmod.dll
2009-01-08 20:10 1,329,152 ----a-w c:\windows\system32\wmspdmoe.dll
2009-01-08 20:09 99,840 ----a-w c:\windows\system32\wmpshell.dll
2009-01-08 20:09 938,496 ----a-w c:\windows\system32\wmnetmgr.dll
2009-01-08 20:09 8,231,936 ----a-w c:\windows\system32\wmploc.dll
2009-01-08 20:09 4,096 ----a-w c:\windows\system32\wmsdmoe2.dll
2009-01-08 20:09 4,096 ----a-w c:\windows\system32\wmsdmod.dll
2009-01-08 20:09 314,880 ----a-w c:\windows\system32\wmpdxm.dll
2009-01-08 20:09 242,688 ----a-w c:\windows\system32\wmpasf.dll
2009-01-08 20:09 227,328 ----a-w c:\windows\system32\wmerror.dll
2009-01-08 20:09 157,184 ----a-w c:\windows\system32\wmidx.dll
2009-01-08 19:41 80,128 ----a-w c:\windows\system32\drivers\parport.sys
2009-01-08 19:38 86,073 ----a-w c:\windows\system32\usrfaxa.dll
2009-01-08 19:23 26,112 ----a-w c:\windows\system32\idndl.dll
2009-01-08 19:23 24,576 ----a-w c:\windows\system32\nlsdl.dll
2009-01-08 19:23 23,552 ----a-w c:\windows\system32\normaliz.dll
2009-01-08 19:23 1,246,720 ----a-w c:\windows\system32\syssetup.dll
2009-01-08 19:22 48,128 ----a-w c:\windows\system32\mshtmler.dll
2009-01-08 19:22 45,568 ----a-w c:\windows\system32\mshta.exe
2009-01-08 19:22 156,160 ----a-w c:\windows\system32\msls31.dll
2009-01-08 19:21 55,296 ----a-w c:\windows\system32\iesetup.dll
2009-01-08 19:21 40,960 ----a-w c:\windows\system32\licmgr10.dll
2009-01-08 19:21 36,352 ----a-w c:\windows\system32\imgutil.dll
2009-01-08 19:20 78,336 ----a-w c:\windows\system32\ieencode.dll
2009-01-08 19:20 71,680 ----a-w c:\windows\system32\admparse.dll
2009-01-08 19:20 17,408 ----a-w c:\windows\system32\corpol.dll
2009-01-08 19:15 96,792 ----a-w c:\windows\system32\basecsp.dll
2009-01-08 19:15 633,344 ----a-w c:\windows\system32\gpprefcl.dll
2009-01-08 19:15 6,144 ----a-w c:\windows\system32\FontReg.exe
2009-01-08 19:15 465,920 ----a-w c:\windows\system32\imapi2fs.dll
2009-01-08 19:15 383,488 ----a-w c:\windows\system32\wzcdlg.dll
2009-01-08 19:15 323,696 ----a-w c:\windows\system32\msdrm.dll
2009-01-08 19:15 317,952 ----a-w c:\windows\system32\imapi2.dll
2009-01-08 19:15 25,600 ----a-w c:\windows\system32\bcsprsrc.dll
2009-01-08 19:15 202,776 ----a-w c:\windows\system32\wuweb.dll
2009-01-08 19:15 151,552 ----a-w c:\windows\system32\ifxcardm.dll
2009-01-08 19:15 133,120 ----a-w c:\windows\system32\axaltocm.dll
2009-01-08 19:13 713,216 ----a-w c:\windows\system32\sxs.dll
2009-01-08 19:13 712,704 ----a-w c:\windows\system32\windowscodecs.dll
2009-01-08 19:13 52,736 ----a-w c:\windows\system32\w32tm.exe
2009-01-08 19:13 430,080 ----a-w c:\windows\system32\vbscript.dll
2009-01-08 19:13 347,648 ----a-w c:\windows\system32\windowscodecsext.dll
2009-01-08 19:13 30,336 ----a-w c:\windows\system32\drivers\usbehci.sys
2009-01-08 19:13 249,856 ----a-w c:\windows\system32\tapisrv.dll
2009-01-08 19:13 225,856 ----a-w c:\windows\system32\drivers\tcpip6.sys
2009-01-08 19:13 175,616 ----a-w c:\windows\system32\w32time.dll
2009-01-08 19:13 17,152 ----a-w c:\windows\system32\drivers\usbohci.sys
2009-01-08 19:13 144,128 ----a-w c:\windows\system32\drivers\usbport.sys
2009-01-08 19:13 123,392 ----a-w c:\windows\system32\umpnpmgr.dll
2009-01-08 19:12 66,048 ----a-w c:\windows\system32\shimeng.dll
2009-01-08 19:12 446,464 ----a-w c:\windows\system32\sqlsrv32.dll
2009-01-08 19:12 333,824 ----a-w c:\windows\system32\drivers\srv.sys
2009-01-08 19:12 247,326 ----a-w c:\windows\system32\strmdll.dll
2009-01-08 19:11 985,088 ----a-w c:\windows\system32\setupapi.dll
2009-01-08 19:11 97,280 ----a-w c:\windows\system32\psbase.dll
2009-01-08 19:11 203,136 ----a-w c:\windows\system32\drivers\RMCast.sys
2009-01-08 19:11 180,224 ----a-w c:\windows\system32\scrobj.dll
2009-01-08 19:11 174,848 ----a-w c:\windows\system32\drivers\rdbss.sys
.

------- Sigcheck -------

2008-10-16 15:24 827904 0d5b75171ff51775b630a431b6c667e8 c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\wininet.dll
2008-10-16 14:38 817152 5044269d9dc59326d8ee54c28acd7003 c:\windows\system32\wininet.dll
2008-10-16 15:38 826368 6741eaf7b7f110e803a6e38f6e5fa6b0 c:\windows\system32\dllcache\wininet.dll

2009-01-08 15:12 361600 5ae1c2695f6523ad98b948f2887d8c5e c:\windows\system32\drivers\tcpip.sys

2009-01-08 14:07 975872 4f6b3a9f4b7c96a8e22a5261773c16b3 c:\windows\explorer.exe

2009-01-08 14:14 66584 2275f45e257d46e6500558b2930cb9a4 c:\windows\system32\wuauclt.exe
.
((((((((((((((((((((((((((((( SnapShot@2009-02-22_18.13.31.61 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-02-23 00:14:04 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_7c0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"RocketDock"="c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [2007-03-18 630784]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-05-09 7311360]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-05-09 86016]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-10 148888]
"nwiz"="nwiz.exe" [2006-05-09 c:\windows\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2007-10-25 c:\windows\RTHDCPL.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_nltide_2"="shell32" [X]

c:\documents and settings\Samuel\Start Menu\Programs\Startup\
RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-18 630784]
UberIcon.lnk - c:\windows\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-05-21 180224]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= ffdshow.ax
"msacm.ac3filter"= ac3filter.acm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 33808]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-04-30 24592]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2009-02-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
- - - - ORPHANS REMOVED - - - -

BHO-{836A4B93-6F4A-4d61-AD3D-B8225D921F42} - c:\program files\DebroPack\DebroPack.dll

.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Samuel\Application Data\Mozilla\Firefox\Profiles\nrjvjmhm.default\
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-22 19:14:04
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-02-22 19:15:46 - machine was rebooted
ComboFix-quarantined-files.txt 2009-02-23 00:15:43
ComboFix2.txt 2009-02-22 23:17:18
ComboFix3.txt 2009-02-22 23:14:05

Pre-Run: 13,732,225,024 bytes free
Post-Run: 13,719,760,896 bytes free

313

tetonbob · 02-22-2009, 05:51 PM

Please go to Start > Run and copy/paste the following, then press Enter:

C:\QooBox\ComboFix-quarantined-files.txt

Post the contents of the logfile which will open.

Zanevalon · 02-22-2009, 05:54 PM

2009-01-15 23:17:18 A------- 1,851,544 C:\Qoobox\Quarantine\C\DOCUME~1\Samuel\LOCALS~1\Temp\install_flash_player.exe.vir
2009-01-15 23:57:55 A------- 87,608 C:\Qoobox\Quarantine\C\Documents and Settings\Samuel\Application Data\inst.exe.vir
2009-01-23 22:29:15 A------- 505,214 C:\Qoobox\Quarantine\C\WINDOWS\system32\autorun.inf.vir
2009-02-06 23:20:38 A------- 4,095 C:\Qoobox\Quarantine\C\Documents and Settings\Samuel\Local Settings\Temporary Internet Files\fbk.sts.vir
2009-02-07 23:28:52 A------- 105,984 C:\Qoobox\Quarantine\C\Program Files\WebShow\WebShow.dll.vir
2009-02-07 23:33:54 A------- 4,095 C:\Qoobox\Quarantine\C\Documents and Settings\Samuel\Local Settings\Temporary Internet Files\bestwiner.stt.vir
2009-02-07 23:38:56 A------- 4,095 C:\Qoobox\Quarantine\C\Documents and Settings\Samuel\Local Settings\Temporary Internet Files\CPV.stt.vir
2009-02-07 23:44:05 A------- 32,593 C:\Qoobox\Quarantine\C\Program Files\iCheck\Uninstall.exe.vir
2009-02-07 23:44:06 A------- 26 C:\Qoobox\Quarantine\C\Program Files\VnrPack\trgts.gz.vir
2009-02-07 23:44:07 A------- 160,171 C:\Qoobox\Quarantine\C\Program Files\VnrPack\dicts.gz.vir
2009-02-07 23:49:12 A------- 153,088 C:\Qoobox\Quarantine\C\WINDOWS\rrqf\wu.vir
2009-02-07 23:49:12 A------- 4,933,375 C:\Qoobox\Quarantine\C\Program Files\Common Files\rrqf\rrqfd\class-barrel.vir
2009-02-07 23:49:33 A------- 0 C:\Qoobox\Quarantine\C\Program Files\Common Files\rrqf\rrqfa.lck.vir
2009-02-07 23:49:33 A------- 0 C:\Qoobox\Quarantine\C\Program Files\Common Files\rrqf\rrqfm.lck.vir
2009-02-07 23:49:33 A------- 4,425 C:\Qoobox\Quarantine\C\WINDOWS\rrqf\rrqf.dat.vir
2009-02-07 23:50:33 A------- 0 C:\Qoobox\Quarantine\C\Program Files\Common Files\rrqf\rrqfl.lck.vir
2009-02-07 23:54:03 A------- 61 C:\Qoobox\Quarantine\C\Documents and Settings\LocalService\Application Data\NetMon\domains.txt.vir
2009-02-07 23:54:03 A------- 383,400 C:\Qoobox\Quarantine\C\Documents and Settings\LocalService\Application Data\NetMon\log.txt.vir
2009-02-07 23:56:56 A------- 1,536 C:\Qoobox\Quarantine\C\Program Files\Common Files\rrqf\rrqfh.vir
2009-02-08 14:29:27 A------- 568 C:\Qoobox\Quarantine\C\WINDOWS\nod32fixtemdono.reg.vir
2009-02-08 14:29:27 A------- 5,702 C:\Qoobox\Quarantine\C\WINDOWS\nod32restoretemdono.reg.vir
2009-02-08 17:34:34 A------- 4,095 C:\Qoobox\Quarantine\C\Documents and Settings\Children\Local Settings\Temporary Internet Files\CPV.stt.vir
2009-02-13 10:56:38 A------- 350,720 C:\Qoobox\Quarantine\C\Program Files\GetPack\GetPack30.exe.vir
2009-02-13 11:39:28 A------- 341,504 C:\Qoobox\Quarantine\C\Program Files\VnrPack\VnrPack25.exe.vir
2009-02-14 10:07:56 A------- 368,128 C:\Qoobox\Quarantine\C\Program Files\GetModule\GetModule37.exe.vir
2009-02-14 13:17:37 A------- 4,095 C:\Qoobox\Quarantine\C\Documents and Settings\Diane\Local Settings\Temporary Internet Files\CPV.stt.vir
2009-02-15 00:10:15 A------- 8,769 C:\Qoobox\Quarantine\C\Program Files\GetPack\trgtame.gz.vir
2009-02-15 00:10:17 A------- 202,560 C:\Qoobox\Quarantine\C\Program Files\GetPack\dictame.gz.vir
2009-02-17 03:07:21 A------- 61,952 C:\Qoobox\Quarantine\C\Documents and Settings\Samuel\Application Data\Twain\Twain.exe.vir
2009-02-17 15:02:34 A------- 133,120 C:\Qoobox\Quarantine\C\Program Files\DebroPack\DebroPack.dll.vir
2009-02-18 01:00:01 A------- 223 C:\Qoobox\Quarantine\C\Documents and Settings\Samuel\Application Data\GetModule\ofadik.gz.vir
2009-02-18 01:00:01 A------- 44,617 C:\Qoobox\Quarantine\C\Documents and Settings\Samuel\Application Data\GetModule\kwdik.gz.vir
2009-02-18 21:14:00 A------- 202,560 C:\Qoobox\Quarantine\C\Documents and Settings\Samuel\Application Data\GetModule\dicik.gz.vir
2009-02-21 12:27:18 A------- 32,576 C:\Qoobox\Quarantine\C\Program Files\VnrPack\Uninstall.exe.vir
2009-02-22 18:07:29 A------- 174 C:\Qoobox\Quarantine\catchme.log
2009-02-22 18:10:04 A------- 5,922 C:\Qoobox\Quarantine\Registry_backups\tcpip.reg
2009-02-22 18:10:09 A------- 862 C:\Qoobox\Quarantine\Registry_backups\Legacy_NETWORK_MONITOR.reg.dat
2009-02-22 18:10:09 A------- 2,822 C:\Qoobox\Quarantine\Registry_backups\Service_Network Monitor.reg.dat
2009-02-22 18:13:33 A------- 140 C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-GetPack30.reg.dat
2009-02-22 18:13:33 A------- 140 C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-VnrPack25.reg.dat
2009-02-22 18:13:33 A------- 142 C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-GetModule37.reg.dat
2009-02-22 18:13:33 A------- 238 C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-cogad.reg.dat
2009-02-22 19:11:22 A------- 128,101 C:\Qoobox\Quarantine\[4]-Submit_2009-02-22@19.11.zip
2009-02-22 19:12:12 A------- 3,056 C:\Qoobox\Quarantine\Registry_backups\Service_NOD32FiXTemDono.reg.dat
2009-02-22 19:15:14 A------- 637 C:\Qoobox\Quarantine\Registry_backups\BHO-{836A4B93-6F4A-4d61-AD3D-B8225D921F42}.reg.dat

tetonbob · 02-22-2009, 06:08 PM

Please visit this site:

http://www.bleepingcomputer.com/subm....php?channel=4
In the Link to topic where this file was requested: area, copy and paste this

http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/348253-help-popups-both-ie-firefox.html#post1984734
In the Browse to the file you want to submit: area, copy and paste this

C:\Qoobox\Quarantine\[4]-Submit_2009-02-22@19.11.zip
Then click Send File.
Once it shows:

Quote:

Your file was successfully submitted. Please let the user helping you know that you have submitted the file.
Close the site and continue with the steps below

P2P - I see you have P2P software ( µTorrent, LimeWire ) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It may be contributing to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

Please see this topic for more information:

Perils of P2P File Sharing

I would strongly recommend that you uninstall this. You can do so via Control Panel >> Add or Remove Programs.

---------------------------------------------------------------------------------------------

Perform an online scan with Panda ActiveScan

Click on Scan Your PC Now
A "pop up" window will appear, or a new tab will open.
Click on Register
Choose the option you like most, but we recommend the Free Registration.
Click on Register
Enter your e-mail address, and create a password.
Select "I do not want to receive any type of information". (unless you want to receive such information)
Click on Send
Confirm registration, and continue by entering your user name and password, then click on Enter
Select Full Scan, then Click on Scan Now
Wait for the components to be loaded and installed. Don't close this window or go to another page while it is downloading. You can continue using the Internet by opening another window in your browser.
If it finds any malware it can disinfect, the Disinfect button will be enabled. Click on Disinfect
Please ignore the offer to buy the program. Click on Export To
Export the log and save it to your desktop.
Please attach the contents of that log to your reply, along with a new HijackThis log.

* Turn off the real time scanner of any existing antivirus program while performing the online scan

---------------------------------------------------------------------------------------------

How is the machine behaving?

Zanevalon · 02-22-2009, 08:46 PM

I dont have a HJT program but i saw in the log of the DDS scan that it provided a HJT report so i ran that program again and here is the log of it, attached is the ActiveScan log as well.

But aside from that the computer is running superb. I haven't had another popup attack and it appears that most of, if not all, of the malware/spyware is gone.

DDS (Ver_09-02-01.01) - NTFSx86
Run by Samuel at 22:43:00.81 on Sun 02/22/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_12
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.894.214 [GMT -5:00]

AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe
C:\Program Files\iTunes\iTunes.exe
C:\Documents and Settings\Samuel\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = *.local
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\smart web printing\hpswp_printenhancer.dll
BHO: HP Print Clips: {053f9267-dc04-4294-a72c-58f732d338c0} - c:\program files\hp\smart web printing\hpswp_framework.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky anti-virus 2009\ievkbd.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
EB: Internet Speed Monitor: {1b7f9277-46dc-4938-a28e-910497149e72} - c:\program files\debropack\DebroPack.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [RocketDock] "c:\windows\bricopacks\vista inspirat 2\rocketdock\RocketDock.exe"
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
dRunOnce: [_nltide_2] regsvr32 /s /n /i:U shell32
StartupFolder: c:\docume~1\samuel\startm~1\programs\startup\rocket~1.lnk - c:\windows\bricopacks\vista inspirat 2\rocketdock\RocketDock.exe
StartupFolder: c:\docume~1\samuel\startm~1\programs\startup\ubericon.lnk - c:\windows\bricopacks\vista inspirat 2\ubericon\UberIcon Manager.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - {85E0B171-04FA-11D1-B7DA-00A0C90348D6} - c:\program files\kaspersky lab\kaspersky anti-virus 2009\SCIEPlgn.dll
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {E763472E-A716-4CD9-89BD-DBDA6122F741} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {700259D7-1666-479a-93B1-3250410481E8} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files\hp\smart web printing\hpswp_extensions.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office12\REFIEBAR.DLL
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
Notify: klogon - c:\windows\system32\klogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\wpdshserviceobj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\samuel\applic~1\mozilla\firefox\profiles\nrjvjmhm.default\

============= SERVICES / DRIVERS ===============

R0 kl1;Kl1;c:\windows\system32\drivers\kl1.sys [2008-7-21 121872]
R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-1-29 33808]
R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2009-2-17 226832]
R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-5-12 611664]
R2 AVP;Kaspersky Anti-Virus;c:\program files\kaspersky lab\kaspersky anti-virus 2009\avp.exe [2008-11-11 206088]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-4-30 24592]
S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter;c:\windows\system32\drivers\NSDriver.sys [2008-4-29 15648]
S3 Ad-Watch Real-Time Scanner;AW Real-Time Scanner;c:\windows\system32\drivers\Awrtpd.sys [2008-4-29 12960]

=============== Created Last 30 ================

2009-02-22 20:24 28,544 a------- c:\windows\system32\drivers\pavboot.sys
2009-02-22 20:23 <DIR> --d----- c:\program files\Panda Security
2009-02-22 19:49 3,073,320 a------- c:\windows\system32\AdvrCntr2D6E0B790.dll
2009-02-22 19:47 996,648 a------- c:\windows\system32\ShellManager10E2D762.dll
2009-02-22 19:47 638,976 a------- c:\windows\system32\NEROINSTAEC43759.DB
2009-02-22 18:11 <DIR> --d----- c:\windows\system32\xircom
2009-02-22 18:08 <DIR> a-dshr-- C:\cmdcons
2009-02-22 18:07 161,792 a------- c:\windows\SWREG.exe
2009-02-22 18:07 98,816 a------- c:\windows\sed.exe
2009-02-22 12:39 <DIR> --d----- C:\ToolBar SD
2009-02-20 12:41 250 a------- c:\windows\gmer.ini
2009-02-20 12:26 <DIR> --d----- c:\program files\DebroPack
2009-02-17 00:39 101,287 a------- c:\windows\system32\drivers\klin.dat
2009-02-17 00:39 89,601 a------- c:\windows\system32\drivers\klick.dat
2009-02-17 00:38 4,189,728 a--sh--- c:\windows\system32\drivers\fidbox.dat
2009-02-17 00:38 352,288 a--sh--- c:\windows\system32\drivers\fidbox2.dat
2009-02-17 00:38 36,956 a--sh--- c:\windows\system32\drivers\fidbox.idx
2009-02-17 00:38 3,332 a--sh--- c:\windows\system32\drivers\fidbox2.idx
2009-02-17 00:38 <DIR> --d----- c:\program files\Kaspersky Lab
2009-02-17 00:38 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Kaspersky Lab
2009-02-17 00:37 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Kaspersky Lab Setup Files
2009-02-16 16:55 <DIR> --d----- c:\program files\Lavasoft
2009-02-16 16:54 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2009-02-12 21:46 <DIR> --d----- c:\docume~1\samuel\applic~1\Juce VST Host
2009-02-11 00:19 69 a------- c:\windows\NeroDigital.ini
2009-02-10 23:26 <DIR> --d----- c:\documents and settings\samuel\.housecall6.6
2009-02-10 23:24 73,728 a------- c:\windows\system32\javacpl.cpl
2009-02-08 23:58 <DIR> --d----- c:\program files\Nero
2009-02-08 23:58 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Nero
2009-02-08 23:28 <DIR> --d----- c:\program files\DVD Shrink
2009-02-08 23:05 <DIR> --d----- c:\program files\DVD Decrypter
2009-02-08 20:26 <DIR> --d----- c:\docume~1\samuel\applic~1\LimeWire
2009-02-08 20:26 410,984 a------- c:\windows\system32\deploytk.dll
2009-02-08 20:24 <DIR> --d----- c:\program files\LimeWire
2009-02-08 14:28 <DIR> --d----- c:\program files\ESET
2009-02-06 23:22 <DIR> --d----- c:\program files\ASIO4ALL v2
2009-02-06 23:22 225,280 a------- c:\windows\system32\rewire.dll
2009-02-06 23:22 <DIR> --d----- c:\program files\VstPlugins
2009-02-06 23:22 1,294,336 a------- c:\windows\system32\vorbis.acm
2009-02-06 23:21 <DIR> --d----- c:\program files\Outsim
2009-02-06 23:20 <DIR> --d----- c:\program files\Image-Line
2009-01-24 19:11 <DIR> --d----- c:\program files\Audacity 1.3 Beta (Unicode)
2009-01-24 01:29 <DIR> --d----- c:\docume~1\alluse~1\applic~1\vsosdk
2009-01-24 00:59 <DIR> --d----- c:\docume~1\alluse~1\applic~1\WEBREG

==================== Find3M ====================

2009-02-17 00:49 33,808 a------- c:\windows\system32\drivers\klbg.sys
2009-01-23 22:37 139,671 a------- c:\windows\hpoins15.dat
2009-01-16 04:16 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-01-15 23:57 47,360 a------- c:\windows\system32\drivers\pcouffin.sys
2009-01-15 23:57 47,360 a------- c:\docume~1\samuel\applic~1\pcouffin.sys
2009-01-15 23:42 218,624 a------- c:\windows\system32\uxtheme.dll
2009-01-15 23:42 52,477 a------- c:\windows\BricoPackUninst.cmd
2009-01-15 23:42 6,116 a------- c:\windows\BricoPackFoldersDelete.cmd
2009-01-15 04:07 21,640 a------- c:\windows\system32\emptyregdb.dat
2009-01-08 15:12 361,600 a------- c:\windows\system32\drivers\tcpip.sys
2009-01-08 15:12 140,288 a------- c:\windows\system32\sfc_os.dll
2009-01-08 15:10 4,096 a------- c:\windows\system32\wmvdmoe2.dll
2009-01-08 15:10 4,096 a------- c:\windows\system32\wmvdmod.dll
2009-01-08 15:10 1,329,152 a------- c:\windows\system32\wmspdmoe.dll
2009-01-08 15:10 603,648 a------- c:\windows\system32\wmspdmod.dll
2009-01-08 15:09 8,231,936 a------- c:\windows\system32\wmploc.dll
2009-01-08 15:09 99,840 a------- c:\windows\system32\wmpshell.dll
2009-01-08 15:09 4,096 a------- c:\windows\system32\wmsdmoe2.dll
2009-01-08 15:09 4,096 a------- c:\windows\system32\wmsdmod.dll
2009-01-08 15:09 314,880 a------- c:\windows\system32\wmpdxm.dll
2009-01-08 15:09 242,688 a------- c:\windows\system32\wmpasf.dll
2009-01-08 15:09 938,496 a------- c:\windows\system32\wmnetmgr.dll
2009-01-08 15:09 157,184 a------- c:\windows\system32\wmidx.dll
2009-01-08 15:09 227,328 a------- c:\windows\system32\wmerror.dll
2009-01-08 14:41 1,614,848 a------- c:\windows\system32\sfcfiles.dll
2009-01-08 14:38 323,641 a------- c:\windows\system32\usrdtea.dll
2009-01-08 14:23 1,246,720 a------- c:\windows\system32\syssetup.dll
2009-01-08 14:23 24,576 a------- c:\windows\system32\nlsdl.dll
2009-01-08 14:23 26,112 a------- c:\windows\system32\idndl.dll
2009-01-08 14:23 23,552 a------- c:\windows\system32\normaliz.dll
2009-01-08 14:22 156,160 a------- c:\windows\system32\msls31.dll
2009-01-08 14:22 48,128 a------- c:\windows\system32\mshtmler.dll
2009-01-08 14:22 45,568 a------- c:\windows\system32\mshta.exe
2009-01-08 14:21 40,960 a------- c:\windows\system32\licmgr10.dll
2009-01-08 14:21 36,352 a------- c:\windows\system32\imgutil.dll
2009-01-08 14:21 55,296 a------- c:\windows\system32\iesetup.dll
2009-01-08 14:20 78,336 a------- c:\windows\system32\ieencode.dll
2009-01-08 14:20 17,408 a------- c:\windows\system32\corpol.dll
2009-01-08 14:20 71,680 a------- c:\windows\system32\admparse.dll
2009-01-08 14:15 323,696 a------- c:\windows\system32\msdrm.dll
2009-01-08 14:15 465,920 a------- c:\windows\system32\imapi2fs.dll
2009-01-08 14:15 317,952 a------- c:\windows\system32\imapi2.dll
2009-01-08 14:15 151,552 a------- c:\windows\system32\ifxcardm.dll
2009-01-08 14:15 633,344 a------- c:\windows\system32\gpprefcl.dll
2009-01-08 14:15 6,144 a------- c:\windows\system32\FontReg.exe
2009-01-08 14:15 96,792 a------- c:\windows\system32\basecsp.dll
2009-01-08 14:15 25,600 a------- c:\windows\system32\bcsprsrc.dll
2009-01-08 14:15 133,120 a------- c:\windows\system32\axaltocm.dll
2009-01-08 14:15 383,488 a------- c:\windows\system32\wzcdlg.dll
2009-01-08 14:14 23,576 a------- c:\windows\system32\wuauserv.dll
2009-01-08 14:14 194,520 a------- c:\windows\system32\wuaueng1.dll
2009-01-08 14:14 292,312 a------- c:\windows\system32\wuauclt1.exe
2009-01-08 14:14 90,112 a------- c:\windows\system32\wshext.dll
2009-01-08 14:14 155,648 a------- c:\windows\system32\wscript.exe
2009-01-08 14:14 134,144 a------- c:\windows\system32\wkssvc.dll
2009-01-08 14:14 177,664 a------- c:\windows\system32\wintrust.dll
2009-01-08 14:14 294,400 a------- c:\windows\system32\winsrv.dll
2009-01-08 14:14 104,960 a------- c:\windows\system32\win32spl.dll
2009-01-08 14:14 1,846,912 a------- c:\windows\system32\win32k.sys
2009-01-08 14:13 347,648 a------- c:\windows\system32\windowscodecsext.dll
2009-01-08 14:13 712,704 a------- c:\windows\system32\windowscodecs.dll
2009-01-08 14:13 52,736 a------- c:\windows\system32\w32tm.exe
2009-01-08 14:13 175,616 a------- c:\windows\system32\w32time.dll
2009-01-08 14:13 430,080 a------- c:\windows\system32\vbscript.dll
2009-01-08 14:13 144,128 a------- c:\windows\system32\drivers\usbport.sys
2009-01-08 14:13 17,152 a------- c:\windows\system32\drivers\usbohci.sys
2009-01-08 14:13 30,336 a------- c:\windows\system32\drivers\usbehci.sys
2009-01-08 14:13 123,392 a------- c:\windows\system32\umpnpmgr.dll
2009-01-08 14:13 225,856 a------- c:\windows\system32\drivers\tcpip6.sys
2009-01-08 14:13 249,856 a------- c:\windows\system32\tapisrv.dll
2009-01-08 14:13 713,216 a------- c:\windows\system32\sxs.dll
2009-01-08 14:12 247,326 a------- c:\windows\system32\strmdll.dll
2009-01-08 14:12 333,824 a------- c:\windows\system32\drivers\srv.sys
2009-01-08 14:12 446,464 a------- c:\windows\system32\sqlsrv32.dll
2009-01-08 14:12 66,048 a------- c:\windows\system32\shimeng.dll
2009-01-08 14:11 985,088 a------- c:\windows\system32\setupapi.dll
2009-01-08 14:11 172,032 a------- c:\windows\system32\scrrun.dll
2009-01-08 14:11 180,224 a------- c:\windows\system32\scrobj.dll
2009-01-08 14:11 144,896 a------- c:\windows\system32\schannel.dll
2009-01-08 14:11 203,136 a------- c:\windows\system32\drivers\RMCast.sys
2009-01-08 14:11 139,656 a------- c:\windows\system32\drivers\rdpwd.sys
2009-01-08 14:11 174,848 a------- c:\windows\system32\drivers\rdbss.sys
2009-01-08 14:11 1,288,192 a------- c:\windows\system32\quartz.dll
2009-01-08 14:11 97,280 a------- c:\windows\system32\psbase.dll
2009-01-08 14:10 215,552 a------- c:\windows\system32\osk.exe
2009-01-08 14:10 1,288,192 a------- c:\windows\system32\ole32.dll
2009-01-08 14:10 61,824 a------- c:\windows\system32\drivers\ohci1394.sys
2009-01-08 14:10 24,576 a------- c:\windows\system32\odbcbcp.dll
2009-01-08 14:10 249,856 a------- c:\windows\system32\odbc32.dll
2009-01-08 14:10 270,336 a------- c:\windows\system32\oakley.dll
2009-01-08 14:10 2,145,280 a------- c:\windows\system32\ntoskrnl.exe
2009-01-08 14:08 304,152 a------- c:\windows\system32\msexcl40.dll
2009-01-08 14:08 299,520 a------- c:\windows\system32\MSCTF.dll
2009-01-08 14:08 74,240 a------- c:\windows\system32\mscms.dll
2009-01-08 14:07 455,936 a------- c:\windows\system32\drivers\mrxsmb.sys
2009-01-08 14:07 179,712 a------- c:\windows\system32\drivers\mrxdav.sys
2009-01-08 14:07 397,312 a------- c:\windows\system32\mmcex.dll
2009-01-08 14:07 728,064 a------- c:\windows\system32\lsasrv.dll
2009-01-08 14:07 343,552 a------- c:\windows\system32\localspl.dll
2009-01-08 14:07:44 A------- 2,089,984 c:\windows\system32\mstscax.dll

============= FINISH: 22:43:24.29 ===============

tetonbob · 02-22-2009, 09:08 PM

Sorry about that...it's an older reference. Thanks for thinking on your feet and providing DDS log.

I need a bit more information...

Please go to: VirusTotal

On the page you'll find a "Browse" button.
Next to the browse button you'll see a box to enter text.
Please copy/paste the following:

c:\windows\system32\wuauclt.exe
Then click the "Send File " button just below.
This will scan the file. Please be patient.
If you get a message saying File has already been analyzed: click Reanalyze file now
Once scanned, copy and paste the results in your next reply.
Please repeat for the following files:
- c:\windows\explorer.exe
  c:\windows\system32\wininet.dll

Also...

Disable resident protections (Antivirus...); re-enable them after the scan

Download ToolBar S&D < here

Double-click ToolBar S&D.exe
Choose the language, then choose Option 1 (Search)
Wait till the end of the scan
Post the log which was created: (%SystemDrive%\TB.txt)

Zanevalon · 02-22-2009, 09:45 PM

File wuauclt.exe received on 02.23.2009 05:27:32 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 0/39 (0%)

Antivirus Version Last Update Result
a-squared 4.0.0.93 2009.02.23 -
AhnLab-V3 2009.2.21.0 2009.02.22 -
AntiVir 7.9.0.87 2009.02.22 -
Authentium 5.1.0.4 2009.02.22 -
Avast 4.8.1335.0 2009.02.22 -
AVG 8.0.0.237 2009.02.22 -
BitDefender 7.2 2009.02.23 -
CAT-QuickHeal 10.00 2009.02.22 -
ClamAV 0.94.1 2009.02.22 -
Comodo 983 2009.02.20 -
DrWeb 4.44.0.09170 2009.02.23 -
eSafe 7.0.17.0 2009.02.19 -
eTrust-Vet 31.6.6368 2009.02.20 -
F-Prot 4.4.4.56 2009.02.22 -
F-Secure 8.0.14470.0 2009.02.23 -
Fortinet 3.117.0.0 2009.02.22 -
GData 19 2009.02.23 -
Ikarus T3.1.1.45.0 2009.02.23 -
K7AntiVirus 7.10.639 2009.02.21 -
Kaspersky 7.0.0.125 2009.02.23 -
McAfee 5533 2009.02.22 -
McAfee+Artemis 5533 2009.02.22 -
Microsoft 1.4306 2009.02.23 -
NOD32 3879 2009.02.23 -
Norman 6.00.06 2009.02.20 -
nProtect 2009.1.8.0 2009.02.23 -
Panda 10.0.0.10 2009.02.22 -
PCTools 4.4.2.0 2009.02.22 -
Prevx1 V2 2009.02.23 -
Rising 21.18.00.00 2009.02.23 -
SecureWeb-Gateway 6.7.6 2009.02.23 -
Sophos 4.39.0 2009.02.23 -
Sunbelt 3.2.1855.2 2009.02.17 -
Symantec 10 2009.02.23 -
TheHacker 6.3.2.4.263 2009.02.21 -
TrendMicro 8.700.0.1004 2009.02.23 -
VBA32 3.12.10.0 2009.02.22 -
ViRobot 2009.2.20.1617 2009.02.20 -
VirusBuster 4.5.11.0 2009.02.22 -
Additional information
File size: 66584 bytes
MD5...: 2275f45e257d46e6500558b2930cb9a4
SHA1..: c04a1730e358332afe9b7b27ca50e215f09a2db0
SHA256: ca7a75dea5b56ac9cb38ff80cd65c6adc7384ae32b0e20a52b46c3b6c4b3d4f3
SHA512: 047cd78adcfcb021728b7a4910edfc4b8052b59f1577177fa39511ed00fe866e
2cfc09fc7ca83b75ec4a53607b840d434a773176b9650f05fc2b4d225bb5ed68
ssdeep: 768:r53FKSUAg+c6uzJBXJDy0g1FX3vxBytpxXJ6xjmH6HNNgKEf/jKv:1LcDzfX
Sh/x0BOqyNNk/k
PEiD..: -
TrID..: File type identification
Win64 Executable Generic (59.6%)
Win32 Executable MS Visual C++ (generic) (26.2%)
Win32 Executable Generic (5.9%)
Win32 Dynamic Link Library (generic) (5.2%)
Generic Win/DOS Executable (1.3%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x4042dd
timedatestamp.....: 0x48f7aa62 (Thu Oct 16 20:56:02 2008)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x8c84 0x8e00 6.00 9f8b89792869e1a1044ff3bb4603297d
.data 0xa000 0xd54 0x400 5.81 aea75c550ab527cbfba56bc33d16ea93
.rsrc 0xb000 0x4386 0x4400 5.03 35ac052a2368358c29aa33aa83daf683
.reloc 0x10000 0xc8a 0xe00 3.10 56fa4b399c6d09575836259c52cf6c40

( 6 imports )
> KERNEL32.dll: CreateFileW, CreateDirectoryW, GetFileAttributesW, ExpandEnvironmentStringsW, lstrlenW, CreateProcessW, VerSetConditionMask, VerifyVersionInfoW, LoadLibraryW, OutputDebugStringW, WriteFile, FlushFileBuffers, GetModuleFileNameW, InterlockedIncrement, InterlockedDecrement, GetSystemTime, GetLastError, SetLastError, GetFileSize, CreateFileMappingW, MapViewOfFile, UnmapViewOfFile, SetFilePointer, SetEndOfFile, ReleaseMutex, WaitForSingleObject, CreateMutexW, CloseHandle, UnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, GetSystemTimeAsFileTime, GetCurrentProcessId, GetCurrentThreadId, GetTickCount, QueryPerformanceCounter, GetModuleHandleA, SetUnhandledExceptionFilter, RtlUnwind, GetStartupInfoW, GetTimeZoneInformation, SystemTimeToTzSpecificLocalTime, GetSystemDirectoryW, LoadLibraryExW, GetDriveTypeW, GetVolumePathNameW, GetFileType, GetSystemInfo, GetModuleHandleW, CompareStringW, GetProcessHeap, HeapFree, HeapAlloc, GetCommandLineW, FreeLibrary, OpenEventW, GetProcAddress, WideCharToMultiByte, InterlockedExchange, Sleep, InterlockedCompareExchange
> msvcrt.dll: __dllonexit, _unlock, _controlfp, _terminate@@YAXXZ, free, malloc, memmove, memcpy, memset, __set_app_type, __p__fmode, __p__commode, _adjust_fdiv, __setusermatherr, _amsg_exit, _initterm, _wcmdln, exit, _XcptFilter, _lock, _cexit, __wgetmainargs, _vsnwprintf, _onexit, _exit
> ole32.dll: CoTaskMemFree, CoUninitialize, CoCreateInstance, CoInitialize, CoInitializeEx
> ADVAPI32.dll: AllocateAndInitializeSid, FreeSid, GetTokenInformation, DuplicateTokenEx, CheckTokenMembership, IsValidSid, CopySid, RegCreateKeyExW, RegSetValueExW, RegQueryValueExW, GetUserNameW, GetLengthSid, InitializeAcl, AddAccessAllowedAce, InitializeSecurityDescriptor, SetSecurityDescriptorDacl, RegOpenKeyExW, RegCloseKey
> OLEAUT32.dll: -, -
> SHLWAPI.dll: StrRChrW, -, PathStripToRootW, PathIsRelativeW, StrChrW, PathIsRootW, PathIsUNCW

( 0 exports )
CWSandbox info: <a href='http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=2275f45e257d46e6500558b2930cb9a4' target='_blank'>http://research.sunbelt-software.com/partnerresource/MD5.aspx?md5=2275f45e257d46e6500558b2930cb9a4</a>

File explorer.exe received on 02.23.2009 05:20:36 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 0/39 (0%)

Antivirus Version Last Update Result
a-squared 4.0.0.93 2009.02.23 -
AhnLab-V3 2009.2.21.0 2009.02.22 -
AntiVir 7.9.0.87 2009.02.22 -
Authentium 5.1.0.4 2009.02.22 -
Avast 4.8.1335.0 2009.02.22 -
AVG 8.0.0.237 2009.02.22 -
BitDefender 7.2 2009.02.23 -
CAT-QuickHeal 10.00 2009.02.22 -
ClamAV 0.94.1 2009.02.22 -
Comodo 984 2009.02.20 -
DrWeb 4.44.0.09170 2009.02.23 -
eSafe 7.0.17.0 2009.02.19 -
eTrust-Vet 31.6.6368 2009.02.20 -
F-Prot 4.4.4.56 2009.02.22 -
F-Secure 8.0.14470.0 2009.02.23 -
Fortinet 3.117.0.0 2009.02.22 -
GData 19 2009.02.23 -
Ikarus T3.1.1.45.0 2009.02.23 -
K7AntiVirus 7.10.639 2009.02.21 -
Kaspersky 7.0.0.125 2009.02.23 -
McAfee 5533 2009.02.22 -
McAfee+Artemis 5533 2009.02.22 -
Microsoft 1.4306 2009.02.23 -
NOD32 3879 2009.02.23 -
Norman 6.00.06 2009.02.20 -
nProtect 2009.1.8.0 2009.02.23 -
Panda 10.0.0.10 2009.02.22 -
PCTools 4.4.2.0 2009.02.22 -
Prevx1 V2 2009.02.23 -
Rising 21.18.00.00 2009.02.23 -
SecureWeb-Gateway 6.7.6 2009.02.23 -
Sophos 4.39.0 2009.02.23 -
Sunbelt 3.2.1855.2 2009.02.17 -
Symantec 10 2009.02.23 -
TheHacker 6.3.2.4.263 2009.02.21 -
TrendMicro 8.700.0.1004 2009.02.23 -
VBA32 3.12.10.0 2009.02.22 -
ViRobot 2009.2.20.1617 2009.02.20 -
VirusBuster 4.5.11.0 2009.02.22 -
Additional information
File size: 975872 bytes
MD5...: 4f6b3a9f4b7c96a8e22a5261773c16b3
SHA1..: 1dbfdd2b9782ee0cdbbe1db4b0cf36c89be2578e
SHA256: 251e3392b4281dd57e80d4a46b73a5ff1cc056bcdabd486fa8965153b63ef468
SHA512: 1d142c759a5601993f7d1d6102b2c91e00ff9e2e45cdfbcf6c27335bd48f2595
41c0e222d5b9980358b09a584df54bf1a1b90eab140313376ff07bfc930e894f
ssdeep: 24576:58PefZ3RJEniEgAy2+cV6smSvwA1omjg:58euiEgAy2+cMiwA2mjg
PEiD..: -
TrID..: File type identification
Win32 Executable MS Visual C++ (generic) (65.2%)
Win32 Executable Generic (14.7%)
Win32 Dynamic Link Library (generic) (13.1%)
Generic Win/DOS Executable (3.4%)
DOS Executable Generic (3.4%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x101a56f
timedatestamp.....: 0x486cba2d (Thu Jul 03 11:38:21 2008)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x44c49 0x44e00 6.36 5da053cb8d1480cd7c1ce316aeb73e83
.data 0x46000 0x1db4 0x1800 1.30 01552ec932276597519ea44e0e73bf5c
.rsrc 0x48000 0xa40d3 0xa4200 6.57 8d23fdeba5c7677f707fb7ba52fd7276
.reloc 0xed000 0x3748 0x3800 6.77 2871633329f6c9762cd810ddb2975e15

( 13 imports )
> ADVAPI32.dll: RegSetValueW, RegEnumKeyExW, GetUserNameW, RegNotifyChangeKeyValue, RegEnumValueW, RegQueryValueExA, RegOpenKeyExA, RegEnumKeyW, RegCloseKey, RegCreateKeyW, RegQueryInfoKeyW, RegOpenKeyExW, RegQueryValueExW, RegCreateKeyExW, RegSetValueExW, RegDeleteValueW, RegQueryValueW
> BROWSEUI.dll: -, -, -, -
> GDI32.dll: GetStockObject, CreatePatternBrush, OffsetViewportOrgEx, GetLayout, CombineRgn, CreateDIBSection, GetTextExtentPoint32W, StretchBlt, CreateRectRgnIndirect, CreateRectRgn, GetClipRgn, IntersectClipRect, GetViewportOrgEx, SetViewportOrgEx, SelectClipRgn, PatBlt, GetBkColor, CreateCompatibleDC, CreateCompatibleBitmap, OffsetWindowOrgEx, DeleteDC, SetBkColor, BitBlt, ExtTextOutW, GetTextExtentPointW, GetClipBox, GetObjectW, SetTextColor, SetBkMode, CreateFontIndirectW, DeleteObject, GetTextMetricsW, SelectObject, GetDeviceCaps, TranslateCharsetInfo, SetStretchBltMode
> KERNEL32.dll: GetSystemDirectoryW, CreateThread, CreateJobObjectW, ExitProcess, SetProcessShutdownParameters, ReleaseMutex, CreateMutexW, SetPriorityClass, GetCurrentProcess, GetStartupInfoW, GetCommandLineW, SetErrorMode, LeaveCriticalSection, EnterCriticalSection, ResetEvent, LoadLibraryExA, CompareFileTime, GetSystemTimeAsFileTime, SetThreadPriority, GetCurrentThreadId, GetThreadPriority, GetCurrentThread, GetUserDefaultLangID, Sleep, GetBinaryTypeW, GetModuleHandleExW, SystemTimeToFileTime, GetLocalTime, GetCurrentProcessId, GetEnvironmentVariableW, UnregisterWait, GlobalGetAtomNameW, GetFileAttributesW, MoveFileW, lstrcmpW, LoadLibraryExW, FindClose, FindNextFileW, FindFirstFileW, lstrcmpiA, SetEvent, AssignProcessToJobObject, GetDateFormatW, GetTimeFormatW, FlushInstructionCache, lstrcpynW, GetSystemWindowsDirectoryW, SetLastError, GetProcessHeap, HeapFree, HeapReAlloc, HeapSize, HeapAlloc, GetUserDefaultLCID, ReadProcessMemory, OpenProcess, InterlockedCompareExchange, LoadLibraryA, QueryPerformanceCounter, UnhandledExceptionFilter, SetUnhandledExceptionFilter, VirtualFree, VirtualAlloc, ResumeThread, TerminateProcess, TerminateThread, GetSystemDefaultLCID, GetLocaleInfoW, CreateEventW, GetLastError, OpenEventW, DelayLoadFailureHook, WaitForSingleObject, GetTickCount, ExpandEnvironmentStringsW, GetModuleFileNameW, GetPrivateProfileStringW, lstrcmpiW, CreateProcessW, FreeLibrary, GetWindowsDirectoryW, LocalAlloc, CreateFileW, DeviceIoControl, LocalFree, GetQueuedCompletionStatus, CreateIoCompletionPort, SetInformationJobObject, CloseHandle, LoadLibraryW, GetModuleHandleW, ActivateActCtx, DeactivateActCtx, GetFileAttributesExW, GetProcAddress, DeleteCriticalSection, CreateEventA, HeapDestroy, InitializeCriticalSection, MulDiv, InitializeCriticalSectionAndSpinCount, lstrlenW, InterlockedDecrement, InterlockedIncrement, GlobalAlloc, InterlockedExchange, GetModuleHandleA, GetVersionExA, GlobalFree, GetProcessTimes, lstrcpyW, GetLongPathNameW, RegisterWaitForSingleObject
> msvcrt.dll: _itow, free, memmove, realloc, _except_handler3, malloc, _ftol, _vsnwprintf
> ntdll.dll: RtlNtStatusToDosError, NtQueryInformationProcess
> ole32.dll: CoFreeUnusedLibraries, RegisterDragDrop, CreateBindCtx, RevokeDragDrop, CoInitializeEx, CoUninitialize, OleInitialize, CoRevokeClassObject, CoRegisterClassObject, CoMarshalInterThreadInterfaceInStream, CoCreateInstance, OleUninitialize, DoDragDrop
> OLEAUT32.dll: -, -
> SHDOCVW.dll: -, -, -
> SHELL32.dll: -, -, SHGetFolderPathW, -, -, -, -, -, ExtractIconExW, -, -, -, -, -, -, -, -, -, -, -, -, -, -, SHGetSpecialFolderLocation, ShellExecuteExW, -, -, -, SHGetSpecialFolderPathW, -, -, -, SHBindToParent, -, -, -, SHParseDisplayName, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, SHChangeNotify, SHGetDesktopFolder, SHAddToRecentDocs, -, -, -, DuplicateIcon, -, -, -, -, -, -, -, -, SHUpdateRecycleBinIcon, SHGetFolderLocation, SHGetPathFromIDListA, -, -, -, -, -, -, -, SHGetPathFromIDListW, -, -, -
> SHLWAPI.dll: StrCpyNW, -, -, -, -, StrRetToBufW, StrRetToStrW, -, -, -, -, SHQueryValueExW, PathIsNetworkPathW, -, AssocCreate, -, -, -, -, -, StrCatW, StrCpyW, -, -, -, -, -, -, SHGetValueW, -, StrCmpNIW, PathRemoveBlanksW, PathRemoveArgsW, PathFindFileNameW, StrStrIW, PathGetArgsW, -, StrToIntW, SHRegGetBoolUSValueW, SHRegWriteUSValueW, SHRegCloseUSKey, SHRegCreateUSKeyW, SHRegGetUSValueW, SHSetValueW, -, PathAppendW, PathUnquoteSpacesW, -, -, PathQuoteSpacesW, -, SHSetThreadRef, SHCreateThreadRef, -, -, -, PathCombineW, -, -, -, SHStrDupW, PathIsPrefixW, PathParseIconLocationW, AssocQueryKeyW, -, AssocQueryStringW, StrCmpW, -, -, -, -, -, -, -, -, SHRegQueryUSValueW, SHRegOpenUSKeyW, SHRegSetUSValueW, PathIsDirectoryW, PathFileExistsW, PathGetDriveNumberW, -, StrChrW, PathFindExtensionW, -, -, PathRemoveFileSpecW, PathStripToRootW, -, -, -, SHOpenRegStream2W, -, -, -, StrDupW, SHDeleteValueW, StrCatBuffW, SHDeleteKeyW, StrCmpIW, -, -, wnsprintfW, -, -, StrCmpNW, -, -
> USER32.dll: TileWindows, GetDoubleClickTime, GetSystemMetrics, GetSysColorBrush, AllowSetForegroundWindow, LoadMenuW, GetSubMenu, RemoveMenu, SetParent, GetMessagePos, CheckDlgButton, EnableWindow, GetDlgItemInt, SetDlgItemInt, CopyIcon, AdjustWindowRectEx, DrawFocusRect, DrawEdge, ExitWindowsEx, WindowFromPoint, SetRect, AppendMenuW, LoadAcceleratorsW, LoadBitmapW, SendNotifyMessageW, SetWindowPlacement, CheckMenuItem, EndDialog, SendDlgItemMessageW, MessageBeep, GetActiveWindow, PostQuitMessage, MoveWindow, GetDlgItem, RemovePropW, GetClassNameW, GetDCEx, SetCursorPos, ChildWindowFromPoint, ChangeDisplaySettingsW, RegisterHotKey, UnregisterHotKey, SetCursor, SendMessageTimeoutW, GetWindowPlacement, LoadImageW, SetWindowRgn, IntersectRect, OffsetRect, EnumDisplayMonitors, RedrawWindow, SubtractRect, TranslateAcceleratorW, WaitMessage, InflateRect, CallWindowProcW, GetDlgCtrlID, SetCapture, LockSetForegroundWindow, SystemParametersInfoW, FindWindowW, CreatePopupMenu, GetMenuDefaultItem, DestroyMenu, GetShellWindow, EnumChildWindows, GetWindowLongW, SendMessageW, RegisterWindowMessageW, GetKeyState, CopyRect, MonitorFromRect, MonitorFromPoint, RegisterClassW, SetPropW, GetWindowLongA, SetWindowLongW, FillRect, GetCursorPos, MessageBoxW, LoadStringW, ReleaseDC, GetDC, EnumDisplaySettingsExW, EnumDisplayDevicesW, PostMessageW, DispatchMessageW, TranslateMessage, GetMessageW, PeekMessageW, PtInRect, BeginPaint, EndPaint, SetWindowTextW, GetAsyncKeyState, InvalidateRect, GetWindow, ShowWindowAsync, TrackPopupMenuEx, UpdateWindow, DestroyIcon, IsRectEmpty, SetActiveWindow, GetSysColor, DrawTextW, IsHungAppWindow, SetTimer, GetMenuItemID, TrackPopupMenu, EndTask, SendMessageCallbackW, GetClassLongW, LoadIconW, OpenInputDesktop, CloseDesktop, SetScrollPos, ShowWindow, BringWindowToTop, GetDesktopWindow, CascadeWindows, CharUpperBuffW, SwitchToThisWindow, InternalGetWindowText, GetScrollInfo, GetMenuItemCount, CreateWindowExW, DialogBoxParamW, MsgWaitForMultipleObjects, CharNextA, RegisterClipboardFormatW, EndDeferWindowPos, DeferWindowPos, BeginDeferWindowPos, PrintWindow, SetClassLongW, GetPropW, GetNextDlgGroupItem, GetNextDlgTabItem, ChildWindowFromPointEx, IsChild, NotifyWinEvent, TrackMouseEvent, GetCapture, GetAncestor, CharUpperW, SetWindowLongA, DrawCaption, ModifyMenuW, InsertMenuW, IsWindowEnabled, GetMenuState, LoadCursorW, GetParent, IsDlgButtonChecked, DestroyWindow, EnumWindows, IsWindowVisible, GetClientRect, UnionRect, EqualRect, GetWindowThreadProcessId, GetForegroundWindow, KillTimer, GetClassInfoExW, DefWindowProcW, RegisterClassExW, GetIconInfo, SetScrollInfo, GetLastActivePopup, SetForegroundWindow, IsWindow, GetSystemMenu, IsIconic, IsZoomed, EnableMenuItem, SetMenuDefaultItem, MonitorFromWindow, GetMonitorInfoW, GetWindowInfo, GetFocus, SetFocus, MapWindowPoints, ScreenToClient, ClientToScreen, GetWindowRect, SetWindowPos, DeleteMenu, GetMenuItemInfoW, SetMenuItemInfoW, CharNextW
> UxTheme.dll: GetThemeBackgroundContentRect, GetThemeBool, GetThemePartSize, DrawThemeParentBackground, OpenThemeData, DrawThemeBackground, GetThemeTextExtent, DrawThemeText, CloseThemeData, SetWindowTheme, GetThemeBackgroundRegion, -, GetThemeMargins, GetThemeColor, GetThemeFont, GetThemeRect, IsAppThemed

( 0 exports )

File wininet.dll received on 02.23.2009 05:38:34 (CET)
Current status: Loading ... queued waiting scanning finished NOT FOUND STOPPED
Result: 0/39 (0%)

Antivirus Version Last Update Result
a-squared 4.0.0.93 2009.02.23 -
AhnLab-V3 2009.2.21.0 2009.02.22 -
AntiVir 7.9.0.87 2009.02.22 -
Authentium 5.1.0.4 2009.02.22 -
Avast 4.8.1335.0 2009.02.22 -
AVG 8.0.0.237 2009.02.22 -
BitDefender 7.2 2009.02.23 -
CAT-QuickHeal 10.00 2009.02.22 -
ClamAV 0.94.1 2009.02.22 -
Comodo 983 2009.02.20 -
DrWeb 4.44.0.09170 2009.02.23 -
eSafe 7.0.17.0 2009.02.19 -
eTrust-Vet 31.6.6368 2009.02.20 -
F-Prot 4.4.4.56 2009.02.22 -
F-Secure 8.0.14470.0 2009.02.23 -
Fortinet 3.117.0.0 2009.02.22 -
GData 19 2009.02.23 -
Ikarus T3.1.1.45.0 2009.02.23 -
K7AntiVirus 7.10.639 2009.02.21 -
Kaspersky 7.0.0.125 2009.02.23 -
McAfee 5533 2009.02.22 -
McAfee+Artemis 5533 2009.02.22 -
Microsoft 1.4306 2009.02.23 -
NOD32 3879 2009.02.23 -
Norman 6.00.06 2009.02.20 -
nProtect 2009.1.8.0 2009.02.23 -
Panda 10.0.0.10 2009.02.22 -
PCTools 4.4.2.0 2009.02.22 -
Prevx1 V2 2009.02.23 -
Rising 21.18.00.00 2009.02.23 -
SecureWeb-Gateway 6.7.6 2009.02.23 -
Sophos 4.39.0 2009.02.23 -
Sunbelt 3.2.1855.2 2009.02.17 -
Symantec 10 2009.02.23 -
TheHacker 6.3.2.4.263 2009.02.21 -
TrendMicro 8.700.0.1004 2009.02.23 -
VBA32 3.12.10.0 2009.02.22 -
ViRobot 2009.2.20.1617 2009.02.20 -
VirusBuster 4.5.11.0 2009.02.22 -
Additional information
File size: 817152 bytes
MD5...: 5044269d9dc59326d8ee54c28acd7003
SHA1..: 9a038d8ef70197da25774b025fdef2ec3fdb41b0
SHA256: 9f309ccaa4eadcebff7a565b3f7445c06bcb6da158ce0dd48b2675bc263ccbb7
SHA512: 37ed91653ea4d8ff56169078084aafc4eea823c8374157aa336e82e0e2368b9e
e109143ae3ad2d9b01ac78c38daebc766ca40376b3210acf09f11abb83e3ef86
ssdeep: 12288:4nczR/PCyeqIJyBV3oY9PUCYJGgqjRb5H3iHRqOknfNVUMMIMMu0pJ:K6P
beRJ+VoECGgW2RqZfNuMMIMMu
PEiD..: -
TrID..: File type identification
Win64 Executable Generic (59.6%)
Win32 Executable MS Visual C++ (generic) (26.2%)
Win32 Executable Generic (5.9%)
Win32 Dynamic Link Library (generic) (5.2%)
Generic Win/DOS Executable (1.3%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x78051784
timedatestamp.....: 0x48f7a64f (Thu Oct 16 20:38:39 2008)
machinetype.......: 0x14c (I386)

( 4 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x9b0b0 0x9b200 6.59 83ed2d06e22f87f9217e6abeb235739b
.data 0x9d000 0x7768 0x4000 1.44 618055760f9f20af1449e5b5260366b6
.rsrc 0xa5000 0x228d4 0x22a00 4.75 1decd00e32534ebc298b01645fa40abd
.reloc 0xc8000 0x5688 0x5800 6.72 0a5a70a6144314cdf406f20a7092cea5

( 8 imports )
> msvcrt.dll: _isatty, _write, _lseeki64, _fileno, __pioinfo, __badioinfo, wctomb, _itoa, _snprintf, _iob, isleadbyte, _onexit, _lock, __dllonexit, _unlock, _adjust_fdiv, _amsg_exit, _initterm, _XcptFilter, islower, __isascii, strtol, memmove, strrchr, atoi, realloc, free, malloc, wcstok, _vsnprintf, memcpy, memset, _vsnwprintf, wcsncmp, bsearch, _wcsnicmp, _wtoi, _wcsicmp, isupper, strncmp, wcsstr, _purecall, _mbstok, iscntrl, ispunct, strtoul, time, iswdigit, isalpha, atol, isalnum, _errno, isspace, strpbrk, isdigit, isxdigit, memchr
> ntdll.dll: RtlConvertSidToUnicodeString, RtlUnwind, RtlMoveMemory
> SHLWAPI.dll: SHRegGetValueW, PathAddBackslashW, -, SHRegGetValueA, StrRChrW, PathRemoveBackslashA, PathRemoveFileSpecA, -, PathRemoveBlanksA, PathAddBackslashA, -, PathAppendA, -, PathUnExpandEnvStringsA, PathRenameExtensionA, SHDeleteKeyA, SHDeleteValueW, StrCmpNIW, StrCmpNIA, StrStrA, -, StrChrW, StrChrA, -, -, UrlCombineW, UrlCanonicalizeW, -, PathCreateFromUrlW, UrlUnescapeA, UrlCombineA, UrlCanonicalizeA, StrToIntW, StrCmpW, StrCmpNA, StrRChrA, StrToIntA, StrStrIW, SHGetValueA, SHSetValueA, SHGetValueW, SHSetValueW, -, -, PathCombineW, PathFindFileNameW, StrStrIA
> ADVAPI32.dll: RegDeleteKeyA, RegCreateKeyExW, RegDeleteValueW, RegSetValueExW, RegQueryValueExW, CryptAcquireContextA, CryptGenRandom, CryptReleaseContext, RegOpenKeyA, RegEnumKeyA, TraceEvent, DuplicateTokenEx, ConvertStringSidToSidA, GetLengthSid, SetTokenInformation, CreateProcessAsUserA, ConvertStringSecurityDescriptorToSecurityDescriptorA, GetSidSubAuthorityCount, GetSidSubAuthority, AllocateAndInitializeSid, CheckTokenMembership, FreeSid, RegDeleteValueA, OpenThreadToken, OpenProcessToken, GetTokenInformation, RegOpenKeyExW, UnregisterTraceGuids, RegisterTraceGuidsA, RegQueryInfoKeyW, GetTraceLoggerHandle, GetTraceEnableLevel, GetTraceEnableFlags, RegCreateKeyExA, RegSetValueExA, RegOpenKeyExA, RegQueryValueExA, RegQueryInfoKeyA, RegEnumKeyExA, RegCloseKey, GetUserNameA, OpenSCManagerA, OpenServiceA, CloseServiceHandle, QueryServiceStatus
> KERNEL32.dll: DosDateTimeToFileTime, GetEnvironmentVariableA, GetShortPathNameA, GetShortPathNameW, FindFirstFileA, RemoveDirectoryA, FindNextFileA, FindClose, GetDiskFreeSpaceExA, CopyFileA, SetFileTime, CreateDirectoryA, GetWindowsDirectoryA, GetSystemDirectoryA, GetPrivateProfileStringA, GetFileAttributesA, SetFileAttributesA, GetFileAttributesExA, FileTimeToDosDateTime, GetFileSizeEx, lstrcmpW, RaiseException, MoveFileExA, MoveFileA, LocalFileTimeToFileTime, CreateSemaphoreA, ReleaseSemaphore, GetCurrentProcessId, GetFileTime, lstrcmpA, GetModuleHandleExA, ResumeThread, FreeLibraryAndExitThread, ExpandEnvironmentStringsA, GetSystemTimeAsFileTime, DeleteFileW, GetACP, InterlockedExchangeAdd, CreateThread, Sleep, OpenMutexA, GetModuleHandleA, FormatMessageA, SetErrorMode, FlushViewOfFile, SystemTimeToFileTime, GetTickCount, TlsFree, TlsGetValue, GetCurrentThreadId, TlsSetValue, TlsAlloc, GetDateFormatA, GetTimeFormatA, GlobalAlloc, InterlockedCompareExchange, GetCurrentThread, GetCurrentProcess, IsDBCSLeadByte, IsValidCodePage, GlobalFree, lstrlenW, DeleteFileA, FormatMessageW, GetSystemTime, WritePrivateProfileStringA, GetVersionExA, GetModuleFileNameA, WriteFile, SetFilePointer, CreateFileW, CreateFileA, GetFileSize, ReadFile, FileTimeToSystemTime, LocalReAlloc, InitializeCriticalSection, InterlockedDecrement, lstrlenA, lstrcmpiA, InterlockedIncrement, DeleteCriticalSection, ResetEvent, LocalFree, ReleaseMutex, CompareStringA, CreateMutexA, CreateEventA, MultiByteToWideChar, WideCharToMultiByte, WaitForSingleObject, OutputDebugStringA, UnmapViewOfFile, SetEndOfFile, MapViewOfFileEx, CreateFileMappingA, OpenFileMappingA, LoadLibraryW, HeapFree, HeapAlloc, GetProcessHeap, GetTimeFormatW, GetDateFormatW, GetUserDefaultLCID, GetModuleFileNameW, GetComputerNameA, LoadResource, FindResourceExW, LocalAlloc, LoadLibraryExW, MapViewOfFile, CreateFileMappingW, GetLocaleInfoW, GetVersionExW, GetSystemDefaultUILanguage, GetUserDefaultUILanguage, FindResourceW, SearchPathW, CreateActCtxW, ReleaseActCtx, ActivateActCtx, DeactivateActCtx, SetFileAttributesW, InitializeCriticalSectionAndSpinCount, WritePrivateProfileStringW, GetFileAttributesW, GetModuleHandleW, GlobalUnlock, GlobalLock, QueryPerformanceCounter, TerminateProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDBCSLeadByteEx, GetProcAddress, LoadLibraryA, FreeLibrary, SetEvent, InterlockedExchange, CloseHandle, GetLastError, SetLastError, EnterCriticalSection, LeaveCriticalSection, CompareStringW
> USER32.dll: CheckDlgButton, SendMessageW, SendMessageA, IsDlgButtonChecked, DefWindowProcA, SetWindowLongA, GetWindowLongA, RegisterClassW, CreateWindowExW, SetTimer, GetWindowTextW, MessageBoxW, CharNextA, GetWindowInfo, CharToOemA, CharUpperA, CharLowerW, IsCharAlphaNumericA, GetWindowThreadProcessId, EnumChildWindows, IsWindowVisible, GetAncestor, EnumWindows, CharNextExA, PostMessageA, IsWindow, SetWindowPos, SetDlgItemTextW, DestroyIcon, SetForegroundWindow, GetWindow, GetWindowRect, EqualRect, IntersectRect, EndDialog, SetFocus, GetDlgItem, SetWindowTextW, EnableWindow, KillTimer, FindWindowW, RegisterWindowMessageW, PostMessageW, DestroyWindow, LoadStringW, DialogBoxParamW, GetDesktopWindow, SendDlgItemMessageA, LoadIconA, LoadImageA, LoadStringA, CharLowerA
> Normaliz.dll: IdnToUnicode, IdnToAscii
> iertutil.dll: -, -, -, -

( 229 exports )
CommitUrlCacheEntryA, CommitUrlCacheEntryW, CreateMD5SSOHash, CreateUrlCacheContainerA, CreateUrlCacheContainerW, CreateUrlCacheEntryA, CreateUrlCacheEntryW, CreateUrlCacheGroup, DeleteIE3Cache, DeleteUrlCacheContainerA, DeleteUrlCacheContainerW, DeleteUrlCacheEntry, DeleteUrlCacheEntryA, DeleteUrlCacheEntryW, DeleteUrlCacheGroup, DetectAutoProxyUrl, DispatchAPICall, DllInstall, FindCloseUrlCache, FindFirstUrlCacheContainerA, FindFirstUrlCacheContainerW, FindFirstUrlCacheEntryA, FindFirstUrlCacheEntryExA, FindFirstUrlCacheEntryExW, FindFirstUrlCacheEntryW, FindFirstUrlCacheGroup, FindNextUrlCacheContainerA, FindNextUrlCacheContainerW, FindNextUrlCacheEntryA, FindNextUrlCacheEntryExA, FindNextUrlCacheEntryExW, FindNextUrlCacheEntryW, FindNextUrlCacheGroup, ForceNexusLookup, ForceNexusLookupExW, FreeUrlCacheSpaceA, FreeUrlCacheSpaceW, FtpCommandA, FtpCommandW, FtpCreateDirectoryA, FtpCreateDirectoryW, FtpDeleteFileA, FtpDeleteFileW, FtpFindFirstFileA, FtpFindFirstFileW, FtpGetCurrentDirectoryA, FtpGetCurrentDirectoryW, FtpGetFileA, FtpGetFileEx, FtpGetFileSize, FtpGetFileW, FtpOpenFileA, FtpOpenFileW, FtpPutFileA, FtpPutFileEx, FtpPutFileW, FtpRemoveDirectoryA, FtpRemoveDirectoryW, FtpRenameFileA, FtpRenameFileW, FtpSetCurrentDirectoryA, FtpSetCurrentDirectoryW, GetUrlCacheConfigInfoA, GetUrlCacheConfigInfoW, GetUrlCacheEntryInfoA, GetUrlCacheEntryInfoExA, GetUrlCacheEntryInfoExW, GetUrlCacheEntryInfoW, GetUrlCacheGroupAttributeA, GetUrlCacheGroupAttributeW, GetUrlCacheHeaderData, GopherCreateLocatorA, GopherCreateLocatorW, GopherFindFirstFileA, GopherFindFirstFileW, GopherGetAttributeA, GopherGetAttributeW, GopherGetLocatorTypeA, GopherGetLocatorTypeW, GopherOpenFileA, GopherOpenFileW, HttpAddRequestHeadersA, HttpAddRequestHeadersW, HttpCheckDavCompliance, HttpEndRequestA, HttpEndRequestW, HttpOpenRequestA, HttpOpenRequestW, HttpQueryInfoA, HttpQueryInfoW, HttpSendRequestA, HttpSendRequestExA, HttpSendRequestExW, HttpSendRequestW, IncrementUrlCacheHeaderData, InternetAlgIdToStringA, InternetAlgIdToStringW, InternetAttemptConnect, InternetAutodial, InternetAutodialCallback, InternetAutodialHangup, InternetCanonicalizeUrlA, InternetCanonicalizeUrlW, InternetCheckConnectionA, InternetCheckConnectionW, InternetClearAllPerSiteCookieDecisions, InternetCloseHandle, InternetCombineUrlA, InternetCombineUrlW, InternetConfirmZoneCrossing, InternetConfirmZoneCrossingA, InternetConfirmZoneCrossingW, InternetConnectA, InternetConnectW, InternetCrackUrlA, InternetCrackUrlW, InternetCreateUrlA, InternetCreateUrlW, InternetDial, InternetDialA, InternetDialW, InternetEnumPerSiteCookieDecisionA, InternetEnumPerSiteCookieDecisionW, InternetErrorDlg, InternetFindNextFileA, InternetFindNextFileW, InternetFortezzaCommand, InternetGetCertByURL, InternetGetCertByURLA, InternetGetConnectedState, InternetGetConnectedStateEx, InternetGetConnectedStateExA, InternetGetConnectedStateExW, InternetGetCookieA, InternetGetCookieExA, InternetGetCookieExW, InternetGetCookieW, InternetGetLastResponseInfoA, InternetGetLastResponseInfoW, InternetGetPerSiteCookieDecisionA, InternetGetPerSiteCookieDecisionW, InternetGetSecurityInfoByURL, InternetGetSecurityInfoByURLA, InternetGetSecurityInfoByURLW, InternetGoOnline, InternetGoOnlineA, InternetGoOnlineW, InternetHangUp, InternetInitializeAutoProxyDll, InternetLockRequestFile, InternetOpenA, InternetOpenUrlA, InternetOpenUrlW, InternetOpenW, InternetQueryDataAvailable, InternetQueryFortezzaStatus, InternetQueryOptionA, InternetQueryOptionW, InternetReadFile, InternetReadFileExA, InternetReadFileExW, InternetSecurityProtocolToStringA, InternetSecurityProtocolToStringW, InternetSetCookieA, InternetSetCookieExA, InternetSetCookieExW, InternetSetCookieW, InternetSetDialState, InternetSetDialStateA, InternetSetDialStateW, InternetSetFilePointer, InternetSetOptionA, InternetSetOptionExA, InternetSetOptionExW, InternetSetOptionW, InternetSetPerSiteCookieDecisionA, InternetSetPerSiteCookieDecisionW, InternetSetStatusCallback, InternetSetStatusCallbackA, InternetSetStatusCallbackW, InternetShowSecurityInfoByURL, InternetShowSecurityInfoByURLA, InternetShowSecurityInfoByURLW, InternetTimeFromSystemTime, InternetTimeFromSystemTimeA, InternetTimeFromSystemTimeW, InternetTimeToSystemTime, InternetTimeToSystemTimeA, InternetTimeToSystemTimeW, InternetUnlockRequestFile, InternetWriteFile, InternetWriteFileExA, InternetWriteFileExW, IsHostInProxyBypassList, IsUrlCacheEntryExpiredA, IsUrlCacheEntryExpiredW, LoadUrlCacheContent, ParseX509EncodedCertificateForListBoxEntry, PrivacyGetZonePreferenceW, PrivacySetZonePreferenceW, ReadUrlCacheEntryStream, RegisterUrlCacheNotification, ResumeSuspendedDownload, RetrieveUrlCacheEntryFileA, RetrieveUrlCacheEntryFileW, RetrieveUrlCacheEntryStreamA, RetrieveUrlCacheEntryStreamW, RunOnceUrlCache, SetUrlCacheConfigInfoA, SetUrlCacheConfigInfoW, SetUrlCacheEntryGroup, SetUrlCacheEntryGroupA, SetUrlCacheEntryGroupW, SetUrlCacheEntryInfoA, SetUrlCacheEntryInfoW, SetUrlCacheGroupAttributeA, SetUrlCacheGroupAttributeW, SetUrlCacheHeaderData, ShowCertificate, ShowClientAuthCerts, ShowSecurityInfo, ShowX509EncodedCertificate, UnlockUrlCacheEntryFile, UnlockUrlCacheEntryFileA, UnlockUrlCacheEntryFileW, UnlockUrlCacheEntryStream, UpdateUrlCacheContentPath, UrlZonesDetach, _GetFileExtensionFromUrl
packers (Kaspersky): PE_Patch

-----------\\ ToolBar S&D 1.2.8 XP/Vista

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3
X86-based PC ( Multiprocessor Free : AMD Athlon(tm) 64 X2 Dual Core Processor 4200+ )
BIOS : Phoenix - AwardBIOS v6.00PG
USER : Samuel ( Administrator )
BOOT : Normal boot
Antivirus : Kaspersky Anti-Virus 8.0.0.506 (Not Activated)
C:\ (Local Disk) - NTFS - Total:24 Go (Free:12 Go)
D:\ (CD or DVD)
E:\ (CD or DVD)
F:\ (USB)
G:\ (USB)
H:\ (USB)
I:\ (USB)
K:\ (Local Disk) - NTFS - Total:24 Go (Free:17 Go)
L:\ (Local Disk) - NTFS - Total:249 Go (Free:249 Go)
Z:\ (Local Disk) - NTFS - Total:698 Go (Free:284 Go)

"C:\ToolBar SD" ( MAJ : 21-12-2008|20:47 )
Option : [1] ( Sun 02/22/2009|23:43 )

-----------\\ Searching for Files - Folders ...

C:\DOCUME~1\Samuel\Cookies\samuel@alot[1].txt
C:\DOCUME~1\Samuel\Cookies\samuel@h.alot[1].txt
C:\DOCUME~1\Samuel\Cookies\samuel@try.alot[1].txt

-----------\\ Extensions

(Children) - {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} => adblockplus

(Samuel) - {4BBDD651-70CF-4821-84F8-2B918CF89CA3} => febe
(Samuel) - {582195F5-92E7-40a0-A127-DB71295901D7} => gmanager
(Samuel) - {6E1A2A2E-AE2A-4A26-A812-46F54288379E} => fullflat
(Samuel) - {888d99e7-e8b5-46a3-851e-1ec45da1e644} => reloadevery
(Samuel) - {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} => adblockplus
(Samuel) - {d33c2f7c-b1e6-4d46-ab0e-be1f6d05c904} => tinymenu
(Samuel) - {d650973c-0444-4ac7-9d00-19e3613c83b9} => chrome

-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Url"="http://go.microsoft.com/fwlink/?LinkId=68928"
"Url"="http://go.microsoft.com/fwlink/?LinkId=68929"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

--------------------\\ Searching for other infections

No other infections found !

1 - "C:\ToolBar SD\TB_1.txt" - Sun 02/22/2009|12:40 - Option : [1]
2 - "C:\ToolBar SD\TB_2.txt" - Sun 02/22/2009|12:42 - Option : [1]
3 - "C:\ToolBar SD\TB_3.txt" - Sun 02/22/2009|23:44 - Option : [1]

-----------\\ Scan completed at 23:44:14.00

tetonbob · 02-22-2009, 09:55 PM

Seems to be ok.

Cracked (Illegal) Software

Quote:

"Z:\PROGRAMS\FruityLoops Studio 8.0 XXL Edition\flstudio_8.0_install.exe"
"Z:\PROGRAMS\Permanent Programs\Fruity Loops Studio 8.0.0 XXL Producer Edition FINAL + Working CRACK! "

This is quite likely the main reason your computer is infected. Visiting cracksites/warezsites - and other questionable/illegal sites is always a risk.

Even a single click on the site can drop multiple forms of very serious malware, many of which disable your onboard protection, and System Restore. Don't think: "I have a good Antivirus and Firewall installed, they will protect me" - because that's not true... and even before you know it, your Antivirus and Firewall may become disabled by the malware which has now found its way on your system.

If you install the cracked software, you are running executable files from these dubious, unknown sources. You are in effect giving these sources access to information on your hard disk, and potential control over the operation of your computer.

Additionally, cracked programs are illegal.

Referring to the Forum Rules which you should have read at the time of Registering at this forum, TSF does not support illegal activity. Before posting for help, we ask that you uninstall any such applications, as indicated in this sticky topic.

As such, be advised that any request for assistance in removing malware may go unanswered, or may be discontinued, if the cracked (illegal) software is still present on the machine. Any future requests for help may be ignored.

Uninstall these illegal softwares now.

Panda has also found cookies.

Cookies are nothing to be worried about. They get installed on your computer everytime you visit any webpage. Now some of those are good cookies that get installed for ease of use for next time you visit the same page, but some cookies are spyware used for tracking users surfing habits.

Most of those cookies are third party cookies that can be blocked:

In Firefox go to Tools > Options > Privacy > Cookies

Click Exceptions, identify the site you want to block, and click on Block.

In IE go to Tools > Internet Options > Privacy and click on Advanced in the Privacy tab

Now put a check next to "Override automatic cookie handling"

Set first party cookies to Accept and third party cookies to Block

Also put a check to "Always allow session cookies" OK your way out.

This won't prevent all bad cookies from being installed, but will reduce the amount.

Also there is another program you can use.

Spywareblaster Prevents the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted software. Blocks spyware/tracking cookies in Internet Explorer and Mozilla/Firefox. Restricts the actions of potentially unwanted sites in Internet Explorer.

You can read more about cookies at the Cookie Concept

You can tidy up with this tool:

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only

Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.

If you use Firefox browser

Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use Opera browser

Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

---------------------------------------------------------------------------------------------

Other than that....

The other items Panda found are in ComboFix quarantine, and will be addressed by uninstalling ComboFix as instructed below

Other than that....

Your logs appear clean.You should be good to go. We still have a few items to address.

Go to

-> Run -> copy/paste in the following single line command & click OK

combofix /u

This will uninstall ComboFix. It will also implement some cleanup procedures and reset System Restore points.

Now that your system is clean, to help protect your computer in the future I recommend that you follow these steps and look into the following free programs:

Microsoft Windows Update - http://www.windowsupdate.com
Visit regularly. This will ensure your computer always has the latest security updates. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
SpywareBlaster to help prevent spyware from installing in the first place.
- Install & update SpywareBlaster with the latest definitions.
  After you have updated, click the button - enable protection for all unprotected items
McAfee Site Advisor--free version. The folks there check out websites and based on their findings, rate it as Safe, Unknown, Caution, or Bad.
Winpatrol

Winpatrol is heuristic protection program, meaning it looks for patterns in codes that work like malware. It also takes a snapshot of your system's critical resources and alerts you to any changes that may occur without you knowing. You can read more about Winpatrol's features here.

You can get a free copy of Winpatrol or use the Plus version for more features.

You can read Winpatrol's FAQ if you run into problems.
MVPS HOST FILE
The MVPS Hosts file replaces your current HOSTS file with one that will restrict known ad sites form serving you unsolicited advertisements. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is the IP of your local computer.
- Download Host.zip to your desktop.
- From your Desktop right-click (hosts.zip) and select:
  Extract All from the menu.
- Click Next, click Next, select the option:
  "Show Extracted files", click Finish
- This will open the newly created hosts folder on your Desktop.
- Double-click on the included mvps.bat file, this will rename the existing HOSTS file to HOSTS.MVP, then it will copy the included updated HOSTS file to the correct location on your machine.
- Once updated you should see another prompt that the task was completed.
ANTIVIRUS SOFTWARE
It is very important that you have anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future. It is imperative that you update your antivirus software at least once a week (even more if you wish). If you do not update your antivirus software then it will not be able to catch new malware that may have come out.

Do not install more than one AntiVirus program because they will conflict with each other.
Scan here http://secunia.com/software_inspector/ for out of date & vulnerable common applications on your computer
http://www.trillian.cc ? Trillian or http://www.miranda-im.com ? Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
http://www.aumha.org/downloads/erunt-setup.exe - ERUNT - A useful freeware utility for users of Windows 2000/XP//Vista. It's made up of two parts - ERUNT & NTREGOPT.

ERUNT will create daily complete backups of your computer's Registry. Whilst System Restore does the same thing, a corrupt registry file may prevent Windows from booting & this effectively renders disables System Restore. With ERUNT, you're able to restore the damaged Registry.

NTREGOPT works by recreating each registry hive "from scratch", thus removing any slack space that may be left from previously modified or deleted keys. In other words, it compacts the Registry to a small size which allows Windows to load & perform faster.

In light of your recent troubles, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles

Please respond to this thread one more time so we can mark this thread as resolved.

Zanevalon · 02-22-2009, 10:28 PM

Thank you for all your help. following your advice the illegal software has been deleted and I've installed the free software you suggested to monitor my system as well as prevent any more attacks. Hopefully this will keep my system clean. Thank you sir.

tetonbob · 02-22-2009, 10:32 PM

I'm glad to help, and hopefully educate and help prevent a repeat visit to this section of the forum. Please do visit the rest of the forum as much as you like!

Surf Safely, and Think Prevention! Prevention begins at the keyboard.

Since this issue is resolved, this topic will be archived.

02-22-2009, 10:09 AM	#2 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,523 OS: 2000 Pro; XP Pro; XP Home	Re: HELP: Popups in both IE and Firefox Disable resident protections (Antivirus...); re-enable them after the scan Download ToolBar S&D < here Double-click ToolBar S&D.exe Choose the language, then choose Option 1 (Search) Wait till the end of the scan Post the log which was created: (%SystemDrive%\TB.txt) __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009

02-22-2009, 10:43 AM	#3 (permalink)
Zanevalon Registered User Join Date: Mar 2005 Location: Bronx, NY Posts: 21 OS: XP, 7	Re: HELP: Popups in both IE and Firefox -----------\\ ToolBar S&D 1.2.8 XP/Vista Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3 X86-based PC ( Multiprocessor Free : AMD Athlon(tm) 64 X2 Dual Core Processor 4200+ ) BIOS : Phoenix - AwardBIOS v6.00PG USER : Samuel ( Not Administrator ! ) BOOT : Normal boot Antivirus : Kaspersky Anti-Virus 8.0.0.506 (Not Activated) C:\ (Local Disk) - NTFS - Total:24 Go (Free:8 Go) D:\ (CD or DVD) E:\ (CD or DVD) F:\ (USB) G:\ (USB) H:\ (USB) I:\ (USB) K:\ (Local Disk) - NTFS - Total:24 Go (Free:17 Go) L:\ (Local Disk) - NTFS - Total:249 Go (Free:249 Go) Z:\ (Local Disk) - NTFS - Total:698 Go (Free:288 Go) "C:\ToolBar SD" ( MAJ : 21-12-2008\|20:47 ) Option : [1] ( Sun 02/22/2009\|12:42 ) -----------\\ Searching for Files - Folders ... C:\DOCUME~1\Samuel\Cookies\samuel@alot[1].txt C:\DOCUME~1\Samuel\Cookies\samuel@h.alot[1].txt C:\DOCUME~1\Samuel\Cookies\samuel@try.alot[1].txt -----------\\ Extensions (Children) - {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} => adblockplus (Samuel) - {4BBDD651-70CF-4821-84F8-2B918CF89CA3} => febe (Samuel) - {582195F5-92E7-40a0-A127-DB71295901D7} => gmanager (Samuel) - {6E1A2A2E-AE2A-4A26-A812-46F54288379E} => fullflat (Samuel) - {888d99e7-e8b5-46a3-851e-1ec45da1e644} => reloadevery (Samuel) - {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} => adblockplus (Samuel) - {d33c2f7c-b1e6-4d46-ab0e-be1f6d05c904} => tinymenu (Samuel) - {d650973c-0444-4ac7-9d00-19e3613c83b9} => chrome -----------\\ [..\Internet Explorer\Main] [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Local Page"="C:\\WINDOWS\\system32\\blank.htm" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" "Url"="http://go.microsoft.com/fwlink/?LinkId=68928" "Url"="http://go.microsoft.com/fwlink/?LinkId=68929" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157" "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896" "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896" "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" --------------------\\ Searching for other infections No other infections found ! 1 - "C:\ToolBar SD\TB_1.txt" - Sun 02/22/2009\|12:40 - Option : [1] 2 - "C:\ToolBar SD\TB_2.txt" - Sun 02/22/2009\|12:42 - Option : [1] -----------\\ Scan completed at 12:42:58.39

02-22-2009, 01:12 PM	#4 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,523 OS: 2000 Pro; XP Pro; XP Home	Re: HELP: Popups in both IE and Firefox Before beginning the fix, read this post completely. If there's anything that you do not understand, kindly ask your questions before proceeding. It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence. --------------------------------------------------------------------------------------------- Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate. Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete. Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper at this forum. --------------------------------------------------------------------------------------------- Please visit this webpage for download links, and instructions for running combofix: http://www.bleepingcomputer.com/comb...o-use-combofix * Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Please include the C:\ComboFix.txt in your next reply for further review. __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009

02-22-2009, 04:17 PM	#5 (permalink)
Zanevalon Registered User Join Date: Mar 2005 Location: Bronx, NY Posts: 21 OS: XP, 7	Re: HELP: Popups in both IE and Firefox ComboFix 09-02-21.01 - Samuel 2009-02-22 18:09:07.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.894.568 [GMT -5:00] Running from: c:\documents and settings\Samuel\Desktop\ComboFix.exe AV: Kaspersky Anti-Virus On-access scanning disabled (Updated) * Created a new restore point . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\docume~1\Samuel\LOCALS~1\Temp\install_flash_player.exe c:\documents and settings\Children\Local Settings\Temporary Internet Files\CPV.stt c:\documents and settings\Diane\Local Settings\Temporary Internet Files\CPV.stt c:\documents and settings\LocalService\Application Data\NetMon c:\documents and settings\LocalService\Application Data\NetMon\domains.txt c:\documents and settings\LocalService\Application Data\NetMon\log.txt c:\documents and settings\Samuel\Application Data\GetModule c:\documents and settings\Samuel\Application Data\GetModule\dicik.gz c:\documents and settings\Samuel\Application Data\GetModule\kwdik.gz c:\documents and settings\Samuel\Application Data\GetModule\ofadik.gz c:\documents and settings\Samuel\Application Data\inst.exe c:\documents and settings\Samuel\Application Data\twain\Twain.exe c:\documents and settings\Samuel\Local Settings\Temporary Internet Files\bestwiner.stt c:\documents and settings\Samuel\Local Settings\Temporary Internet Files\CPV.stt c:\documents and settings\Samuel\Local Settings\Temporary Internet Files\fbk.sts c:\program files\GetModule c:\program files\GetModule\GetModule37.exe c:\program files\GetPack c:\program files\GetPack\dictame.gz c:\program files\GetPack\GetPack30.exe c:\program files\GetPack\trgtame.gz c:\program files\iCheck c:\program files\iCheck\Uninstall.exe c:\program files\Mjcore c:\program files\VnrPack c:\program files\VnrPack\dicts.gz c:\program files\VnrPack\trgts.gz c:\program files\VnrPack\Uninstall.exe c:\program files\VnrPack\VnrPack25.exe c:\windows\system32\AutoRun.inf . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_NETWORK_MONITOR -------\Service_Network Monitor ((((((((((((((((((((((((( Files Created from 2009-01-22 to 2009-02-22 ))))))))))))))))))))))))))))))) . 2009-02-22 18:11 . 2009-02-22 18:11 <DIR> d-------- c:\windows\system32\xircom 2009-02-22 18:11 . 2009-02-22 18:11 <DIR> d-------- c:\program files\microsoft frontpage 2009-02-22 12:39 . 2009-02-22 12:42 <DIR> d-------- C:\ToolBar SD 2009-02-20 12:41 . 2009-02-20 12:41 250 --a------ c:\windows\gmer.ini 2009-02-20 12:26 . 2009-02-20 12:26 <DIR> d-------- c:\program files\DebroPack 2009-02-17 00:39 . 2009-02-17 00:49 101,287 --a------ c:\windows\system32\drivers\klin.dat 2009-02-17 00:39 . 2009-02-17 00:49 89,601 --a------ c:\windows\system32\drivers\klick.dat 2009-02-17 00:38 . 2009-02-17 00:38 <DIR> d-------- c:\program files\Kaspersky Lab 2009-02-17 00:38 . 2009-02-22 15:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab 2009-02-17 00:38 . 2009-02-22 18:11 4,189,728 --ahs---- c:\windows\system32\drivers\fidbox.dat 2009-02-17 00:38 . 2009-02-22 18:11 319,520 --ahs---- c:\windows\system32\drivers\fidbox2.dat 2009-02-17 00:38 . 2009-02-22 18:11 36,956 --ahs---- c:\windows\system32\drivers\fidbox.idx 2009-02-17 00:38 . 2009-02-22 18:11 3,220 --ahs---- c:\windows\system32\drivers\fidbox2.idx 2009-02-17 00:37 . 2009-02-17 00:37 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files 2009-02-16 16:55 . 2009-02-16 16:55 <DIR> d-------- c:\program files\Lavasoft 2009-02-16 16:55 . 2009-02-16 17:14 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft 2009-02-16 16:54 . 2009-02-16 16:54 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard 2009-02-15 17:56 . 2009-02-15 17:56 <DIR> d-------- c:\documents and settings\Samuel\Application Data\dvdcss 2009-02-12 21:46 . 2009-02-12 21:47 <DIR> d-------- c:\documents and settings\Samuel\Application Data\Juce VST Host 2009-02-11 00:19 . 2009-02-21 02:06 69 --a------ c:\windows\NeroDigital.ini 2009-02-10 23:26 . 2009-02-10 23:27 <DIR> d-------- c:\documents and settings\Samuel\.housecall6.6 2009-02-10 23:24 . 2009-02-10 23:24 <DIR> d-------- c:\program files\Java 2009-02-10 23:24 . 2009-02-10 23:24 73,728 --a------ c:\windows\system32\javacpl.cpl 2009-02-10 23:20 . 2009-02-10 23:20 <DIR> d-------- c:\windows\Sun 2009-02-10 20:33 . 2009-02-17 16:55 <DIR> d-------- c:\documents and settings\Children\Application Data\Ahead 2009-02-09 00:02 . 2009-02-16 14:58 <DIR> d-------- c:\documents and settings\Samuel\Application Data\Ahead 2009-02-09 00:02 . 2009-02-09 00:02 <DIR> d-------- c:\documents and settings\All Users\Application Data\Ahead 2009-02-08 23:58 . 2009-02-08 23:58 <DIR> d-------- c:\program files\Nero 2009-02-08 23:58 . 2009-02-09 00:01 <DIR> d-------- c:\program files\Common Files\Ahead 2009-02-08 23:58 . 2009-02-08 23:58 <DIR> d-------- c:\documents and settings\All Users\Application Data\Nero 2009-02-08 23:28 . 2009-02-08 23:28 <DIR> d-------- c:\program files\DVD Shrink 2009-02-08 23:28 . 2009-02-08 23:32 <DIR> d-------- c:\documents and settings\All Users\Application Data\DVD Shrink 2009-02-08 23:05 . 2009-02-08 23:05 <DIR> d-------- c:\program files\DVD Decrypter 2009-02-08 20:26 . 2009-02-16 18:57 <DIR> d-------- c:\documents and settings\Samuel\Application Data\LimeWire 2009-02-08 20:26 . 2009-02-10 23:24 410,984 --a------ c:\windows\system32\deploytk.dll 2009-02-08 20:24 . 2009-02-08 20:26 <DIR> d-------- c:\program files\LimeWire 2009-02-08 14:29 . 2008-03-03 14:25 5,702 --ah----- c:\windows\nod32restoretemdono.reg 2009-02-08 14:29 . 2008-03-03 18:21 568 --ah----- c:\windows\nod32fixtemdono.reg 2009-02-08 14:28 . 2009-02-08 14:28 <DIR> d-------- c:\program files\ESET 2009-02-08 14:28 . 2009-02-08 14:28 <DIR> d-------- c:\documents and settings\All Users\Application Data\ESET 2009-02-07 23:54 . 2009-02-08 20:21 <DIR> d--hs---- c:\windows\U3RldmVuIFNhbXVlbA 2009-02-07 23:49 . 2009-02-07 23:49 <DIR> d-------- c:\windows\rrqf 2009-02-07 23:49 . 2009-02-08 14:41 <DIR> d-------- c:\program files\Common Files\rrqf 2009-02-07 23:33 . 2009-02-22 18:09 <DIR> d-------- c:\documents and settings\Samuel\Application Data\Twain 2009-02-07 23:28 . 2009-02-07 23:28 <DIR> d-------- c:\program files\WebShow 2009-02-06 23:22 . 2009-02-06 23:22 <DIR> d-------- c:\program files\VstPlugins 2009-02-06 23:22 . 2009-02-06 23:22 <DIR> d-------- c:\program files\ASIO4ALL v2 2009-02-06 23:22 . 2002-07-07 17:14 1,294,336 --a------ c:\windows\system32\vorbis.acm 2009-02-06 23:22 . 2006-06-20 03:56 225,280 --a------ c:\windows\system32\rewire.dll 2009-02-06 23:21 . 2009-02-06 23:21 <DIR> d-------- c:\program files\Outsim 2009-02-06 23:20 . 2009-02-06 23:22 <DIR> d-------- c:\program files\Image-Line 2009-02-06 23:20 . 2009-02-08 17:53 <DIR> d-------- c:\documents and settings\Samuel\Application Data\cogad 2009-02-05 23:01 . 2009-02-05 23:01 <DIR> d-------- c:\documents and settings\Samuel\Application Data\HP 2009-01-26 16:20 . 2009-01-26 16:20 <DIR> d-------- c:\documents and settings\Diane\Application Data\HPAppData 2009-01-24 20:15 . 2009-01-24 20:15 <DIR> d-------- c:\documents and settings\Children\Application Data\HPAppData 2009-01-24 19:11 . 2009-01-24 19:11 <DIR> d-------- c:\program files\Audacity 1.3 Beta (Unicode) 2009-01-24 19:11 . 2009-02-16 16:22 <DIR> d-------- c:\documents and settings\Samuel\Application Data\Audacity 2009-01-24 01:29 . 2009-01-24 01:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\vsosdk 2009-01-24 00:59 . 2009-01-24 00:59 <DIR> d-------- c:\documents and settings\All Users\Application Data\WEBREG 2009-01-23 22:36 . 2009-01-23 22:36 <DIR> d-------- c:\documents and settings\Samuel\Application Data\HPAppData 2009-01-23 22:36 . 2009-01-23 22:36 <DIR> d-------- c:\documents and settings\All Users\Application Data\HPSSUPPLY 2009-01-23 22:35 . 2009-01-23 22:35 <DIR> d-------- c:\program files\Common Files\HP 2009-01-23 22:35 . 2009-01-23 22:35 <DIR> d-------- c:\documents and settings\All Users\Application Data\HP Product Assistant 2009-01-23 22:35 . 2009-01-23 22:35 <DIR> d-------- c:\documents and settings\All Users\Application Data\HP 2009-01-23 22:34 . 2009-01-23 22:34 <DIR> d-------- c:\program files\Common Files\Hewlett-Packard 2009-01-23 22:34 . 2009-01-23 22:34 <DIR> d-------- c:\documents and settings\All Users\Application Data\Hewlett-Packard 2009-01-23 22:34 . 2007-03-28 14:01 118,272 --a------ c:\windows\system32\hpz3l5ha.dll 2009-01-23 22:34 . 2008-04-14 00:15 15,104 --a------ c:\windows\system32\drivers\usbscan.sys 2009-01-23 22:33 . 2009-01-23 22:36 <DIR> d-------- c:\program files\HP 2009-01-23 22:33 . 2007-03-17 15:39 958,464 --a------ c:\windows\system32\hpotiop4.dll 2009-01-23 22:33 . 2007-03-17 15:39 675,840 --a------ c:\windows\system32\hpowiax4.dll 2009-01-23 22:33 . 2007-03-08 14:20 364,544 --a------ c:\windows\system32\hppldcoi.dll 2009-01-23 22:33 . 2007-03-08 14:20 309,760 --a------ c:\windows\system32\difxapi.dll 2009-01-23 22:33 . 2007-03-17 15:39 303,104 --a------ c:\windows\system32\hpovst11.dll 2009-01-23 22:33 . 2007-03-31 00:29 267,864 --a------ c:\windows\system32\hpzids01.dll 2009-01-23 22:33 . 2007-03-08 14:20 49,920 --a------ c:\windows\system32\drivers\HPZid412.sys 2009-01-23 22:33 . 2007-03-08 14:20 21,568 --a------ c:\windows\system32\drivers\HPZius12.sys 2009-01-23 22:33 . 2007-03-08 14:20 16,496 --a------ c:\windows\system32\drivers\HPZipr12.sys 2009-01-23 22:31 . 2009-01-23 22:37 139,671 --a------ c:\windows\hpoins15.dat 2009-01-23 22:31 . 2007-09-21 07:46 1,039 --------- c:\windows\hpomdl15.dat 2009-01-23 22:03 . 2009-01-23 22:03 <DIR> d-------- c:\documents and settings\All Users\Application Data\Office Genuine Advantage 2009-01-23 17:40 . 2009-01-23 17:40 <DIR> d-------- c:\documents and settings\Children\Application Data\Apple Computer . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-22 23:04 --------- d-----w c:\documents and settings\Samuel\Application Data\uTorrent 2009-02-22 17:37 --------- d-----w c:\documents and settings\Samuel\Application Data\Vso 2009-02-19 04:13 --------- d-----w c:\documents and settings\Children\Application Data\uTorrent 2009-02-17 05:49 33,808 ----a-w c:\windows\system32\drivers\klbg.sys 2009-02-05 03:26 --------- d-----w c:\documents and settings\Samuel\Application Data\Apple Computer 2009-01-18 19:45 --------- d-----w c:\documents and settings\Guest\Application Data\uTorrent 2009-01-18 15:01 --------- d-----w c:\documents and settings\Guest\Application Data\Apple Computer 2009-01-17 23:53 --------- d-----w c:\documents and settings\Guest\Application Data\vlc 2009-01-16 18:13 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help 2009-01-16 18:12 --------- d-----w c:\program files\Microsoft Works 2009-01-16 05:01 --------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet 2009-01-16 04:59 --------- d-----w c:\program files\Common Files\Adobe 2009-01-16 04:57 47,360 ----a-w c:\windows\system32\drivers\pcouffin.sys 2009-01-16 04:57 47,360 ----a-w c:\documents and settings\Samuel\Application Data\pcouffin.sys 2009-01-16 04:57 --------- d-----w c:\program files\VSO 2009-01-16 04:53 --------- d-----w c:\program files\Common Files\Macrovision Shared 2009-01-16 04:42 6,116 ----a-w c:\windows\BricoPackFoldersDelete.cmd 2009-01-16 04:42 52,477 ----a-w c:\windows\BricoPackUninst.cmd 2009-01-16 04:42 218,624 ----a-w c:\windows\system32\uxtheme.dll 2009-01-16 04:16 --------- d-----w c:\program files\uTorrent 2009-01-15 23:37 --------- d-----w c:\documents and settings\Children\Application Data\vlc 2009-01-15 21:10 --------- d-----w c:\documents and settings\Samuel\Application Data\vlc 2009-01-15 21:09 --------- d-----w c:\program files\XP Codec Pack 2009-01-15 21:08 --------- d-----w c:\program files\VideoLAN 2009-01-15 19:43 --------- d-----w c:\program files\QuickTime 2009-01-15 19:43 --------- d-----w c:\program files\iTunes 2009-01-15 19:43 --------- d-----w c:\program files\iPod 2009-01-15 19:43 --------- d-----w c:\program files\Bonjour 2009-01-15 19:43 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer 2009-01-15 19:43 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2009-01-15 19:42 --------- d-----w c:\program files\Common Files\Apple 2009-01-15 19:42 --------- d-----w c:\program files\Apple Software Update 2009-01-15 19:42 --------- d-----w c:\documents and settings\All Users\Application Data\Apple 2009-01-15 09:42 --------- d-----w c:\program files\CONEXANT 2009-01-15 09:19 --------- d--h--w c:\program files\InstallShield Installation Information 2009-01-15 09:19 --------- d-----w c:\program files\Hewlett-Packard 2009-01-15 09:18 --------- d-----w c:\program files\Common Files\InstallShield 2009-01-15 09:06 --------- d-----w c:\program files\Windows Media Connect 2 2009-01-08 20:12 361,600 ----a-w c:\windows\system32\drivers\tcpip.sys 2009-01-08 20:12 140,288 ----a-w c:\windows\system32\sfc_os.dll 2009-01-08 20:10 603,648 ----a-w c:\windows\system32\wmspdmod.dll 2009-01-08 20:10 4,096 ----a-w c:\windows\system32\wmvdmoe2.dll 2009-01-08 20:10 4,096 ----a-w c:\windows\system32\wmvdmod.dll 2009-01-08 20:10 1,329,152 ----a-w c:\windows\system32\wmspdmoe.dll 2009-01-08 20:09 99,840 ----a-w c:\windows\system32\wmpshell.dll 2009-01-08 20:09 938,496 ----a-w c:\windows\system32\wmnetmgr.dll 2009-01-08 20:09 8,231,936 ----a-w c:\windows\system32\wmploc.dll 2009-01-08 20:09 4,096 ----a-w c:\windows\system32\wmsdmoe2.dll 2009-01-08 20:09 4,096 ----a-w c:\windows\system32\wmsdmod.dll 2009-01-08 20:09 314,880 ----a-w c:\windows\system32\wmpdxm.dll 2009-01-08 20:09 242,688 ----a-w c:\windows\system32\wmpasf.dll 2009-01-08 20:09 227,328 ----a-w c:\windows\system32\wmerror.dll 2009-01-08 20:09 157,184 ----a-w c:\windows\system32\wmidx.dll 2009-01-08 19:41 80,128 ----a-w c:\windows\system32\drivers\parport.sys 2009-01-08 19:38 86,073 ----a-w c:\windows\system32\usrfaxa.dll 2009-01-08 19:23 26,112 ----a-w c:\windows\system32\idndl.dll 2009-01-08 19:23 24,576 ----a-w c:\windows\system32\nlsdl.dll 2009-01-08 19:23 23,552 ----a-w c:\windows\system32\normaliz.dll 2009-01-08 19:23 1,246,720 ----a-w c:\windows\system32\syssetup.dll 2009-01-08 19:22 48,128 ----a-w c:\windows\system32\mshtmler.dll 2009-01-08 19:22 45,568 ----a-w c:\windows\system32\mshta.exe 2009-01-08 19:22 156,160 ----a-w c:\windows\system32\msls31.dll 2009-01-08 19:21 55,296 ----a-w c:\windows\system32\iesetup.dll 2009-01-08 19:21 40,960 ----a-w c:\windows\system32\licmgr10.dll 2009-01-08 19:21 36,352 ----a-w c:\windows\system32\imgutil.dll 2009-01-08 19:20 78,336 ----a-w c:\windows\system32\ieencode.dll 2009-01-08 19:20 71,680 ----a-w c:\windows\system32\admparse.dll 2009-01-08 19:20 17,408 ----a-w c:\windows\system32\corpol.dll 2009-01-08 19:15 96,792 ----a-w c:\windows\system32\basecsp.dll 2009-01-08 19:15 633,344 ----a-w c:\windows\system32\gpprefcl.dll 2009-01-08 19:15 6,144 ----a-w c:\windows\system32\FontReg.exe 2009-01-08 19:15 465,920 ----a-w c:\windows\system32\imapi2fs.dll 2009-01-08 19:15 383,488 ----a-w c:\windows\system32\wzcdlg.dll 2009-01-08 19:15 323,696 ----a-w c:\windows\system32\msdrm.dll 2009-01-08 19:15 317,952 ----a-w c:\windows\system32\imapi2.dll 2009-01-08 19:15 25,600 ----a-w c:\windows\system32\bcsprsrc.dll 2009-01-08 19:15 202,776 ----a-w c:\windows\system32\wuweb.dll 2009-01-08 19:15 151,552 ----a-w c:\windows\system32\ifxcardm.dll 2009-01-08 19:15 133,120 ----a-w c:\windows\system32\axaltocm.dll 2009-01-08 19:13 713,216 ----a-w c:\windows\system32\sxs.dll 2009-01-08 19:13 712,704 ----a-w c:\windows\system32\windowscodecs.dll 2009-01-08 19:13 52,736 ----a-w c:\windows\system32\w32tm.exe 2009-01-08 19:13 430,080 ----a-w c:\windows\system32\vbscript.dll 2009-01-08 19:13 347,648 ----a-w c:\windows\system32\windowscodecsext.dll 2009-01-08 19:13 30,336 ----a-w c:\windows\system32\drivers\usbehci.sys 2009-01-08 19:13 249,856 ----a-w c:\windows\system32\tapisrv.dll 2009-01-08 19:13 225,856 ----a-w c:\windows\system32\drivers\tcpip6.sys 2009-01-08 19:13 175,616 ----a-w c:\windows\system32\w32time.dll 2009-01-08 19:13 17,152 ----a-w c:\windows\system32\drivers\usbohci.sys 2009-01-08 19:13 144,128 ----a-w c:\windows\system32\drivers\usbport.sys 2009-01-08 19:13 123,392 ----a-w c:\windows\system32\umpnpmgr.dll 2009-01-08 19:12 66,048 ----a-w c:\windows\system32\shimeng.dll 2009-01-08 19:12 446,464 ----a-w c:\windows\system32\sqlsrv32.dll 2009-01-08 19:12 333,824 ----a-w c:\windows\system32\drivers\srv.sys 2009-01-08 19:12 247,326 ----a-w c:\windows\system32\strmdll.dll 2009-01-08 19:11 985,088 ----a-w c:\windows\system32\setupapi.dll 2009-01-08 19:11 97,280 ----a-w c:\windows\system32\psbase.dll 2009-01-08 19:11 203,136 ----a-w c:\windows\system32\drivers\RMCast.sys 2009-01-08 19:11 180,224 ----a-w c:\windows\system32\scrobj.dll 2009-01-08 19:11 174,848 ----a-w c:\windows\system32\drivers\rdbss.sys . ------- Sigcheck ------- 2008-10-16 15:24 827904 0d5b75171ff51775b630a431b6c667e8 c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\wininet.dll 2008-10-16 14:38 817152 5044269d9dc59326d8ee54c28acd7003 c:\windows\system32\wininet.dll 2008-10-16 15:38 826368 6741eaf7b7f110e803a6e38f6e5fa6b0 c:\windows\system32\dllcache\wininet.dll 2009-01-08 15:12 361600 5ae1c2695f6523ad98b948f2887d8c5e c:\windows\system32\drivers\tcpip.sys 2009-01-08 14:07 975872 4f6b3a9f4b7c96a8e22a5261773c16b3 c:\windows\explorer.exe 2009-01-08 14:14 66584 2275f45e257d46e6500558b2930cb9a4 c:\windows\system32\wuauclt.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{836A4B93-6F4A-4d61-AD3D-B8225D921F42}] 2009-02-17 15:02 133120 --a------ c:\program files\DebroPack\DebroPack.dll [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360] "RocketDock"="c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [2007-03-18 630784] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-05-09 7311360] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-05-09 86016] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-10 148888] "AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2009-02-17 206088] "nwiz"="nwiz.exe" [2006-05-09 c:\windows\system32\nwiz.exe] "RTHDCPL"="RTHDCPL.EXE" [2007-10-25 c:\windows\RTHDCPL.EXE] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "_nltide_2"="shell32" [X] c:\documents and settings\Samuel\Start Menu\Programs\Startup\ RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-18 630784] UberIcon.lnk - c:\windows\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-05-21 180224] c:\documents and settings\All Users\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.ffds"= ffdshow.ax "msacm.ac3filter"= ac3filter.acm [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 33808] R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-04-30 24592] S2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [2001-08-23 3584] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder 2009-02-19 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] . - - - - ORPHANS REMOVED - - - - HKCU-Run-cogad - c:\documents and settings\Samuel\Application Data\cogad\cogad.exe HKCU-Run-GetPack30 - c:\program files\GetPack\GetPack30.exe HKCU-Run-GetModule37 - c:\program files\GetModule\GetModule37.exe HKCU-Run-VnrPack25 - c:\program files\VnrPack\VnrPack25.exe . ------- Supplementary Scan ------- . uInternet Settings,ProxyOverride = .local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Samuel\Application Data\Mozilla\Firefox\Profiles\nrjvjmhm.default\ . *********************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-22 18:12:19 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . ------------------------ Other Running Processes ------------------------ . c:\program files\Lavasoft\Ad-Aware\aawservice.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\rundll32.exe c:\windows\system32\nvsvc32.exe c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe c:\windows\system32\wscntfy.exe c:\program files\iPod\bin\iPodService.exe . ************************************************************************ . Completion time: 2009-02-22 18:14:04 - machine was rebooted ComboFix-quarantined-files.txt 2009-02-22 23:14:01 Pre-Run: 9,238,798,336 bytes free Post-Run: 11,500,036,096 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe ; ;Warning: Boot.ini is used on Windows XP and earlier operating systems. ;Warning: Use BCDEDIT.exe to modify Windows Vista boot options. ; [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /NOEXECUTE=OPTIN /FASTDETECT 344

02-22-2009, 05:16 PM	#7 (permalink)
Zanevalon Registered User Join Date: Mar 2005 Location: Bronx, NY Posts: 21 OS: XP, 7	Re: HELP: Popups in both IE and Firefox ComboFix 09-02-21.01 - Samuel 2009-02-22 19:11:24.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.894.519 [GMT -5:00] Running from: c:\documents and settings\Samuel\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Samuel\Desktop\CFScript.txt AV: Kaspersky Anti-Virus On-access scanning disabled (Updated) * Created a new restore point FILE :: c:\windows\nod32fixtemdono.reg c:\windows\nod32restoretemdono.reg . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Samuel\Application Data\cogad c:\documents and settings\Samuel\Application Data\Twain c:\program files\Common Files\rrqf c:\program files\Common Files\rrqf\rrqfa.lck c:\program files\Common Files\rrqf\rrqfd\class-barrel c:\program files\Common Files\rrqf\rrqfh c:\program files\Common Files\rrqf\rrqfl.lck c:\program files\Common Files\rrqf\rrqfm.lck c:\program files\DebroPack\DebroPack.dll c:\program files\WebShow c:\program files\webshow\WebShow.dll c:\windows\nod32fixtemdono.reg c:\windows\nod32restoretemdono.reg c:\windows\rrqf c:\windows\rrqf\rrqf.dat c:\windows\rrqf\wu c:\windows\U3RldmVuIFNhbXVlbA . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Service_NOD32FiXTemDono ((((((((((((((((((((((((( Files Created from 2009-01-23 to 2009-02-23 ))))))))))))))))))))))))))))))) . 2009-02-22 18:11 . 2009-02-22 18:11 <DIR> d-------- c:\windows\system32\xircom 2009-02-22 18:11 . 2009-02-22 18:11 <DIR> d-------- c:\program files\microsoft frontpage 2009-02-22 12:39 . 2009-02-22 12:42 <DIR> d-------- C:\ToolBar SD 2009-02-20 12:41 . 2009-02-20 12:41 250 --a------ c:\windows\gmer.ini 2009-02-20 12:26 . 2009-02-22 19:11 <DIR> d-------- c:\program files\DebroPack 2009-02-17 00:39 . 2009-02-17 00:49 101,287 --a------ c:\windows\system32\drivers\klin.dat 2009-02-17 00:39 . 2009-02-17 00:49 89,601 --a------ c:\windows\system32\drivers\klick.dat 2009-02-17 00:38 . 2009-02-17 00:38 <DIR> d-------- c:\program files\Kaspersky Lab 2009-02-17 00:38 . 2009-02-22 15:12 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab 2009-02-17 00:38 . 2009-02-22 19:13 4,189,728 --ahs---- c:\windows\system32\drivers\fidbox.dat 2009-02-17 00:38 . 2009-02-22 19:13 335,904 --ahs---- c:\windows\system32\drivers\fidbox2.dat 2009-02-17 00:38 . 2009-02-22 19:13 36,956 --ahs---- c:\windows\system32\drivers\fidbox.idx 2009-02-17 00:38 . 2009-02-22 19:13 3,276 --ahs---- c:\windows\system32\drivers\fidbox2.idx 2009-02-17 00:37 . 2009-02-17 00:37 <DIR> d-------- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files 2009-02-16 16:55 . 2009-02-16 16:55 <DIR> d-------- c:\program files\Lavasoft 2009-02-16 16:55 . 2009-02-16 17:14 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft 2009-02-16 16:54 . 2009-02-16 16:54 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard 2009-02-15 17:56 . 2009-02-15 17:56 <DIR> d-------- c:\documents and settings\Samuel\Application Data\dvdcss 2009-02-12 21:46 . 2009-02-12 21:47 <DIR> d-------- c:\documents and settings\Samuel\Application Data\Juce VST Host 2009-02-11 00:19 . 2009-02-21 02:06 69 --a------ c:\windows\NeroDigital.ini 2009-02-10 23:26 . 2009-02-10 23:27 <DIR> d-------- c:\documents and settings\Samuel\.housecall6.6 2009-02-10 23:24 . 2009-02-10 23:24 <DIR> d-------- c:\program files\Java 2009-02-10 23:24 . 2009-02-10 23:24 73,728 --a------ c:\windows\system32\javacpl.cpl 2009-02-10 23:20 . 2009-02-10 23:20 <DIR> d-------- c:\windows\Sun 2009-02-10 20:33 . 2009-02-17 16:55 <DIR> d-------- c:\documents and settings\Children\Application Data\Ahead 2009-02-09 00:02 . 2009-02-16 14:58 <DIR> d-------- c:\documents and settings\Samuel\Application Data\Ahead 2009-02-09 00:02 . 2009-02-09 00:02 <DIR> d-------- c:\documents and settings\All Users\Application Data\Ahead 2009-02-08 23:58 . 2009-02-08 23:58 <DIR> d-------- c:\program files\Nero 2009-02-08 23:58 . 2009-02-09 00:01 <DIR> d-------- c:\program files\Common Files\Ahead 2009-02-08 23:58 . 2009-02-08 23:58 <DIR> d-------- c:\documents and settings\All Users\Application Data\Nero 2009-02-08 23:28 . 2009-02-08 23:28 <DIR> d-------- c:\program files\DVD Shrink 2009-02-08 23:28 . 2009-02-08 23:32 <DIR> d-------- c:\documents and settings\All Users\Application Data\DVD Shrink 2009-02-08 23:05 . 2009-02-08 23:05 <DIR> d-------- c:\program files\DVD Decrypter 2009-02-08 20:26 . 2009-02-16 18:57 <DIR> d-------- c:\documents and settings\Samuel\Application Data\LimeWire 2009-02-08 20:26 . 2009-02-10 23:24 410,984 --a------ c:\windows\system32\deploytk.dll 2009-02-08 20:24 . 2009-02-08 20:26 <DIR> d-------- c:\program files\LimeWire 2009-02-08 14:28 . 2009-02-08 14:28 <DIR> d-------- c:\program files\ESET 2009-02-08 14:28 . 2009-02-08 14:28 <DIR> d-------- c:\documents and settings\All Users\Application Data\ESET 2009-02-06 23:22 . 2009-02-06 23:22 <DIR> d-------- c:\program files\VstPlugins 2009-02-06 23:22 . 2009-02-06 23:22 <DIR> d-------- c:\program files\ASIO4ALL v2 2009-02-06 23:22 . 2002-07-07 17:14 1,294,336 --a------ c:\windows\system32\vorbis.acm 2009-02-06 23:22 . 2006-06-20 03:56 225,280 --a------ c:\windows\system32\rewire.dll 2009-02-06 23:21 . 2009-02-06 23:21 <DIR> d-------- c:\program files\Outsim 2009-02-06 23:20 . 2009-02-06 23:22 <DIR> d-------- c:\program files\Image-Line 2009-02-05 23:01 . 2009-02-05 23:01 <DIR> d-------- c:\documents and settings\Samuel\Application Data\HP 2009-01-26 16:20 . 2009-01-26 16:20 <DIR> d-------- c:\documents and settings\Diane\Application Data\HPAppData 2009-01-24 20:15 . 2009-01-24 20:15 <DIR> d-------- c:\documents and settings\Children\Application Data\HPAppData 2009-01-24 19:11 . 2009-01-24 19:11 <DIR> d-------- c:\program files\Audacity 1.3 Beta (Unicode) 2009-01-24 19:11 . 2009-02-16 16:22 <DIR> d-------- c:\documents and settings\Samuel\Application Data\Audacity 2009-01-24 01:29 . 2009-01-24 01:29 <DIR> d-------- c:\documents and settings\All Users\Application Data\vsosdk 2009-01-24 00:59 . 2009-01-24 00:59 <DIR> d-------- c:\documents and settings\All Users\Application Data\WEBREG 2009-01-23 22:36 . 2009-01-23 22:36 <DIR> d-------- c:\documents and settings\Samuel\Application Data\HPAppData 2009-01-23 22:36 . 2009-01-23 22:36 <DIR> d-------- c:\documents and settings\All Users\Application Data\HPSSUPPLY 2009-01-23 22:35 . 2009-01-23 22:35 <DIR> d-------- c:\program files\Common Files\HP 2009-01-23 22:35 . 2009-01-23 22:35 <DIR> d-------- c:\documents and settings\All Users\Application Data\HP Product Assistant 2009-01-23 22:35 . 2009-01-23 22:35 <DIR> d-------- c:\documents and settings\All Users\Application Data\HP 2009-01-23 22:34 . 2009-01-23 22:34 <DIR> d-------- c:\program files\Common Files\Hewlett-Packard 2009-01-23 22:34 . 2009-01-23 22:34 <DIR> d-------- c:\documents and settings\All Users\Application Data\Hewlett-Packard 2009-01-23 22:34 . 2007-03-28 14:01 118,272 --a------ c:\windows\system32\hpz3l5ha.dll 2009-01-23 22:34 . 2008-04-14 00:15 15,104 --a------ c:\windows\system32\drivers\usbscan.sys 2009-01-23 22:33 . 2009-01-23 22:36 <DIR> d-------- c:\program files\HP 2009-01-23 22:33 . 2007-03-17 15:39 958,464 --a------ c:\windows\system32\hpotiop4.dll 2009-01-23 22:33 . 2007-03-17 15:39 675,840 --a------ c:\windows\system32\hpowiax4.dll 2009-01-23 22:33 . 2007-03-08 14:20 364,544 --a------ c:\windows\system32\hppldcoi.dll 2009-01-23 22:33 . 2007-03-08 14:20 309,760 --a------ c:\windows\system32\difxapi.dll 2009-01-23 22:33 . 2007-03-17 15:39 303,104 --a------ c:\windows\system32\hpovst11.dll 2009-01-23 22:33 . 2007-03-31 00:29 267,864 --a------ c:\windows\system32\hpzids01.dll 2009-01-23 22:33 . 2007-03-08 14:20 49,920 --a------ c:\windows\system32\drivers\HPZid412.sys 2009-01-23 22:33 . 2007-03-08 14:20 21,568 --a------ c:\windows\system32\drivers\HPZius12.sys 2009-01-23 22:33 . 2007-03-08 14:20 16,496 --a------ c:\windows\system32\drivers\HPZipr12.sys 2009-01-23 22:31 . 2009-01-23 22:37 139,671 --a------ c:\windows\hpoins15.dat 2009-01-23 22:31 . 2007-09-21 07:46 1,039 --------- c:\windows\hpomdl15.dat 2009-01-23 22:03 . 2009-01-23 22:03 <DIR> d-------- c:\documents and settings\All Users\Application Data\Office Genuine Advantage 2009-01-23 17:40 . 2009-01-23 17:40 <DIR> d-------- c:\documents and settings\Children\Application Data\Apple Computer . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-02-22 23:04 --------- d-----w c:\documents and settings\Samuel\Application Data\uTorrent 2009-02-22 17:37 --------- d-----w c:\documents and settings\Samuel\Application Data\Vso 2009-02-19 04:13 --------- d-----w c:\documents and settings\Children\Application Data\uTorrent 2009-02-17 05:49 33,808 ----a-w c:\windows\system32\drivers\klbg.sys 2009-02-05 03:26 --------- d-----w c:\documents and settings\Samuel\Application Data\Apple Computer 2009-01-18 19:45 --------- d-----w c:\documents and settings\Guest\Application Data\uTorrent 2009-01-18 15:01 --------- d-----w c:\documents and settings\Guest\Application Data\Apple Computer 2009-01-17 23:53 --------- d-----w c:\documents and settings\Guest\Application Data\vlc 2009-01-16 18:13 --------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help 2009-01-16 18:12 --------- d-----w c:\program files\Microsoft Works 2009-01-16 05:01 --------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet 2009-01-16 04:59 --------- d-----w c:\program files\Common Files\Adobe 2009-01-16 04:57 47,360 ----a-w c:\windows\system32\drivers\pcouffin.sys 2009-01-16 04:57 47,360 ----a-w c:\documents and settings\Samuel\Application Data\pcouffin.sys 2009-01-16 04:57 --------- d-----w c:\program files\VSO 2009-01-16 04:53 --------- d-----w c:\program files\Common Files\Macrovision Shared 2009-01-16 04:42 6,116 ----a-w c:\windows\BricoPackFoldersDelete.cmd 2009-01-16 04:42 52,477 ----a-w c:\windows\BricoPackUninst.cmd 2009-01-16 04:42 218,624 ----a-w c:\windows\system32\uxtheme.dll 2009-01-16 04:16 --------- d-----w c:\program files\uTorrent 2009-01-15 23:37 --------- d-----w c:\documents and settings\Children\Application Data\vlc 2009-01-15 21:10 --------- d-----w c:\documents and settings\Samuel\Application Data\vlc 2009-01-15 21:09 --------- d-----w c:\program files\XP Codec Pack 2009-01-15 21:08 --------- d-----w c:\program files\VideoLAN 2009-01-15 19:43 --------- d-----w c:\program files\QuickTime 2009-01-15 19:43 --------- d-----w c:\program files\iTunes 2009-01-15 19:43 --------- d-----w c:\program files\iPod 2009-01-15 19:43 --------- d-----w c:\program files\Bonjour 2009-01-15 19:43 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer 2009-01-15 19:43 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} 2009-01-15 19:42 --------- d-----w c:\program files\Common Files\Apple 2009-01-15 19:42 --------- d-----w c:\program files\Apple Software Update 2009-01-15 19:42 --------- d-----w c:\documents and settings\All Users\Application Data\Apple 2009-01-15 09:42 --------- d-----w c:\program files\CONEXANT 2009-01-15 09:19 --------- d--h--w c:\program files\InstallShield Installation Information 2009-01-15 09:19 --------- d-----w c:\program files\Hewlett-Packard 2009-01-15 09:18 --------- d-----w c:\program files\Common Files\InstallShield 2009-01-15 09:06 --------- d-----w c:\program files\Windows Media Connect 2 2009-01-08 20:12 361,600 ----a-w c:\windows\system32\drivers\tcpip.sys 2009-01-08 20:12 140,288 ----a-w c:\windows\system32\sfc_os.dll 2009-01-08 20:10 603,648 ----a-w c:\windows\system32\wmspdmod.dll 2009-01-08 20:10 4,096 ----a-w c:\windows\system32\wmvdmoe2.dll 2009-01-08 20:10 4,096 ----a-w c:\windows\system32\wmvdmod.dll 2009-01-08 20:10 1,329,152 ----a-w c:\windows\system32\wmspdmoe.dll 2009-01-08 20:09 99,840 ----a-w c:\windows\system32\wmpshell.dll 2009-01-08 20:09 938,496 ----a-w c:\windows\system32\wmnetmgr.dll 2009-01-08 20:09 8,231,936 ----a-w c:\windows\system32\wmploc.dll 2009-01-08 20:09 4,096 ----a-w c:\windows\system32\wmsdmoe2.dll 2009-01-08 20:09 4,096 ----a-w c:\windows\system32\wmsdmod.dll 2009-01-08 20:09 314,880 ----a-w c:\windows\system32\wmpdxm.dll 2009-01-08 20:09 242,688 ----a-w c:\windows\system32\wmpasf.dll 2009-01-08 20:09 227,328 ----a-w c:\windows\system32\wmerror.dll 2009-01-08 20:09 157,184 ----a-w c:\windows\system32\wmidx.dll 2009-01-08 19:41 80,128 ----a-w c:\windows\system32\drivers\parport.sys 2009-01-08 19:38 86,073 ----a-w c:\windows\system32\usrfaxa.dll 2009-01-08 19:23 26,112 ----a-w c:\windows\system32\idndl.dll 2009-01-08 19:23 24,576 ----a-w c:\windows\system32\nlsdl.dll 2009-01-08 19:23 23,552 ----a-w c:\windows\system32\normaliz.dll 2009-01-08 19:23 1,246,720 ----a-w c:\windows\system32\syssetup.dll 2009-01-08 19:22 48,128 ----a-w c:\windows\system32\mshtmler.dll 2009-01-08 19:22 45,568 ----a-w c:\windows\system32\mshta.exe 2009-01-08 19:22 156,160 ----a-w c:\windows\system32\msls31.dll 2009-01-08 19:21 55,296 ----a-w c:\windows\system32\iesetup.dll 2009-01-08 19:21 40,960 ----a-w c:\windows\system32\licmgr10.dll 2009-01-08 19:21 36,352 ----a-w c:\windows\system32\imgutil.dll 2009-01-08 19:20 78,336 ----a-w c:\windows\system32\ieencode.dll 2009-01-08 19:20 71,680 ----a-w c:\windows\system32\admparse.dll 2009-01-08 19:20 17,408 ----a-w c:\windows\system32\corpol.dll 2009-01-08 19:15 96,792 ----a-w c:\windows\system32\basecsp.dll 2009-01-08 19:15 633,344 ----a-w c:\windows\system32\gpprefcl.dll 2009-01-08 19:15 6,144 ----a-w c:\windows\system32\FontReg.exe 2009-01-08 19:15 465,920 ----a-w c:\windows\system32\imapi2fs.dll 2009-01-08 19:15 383,488 ----a-w c:\windows\system32\wzcdlg.dll 2009-01-08 19:15 323,696 ----a-w c:\windows\system32\msdrm.dll 2009-01-08 19:15 317,952 ----a-w c:\windows\system32\imapi2.dll 2009-01-08 19:15 25,600 ----a-w c:\windows\system32\bcsprsrc.dll 2009-01-08 19:15 202,776 ----a-w c:\windows\system32\wuweb.dll 2009-01-08 19:15 151,552 ----a-w c:\windows\system32\ifxcardm.dll 2009-01-08 19:15 133,120 ----a-w c:\windows\system32\axaltocm.dll 2009-01-08 19:13 713,216 ----a-w c:\windows\system32\sxs.dll 2009-01-08 19:13 712,704 ----a-w c:\windows\system32\windowscodecs.dll 2009-01-08 19:13 52,736 ----a-w c:\windows\system32\w32tm.exe 2009-01-08 19:13 430,080 ----a-w c:\windows\system32\vbscript.dll 2009-01-08 19:13 347,648 ----a-w c:\windows\system32\windowscodecsext.dll 2009-01-08 19:13 30,336 ----a-w c:\windows\system32\drivers\usbehci.sys 2009-01-08 19:13 249,856 ----a-w c:\windows\system32\tapisrv.dll 2009-01-08 19:13 225,856 ----a-w c:\windows\system32\drivers\tcpip6.sys 2009-01-08 19:13 175,616 ----a-w c:\windows\system32\w32time.dll 2009-01-08 19:13 17,152 ----a-w c:\windows\system32\drivers\usbohci.sys 2009-01-08 19:13 144,128 ----a-w c:\windows\system32\drivers\usbport.sys 2009-01-08 19:13 123,392 ----a-w c:\windows\system32\umpnpmgr.dll 2009-01-08 19:12 66,048 ----a-w c:\windows\system32\shimeng.dll 2009-01-08 19:12 446,464 ----a-w c:\windows\system32\sqlsrv32.dll 2009-01-08 19:12 333,824 ----a-w c:\windows\system32\drivers\srv.sys 2009-01-08 19:12 247,326 ----a-w c:\windows\system32\strmdll.dll 2009-01-08 19:11 985,088 ----a-w c:\windows\system32\setupapi.dll 2009-01-08 19:11 97,280 ----a-w c:\windows\system32\psbase.dll 2009-01-08 19:11 203,136 ----a-w c:\windows\system32\drivers\RMCast.sys 2009-01-08 19:11 180,224 ----a-w c:\windows\system32\scrobj.dll 2009-01-08 19:11 174,848 ----a-w c:\windows\system32\drivers\rdbss.sys . ------- Sigcheck ------- 2008-10-16 15:24 827904 0d5b75171ff51775b630a431b6c667e8 c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\wininet.dll 2008-10-16 14:38 817152 5044269d9dc59326d8ee54c28acd7003 c:\windows\system32\wininet.dll 2008-10-16 15:38 826368 6741eaf7b7f110e803a6e38f6e5fa6b0 c:\windows\system32\dllcache\wininet.dll 2009-01-08 15:12 361600 5ae1c2695f6523ad98b948f2887d8c5e c:\windows\system32\drivers\tcpip.sys 2009-01-08 14:07 975872 4f6b3a9f4b7c96a8e22a5261773c16b3 c:\windows\explorer.exe 2009-01-08 14:14 66584 2275f45e257d46e6500558b2930cb9a4 c:\windows\system32\wuauclt.exe . ((((((((((((((((((((((((((((( SnapShot@2009-02-22_18.13.31.61 ))))))))))))))))))))))))))))))))))))))))) . + 2009-02-23 00:14:04 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_7c0.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . Note empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360] "RocketDock"="c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe" [2007-03-18 630784] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-05-09 7311360] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-05-09 86016] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-04 413696] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-02-10 148888] "nwiz"="nwiz.exe" [2006-05-09 c:\windows\system32\nwiz.exe] "RTHDCPL"="RTHDCPL.EXE" [2007-10-25 c:\windows\RTHDCPL.EXE] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "_nltide_2"="shell32" [X] c:\documents and settings\Samuel\Start Menu\Programs\Startup\ RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-03-18 630784] UberIcon.lnk - c:\windows\BricoPacks\Vista Inspirat 2\UberIcon\UberIcon Manager.exe [2006-05-21 180224] c:\documents and settings\All Users\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 210520] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.ffds"= ffdshow.ax "msacm.ac3filter"= ac3filter.acm [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "c:\\Program Files\\LimeWire\\LimeWire.exe"= R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2008-01-29 33808] R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2008-04-30 24592] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Contents of the 'Scheduled Tasks' folder 2009-02-19 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34] . - - - - ORPHANS REMOVED - - - - BHO-{836A4B93-6F4A-4d61-AD3D-B8225D921F42} - c:\program files\DebroPack\DebroPack.dll . ------- Supplementary Scan ------- . uInternet Settings,ProxyOverride = .local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000 FF - ProfilePath - c:\documents and settings\Samuel\Application Data\Mozilla\Firefox\Profiles\nrjvjmhm.default\ . *********************************************************************** catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-02-22 19:14:04 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ********************************************************************** . ------------------------ Other Running Processes ------------------------ . c:\program files\Lavasoft\Ad-Aware\aawservice.exe c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\nvsvc32.exe c:\windows\system32\rundll32.exe c:\windows\system32\wscntfy.exe c:\program files\Common Files\Ahead\Lib\NMIndexingService.exe c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe c:\program files\iPod\bin\iPodService.exe . ************************************************************************ . Completion time: 2009-02-22 19:15:46 - machine was rebooted ComboFix-quarantined-files.txt 2009-02-23 00:15:43 ComboFix2.txt 2009-02-22 23:17:18 ComboFix3.txt 2009-02-22 23:14:05 Pre-Run: 13,732,225,024 bytes free Post-Run: 13,719,760,896 bytes free 313

02-22-2009, 05:51 PM	#8 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,523 OS: 2000 Pro; XP Pro; XP Home	Re: HELP: Popups in both IE and Firefox Please go to Start > Run and copy/paste the following, then press Enter: C:\QooBox\ComboFix-quarantined-files.txt Post the contents of the logfile which will open. __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009

02-22-2009, 05:54 PM	#9 (permalink)
Zanevalon Registered User Join Date: Mar 2005 Location: Bronx, NY Posts: 21 OS: XP, 7	Re: HELP: Popups in both IE and Firefox 2009-01-15 23:17:18 A------- 1,851,544 C:\Qoobox\Quarantine\C\DOCUME~1\Samuel\LOCALS~1\Temp\install_flash_player.exe.vir 2009-01-15 23:57:55 A------- 87,608 C:\Qoobox\Quarantine\C\Documents and Settings\Samuel\Application Data\inst.exe.vir 2009-01-23 22:29:15 A------- 505,214 C:\Qoobox\Quarantine\C\WINDOWS\system32\autorun.inf.vir 2009-02-06 23:20:38 A------- 4,095 C:\Qoobox\Quarantine\C\Documents and Settings\Samuel\Local Settings\Temporary Internet Files\fbk.sts.vir 2009-02-07 23:28:52 A------- 105,984 C:\Qoobox\Quarantine\C\Program Files\WebShow\WebShow.dll.vir 2009-02-07 23:33:54 A------- 4,095 C:\Qoobox\Quarantine\C\Documents and Settings\Samuel\Local Settings\Temporary Internet Files\bestwiner.stt.vir 2009-02-07 23:38:56 A------- 4,095 C:\Qoobox\Quarantine\C\Documents and Settings\Samuel\Local Settings\Temporary Internet Files\CPV.stt.vir 2009-02-07 23:44:05 A------- 32,593 C:\Qoobox\Quarantine\C\Program Files\iCheck\Uninstall.exe.vir 2009-02-07 23:44:06 A------- 26 C:\Qoobox\Quarantine\C\Program Files\VnrPack\trgts.gz.vir 2009-02-07 23:44:07 A------- 160,171 C:\Qoobox\Quarantine\C\Program Files\VnrPack\dicts.gz.vir 2009-02-07 23:49:12 A------- 153,088 C:\Qoobox\Quarantine\C\WINDOWS\rrqf\wu.vir 2009-02-07 23:49:12 A------- 4,933,375 C:\Qoobox\Quarantine\C\Program Files\Common Files\rrqf\rrqfd\class-barrel.vir 2009-02-07 23:49:33 A------- 0 C:\Qoobox\Quarantine\C\Program Files\Common Files\rrqf\rrqfa.lck.vir 2009-02-07 23:49:33 A------- 0 C:\Qoobox\Quarantine\C\Program Files\Common Files\rrqf\rrqfm.lck.vir 2009-02-07 23:49:33 A------- 4,425 C:\Qoobox\Quarantine\C\WINDOWS\rrqf\rrqf.dat.vir 2009-02-07 23:50:33 A------- 0 C:\Qoobox\Quarantine\C\Program Files\Common Files\rrqf\rrqfl.lck.vir 2009-02-07 23:54:03 A------- 61 C:\Qoobox\Quarantine\C\Documents and Settings\LocalService\Application Data\NetMon\domains.txt.vir 2009-02-07 23:54:03 A------- 383,400 C:\Qoobox\Quarantine\C\Documents and Settings\LocalService\Application Data\NetMon\log.txt.vir 2009-02-07 23:56:56 A------- 1,536 C:\Qoobox\Quarantine\C\Program Files\Common Files\rrqf\rrqfh.vir 2009-02-08 14:29:27 A------- 568 C:\Qoobox\Quarantine\C\WINDOWS\nod32fixtemdono.reg.vir 2009-02-08 14:29:27 A------- 5,702 C:\Qoobox\Quarantine\C\WINDOWS\nod32restoretemdono.reg.vir 2009-02-08 17:34:34 A------- 4,095 C:\Qoobox\Quarantine\C\Documents and Settings\Children\Local Settings\Temporary Internet Files\CPV.stt.vir 2009-02-13 10:56:38 A------- 350,720 C:\Qoobox\Quarantine\C\Program Files\GetPack\GetPack30.exe.vir 2009-02-13 11:39:28 A------- 341,504 C:\Qoobox\Quarantine\C\Program Files\VnrPack\VnrPack25.exe.vir 2009-02-14 10:07:56 A------- 368,128 C:\Qoobox\Quarantine\C\Program Files\GetModule\GetModule37.exe.vir 2009-02-14 13:17:37 A------- 4,095 C:\Qoobox\Quarantine\C\Documents and Settings\Diane\Local Settings\Temporary Internet Files\CPV.stt.vir 2009-02-15 00:10:15 A------- 8,769 C:\Qoobox\Quarantine\C\Program Files\GetPack\trgtame.gz.vir 2009-02-15 00:10:17 A------- 202,560 C:\Qoobox\Quarantine\C\Program Files\GetPack\dictame.gz.vir 2009-02-17 03:07:21 A------- 61,952 C:\Qoobox\Quarantine\C\Documents and Settings\Samuel\Application Data\Twain\Twain.exe.vir 2009-02-17 15:02:34 A------- 133,120 C:\Qoobox\Quarantine\C\Program Files\DebroPack\DebroPack.dll.vir 2009-02-18 01:00:01 A------- 223 C:\Qoobox\Quarantine\C\Documents and Settings\Samuel\Application Data\GetModule\ofadik.gz.vir 2009-02-18 01:00:01 A------- 44,617 C:\Qoobox\Quarantine\C\Documents and Settings\Samuel\Application Data\GetModule\kwdik.gz.vir 2009-02-18 21:14:00 A------- 202,560 C:\Qoobox\Quarantine\C\Documents and Settings\Samuel\Application Data\GetModule\dicik.gz.vir 2009-02-21 12:27:18 A------- 32,576 C:\Qoobox\Quarantine\C\Program Files\VnrPack\Uninstall.exe.vir 2009-02-22 18:07:29 A------- 174 C:\Qoobox\Quarantine\catchme.log 2009-02-22 18:10:04 A------- 5,922 C:\Qoobox\Quarantine\Registry_backups\tcpip.reg 2009-02-22 18:10:09 A------- 862 C:\Qoobox\Quarantine\Registry_backups\Legacy_NETWORK_MONITOR.reg.dat 2009-02-22 18:10:09 A------- 2,822 C:\Qoobox\Quarantine\Registry_backups\Service_Network Monitor.reg.dat 2009-02-22 18:13:33 A------- 140 C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-GetPack30.reg.dat 2009-02-22 18:13:33 A------- 140 C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-VnrPack25.reg.dat 2009-02-22 18:13:33 A------- 142 C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-GetModule37.reg.dat 2009-02-22 18:13:33 A------- 238 C:\Qoobox\Quarantine\Registry_backups\HKCU-Run-cogad.reg.dat 2009-02-22 19:11:22 A------- 128,101 C:\Qoobox\Quarantine\[4]-Submit_2009-02-22@19.11.zip 2009-02-22 19:12:12 A------- 3,056 C:\Qoobox\Quarantine\Registry_backups\Service_NOD32FiXTemDono.reg.dat 2009-02-22 19:15:14 A------- 637 C:\Qoobox\Quarantine\Registry_backups\BHO-{836A4B93-6F4A-4d61-AD3D-B8225D921F42}.reg.dat

02-22-2009, 09:08 PM	#12 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,523 OS: 2000 Pro; XP Pro; XP Home	Re: HELP: Popups in both IE and Firefox Sorry about that...it's an older reference. Thanks for thinking on your feet and providing DDS log. I need a bit more information... Please go to: VirusTotal On the page you'll find a "Browse" button. Next to the browse button you'll see a box to enter text. Please copy/paste the following: c:\windows\system32\wuauclt.exe Then click the "Send File " button just below. This will scan the file. Please be patient. If you get a message saying File has already been analyzed: click Reanalyze file now Once scanned, copy and paste the results in your next reply. Please repeat for the following files: c:\windows\explorer.exe c:\windows\system32\wininet.dll Also... Disable resident protections (Antivirus...); re-enable them after the scan Download ToolBar S&D < here Double-click ToolBar S&D.exe Choose the language, then choose Option 1 (Search) Wait till the end of the scan Post the log which was created: (%SystemDrive%\TB.txt) __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009

02-22-2009, 10:28 PM	#15 (permalink)
Zanevalon Registered User Join Date: Mar 2005 Location: Bronx, NY Posts: 21 OS: XP, 7	Re: HELP: Popups in both IE and Firefox Thank you for all your help. following your advice the illegal software has been deleted and I've installed the free software you suggested to monitor my system as well as prevent any more attacks. Hopefully this will keep my system clean. Thank you sir.

02-22-2009, 10:32 PM	#16 (permalink)
tetonbob Manager, Security Center, TSF Academy; Analyst, Security Team Join Date: Jan 2005 Location: Transylvania County, North Carolina, USA Posts: 35,523 OS: 2000 Pro; XP Pro; XP Home	Re: HELP: Popups in both IE and Firefox I'm glad to help, and hopefully educate and help prevent a repeat visit to this section of the forum. Please do visit the rest of the forum as much as you like! Surf Safely, and Think Prevention! Prevention begins at the keyboard. Since this issue is resolved, this topic will be archived. __________________ Practice Safe Surfing PC Safety and Security--What Do I Need? Because what you don't know, CAN hurt you. Proud Member of ASAP since 2005 Proud Member of UNITE since 2006 Microsoft MVP - Consumer Security 2009