Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads
Reload this Page Searh Engine Redirects, and More
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Resolved HJT Threads Resolved spyware and popup issues.

 
Page 1 of 3 1 23
 
LinkBack Thread Tools
Old 07-03-2009, 11:42 AM   #1 (permalink)
Registered User
 
Join Date: Jul 2009
Posts: 22
OS: xp sp3


Searh Engine Redirects, and More
I began getting redirects to questionable sites when using Google or any other search engine for that matter. Then I discovered that Malwarebytes AntiMalware and Spybot S & D were not functioning correctly. System Restore will not work. Several family members have used my computer lately, and I suspect someone has clicked on something they shouldn't have.

AVG found two infections. The virus Win32/Alureon and the trojan horse Generic13.BQEF were detected and quarantined.

DDS ran okay, but every time I tried to run GMER, my computer would shut down and restart with the message that my system has secovered from a serious error. Therefore I was unable to attach a log for GMER.

I would deeply appreciate your help. Thank you.



DDS (Ver_09-06-26.01) - NTFSx86
Run by Ron at 12:26:12.32 on Fri 07/03/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3703.2691 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\UTSCSI.EXE
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\Dit.exe
C:\Program Files\PowerCinema\PCMService.exe
C:\WINDOWS\DitExp.exe
C:\PROGRA~1\Discover\SOAN\SOAN.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\V0540Mon.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Comodo\Firewall\cfp.exe
C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
C:\Program Files\MSI\Live Update 3\LMonitor.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Creative\Shared Files\CTSched.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe
C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\OBroker.exe
C:\Program Files\AVG\AVG8\avgui.exe
C:\Documents and Settings\Ron\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/ig
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://www.medion.com/
uInternet Settings,ProxyServer = 168.94.74.68:8080
uInternet Settings,ProxyOverride = *.local;<local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 8\SnagItBHO.dll
BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: SpywareGuardDLBLOCK.CBrowserHelper: {4a368e80-174f-4872-96b5-0b27ddd11db2} - c:\program files\spywareguard\dlprotect.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: DeskshopBrowserHelper Class: {8db3d69d-da5e-4165-b781-72a761790672} - c:\windows\system32\BhoDshop.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Tunebite_WebRipPlugin Class: {aa102584-3b97-47e7-b9bc-75d54c110a7d} - c:\program files\rapidsolution\tunebite\plugins\ie\TB_WebRipIePlugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 8\SnagItIEAddin.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [cdloader] "c:\documents and settings\ron\application data\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Google Update] "c:\documents and settings\ron\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [CreativeTaskScheduler] "c:\program files\creative\shared files\CTSched.exe" /logon
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [PRONoMgr.exe] c:\program files\intel\ncs\proset\PRONoMgr.exe
mRun: [Dit] Dit.exe
mRun: [PinnacleDriverCheck] c:\windows\system32\PSDrvCheck.exe
mRun: [PCMService] "c:\program files\powercinema\PCMService.exe"
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [Secure Online Account Numbers] c:\progra~1\discover\soan\SOAN.exe /dontopenmycards
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4\OpwareSE4.exe"
mRun: [WrtMon.exe] c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [IJNetworkScanUtility] c:\program files\canon\canon ij network scan utility\CNMNSUT.EXE
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [COMODO Firewall Pro] "c:\program files\comodo\firewall\cfp.exe" -h
mRun: [Microsoft Works Update Detection] c:\program files\common files\microsoft shared\works shared\WkUFind.exe
mRun: [UpdatePPShortCut] "c:\program files\cyberlink\powerproducer\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerproducer" update "software\cyberlink\powerproducer\5.0"
mRun: [Live! Central] "c:\program files\creative\creative live! cam\live! central\CTLVCentral.exe" /mode2
mRun: [c:\windows\system32\v0540ext.ax] c:\windows\system32\regsvr32.exe /s c:\windows\system32\V0540Ext.ax
mRun: [V0540Mon.exe] c:\windows\V0540Mon.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [COMODO Internet Security] "c:\program files\comodo\firewall\cfp.exe" -h
mRun: [DiscWizardMonitor.exe] c:\program files\seagate\discwizard\DiscWizardMonitor.exe
mRun: [AcronisTimounterMonitor] c:\program files\seagate\discwizard\TimounterMonitor.exe
mRun: [Seagate Scheduler2 Service] "c:\program files\common files\seagate\schedule2\schedhlp.exe"
mRun: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
mRun: [LiveMonitor] c:\program files\msi\live update 3\LMonitor.exe
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [Verizon_McciTrayApp] "c:\program files\verizon\McciTrayApp.exe"
mRun: [MaxtorOneTouch] c:\progra~1\maxtor\onetouch\utils\OneTouch.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
dRunOnce: [VF0540Inst] RunDll32.exe c:\windows\system32\V0540Pin.dll,RunDLL32EP 515
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpoddt~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\snagit~1.lnk - c:\program files\techsmith\snagit 8\SnagIt32.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {F74E75A5-96BF-40ef-A1C8-88EAEBB82AB6} - c:\progra~1\discover\soan\SOAN.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
Trusted Zone: com.tw\www.msi
Trusted Zone: live.com\onecare
Trusted Zone: magicjack.com\my
Trusted Zone: talk4free.com\reg
Trusted Zone: weather.com\www
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://www.creative.com/softwareupdate/su/ocx/15101/CTSUEng.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1214313908296
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37882.3912152778
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/softwareupdate/su/ocx/15106/CTPID.cab
TCP: NameServer = 85.255.112.153,85.255.112.92
TCP: {F89F27FC-AC5A-4AD3-A683-CE2549BD091F} = 85.255.112.153,85.255.112.92
TCP: {FC32E5B5-C89A-4490-B559-7837AB6FDBCB} = 85.255.112.153,85.255.112.92
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SpywareGuard.Handler: {81559c35-8464-49f7-bb0e-07a383bef910} - c:\program files\spywareguard\spywareguard.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
LSA: Authentication Packages = msv1_0 relog_ap

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\ron\applic~1\mozilla\firefox\profiles\2avjtyd5.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\mozilla firefox\extensions\browserhighlighter@ebay.com\components\Shim.dll
FF - component: c:\program files\rapidsolution\tunebite\plugins\geckobased\tunebite-firefox-surf-and-catch-extension@audials.com\components\TB_WebRipFFPlugin.dll
FF - plugin: c:\documents and settings\ron\application data\mozilla\firefox\profiles\2avjtyd5.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071303000006.dll
FF - plugin: c:\documents and settings\ron\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\ron\local settings\application data\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\rapidsolution\tunebite\plugins\geckobased\tunebite-firefox-surf-and-catch-extension@audials.com\plugins\np_TB_OgloPlugin.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-5-24 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-1-30 327688]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-1-30 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-1-30 108552]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2008-6-23 132640]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2008-6-23 24096]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-1-30 906520]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-1-30 298776]
R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\firewall\cmdagent.exe [2008-6-23 692496]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2008-10-28 156968]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 1003344]
R2 SBKUPNT;SBKUPNT;c:\windows\system32\drivers\SBKUPNT.SYS [2009-4-6 14976]
R2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files\common files\seagate\schedule2\schedul2.exe [2008-6-24 431384]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R2 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-9 602392]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2009-1-24 145952]
R3 PhTVTune;MEDION TV-Tuner 7133;c:\windows\system32\drivers\PhTVTune.sys [2003-9-12 24704]
R3 RLDesignVirtualAudioCableWdm;Live! Cam Virtual;c:\windows\system32\drivers\livecamv.sys [2009-1-24 31616]
R3 wlags48d;Agere Wireless PCCard Service;c:\windows\system32\drivers\wlags48d.sys [2003-9-12 153088]
S3 IIUSBISP;USB Mass Storage for USB ISP;c:\windows\system32\drivers\iiusbisp.sys --> c:\windows\system32\drivers\iiusbisp.sys [?]
S3 mam4410c;mam4410c;c:\windows\system32\drivers\mam4410c.sys [2007-12-31 24784]
S3 mam4410m;mam4410m;c:\windows\system32\drivers\mam4410m.sys [2007-12-31 25044]
S3 mam4410u;mam4410u;c:\windows\system32\drivers\mam4410u.sys [2007-12-31 52309]

============== File Associations ===============

regfile=regedit.exe "%1" %*
txtfile=c:\windows\NOTEPAD.EXE %1

=============== Created Last 30 ================

2009-07-03 11:37 <DIR> --d-h--- c:\windows\PIF
2009-07-02 15:41 <DIR> --d----- c:\program files\PixiePack Codec Pack
2009-07-02 15:39 <DIR> --d----- c:\program files\RapidSolution
2009-07-02 15:39 <DIR> --d----- c:\docume~1\alluse~1\applic~1\RapidSolution
2009-07-02 15:01 <DIR> --d----- c:\program files\DigitalHQ
2009-06-12 18:54 <DIR> --d----- c:\program files\iPod
2009-06-12 18:54 <DIR> --d----- c:\program files\iTunes
2009-06-09 18:15 37,664 a------- c:\windows\system32\drivers\tbhsd.sys
2009-06-08 18:02 <DIR> --d----- C:\Xnews
2009-06-04 15:50 <DIR> --d----- c:\program files\Maxtor
2009-06-04 15:48 45,056 a------- c:\windows\system32\wnaspi32.dll
2009-06-04 15:48 25,244 a------- c:\windows\system32\drivers\aspi32.sys
2009-06-04 15:48 5,600 a------- c:\windows\system\winaspi.dll
2009-06-04 15:48 4,672 a------- c:\windows\system\wowpost.exe

==================== Find3M ====================

2009-06-30 12:25 3,488 a------- c:\docume~1\ron\applic~1\wklnhst.dat
2009-06-27 21:46 327,688 a------- c:\windows\system32\drivers\avgldx86.sys
2009-06-27 21:46 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-05-25 00:24 350,208 a------- c:\windows\system32\mssph.dll
2009-05-24 09:40 15,688 a------- c:\windows\system32\lsdelete.exe
2009-05-24 09:39 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-05-21 11:33 410,984 a------- c:\windows\system32\deploytk.dll
2009-05-16 23:11 168,208 a------- c:\windows\system32\guard32.dll
2009-05-16 23:11 24,096 a------- c:\windows\system32\drivers\cmdhlp.sys
2009-05-16 23:11 132,640 a------- c:\windows\system32\drivers\cmdguard.sys
2009-05-12 15:12 26,144 a------- c:\windows\system32\spupdsvc.exe
2009-05-07 11:32 345,600 a------- c:\windows\system32\localspl.dll
2009-05-01 14:30 3,366,912 a------- c:\windows\system32\GPhotos.scr
2009-04-29 00:56 827,392 a------- c:\windows\system32\wininet.dll
2009-04-29 00:55 78,336 -------- c:\windows\system32\ieencode.dll
2009-04-17 08:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-15 10:51 585,216 a------- c:\windows\system32\rpcrt4.dll
2008-01-03 14:51 12 a------- c:\documents and settings\ron\bitpim.dat
2008-05-18 12:25 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008051820080519\index.dat

============= FINISH: 12:27:45.29 ===============
Attached Files
File Type: zip Attach.zip (4.5 KB, 2 views)
TrnDrvr is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here

Old 07-06-2009, 11:48 AM   #2 (permalink)
Registered User
 
Join Date: Jul 2009
Posts: 22
OS: xp sp3


Re: Searh Engine Redirects, and More
Bump, please.
TrnDrvr is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-07-2009, 11:50 AM   #3 (permalink)
Moderator, Analyst, Security Team
 
TheBruce1's Avatar
 
Join Date: Oct 2006
Location: Důn Čideann,Scotland.
Posts: 5,092
OS: XP


Re: Searh Engine Redirects, and More
Hello and welcome to TSF

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

========

Please follow all instructions and in which order they come, if you have any questions, please ask before proceeding. Its important that you follow this through until i give you the all clear.

Please DO NOT Attach logs to your posts unless you are advised to do so.


=========

Let's try to get a GMER log. You must have extracted gmer.exe to your desktop for this to work.

Open Notepad and copy/paste the text in the quotebox below into Notepad:

Quote:
@echo off
copy /y gmer.exe omer.exe
start omer
Save this as run.bat Choose to "Save type as - All Files" next to gmer.exe
It should look like this:
Double-click run.bat & allow it to run.

Then, use these settings to produce a log.
  • If asked to allow gmer.sys driver to load, please consent .
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click NO.



    Click the image to enlarge it


  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop, and attach it to your next reply.
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
__________________
Member of ASAP since 2007
Member of UNITE since 2008

**Notice to BT customers**
BT to dump Phorm, see Here for more information. No DPI

If we have helped you in anyway, please consider Donating
TheBruce1 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-09-2009, 08:35 AM   #4 (permalink)
Registered User
 
Join Date: Jul 2009
Posts: 22
OS: xp sp3


Re: Searh Engine Redirects, and More
Hi. Thanks for your help. Sorry it took me so long to get back to you, but I just got back last night after being away at work for a couple days.

Last night I read your reply and did exactly as you said. While gmer was performing the scan, the computer shut down and tried to restart. But when it got as far as the windows screen, it shut down again. This time when it tried to restart, it would not go beyond the initial splash screen. After a couple attempts I shut the computer off and went to bed. This morning it was the same, but for some reason I left it on the splash screen for a while. After about 15 minutes it began to boot up very slowly. It took about twenty minutes but I was back up and running. I did get a message that said the system has recovered from a serious error.

I ran the scan again and this time it was able to complete. The file is attached.
Attached Files
File Type: txt gmer.txt (6.4 KB, 3 views)
TrnDrvr is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-09-2009, 11:20 AM   #5 (permalink)
Moderator, Analyst, Security Team
 
TheBruce1's Avatar
 
Join Date: Oct 2006
Location: Důn Čideann,Scotland.
Posts: 5,092
OS: XP


Re: Searh Engine Redirects, and More
Hello again

Please follow all instructions and in which order they come, if you have any questions, please ask before proceeding. Its important that you follow this through until i give you the all clear.

Please DO NOT Attach logs to your posts unless you are advised to do so.

========


Link 1
Link 2
Link 3






* IMPORTANT !!! Place combofix.exe on your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.

Double click on combofix.exe & follow the prompts.

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.





The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.

With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement.

ComboFix will now automatically install the Microsoft Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Microsoft Windows Recovery Console option when you start your computer unless requested to by a helper.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see a message that says:

The Recovery Console was successfully installed.



Click on Yes, to continue scanning for malware.

Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.

When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
__________________
Member of ASAP since 2007
Member of UNITE since 2008

**Notice to BT customers**
BT to dump Phorm, see Here for more information. No DPI

If we have helped you in anyway, please consider Donating
TheBruce1 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-09-2009, 06:30 PM   #6 (permalink)
Registered User
 
Join Date: Jul 2009
Posts: 22
OS: xp sp3


Re: Searh Engine Redirects, and More
When I clicked on combofix, a dialog box opened and I clicked on Run. Nothing happened. Combo fix will not run. I downloaded combofix a couple more times and tried, but it still will not run.
TrnDrvr is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-09-2009, 08:58 PM   #7 (permalink)
Registered User
 
Join Date: Jul 2009
Posts: 22
OS: xp sp3


Re: Searh Engine Redirects, and More
My bad! Right after I submitted my last post I realized that I forgot to rename it Combo-Fix.exe. I have attached the log.
Attached Files
File Type: zip log.zip (7.6 KB, 2 views)
TrnDrvr is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-09-2009, 09:07 PM   #8 (permalink)
Registered User
 
Join Date: Jul 2009
Posts: 22
OS: xp sp3


Re: Searh Engine Redirects, and More
Also, ComboFix reported the following when I ran the scan:

ComboFix has detected the presence of rootkit activity and needs to reboot the machine.
C:WINDOWS\system32\drivers\MSIVXddwjbnitdgiyuyavtmexcbtbonmtebta.sys
C:WINDOWS\system32\MSIVXorocrmtjtdicdusevgoevsopcrruwyana.dll
C:WINDOWS\system32\MSIVXpjovmyumrkmlkrehhsvkyfdatkilqxbn.dll

ComboFix 09-07-09.06 - Ron 07/09/2009 21:01.2.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3703.3106 [GMT -4:00]
Running from: c:\documents and settings\Ron\Desktop\Combo-Fix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Installer\19d4c3d.msi
c:\windows\Installer\1caca9.msi
c:\windows\Installer\1fd7de.msp
c:\windows\system32\drivers\MSIVXddwjbniydgiyuyavtmexcbtbonmtebta.sys
c:\windows\system32\MSIVXcount
c:\windows\system32\MSIVXorocrmtjdicdusevgoevsopcrruwyana.dll
c:\windows\system32\MSIVXpjovmyumrkmlkrehhsvkyfdatkilqxbn.dll
c:\windows\system32\tmp.reg
c:\windows\Tasks\{5B57CF47-0BFA-43c6-ACF9-3B3653DCADBA}.job

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_MSIVXserv.sys


((((((((((((((((((((((((( Files Created from 2009-06-10 to 2009-07-10 )))))))))))))))))))))))))))))))
.

2009-07-03 15:37 . 2009-07-03 15:37 -------- d--h--w- c:\windows\PIF
2009-07-02 19:42 . 2009-07-02 19:42 -------- d-----w- c:\documents and settings\Ron\Local Settings\Application Data\RapidSolution
2009-07-02 19:41 . 2009-07-02 19:41 -------- d-----w- c:\program files\PixiePack Codec Pack
2009-07-02 19:41 . 2009-07-02 19:41 466944 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite\WebRipDLLs\MusicLoad.dll
2009-07-02 19:41 . 2009-07-02 19:41 197912 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite\WebRipDLLs\PlgSoundclick.dll
2009-07-02 19:41 . 2009-07-02 19:41 177432 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite\WebRipDLLs\PlgIJigg.dll
2009-07-02 19:41 . 2009-07-02 19:41 169240 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite\WebRipDLLs\PlgPandora.dll
2009-07-02 19:41 . 2009-07-02 19:41 136472 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite\WebRipDLLs\PlgLastfm.dll
2009-07-02 19:41 . 2009-07-02 19:41 197912 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite\WebRipDLLs\PlgImeem.dll
2009-07-02 19:41 . 2009-07-02 19:41 1258776 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite\WebRipDLLs\RadioRip.dll
2009-07-02 19:41 . 2009-07-02 19:41 278528 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite\WebRipDLLs\WebRip.dll
2009-07-02 19:41 . 2009-07-02 19:41 410904 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite\WebRipDLLs\TimTube.dll
2009-07-02 19:41 . 2009-07-02 19:41 405504 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite\WebRipDLLs\PornoTube.dll
2009-07-02 19:39 . 2009-07-02 19:41 -------- d-----w- c:\documents and settings\All Users\Application Data\RapidSolution
2009-07-02 19:39 . 2009-07-02 19:39 -------- d-----w- c:\program files\RapidSolution
2009-07-02 19:01 . 2009-07-02 19:01 -------- d-----w- c:\program files\DigitalHQ
2009-07-02 12:54 . 2009-07-02 12:54 -------- d-----w- c:\documents and settings\Ron\Local Settings\Application Data\Temp
2009-06-22 19:23 . 2009-06-22 19:23 239088 ----a-w- c:\documents and settings\Ron\Application Data\Mozilla\plugins\npgoogletalk.dll
2009-06-12 22:54 . 2009-06-12 22:54 -------- d-----w- c:\program files\iPod
2009-06-12 22:54 . 2009-06-12 22:54 -------- d-----w- c:\program files\iTunes
2009-06-12 22:43 . 2009-06-12 22:43 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe
2009-06-11 22:37 . 2009-06-11 22:37 152576 ----a-w- c:\documents and settings\Ron\Application Data\Sun\Java\jre1.6.0_14\lzma.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-09 13:50 . 2007-12-06 15:26 90112 ----a-w- c:\windows\DUMP561e.tmp
2009-07-09 03:04 . 2008-06-16 11:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-07-02 19:41 . 2009-07-02 19:40 393216 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite\WebRipDLLs\BadJojo.dll
2009-07-02 19:40 . 2009-07-02 19:40 415000 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite\WebRipDLLs\YouPorn.dll
2009-07-02 19:40 . 2009-07-02 19:40 409600 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite\WebRipDLLs\RedTube.dll
2009-07-02 19:40 . 2009-07-02 19:40 385024 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite\WebRipDLLs\ROFL.dll
2009-07-02 19:40 . 2009-07-02 19:40 427288 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite\WebRipDLLs\Tangle.dll
2009-07-02 19:40 . 2009-07-02 19:40 419096 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite\WebRipDLLs\SevenLoad.dll
2009-07-02 19:40 . 2009-07-02 19:40 439576 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite\WebRipDLLs\MyVideo.dll
2009-07-02 19:40 . 2009-07-02 19:40 423192 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite\WebRipDLLs\MetaCafe.dll
2009-07-02 19:40 . 2009-07-02 19:40 409600 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite\WebRipDLLs\BlipTV.dll
2009-07-02 19:40 . 2009-07-02 19:40 421888 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite\WebRipDLLs\MySpace.dll
2009-07-02 19:40 . 2009-07-02 19:40 409600 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite\WebRipDLLs\DailyMotion.dll
2009-07-02 19:40 . 2009-07-02 19:40 413696 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite\WebRipDLLs\YouTube.dll
2009-07-02 19:40 . 2009-07-02 19:40 495616 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\EncodingBackend\lame_enc.dll
2009-06-30 16:25 . 2007-12-12 15:43 3488 ----a-w- c:\documents and settings\Ron\Application Data\wklnhst.dat
2009-06-28 20:43 . 2008-03-10 21:58 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-28 20:30 . 2009-05-22 13:41 -------- d-----w- c:\program files\SpywareBlaster
2009-06-28 02:14 . 2008-02-18 19:49 -------- d-----w- c:\program files\DeductionPro 2007
2009-06-28 02:14 . 2003-09-19 11:33 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-28 02:06 . 2009-01-07 20:46 -------- d-----w- c:\program files\Camfrog
2009-06-28 02:03 . 2007-12-10 16:10 -------- d-----w- c:\program files\Java
2009-06-28 01:46 . 2009-01-30 21:23 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-06-28 01:46 . 2009-01-30 21:24 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-06-28 01:46 . 2009-01-30 21:23 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-23 18:03 . 2007-12-30 20:02 -------- d-----w- c:\program files\Opera
2009-06-23 18:01 . 2008-04-15 16:37 -------- d-----w- c:\program files\Bonjour
2009-06-14 16:05 . 2009-01-27 21:40 -------- d-----w- c:\program files\MSI
2009-06-14 16:04 . 2009-02-12 14:50 -------- d-----w- c:\program files\Setup Files
2009-06-12 22:59 . 2008-04-15 16:38 -------- d-----w- c:\program files\Safari
2009-06-12 22:54 . 2009-04-11 18:45 -------- d-----w- c:\program files\Common Files\Apple
2009-06-12 22:51 . 2008-07-30 14:08 -------- d-----w- c:\program files\QuickTime
2009-06-11 14:28 . 2008-10-08 20:21 -------- d-----w- c:\program files\Windows Desktop Search
2009-06-09 22:15 . 2009-06-09 22:15 37664 ----a-w- c:\windows\system32\drivers\tbhsd.sys
2009-06-07 13:44 . 2009-06-07 13:44 212848 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\RPAPI.dll
2009-06-07 13:44 . 2009-06-07 13:44 40288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\PrivacyClean.dll
2009-06-04 19:50 . 2009-06-04 19:50 -------- d-----w- c:\program files\Maxtor
2009-06-01 23:55 . 2007-12-21 13:30 -------- d-----w- c:\program files\Yahoo!
2009-06-01 14:01 . 2009-06-01 14:01 15688 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\lsdelete.exe
2009-06-01 14:00 . 2009-06-01 14:00 83808 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\ShellExt.dll
2009-05-29 16:12 . 2007-12-12 16:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Motive
2009-05-28 16:30 . 2009-05-28 16:03 -------- d-----w- c:\program files\Verizon
2009-05-28 16:04 . 2009-05-28 16:01 -------- d-----w- c:\program files\Common Files\Motive
2009-05-28 14:12 . 2009-05-28 14:10 29813256 ----a-w- c:\documents and settings\All Users\Application Data\TaxCut\2008\Update\US68017101cupd.exe
2009-05-25 13:55 . 2008-05-14 18:23 -------- d-----w- c:\documents and settings\Ron\Application Data\mjusbsp
2009-05-25 04:24 . 2008-05-27 02:18 350208 ----a-w- c:\windows\system32\mssph.dll
2009-05-24 13:40 . 2009-05-25 00:15 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-05-24 13:39 . 2009-05-24 13:40 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-05-24 13:39 . 2009-05-24 13:39 64160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Drivers\32\lbd.sys
2009-05-24 13:36 . 2009-05-24 13:36 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-05-24 13:34 . 2007-12-08 14:26 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-05-22 03:35 . 2008-06-15 02:57 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-05-22 03:31 . 2008-06-15 02:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-05-21 21:27 . 2008-06-20 23:01 -------- d-----w- c:\program files\SpywareGuard
2009-05-21 15:33 . 2009-02-20 19:41 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-17 03:11 . 2008-06-23 18:42 168208 ----a-w- c:\windows\system32\guard32.dll
2009-05-17 03:11 . 2008-06-23 18:42 82080 ----a-w- c:\windows\system32\drivers\inspect.sys
2009-05-17 03:11 . 2008-06-23 18:42 24096 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2009-05-17 03:11 . 2008-06-23 18:42 132640 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2009-05-12 19:12 . 2007-12-06 19:23 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2009-05-07 15:32 . 2003-09-19 10:29 345600 ----a-w- c:\windows\system32\localspl.dll
2009-05-03 01:23 . 2009-01-30 21:24 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-05-01 18:30 . 2009-05-01 18:30 3366912 ----a-w- c:\windows\system32\GPhotos.scr
2009-04-29 04:56 . 2006-06-23 16:33 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2004-08-04 07:56 78336 ------w- c:\windows\system32\ieencode.dll
2009-04-17 12:26 . 2003-09-19 10:29 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-16 19:39 . 2008-04-20 15:24 1 ----a-w- c:\documents and settings\Ron\Application Data\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2009-04-15 14:51 . 2004-03-06 02:16 585216 ----a-w- c:\windows\system32\rpcrt4.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2009-01-02 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-28 152872]
"cdloader"="c:\documents and settings\Ron\Application Data\mjusbsp\cdloader2.exe" [2008-12-17 50520]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Google Update"="c:\documents and settings\Ron\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-01-21 133104]
"CreativeTaskScheduler"="c:\program files\Creative\Shared Files\CTSched.exe" [2006-11-17 53341]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"c:\windows\system32\V0540Ext.ax"="c:\windows\system32\V0540Ext.ax" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-06-06 155648]
"PRONoMgr.exe"="c:\program files\Intel\NCS\PROSet\PRONoMgr.exe" [2003-03-11 86016]
"PinnacleDriverCheck"="c:\windows\System32\PSDrvCheck.exe" [2003-05-28 394240]
"PCMService"="c:\program files\PowerCinema\PCMService.exe" [2003-06-24 61440]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"Secure Online Account Numbers"="c:\progra~1\Discover\SOAN\SOAN.exe" [2007-02-02 233472]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 20480]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-10-26 652624]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-09-14 1603152]
"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE" [2007-05-21 124512]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"COMODO Firewall Pro"="c:\program files\Comodo\Firewall\cfp.exe" [2009-05-17 1794320]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-07 50688]
"UpdatePPShortCut"="c:\program files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2008-02-22 222504]
"Live! Central"="c:\program files\Creative\Creative Live! Cam\Live! Central\CTLVCentral.exe" [2008-05-08 438399]
"V0540Mon.exe"="c:\windows\V0540Mon.exe" [2008-03-04 28672]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-28 1948440]
"COMODO Internet Security"="c:\program files\Comodo\Firewall\cfp.exe" [2009-05-17 1794320]
"DiscWizardMonitor.exe"="c:\program files\Seagate\DiscWizard\DiscWizardMonitor.exe" [2008-06-24 1325848]
"AcronisTimounterMonitor"="c:\program files\Seagate\DiscWizard\TimounterMonitor.exe" [2008-06-25 904768]
"Seagate Scheduler2 Service"="c:\program files\Common Files\Seagate\Schedule2\schedhlp.exe" [2008-06-24 136472]
"LiveMonitor"="c:\program files\MSI\Live Update 3\LMonitor.exe" [2009-02-24 498688]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-06-21 518488]
"Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2009-06-08 1553920]
"MaxtorOneTouch"="c:\progra~1\Maxtor\OneTouch\Utils\OneTouch.exe" [2003-05-21 45056]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]
"Dit"="Dit.exe" - c:\windows\Dit.exe [2002-08-28 73728]
"Cmaudio"="cmicnfg.cpl" - c:\windows\CMICNFG.CPL [2003-09-13 2244608]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"VF0540Inst"="c:\windows\system32\V0540Pin.dll" [2008-06-03 40960]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]
SnagIt 8.lnk - c:\program files\TechSmith\SnagIt 8\SnagIt32.exe [2007-5-1 6395464]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-06-28 01:46 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0autocheck lsdelete\0autocheck lsdelete\0autocheck lsdelete\0autocheck lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^Ron^Start Menu^Programs^Startup^CNX Project 5.25.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HotKeysCmds"=c:\windows\system32\hkcmd.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Documents and Settings\\Ron\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Ron\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\Ron\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [5/24/2009 9:40 AM 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [1/30/2009 5:23 PM 327688]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [1/30/2009 5:24 PM 108552]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [6/23/2008 2:42 PM 132640]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [6/23/2008 2:42 PM 24096]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [1/30/2009 5:23 PM 906520]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [1/30/2009 5:22 PM 298776]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [10/28/2008 4:42 PM 156968]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 3:06 PM 1003344]
R2 SBKUPNT;SBKUPNT;c:\windows\system32\drivers\SBKUPNT.SYS [4/6/2009 9:16 PM 14976]
R2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files\Common Files\Seagate\Schedule2\schedul2.exe [6/24/2008 7:56 PM 431384]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [1/24/2009 11:20 PM 145952]
R3 PhTVTune;MEDION TV-Tuner 7133;c:\windows\system32\drivers\PhTVTune.sys [9/12/2003 7:42 AM 24704]
R3 RLDesignVirtualAudioCableWdm;Live! Cam Virtual;c:\windows\system32\drivers\livecamv.sys [1/24/2009 11:24 PM 31616]
R3 wlags48d;Agere Wireless PCCard Service;c:\windows\system32\drivers\wlags48d.sys [9/12/2003 7:03 AM 153088]
S3 IIUSBISP;USB Mass Storage for USB ISP;c:\windows\system32\Drivers\iiusbisp.sys --> c:\windows\system32\Drivers\iiusbisp.sys [?]
S3 mam4410c;mam4410c;c:\windows\system32\drivers\mam4410c.sys [12/31/2007 4:38 PM 24784]
S3 mam4410m;mam4410m;c:\windows\system32\drivers\mam4410m.sys [12/31/2007 4:38 PM 25044]
S3 mam4410u;mam4410u;c:\windows\system32\drivers\mam4410u.sys [12/31/2007 4:38 PM 52309]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}]
c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder

2009-07-06 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 13:40]

2009-06-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2008-04-27 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p officejet 6100 series5E771253C1676EBED677BF361FDFC537825E15B8201457680.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 05:52]

2009-07-10 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-06-16 02:58]

2009-07-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-871126658-2940998406-2624124909-1007Core.job
- c:\documents and settings\Ron\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-21 22:12]

2009-07-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-871126658-2940998406-2624124909-1007UA.job
- c:\documents and settings\Ron\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-21 22:12]

2009-07-10 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]

2009-07-10 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2008-04-21 02:41]

2009-07-02 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2008-04-21 02:41]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://www.medion.com/
uInternet Settings,ProxyServer = 168.94.74.68:8080
uInternet Settings,ProxyOverride = *.local;<local>
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
Trusted Zone: com.tw\www.msi
Trusted Zone: live.com\onecare
Trusted Zone: magicjack.com\my
Trusted Zone: talk4free.com\reg
Trusted Zone: weather.com\www
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab
FF - ProfilePath - c:\documents and settings\Ron\Application Data\Mozilla\Firefox\Profiles\2avjtyd5.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\Mozilla Firefox\extensions\browserhighlighter@ebay.com\components\Shim.dll
FF - component: c:\program files\RapidSolution\Tunebite\plugins\GeckoBased\tunebite-firefox-surf-and-catch-extension@audials.com\components\TB_WebRipFFPlugin.dll
FF - plugin: c:\documents and settings\Ron\Application Data\Mozilla\Firefox\Profiles\2avjtyd5.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000006.dll
FF - plugin: c:\documents and settings\Ron\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\Ron\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\RapidSolution\Tunebite\plugins\GeckoBased\tunebite-firefox-surf-and-catch-extension@audials.com\plugins\np_TB_OgloPlugin.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
.
.
------- File Associations -------
.
txtfile=c:\windows\NOTEPAD.EXE %1
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-09 21:13
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwClose, ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-871126658-2940998406-2624124909-1007\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-871126658-2940998406-2624124909-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*}*d*#\OpenWithList]
@Class="Shell"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(780)
c:\windows\system32\guard32.dll
c:\windows\system32\relog_ap.dll
.
Completion time: 2009-07-10 21:17
ComboFix-quarantined-files.txt 2009-07-10 01:17
ComboFix2.txt 2008-06-20 14:00

Pre-Run: 76,913,434,624 bytes free
Post-Run: 77,043,470,336 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

323 --- E O F --- 2009-06-30 18:11
Last edited by TheBruce1; 07-10-2009 at 04:48 AM.
TrnDrvr is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-10-2009, 05:13 AM   #9 (permalink)
Moderator, Analyst, Security Team
 
TheBruce1's Avatar
 
Join Date: Oct 2006
Location: Důn Čideann,Scotland.
Posts: 5,092
OS: XP


Re: Searh Engine Redirects, and More
Hello again

Please do not attach your logs, simply copy/paste them into your reply.

Quote:
ComboFix2.txt 2008-06-20 14:00
Any reason as to why you have had Combofix installed since the 20th of June?
Combofix is only to be used in a supervised enviroment and not used as an everyday tool.

========

Click > Start > Control Panel > Add or Remove Programs and uninstall the following programs:

Viewpoint Media Player<---Viewpoint is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546

Additional Information Here

You also have RegCure 1.5.0.1 installed, we do not recommend that users installed them. Our colleague miekiemoes has a good write up on the use of these tools Here

========

Did you set these:

uInternet Settings,ProxyServer = 168.94.74.68:8080
uInternet Settings,ProxyOverride = *.local;<local>
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
Trusted Zone: com.tw\www.msi
Trusted Zone: live.com\onecare
Trusted Zone: magicjack.com\my
Trusted Zone: talk4free.com\reg
Trusted Zone: weather.com\www

Let me know in your reply.

=======

Download ATF-Cleaner by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

If you have Firefox installed:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you have Opera installed:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.

========

Establish an internet connection & perform an online scan with Internet Explorer at Kaspersky Online Scanner

Click Accept, when prompted to download and install the program files and database of malware definitions.
  • Click Run at the Security prompt.
  • The program will then begin downloading and installing and will also update the database.
  • Please be patient as this can take several minutes.
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View scan report at the bottom.
  • Click the Save Report As... button.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.
**Note**

This animation will guide you through the process:




To optimize scanning time and produce a more sensible report for review:
  • Close any open programs.
  • Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.
Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

========
Logs Required
Kaspersky Scan Report

An update on how your system is running.
__________________
Member of ASAP since 2007
Member of UNITE since 2008

**Notice to BT customers**
BT to dump Phorm, see Here for more information. No DPI

If we have helped you in anyway, please consider Donating
TheBruce1 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-10-2009, 12:23 PM   #10 (permalink)
Registered User
 
Join Date: Jul 2009
Posts: 22
OS: xp sp3


Re: Searh Engine Redirects, and More
Okay! To answer your question about ComboFix - My neighbor was utilizing this forum to fix a problem with his computer (That is how I found out about this forum) . He could not access the internet, so I downloaded whatever he needed and transferred it to his computer via a thumb drive. Same thing with the logs, he downloaded to the thumb drive and transferred to my computer to upload to the forum. I did not run ComboFix on my computer at that time.

I removed Viewpoint Media Player (Don't even know where it came from). I haven't removed RegCure but after reading the info you gave me, I will not be changing any registery keys until I know exactly what they are and what they do.

I don't know anything about these two:
uInternet Settings,ProxyServer = 168.94.74.68:8080
uInternet Settings,ProxyOverride = *.local;<local>

MSI is the maker of my motherboard. I assume that is why these three are there:
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
Trusted Zone: com.tw\www.msi

Don't know about this one:
Trusted Zone: live.com\onecare

I have a MagicJack and I think Talk4Free has something to do with MagicJack:
Trusted Zone: magicjack.com\my
Trusted Zone: talk4free.com\reg

This one means nothing to me either:
Trusted Zone: weather.com\www

Here is the log created by the online scan:
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Friday, July 10, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Friday, July 10, 2009 11:32:24
Records in database: 2456303
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\

Scan statistics:
Files scanned: 173601
Threat name: 3
Infected objects: 9
Suspicious objects: 0
Duration of the scan: 03:19:39


File name / Threat name / Threats count
C:\QooBox\Quarantine\C\WINDOWS\system32\MSIVXorocrmtjdicdusevgoevsopcrruwyana.dll.vir Infected: Packed.Win32.Tdss.w 1
C:\QooBox\Quarantine\C\WINDOWS\system32\MSIVXpjovmyumrkmlkrehhsvkyfdatkilqxbn.dll.vir Infected: Packed.Win32.Tdss.w 1
F:\Program Archives\mediadigitalizer-spow.exe Infected: Backdoor.Win32.Bifrose.bgy 1
F:\Program Archives\WarezP2P.exe Infected: not-a-virus:AdWare.Win32.HyperBar 6

The selected area was scanned.

-------------------------------------------------------------------------

The search engine redirects have gone away, but my computer is still taking an exceptionally long time to boot up. I hit Restart and after the shut down, the splash screen appeared and was stuck there for a full ten minutes before it began to boot. It was seven minutes later that the boot up was completed.

I will be gone until tomorrow evening, so I won't be able to reply until then or Sunday morning. Thanks.
TrnDrvr is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-10-2009, 01:12 PM   #11 (permalink)
Moderator, Analyst, Security Team
 
TheBruce1's Avatar
 
Join Date: Oct 2006
Location: Důn Čideann,Scotland.
Posts: 5,092
OS: XP


Re: Searh Engine Redirects, and More
Hello again

Quote:
I will be gone until tomorrow evening, so I won't be able to reply until then or Sunday morning. Thanks.
No problem, i have personal commitments on Saturday so i will not be able to reply until Sunday.

=========

Open notepad and copy/paste the text in the quotebox below into it:

Code:
File::
F:\Program Archives\mediadigitalizer-spow.exe 
F:\Program Archives\WarezP2P.exe

DDS::
uInternet Connection Wizard,ShellNext = hxxp://www.medion.com/
uInternet Settings,ProxyServer = 168.94.74.68:8080
uInternet Settings,ProxyOverride = *.local;<local>
Trusted Zone: live.com\onecare
Trusted Zone: weather.com\www
Save this as CFscript







Refering to the picture above, drag CFscript into ComboFix.exe

Follow the prompts, and post the resulting log, C:\ComboFix.txt

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


Warning:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
__________________
Member of ASAP since 2007
Member of UNITE since 2008

**Notice to BT customers**
BT to dump Phorm, see Here for more information. No DPI

If we have helped you in anyway, please consider Donating
TheBruce1 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-11-2009, 09:19 PM   #12 (permalink)
Registered User
 
Join Date: Jul 2009
Posts: 22
OS: xp sp3


Re: Searh Engine Redirects, and More
Hello! I'm back again and here is the log:

ComboFix 09-07-09.08 - Ron 07/11/2009 22:43.3.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3703.2977 [GMT -4:00]
Running from: c:\documents and settings\Ron\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Ron\Desktop\CFscript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

FILE ::
"f:\program archives\mediadigitalizer-spow.exe"
"f:\program archives\WarezP2P.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

f:\program archives\mediadigitalizer-spow.exe
f:\program archives\WarezP2P.exe

.
((((((((((((((((((((((((( Files Created from 2009-06-12 to 2009-07-12 )))))))))))))))))))))))))))))))
.

2009-07-03 15:37 . 2009-07-03 15:37 -------- d--h--w- c:\windows\PIF
2009-07-02 19:42 . 2009-07-02 19:42 -------- d-----w- c:\documents and settings\Ron\Local Settings\Application Data\RapidSolution
2009-07-02 19:41 . 2009-07-02 19:41 -------- d-----w- c:\program files\PixiePack Codec Pack
2009-07-02 19:41 . 2009-07-02 19:41 466944 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite\WebRipDLLs\MusicLoad.dll
2009-07-02 19:41 . 2009-07-02 19:41 197912 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite\WebRipDLLs\PlgSoundclick.dll
2009-07-02 19:41 . 2009-07-02 19:41 177432 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite\WebRipDLLs\PlgIJigg.dll
2009-07-02 19:41 . 2009-07-02 19:41 169240 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite\WebRipDLLs\PlgPandora.dll
2009-07-02 19:41 . 2009-07-02 19:41 136472 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite\WebRipDLLs\PlgLastfm.dll
2009-07-02 19:41 . 2009-07-02 19:41 197912 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite\WebRipDLLs\PlgImeem.dll
2009-07-02 19:41 . 2009-07-02 19:41 1258776 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite\WebRipDLLs\RadioRip.dll
2009-07-02 19:41 . 2009-07-02 19:41 278528 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite\WebRipDLLs\WebRip.dll
2009-07-02 19:41 . 2009-07-02 19:41 410904 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite\WebRipDLLs\TimTube.dll
2009-07-02 19:41 . 2009-07-02 19:41 405504 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite\WebRipDLLs\PornoTube.dll
2009-07-02 19:39 . 2009-07-02 19:41 -------- d-----w- c:\documents and settings\All Users\Application Data\RapidSolution
2009-07-02 19:39 . 2009-07-02 19:39 -------- d-----w- c:\program files\RapidSolution
2009-07-02 19:01 . 2009-07-02 19:01 -------- d-----w- c:\program files\DigitalHQ
2009-07-02 12:54 . 2009-07-02 12:54 -------- d-----w- c:\documents and settings\Ron\Local Settings\Application Data\Temp
2009-06-22 19:23 . 2009-06-22 19:23 239088 ----a-w- c:\documents and settings\Ron\Application Data\Mozilla\plugins\npgoogletalk.dll
2009-06-12 22:54 . 2009-06-12 22:54 -------- d-----w- c:\program files\iPod
2009-06-12 22:54 . 2009-06-12 22:54 -------- d-----w- c:\program files\iTunes
2009-06-12 22:43 . 2009-06-12 22:43 75048 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 8.2.0.23\SetupAdmin.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-07-12 01:24 . 2008-06-16 11:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2009-07-09 13:50 . 2007-12-06 15:26 90112 ----a-w- c:\windows\DUMP561e.tmp
2009-07-02 19:41 . 2009-07-02 19:40 393216 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite\WebRipDLLs\BadJojo.dll
2009-07-02 19:40 . 2009-07-02 19:40 415000 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite\WebRipDLLs\YouPorn.dll
2009-07-02 19:40 . 2009-07-02 19:40 409600 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite\WebRipDLLs\RedTube.dll
2009-07-02 19:40 . 2009-07-02 19:40 385024 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite\WebRipDLLs\ROFL.dll
2009-07-02 19:40 . 2009-07-02 19:40 427288 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite\WebRipDLLs\Tangle.dll
2009-07-02 19:40 . 2009-07-02 19:40 419096 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite\WebRipDLLs\SevenLoad.dll
2009-07-02 19:40 . 2009-07-02 19:40 439576 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite\WebRipDLLs\MyVideo.dll
2009-07-02 19:40 . 2009-07-02 19:40 423192 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite\WebRipDLLs\MetaCafe.dll
2009-07-02 19:40 . 2009-07-02 19:40 409600 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite\WebRipDLLs\BlipTV.dll
2009-07-02 19:40 . 2009-07-02 19:40 421888 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite\WebRipDLLs\MySpace.dll
2009-07-02 19:40 . 2009-07-02 19:40 409600 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite\WebRipDLLs\DailyMotion.dll
2009-07-02 19:40 . 2009-07-02 19:40 413696 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\Tunebite\WebRipDLLs\YouTube.dll
2009-07-02 19:40 . 2009-07-02 19:40 495616 ----a-w- c:\documents and settings\All Users\Application Data\RapidSolution\EncodingBackend\lame_enc.dll
2009-06-30 16:25 . 2007-12-12 15:43 3488 ----a-w- c:\documents and settings\Ron\Application Data\wklnhst.dat
2009-06-28 20:43 . 2008-03-10 21:58 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-28 20:30 . 2009-05-22 13:41 -------- d-----w- c:\program files\SpywareBlaster
2009-06-28 02:14 . 2008-02-18 19:49 -------- d-----w- c:\program files\DeductionPro 2007
2009-06-28 02:14 . 2003-09-19 11:33 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-06-28 02:06 . 2009-01-07 20:46 -------- d-----w- c:\program files\Camfrog
2009-06-28 02:03 . 2007-12-10 16:10 -------- d-----w- c:\program files\Java
2009-06-28 01:46 . 2009-01-30 21:23 327688 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-06-28 01:46 . 2009-01-30 21:24 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-06-28 01:46 . 2009-01-30 21:23 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-23 18:03 . 2007-12-30 20:02 -------- d-----w- c:\program files\Opera
2009-06-23 18:01 . 2008-04-15 16:37 -------- d-----w- c:\program files\Bonjour
2009-06-14 16:05 . 2009-01-27 21:40 -------- d-----w- c:\program files\MSI
2009-06-14 16:04 . 2009-02-12 14:50 -------- d-----w- c:\program files\Setup Files
2009-06-12 22:59 . 2008-04-15 16:38 -------- d-----w- c:\program files\Safari
2009-06-12 22:54 . 2009-04-11 18:45 -------- d-----w- c:\program files\Common Files\Apple
2009-06-12 22:51 . 2008-07-30 14:08 -------- d-----w- c:\program files\QuickTime
2009-06-11 22:37 . 2009-06-11 22:37 152576 ----a-w- c:\documents and settings\Ron\Application Data\Sun\Java\jre1.6.0_14\lzma.dll
2009-06-11 14:28 . 2008-10-08 20:21 -------- d-----w- c:\program files\Windows Desktop Search
2009-06-09 22:15 . 2009-06-09 22:15 37664 ----a-w- c:\windows\system32\drivers\tbhsd.sys
2009-06-07 13:44 . 2009-06-07 13:44 212848 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\RPAPI.dll
2009-06-07 13:44 . 2009-06-07 13:44 40288 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\PrivacyClean.dll
2009-06-04 19:50 . 2009-06-04 19:50 -------- d-----w- c:\program files\Maxtor
2009-06-01 23:55 . 2007-12-21 13:30 -------- d-----w- c:\program files\Yahoo!
2009-06-01 14:01 . 2009-06-01 14:01 15688 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\lsdelete.exe
2009-06-01 14:00 . 2009-06-01 14:00 83808 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\ShellExt.dll
2009-05-29 16:12 . 2007-12-12 16:14 -------- d-----w- c:\documents and settings\All Users\Application Data\Motive
2009-05-28 16:30 . 2009-05-28 16:03 -------- d-----w- c:\program files\Verizon
2009-05-28 16:04 . 2009-05-28 16:01 -------- d-----w- c:\program files\Common Files\Motive
2009-05-28 14:12 . 2009-05-28 14:10 29813256 ----a-w- c:\documents and settings\All Users\Application Data\TaxCut\2008\Update\US68017101cupd.exe
2009-05-25 13:55 . 2008-05-14 18:23 -------- d-----w- c:\documents and settings\Ron\Application Data\mjusbsp
2009-05-25 04:24 . 2008-05-27 02:18 350208 ----a-w- c:\windows\system32\mssph.dll
2009-05-24 13:40 . 2009-05-25 00:15 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-05-24 13:39 . 2009-05-24 13:40 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-05-24 13:39 . 2009-05-24 13:39 64160 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\update\Drivers\32\lbd.sys
2009-05-24 13:36 . 2009-05-24 13:36 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-05-24 13:34 . 2007-12-08 14:26 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-05-22 03:35 . 2008-06-15 02:57 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-05-22 03:31 . 2008-06-15 02:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-05-21 21:27 . 2008-06-20 23:01 -------- d-----w- c:\program files\SpywareGuard
2009-05-21 15:33 . 2009-02-20 19:41 410984 ----a-w- c:\windows\system32\deploytk.dll
2009-05-17 03:11 . 2008-06-23 18:42 168208 ----a-w- c:\windows\system32\guard32.dll
2009-05-17 03:11 . 2008-06-23 18:42 82080 ----a-w- c:\windows\system32\drivers\inspect.sys
2009-05-17 03:11 . 2008-06-23 18:42 24096 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2009-05-17 03:11 . 2008-06-23 18:42 132640 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2009-05-12 19:12 . 2007-12-06 19:23 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2009-05-07 15:32 . 2003-09-19 10:29 345600 ----a-w- c:\windows\system32\localspl.dll
2009-05-03 01:23 . 2009-01-30 21:24 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-05-01 18:30 . 2009-05-01 18:30 3366912 ----a-w- c:\windows\system32\GPhotos.scr
2009-04-29 04:56 . 2006-06-23 16:33 827392 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:55 . 2004-08-04 07:56 78336 ------w- c:\windows\system32\ieencode.dll
2009-04-17 12:26 . 2003-09-19 10:29 1847168 ----a-w- c:\windows\system32\win32k.sys
2009-04-16 19:39 . 2008-04-20 15:24 1 ----a-w- c:\documents and settings\Ron\Application Data\OpenOffice.org2\user\uno_packages\cache\stamp.sys
2009-04-15 14:51 . 2004-03-06 02:16 585216 ----a-w- c:\windows\system32\rpcrt4.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-07-10_01.14.18 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-12 01:19 . 2009-07-12 01:19 16384 c:\windows\Temp\Perflib_Perfdata_450.dat
+ 2009-07-12 01:19 . 2009-07-12 01:19 16384 c:\windows\Temp\Perflib_Perfdata_37c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2009-01-02 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-28 152872]
"cdloader"="c:\documents and settings\Ron\Application Data\mjusbsp\cdloader2.exe" [2008-12-17 50520]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Google Update"="c:\documents and settings\Ron\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-01-21 133104]
"CreativeTaskScheduler"="c:\program files\Creative\Shared Files\CTSched.exe" [2006-11-17 53341]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"c:\windows\system32\V0540Ext.ax"="c:\windows\system32\V0540Ext.ax" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-06-06 155648]
"PRONoMgr.exe"="c:\program files\Intel\NCS\PROSet\PRONoMgr.exe" [2003-03-11 86016]
"PinnacleDriverCheck"="c:\windows\System32\PSDrvCheck.exe" [2003-05-28 394240]
"PCMService"="c:\program files\PowerCinema\PCMService.exe" [2003-06-24 61440]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"Secure Online Account Numbers"="c:\progra~1\Discover\SOAN\SOAN.exe" [2007-02-02 233472]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"WrtMon.exe"="c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe" [2006-09-20 20480]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-10-26 652624]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-09-14 1603152]
"IJNetworkScanUtility"="c:\program files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE" [2007-05-21 124512]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"COMODO Firewall Pro"="c:\program files\Comodo\Firewall\cfp.exe" [2009-05-17 1794320]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-07 50688]
"UpdatePPShortCut"="c:\program files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2008-02-22 222504]
"Live! Central"="c:\program files\Creative\Creative Live! Cam\Live! Central\CTLVCentral.exe" [2008-05-08 438399]
"V0540Mon.exe"="c:\windows\V0540Mon.exe" [2008-03-04 28672]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-28 1948440]
"COMODO Internet Security"="c:\program files\Comodo\Firewall\cfp.exe" [2009-05-17 1794320]
"DiscWizardMonitor.exe"="c:\program files\Seagate\DiscWizard\DiscWizardMonitor.exe" [2008-06-24 1325848]
"AcronisTimounterMonitor"="c:\program files\Seagate\DiscWizard\TimounterMonitor.exe" [2008-06-25 904768]
"Seagate Scheduler2 Service"="c:\program files\Common Files\Seagate\Schedule2\schedhlp.exe" [2008-06-24 136472]
"LiveMonitor"="c:\program files\MSI\Live Update 3\LMonitor.exe" [2009-02-24 498688]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-06-21 518488]
"Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2009-06-08 1553920]
"MaxtorOneTouch"="c:\progra~1\Maxtor\OneTouch\Utils\OneTouch.exe" [2003-05-21 45056]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-21 148888]
"Dit"="Dit.exe" - c:\windows\Dit.exe [2002-08-28 73728]
"Cmaudio"="cmicnfg.cpl" - c:\windows\CMICNFG.CPL [2003-09-13 2244608]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"VF0540Inst"="c:\windows\system32\V0540Pin.dll" [2008-06-03 40960]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]
SnagIt 8.lnk - c:\program files\TechSmith\SnagIt 8\SnagIt32.exe [2007-5-1 6395464]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-06-28 01:46 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0autocheck lsdelete\0autocheck lsdelete\0autocheck lsdelete\0autocheck lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^Ron^Start Menu^Programs^Startup^CNX Project 5.25.lnk]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HotKeysCmds"=c:\windows\system32\hkcmd.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Documents and Settings\\Ron\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"=
"c:\\Documents and Settings\\Ron\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Documents and Settings\\Ron\\Application Data\\mjusbsp\\magicJack.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [5/24/2009 9:40 AM 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [1/30/2009 5:23 PM 327688]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [1/30/2009 5:24 PM 108552]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [6/23/2008 2:42 PM 132640]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [6/23/2008 2:42 PM 24096]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [1/30/2009 5:23 PM 906520]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [1/30/2009 5:22 PM 298776]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [10/28/2008 4:42 PM 156968]
R2 SBKUPNT;SBKUPNT;c:\windows\system32\drivers\SBKUPNT.SYS [4/6/2009 9:16 PM 14976]
R2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files\Common Files\Seagate\Schedule2\schedul2.exe [6/24/2008 7:56 PM 431384]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [1/24/2009 11:20 PM 145952]
R3 PhTVTune;MEDION TV-Tuner 7133;c:\windows\system32\drivers\PhTVTune.sys [9/12/2003 7:42 AM 24704]
R3 RLDesignVirtualAudioCableWdm;Live! Cam Virtual;c:\windows\system32\drivers\livecamv.sys [1/24/2009 11:24 PM 31616]
R3 wlags48d;Agere Wireless PCCard Service;c:\windows\system32\drivers\wlags48d.sys [9/12/2003 7:03 AM 153088]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [3/9/2009 3:06 PM 1003344]
S3 IIUSBISP;USB Mass Storage for USB ISP;c:\windows\system32\Drivers\iiusbisp.sys --> c:\windows\system32\Drivers\iiusbisp.sys [?]
S3 mam4410c;mam4410c;c:\windows\system32\drivers\mam4410c.sys [12/31/2007 4:38 PM 24784]
S3 mam4410m;mam4410m;c:\windows\system32\drivers\mam4410m.sys [12/31/2007 4:38 PM 25044]
S3 mam4410u;mam4410u;c:\windows\system32\drivers\mam4410u.sys [12/31/2007 4:38 PM 52309]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}]
c:\program files\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder

2009-07-06 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 13:40]

2009-06-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2008-04-27 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p officejet 6100 series5E771253C1676EBED677BF361FDFC537825E15B8201457680.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 05:52]

2009-07-12 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-06-16 02:58]

2009-07-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-871126658-2940998406-2624124909-1007Core.job
- c:\documents and settings\Ron\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-21 22:12]

2009-07-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-871126658-2940998406-2624124909-1007UA.job
- c:\documents and settings\Ron\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-01-21 22:12]

2009-07-12 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]

2009-07-12 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2008-04-21 02:41]

2009-07-02 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2008-04-21 02:41]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
Trusted Zone: com.tw\www.msi
Trusted Zone: magicjack.com\my
Trusted Zone: talk4free.com\reg
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab
FF - ProfilePath - c:\documents and settings\Ron\Application Data\Mozilla\Firefox\Profiles\2avjtyd5.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\Mozilla Firefox\extensions\browserhighlighter@ebay.com\components\Shim.dll
FF - component: c:\program files\RapidSolution\Tunebite\plugins\GeckoBased\tunebite-firefox-surf-and-catch-extension@audials.com\components\TB_WebRipFFPlugin.dll
FF - plugin: c:\documents and settings\Ron\Application Data\Mozilla\Firefox\Profiles\2avjtyd5.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000006.dll
FF - plugin: c:\documents and settings\Ron\Application Data\Mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\Ron\Local Settings\Application Data\Google\Update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\RapidSolution\Tunebite\plugins\GeckoBased\tunebite-firefox-surf-and-catch-extension@audials.com\plugins\np_TB_OgloPlugin.dll
FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-07-11 22:49
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwClose, ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-871126658-2940998406-2624124909-1007\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-871126658-2940998406-2624124909-1007\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*}*d*#\OpenWithList]
@Class="Shell"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(772)
c:\windows\system32\guard32.dll
c:\windows\system32\relog_ap.dll
.
Completion time: 2009-07-12 22:53
ComboFix-quarantined-files.txt 2009-07-12 02:53
ComboFix2.txt 2009-07-10 01:17
ComboFix3.txt 2008-06-20 14:00

Pre-Run: 76,919,037,952 bytes free
Post-Run: 76,955,381,760 bytes free

305 --- E O F --- 2009-07-10 18:25
TrnDrvr is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-12-2009, 03:24 AM   #13 (permalink)
Moderator, Analyst, Security Team
 
TheBruce1's Avatar
 
Join Date: Oct 2006
Location: Důn Čideann,Scotland.
Posts: 5,092
OS: XP


Re: Searh Engine Redirects, and More
Hello again

If there are no further issues, continue below.

=======

Delete DDS from your desktop, you can keep ATF-Cleaner if you wish...otherwise delete from desktop.

========

Well done, your logs are clean.

Click start>run>type(or copy/paste command into run box):

ComboFix /u

Click ok.

=========

Clear IE7 cookies

*On the Internet Explorer 7 Tools menu, click Internet Options. The Internet Options box should open to the General tab.
*On the General tab, in the Browsing History, click the Delete button. This will delete all the files that are currently stored in your cache [that includes cookies too].
*Click OK, and then click OK again.


Clear Firefox cookies/cache

• Select "Tools"
• Select "Options".
• Select "Privacy".
• In "Settings" window put the check mark for Cookies,Cache,Browsing history and any others you want.
• Click OK.
• In Private area click "Clear Now".

-------------------------------------------------------------------------------------------

MICROSOFT UPDATES

1.Click Start,Run, type sysdm.cpl, and then press OK.
2.Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended).

Microsoft updates are released every second Tuesday of each month,what is called "Patch Tuesday".

------------------------------------------------------------------------------------------

Useful Information and Programs to keep you safe.

WOT Free helps you avoid disingenuous Internet content by allowing you to learn from others' experiences. WOT shows you website reputations on your browser, telling you how much other users trust a website. This helps you make better decisions while browsing and avoid phishing, malware, and other types of fraud. Reputations can also be added to web search results, Gmail, Wikipedia, and other selected sites.

WOT reputations are computed mainly from user testimonies. Sharing your knowledge with others is just a click away, without ever having to leave the site. We also collect data from hundreds of other sources (including PhishTank) to quickly warn you of emerging threats. Currently, WOT knows over 12 million websites.


For Internet Explorer users:
WOT for IE

--------------------------------------------------------------------------------------

Alternate Browsers
Try the following free alternate browsers rather than Internet Explorer
Avant
Firefox
Opera
K-Meleon

------------------------------------------------------------------------------------------

Free Antispyware Products
SuperAntiSpyware
Malwarebytes ' Anti-Malware

SpywareBlaster to help prevent spyware from installing in the first place.
  • Install & update SpywareBlaster with the latest definitions.
    After you have updated, click the button - enable protection for all unprotected items

------------------------------------------------------------------

The MVPS Hosts file replaces your current HOSTS file with one that will restrict known ad sites from serving you unsolicited advertisements. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is the IP of your local computer. Note that if you use a company provided HOSTS file you should not use the MVPS HOSTS file.

If your having trouble downloading & extracting,see link below for guidance:
http://www.mvps.org/winhelp2002/hosts2.htm

Once you have extracted the host file,double click on it and a new window will open.

Double-click on mvps.batand follow the prompts

---------------------------------------------------------------

Winpatrol - Download and install the free version of Winpatrol. A tutorial for this product is located here:
Using Winpatrol to protect your computer.

----------------------------------------

SnoopFree is a programme that informs you when another programme is wanting to log your keystrokes or read your screen.Only for XP users.

Update all these programs regularly. Without regular updates you will not be protected when new malicious programs are released.

==============================================

Secunia PSI is a programme that will alert you to vulnerabilities and outdated programs you have installed, such as Java, Flash Player and many more.

It can also alert you if you have not installed the latest patches from Microsoft.

==============================================

Also, please take a look at this well written article:

PC Safety and Security--What Do I Need?

**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.

Please reply to this thread once more, as we may mark this as resolved, thanks.
__________________
Member of ASAP since 2007
Member of UNITE since 2008

**Notice to BT customers**
BT to dump Phorm, see Here for more information. No DPI

If we have helped you in anyway, please consider Donating
TheBruce1 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-12-2009, 07:58 AM   #14 (permalink)
Registered User
 
Join Date: Jul 2009
Posts: 22
OS: xp sp3


Re: Searh Engine Redirects, and More
Hello TheBruce1 and thanks,

All the issues seem to have been cleared except for the problem that started the first time I used Run.bat to open GMER. The computer shut down during the scan and since then it takes 10 minutes or longer on the splash screen before the computer will continue with the start up of XP. Is there something I could do to eliminate this long delay?

I have not deleted or cleared any files yet, waiting for your reply. Thanks again.
TrnDrvr is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-12-2009, 09:01 AM   #15 (permalink)
Moderator, Analyst, Security Team
 
TheBruce1's Avatar
 
Join Date: Oct 2006
Location: Důn Čideann,Scotland.
Posts: 5,092
OS: XP


Re: Searh Engine Redirects, and More
Hi

You can delete the run.bat, also if GMER is still present, then we can uninstall that as well.

Click Start>Run and type or copy/paste the following command then hit enter to uninstall gmer.

%systemroot%\gmer_uninstall.cmd

=======

Remove all the tools we have used, reboot a couple of times and see if the slow boot-up persists.
__________________
Member of ASAP since 2007
Member of UNITE since 2008

**Notice to BT customers**
BT to dump Phorm, see Here for more information. No DPI

If we have helped you in anyway, please consider Donating
TheBruce1 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-12-2009, 11:42 AM   #16 (permalink)
Registered User
 
Join Date: Jul 2009
Posts: 22
OS: xp sp3


Re: Searh Engine Redirects, and More
Hi!

I clicked Start>Run and typed in "%systemroot%\gmer_uninstall.cmd" and got a message that said "Windows cannot find 'C:\WINDOWS\gmer_uninstall.cmd'. I did a search for the file "gmer_uninstall.cmd" But could not find the file.

Cookies and cache were cleared on both browsers.
TrnDrvr is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-12-2009, 01:58 PM   #17 (permalink)
Moderator, Analyst, Security Team
 
TheBruce1's Avatar
 
Join Date: Oct 2006
Location: Důn Čideann,Scotland.
Posts: 5,092
OS: XP


Re: Searh Engine Redirects, and More
Hello again

Quote:
I clicked Start>Run and typed in "%systemroot%\gmer_uninstall.cmd" and got a message that said "Windows cannot find 'C:\WINDOWS\gmer_uninstall.cmd'. I did a search for the file "gmer_uninstall.cmd" But could not find the file.
That`s fine. Is the system booting up any faster?
__________________
Member of ASAP since 2007
Member of UNITE since 2008

**Notice to BT customers**
BT to dump Phorm, see Here for more information. No DPI

If we have helped you in anyway, please consider Donating
TheBruce1 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-12-2009, 03:55 PM   #18 (permalink)
Registered User
 
Join Date: Jul 2009
Posts: 22
OS: xp sp3


Re: Searh Engine Redirects, and More
After a couple restarts, it still lingers on the splash screen for 10 to 15 minutes before beginning to boot Windows.
TrnDrvr is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-12-2009, 04:56 PM   #19 (permalink)
Moderator, Analyst, Security Team
 
TheBruce1's Avatar
 
Join Date: Oct 2006
Location: Důn Čideann,Scotland.
Posts: 5,092
OS: XP


Re: Searh Engine Redirects, and More
Hello again

Slow boot up could be caused by many things, such as software/hardware problems, malware related or not enough RAM, certainly could be an issues since most versions of XP had only 256 or 512MB of RAM, when in reality you need at least 1GB of RAM.

To check how much RAM you have installed, right-click on My Computer> Select Properties>General Tab.

Post that info in your reply along with a fresh DDS.txt
__________________
Member of ASAP since 2007
Member of UNITE since 2008

**Notice to BT customers**
BT to dump Phorm, see Here for more information. No DPI

If we have helped you in anyway, please consider Donating
TheBruce1 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 07-12-2009, 07:32 PM   #20 (permalink)
Registered User
 
Join Date: Jul 2009
Posts: 22
OS: xp sp3


Re: Searh Engine Redirects, and More
I know that there is 4GB RAM installed. The general tab says 3.61 GB RAM.

DDS.txt follows:


DDS (Ver_09-06-26.01) - NTFSx86
Run by Ron at 21:25:47.23 on Sun 07/12/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.3703.2728 [GMT -4:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Comodo\Firewall\cmdagent.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\WINDOWS\system32\UTSCSI.EXE
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\Dit.exe
C:\Program Files\PowerCinema\PCMService.exe
C:\WINDOWS\DitExp.exe
C:\PROGRA~1\Discover\SOAN\SOAN.exe
C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtProc.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Comodo\Firewall\cfp.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\V0540Mon.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
C:\Program Files\MSI\Live Update 3\LMonitor.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Creative\Shared Files\CTSched.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe
C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Ron\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/ig
uDefault_Search_URL = hxxp://www.google.com/ie
uInternet Settings,ProxyServer = 168.94.74.68:8080
uInternet Settings,ProxyOverride = *.local;<local>
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 8\SnagItBHO.dll
BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: SpywareGuardDLBLOCK.CBrowserHelper: {4a368e80-174f-4872-96b5-0b27ddd11db2} - c:\program files\spywareguard\dlprotect.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: DeskshopBrowserHelper Class: {8db3d69d-da5e-4165-b781-72a761790672} - c:\windows\system32\BhoDshop.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Tunebite_WebRipPlugin Class: {aa102584-3b97-47e7-b9bc-75d54c110a7d} - c:\program files\rapidsolution\tunebite\plugins\ie\TB_WebRipIePlugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 8\SnagItIEAddin.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [cdloader] "c:\documents and settings\ron\application data\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Google Update] "c:\documents and settings\ron\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [CreativeTaskScheduler] "c:\program files\creative\shared files\CTSched.exe" /logon
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [PRONoMgr.exe] c:\program files\intel\ncs\proset\PRONoMgr.exe
mRun: [Dit] Dit.exe
mRun: [PinnacleDriverCheck] c:\windows\system32\PSDrvCheck.exe
mRun: [PCMService] "c:\program files\powercinema\PCMService.exe"
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [Secure Online Account Numbers] c:\progra~1\discover\soan\SOAN.exe /dontopenmycards
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4\OpwareSE4.exe"
mRun: [WrtMon.exe] c:\windows\system32\spool\drivers\w32x86\3\WrtMon.exe
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [IJNetworkScanUtility] c:\program files\canon\canon ij network scan utility\CNMNSUT.EXE
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [COMODO Firewall Pro] "c:\program files\comodo\firewall\cfp.exe" -h
mRun: [Microsoft Works Update Detection] c:\program files\common files\microsoft shared\works shared\WkUFind.exe
mRun: [UpdatePPShortCut] "c:\program files\cyberlink\powerproducer\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerproducer" update "software\cyberlink\powerproducer\5.0"
mRun: [Live! Central] "c:\program files\creative\creative live! cam\live! central\CTLVCentral.exe" /mode2
mRun: [c:\windows\system32\v0540ext.ax] c:\windows\system32\regsvr32.exe /s c:\windows\system32\V0540Ext.ax
mRun: [V0540Mon.exe] c:\windows\V0540Mon.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [DiscWizardMonitor.exe] c:\program files\seagate\discwizard\DiscWizardMonitor.exe
mRun: [AcronisTimounterMonitor] c:\program files\seagate\discwizard\TimounterMonitor.exe
mRun: [Seagate Scheduler2 Service] "c:\program files\common files\seagate\schedule2\schedhlp.exe"
mRun: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
mRun: [LiveMonitor] c:\program files\msi\live update 3\LMonitor.exe
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [Verizon_McciTrayApp] "c:\program files\verizon\McciTrayApp.exe"
mRun: [MaxtorOneTouch] c:\progra~1\maxtor\onetouch\utils\OneTouch.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [COMODO Internet Security] "c:\program files\comodo\firewall\cfp.exe" -h
dRunOnce: [VF0540Inst] RunDll32.exe c:\windows\system32\V0540Pin.dll,RunDLL32EP 515
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpoddt~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\snagit~1.lnk - c:\program files\techsmith\snagit 8\SnagIt32.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {F74E75A5-96BF-40ef-A1C8-88EAEBB82AB6} - c:\progra~1\discover\soan\SOAN.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: com.tw\asia.msi
Trusted Zone: com.tw\global.msi
Trusted Zone: com.tw\www.msi
Trusted Zone: magicjack.com\my
Trusted Zone: talk4free.com\reg
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {54BE6B6F-3056-470B-97E1-BB92E051B6C4} - hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://www.creative.com/softwareupdate/su/ocx/15101/CTSUEng.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1214313908296
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} - hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37882.3912152778
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/softwareupdate/su/ocx/15106/CTPID.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxsrvc.dll
AppInit_DLLs: c:\windows\system32\guard32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SpywareGuard.Handler: {81559c35-8464-49f7-bb0e-07a383bef910} - c:\program files\spywareguard\spywareguard.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
LSA: Authentication Packages = msv1_0 relog_ap

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\ron\applic~1\mozilla\firefox\profiles\2avjtyd5.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\mozilla firefox\extensions\browserhighlighter@ebay.com\components\Shim.dll
FF - component: c:\program files\rapidsolution\tunebite\plugins\geckobased\tunebite-firefox-surf-and-catch-extension@audials.com\components\TB_WebRipFFPlugin.dll
FF - plugin: c:\documents and settings\ron\application data\mozilla\firefox\profiles\2avjtyd5.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071303000006.dll
FF - plugin: c:\documents and settings\ron\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\ron\local settings\application data\google\update\1.2.183.7\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\rapidsolution\tunebite\plugins\geckobased\tunebite-firefox-surf-and-catch-extension@audials.com\plugins\np_TB_OgloPlugin.dll
FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-5-24 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-1-30 327688]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-1-30 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-1-30 108552]
R1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2008-6-23 132040]
R1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2008-6-23 25160]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-6-23 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-6-23 72944]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-1-30 906520]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-1-30 298776]
R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\firewall\cmdagent.exe [2008-6-23 707152]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2008-10-28 156968]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 1029456]
R2 SBKUPNT;SBKUPNT;c:\windows\system32\drivers\SBKUPNT.SYS [2009-4-6 14976]
R2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files\common files\seagate\schedule2\schedul2.exe [2008-6-24 431384]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R2 YahooAUService;Yahoo! Updater;c:\program files\yahoo!\softwareupdate\YahooAUService.exe [2008-11-9 602392]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2009-1-24 145952]
R3 PhTVTune;MEDION TV-Tuner 7133;c:\windows\system32\drivers\PhTVTune.sys [2003-9-12 24704]
R3 RLDesignVirtualAudioCableWdm;Live! Cam Virtual;c:\windows\system32\drivers\livecamv.sys [2009-1-24 31616]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-6-23 7408]
R3 wlags48d;Agere Wireless PCCard Service;c:\windows\system32\drivers\wlags48d.sys [2003-9-12 153088]
S3 IIUSBISP;USB Mass Storage for USB ISP;c:\windows\system32\drivers\iiusbisp.sys --> c:\windows\system32\drivers\iiusbisp.sys [?]
S3 mam4410c;mam4410c;c:\windows\system32\drivers\mam4410c.sys [2007-12-31 24784]
S3 mam4410m;mam4410m;c:\windows\system32\drivers\mam4410m.sys [2007-12-31 25044]
S3 mam4410u;mam4410u;c:\windows\system32\drivers\mam4410u.sys [2007-12-31 52309]

============== File Associations ===============

txtfile=c:\windows\NOTEPAD.EXE %1

=============== Created Last 30 ================

2009-07-12 13:45 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-07-12 13:26 <DIR> --ds---- C:\Combo-Fix
2009-07-09 21:14 <DIR> -cd----- c:\windows\system32\dllcache\cache
2009-07-09 20:38 <DIR> a-dshr-- C:\cmdcons
2009-07-03 11:37 <DIR> --d-h--- c:\windows\PIF
2009-07-02 15:41 <DIR> --d----- c:\program files\PixiePack Codec Pack
2009-07-02 15:39 <DIR> --d----- c:\program files\RapidSolution
2009-07-02 15:39 <DIR> --d----- c:\docume~1\alluse~1\applic~1\RapidSolution
2009-07-02 15:01 <DIR> --d----- c:\program files\DigitalHQ

==================== Find3M ====================

2009-07-12 13:12 179,792 a------- c:\windows\system32\guard32.dll
2009-07-12 13:12 132,040 a------- c:\windows\system32\drivers\cmdguard.sys
2009-07-12 13:12 25,160 a------- c:\windows\system32\drivers\cmdhlp.sys
2009-07-09 09:50 90,112 a------- c:\windows\DUMP561e.tmp
2009-06-30 12:25 3,488 a------- c:\docume~1\ron\applic~1\wklnhst.dat
2009-06-27 21:46 327,688 a------- c:\windows\system32\drivers\avgldx86.sys
2009-06-27 21:46 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-06-09 18:15 37,664 a------- c:\windows\system32\drivers\tbhsd.sys
2009-05-25 00:24 350,208 a------- c:\windows\system32\mssph.dll
2009-05-24 09:40 15,688 a------- c:\windows\system32\lsdelete.exe
2009-05-24 09:39 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-05-21 11:33 410,984 a------- c:\windows\system32\deploytk.dll
2009-05-12 15:12 26,144 a------- c:\windows\system32\spupdsvc.exe
2009-05-07 11:32 345,600 a------- c:\windows\system32\localspl.dll
2009-05-01 14:30 3,366,912 a------- c:\windows\system32\GPhotos.scr
2009-04-29 00:56 827,392 a------- c:\windows\system32\wininet.dll
2009-04-29 00:55 78,336 -------- c:\windows\system32\ieencode.dll
2009-04-17 08:26 1,847,168 a------- c:\windows\system32\win32k.sys
2009-04-15 10:51 585,216 a------- c:\windows\system32\rpcrt4.dll
2008-01-03 14:51 12 a------- c:\documents and settings\ron\bitpim.dat
2008-05-18 12:25 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008051820080519\index.dat

============= FINISH: 21:27:09.15 ===============
TrnDrvr is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
 
Page 1 of 3 1 23

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 05:02 AM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85