HELP! Malware: Defenses will not run, unwanted program, web redirection [Archive]

View Full Version : HELP! Malware: Defenses will not run, unwanted program, web redirection

Emailthezac

2009-12-09, 08:18

Hi. I am running Windows Vista. My problems started off w/ google constantly redirecting me. Today it all of a sudden progressed to the point where my comps nearly unusable.
Symptons: my antivirus programs (McAfee and Malwarebytes) will not run at all, certain widows controls will not function (can't open 'change startup programs', Web is almost unusable due to popups and redirection, and Spybot will not fix the problems it detects (Fraud.WindowsProtectionSuite and Microsoft.Windows.RedirectedHosts) due to
Unexpected error in fixing problems (Cannot create file "C:\Windows\System32\drivers\etc\hosts" Access is denied)

TeaTimer is turned off and HTJ is installed. When i ran HTJ, i got a series of warnings: write access denied to Hosts files, hosts file has invalid linebreaks, and an error #75. Heres the log I got:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:13:49 AM, on 12/9/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18828)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Windows\System32\WDBtnMgr.exe
C:\Windows\sttray.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\System32\rundll32.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com
O1 - Hosts: 74.125.45.100 urs.microsoft.com
O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com
O1 - Hosts: 93.174.89.12 google.ae
O1 - Hosts: 93.174.89.12 google.as
O1 - Hosts: 93.174.89.12 google.at
O1 - Hosts: 93.174.89.12 google.az
O1 - Hosts: 93.174.89.12 google.ba
O1 - Hosts: 93.174.89.12 google.be
O1 - Hosts: 93.174.89.12 google.bg
O1 - Hosts: 93.174.89.12 google.bs
O1 - Hosts: 93.174.89.12 google.ca
O1 - Hosts: 93.174.89.12 google.cd
O1 - Hosts: 93.174.89.12 google.com.gh
O1 - Hosts: 93.174.89.12 google.com.hk
O1 - Hosts: 93.174.89.12 google.com.jm
O1 - Hosts: 93.174.89.12 google.com.mx
O1 - Hosts: 93.174.89.12 google.com.my
O1 - Hosts: 93.174.89.12 google.com.na
O1 - Hosts: 93.174.89.12 google.com.nf
O1 - Hosts: 93.174.89.12 google.com.ng
O1 - Hosts: 93.174.89.12 google.ch
O1 - Hosts: 93.174.89.12 google.com.np
O1 - Hosts: 93.174.89.12 google.com.pr
O1 - Hosts: 93.174.89.12 google.com.qa
O1 - Hosts: 93.174.89.12 google.com.sg
O1 - Hosts: 93.174.89.12 google.com.tj
O1 - Hosts: 93.174.89.12 google.com.tw
O1 - Hosts: 93.174.89.12 google.dj
O1 - Hosts: 93.174.89.12 google.de
O1 - Hosts: 93.174.89.12 google.dk
O1 - Hosts: 93.174.89.12 google.dm
O1 - Hosts: 93.174.89.12 google.ee
O1 - Hosts: 93.174.89.12 google.fi
O1 - Hosts: 93.174.89.12 google.fm
O1 - Hosts: 93.174.89.12 google.fr
O1 - Hosts: 93.174.89.12 google.ge
O1 - Hosts: 93.174.89.12 google.gg
O1 - Hosts: 93.174.89.12 google.gm
O1 - Hosts: 93.174.89.12 google.gr
O1 - Hosts: 93.174.89.12 google.ht
O1 - Hosts: 93.174.89.12 google.ie
O1 - Hosts: 93.174.89.12 google.im
O1 - Hosts: 93.174.89.12 google.in
O1 - Hosts: 93.174.89.12 google.it
O1 - Hosts: 93.174.89.12 google.ki
O1 - Hosts: 93.174.89.12 google.la
O1 - Hosts: 93.174.89.12 google.li
O1 - Hosts: 93.174.89.12 google.lv
O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com
O1 - Hosts: 74.125.45.100 urs.microsoft.com
O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com
O1 - Hosts: 74.125.45.100 secure-plus-payments.com
O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com
O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com
O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com
O1 - Hosts: 74.125.45.100 paysoftbillsolution.com
O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com
O1 - Hosts: 93.174.89.12 google.ae
O1 - Hosts: 93.174.89.12 google.as
O1 - Hosts: 93.174.89.12 google.at
O1 - Hosts: 93.174.89.12 google.az
O1 - Hosts: 93.174.89.12 google.ba
O1 - Hosts: 93.174.89.12 google.be
O1 - Hosts: 93.174.89.12 google.bg
O1 - Hosts: 93.174.89.12 google.bs
O1 - Hosts: 93.174.89.12 google.ca
O1 - Hosts: 93.174.89.12 google.cd
O1 - Hosts: 93.174.89.12 google.com.gh
O1 - Hosts: 93.174.89.12 google.com.hk
O1 - Hosts: 93.174.89.12 google.com.jm
O1 - Hosts: 93.174.89.12 google.com.mx
O1 - Hosts: 93.174.89.12 google.com.my
O1 - Hosts: 93.174.89.12 google.com.na
O1 - Hosts: 93.174.89.12 google.com.nf
O1 - Hosts: 93.174.89.12 google.com.ng
O1 - Hosts: 93.174.89.12 google.ch
O1 - Hosts: 93.174.89.12 google.com.np
O1 - Hosts: 93.174.89.12 google.com.pr
O1 - Hosts: 93.174.89.12 google.com.qa
O1 - Hosts: 93.174.89.12 google.com.sg
O1 - Hosts: 93.174.89.12 google.com.tj
O1 - Hosts: 93.174.89.12 google.com.tw
O1 - Hosts: 93.174.89.12 google.dj
O1 - Hosts: 93.174.89.12 google.de
O1 - Hosts: 93.174.89.12 google.dk
O1 - Hosts: 93.174.89.12 google.dm
O1 - Hosts: 93.174.89.12 google.ee
O1 - Hosts: 93.174.89.12 google.fi
O1 - Hosts: 93.174.89.12 google.fm
O1 - Hosts: 93.174.89.12 google.fr
O1 - Hosts: 93.174.89.12 google.ge
O1 - Hosts: 93.174.89.12 google.gg
O1 - Hosts: 93.174.89.12 google.gm
O1 - Hosts: 93.174.89.12 google.gr
O1 - Hosts: 93.174.89.12 google.ht
O1 - Hosts: 93.174.89.12 google.ie
O1 - Hosts: 93.174.89.12 google.im
O1 - Hosts: 93.174.89.12 google.in
O1 - Hosts: 93.174.89.12 google.it
O1 - Hosts: 93.174.89.12 google.ki
O1 - Hosts: 93.174.89.12 google.la
O1 - Hosts: 93.174.89.12 google.li
O1 - Hosts: 93.174.89.12 google.lv
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [mcagent_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Logitech . Product Registration.lnk = C:\Program Files\Logitech\QuickCam\eReg.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: QuickSet.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: *.antimalwareguard.com
O15 - Trusted Zone: *.gomyhit.com
O15 - Trusted Zone: *.antimalwareguard.com (HKLM)
O15 - Trusted Zone: *.gomyhit.com (HKLM)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: @C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 13476 bytes

shelf life

2009-12-16, 01:10

Hi Emailthezac

Your log is a few days old. If you still need help simply reply to my post.

Emailthezac

2009-12-17, 18:59

Yes I still have those issues. I turned off Teatimer and reran HJT, and heres the log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:57:04 PM, on 12/17/2009
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18865)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Windows\System32\WDBtnMgr.exe
C:\Windows\sttray.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Dell Support Center\bin\sprtcmd.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\iTunes\iTunes.exe
C:\Windows\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" /r
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: QuickSet.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - c:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\Windows\system32\CTsvcCDA.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: @C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 7583 bytes

shelf life

2009-12-18, 00:35

hi,

ok we will get a download to use. Its called Combofix. There is a guide to read first. Read through the guide, download combofix to your desktop but before you save it rename it to combofix1.exe then save it to your desktop.
Disable any antivirus or anti-malware that is running including tea timer, double click the icon on your desktop and follow the prompts.

Guide to using Combofix (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)

Emailthezac

2009-12-18, 13:36

did you want me to post some log or something?

shelf life

2009-12-19, 00:53

yes, post the log that combofix generates.

Emailthezac

2009-12-25, 20:14

ComboFix 09-12-09.04 - Zac 12/10/2009 11:31:21.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2045.1163 [GMT -5:00]
Running from: c:\users\Zac\Downloads\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1400113804-1914402855-3429530994-500
c:\$recycle.bin\S-1-5-21-1651226910-2883510403-930599010-500
c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\program files\Mozilla Firefox\searchplugins\search.xml
c:\program files\WinPCap
c:\program files\WinPCap\rpcapd.exe
c:\users\Zac\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
c:\users\Zac\AppData\Roaming\System Defender
c:\users\Zac\AppData\Roaming\System Defender\cookies.sqlite
c:\users\Zac\AppData\Roaming\System Defender\Instructions.ini
c:\windows\run.log
c:\windows\system32\drivers\npf.sys
c:\windows\system32\net.net
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\wpcap.dll
c:\windows\system32\ykda.sxo
F:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF
-------\Service_npf

((((((((((((((((((((((((( Files Created from 2009-11-10 to 2009-12-10 )))))))))))))))))))))))))))))))
.

2009-12-10 16:40 . 2009-12-10 16:43 -------- d-----w- c:\users\Zac\AppData\Local\temp
2009-12-10 16:40 . 2009-12-10 16:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-12-09 08:02 . 2009-11-09 12:31 24064 ----a-w- c:\windows\system32\nshhttp.dll
2009-12-09 08:02 . 2009-11-09 12:30 30720 ----a-w- c:\windows\system32\httpapi.dll
2009-12-09 08:02 . 2009-11-09 10:36 411648 ----a-w- c:\windows\system32\drivers\http.sys
2009-12-09 06:42 . 2009-12-09 06:42 -------- d-----w- c:\program files\Trend Micro
2009-12-09 06:37 . 2009-12-09 06:38 -------- d-----w- c:\program files\ERUNT
2009-12-09 06:09 . 2009-12-09 06:09 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-09 03:23 . 2009-08-24 11:36 377344 ----a-w- c:\windows\system32\winhttp.dll
2009-12-09 02:54 . 2009-12-09 02:54 -------- d-sh--w- c:\programdata\WSIULFMD_APDM
2009-12-09 02:53 . 2009-12-09 07:32 -------- d-sh--w- c:\programdata\96ce4a6
2009-12-09 02:46 . 2009-10-07 11:36 243712 ----a-w- c:\windows\system32\rastls.dll
2009-12-08 07:34 . 2009-12-08 07:34 -------- d-----w- c:\users\Zac\AppData\Local\Apps
2009-12-03 06:27 . 2009-12-03 06:52 -------- d-----w- c:\programdata\92118122
2009-11-25 04:56 . 2009-10-29 09:17 2048 ----a-w- c:\windows\system32\tzres.dll
2009-11-25 04:37 . 2009-08-11 16:44 1401856 ----a-w- c:\windows\system32\msxml6.dll
2009-11-25 04:37 . 2009-08-11 16:44 1248768 ----a-w- c:\windows\system32\msxml3.dll
2009-11-17 14:34 . 2009-11-17 14:34 -------- d-----w- c:\program files\Windows Portable Devices
2009-11-17 13:44 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2009-11-17 13:44 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2009-11-17 13:44 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2009-11-17 13:44 . 2009-09-25 01:33 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2009-11-17 13:44 . 2009-09-24 22:54 258048 ----a-w- c:\windows\system32\winspool.drv
2009-11-17 13:41 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2009-11-17 13:41 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-11-17 13:41 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2009-11-15 02:29 . 2009-11-15 02:29 -------- d-----w- c:\users\Zac\AppData\Roaming\dvdcss
2009-11-13 16:43 . 2009-11-14 01:14 -------- d-----w- c:\users\Zac\AppData\Local\Audible
2009-11-13 15:55 . 2009-11-13 16:00 -------- d-----w- c:\program files\Audible
2009-11-11 10:19 . 2009-08-14 13:27 2036736 ----a-w- c:\windows\system32\win32k.sys
2009-11-11 10:19 . 2009-08-10 12:35 355328 ----a-w- c:\windows\system32\WSDApi.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-10 16:40 . 2007-03-12 11:51 1076 ----a-w- c:\windows\bthservsdp.dat
2009-12-10 10:58 . 2009-04-01 19:39 58813 ----a-w- c:\users\Zac\AppData\Roaming\nvModes.dat
2009-12-10 09:41 . 2009-04-03 05:53 -------- d-----w- c:\users\Zac\AppData\Roaming\uTorrent
2009-12-10 06:49 . 2007-03-12 11:51 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2009-12-09 10:13 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2009-12-09 08:02 . 2007-03-12 12:25 -------- d-----w- c:\programdata\Microsoft Help
2009-12-09 03:38 . 2009-12-09 02:56 37 ----a-w- c:\users\Zac\AppData\Roaming\Microsoft\Windows\Recent\tjd.sys
2009-12-09 03:28 . 2009-12-09 02:56 74 ----a-w- c:\users\Zac\AppData\Roaming\Microsoft\Windows\Recent\energy.drv
2009-12-09 02:56 . 2009-12-09 02:56 68 ----a-w- c:\users\Zac\AppData\Roaming\Microsoft\Windows\Recent\ppal.exe
2009-12-09 02:56 . 2009-12-09 02:56 75 ----a-w- c:\users\Zac\AppData\Roaming\Microsoft\Windows\Recent\kernel32.drv
2009-12-09 02:56 . 2009-12-09 02:56 75 ----a-w- c:\users\Zac\AppData\Roaming\Microsoft\Windows\Recent\DBOLE.sys
2009-12-09 02:56 . 2009-12-09 02:56 46 ----a-w- c:\users\Zac\AppData\Roaming\Microsoft\Windows\Recent\tjd.drv
2009-12-09 02:56 . 2009-12-09 02:56 37 ----a-w- c:\users\Zac\AppData\Roaming\Microsoft\Windows\Recent\exec.exe
2009-12-09 02:56 . 2009-12-09 02:56 70 ----a-w- c:\users\Zac\AppData\Roaming\Microsoft\Windows\Recent\ddv.dll
2009-12-09 02:56 . 2009-12-09 02:56 16 ----a-w- c:\users\Zac\AppData\Roaming\Microsoft\Windows\Recent\PE.dll
2009-12-09 02:56 . 2009-12-09 02:56 2 ----a-w- c:\users\Zac\AppData\Roaming\Microsoft\Windows\Recent\kernel32.sys
2009-12-09 02:55 . 2009-12-09 02:55 53 ----a-w- c:\users\Zac\AppData\Roaming\Microsoft\Windows\Recent\ANTIGEN.sys
2009-12-09 02:55 . 2009-12-09 02:55 61 ----a-w- c:\users\Zac\AppData\Roaming\Microsoft\Windows\Recent\pal.sys
2009-12-09 02:55 . 2009-12-09 02:55 7 ----a-w- c:\users\Zac\AppData\Roaming\Microsoft\Windows\Recent\gid.sys
2009-12-09 02:55 . 2009-12-09 02:55 53 ----a-w- c:\users\Zac\AppData\Roaming\Microsoft\Windows\Recent\snl2w.dll
2009-12-09 02:55 . 2009-12-09 02:55 46 ----a-w- c:\users\Zac\AppData\Roaming\Microsoft\Windows\Recent\ddv.drv
2009-12-09 02:55 . 2009-12-09 02:55 32 ----a-w- c:\users\Zac\AppData\Roaming\Microsoft\Windows\Recent\PE.drv
2009-12-09 02:55 . 2009-12-09 02:55 29 ----a-w- c:\users\Zac\AppData\Roaming\Microsoft\Windows\Recent\SM.dll
2009-12-08 05:55 . 2009-04-07 04:29 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-12-07 10:03 . 2009-09-11 06:07 -------- d-----w- c:\users\Zac\AppData\Roaming\vlc
2009-12-03 03:43 . 2007-03-12 12:01 413696 ----a-w- c:\windows\system32\wrap_oal.dll
2009-12-03 03:43 . 2007-03-12 12:01 110592 ----a-w- c:\windows\system32\OpenAL32.dll
2009-12-03 03:41 . 2009-11-07 04:12 -------- d-----w- c:\program files\Winamp
2009-11-24 03:07 . 2009-04-02 14:19 -------- d-----w- c:\programdata\Apple
2009-11-21 06:40 . 2009-12-09 06:15 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-21 06:34 . 2009-12-09 06:15 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-11-21 06:34 . 2009-12-09 06:15 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-11-21 06:13 . 2009-04-03 06:14 -------- d-----w- c:\program files\DivX
2009-11-21 04:59 . 2009-12-09 06:15 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-11-21 02:47 . 2009-08-05 03:07 -------- d-----w- c:\program files\DOSBox-0.72
2009-11-20 03:07 . 2007-03-12 12:28 -------- d-----w- c:\program files\McAfee
2009-11-17 14:34 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-17 14:26 . 2009-11-17 14:26 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2009-11-17 14:26 . 2009-11-17 14:26 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-11-10 22:56 . 2009-04-09 00:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-10 17:06 . 2009-11-10 17:06 4045527 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-11-09 02:29 . 2009-11-09 02:29 -------- d-----w- c:\program files\AviSynth 2.5
2009-11-09 02:28 . 2009-11-09 02:28 -------- d-----w- c:\program files\eRightSoft
2009-11-09 01:30 . 2009-11-08 23:47 -------- d-----w- c:\users\Zac\AppData\Roaming\AVS4YOU
2009-11-09 00:51 . 2009-11-09 00:51 -------- d-----w- c:\program files\DVD Decrypter
2009-11-09 00:36 . 2009-10-21 08:31 1356 ----a-w- c:\users\Zac\AppData\Local\d3d9caps.dat
2009-11-09 00:22 . 2009-11-08 22:44 -------- d-----w- c:\program files\SlySoft
2009-11-09 00:13 . 2009-11-08 22:48 -------- d-----w- c:\programdata\SlySoft
2009-11-08 23:47 . 2009-11-08 23:39 -------- d-----w- c:\program files\AVS4YOU
2009-11-08 23:42 . 2009-11-08 23:42 -------- d-----w- c:\programdata\AVS4YOU
2009-11-08 23:40 . 2009-11-08 23:39 -------- d-----w- c:\program files\Common Files\AVSMedia
2009-11-08 23:02 . 2009-11-08 22:45 72 --sha-w- c:\windows\S82116056.tmp
2009-11-08 22:34 . 2009-11-08 22:34 -------- d-----w- c:\users\Zac\AppData\Roaming\Roxio
2009-11-07 04:19 . 2009-11-07 04:12 -------- d-----w- c:\users\Zac\AppData\Roaming\Winamp
2009-11-04 02:44 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Sidebar
2009-11-04 02:44 . 2009-11-04 02:44 -------- d-----w- c:\program files\TuneUp Utilities 2010
2009-11-04 02:38 . 2009-04-04 05:30 -------- d-----w- c:\program files\TuneUp Utilities 2009
2009-11-04 02:35 . 2009-04-04 05:30 -------- d-----w- c:\programdata\TuneUp Software
2009-11-04 02:24 . 2009-11-04 02:24 -------- d-sh--w- c:\programdata\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}
2009-11-03 03:23 . 2009-12-09 02:54 457688 ------w- c:\programdata\96ce4a6\sqlite3.dll
2009-11-03 03:23 . 2009-12-09 02:54 722392 ------w- c:\programdata\96ce4a6\mozcrt19.dll
2009-11-03 01:42 . 2009-10-05 03:11 195456 ------w- c:\windows\system32\MpSigStub.exe
2009-10-30 20:08 . 2009-11-04 02:44 29512 ----a-w- c:\windows\system32\TURegOpt.exe
2009-10-30 20:01 . 2009-11-04 02:44 21320 ----a-w- c:\windows\system32\authuitu.dll
2009-10-30 20:01 . 2009-11-04 02:44 30024 ----a-w- c:\windows\system32\uxtuneup.dll
2009-10-24 22:18 . 2009-10-24 22:18 -------- d-----w- c:\users\Zac\AppData\Roaming\MP3toiPodAudioBookConverter
2009-10-24 22:16 . 2009-10-24 22:15 -------- d-----w- c:\program files\MP3ToIpodAudioBookConverter
2009-10-22 22:01 . 2009-10-22 22:01 -------- d-----w- c:\programdata\Citrix
2009-10-22 22:01 . 2009-10-22 22:01 -------- d-----w- c:\program files\Citrix
2009-10-22 22:00 . 2009-10-22 22:00 61224 ----a-w- c:\users\Zac\GoToAssistDownloadHelper.exe
2009-10-22 21:29 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-10-22 21:29 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Collaboration
2009-10-22 21:29 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Journal
2009-10-22 21:29 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Photo Gallery
2009-10-22 21:29 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Defender
2009-10-21 02:13 . 2009-10-21 02:11 -------- d-----w- c:\program files\iTunes
2009-10-21 02:12 . 2009-10-21 02:12 -------- d-----w- c:\program files\iPod
2009-10-21 02:12 . 2009-04-02 14:19 -------- d-----w- c:\program files\Common Files\Apple
2009-10-15 00:42 . 2007-03-12 12:34 -------- d-----w- c:\programdata\Dell
2009-10-02 00:27 . 2009-10-02 00:26 923680 ----a-w- c:\users\Zac\av3-1-0-setup.exe
2009-10-01 01:02 . 2009-11-17 13:43 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2009-10-01 01:02 . 2009-11-17 13:43 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2009-10-01 01:02 . 2009-11-17 13:43 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-10-01 01:02 . 2009-11-17 13:43 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2009-10-01 01:02 . 2009-11-17 13:43 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2009-10-01 01:01 . 2009-11-17 13:43 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2009-10-01 01:01 . 2009-11-17 13:43 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-10-01 01:01 . 2009-11-17 13:43 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2009-10-01 01:01 . 2009-11-17 13:43 350208 ----a-w- c:\windows\system32\WPDSp.dll
2009-10-01 01:01 . 2009-11-17 13:43 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2009-10-01 01:01 . 2009-11-17 13:43 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2009-10-01 01:01 . 2009-11-17 13:43 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2009-10-01 01:01 . 2009-11-17 13:43 40448 ----a-w- c:\windows\system32\drivers\WpdUsb.sys
2009-10-01 01:01 . 2009-11-17 13:43 226816 ----a-w- c:\windows\system32\WpdMtp.dll
2009-10-01 01:01 . 2009-11-17 13:43 61952 ----a-w- c:\windows\system32\WpdMtpUS.dll
2009-10-01 01:01 . 2009-11-17 13:43 33280 ----a-w- c:\windows\system32\WpdConns.dll
2009-09-25 02:10 . 2009-11-17 13:43 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2009-09-25 02:07 . 2009-11-17 13:43 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2009-09-25 02:04 . 2009-11-17 13:43 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2009-09-25 01:49 . 2009-11-17 13:43 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2006-05-03 10:06 . 2009-11-09 02:29 163328 --sh--r- c:\windows\System32\flvDX.dll
2007-02-21 11:47 . 2009-11-09 02:29 31232 --sh--r- c:\windows\System32\msfDX.dll
2007-12-17 13:43 . 2009-11-09 02:29 27648 --sh--w- c:\windows\System32\Smab0.dll
2008-02-04 19:26 . 2009-11-09 02:29 151040 --sh--w- c:\windows\System32\VistaUltm.dll
2007-03-12 19:45 . 2007-03-12 19:45 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

------- Sigcheck -------

[-] 2009-04-11 06:32 . 0E2550CDAAA7D55548453339F4EECC69 . 19944 . . [------] . . c:\windows\System32\drivers\atapi.sys
[7] 2009-04-11 . 1F05B78AB91C9075565A9D8A4B880BC4 . 19944 . . [6.0.6002.18005] . . c:\windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[7] 2009-04-02 . B35CFCEF838382AB6490B321C87EDF17 . 21560 . . [6.0.6000.16632] . . c:\windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys
[7] 2008-01-19 . 2D9C903DC76A66813D350A562DE40ED9 . 21560 . . [6.0.6001.18000] . . c:\windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[7] 2007-03-12 . A779CA2C76DA4FCB595E692C05E8E4EB . 19048 . . [6.0.6000.16391] . . c:\windows\System32\DriverStore\FileRepository\mshdc.inf_82339ef2\atapi.sys
[7] 2006-11-02 . 4F4FCB8B6EA06784FB6D475B7EC7300F . 19048 . . [6.0.6000.16386] . . c:\windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2006-11-12 446976]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe -hide" [X]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe -start" [X]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup" [X]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe -atboottime" [X]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-20 815104]
"VolPanel"="c:\program files\Creative\SBAudigy\Volume Panel\VolPanlu.exe" [2006-11-27 180224]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2006-12-13 90191]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-12-13 7766016]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-12-13 81920]
"WD Button Manager"="WDBtnMgr.exe" [2009-06-24 364544]
"SigmatelSysTrayApp"="sttray.exe" [2006-12-01 303104]
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-06-03 206064]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-3 703280]
QuickSet.lnk - c:\windows\Installer\{53A01CC6-14B0-4512-A2E7-10D39BF83DC4}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe [2007-3-12 45056]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"UpdReg"=c:\windows\UpdReg.EXE
"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(b):45,58,30,ae,5f,53,ca,01

S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.12.1;c:\windows\System32\drivers\libusb0.sys [4/3/2009 5:39 PM 28672]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4070312
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FF - ProfilePath - c:\users\Zac\AppData\Roaming\Mozilla\Firefox\Profiles\parjveic.default\
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava11.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava12.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava13.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava14.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjava32.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npjpi160.dll
FF - plugin: c:\program files\Java\jre1.6.0\bin\npoji610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-10 11:43
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

[0] 0x74736E6F

scanning hidden autostart entries ...

scanning hidden files ...

c:\windows\TEMP\TMP000000081780C45AD645551F

scan completed successfully
hidden files: 1

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x8542450C]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0x8339fd24
\Driver\ACPI -> acpi.sys @ 0x80691d68
\Driver\atapi -> ataport.SYS @ 0x807b4a2c
IoDeviceObjectType ->\Device\Harddisk0\DR0 ->user & kernel MBR OK

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Services\PCD5SRVC{FBEA8B78-1B22F121-05040104}]
"ImagePath"="\??\c:\progra~1\DELLSU~2\HWDiag\bin\PCD5SRVC.pkms"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aac\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flac\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.spx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="YMP.Media"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(7012)
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\windows\system32\btncopy.dll
c:\program files\Roxio\Drag-to-Disc\Shellex.dll
c:\windows\system32\DLAAPI_W.DLL
c:\windows\system32\CDRTC.DLL
c:\program files\Roxio\Drag-to-Disc\ShellRes.dll
c:\program files\WinSCP\DragExt.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
c:\windows\system32\CTsvcCDA.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\progra~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\progra~1\McAfee\VIRUSS~1\mcshield.exe
c:\program files\McAfee\MSK\MskSrver.exe
c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Spybot - Search & Destroy\SDWinSec.exe
c:\program files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\mcafee.com\agent\mcagent.exe
c:\program files\Windows Defender\MSASCui.exe
c:\program files\Common Files\InstallShield\UpdateService\issch.exe
c:\windows\System32\WDBtnMgr.exe
c:\windows\sttray.exe
c:\program files\Dell\QuickSet\quickset.exe
c:\windows\System32\rundll32.exe
c:\program files\WIDCOMM\Bluetooth Software\BtStackServer.exe
c:\progra~1\McAfee\VIRUSS~1\mcsysmon.exe
c:\progra~1\COMMON~1\mcafee\mna\mcnasvc.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\program files\McAfee\MPF\MPFSrv.exe
c:\progra~1\McAfee\MSM\McSmtFwk.exe
c:\progra~1\COMMON~1\McAfee\MSC\McUICnt.exe
.
**************************************************************************
.
Completion time: 2009-12-10 11:53:39 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-10 16:53

Pre-Run: 26,584,817,664 bytes free
Post-Run: 28,499,464,192 bytes free

- - End Of File - - 0C6D991D119B7BFB3411260606E3BFCE

shelf life

2009-12-26, 20:46

yes it has been awhile. We will get another download which you can keep and use. Link and directions:

Please download Malwarebytes (http://www.malwarebytes.org/mbam.php) to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.

Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

If an update is found, it will download and install the latest version.

Once the program has loaded, select Perform FULL SCAN, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.

Be sure that everything is checked, and click *Remove Selected.*

*A restart of your computer may be required to remove some items. If prompted please restart your computer to complete the fix.*

When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt

Post the log in your reply.

tashi

2010-01-11, 16:57

Emailthezac
This thread has been closed due to inactivity.

As it has been four days or more since your last post, and the helper assisting you posted a response to which you did not reply, your topic will not be re-opened. If you still require help, please start a new topic and include a new HijackThis log with a link to your previous thread.

Please do not add any logs that might have been requested previously, you would be starting fresh.

Applies only to the original poster, anyone else with similar problems please start your own topic.