View Full Version : Google results redirect to searchfindsite
The top 2-3 Google results sometimes redirect to searchfindsite.com
(ex: hxxp:// searchfindsite.com/6952/search.php?keyword=windows%20live&sid=b4ceb42ee9e166b0b2e3ecdaa3573dc1&cid=BPO )
I'm running Avast, MS Defender, and weekly Malwarebytes. All are clean.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:44:21 PM, on 12/29/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\MozyHome\mozybackup.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\UltraMon\UltraMon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\UltraMon\UltraMonTaskbar.exe
C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
C:\Program Files\CrossHair\CrossHair.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\vbuzzer\XYNTService.exe
C:\Program Files\vbuzzer\VbuzzerAgent.exe
C:\Program Files\Macro Express3\MacExp.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\FileBX\FileBX.exe
C:\Program Files\xkeys\MacroWorks II\MacroWorks.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\PowerDesk\NTTool.exe
C:\Program Files\PowerDesk\PDesk.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files2\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
D:\Apache\Apache\Apache.exe
D:\Apache\Apache\Apache.exe
C:\WINDOWS\system32\BRMFRSMG.EXE
C:\PROGRA~1\EDITPL~1\EDITPLUS.EXE
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www1.ca.dell.com/content/default.aspx?c=ca&l=en&s=gen
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.ca.dell.com/content/default.aspx?c=ca&l=en&s=gen
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www-secure.symantec.com/custserv/cs_register_consumer.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: (no name) - {95188727-288F-4581-A48D-EAB3BD027314} - (no file)
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [UltraMon] "C:\Program Files\UltraMon\UltraMon.exe" /auto
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKCU\..\Run: [CrossHair] C:\Program Files\CrossHair\CrossHair.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Jack\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p
O4 - Startup: 2.lnk = ?
O4 - Startup: FileBox eXtender.lnk = C:\Program Files\FileBX\FileBX.exe
O4 - Startup: MacroWorks II.lnk = C:\Program Files\xkeys\MacroWorks II\MacroWorks.exe
O4 - Startup: Shortcut to Pdesk.exe.lnk = C:\Program Files\PowerDesk\Pdesk.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Macro Express 3.lnk = C:\Program Files\Macro Express3\MacExp.exe
O8 - Extra context menu item: Add to Vbuzzer RSS list - C:\Program Files\vbuzzer\addurl.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Zend Studio - Debug current page - res://C:\Program Files2\Zend\ZendStudioClient-5.1.0\bin\ZendIEToolbar.dll/DebugCurrent.html
O8 - Extra context menu item: Zend Studio - Debug next page - res://C:\Program Files2\Zend\ZendStudioClient-5.1.0\bin\ZendIEToolbar.dll/DebugNext.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Zend Studio Toolbar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Zend Studio - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {22D4879A-92DB-470D-8A83-E158797D8176} (Liquid.LiquidHelper) - file://W:\components\Liquid.ocx
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1251316917078
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1251316889562
O18 - Protocol: intu-qt2007 - {026BF40D-BA05-467B-9F1F-AD0D7A3F5F11} - C:\Program Files\QuickTax 2007\ic2007pp.dll (file missing)
O18 - Protocol: intu-qt2008 - {05E53CE9-66C8-4A9E-A99F-FDB7A8E7B596} - C:\Program Files\QuickTax 2008\ic2008pp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O23 - Service: Apache - Unknown owner - D:\Apache\Apache\Apache.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: MozyHome Backup Service (mozybackup) - Mozy, Inc. - C:\Program Files\MozyHome\mozybackup.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: RoxMediaDB - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
O23 - Service: RoxUpnpServer - Sonic Solutions - C:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe
O23 - Service: Vbuzzer Helper Service - Unknown owner - C:\Program Files\vbuzzer\XYNTService.exe
--
End of file - 10957 bytes
Hi jkido2
Download gmer.zip (http://gmer.net/gmer.zip) and save to your desktop.
alternate download site (http://hype.free.googlepages.com/gmer.zip)
Unzip/extract the file to its own folder. (Click here (http://www.bleepingcomputer.com/tutorials/tutorial105.html) for information on how to do this if not sure. Win 2000 users click here (http://www.bleepingcomputer.com/tutorials/tutorial106.html).
When you have done this, disconnect from the Internet and close all running programs.
There is a small chance this application may crash your computer so save any work you have open.
Double-click on Gmer.exe to start the program.
Allow the gmer.sys driver to load if asked.
If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
Click on the Rootkit tab.
Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
Click on the "Scan" and wait for the scan to finish.
Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
Note: If you have any problems, try running GMER in SAFE MODE (http://www.bleepingcomputer.com/forums/tutorial61.html)"
Important! Please do not select the "Show all" checkbox during the scan..
I'm attaching it because it's huge.
Did you have "show all" unchecked?
"Show all" was NOT checked.
Most of the line entries are Comodo Internet Security files (my firewall).
Then please split it into multiple replies.
The file is 645KB and 300,000 characters. It would take 5 replies.
Is there any reason the attached zip is not sufficient?
Reason is that it can be infected in theory.
That's why I prefer copy/paste :)
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-02 17:14:24
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: e:\TEMP\pxtdapod.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xB1FC16B8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xB1FC1574]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xB1FC1A52]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xB1FC114C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xB1FC164E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xB1FC108C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xB1FC10F0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xB1FC176E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xB1FC172E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xB1FC18AE]
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!_abnormal_termination + 395 804E29F1 3 Bytes [8A, 1D, B2]
init C:\WINDOWS\system32\drivers\senfilt.sys entry point in "init" section [0xBA429F80]
.text C:\WINDOWS\system32\drivers\oreans32.sys section is writeable [0xBA77F2A0, 0x7B40, 0xE8000020]
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\TortoiseSVN\bin\TSVNCache.exe[176] kernel32.dll!OpenFile + 3 7C821995 2 Bytes [B9, 83]
.text C:\WINDOWS\system32\svchost.exe[212] kernel32.dll!OpenFile + 3 7C821995 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe[496] kernel32.dll!OpenFile + 3 7C821995 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\WINDOWS\system32\services.exe[596] kernel32.dll!OpenFile + 3 7C821995 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\WINDOWS\system32\lsass.exe[608] kernel32.dll!OpenFile + 3 7C821995 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\WINDOWS\system32\Ati2evxx.exe[756] kernel32.dll!OpenFile + 3 7C821995 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[780] KERNEL32.dll!OpenFile + 3 7C821995 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\WINDOWS\system32\svchost.exe[800] kernel32.dll!OpenFile + 3 7C821995 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text D:\Apache\Apache\Apache.exe[828] kernel32.dll!OpenFile + 3 7C821995 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\WINDOWS\system32\svchost.exe[892] kernel32.dll!OpenFile + 3 7C821995 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!OpenFile + 3 7C821995 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\Program Files\Windows Defender\MsMpEng.exe[1020] kernel32.dll!OpenFile + 3 7C821995 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\WINDOWS\system32\BRMFRSMG.EXE[1136] kernel32.dll!OpenFile + 3 7C821995 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\WINDOWS\system32\svchost.exe[1144] kernel32.dll!OpenFile + 3 7C821995 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\WINDOWS\system32\svchost.exe[1248] kernel32.dll!OpenFile + 3 7C821995 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1304] kernel32.dll!OpenFile + 3 7C821995 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1428] kernel32.dll!OpenFile + 3 7C821995 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\Program Files\Analog Devices\Core\smax4pnp.exe[1596] kernel32.dll!OpenFile + 3 7C821995 2 Bytes [B8, 83]
.text C:\WINDOWS\system32\Ati2evxx.exe[1616] kernel32.dll!OpenFile + 3 7C821995 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\Program Files\MozyHome\mozybackup.exe[1628] kernel32.dll!OpenFile + 3 7C821995 2 Bytes [B9, 83]
.text C:\Program Files\Microsoft IntelliType Pro\type32.exe[1644] kernel32.dll!OpenFile + 3 7C821995 2 Bytes [B8, 83]
.text C:\Program Files\UltraMon\UltraMon.exe[1656] kernel32.dll!OpenFile + 3 7C821995 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\WINDOWS\Explorer.EXE[1676] kernel32.dll!OpenFile + 3 7C821995 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\WINDOWS\system32\spoolsv.exe[1864] kernel32.dll!OpenFile + 3 7C821995 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text E:\!\gmer\gmer.exe[1912] kernel32.dll!OpenFile + 3 7C821995 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\Program Files\Windows Defender\MSASCui.exe[2052] kernel32.dll!OpenFile + 3 7C821995 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[2068] kernel32.dll!OpenFile + 3 7C821995 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\Program Files\ATI Technologies\ATI.ACE\cli.exe[2080] KERNEL32.dll!OpenFile + 3 7C821995 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\Program Files\UltraMon\UltraMonTaskbar.exe[2164] kernel32.dll!OpenFile + 3 7C821995 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\Program Files\Mozilla Firefox\firefox.exe[2248] kernel32.dll!OpenFile + 3 7C821995 2 Bytes [F4, 83]
.text D:\Apache\Apache\Apache.exe[2264] kernel32.dll!OpenFile + 3 7C821995 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe[2444] kernel32.dll!MoveFileWithProgressW + 4 7C81F742 1 Byte [84]
.text C:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe[2444] kernel32.dll!OpenFile + 4 7C821996 1 Byte [84]
.text C:\Program Files\CrossHair\CrossHair.exe[2448] kernel32.dll!OpenFile + 3 7C821995 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\Program Files\PowerDesk2\PDExplo.exe[2544] kernel32.dll!OpenFile + 3 7C821995 2 Bytes [1F, 84]
.text C:\Program Files\Logitech\SetPoint\SetPoint.exe[2556] kernel32.dll!OpenFile + 3 7C821995 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\Program Files\PowerDesk\PDesk.exe[2632] kernel32.dll!OpenFile + 3 7C821995 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\WINDOWS\system32\svchost.exe[2636] kernel32.dll!OpenFile + 3 7C821995 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\Program Files\PowerDesk\NTTool.exe[2648] kernel32.dll!OpenFile + 3 7C821995 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\WINDOWS\system32\wdfmgr.exe[2724] kernel32.dll!OpenFile + 3 7C821995 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\Program Files\vbuzzer\XYNTService.exe[2780] kernel32.dll!OpenFile + 3 7C821995 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\Program Files\vbuzzer\VbuzzerAgent.exe[2824] kernel32.dll!OpenFile + 3 7C821995 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\Program Files2\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe[3032] kernel32.dll!OpenFile + 3 7C821995 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\Program Files\Macro Express3\MacExp.exe[3176] kernel32.dll!OpenFile + 3 7C821995 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE[3280] kernel32.dll!OpenFile + 3 7C821995 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\Program Files\FileBX\FileBX.exe[3452] kernel32.dll!OpenFile + 3 7C821995 2 Bytes [7E, 93] {JLE 0xffffffffffffff95}
.text C:\Program Files\xkeys\MacroWorks II\MacroWorks.exe[3624] kernel32.dll!OpenFile + 3 7C821995 2 Bytes [17, 84]
---- Kernel IAT/EAT - GMER 1.0.15 ----
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\WINDOWS\system32\services.exe[596] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 005A0002
IAT C:\WINDOWS\system32\services.exe[596] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 005A0000
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \FileSystem\Ntfs \Ntfs mozy.sys (Mozy Change Monitor Filter Driver/Mozy, Inc.)
Device A mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)
Device A AFFACC8A
AttachedDevice A fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice A mozy.sys (Mozy Change Monitor Filter Driver/Mozy, Inc.)
---- EOF - GMER 1.0.15 ----
Download at your desktop DDS from one of the links below:
Link 1 (http://download.bleepingcomputer.com/sUBs/dds.scr)
Link 2 (http://www.forospyware.com/sUBs/dds)
Double click the tool to run it.
A black Screen will open, just read the contents and do nothing.
When the tool finish it will open 2 reports.
Copy/paste both reports back here and remove DDS from your desktop.
DDS (Ver_09-12-01.01) - NTFSx86
Run by Jack at 2:18:28.17 on Wed 01/13/2010
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2046.1247 [GMT -5:00]
AV: avast! antivirus 4.8.1368 [VPS 100112-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
============== Running Processes ===============
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\Program Files\Windows Defender\MsMpEng.exe
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
D:\Apache\Apache\Apache.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files2\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
D:\Apache\Apache\Apache.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\vbuzzer\XYNTService.exe
C:\Program Files\vbuzzer\VbuzzerAgent.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\UltraMon\UltraMon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\CrossHair\CrossHair.exe
C:\Program Files\UltraMon\UltraMonTaskbar.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Macro Express3\MacExp.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\FileBX\FileBX.exe
C:\Program Files\xkeys\MacroWorks II\MacroWorks.exe
C:\Program Files\PowerDesk\NTTool.exe
C:\Program Files\PowerDesk\PDesk.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Jack\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = about:blank
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://www1.ca.dell.com/content/default.aspx?c=ca&l=en&s=gen
mStart Page = hxxp://www1.ca.dell.com/content/default.aspx?c=ca&l=en&s=gen
uInternet Connection Wizard,ShellNext = https://www-secure.symantec.com/custserv/cs_register_consumer.html
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
mSearchAssistant = hxxp://www.google.com/ie
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_07\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: {95188727-288F-4581-A48D-EAB3BD027314} - No File
EB: {F60C63CE-52AF-4915-AAC9-F100FCDE270F}} - No File
uRun: [CrossHair] c:\program files\crosshair\CrossHair.exe
uRun: [Google Update] "c:\documents and settings\jack\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [type32] "c:\program files\microsoft intellitype pro\type32.exe"
mRun: [UltraMon] "c:\program files\ultramon\UltraMon.exe" /auto
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\jack\startm~1\programs\startup\2.lnk - c:\documents and settings\jack\application data\realtime soft\ultramon\profiles\2.umprofile
StartupFolder: c:\docume~1\jack\startm~1\programs\startup\filebo~1.lnk - c:\program files\filebx\FileBX.exe
StartupFolder: c:\docume~1\jack\startm~1\programs\startup\macrow~1.lnk - c:\program files\xkeys\macroworks ii\MacroWorks.exe
StartupFolder: c:\docume~1\jack\startm~1\programs\startup\shortc~1.lnk - c:\program files\powerdesk\Pdesk.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\macroe~1.lnk - c:\program files\macro express3\MacExp.exe
IE: Add to Vbuzzer RSS list - c:\program files\vbuzzer\addurl.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: Zend Studio - Debug current page - c:\program files2\zend\zendstudioclient-5.1.0\bin\ZendIEToolbar.dll/DebugCurrent.html
IE: Zend Studio - Debug next page - c:\program files2\zend\zendstudioclient-5.1.0\bin\ZendIEToolbar.dll/DebugNext.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_07\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - {95188727-288F-4581-A48D-EAB3BD027314}
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {22D4879A-92DB-470D-8A83-E158797D8176} - file://w:\components\Liquid.ocx
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1251316917078
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1251316889562
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab
Handler: intu-qt2007 - {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} -
Handler: intu-qt2008 - {05E53CE9-66C8-4a9e-A99F-FDB7A8E7B596} - c:\program files\quicktax 2008\ic2008pp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\windows\system32\guard32.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\jack\applic~1\mozilla\firefox\profiles\vq1gf3mf.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - PHP Manual
FF - prefs.js: browser.startup.homepage - file:///D:/WEBSITES/LINKS-MYSITES.htm
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en&q=
FF - component: c:\documents and settings\jack\application data\mozilla\firefox\profiles\vq1gf3mf.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\program files\siber systems\ai roboform\firefox\components\rfproxy_31.dll
FF - plugin: c:\documents and settings\jack\local settings\application data\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre1.5.0_07\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_07\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_07\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_07\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_07\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_07\bin\NPJPI150_07.dll
FF - plugin: c:\program files\java\jre1.5.0_07\bin\NPOJI610.dll
FF - HiddenExtension: XUL Cache: {B01BBFCA-95D1-4337-BBC2-5D520B7845E2} - c:\documents and settings\jack\local settings\application data\{B01BBFCA-95D1-4337-BBC2-5D520B7845E2}
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
============= SERVICES / DRIVERS ===============
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-4-1 114768]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2009-11-30 133064]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2009-11-30 25160]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-12-16 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-12-16 74480]
R1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [2009-11-20 18816]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-4-1 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2007-10-24 138680]
R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2009-11-30 723632]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2006-9-19 3712]
R2 UltraMonUtility;UltraMon Utility Driver;c:\program files\common files\realtime soft\ultramonmirrordrv\x32\UltraMonUtility.sys [2005-6-2 10496]
R2 Vbuzzer Helper Service;Vbuzzer Helper Service;c:\program files\vbuzzer\XYNTService.exe [2009-8-25 49152]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2007-10-24 352920]
R3 PIBus;PIBus Device;c:\windows\system32\drivers\PIBus.sys [2006-6-14 43356]
R3 PIJoy;PI Virtual Joystick;c:\windows\system32\drivers\PIJoy.sys [2006-6-14 3910]
R3 PIKbd;PI Virtual Keyboard;c:\windows\system32\drivers\PIKbd.sys [2006-6-14 3878]
R3 PIMou;PI Virtual Mouse;c:\windows\system32\drivers\PIMou.sys [2006-6-14 3846]
R3 UltraMonMirror;UltraMonMirror;c:\windows\system32\drivers\UltraMonMirror.sys [2005-5-14 3328]
S3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [2006-10-23 2944]
S3 BrSerWDM;Brother Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [2006-10-23 60416]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\drivers\BrUsbMdm.sys [2006-10-23 11008]
S3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\drivers\BrUsbScn.sys [2006-10-23 10368]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\2c5.tmp --> c:\windows\system32\2C5.tmp [?]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-12-16 7408]
=============== Created Last 30 ================
2010-01-10 10:53:57 23 --sha-w- c:\windows\system32\cccecdab3_d.dll
2010-01-10 10:53:57 23 ----a-w- c:\windows\system32\ebeaadb6_d.ocx
2010-01-10 10:53:46 0 d-----w- c:\program files\RegSupreme Pro
2010-01-03 23:08:33 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-01-03 23:08:12 0 d-----w- c:\program files\SUPERAntiSpyware
2010-01-03 23:08:12 0 d-----w- c:\docume~1\jack\applic~1\SUPERAntiSpyware.com
==================== Find3M ====================
2009-12-03 21:14:06 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-03 21:13:56 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-30 22:38:39 25160 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2009-11-30 22:38:39 171552 ----a-w- c:\windows\system32\guard32.dll
2009-11-30 22:38:39 133064 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2009-11-03 01:42:06 195456 ------w- c:\windows\system32\MpSigStub.exe
2006-06-22 19:14:50 149 ----a-w- c:\program files\INSTALL.LOG
2003-01-04 01:36:52 77824 ----a-w- c:\program files\Startup.exe
============= FINISH: 2:19:42.56 ===============
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_09-12-01.01)
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 12/2/2005 1:19:46 AM
System Uptime: 1/10/2010 8:57:16 AM (66 hours ago)
Motherboard: Dell Computer Corp. | | 0CF458
Processor: Intel(R) Celeron(R) CPU 2.53GHz | Microprocessor | 2526/533mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 52 GiB total, 34.054 GiB free.
D: is FIXED (NTFS) - 20 GiB total, 13.312 GiB free.
E: is FIXED (NTFS) - 233 GiB total, 187.152 GiB free.
W: is CDROM ()
==== Disabled Device Manager Items =============
Class GUID: {4D36E968-E325-11CE-BFC1-08002BE10318}
Description: Intel(R) 82865G Graphics Controller
Device ID: PCI\VEN_8086&DEV_2572&SUBSYS_01D51028&REV_02\3&172E68DD&0&10
Manufacturer: Intel Corporation
Name: Intel(R) 82865G Graphics Controller
PNP Device ID: PCI\VEN_8086&DEV_2572&SUBSYS_01D51028&REV_02\3&172E68DD&0&10
Service: ialm
==== System Restore Points ===================
No restore point in system.
==== Installed Programs ======================
ACDSee Pro
Acrobat.com
ActiveState Komodo IDE 5.0.3
Adobe AIR
Adobe Anchor Service CS3
Adobe Anchor Service CS4
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge CS4
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps CS4
Adobe Color - Photoshop Specific
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS3
Adobe Download Manager
Adobe ExtendScript Toolkit 2
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Illustrator CS4
Adobe InDesign CS3
Adobe InDesign CS3 Icon Handler
Adobe Linguistics CS3
Adobe Linguistics CS4
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS3
Adobe Reader 9.2
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe SING CS3
Adobe Stock Photos CS3
Adobe Type Support CS4
Adobe Update Manager CS3
Adobe Update Manager CS4
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
AI RoboForm (All Users)
Apache HTTP Server 1.3.33
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
avast! Antivirus
BackupXpress Pro
Brother HL-2040
Brother P-touch Editor 4.2
Camtasia Studio 5
CCleaner
ClearType Tuning Control Panel Applet
ClipMate 7
Color Schemer 2.51
COMODO Internet Security
Compatibility Pack for the 2007 Office system
Connect
Courier Email
CrossHair
CuteFTP 7 Professional
CutePDF Writer 2.7
Dell System Restore
EasyRecovery Professional
EditPlus 2
EmEditor Professional (English)
EPSON TWAIN 5
ERUNT 1.1j
FastStone Image Viewer 3.4
FileBox eXtender
Google Chrome
Google Video Player
HijackThis 2.0.2
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
HyperSnap 6
Intel(R) Extreme Graphics 2 Driver
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet for Wired Connections
ioIsland.com Places Bar Tweaker
J2SE Runtime Environment 5.0 Update 7
Java 2 Runtime Environment, SE v1.4.2_03
KhalSetup
kuler
LiveUpdate 3.0 (Symantec Corporation)
Logitech SetPoint
Macro Express 3
Macro Works
Macromedia Dreamweaver 8
Macromedia Extension Manager
Macromedia Flash 8
MacroWorks II
MagicDisc 2.5.79
Malwarebytes' Anti-Malware
MCU
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft IntelliType Pro 5.0
Microsoft Office Professional Edition 2003
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Visio MUI (English) 2007
Microsoft Office Visio Professional 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.5.5)
MozyHome Remote Backup
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MT2OFX V3.5.18
MyLife Organized 3.0.1
MySQL Server 5.0
MySQL Tools for 5.0
Paint Shop Pro 7
PDF Settings CS4
Photoshop Camera Raw
PHP 5.2.11
Poedit
PowerDesk 7
Quicken 2002 Home & Business
QuickTax 2008
QuickTime
RegSupreme Pro
Roxio Easy Media Creator 8 Suite
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338-v2)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Segoe UI
Skype™ 4.1
Slik Subversion 1.6.4 (x86)
SmartDraw 7
soapUI 3.0.1 3.0.1
Sophos Anti-Rootkit 1.5.0
Spybot - Search & Destroy
SpywareBlaster 4.2
Suite Shared Configuration CS4
SUPERAntiSpyware Free Edition
SWF Opener
TexNotesPro 4.3 Trial
TextPad 4.7
The Regex Coach 0.8.5
TopStyle (Version 3)
TortoiseSVN 1.6.4.16808 (32 bit)
Tweakui Powertoy for Windows XP
Typograf4.8f
Ulead PhotoImpact 11
UltraMon
Update for Windows XP (KB896727)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
Van Dyke Technologies SecureCRT 3.3
Vbuzzer Messenger
VC 9.0 Runtime
Web Log Filter 1.09.01
WebFldrs XP
Where Is It? 3.26
WinAce Archiver 2.0
Winamp (remove only)
Windows Defender
Windows Defender Signatures
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer Clean Up
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888310
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB891781
WinRAR archiver
WinSCP 4.0.7
Xenu's Link Sleuth
XviD MPEG-4 Video Codec
ZTreeWin (remove only)
==== Event Viewer Messages From Past Week ========
1/9/2010 9:33:30 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service LiveUpdate with arguments "" in order to run the server: {03E0E6C2-363B-11D3-B536-00902771A435}
1/10/2010 5:47:10 AM, error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: This operation returned because the timeout period expired.
==== End Of File ===========================
Please click this link-->Jotti (http://virusscan.jotti.org/)
Copy/paste file on the list into the white Upload a file box and click Submit/Send (depends on which one you are using Jotti or VirusTotal).
c:\windows\system32\cccecdab3_d.dll
Please post back the results of the scan in your next post.
If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/
Both returned negative for viruses/malware.
Funny thing is that I can't find the file via Windows Explorer. If I search for the file by full name, it appears. (attached gif)
I can open it in a text editor if I copy/paste the full path. I was able to upload it to those sites by pasting the full path into the Browse window.
File size: 23 bytes
Filetype: Unknown
MD5: e403da6836e026dd8edd219d18345e71
SHA1: c316dbdf3b64c9f49af2f0d40c967cc03c7059ce
Have you unhidden hidden files?
Here (http://www.bleepingcomputer.com/tutorials/tutorial62.html) is how to.
Yes, I'm showing hidden files.
But when I unchecked "Hide protected operating system files", the file appeared.
Good.
Please upload this as well:
c:\windows\system32\ebeaadb6_d.ocx
And post back results :)
Both sites returned "clean".
FYI, this file is also 23 bytes.
File size: 23 bytes
Filetype: Unknown
MD5: ec8a488172251d4a5f69c8d4fd413833
SHA1: 5da3845cb4c105eed806ec96726dd5ebfc4b8ace
We will continue with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
If you need help to disable your protection programs see here. (http://www.bleepingcomputer.com/forums/topic114351.html)
When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a fresh HijackThis log.
ComboFix 10-01-20.05 - Jack 01/21/2010 3:34.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2046.1259 [GMT -5:00]
Running from: c:\documents and settings\Jack\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100120-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Jack\Local Settings\Application Data\{B01BBFCA-95D1-4337-BBC2-5D520B7845E2}
c:\documents and settings\Jack\Local Settings\Application Data\{B01BBFCA-95D1-4337-BBC2-5D520B7845E2}\chrome.manifest
c:\documents and settings\Jack\Local Settings\Application Data\{B01BBFCA-95D1-4337-BBC2-5D520B7845E2}\chrome\content\_cfg.js
c:\documents and settings\Jack\Local Settings\Application Data\{B01BBFCA-95D1-4337-BBC2-5D520B7845E2}\chrome\content\overlay.xul
c:\documents and settings\Jack\Local Settings\Application Data\{B01BBFCA-95D1-4337-BBC2-5D520B7845E2}\install.rdf
c:\program files\INSTALL.LOG
c:\windows\system32\cccecdab3_d.dll
c:\windows\system32\twain_32.dll
.
((((((((((((((((((((((((( Files Created from 2009-12-21 to 2010-01-21 )))))))))))))))))))))))))))))))
.
2010-01-10 10:53 . 2010-01-10 10:53 -------- d-----w- c:\program files\RegSupreme Pro
2010-01-03 23:09 . 2010-01-03 23:09 52224 ----a-w- c:\documents and settings\Jack\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-01-03 23:09 . 2010-01-03 23:09 117760 ----a-w- c:\documents and settings\Jack\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-01-03 23:08 . 2010-01-03 23:08 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-01-03 23:08 . 2010-01-03 23:08 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-01-03 23:08 . 2010-01-03 23:08 -------- d-----w- c:\documents and settings\Jack\Application Data\SUPERAntiSpyware.com
2010-01-02 14:00 . 2010-01-02 14:00 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-14 16:12 . 2009-10-03 13:00 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-01-10 13:59 . 2006-07-01 06:38 -------- d-----w- c:\program files\Macro Express3
2010-01-03 23:13 . 2009-11-28 00:21 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-01-03 23:12 . 2009-11-28 00:21 -------- d-----w- c:\program files\SpywareBlaster
2010-01-03 23:07 . 2009-05-11 23:05 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-03 23:03 . 2009-09-18 05:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-12-21 22:16 . 2006-06-14 06:10 92976 ----a-w- c:\documents and settings\Jack\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-12-18 12:24 . 2006-08-01 02:07 -------- d-----w- c:\documents and settings\Jack\Application Data\MySQL
2009-12-16 07:30 . 2006-06-14 04:37 -------- d-----w- c:\program files\EditPlus 2
2009-12-09 12:04 . 2009-09-19 03:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-09 12:03 . 2009-12-09 12:03 4844296 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-12-03 21:14 . 2009-09-19 03:22 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-03 21:13 . 2009-09-19 03:22 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-30 22:43 . 2009-11-30 22:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Comodo
2009-11-30 22:38 . 2009-11-28 00:28 -------- d-----w- c:\program files\COMODO
2009-11-30 22:38 . 2009-11-30 22:38 87104 ----a-w- c:\windows\system32\drivers\inspect.sys
2009-11-30 22:38 . 2009-11-30 22:38 25160 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2009-11-30 22:38 . 2009-11-30 22:38 171552 ----a-w- c:\windows\system32\guard32.dll
2009-11-30 22:38 . 2009-11-30 22:38 133064 ----a-w- c:\windows\system32\drivers\cmdguard.sys
2009-11-30 05:15 . 2009-10-27 08:46 -------- d-----w- c:\documents and settings\Jack\Application Data\Vbuzzer Messenger
2009-11-28 00:38 . 2009-11-28 00:38 -------- d-----w- c:\program files\Trend Micro
2009-11-28 00:21 . 2009-09-18 02:20 2496522 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
2009-11-28 00:06 . 2007-11-14 11:48 -------- d-----w- c:\program files\Azureus
2009-11-27 18:21 . 2009-11-27 18:11 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-11-27 18:18 . 2005-12-02 06:33 -------- d-----w- c:\program files\Common Files\Adobe
2009-11-27 18:13 . 2009-11-27 18:13 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-11-27 18:12 . 2009-11-27 18:12 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2009-11-27 18:11 . 2009-11-27 18:11 -------- d-----w- c:\program files\NOS
2009-11-24 23:54 . 2007-10-24 20:23 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2007-10-24 20:23 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:50 . 2007-10-24 20:23 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-11-24 23:50 . 2008-04-02 02:38 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-11-24 23:50 . 2008-04-02 02:38 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-11-24 23:48 . 2007-10-24 20:23 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2007-10-24 20:23 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2007-10-24 20:23 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-19 16:48 . 2009-11-30 21:44 872960 ----a-w- c:\documents and settings\Jack\Application Data\Mozilla\Firefox\Profiles\vq1gf3mf.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2009-11-19 16:48 . 2009-11-30 21:44 43008 ----a-w- c:\documents and settings\Jack\Application Data\Mozilla\Firefox\Profiles\vq1gf3mf.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2009-11-19 16:48 . 2009-11-30 21:44 340480 ----a-w- c:\documents and settings\Jack\Application Data\Mozilla\Firefox\Profiles\vq1gf3mf.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2009-11-19 16:48 . 2009-11-30 21:44 346624 ----a-w- c:\documents and settings\Jack\Application Data\Mozilla\Firefox\Profiles\vq1gf3mf.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2009-11-06 14:20 . 2009-11-27 18:11 34112 ----a-w- c:\documents and settings\Jack\Application Data\Mozilla\Firefox\Profiles\vq1gf3mf.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg_bootstrap.exe
2009-11-06 14:20 . 2009-11-27 18:11 32448 ----a-w- c:\documents and settings\Jack\Application Data\Mozilla\Firefox\Profiles\vq1gf3mf.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\plugins\np_gp.dll
2009-11-06 14:20 . 2009-11-27 18:11 22352 ----a-w- c:\documents and settings\Jack\Application Data\Mozilla\Firefox\Profiles\vq1gf3mf.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}\chrome\content\getPlusPlus_Adobe_reg.exe
2003-01-04 01:36 . 2006-06-14 06:13 77824 ----a-w- c:\program files\Startup.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2009-08-04 13:13 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2009-08-04 13:13 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2009-08-04 13:13 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2009-08-04 13:13 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2009-08-04 13:13 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2009-08-04 13:13 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2009-08-04 13:13 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2009-08-04 13:13 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2009-08-04 13:13 85768 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy2]
@="{747E722C-CB46-4a9d-BDFE-192AAD5099B1}"
[HKEY_CLASSES_ROOT\CLSID\{747E722C-CB46-4a9d-BDFE-192AAD5099B1}]
2009-01-30 19:05 2788152 ----a-w- c:\program files\MozyHome\mozyshell.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\mozy3]
@="{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}"
[HKEY_CLASSES_ROOT\CLSID\{EE6F5A00-7898-40f7-AB77-51FF9D6DEB20}]
2009-01-30 19:05 2788152 ----a-w- c:\program files\MozyHome\mozyshell.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CrossHair"="c:\program files\CrossHair\CrossHair.exe" [2006-07-23 94208]
"Google Update"="c:\documents and settings\Jack\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2008-09-17 133104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-15 1404928]
"type32"="c:\program files\Microsoft IntelliType Pro\type32.exe" [2003-05-15 114688]
"UltraMon"="c:\program files\UltraMon\UltraMon.exe" [2005-05-14 187904]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-05-10 94208]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2009-11-30 1800464]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
c:\documents and settings\Jack\Start Menu\Programs\Startup\
2.lnk - c:\documents and settings\Jack\Application Data\Realtime Soft\UltraMon\Profiles\2.umprofile [2006-9-20 213]
FileBox eXtender.lnk - c:\program files\FileBX\FileBX.exe [2006-6-13 598016]
MacroWorks II.lnk - c:\program files\xkeys\MacroWorks II\MacroWorks.exe [2007-8-3 1052672]
Shortcut to Pdesk.exe.lnk - c:\program files\PowerDesk\Pdesk.exe [2004-7-29 753664]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2006-9-19 593920]
Macro Express 3.lnk - c:\program files\Macro Express3\MacExp.exe [2006-7-1 3147264]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
2008-08-14 11:58 611712 ----a-w- c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2008-09-17 04:10 133104 ----atw- c:\documents and settings\Jack\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2005-04-06 01:19 77824 ----a-w- c:\windows\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]
2005-04-06 01:22 94208 ----a-w- c:\windows\system32\igfxtray.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]
2005-04-06 01:23 114688 ----a-w- c:\windows\system32\igfxpers.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2006-08-14 00:56 155648 ----a-w- c:\program files\QuickTime\qttask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"RoxUpnpServer"=2 (0x2)
"RoxUPnPRenderer"=3 (0x3)
"RoxMediaDB"=3 (0x3)
"odserv"=3 (0x3)
"mozybackup"=2 (0x2)
"LiveUpdate"=3 (0x3)
"IDriverT"=3 (0x3)
"Automatic LiveUpdate Scheduler"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Roxio\\Easy Media Creator 8\\Digital Home\\RoxUpnpServer.exe"=
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [4/1/2008 9:38 PM 114768]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [11/30/2009 5:38 PM 133064]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [11/30/2009 5:38 PM 25160]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [12/16/2009 4:26 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/16/2009 4:26 PM 74480]
R1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [11/20/2009 11:12 PM 18816]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [4/1/2008 9:38 PM 20560]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [9/19/2006 11:59 PM 3712]
R2 UltraMonUtility;UltraMon Utility Driver;c:\program files\Common Files\Realtime Soft\UltraMonMirrorDrv\x32\UltraMonUtility.sys [6/2/2005 12:54 PM 10496]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 6:19 PM 13592]
R3 PIBus;PIBus Device;c:\windows\system32\drivers\PIBus.sys [6/14/2006 12:48 AM 43356]
R3 PIJoy;PI Virtual Joystick;c:\windows\system32\drivers\PIJoy.sys [6/14/2006 12:48 AM 3910]
R3 PIKbd;PI Virtual Keyboard;c:\windows\system32\drivers\PIKbd.sys [6/14/2006 12:48 AM 3878]
R3 PIMou;PI Virtual Mouse;c:\windows\system32\drivers\PIMou.sys [6/14/2006 12:48 AM 3846]
R3 UltraMonMirror;UltraMonMirror;c:\windows\system32\drivers\UltraMonMirror.sys [5/14/2005 5:41 PM 3328]
S2 Vbuzzer Helper Service;Vbuzzer Helper Service;c:\program files\vbuzzer\XYNTService.exe [8/25/2009 10:11 AM 49152]
S3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [10/23/2006 7:55 PM 2944]
S3 BrSerWDM;Brother Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [10/23/2006 7:55 PM 60416]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\drivers\BrUsbMdm.sys [10/23/2006 7:55 PM 11008]
S3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\drivers\BrUsbScn.sys [10/23/2006 7:55 PM 10368]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\2C5.tmp --> c:\windows\system32\2C5.tmp [?]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [12/16/2009 4:27 PM 7408]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder
2010-01-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3904491436-2355115627-2611027165-1006Core.job
- c:\documents and settings\Jack\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-17 04:10]
2010-01-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3904491436-2355115627-2611027165-1006UA.job
- c:\documents and settings\Jack\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-17 04:10]
2005-12-02 c:\windows\Tasks\ISP signup reminder 1.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-08-10 11:00]
2010-01-20 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 23:20]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = hxxp://www1.ca.dell.com/content/default.aspx?c=ca&l=en&s=gen
uInternet Connection Wizard,ShellNext = https://www-secure.symantec.com/custserv/cs_register_consumer.html
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
IE: Add to Vbuzzer RSS list - c:\program files\vbuzzer\addurl.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Zend Studio - Debug current page - c:\program files2\Zend\ZendStudioClient-5.1.0\bin\ZendIEToolbar.dll/DebugCurrent.html
IE: Zend Studio - Debug next page - c:\program files2\Zend\ZendStudioClient-5.1.0\bin\ZendIEToolbar.dll/DebugNext.html
Handler: intu-qt2007 - {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} -
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {22D4879A-92DB-470D-8A83-E158797D8176} - file://w:\components\Liquid.ocx
FF - ProfilePath - c:\documents and settings\Jack\Application Data\Mozilla\Firefox\Profiles\vq1gf3mf.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - PHP Manual
FF - prefs.js: browser.startup.homepage - file:///D:/WEBSITES/LINKS-MYSITES.htm
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en&q=
FF - component: c:\documents and settings\Jack\Application Data\Mozilla\Firefox\Profiles\vq1gf3mf.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\program files\Siber Systems\AI RoboForm\Firefox\components\rfproxy_31.dll
FF - plugin: c:\documents and settings\Jack\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre1.5.0_07\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_07\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_07\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_07\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_07\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_07\bin\NPJPI150_07.dll
FF - plugin: c:\program files\Java\jre1.5.0_07\bin\NPOJI610.dll
.
- - - - ORPHANS REMOVED - - - -
MSConfigStartUp-Jack - c:\documents and settings\Jack\Jack.exe
MSConfigStartUp-sysgif32 - c:\windows\Temp\wpv961253178221.exe
AddRemove-HijackThis - e:\!\HijackThis.exe
AddRemove-WinAce Archiver 2.0 - c:\program files\WinAce\SXUNINST.EXE
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-21 03:40
Windows 5.1.2600 Service Pack 2 NTFS
detected NTDLL code modification:
ZwClose, ZwOpenFile
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\2C5.tmp"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]
"ImagePath"="\"c:\program files2\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"c:\program files2\MySQL\MySQL Server 5.0\my.ini\" MySQL"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(548)
c:\windows\system32\guard32.dll
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'lsass.exe'(604)
c:\windows\system32\guard32.dll
.
Completion time: 2010-01-21 03:44:12
ComboFix-quarantined-files.txt 2010-01-21 08:43
Pre-Run: 36,354,371,584 bytes free
Post-Run: 36,343,021,568 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
- - End Of File - - 52A3A958DF1296349B4553D71353285E
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:46:33 AM, on 1/21/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\UltraMon\UltraMon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Macro Express3\MacExp.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\FileBX\FileBX.exe
C:\Program Files\PowerDesk\PDesk.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\explorer.exe
C:\Program Files\UltraMon\UltraMonTaskbar.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.ca.dell.com/content/default.aspx?c=ca&l=en&s=gen
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www-secure.symantec.com/custserv/cs_register_consumer.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: (no name) - {95188727-288F-4581-A48D-EAB3BD027314} - (no file)
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [UltraMon] "C:\Program Files\UltraMon\UltraMon.exe" /auto
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKCU\..\Run: [CrossHair] C:\Program Files\CrossHair\CrossHair.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Jack\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: 2.lnk = ?
O4 - Startup: FileBox eXtender.lnk = C:\Program Files\FileBX\FileBX.exe
O4 - Startup: MacroWorks II.lnk = C:\Program Files\xkeys\MacroWorks II\MacroWorks.exe
O4 - Startup: Shortcut to Pdesk.exe.lnk = C:\Program Files\PowerDesk\Pdesk.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Macro Express 3.lnk = C:\Program Files\Macro Express3\MacExp.exe
O8 - Extra context menu item: Add to Vbuzzer RSS list - C:\Program Files\vbuzzer\addurl.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Zend Studio - Debug current page - res://C:\Program Files2\Zend\ZendStudioClient-5.1.0\bin\ZendIEToolbar.dll/DebugCurrent.html
O8 - Extra context menu item: Zend Studio - Debug next page - res://C:\Program Files2\Zend\ZendStudioClient-5.1.0\bin\ZendIEToolbar.dll/DebugNext.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Zend Studio Toolbar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Zend Studio - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {22D4879A-92DB-470D-8A83-E158797D8176} (Liquid.LiquidHelper) - file://W:\components\Liquid.ocx
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1251316917078
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1251316889562
O18 - Protocol: intu-qt2007 - {026BF40D-BA05-467B-9F1F-AD0D7A3F5F11} - C:\Program Files\QuickTax 2007\ic2007pp.dll (file missing)
O18 - Protocol: intu-qt2008 - {05E53CE9-66C8-4A9E-A99F-FDB7A8E7B596} - C:\Program Files\QuickTax 2008\ic2008pp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apache - Unknown owner - D:\Apache\Apache\Apache.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Vbuzzer Helper Service - Unknown owner - C:\Program Files\vbuzzer\XYNTService.exe
--
End of file - 9777 bytes
Looks like that ComboFix disagree with clean ;)
Please go to Kaspersky website (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) and perform an online antivirus scan.
Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Please post this log in your next reply along with a fresh HijackThis log.
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Friday, January 29, 2010
Operating system: Microsoft Windows XP Home Edition Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Friday, January 29, 2010 09:04:57
Records in database: 3383752
--------------------------------------------------------------------------------
Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes
Scan area - My Computer:
C:\
D:\
E:\
L:\
W:\
Scan statistics:
Objects scanned: 223363
Threats found: 2
Infected objects found: 5
Suspicious objects found: 0
Scan duration: 05:56:02
File name / Threat / Threats count
E:\!!\!SORT\adsense\dominate-adsense\adblaster.exe Infected: not-a-virus:AdWare.Win32.Megap.a 1
E:\zBACKUP\nextcd2\NewsGator.TopStyle.Pro.v3.5.retail-FOSI\fo-tsp35.exe Infected: not-a-virus:Server-Proxy.Win32.3proxy.v 2
E:\zBACKUP\nextcd2\NewsGator.TopStyle.Pro.v3.5.retail-FOSI\fo-tsp35.zip Infected: not-a-virus:Server-Proxy.Win32.3proxy.v 2
Selected area has been scanned.
---------------------------------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:18:20 PM, on 1/29/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\UltraMon\UltraMon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Macro Express3\MacExp.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\FileBX\FileBX.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\explorer.exe
C:\Program Files\UltraMon\UltraMonTaskbar.exe
C:\Program Files\PowerDesk\NTTool.exe
C:\Program Files\PowerDesk\PDesk.exe
C:\PROGRA~1\MICROS~2\OFFICE11\WINWORD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.ca.dell.com/content/default.aspx?c=ca&l=en&s=gen
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www-secure.symantec.com/custserv/cs_register_consumer.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: (no name) - {95188727-288F-4581-A48D-EAB3BD027314} - (no file)
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [UltraMon] "C:\Program Files\UltraMon\UltraMon.exe" /auto
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKCU\..\Run: [CrossHair] C:\Program Files\CrossHair\CrossHair.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Jack\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: 2.lnk = ?
O4 - Startup: FileBox eXtender.lnk = C:\Program Files\FileBX\FileBX.exe
O4 - Startup: MacroWorks II.lnk = C:\Program Files\xkeys\MacroWorks II\MacroWorks.exe
O4 - Startup: Shortcut to Pdesk.exe.lnk = C:\Program Files\PowerDesk\Pdesk.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Macro Express 3.lnk = C:\Program Files\Macro Express3\MacExp.exe
O8 - Extra context menu item: Add to Vbuzzer RSS list - C:\Program Files\vbuzzer\addurl.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Zend Studio - Debug current page - res://C:\Program Files2\Zend\ZendStudioClient-5.1.0\bin\ZendIEToolbar.dll/DebugCurrent.html
O8 - Extra context menu item: Zend Studio - Debug next page - res://C:\Program Files2\Zend\ZendStudioClient-5.1.0\bin\ZendIEToolbar.dll/DebugNext.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Zend Studio Toolbar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Zend Studio - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {22D4879A-92DB-470D-8A83-E158797D8176} (Liquid.LiquidHelper) - file://W:\components\Liquid.ocx
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1251316917078
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1251316889562
O18 - Protocol: intu-qt2007 - {026BF40D-BA05-467B-9F1F-AD0D7A3F5F11} - C:\Program Files\QuickTax 2007\ic2007pp.dll (file missing)
O18 - Protocol: intu-qt2008 - {05E53CE9-66C8-4A9E-A99F-FDB7A8E7B596} - C:\Program Files\QuickTax 2008\ic2008pp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apache - Unknown owner - D:\Apache\Apache\Apache.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Vbuzzer Helper Service - Unknown owner - C:\Program Files\vbuzzer\XYNTService.exe
--
End of file - 9860 bytes
Looks like that not all programs are legit.
Please uninstall this:
TopStyle (Version 3)
Delete these:
E:\!!\!SORT\adsense
E:\zBACKUP\nextcd2\NewsGator.TopStyle.Pro.v3.5.retail-FOSI
Empty Recycle Bin.
Post back fresh DDS logs, please.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
DDS (Ver_09-12-01.01)
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 12/2/2005 1:19:46 AM
System Uptime: 1/10/2010 8:55:09 AM (487 hours ago)
Motherboard: Dell Computer Corp. | | 0CF458
Processor: Intel(R) Celeron(R) CPU 2.53GHz | Microprocessor | 2526/533mhz
==== Disk Partitions =========================
C: is FIXED (NTFS) - 52 GiB total, 33.757 GiB free.
D: is FIXED (NTFS) - 20 GiB total, 13.333 GiB free.
E: is FIXED (NTFS) - 233 GiB total, 189.877 GiB free.
L: is NetworkDisk (NTFS) - 924 GiB total, 478.67 GiB free.
W: is CDROM ()
==== Disabled Device Manager Items =============
Class GUID: {4D36E968-E325-11CE-BFC1-08002BE10318}
Description: Intel(R) 82865G Graphics Controller
Device ID: PCI\VEN_8086&DEV_2572&SUBSYS_01D51028&REV_02\3&172E68DD&0&10
Manufacturer: Intel Corporation
Name: Intel(R) 82865G Graphics Controller
PNP Device ID: PCI\VEN_8086&DEV_2572&SUBSYS_01D51028&REV_02\3&172E68DD&0&10
Service: ialm
==== System Restore Points ===================
RP1: 1/21/2010 3:20:59 AM - System Checkpoint
RP2: 1/22/2010 9:00:31 AM - Software Distribution Service 3.0
RP3: 1/27/2010 9:01:11 AM - Software Distribution Service 3.0
RP4: 1/29/2010 9:00:31 AM - Software Distribution Service 3.0
==== Installed Programs ======================
ACDSee Pro
Acrobat.com
ActiveState Komodo IDE 5.0.3
Adobe AIR
Adobe Anchor Service CS3
Adobe Anchor Service CS4
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge CS4
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps CS4
Adobe Color - Photoshop Specific
Adobe Color EU Extra Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Recommended Settings CS4
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS3
Adobe Download Manager
Adobe ExtendScript Toolkit 2
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash Player 10 Plugin
Adobe Flash Player ActiveX
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Illustrator CS4
Adobe InDesign CS3
Adobe InDesign CS3 Icon Handler
Adobe Linguistics CS3
Adobe Linguistics CS4
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS3
Adobe Reader 9.2
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe SING CS3
Adobe Stock Photos CS3
Adobe Type Support CS4
Adobe Update Manager CS3
Adobe Update Manager CS4
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
AI RoboForm (All Users)
Apache HTTP Server 1.3.33
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
avast! Antivirus
BackupXpress Pro
Brother HL-2040
Brother P-touch Editor 4.2
Camtasia Studio 5
CCleaner
ClearType Tuning Control Panel Applet
ClipMate 7
Color Schemer 2.51
COMODO Internet Security
Compatibility Pack for the 2007 Office system
Connect
Courier Email
CrossHair
CuteFTP 7 Professional
CutePDF Writer 2.7
Dell System Restore
EasyRecovery Professional
EditPlus 2
EmEditor Professional (English)
EPSON TWAIN 5
ERUNT 1.1j
FastStone Image Viewer 3.4
FileBox eXtender
Google Chrome
Google Video Player
HijackThis 2.0.2
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
HyperSnap 6
Intel(R) Extreme Graphics 2 Driver
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet for Wired Connections
ioIsland.com Places Bar Tweaker
J2SE Runtime Environment 5.0 Update 7
Java 2 Runtime Environment, SE v1.4.2_03
KhalSetup
kuler
LiveUpdate 3.0 (Symantec Corporation)
Logitech SetPoint
Macro Express 3
Macro Works
Macromedia Dreamweaver 8
Macromedia Extension Manager
Macromedia Flash 8
MacroWorks II
MagicDisc 2.5.79
Malwarebytes' Anti-Malware
MCU
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft IntelliType Pro 5.0
Microsoft Office Professional Edition 2003
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Visio MUI (English) 2007
Microsoft Office Visio Professional 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.5.5)
MozyHome Remote Backup
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MT2OFX V3.5.18
MyLife Organized 3.0.1
MySQL Server 5.0
MySQL Tools for 5.0
Paint Shop Pro 7
PDF Settings CS4
Photoshop Camera Raw
PHP 5.2.11
Poedit
PowerDesk 7
Quicken 2002 Home & Business
QuickTax 2008
QuickTime
RegSupreme Pro
Roxio Easy Media Creator 8 Suite
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338-v2)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Segoe UI
Skype™ 4.1
Slik Subversion 1.6.4 (x86)
SmartDraw 7
soapUI 3.0.1 3.0.1
Sophos Anti-Rootkit 1.5.0
Spybot - Search & Destroy
SpywareBlaster 4.2
Suite Shared Configuration CS4
SUPERAntiSpyware Free Edition
SWF Opener
TexNotesPro 4.3 Trial
TextPad 4.7
The Regex Coach 0.8.5
TortoiseSVN 1.6.4.16808 (32 bit)
Tweakui Powertoy for Windows XP
Typograf4.8f
Ulead PhotoImpact 11
UltraMon
Update for Windows XP (KB896727)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
Van Dyke Technologies SecureCRT 3.3
Vbuzzer Messenger
VC 9.0 Runtime
Web Log Filter 1.09.01
WebFldrs XP
Where Is It? 3.26
Winamp (remove only)
Windows Defender
Windows Defender Signatures
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer Clean Up
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888310
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB891781
WinRAR archiver
WinSCP 4.0.7
Xenu's Link Sleuth
XviD MPEG-4 Video Codec
ZTreeWin (remove only)
==== End Of File ===========================
DDS (Ver_09-12-01.01) - NTFSx86
Run by Jack at 15:39:06.31 on Sat 01/30/2010
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2046.1285 [GMT -5:00]
AV: avast! antivirus 4.8.1368 [VPS 100130-1] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: COMODO Firewall *disabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
============== Running Processes ===============
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\Program Files\Windows Defender\MsMpEng.exe
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\UltraMon\UltraMon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Macro Express3\MacExp.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\FileBX\FileBX.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\explorer.exe
C:\Program Files\UltraMon\UltraMonTaskbar.exe
C:\Program Files\PowerDesk\NTTool.exe
C:\Program Files\PowerDesk\PDesk.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\PowerDesk2\PDExplo.exe
C:\Documents and Settings\Jack\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = about:blank
mStart Page = hxxp://www1.ca.dell.com/content/default.aspx?c=ca&l=en&s=gen
uInternet Connection Wizard,ShellNext = https://www-secure.symantec.com/custserv/cs_register_consumer.html
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.5.0_07\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
TB: {BA52B914-B692-46c4-B683-905236F6F655} - No File
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: {95188727-288F-4581-A48D-EAB3BD027314} - No File
EB: {F60C63CE-52AF-4915-AAC9-F100FCDE270F}} - No File
uRun: [CrossHair] c:\program files\crosshair\CrossHair.exe
uRun: [Google Update] "c:\documents and settings\jack\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [type32] "c:\program files\microsoft intellitype pro\type32.exe"
mRun: [UltraMon] "c:\program files\ultramon\UltraMon.exe" /auto
mRun: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\jack\startm~1\programs\startup\2.lnk - c:\documents and settings\jack\application data\realtime soft\ultramon\profiles\2.umprofile
StartupFolder: c:\docume~1\jack\startm~1\programs\startup\filebo~1.lnk - c:\program files\filebx\FileBX.exe
StartupFolder: c:\docume~1\jack\startm~1\programs\startup\macrow~1.lnk - c:\program files\xkeys\macroworks ii\MacroWorks.exe
StartupFolder: c:\docume~1\jack\startm~1\programs\startup\shortc~1.lnk - c:\program files\powerdesk\Pdesk.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\macroe~1.lnk - c:\program files\macro express3\MacExp.exe
IE: Add to Vbuzzer RSS list - c:\program files\vbuzzer\addurl.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: Zend Studio - Debug current page - c:\program files2\zend\zendstudioclient-5.1.0\bin\ZendIEToolbar.dll/DebugCurrent.html
IE: Zend Studio - Debug next page - c:\program files2\zend\zendstudioclient-5.1.0\bin\ZendIEToolbar.dll/DebugNext.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.5.0_07\bin\ssv.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - {95188727-288F-4581-A48D-EAB3BD027314}
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {22D4879A-92DB-470D-8A83-E158797D8176} - file://w:\components\Liquid.ocx
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1251316917078
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1251316889562
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab
Handler: intu-qt2007 - {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} -
Handler: intu-qt2008 - {05E53CE9-66C8-4a9e-A99F-FDB7A8E7B596} - c:\program files\quicktax 2008\ic2008pp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs: c:\windows\system32\guard32.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\jack\applic~1\mozilla\firefox\profiles\vq1gf3mf.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - PHP Manual
FF - prefs.js: browser.startup.homepage - file:///D:/WEBSITES/LINKS-MYSITES.htm
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en&q=
FF - component: c:\documents and settings\jack\application data\mozilla\firefox\profiles\vq1gf3mf.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\program files\siber systems\ai roboform\firefox\components\rfproxy_31.dll
FF - plugin: c:\documents and settings\jack\local settings\application data\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre1.5.0_07\bin\NPJava11.dll
FF - plugin: c:\program files\java\jre1.5.0_07\bin\NPJava12.dll
FF - plugin: c:\program files\java\jre1.5.0_07\bin\NPJava13.dll
FF - plugin: c:\program files\java\jre1.5.0_07\bin\NPJava14.dll
FF - plugin: c:\program files\java\jre1.5.0_07\bin\NPJava32.dll
FF - plugin: c:\program files\java\jre1.5.0_07\bin\NPJPI150_07.dll
FF - plugin: c:\program files\java\jre1.5.0_07\bin\NPOJI610.dll
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
============= SERVICES / DRIVERS ===============
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2008-4-1 114768]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [2009-11-30 133064]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2009-11-30 25160]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-12-16 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-12-16 74480]
R1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [2009-11-20 18816]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-4-1 20560]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast4\ashServ.exe [2007-10-24 138680]
R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2009-11-30 723632]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [2006-9-19 3712]
R2 UltraMonUtility;UltraMon Utility Driver;c:\program files\common files\realtime soft\ultramonmirrordrv\x32\UltraMonUtility.sys [2005-6-2 10496]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast4\ashWebSv.exe [2007-10-24 352920]
R3 PIBus;PIBus Device;c:\windows\system32\drivers\PIBus.sys [2006-6-14 43356]
R3 PIJoy;PI Virtual Joystick;c:\windows\system32\drivers\PIJoy.sys [2006-6-14 3910]
R3 PIKbd;PI Virtual Keyboard;c:\windows\system32\drivers\PIKbd.sys [2006-6-14 3878]
R3 PIMou;PI Virtual Mouse;c:\windows\system32\drivers\PIMou.sys [2006-6-14 3846]
R3 UltraMonMirror;UltraMonMirror;c:\windows\system32\drivers\UltraMonMirror.sys [2005-5-14 3328]
S2 Vbuzzer Helper Service;Vbuzzer Helper Service;c:\program files\vbuzzer\XYNTService.exe [2009-8-25 49152]
S3 brfilt;Brother MFC Filter Driver;c:\windows\system32\drivers\BrFilt.sys [2006-10-23 2944]
S3 BrSerWDM;Brother Serial driver;c:\windows\system32\drivers\BrSerWdm.sys [2006-10-23 60416]
S3 BrUsbMdm;Brother MFC USB Fax Only Modem;c:\windows\system32\drivers\BrUsbMdm.sys [2006-10-23 11008]
S3 BrUsbScn;Brother MFC USB Scanner driver;c:\windows\system32\drivers\BrUsbScn.sys [2006-10-23 10368]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\2c5.tmp --> c:\windows\system32\2C5.tmp [?]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-12-16 7408]
=============== Created Last 30 ================
2010-01-21 08:22:27 0 d-sha-r- C:\cmdcons
2010-01-21 08:20:46 98816 ----a-w- c:\windows\sed.exe
2010-01-21 08:20:46 77312 ----a-w- c:\windows\MBR.exe
2010-01-21 08:20:46 261632 ----a-w- c:\windows\PEV.exe
2010-01-21 08:20:46 161792 ----a-w- c:\windows\SWREG.exe
2010-01-10 10:53:57 23 ----a-w- c:\windows\system32\ebeaadb6_d.ocx
2010-01-10 10:53:46 0 d-----w- c:\program files\RegSupreme Pro
2010-01-03 23:08:33 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2010-01-03 23:08:12 0 d-----w- c:\program files\SUPERAntiSpyware
2010-01-03 23:08:12 0 d-----w- c:\docume~1\jack\applic~1\SUPERAntiSpyware.com
==================== Find3M ====================
2010-01-14 16:12:06 181120 ------w- c:\windows\system32\MpSigStub.exe
2009-12-03 21:14:06 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-03 21:13:56 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-30 22:38:39 171552 ----a-w- c:\windows\system32\guard32.dll
2003-01-04 01:36:52 77824 ----a-w- c:\program files\Startup.exe
============= FINISH: 15:40:09.00 ===============
Please go to Kaspersky website (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) and perform an online antivirus scan.
Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Please post this log in your next reply along with a fresh HijackThis log.
Kaspersky came back clean but I couldn't save the report file. The "Save Report" button was greyed out.
---------------
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:29:49 PM, on 2/4/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
D:\Apache\Apache\Apache.exe
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
D:\Apache\Apache\Apache.exe
C:\Program Files2\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\vbuzzer\XYNTService.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\vbuzzer\VbuzzerAgent.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\UltraMon\UltraMon.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\UltraMon\UltraMonTaskbar.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\CrossHair\CrossHair.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Macro Express3\MacExp.exe
C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
C:\Program Files\FileBX\FileBX.exe
C:\Program Files\xkeys\MacroWorks II\MacroWorks.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\PowerDesk\NTTool.exe
C:\Program Files\PowerDesk\PDesk.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.ca.dell.com/content/default.aspx?c=ca&l=en&s=gen
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www-secure.symantec.com/custserv/cs_register_consumer.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;*.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: (no name) - {95188727-288F-4581-A48D-EAB3BD027314} - (no file)
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [UltraMon] "C:\Program Files\UltraMon\UltraMon.exe" /auto
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKCU\..\Run: [CrossHair] C:\Program Files\CrossHair\CrossHair.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Jack\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: 2.lnk = ?
O4 - Startup: FileBox eXtender.lnk = C:\Program Files\FileBX\FileBX.exe
O4 - Startup: MacroWorks II.lnk = C:\Program Files\xkeys\MacroWorks II\MacroWorks.exe
O4 - Startup: Shortcut to Pdesk.exe.lnk = C:\Program Files\PowerDesk\Pdesk.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O4 - Global Startup: Macro Express 3.lnk = C:\Program Files\Macro Express3\MacExp.exe
O8 - Extra context menu item: Add to Vbuzzer RSS list - C:\Program Files\vbuzzer\addurl.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Zend Studio - Debug current page - res://C:\Program Files2\Zend\ZendStudioClient-5.1.0\bin\ZendIEToolbar.dll/DebugCurrent.html
O8 - Extra context menu item: Zend Studio - Debug next page - res://C:\Program Files2\Zend\ZendStudioClient-5.1.0\bin\ZendIEToolbar.dll/DebugNext.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Zend Studio Toolbar - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Zend Studio - {A26ABCF0-1C8F-46e7-A67C-0489DC21B9CC} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {22D4879A-92DB-470D-8A83-E158797D8176} (Liquid.LiquidHelper) - file://W:\components\Liquid.ocx
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1251316917078
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1251316889562
O18 - Protocol: intu-qt2007 - {026BF40D-BA05-467B-9F1F-AD0D7A3F5F11} - C:\Program Files\QuickTax 2007\ic2007pp.dll (file missing)
O18 - Protocol: intu-qt2008 - {05E53CE9-66C8-4A9E-A99F-FDB7A8E7B596} - C:\Program Files\QuickTax 2008\ic2008pp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apache - Unknown owner - D:\Apache\Apache\Apache.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Vbuzzer Helper Service - Unknown owner - C:\Program Files\vbuzzer\XYNTService.exe
--
End of file - 10233 bytes
Seems fine so far -- thanks!
But it was always random -- the links weren't rewritten every time I searched, so if it happens again in the next few days I'll reply. Otherwise, all good!
OK, post back anyway after some time and I will give you final instructions :)
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.
Note: If it has been four days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.
If it has been less than four days since your last response and you need the thread re-opened, please send me or your helper a private message (pm). A valid, working link to the closed topic is required. Please do not add any logs that might have been requested in the closed topic, you would be starting fresh.