Search engine redirects, avast! not secured upon startup [Archive]

View Full Version : Search engine redirects, avast! not secured upon startup

GreenFrog

2010-05-11, 12:57

Dear forum support/experts,
Like many others on this forum, my computer redirects from google links to random advertising popups, and sometimes opens unwanted tabs without any prompting. Furthermore, whenever I start the computer, avast! is not secured, and it is unable to update. Any help on these matters would be greatly appreciated!

Here is my log:

DDS (Ver_10-03-17.01) - NTFSx86
Run by Owner at 19:24:40.00 on Tue 11/05/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_14
Microsoft Windows XP Professional 5.1.2600.3.1252.61.1033.18.3070.2297 [GMT 10:00]

AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRA~1\CACHEM~1\CachemanXP.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\oodag.exe
C:\windows\system32\IoctlSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Jeremy\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com.au/
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:5555
BHO: HelperObject Class: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 6\SnagItBHO.dll
BHO: {058ea4fb-f4e4-4850-85b1-2bf0aa62750f} - c:\windows\system32\wigudozi.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: EWPBrowseObject Class: {68f9551e-0411-48e4-9aaf-4bc42a6a46be} - c:\program files\canon\easy-webprint\EWPBrowseLoader.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: SnagIt: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 6\SnagItIEAddin.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mRun: [RemoteControl] "c:\program files\cyberlink\powerdvd\PDVDServ.exe"
mRun: [LanguageShortcut] "c:\program files\cyberlink\powerdvd\language\Language.exe"
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4.0\OpwareSE4.exe"
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [RTHDCPL] RTHDCPL.EXE
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoca~1.lnk - c:\program files\common files\autodesk shared\acstart17.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
uPolicies-explorer: NoSMBalloonTip = 0 (0x0)
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: {15A68763-86F6-413C-A524-4CEC55B14A29} = 61.8.0.113,210.23.129.34
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SSODL: SSODL - - No File
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
LSA: Notification Packages = scecli c:\windows\system32\pefeveli.dll
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\jeremy\applic~1\mozilla\firefox\profiles\6dms46dg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\documents and settings\jeremy\application data\mozilla\firefox\profiles\6dms46dg.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\program files\thrixxx\weblaunch\binaries\npWebLaunch.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 xfilt;VIA SATA IDE Hot-plug Driver;c:\windows\system32\drivers\xfilt.sys [2009-7-12 22168]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2008-7-30 164048]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2008-7-30 19024]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-3-27 40384]
R2 CachemanXPService;CachemanXP;c:\progra~1\cachem~1\CachemanXP.exe [2009-7-13 316416]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-7-12 55152]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-3-27 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-3-27 40384]
R3 UsbFltr;Razer Copperhead Driver;c:\windows\system32\drivers\copperhd.sys [2005-11-2 11596]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-7-12 1691480]
S3 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533360]
S3 INQ1usbser;INQ1 USB Device for Legacy Serial Communication;c:\windows\system32\drivers\INQ1usbser.sys [2009-2-28 103680]
S3 USTORAGE;UMass Storage Device;c:\windows\system32\drivers\UStorage.sys [2009-4-14 31104]

=============== Created Last 30 ================

2010-05-05 05:57:16 0 d-----w- c:\windows\pss
2010-04-29 02:37:32 0 d-----w- c:\program files\thriXXX

==================== Find3M ====================

2010-05-11 09:06:35 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-05-11 09:06:33 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2010-05-06 00:36:38 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-05 09:45:16 219128 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-05-05 09:29:19 138592 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-03-26 08:37:04 100006 ----a-w- c:\windows\War3Unin.dat
2010-03-21 00:53:59 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-03-21 00:53:59 2434856 ----a-w- c:\windows\system32\pbsvc_bc2.exe
2010-03-17 05:52:24 84512 ----a-w- c:\windows\SOUNDMAN.EXE
2010-03-17 05:52:24 358944 ----a-w- c:\windows\vncutil.exe
2010-03-17 05:52:24 1833504 ----a-w- c:\windows\SkyTel.exe
2010-03-17 05:52:18 9721888 ----a-w- c:\windows\RTLCPL.EXE
2010-03-17 05:52:18 51232 ----a-w- c:\windows\system32\RtkCoInstXP.dll
2010-03-17 05:52:18 1489440 ----a-w- c:\windows\RtlUpd.exe
2010-03-17 05:52:12 19520544 ----a-w- c:\windows\RTHDCPL.EXE
2010-03-17 05:52:12 129568 ----a-w- c:\windows\RtkAudioService.exe
2010-03-17 05:52:06 64032 ----a-w- c:\windows\ALCMTR.EXE
2010-03-17 05:52:06 2815520 ----a-w- c:\windows\ALCWZRD.EXE
2010-03-17 05:52:06 2177568 ----a-w- c:\windows\MicCal.exe
2010-03-17 05:40:12 5878304 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
2010-03-15 16:37:50 278120 ----a-w- c:\windows\system32\nvmccs.dll
2010-03-15 16:37:50 154216 ----a-w- c:\windows\system32\nvsvc32.exe
2010-03-15 16:37:50 145000 ----a-w- c:\windows\system32\nvcolor.exe
2010-03-15 16:37:50 13670504 ----a-w- c:\windows\system32\nvcpl.dll
2010-03-15 16:37:50 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-03-15 16:37:44 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-03-12 00:26:36 600680 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-26 00:20:12 1247776 ----a-w- c:\windows\RtlExUpd.dll
2010-02-25 06:24:37 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-16 14:08:49 2146304 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-02-16 13:25:04 2024448 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-02-12 04:33:11 100864 ----a-w- c:\windows\system32\6to4svc.dll
2008-12-21 06:16:24 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008122120081222\index.dat
2009-12-01 07:07:00 49152 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat

============= FINISH: 19:26:04.96 ===============

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 5/05/2008 4:05:17 PM
System Uptime: 5/11/2010 7:06:15 PM (-4272 hours ago)

Motherboard: MICRO-STAR INTERNATIONAL CO.,LTD | | MS-7387
Processor: Intel(R) Core(TM)2 Duo CPU E4600 @ 2.40GHz | CPU 1 | 2400/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 363 GiB total, 291.742 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable

==== Disabled Device Manager Items =============

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

7-Zip 4.65
AAC Decoder
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop 6.0
Adobe Reader 9.3.2
Adobe Shockwave Player 11.5
Adobe SVG Viewer
Apple Mobile Device Support
Apple Software Update
ArchiCAD 8.1 INT
ArcSoft PhotoStudio 5.5
Audacity 1.2.6
AutoCAD 2007 - English
Autodesk DWF Viewer
AutoUpdate
avast! Free Antivirus
Battlefield: Bad Company™ 2
Bonjour
CachemanXP 2.0 (Windows 2000,2003,XP)
Call of Duty(R) 4 - Modern Warfare(TM)
Call of Duty(R) 4 - Modern Warfare(TM) 1.1 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.2 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.3 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
Canon MP Navigator 3.0
Canon MP600
Canon Utilities Easy-PhotoPrint
CD-LabelPrint
Choice Guard
CLEA Exercise - Photoelectric Photometry of the Pleiades
CLEA Exercise - Radio Astronomy of Pulsars - Version 1.013
CLEA Exercise - The Classification of Stellar Spectra
CLEA Exercise - The Hubble Redshift-Distance Relation
Company of Heroes
Company of Heroes - FAKEMSI
Creative Jukebox Driver
Creative Removable Disk Manager
Creative System Information
Creative Zen
Critical Update for Windows Media Player 11 (KB959772)
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
DVD Suite
e-tax 2009
Easy-WebPrint
ERUNT 1.1j
Express Burn
Express Rip
Free Audio Converter version 1.4
Free YouTube to Mp3 Converter version 3.1
Garmin City Navigator Australia and New Zealand NT 2010.20 Update
Google Earth
H.264 Decoder
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.0 (KB932471)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
INQ1 Modem
INQ1 PCSync
iTunes
Java(TM) 6 Update 14
Junk Mail filter update
jv16 PowerTools 2009
LAME v3.98.2 for Audacity
Logitech QuickCam
Logitech QuickCam Driver Package
Logitech Updater
MEGA 4
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
MixPad
MKV Splitter
MobileMe Control Panel
Mozilla Firefox (3.6.3)
MSVCRT
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB954459)
Mumble and Murmur
Nero 7 Essentials
neroxml
NVIDIA Display Control Panel
NVIDIA Drivers
NVIDIA nView Desktop Manager
NVIDIA PhysX
O&O Defrag Professional Edition
OGA Notifier 1.7.0105.35.0
OpenOffice.org 3.1
Planescape - Torment
Platform
PowerDVD
PowerProducer
Prism Video Converter
PunkBuster Services
QuickTime
Realtek High Definition Audio Driver
ScanSoft OmniPage SE 4.0
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980232)
Segoe UI
Skype™ 4.2
SnagIt 6
Spelling Dictionaries Support For Adobe Reader 9
Spybot - Search & Destroy
TeamSpeak 3 Client
thriXXX WebLaunch
Uninstall 1.0.0.1
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB971930)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB943729)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VC80CRTRedist - 8.0.50727.762
Ventrilo Client
VIA Platform Device Manager
VIA Rhine-Family Fast-Ethernet Adapter
VLC media player 1.0.0
Warcraft III: All Products
WavePad Sound Editor
WebFldrs XP
WIBU-KEY Setup (WIBU-KEY Remove)
Windows Defender
Windows Driver Package - Amoi Incorporated (INQ1usbser) Modem (01/01/2007 2.0.5.0)
Windows Driver Package - Amoi Incorporated (INQ1usbser) Ports (01/01/2007 2.0.5.0)
Windows Genuine Advantage Notifications (KB905474)
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
Windows PowerShell(TM) 1.0
Windows PowerShell(TM) 1.0 MUI pack
Windows Presentation Foundation
Windows Search 4.0
Windows XP Service Pack 3
XML Paper Specification Shared Components Pack 1.0

==== Event Viewer Messages From Past Week ========

8/05/2010 12:50:47 PM, error: Service Control Manager [7034] - The Cyberlink RichVideo Service(CRVS) service terminated unexpectedly. It has done this 1 time(s).
5/05/2010 3:16:53 PM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
5/05/2010 3:16:53 PM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.

==== End Of File ===========================

:thanks:

Jeremy

shelf life

2010-05-15, 00:47

hi,

Your log is a few days old. If you still need help simply reply to my post.

GreenFrog

2010-05-17, 04:52

Still need help!
Thanks.

shelf life

2010-05-17, 23:32

ok. We will get a download to use.Its called combofix. There is a guide to read first before you use it. The guide will explain what you need to do. Read through the guide and follow the directions. Post the combofix log in your reply.

Guide to using Combofix (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)

GreenFrog

2010-05-18, 16:30

Okay Shelf Life, here is my log:

ComboFix 10-05-16.04 - Jeremy 18/05/2010 20:29:48.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.61.1033.18.3070.2612 [GMT 10:00]
Running from: c:\documents and settings\Jeremy\Desktop\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Jeremy\Application Data\AntispywareBot
c:\documents and settings\Nissa\Local Settings\Temporary Internet Files\5ry0Sh.jpg
c:\documents and settings\Nissa\Local Settings\Temporary Internet Files\BQ8HOTpq0.jpg
c:\documents and settings\Nissa\Local Settings\Temporary Internet Files\hVEr4x.jpg
c:\documents and settings\Nissa\Local Settings\Temporary Internet Files\Ixd26Jh1.jpg
c:\documents and settings\Nissa\My Documents\AntispywareBot.lnk
c:\windows\ModemLog_INQ1 USB Modem .txt
c:\windows\TEMP\logishrd\LVPrcInj01.dll

Infected copy of c:\windows\system32\drivers\tcpip.sys was found and disinfected
Restored copy from - Kitty had a snack :p
.
((((((((((((((((((((((((( Files Created from 2010-04-18 to 2010-05-18 )))))))))))))))))))))))))))))))
.

2010-05-16 03:16 . 2010-05-17 04:00 -------- d-----w- c:\program files\Storm Hawks Sky Race
2010-05-15 05:27 . 2010-03-26 00:33 1496064 ----a-w- c:\documents and settings\Nissa\Application Data\Mozilla\Firefox\Profiles\elfwrnh3.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-05-15 05:27 . 2010-03-26 00:33 43008 ----a-w- c:\documents and settings\Nissa\Application Data\Mozilla\Firefox\Profiles\elfwrnh3.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-05-15 05:27 . 2010-03-26 00:33 339456 ----a-w- c:\documents and settings\Nissa\Application Data\Mozilla\Firefox\Profiles\elfwrnh3.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-05-15 05:27 . 2010-03-26 00:32 346112 ----a-w- c:\documents and settings\Nissa\Application Data\Mozilla\Firefox\Profiles\elfwrnh3.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2010-05-11 09:22 . 2010-05-11 09:22 -------- d-----w- c:\program files\ERUNT
2010-05-09 11:25 . 2010-05-09 11:25 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
2010-05-09 11:25 . 2010-05-09 11:25 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-05-09 11:25 . 2010-05-09 11:25 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Windows Search
2010-05-09 11:04 . 2010-05-09 11:53 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\kpebjgolm
2010-05-09 02:54 . 2010-03-26 00:33 1496064 ----a-w- c:\documents and settings\Tamsin\Application Data\Mozilla\Firefox\Profiles\skgzid5g.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-05-09 02:54 . 2010-03-26 00:33 43008 ----a-w- c:\documents and settings\Tamsin\Application Data\Mozilla\Firefox\Profiles\skgzid5g.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-05-09 02:54 . 2010-03-26 00:33 339456 ----a-w- c:\documents and settings\Tamsin\Application Data\Mozilla\Firefox\Profiles\skgzid5g.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-05-09 02:54 . 2010-03-26 00:32 346112 ----a-w- c:\documents and settings\Tamsin\Application Data\Mozilla\Firefox\Profiles\skgzid5g.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2010-05-05 11:15 . 2010-03-26 00:33 1496064 ----a-w- c:\documents and settings\Elizabeth\Application Data\Mozilla\Firefox\Profiles\gzqkq8ap.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-05-05 11:15 . 2010-03-26 00:33 43008 ----a-w- c:\documents and settings\Elizabeth\Application Data\Mozilla\Firefox\Profiles\gzqkq8ap.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-05-05 11:15 . 2010-03-26 00:33 339456 ----a-w- c:\documents and settings\Elizabeth\Application Data\Mozilla\Firefox\Profiles\gzqkq8ap.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-05-05 11:15 . 2010-03-26 00:32 346112 ----a-w- c:\documents and settings\Elizabeth\Application Data\Mozilla\Firefox\Profiles\gzqkq8ap.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2010-04-30 23:21 . 2010-03-26 00:33 1496064 ----a-w- c:\documents and settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\6dms46dg.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-04-30 23:21 . 2010-03-26 00:33 43008 ----a-w- c:\documents and settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\6dms46dg.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-04-30 23:21 . 2010-03-26 00:33 339456 ----a-w- c:\documents and settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\6dms46dg.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-04-30 23:21 . 2010-03-26 00:32 346112 ----a-w- c:\documents and settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\6dms46dg.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2010-04-29 02:37 . 2010-04-29 02:37 -------- d-----w- c:\program files\thriXXX

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-18 10:35 . 2009-08-10 09:06 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
2010-05-18 10:35 . 2009-08-10 08:49 0 ----a-w- c:\windows\system32\drivers\logiflt.iad
2010-05-18 02:03 . 2008-07-01 23:23 -------- d-----w- c:\program files\Warcraft III
2010-05-17 14:40 . 2009-10-25 06:12 218808 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-05-17 12:20 . 2009-10-25 06:13 137256 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-05-17 11:57 . 2008-05-09 11:07 -------- d-----w- c:\documents and settings\Elizabeth\Application Data\Skype
2010-05-17 11:31 . 2009-10-29 11:26 1 ----a-w- c:\documents and settings\Elizabeth\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-05-06 20:59 . 2008-07-30 06:57 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-05-06 20:39 . 2008-07-30 06:57 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-05-06 20:39 . 2008-07-30 06:57 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-05-06 20:34 . 2008-07-30 06:57 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-05-06 20:33 . 2008-07-30 06:57 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-05-06 20:33 . 2008-07-30 06:57 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-05-06 20:33 . 2008-07-30 06:57 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-05-06 20:33 . 2008-07-30 06:57 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-05-06 08:15 . 2008-07-02 03:06 -------- d-----w- c:\documents and settings\Jeremy\Application Data\Skype
2010-05-06 00:36 . 2009-10-03 05:05 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-04 02:52 . 2009-08-23 12:27 1 ----a-w- c:\documents and settings\Jeremy\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-05-03 01:09 . 2008-09-09 07:03 -------- d-----w- c:\program files\Windows Live
2010-04-24 06:10 . 2010-01-07 02:48 -------- d-----w- c:\program files\TeamSpeak 3 Client
2010-04-18 11:01 . 2008-10-07 18:59 -------- d-----w- c:\documents and settings\Jeremy\Application Data\Canon
2010-04-15 12:54 . 2009-10-11 01:29 1 ----a-w- c:\documents and settings\Nissa\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-04-14 16:47 . 2008-07-30 06:57 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-04-11 04:19 . 2009-07-23 12:10 -------- d-----w- c:\program files\Common Files\DVDVideoSoft
2010-04-11 04:19 . 2009-07-23 12:10 -------- d-----w- c:\program files\DVDVideoSoft
2010-03-27 01:44 . 2008-07-30 06:57 -------- d-----w- c:\program files\Alwil Software
2010-03-27 01:42 . 2010-03-27 01:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-03-27 01:35 . 2009-07-12 10:14 228 ----a-w- c:\windows\system32\edacded0.dat
2010-03-27 00:54 . 2010-03-27 00:54 -------- d-----w- c:\program files\NVIDIA Corporation
2010-03-27 00:54 . 2010-03-27 00:54 -------- d-----w- c:\documents and settings\All Users\Application Data\NVIDIA Corporation
2010-03-26 08:37 . 2008-07-01 23:27 100006 ----a-w- c:\windows\War3Unin.dat
2010-03-21 02:47 . 2010-03-21 02:47 -------- d--h--r- c:\documents and settings\Justin\Application Data\SecuROM
2010-03-21 00:54 . 2009-10-25 06:13 138056 ----a-w- c:\documents and settings\Justin\Application Data\PnkBstrK.sys
2010-03-21 00:54 . 2009-10-25 06:13 138056 ----a-w- c:\documents and settings\Justin\Application Data\PnkBstrK.sys
2010-03-21 00:53 . 2010-03-21 00:53 2434856 ----a-w- c:\windows\system32\pbsvc_bc2.exe
2010-03-21 00:53 . 2009-10-25 06:12 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-03-21 00:41 . 2010-03-21 00:41 -------- d-----w- c:\program files\Electronic Arts
2010-03-17 05:52 . 2009-07-12 06:20 358944 ----a-w- c:\windows\vncutil.exe
2010-03-17 05:52 . 2007-10-31 00:53 84512 ----a-w- c:\windows\SOUNDMAN.EXE
2010-03-17 05:52 . 2007-10-31 00:53 1833504 ----a-w- c:\windows\SkyTel.exe
2010-03-17 05:52 . 2009-07-12 06:20 51232 ----a-w- c:\windows\system32\RtkCoInstXP.dll
2010-03-17 05:52 . 2007-10-31 00:53 1489440 ----a-w- c:\windows\RtlUpd.exe
2010-03-17 05:52 . 2007-10-31 00:53 9721888 ----a-w- c:\windows\RTLCPL.EXE
2010-03-17 05:52 . 2009-07-12 06:20 129568 ----a-w- c:\windows\RtkAudioService.exe
2010-03-17 05:52 . 2007-10-31 00:52 19520544 ----a-w- c:\windows\RTHDCPL.EXE
2010-03-17 05:52 . 2007-10-31 00:52 64032 ----a-w- c:\windows\ALCMTR.EXE
2010-03-17 05:52 . 2007-10-31 00:52 2815520 ----a-w- c:\windows\ALCWZRD.EXE
2010-03-17 05:52 . 2007-10-31 00:52 2177568 ----a-w- c:\windows\MicCal.exe
2010-03-17 05:40 . 2007-10-31 00:53 5878304 ----a-w- c:\windows\system32\drivers\RtkHDAud.sys
2010-03-15 16:37 . 2010-03-15 16:37 278120 ----a-w- c:\windows\system32\nvmccs.dll
2010-03-15 16:37 . 2010-03-15 16:37 154216 ----a-w- c:\windows\system32\nvsvc32.exe
2010-03-15 16:37 . 2010-03-15 16:37 145000 ----a-w- c:\windows\system32\nvcolor.exe
2010-03-15 16:37 . 2010-03-15 16:37 13670504 ----a-w- c:\windows\system32\nvcpl.dll
2010-03-15 16:37 . 2010-03-15 16:37 110696 ----a-w- c:\windows\system32\nvmctray.dll
2010-03-15 16:37 . 2010-03-15 16:37 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-03-12 00:26 . 2007-10-31 00:54 600680 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-03-10 06:15 . 2007-07-27 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-26 00:20 . 2007-10-31 00:52 1247776 ----a-w- c:\windows\RtlExUpd.dll
2010-02-25 06:24 . 2007-07-27 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2007-07-27 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-05-13 21:55 . 2009-05-13 21:55 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-13 21:55 . 2009-05-13 21:55 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2006-11-23 56928]
"LanguageShortcut"="c:\program files\CyberLink\PowerDVD\Language\Language.exe" [2006-12-05 54832]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-09-28 185896]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [2006-10-11 75304]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-06-05 292136]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-05-20 177472]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-05-27 570664]
"LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2008-08-14 565008]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-03-15 13670504]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-03-15 110696]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192]
"RTHDCPL"="RTHDCPL.EXE" [2010-03-17 19520544]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-08-23 437160]

c:\documents and settings\Elizabeth\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]

c:\documents and settings\Nissa\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]

c:\documents and settings\Tamsin\Start Menu\Programs\Startup\
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-4-16 384000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
AutoCAD Startup Accelerator.lnk - c:\program files\Common Files\Autodesk Shared\acstart17.exe [2006-3-5 11000]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSMBalloonTip"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\THQ\\Company of Heroes\\RelicCOH.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\THQ\\Company of Heroes\\RelicDownloader\\RelicDownloader.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Electronic Arts\\Battlefield Bad Company 2\\BFBC2Game.exe"=
"c:\\Program Files\\Electronic Arts\\Battlefield Bad Company 2\\BFBC2Updater.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6112:TCP"= 6112:TCP:Warcraft III Battle.net

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [30/07/2008 4:57 PM 164048]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [30/07/2008 4:57 PM 19024]
R2 CachemanXPService;CachemanXP;c:\progra~1\CACHEM~1\CachemanXP.exe [13/07/2009 9:55 AM 316416]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [3/11/2006 7:19 PM 13592]
R3 UsbFltr;Razer Copperhead Driver;c:\windows\system32\drivers\copperhd.sys [2/11/2005 9:54 AM 11596]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [12/07/2009 4:20 PM 1691480]
S3 INQ1usbser;INQ1 USB Device for Legacy Serial Communication;c:\windows\system32\drivers\INQ1usbser.sys [28/02/2009 10:35 AM 103680]
S3 USTORAGE;UMass Storage Device;c:\windows\system32\drivers\UStorage.sys [14/04/2009 3:05 AM 31104]
.
Contents of the 'Scheduled Tasks' folder

2009-12-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 01:34]

2010-05-17 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2930487999-3313924498-955347039-1008Core.job
- c:\documents and settings\Justin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-24 09:07]

2010-05-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2930487999-3313924498-955347039-1008UA.job
- c:\documents and settings\Justin\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-24 09:07]

2010-05-18 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 09:20]

2010-05-18 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 07:04]

2010-05-18 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 07:04]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com.au/
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = http=127.0.0.1:5555
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: {15A68763-86F6-413C-A524-4CEC55B14A29} = 61.8.0.113,210.23.129.34
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\6dms46dg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - component: c:\documents and settings\Jeremy\Application Data\Mozilla\Firefox\Profiles\6dms46dg.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\program files\thriXXX\WebLaunch\Binaries\npWebLaunch.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -

BHO-{058ea4fb-f4e4-4850-85b1-2bf0aa62750f} - c:\windows\system32\wigudozi.dll
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
HKCU-Run-msnmsgr - c:\program files\Windows Live\Messenger\msnmsgr.exe
HKLM-Run-nwiz - nwiz.exe
AddRemove-NVIDIA Display Control Panel - c:\program files\NVIDIA Corporation\Uninstall\nvuninst.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-18 20:36
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

c:\windows\TEMP\TMP00000021B47163604AC36F21 524288 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2930487999-3313924498-955347039-1010\Software\SecuROM\License information*]
"datasecu"=hex:16,24,06,70,56,59,d4,32,7a,52,f5,a0,22,9d,1b,57,20,45,ea,d2,d0,
d6,4c,8e,7a,a1,5a,6a,45,92,ed,f3,61,53,7a,8a,2f,bf,ee,d5,52,66,4f,f8,96,74,\
"rkeysecu"=hex:b7,26,e1,0c,27,f2,6a,ec,58,2d,93,24,d7,7e,77,34

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG08.00.00.01WORKSTATION"="C2EE9E39C3D39EF87DA47E707F376B6EB59521D3731FB906AD3025CC83D7358A1622B9A4D9ED99225F6BE3313D27413017C5CF64F5D4BC8158D734A1C5ECFB53443944E7EE748D1B1AC4B0C747C063314BC4BD2F6480303733DC6001CB1A545FCDD677793ED5D3FB0DB288EF8C5EE2DC338E1554FC08000440587C8EC2F2A0A2F4516FA587F2E8EA5D6770397BCD75B173D5E5C680C73ADCC518C1445F8069A54035AD0A0F206D2773CBCF088AD076C0F47DA1D0B50D9248CE9EC8F157BE5A83FBBE141A9CA7A6817A797693B11DE2B2E51E9E0F651C6062A72092B7E41D43EE3661EC1BFA44FEDDE2FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A9C6AECB7A5D1407A6A0AC4980AC7933BA7FD869164D67942E57D818A78885F465557B2ED1EBAA435B89FD38C80C7FD2648ACEC05159F21E4575E19777C19293F59A1996BB229963B5457B758DDED1DFEF8B3DB31A72C86CEF30180FE41D4A786898F506B99FB111C34BE8F2E485107F4B07EF3041FC94741B5D15CF16C3D24B66EED2E0BFA452558C274A45AF78EAB97B90511BB8CBFC6068B848322803E978CF22BF8EB715E9FC4B43F505C4D6A9DB3A9E1DDDE0573D9E2E62718E2BC9DE2D3699A57AFD79FE9671721A4EEE61A677728C6367123AA5E1F35DA6C4A22A175D6024BD9465012B7720EA34C269FE4F62C4170AA71732199EF990D23886DE8940C8709850B07A1C383044190769B92734076249952F230F90AF48324EC342C2511E1397A51A5C11332DFD7042143D434BC0F22EA98D9312353B33D7F2B9D3E3CE4306F210CD3EE00956F7B52202DE4EC82EB49862582E41CE76E52A14BB3921BBCE23B38FED5DF51F1F77B9D8C212871141F53FC02A4251E26F56DFA39239426109AB38A70F1B4B1D2F279E9757713FCC9D67294B94C288BC65DF0A19FABF24C87444365FBAFC726E62935D9A373BDDEA9AA1330C1847C26ACFC208EEA3DCB54140F6B1C2EBA992C3472EC11C4AD0DB1C461E8F0F2D88EDBCD8A292243244FB5F542D87E117EFE211A1CCE9DC7138C854613BC066BD678FCADB85303B3D4E8FF74BB964CF1EC0B10FE928CC237B1BC6CD5FBBA228A966BCEEEBD840BA51771DA8F2CECB24DB2F60B84B5E2FB631498B05E945DEEE44AB2247CEE9F3ACED5D64CFCE8795FA1C76E3CFA5EF2EE3CAB161BBDCE2F756D2837DB5FBEDD22108C5B88F945D6CF4A072C5D78B43B9FB766BA7774883C28192DB2460A37B342A079883D0AEB34D331E23221844A095D2D7B14F80F0F7E796B0C6FBB2250EC65DC6E041BCBBCC8CDE3E2FAC1E4CB759C18360DE635077E23D52FC805818838D56984F02C38F5250A49E5EA8B85317EFA403FA7172911D86248CD8C1C44422DCB43FB6E9"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(9580)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\program files\ScanSoft\OmniPageSE4.0\OpHookSE4.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\windows\system32\oodag.exe
c:\windows\system32\IoctlSvc.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\RTHDCPL.EXE
c:\program files\Common Files\Logishrd\LQCVFX\COCIManager.exe
.
**************************************************************************
.
Completion time: 2010-05-18 20:40:04 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-18 10:40

Pre-Run: 312,912,949,248 bytes free
Post-Run: 313,150,799,872 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Professional" /Fastdetect

- - End Of File - - 29D426192B984B9E89990B13648D5C64

Thanks for you help Shelf Life.

Jeremy

shelf life

2010-05-19, 00:56

hi,

ok good. We will get one more download which you can keep and use as a anti-malware scanner. Link and directions:

Please download Malwarebytes (http://www.malwarebytes.org/mbam.php) to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.

Be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.

If an update is found, it will download and install the latest version.

Once the program has loaded, select Perform FULL SCAN, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.

Be sure that everything is checked, and click *Remove Selected.*

*A restart of your computer may be required to remove some items. If prompted please restart your computer to complete the fix.*

When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be opened by going to Start > All Programs > Malwarebytes' Anti-Malware > Logs > log-date.txt
Post the log in your reply.

GreenFrog

2010-05-19, 16:10

Hi Shelf Life, thanks for the reply.:bigthumb:

Here is my malwarebytes log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4116

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

19/05/2010 11:02:55 PM
mbam-log-2010-05-19 (23-02-55).txt

Scan type: Full scan (C:\|)
Objects scanned: 229066
Time elapsed: 30 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command\(default) (Hijack.StartMenuInternet) -> Bad: ("C:\Documents and Settings\Jeremy\Local Settings\Application Data\ave.exe" /START "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) Good: (firefox.exe -safe-mode) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Thanks,
Jeremy

shelf life

2010-05-20, 01:01

hi,

ok good. Hows it all looking on your end now? Web re-directs gone?

GreenFrog

2010-05-20, 02:15

Web redirects are gone! So are the annoying randomly opening new tabs. Avast! still refuses to update, but I'm working on that.

Thanks a lot for your help Shelf Life, you're the man (or woman)! :thanks:

shelf life

2010-05-20, 04:04

Ok. good. If all is good: you can get a utility that will remove combofix for you:

Please download OTCleanIt and save it to desktop.

http://oldtimer.geekstogo.com/OTC.exe

Double-click OTC.exe.
Click the CleanUp! button.
Select Yes when the "Begin cleanup Process?" prompt appears.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes, if not delete it by yourself.

Keep malwarebytes and note that the free version must be updated manually and a scan started manually. The paid version has auto-updates and a real time protection feature.

You can make a new restore point, the how and the why:

One of the features of Windows XP, Vista and Windows 7 is the System Restore option. However, if malware infects a computer it is possible that the malware could be backed up in the System Restore archive. Therefore, clearing the restore points is a good idea after malware is removed and your computer appears to be functioning ok.

To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

(winXP)

1. Turn off System Restore. (deletes old possibly infected restore points)
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.(creates a new restore point on a clean system)
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK, then reboot

Avast wont update either via auto-updating or manually?

Looks like you can get the latest updates manually here (http://www.avast.com/download-update) until the problem is fixed anyway.

GreenFrog

2010-05-21, 02:35

Shelf Life,

All done. Manually updating avast didn't work either, for some reason. However, it seemed many other users were having the same problem. I changed avast's proxy settings from auto detect to direct connection (no proxy), and it now seems to be updating normally.

Again, thank you for your help. :rockon:
Jeremy

shelf life

2010-05-21, 04:38

hi,

Ok good. your welcome. If all is good, some tips for helping you stay malware free:

10 Tips for Reducing/Preventing Your Risk To Malware:

In no special order

1) It is essential to keep your OS (http://update.microsoft.com/microsoftupdate/v6/default.aspx?ln=en-us),(Windows) browser (IE, FireFox) and other software up to date to "patch" vulnerabilities that could be exploited. Visit Windows Update frequently or use the auto-update feature. Staying updated is also necessary for web based applications like Java, Adobe Flash/Reader, QuickTime etc. Check there version status here. (http://secunia.com/vulnerability_scanning/online/)

2) Know what you are installing to your computer. Alot of software can come bundled with unwanted add-ons, like adware, toolbars and malware. More and more legitimate software is installing useless toolbars if not unchecked first. Do not install any files from ads, popups or random links. Do not fall for fake warnings about virus and trojans being found on your computer and you are then prompted to install software to remedy this. See also the signs (http://www.virusvault.us/signs1.html)that you may have malware on your computer.

3) Install and keep updated: one antivirus and two or three anti-malware applications. If not updated they will soon be worthless. If either of these frequently find malware then its time to *review your computer habits*. There is no reason why your computer can not stay malware free.

4) Refrain from clicking on links or attachments via E-Mail, IM, IRC, Chat Rooms, Blogs or Social Networking Sites, no matter how tempting or legitimate the message may seem.

5) Do not click on ads/pop ups or offers from websites requesting that you need to install software to your computer--*for any reason*. Use the Alt+F4 keys to close the window.

6) Don't click on offers to "scan" your computer. Install ActiveX Objects with care. Do you trust the website to install components?

7) Set up and use limited (non-privileged) accounts for everyday use, rather than administrator accounts. Limited accounts (http://www.microsoft.com/protect/computer/advanced/useraccount.mspx) can help prevent *malware from installing and lessen its potential impact.* This is exactly what user account control (UAC) in Windows Vista and W7 attempts to address.

8) Install and understand the *limitations* of a software firewall. A firewall is not a solution for attempting to control or catch malware sneaking out.

9) A tool (http://nsslabs.com/general/ie8-hardening-tool.html)for automatically hardening and securing Internet Explorer 8.0. Requires site registration for downloading. Changes some of the default settings of IE 8.0, Read the FAQ's.

10) Warez, cracks etc are very popular for carrying all kinds of malware payloads. If you look for these you will encounter malware. If you download/install files via p2p networks, then you are also much more likely to encounter malicious code in a downloaded file. Do you really trust the source of the file? Do you really need another malware source?

A longer version in link below.

Happy Safe Surfing.