safer-networking blocked

[howardd]

Problem trying to get any browser (Firefox,IE, Chrome) to get to www.safer-networking.org. I have run DDS and posted the results here.

Thanks for your help.

DDS (Ver_10-03-17.01) - NTFSx86
Run by Howard at 15:30:43.21 on Thu 05/27/2010
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_16
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1983.1223 [GMT -5:00]

AV: Malware Defense *On-access scanning enabled* (Outdated) {28e00e3b-806e-4533-925c-f4c3d79514b9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ATI\Catalyst Media Center\Kernel\TV\CLCapSvc.exe
C:\Program Files\ATI\Catalyst Media Center\Kernel\CLML_NTService\CLMLServer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Google\Update\1.2.183.27\GoogleCrashHandler.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\ehome\ehsched.exe
C:\Windows\ehome\ehRecvr.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Users\Howard\AppData\Local\Google\Update\GoogleUpdate.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\Howard\AppData\Local\Google\Update\1.2.183.27\GoogleCrashHandler.exe
C:\Users\Howard\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Howard\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Howard\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Users\Howard\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Howard\Documents\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uStart Page = about:blank
uSearch Bar = hxxp://www.google.com/ie
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Google Update] "c:\users\howard\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [basicsmssmenu] "c:\program files\seagate\basics\basics status\MaxMenuMgrBasics.exe"
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [DiscWizardMonitor.exe] c:\program files\seagate\discwizard\DiscWizardMonitor.exe
mRun: [AcronisTimounterMonitor] c:\program files\seagate\discwizard\TimounterMonitor.exe
mRun: [Seagate Scheduler2 Service] "c:\program files\common files\seagate\schedule2\schedhlp.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
dRunOnce: [DefaultP17MIDI] MIDIDEF.EXE
dRunOnce: [DefaultP17] P17Def.Exe
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15111/CTPID.cab
TCP: NameServer = 93.188.163.176,93.188.161.193
TCP: {26F0521F-54FD-4EE2-97B1-69589E861966} = 93.188.163.176,93.188.161.193
TCP: {5D255F55-6B4A-4646-B210-3546B8DC4483} = 93.188.163.176,93.188.161.193
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
LSA: Authentication Packages = msv1_0 relog_ap

============= SERVICES / DRIVERS ===============

R2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files\common files\seagate\schedule2\schedul2.exe [2008-6-24 431384]
S2 gupdate1c8c2012b3c7789;Google Update Service (gupdate1c8c2012b3c7789);c:\program files\google\update\GoogleUpdate.exe [2008-7-15 133104]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files\common files\creative labs shared\service\AL6Licensing.exe [2010-2-7 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2010-2-7 79360]
S4 MSIU-a420d717;MSIU-a420d717;c:\windows\system32\-a420d717.exe [2010-5-18 70656]
S4 MSIU-f36decbb;MSIU-f36decbb;c:\windows\system32\-f36decbb.exe [2010-5-19 70656]

=============== Created Last 30 ================

2010-05-22 23:53:35 123828 ---ha-w- c:\windows\system32\mlfcache.dat
2010-05-22 23:06:40 0 d-----w- c:\users\howard\appdata\roaming\mIRC
2010-05-22 17:17:50 0 d-----w- c:\users\howard\appdata\roaming\X-Chat 2
2010-05-20 04:24:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-20 04:24:54 0 d-----w- c:\programdata\Malwarebytes
2010-05-20 04:24:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-20 04:24:53 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-20 03:24:57 70656 ----a-w- c:\windows\system32\-f36decbb.exe
2010-05-20 03:07:09 0 d-----w- c:\users\howard\appdata\roaming\uTorrent
2010-05-19 04:49:26 70656 ----a-w- c:\windows\system32\-a420d717.exe
2010-05-19 04:49:13 183808 ----a-w- c:\windows\Kgoboa.exe

==================== Find3M ====================

2010-05-06 15:36:38 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-03-09 16:28:40 833024 ----a-w- c:\windows\system32\wininet.dll
2010-03-09 16:25:21 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-09 14:01:47 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2010-03-04 18:54:51 430080 ----a-w- c:\windows\system32\vbscript.dll
2010-02-08 09:00:41 86016 ----a-w- c:\windows\inf\infstrng.dat
2010-02-08 09:00:41 51200 ----a-w- c:\windows\inf\infpub.dat
2010-02-08 09:00:38 86016 ----a-w- c:\windows\inf\infstor.dat
2009-02-16 06:31:11 174 --sha-w- c:\program files\desktop.ini
2009-02-16 06:23:27 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-01-02 19:56:28 174 --sha-w- c:\program files\desktop (2).ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2008-12-19 04:14:51 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\temp\cookies\index.dat
2008-12-19 04:14:51 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\temp\history\history.ie5\index.dat
2008-12-19 04:14:51 32768 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\temp\temporary internet files\content.ie5\index.dat
2006-05-03 10:06:54 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 11:47:16 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 13:30:52 216064 --sh--r- c:\windows\system32\nbDX.dll
2008-10-05 20:11:39 16384 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\feeds cache\index.dat
2008-10-07 11:56:34 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012008092920081006\index.dat
2008-10-14 19:57:51 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012008100620081013\index.dat
2008-10-14 19:57:51 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012008101420081015\index.dat
2008-10-20 00:11:55 32768 --sha-w- c:\windows\temp\cookies\index.dat
2008-10-20 00:15:11 32768 --sha-w- c:\windows\temp\history\history.ie5\index.dat
2008-10-20 00:11:55 98304 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat

============= FINISH: 15:31:42.58 ===============

 

[ken545]

Hello howardd

Welcome to Safer Networking.

Please read Before You Post
While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.


Howardd, reply to this topic only and please do not start any new topics or we won't be able to keep track of you.


Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
• See this Link for programs that need to be disabled and instruction on how to disable them.
• Remember to re-enable them when we're done.
  
  
• Double click on ComboFix.exe & follow the prompts.
  
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply

*If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.

 

[howardd]

Thanks for the reply.... here is the ComboFix log file. I noticed Windows Defender is marked as enabled. When I try to access Windows Defender through the Control Panel I get a message that says it has been disabled through group policy. My browser also cannot spawn any tabs - I get a dll initialization error....



ComboFix 10-06-01.01 - Howard 06/01/2010 22:43:56.1.1 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1983.1120 [GMT -5:00]
Running from: c:\users\Howard\Downloads\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
The following files were disabled during the run:
c:\windows\system32\audiolor.dll


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\data
c:\users\Howard\AppData\Local\2274508699.dll
c:\users\Howard\AppData\Roaming\avdrn.dat
c:\users\Howard\AppData\Roaming\Microsoft\svch?st.exe
c:\users\Howard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\netbhl32.exe
c:\windows\Kgoboa.exe
c:\windows\regsvr32.exe
c:\windows\UA000106.DLL

.
((((((((((((((((((((((((( Files Created from 2010-05-02 to 2010-06-02 )))))))))))))))))))))))))))))))
.

2010-06-02 03:49 . 2010-06-02 03:50 -------- d-----w- c:\users\Howard\AppData\Local\temp
2010-06-02 03:49 . 2010-06-02 03:49 -------- d-----w- c:\users\Susanne\AppData\Local\temp
2010-06-02 03:49 . 2010-06-02 03:49 -------- d-----w- c:\users\netlink\AppData\Local\temp
2010-06-02 03:49 . 2010-06-02 03:49 -------- d-----w- c:\users\Mcx1-SERVER01\AppData\Local\temp
2010-06-02 03:49 . 2010-06-02 03:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-06-02 03:49 . 2010-06-02 03:49 -------- d-----w- c:\users\db2admin\AppData\Local\temp
2010-06-02 03:49 . 2010-06-02 03:49 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2010-06-02 03:30 . 2010-06-02 03:30 40960 ----a-w- c:\windows\system32\audiolor.dll.vir
2010-05-22 23:53 . 2010-05-22 23:53 123828 ---ha-w- c:\windows\system32\mlfcache.dat
2010-05-22 23:06 . 2010-05-24 22:27 -------- d-----w- c:\users\Howard\AppData\Roaming\mIRC
2010-05-22 17:17 . 2010-05-22 17:39 -------- d-----w- c:\users\Howard\AppData\Roaming\X-Chat 2
2010-05-22 06:47 . 2010-05-22 06:47 439816 ----a-w- c:\users\Howard\AppData\Roaming\Real\Update\setup3.10\setup.exe
2010-05-20 05:26 . 2010-05-19 04:48 70656 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\9k179w1u9.dll
2010-05-20 04:24 . 2009-12-30 19:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-20 04:24 . 2010-05-20 04:24 -------- d-----w- c:\programdata\Malwarebytes
2010-05-20 04:24 . 2010-05-20 04:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-20 04:24 . 2009-12-30 19:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-20 04:11 . 2010-05-19 04:48 70656 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\9oCE93179.dll
2010-05-20 03:49 . 2010-05-19 04:48 70656 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\1kU317.dll
2010-05-20 03:24 . 2010-05-19 04:48 70656 ----a-w- c:\windows\system32\-f36decbb.exe
2010-05-20 03:07 . 2010-05-20 05:28 -------- d-----w- c:\users\Howard\AppData\Roaming\uTorrent
2010-05-20 00:42 . 2010-05-19 04:48 70656 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\Y3c793yW9.dll
2010-05-19 04:49 . 2010-05-19 04:48 70656 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\5aA5k.dll
2010-05-19 04:49 . 2010-05-19 04:48 70656 ----a-w- c:\windows\system32\-a420d717.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-02 03:30 . 2010-06-02 03:30 12 ----a-w- c:\users\Howard\AppData\Roaming\czyiwa.dat
2010-05-28 21:44 . 2010-02-02 20:33 1 ----a-w- c:\users\Howard\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-05-27 20:24 . 2007-11-06 08:11 2032 ----a-w- c:\users\Howard\AppData\Local\d3d9caps.dat
2010-05-20 14:05 . 2009-01-02 04:58 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-05-20 14:05 . 2009-09-25 22:08 -------- d-----w- c:\program files\TechSmith
2010-05-20 14:03 . 2009-03-11 17:20 -------- d-----w- c:\users\Howard\AppData\Roaming\Orbit
2010-05-20 14:02 . 2009-01-02 04:59 -------- d-----w- c:\programdata\Lavasoft
2010-05-06 15:36 . 2009-10-03 00:35 221568 ----a-w- c:\windows\system32\MpSigStub.exe
2010-04-19 01:07 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-03-26 15:33 . 2010-04-14 21:51 1496064 ----a-w- c:\users\Howard\AppData\Roaming\Mozilla\Firefox\Profiles\cktxihyw.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-03-26 15:33 . 2010-04-14 21:51 43008 ----a-w- c:\users\Howard\AppData\Roaming\Mozilla\Firefox\Profiles\cktxihyw.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-03-26 15:33 . 2010-04-14 21:51 339456 ----a-w- c:\users\Howard\AppData\Roaming\Mozilla\Firefox\Profiles\cktxihyw.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-03-26 15:32 . 2010-04-14 21:51 346112 ----a-w- c:\users\Howard\AppData\Roaming\Mozilla\Firefox\Profiles\cktxihyw.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2010-03-09 16:28 . 2010-03-30 18:13 833024 ----a-w- c:\windows\system32\wininet.dll
2010-03-09 16:25 . 2010-03-30 18:13 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-09 14:01 . 2010-03-30 18:13 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2010-03-04 18:54 . 2010-04-14 19:05 430080 ----a-w- c:\windows\system32\vbscript.dll
2009-01-02 19:56 . 2009-02-16 04:36 174 --sha-w- c:\program files\desktop (2).ini
2007-09-04 04:37 . 2009-02-16 04:29 135680 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2006-05-06 16:42 . 2009-02-16 04:29 7260160 ----a-w- c:\program files\mozilla firefox\plugins\libvlc.dll
2006-05-03 10:06 . 2010-02-21 20:13 163328 --sha-r- c:\windows\System32\flvDX.dll
2007-02-21 11:47 . 2010-02-21 20:13 31232 --sha-r- c:\windows\System32\msfDX.dll
2008-03-16 13:30 . 2010-02-21 20:13 216064 --sha-r- c:\windows\System32\nbDX.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-07-03 135680]
"Google Update"="c:\users\Howard\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-08-28 133104]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2009-02-23 2356088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"basicsmssmenu"="c:\program files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe" [2007-10-09 169328]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"DiscWizardMonitor.exe"="c:\program files\Seagate\DiscWizard\DiscWizardMonitor.exe" [2008-06-25 1325848]
"AcronisTimounterMonitor"="c:\program files\Seagate\DiscWizard\TimounterMonitor.exe" [2008-06-25 904768]
"Seagate Scheduler2 Service"="c:\program files\Common Files\Seagate\Schedule2\schedhlp.exe" [2008-06-25 136472]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 40048]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-02-02 149280]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-01-01 185896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"DefaultP17MIDI"="MIDIDEF.EXE" [2002-12-03 49152]
"DefaultP17"="P17Def.Exe" [2005-05-03 20480]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\appcertdlls]
doskconv REG_SZ c:\windows\system32\audiolor.dll

R0 ntcdrdrv;ntcdrdrv;c:\windows\system32\DRIVERS\ntcdrdrv.sys [x]
R2 gupdate1c8c2012b3c7789;Google Update Service (gupdate1c8c2012b3c7789);c:\program files\Google\Update\GoogleUpdate.exe [2008-08-28 133104]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-02-08 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-02-07 79360]
R4 MSIU-a420d717;MSIU-a420d717;c:\windows\system32\-a420d717.exe [2010-05-19 70656]
R4 MSIU-f36decbb;MSIU-f36decbb;c:\windows\system32\-f36decbb.exe [2010-05-19 70656]
S2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files\Common Files\Seagate\Schedule2\schedul2.exe [2008-06-25 431384]

.
Contents of the 'Scheduled Tasks' folder

2010-06-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-07-16 16:17]

2010-06-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-07-16 16:17]

2010-06-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1905926303-259802968-3923504678-1000Core.job
- c:\users\Howard\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-03 16:17]

2010-06-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1905926303-259802968-3923504678-1000UA.job
- c:\users\Howard\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-03 16:17]

2010-05-29 c:\windows\Tasks\SDMsgUpdate (TE).job
- d:\progra~1\SMARTD~1\Messages\SDNotify.exe [2009-07-11 14:29]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
AddRemove-Glary Utilities_is1 - r:\glary utilities\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-01 22:50
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(780)
c:\windows\system32\relog_ap.dll
.
Completion time: 2010-06-01 22:54:22
ComboFix-quarantined-files.txt 2010-06-02 03:54

Pre-Run: 44,955,144,192 bytes free
Post-Run: 45,638,270,976 bytes free

- - End Of File - - 7293FF71682B186C848F9E975A818906

 

[howardd]

Getting worse... after rebooting the machine my Firefox.exe has been deleted/moved or renamed.

 

[ken545]

Good Morning Howard,

There is more to remove and your log is quite extensive, in the meantime while I am looking it over I would like you to run Malwarebytes, looks like you have it installed already

Its important that when you open it , go to the update tab and check for updates, then run the Quick scan and post the log

 

[howardd]

thanks for your continuing help. Here is my MalwareBytes log:


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 6.0.6001 Service Pack 1
Internet Explorer 7.0.6001.18000

6/2/2010 6:01:25 PM
mbam-log-2010-06-02 (18-01-25).txt

Scan type: Quick scan
Objects scanned: 157027
Time elapsed: 5 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

 

[ken545]

Hi,

You have some files that are questionable, let do this

1. Please download OTM by OldTimer and save it to your desktop.
2. Double click the
   
   icon on your desktop.
3. Paste the following code under the
   
   area.
   Do not include the word "Code".
   
   

   :Processes
   explorer.exe
   
   :Services
   
   :Reg
   
   :Files
   c:\windows\system32\audiolor.dll.vir
   c:\windows\system32\-a420d717.exe
   c:\windows\system32\-f36decbb.exe
   
   
   :Commands
   [purity]
   [emptytemp]
   [start explorer]
   [Reboot]

4. Push the large
   
   button.
5. OTM may ask to reboot the machine. Please do so if asked.
6. Copy/Paste the contents under the
   
   line here in your next reply.
7. If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

You need to enable windows to show all files and folders, instructions Here

Go to VirusTotal and submit these files for analysis, just use the BROWSE feature and then Send File , you will get a report back, post the report into this thread for me to see. If the site says this file has already been checked, have them check it again

c:\windows\system32\Spool\prtprocs\w32x86\9k179w1u9.dll
c:\windows\system32\Spool\prtprocs\w32x86\9oCE93179.dll

If the site is busy you can try this one

http://virusscan.jotti.org/en

 

[howardd]

I apologize for the length of this post. The file analysis at VirusTotal is quite long.
Thanks for your continued help
First, the OTM Log:

******************OTM log file
All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
File/Folder c:\windows\system32\audiolor.dll.vir not found.
c:\windows\system32\-a420d717.exe moved successfully.
c:\windows\system32\-f36decbb.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 270009 bytes
->FireFox cache emptied: 4235690 bytes
->Flash cache emptied: 592 bytes

User: All Users

User: db2admin
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Howard
->Temp folder emptied: 7288785 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 48496253 bytes
->FireFox cache emptied: 146257092 bytes
->Google Chrome cache emptied: 344549524 bytes
->Flash cache emptied: 37 bytes

User: Mcx1-SERVER01
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: netlink
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Susanne
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 78991 bytes
->Java cache emptied: 12122752 bytes
->FireFox cache emptied: 83943869 bytes
->Flash cache emptied: 30404 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3832 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 21710016 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 320 bytes
RecycleBin emptied: 5942 bytes

Total Files Cleaned = 638.00 mb


OTM by OldTimer - Version 3.1.12.2 log created on 06032010_163157

Files moved on Reboot...
File move failed. C:\Windows\temp\CLML_AGENT_LOG1.txt scheduled to be moved on reboot.
File C:\Windows\temp\sqlite_WNekx3TP915DgLV not found!

Registry entries deleted on Reboot...


******************VirusTotal Analysis for 9k179w1u9.dll

Antivirus Version Last Update Result
a-squared 5.0.0.26 2010.06.03 Backdoor.Agent!IK
AhnLab-V3 2010.06.03.03 2010.06.03 Win-Trojan/Xema.variant
AntiVir 8.2.2.4 2010.06.03 BDS/Agent.avdv.1
Antiy-AVL 2.0.3.7 2010.06.02 Backdoor/Win32.Agent.gen
Authentium 5.2.0.5 2010.06.03 W32/Alureon.W.gen!Eldorado
Avast 4.8.1351.0 2010.06.03 Win32:Agent-AKKO
Avast5 5.0.332.0 2010.06.03 Win32:Agent-AKKO
AVG 9.0.0.787 2010.06.03 Agent2.ATYW
BitDefender 7.2 2010.06.03 Trojan.Generic.4008684
CAT-QuickHeal 10.00 2010.06.03 Backdoor.Agent.avdv
ClamAV 0.96.0.3-git 2010.06.03 Trojan.Agent-155622
Comodo 4980 2010.06.01 TrojWare.Win32.Agent.eben
DrWeb 5.0.2.03300 2010.06.03 BackDoor.Siggen.19032
eSafe 7.0.17.0 2010.06.03 -
eTrust-Vet 35.2.7527 2010.06.03 Win32/Alureon.BCP
F-Prot 4.6.0.103 2010.06.03 W32/Alureon.W.gen!Eldorado
F-Secure 9.0.15370.0 2010.06.03 Trojan.Generic.4008684
Fortinet 4.1.133.0 2010.06.03 -
GData 21 2010.06.03 Trojan.Generic.4008684
Ikarus T3.1.1.84.0 2010.06.03 Backdoor.Agent
Jiangmin 13.0.900 2010.06.03 Backdoor/Agent.cxbu
Kaspersky 7.0.0.125 2010.06.03 Backdoor.Win32.Agent.avdv
McAfee 5.400.0.1158 2010.06.03 DNSChanger.bs
McAfee-GW-Edition 2010.1 2010.06.03 Heuristic.LooksLike.Trojan.Backdoor.Agent.I
Microsoft 1.5802 2010.06.03 Trojan:Win32/Alureon.DV
NOD32 5170 2010.06.03 Win32/Olmarik.YR
Norman 6.04.12 2010.06.03 W32/Smalltroj.YSNV
nProtect 2010-06-03.01 2010.06.03 Trojan.Generic.4008684
Panda 10.0.2.7 2010.06.03 Trj/CI.A
PCTools 7.0.3.5 2010.06.03 -
Prevx 3.0 2010.06.03 High Risk Cloaked Malware
Rising 22.50.03.04 2010.06.03 -
Sophos 4.53.0 2010.06.03 Mal/TDSSPack-Y
Sunbelt 6401 2010.06.03 Trojan.Win32.Generic!BT
Symantec 20101.1.0.89 2010.06.03 -
TheHacker 6.5.2.0.292 2010.06.03 Trojan/Kryptik.emm
TrendMicro 9.120.0.1004 2010.06.03 -
TrendMicro-HouseCall 9.120.0.1004 2010.06.03 -
VBA32 3.12.12.5 2010.06.03 Backdoor.Win32.Agent.avdv
ViRobot 2010.6.3.2335 2010.06.03 -
VirusBuster 5.0.27.0 2010.06.03 Backdoor.Agent.VXZH
Additional information
File size: 70656 bytes
MD5...: 70ee3ff41c5e94116f0ee530a67ad85e
SHA1..: d23a013f1e735fcf610bac80451cdfa6c39894eb
SHA256: 55fd64cb39c6e556c41298d883784848bd244464e78b92dd3a4085b073ef9068
ssdeep: 1536:KU+dca+xrcsrvIl8ShwH3Nv7GW2w3uPQYNJ:KvercOv8I3RGWr32l
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x2a01
timedatestamp.....: 0x47d53671 (Mon Mar 10 13:24:01 2008)
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x1ab0 0x2000 5.56 b845772583fc8aecf685a38ff907f8fb
.rdata 0x3000 0x4d5 0x1000 1.98 a1eec8316f0129936efc579200e7615f
.data 0x4000 0x4d4 0x1000 0.26 f320bdb83801328b076db0871efbcb3b
.rsrc 0x5000 0x398 0x1000 0.95 289d89d68e2537a00740439a8811b72f
.reloc 0x6000 0x1f0 0x1000 1.03 40cc1b444a55511f44d0151f98a3b2fc

( 3 imports )
> KERNEL32.dll: LoadLibraryA, GetModuleFileNameA, DisableThreadLibraryCalls, GetPrivateProfileStringA, WritePrivateProfileStringA, FreeLibrary
> USER32.dll: GetDlgItem, SetWindowTextA, EndDialog, GetWindowTextA, DialogBoxParamA, LoadStringA, wsprintfA
> MSVCRT.dll: _adjust_fdiv, malloc, _initterm, free, _ftol, strcat, strlen, strcpy, atol, memset, mktime, localtime, time, strcmp, atoi, strncpy, strchr, _swab

( 12 exports )
ProtEditAppLicence, ProtFormatLicenceString, ProtGetLicenceString, ProtGetStruct, ProtSetStruct, ProtTestKey, _GetNbDaysBeforeExpiration@4, _GetProtAppFlag@4, _GetProtNbSLM@4, _GetProtSLM@8, _IsProtLicenceOK@8, _ProtGetFormatLicenceString@196
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Generic Win/DOS Executable (49.9%)
DOS Executable Generic (49.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
sigcheck:
publisher....: n/a
copyright....: Copyright (C) 2010
product......: vsdsvsdsetup Application
description..: Pasdvasetup Application
original name: asdvasdsetup.exe
internal name: PPCsetup
file version.: 1, 0, 0, 1
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
Symantec Reputation Network: Suspicious.Insight http://www.symantec.com/security_response/writeup.jsp?docid=2010-021223-0550-99
<a href='http://info.prevx.com/aboutprogramtext.asp?PX5=676A30BD0039924C143501BE27C26D00052E7FAF' target='_blank'>http://info.prevx.com/aboutprogramtext.asp?PX5=676A30BD0039924C143501BE27C26D00052E7FAF</a>


************************VirusTotal Analysis for 9oCE93179.dll
Antivirus Version Last Update Result
a-squared 5.0.0.26 2010.06.03 Backdoor.Agent!IK
AhnLab-V3 2010.06.04.00 2010.06.03 Win-Trojan/Xema.variant
AntiVir 8.2.2.4 2010.06.03 BDS/Agent.avdv.1
Antiy-AVL 2.0.3.7 2010.06.02 Backdoor/Win32.Agent.gen
Authentium 5.2.0.5 2010.06.03 W32/Alureon.W.gen!Eldorado
Avast 4.8.1351.0 2010.06.03 Win32:Agent-AKKO
Avast5 5.0.332.0 2010.06.03 Win32:Agent-AKKO
AVG 9.0.0.787 2010.06.03 Agent2.ATYW
BitDefender 7.2 2010.06.03 Trojan.Generic.4008684
CAT-QuickHeal 10.00 2010.06.03 Backdoor.Agent.avdv
ClamAV 0.96.0.3-git 2010.06.03 Trojan.Agent-155622
Comodo 4980 2010.06.01 TrojWare.Win32.Agent.eben
DrWeb 5.0.2.03300 2010.06.03 BackDoor.Siggen.19032
eSafe 7.0.17.0 2010.06.03 -
eTrust-Vet 35.2.7527 2010.06.03 Win32/Alureon.BCP
F-Prot 4.6.0.103 2010.06.03 W32/Alureon.W.gen!Eldorado
F-Secure 9.0.15370.0 2010.06.03 Trojan.Generic.4008684
Fortinet 4.1.133.0 2010.06.03 -
GData 21 2010.06.03 Trojan.Generic.4008684
Ikarus T3.1.1.84.0 2010.06.03 Backdoor.Agent
Jiangmin 13.0.900 2010.06.03 Backdoor/Agent.cxbu
Kaspersky 7.0.0.125 2010.06.03 Backdoor.Win32.Agent.avdv
McAfee 5.400.0.1158 2010.06.03 DNSChanger.bs
McAfee-GW-Edition 2010.1 2010.06.03 Heuristic.LooksLike.Trojan.Backdoor.Agent.I
Microsoft 1.5802 2010.06.03 Trojan:Win32/Alureon.DV
NOD32 5170 2010.06.03 Win32/Olmarik.YR
Norman 6.04.12 2010.06.03 W32/Smalltroj.YSNV
nProtect 2010-06-03.01 2010.06.03 Trojan.Generic.4008684
Panda 10.0.2.7 2010.06.03 Trj/CI.A
PCTools 7.0.3.5 2010.06.03 -
Rising 22.50.03.04 2010.06.03 -
Sophos 4.53.0 2010.06.03 Mal/TDSSPack-Y
Sunbelt 6401 2010.06.03 Trojan.Win32.Generic!BT
Symantec 20101.1.0.89 2010.06.03 -
TheHacker 6.5.2.0.292 2010.06.03 Trojan/Kryptik.emm
TrendMicro 9.120.0.1004 2010.06.03 -
TrendMicro-HouseCall 9.120.0.1004 2010.06.03 -
VBA32 3.12.12.5 2010.06.03 Backdoor.Win32.Agent.avdv
ViRobot 2010.6.3.2335 2010.06.03 -
VirusBuster 5.0.27.0 2010.06.03 Backdoor.Agent.VXZH
Additional information
File size: 70656 bytes
MD5...: 70ee3ff41c5e94116f0ee530a67ad85e
SHA1..: d23a013f1e735fcf610bac80451cdfa6c39894eb
SHA256: 55fd64cb39c6e556c41298d883784848bd244464e78b92dd3a4085b073ef9068
ssdeep: 1536:KU+dca+xrcsrvIl8ShwH3Nv7GW2w3uPQYNJ:KvercOv8I3RGWr32l
PEiD..: -
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x1000
timedatestamp.....: 0x422eef1b (Wed Mar 09 12:42:03 2005)
machinetype.......: 0x14c (I386)

( 3 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x1000 0x3000 0x2a00 0.24 de4b99c05568b838f70c68fec21060d4
.data 0x4000 0x2f000 0xe200 7.81 66763264ef075d7c98df8324eeb3951e
.rsrc 0x33000 0x1000 0x400 2.66 ffe0298fe7154c7a2174d283500baa9f

( 1 imports )
> kernel32.dll: CloseHandle, CreateEventA, CreateFileA, CreateThread, DeleteCriticalSection, DeleteCriticalSection, DeleteFileA, DeviceIoControl, DuplicateHandle, EnterCriticalSection, EnterCriticalSection, ExitProcess, ExitProcess, ExitThread, FindResourceA, FlushFileBuffers, FormatMessageA, FreeEnvironmentStringsA, FreeEnvironmentStringsW, GetACP, GetCPInfo, GetCommandLineA, GetCommandLineA, GetCurrentProcess, GetCurrentProcessId, GetCurrentThreadId, GetEnvironmentStrings, GetEnvironmentStringsW, GetEnvironmentVariableA, GetFileType, GetLastError, GetLastError, GetModuleFileNameA, GetModuleHandleA, GetModuleHandleA, GetOEMCP, GetProcAddress, GetProcAddress, GetProcessHeap, GetProcessId, GetStartupInfoA, GetStdHandle, GetStringTypeA, GetSystemDirectoryA, GetTickCount, GetVersion, GetVersion, GetVersionExA, GlobalAlloc, GlobalLock, GlobalReAlloc, GlobalUnlock, HeapAlloc, HeapCreate, HeapDestroy, HeapFree, HeapReAlloc, InitializeCriticalSection, InitializeCriticalSection, InterlockedDecrement, InterlockedIncrement, LCMapStringA, LCMapStringW, LeaveCriticalSection, LeaveCriticalSection, LoadLibraryA, LoadLibraryA, LoadResource, LocalFree, LockResource, MultiByteToWideChar, OpenProcess, ReadFile, ReadProcessMemory, ResumeThread, RtlUnwind, SetEndOfFile, SetEvent, SetFilePointer, SetHandleCount, SetLastError, SetStdHandle, SizeofResource, TerminateProcess, TlsAlloc, TlsGetValue, TlsSetValue, UnhandledExceptionFilter, VirtualAlloc, VirtualFree, VirtualProtect, WaitForSingleObject, WideCharToMultiByte, WriteFile, lstrcatA, lstrcmpiA, lstrcpyA, lstrlenA

( 0 exports )
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Generic Win/DOS Executable (49.9%)
DOS Executable Generic (49.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
Symantec Reputation Network: Suspicious.Insight http://www.symantec.com/security_response/writeup.jsp?docid=2010-021223-0550-99
sigcheck:
publisher....: n/a
copyright....: Copyright (C) 2010
product......: vsdsvsdsetup Application
description..: Pasdvasetup Application
original name: asdvasdsetup.exe
internal name: PPCsetup
file version.: 1, 0, 0, 1
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

 

[ken545]

Lets run these through OTM as well

1. Please download OTM by OldTimer and save it to your desktop.
2. Double click the
   
   icon on your desktop.
3. Paste the following code under the
   
   area.
   Do not include the word "Code".
   
   

   :Processes
   explorer.exe
   
   :Services
   
   :Reg
   
   :Files
   c:\windows\system32\Spool\prtprocs\w32x86\9k179w1u9.dll
   c:\windows\system32\Spool\prtprocs\w32x86\9oCE93179.dll
   
   
   :Commands
   [purity]
   [emptytemp]
   [start explorer]
   [Reboot]

4. Push the large
   
   button.
5. OTM may ask to reboot the machine. Please do so if asked.
6. Copy/Paste the contents under the
   
   line here in your next reply.
7. If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Drag CF to the trash and use the links I provided to download a fresh copy as its updated on a regular basis. Run it and post the log please

 

[howardd]

Log file from OTM:

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
LoadLibrary failed for c:\windows\system32\Spool\prtprocs\w32x86\9k179w1u9.dll
c:\windows\system32\Spool\prtprocs\w32x86\9k179w1u9.dll moved successfully.
LoadLibrary failed for c:\windows\system32\Spool\prtprocs\w32x86\9oCE93179.dll
c:\windows\system32\Spool\prtprocs\w32x86\9oCE93179.dll moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: db2admin
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Howard
->Temp folder emptied: 133029 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 9301116 bytes
->Flash cache emptied: 560 bytes

User: Mcx1-SERVER01
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: netlink
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

User: Susanne
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 9.00 mb


OTM by OldTimer - Version 3.1.12.2 log created on 06032010_192854

Files moved on Reboot...
File move failed. C:\Windows\temp\CLML_AGENT_LOG1.txt scheduled to be moved on reboot.
File C:\Windows\temp\sqlite_m5E3IbtDJcNbHpy not found!

Registry entries deleted on Reboot...



*********************CF log (after downloading new copy)

ComboFix 10-06-03.01 - Howard 06/03/2010 19:38:37.3.1 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1983.1256 [GMT -5:00]
Running from: c:\users\Howard\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
The following files were disabled during the run:
c:\windows\system32\audiolor.dll


((((((((((((((((((((((((( Files Created from 2010-05-04 to 2010-06-04 )))))))))))))))))))))))))))))))
.

2010-06-04 00:44 . 2010-06-04 00:44 -------- d-----w- c:\users\Susanne\AppData\Local\temp
2010-06-04 00:44 . 2010-06-04 00:44 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-06-04 00:44 . 2010-06-04 00:44 -------- d-----w- c:\users\netlink\AppData\Local\temp
2010-06-04 00:44 . 2010-06-04 00:44 -------- d-----w- c:\users\Mcx1-SERVER01\AppData\Local\temp
2010-06-04 00:44 . 2010-06-04 00:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-06-04 00:44 . 2010-06-04 00:44 -------- d-----w- c:\users\db2admin\AppData\Local\temp
2010-06-04 00:44 . 2010-06-04 00:44 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2010-06-03 21:31 . 2010-06-03 21:31 -------- d-----w- C:\_OTM
2010-06-02 03:54 . 2010-06-04 00:44 -------- d-----w- c:\users\Howard\AppData\Local\temp
2010-06-02 03:30 . 2010-06-02 03:30 40960 ----a-w- c:\windows\system32\audiolor.dll.vir
2010-05-22 23:53 . 2010-05-22 23:53 123828 ---ha-w- c:\windows\system32\mlfcache.dat
2010-05-22 23:06 . 2010-05-24 22:27 -------- d-----w- c:\users\Howard\AppData\Roaming\mIRC
2010-05-22 17:17 . 2010-05-22 17:39 -------- d-----w- c:\users\Howard\AppData\Roaming\X-Chat 2
2010-05-22 06:47 . 2010-06-02 07:12 439816 ----a-w- c:\users\Howard\AppData\Roaming\Real\Update\setup3.10\setup.exe
2010-05-20 04:24 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-20 04:24 . 2010-05-20 04:24 -------- d-----w- c:\programdata\Malwarebytes
2010-05-20 04:24 . 2010-06-02 22:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-20 04:24 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-20 03:49 . 2010-05-19 04:48 70656 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\1kU317.dll
2010-05-20 03:07 . 2010-05-20 05:28 -------- d-----w- c:\users\Howard\AppData\Roaming\uTorrent
2010-05-20 00:42 . 2010-05-19 04:48 70656 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\Y3c793yW9.dll
2010-05-19 04:49 . 2010-05-19 04:48 70656 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\5aA5k.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-04 00:30 . 2007-11-06 08:11 2032 ----a-w- c:\users\Howard\AppData\Local\d3d9caps.dat
2010-06-02 05:15 . 2009-02-16 04:26 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-02 04:43 . 2009-02-16 04:25 -------- d-----w- c:\program files\Common Files\Adobe
2010-06-02 03:30 . 2010-06-02 03:30 12 ----a-w- c:\users\Howard\AppData\Roaming\czyiwa.dat
2010-05-28 21:44 . 2010-02-02 20:33 1 ----a-w- c:\users\Howard\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-05-20 14:05 . 2009-01-02 04:58 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-05-20 14:05 . 2009-09-25 22:08 -------- d-----w- c:\program files\TechSmith
2010-05-20 14:03 . 2009-03-11 17:20 -------- d-----w- c:\users\Howard\AppData\Roaming\Orbit
2010-05-20 14:02 . 2009-01-02 04:59 -------- d-----w- c:\programdata\Lavasoft
2010-05-06 15:36 . 2009-10-03 00:35 221568 ----a-w- c:\windows\system32\MpSigStub.exe
2010-04-19 01:07 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-03-26 15:33 . 2010-04-14 21:51 1496064 ----a-w- c:\users\Howard\AppData\Roaming\Mozilla\Firefox\Profiles\cktxihyw.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-03-26 15:33 . 2010-04-14 21:51 43008 ----a-w- c:\users\Howard\AppData\Roaming\Mozilla\Firefox\Profiles\cktxihyw.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-03-26 15:33 . 2010-04-14 21:51 339456 ----a-w- c:\users\Howard\AppData\Roaming\Mozilla\Firefox\Profiles\cktxihyw.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-03-26 15:32 . 2010-04-14 21:51 346112 ----a-w- c:\users\Howard\AppData\Roaming\Mozilla\Firefox\Profiles\cktxihyw.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2010-03-09 16:28 . 2010-03-30 18:13 833024 ----a-w- c:\windows\system32\wininet.dll
2010-03-09 16:25 . 2010-03-30 18:13 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-09 14:01 . 2010-03-30 18:13 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-01-02 19:56 . 2009-02-16 04:36 174 --sha-w- c:\program files\desktop (2).ini
2007-09-04 04:37 . 2009-02-16 04:29 135680 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2006-05-06 16:42 . 2009-02-16 04:29 7260160 ----a-w- c:\program files\mozilla firefox\plugins\libvlc.dll
2006-05-03 10:06 . 2010-02-21 20:13 163328 --sha-r- c:\windows\System32\flvDX.dll
2007-02-21 11:47 . 2010-02-21 20:13 31232 --sha-r- c:\windows\System32\msfDX.dll
2008-03-16 13:30 . 2010-02-21 20:13 216064 --sha-r- c:\windows\System32\nbDX.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-06-02_03.51.03 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-02-24 10:08 . 2010-01-23 09:26 19456 c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6002.18248_none_170a947c06d19246\tzupd.exe
+ 2010-02-24 10:08 . 2010-01-23 09:44 19456 c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6001.18464_none_150a7fae09bf1281\tzupd.exe
+ 2007-11-04 01:28 . 2010-06-04 00:33 46080 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2010-06-04 00:33 55490 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2007-11-04 01:13 . 2010-06-04 00:33 10712 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1905926303-259802968-3923504678-1000_UserData.bin
- 2006-11-02 13:02 . 2010-05-20 05:26 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2006-11-02 13:02 . 2010-06-03 23:34 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2006-11-02 13:02 . 2010-05-20 05:26 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2006-11-02 13:02 . 2010-06-03 23:34 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2005-01-01 06:00 . 2010-05-27 20:40 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2005-01-01 06:00 . 2010-06-04 00:31 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2005-01-01 06:00 . 2010-06-04 00:31 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2005-01-01 06:00 . 2010-05-27 20:40 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2005-01-01 06:00 . 2010-05-27 20:40 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2005-01-01 06:00 . 2010-06-04 00:31 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2005-01-01 06:00 . 2010-05-27 05:23 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2005-01-01 06:00 . 2010-06-04 00:30 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2005-01-01 06:00 . 2010-06-04 00:30 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2005-01-01 06:00 . 2010-05-27 05:23 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2005-01-01 06:00 . 2010-05-27 05:23 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2005-01-01 06:00 . 2010-06-04 00:30 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-05-27 05:23 . 2010-05-27 05:23 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-06-04 00:30 . 2010-06-04 00:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-05-27 05:23 . 2010-05-27 05:23 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-06-04 00:30 . 2010-06-04 00:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2006-11-02 10:33 . 2010-06-04 00:35 699042 c:\windows\System32\perfc009.dat
+ 2010-06-02 04:44 . 2010-06-02 04:44 295606 c:\windows\Installer\{AC76BA86-7AD7-1033-7B44-A82000000003}\SC_Reader.exe
- 2006-11-02 10:22 . 2010-05-20 00:40 6553600 c:\windows\System32\SMI\Store\Machine\schema.dat
+ 2006-11-02 10:22 . 2010-06-03 21:34 6553600 c:\windows\System32\SMI\Store\Machine\schema.dat
+ 2006-11-02 10:33 . 2010-06-04 00:35 2373568 c:\windows\System32\perfh009.dat
+ 2010-06-02 04:44 . 2010-06-02 04:44 4272128 c:\windows\Installer\58589.msi
+ 2009-04-30 08:00 . 2010-06-02 06:42 253174122 c:\windows\winsxs\ManifestCache\6.0.6002.18005_001c11ba_blobs.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-07-03 135680]
"Google Update"="c:\users\Howard\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-08-28 133104]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"basicsmssmenu"="c:\program files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe" [2007-10-09 169328]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"DiscWizardMonitor.exe"="c:\program files\Seagate\DiscWizard\DiscWizardMonitor.exe" [2008-06-25 1325848]
"AcronisTimounterMonitor"="c:\program files\Seagate\DiscWizard\TimounterMonitor.exe" [2008-06-25 904768]
"Seagate Scheduler2 Service"="c:\program files\Common Files\Seagate\Schedule2\schedhlp.exe" [2008-06-25 136472]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-02-02 149280]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-01-01 185896]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"DefaultP17MIDI"="MIDIDEF.EXE" [2002-12-03 49152]
"DefaultP17"="P17Def.Exe" [2005-05-03 20480]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\appcertdlls]
doskconv REG_SZ c:\windows\system32\audiolor.dll

R0 ntcdrdrv;ntcdrdrv;c:\windows\system32\DRIVERS\ntcdrdrv.sys [x]
R2 gupdate1c8c2012b3c7789;Google Update Service (gupdate1c8c2012b3c7789);c:\program files\Google\Update\GoogleUpdate.exe [2008-08-28 133104]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-02-08 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-02-07 79360]
R4 MSIU-a420d717;MSIU-a420d717;c:\windows\system32\-a420d717.exe [x]
R4 MSIU-f36decbb;MSIU-f36decbb;c:\windows\system32\-f36decbb.exe [x]
S2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files\Common Files\Seagate\Schedule2\schedul2.exe [2008-06-25 431384]

.
Contents of the 'Scheduled Tasks' folder

2010-06-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-07-16 16:17]

2010-06-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-07-16 16:17]

2010-06-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1905926303-259802968-3923504678-1000Core.job
- c:\users\Howard\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-03 16:17]

2010-06-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1905926303-259802968-3923504678-1000UA.job
- c:\users\Howard\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-03 16:17]

2010-06-04 c:\windows\Tasks\SDMsgUpdate (TE).job
- d:\progra~1\SMARTD~1\Messages\SDNotify.exe [2009-07-11 14:29]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-03 19:44
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(792)
c:\windows\system32\relog_ap.dll
.
Completion time: 2010-06-03 19:47:34
ComboFix-quarantined-files.txt 2010-06-04 00:47
ComboFix2.txt 2010-06-02 04:34
ComboFix3.txt 2010-06-02 03:54

Pre-Run: 46,783,221,760 bytes free
Post-Run: 46,732,361,728 bytes free

- - End Of File - - A5DC8CEB740B83A6FD10F1C20FABF2AC

 

[ken545]

Hi,

We are deleting files and more are being installed .

Please download SuperAntiSpyware Free
Install the program

• Run SuperAntiSpyware and click: Check for updates
• Once the update is finished, on the main screen, click: Scan your computer
• Check: Perform Complete Scan
• Click Next to start the scan.

Superantispyware scans the computer, and when finished, lists all the infections found.
Make sure everything found has a check next to it, and press: Next <-- Important
Then, click Finish

It is possible that the program asks to reboot in order to delete some files.

Obtain the SuperAntiSpyware log as follows:

• Click: Preferences
• Click the Statistics/Logs tab
• Under Scanner Logs, double-click SuperAntiSpyware Scan Log

It opens in your default text editor (such as Notepad)

Please provide the SuperAntiSpyware log in your reply, as well as a new DDS.

 

[howardd]

Here goes...
SUPERAntiSpyware Log:

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/03/2010 at 09:39 PM

Application Version : 4.38.1004

Core Rules Database Version : 5030
Trace Rules Database Version: 2842

Scan type : Complete Scan
Total Scan Time : 00:52:42

Memory items scanned : 562
Memory threats detected : 1
Registry items scanned : 6868
Registry threats detected : 0
File items scanned : 42836
File threats detected : 417

Trojan.Agent/Gen-FakeAlert[ClientNotify]
C:\WINDOWS\SYSTEM32\AUDIOLOR.DLL
C:\WINDOWS\SYSTEM32\AUDIOLOR.DLL

Adware.Tracking Cookie
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@media6degrees[1].txt
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@atdmt[1].txt
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@insightexpressai[2].txt
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@collective-media[1].txt
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@adtech[1].txt
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@chitika[1].txt
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@revsci[2].txt
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@ads.lucidmedia[1].txt
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@track.bestbuy[1].txt
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@tribalfusion[2].txt
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@kontera[2].txt
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@msnportal.112.2o7[1].txt
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies\administrator@microsoftwindows.112.2o7[1].txt
C:\Users\Susanne\AppData\Roaming\Microsoft\Windows\Cookies\susanne@windowsmedia[1].txt
.adbrite.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
4.adbrite.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.adbrite.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.adbrite.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
4.adbrite.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.specificclick.net [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.specificclick.net [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.specificclick.net [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.specificclick.net [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.specificclick.net [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.fastclick.net [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.fastclick.net [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.fastclick.net [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.fastclick.net [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.fastclick.net [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.fastclick.net [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.specificclick.net [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.fastclick.net [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.fastclick.net [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.fastclick.net [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.mediaplex.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.mediaplex.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.kontera.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.kontera.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.kontera.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.atdmt.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.tribalfusion.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.tribalfusion.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.tribalfusion.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.tribalfusion.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.ad.doubleclick.net [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.doubleclick.net [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
ad.yieldmanager.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
ad.yieldmanager.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
ad.yieldmanager.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
ad.yieldmanager.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
ad.yieldmanager.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
ad.yieldmanager.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
ads.revsci.net [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
ad.yieldmanager.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
ad.yieldmanager.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
ad.yieldmanager.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
ad.yieldmanager.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.adopt.specificclick.net [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.advertising.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.burstnet.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.zedo.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.realmedia.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.realmedia.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.realmedia.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.realmedia.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.adrevolver.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.revsci.net [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.revsci.net [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.zedo.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.zedo.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.zedo.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.zedo.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.zedo.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.zedo.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.zedo.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
media.adrevolver.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
media.adrevolver.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
media.adrevolver.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.revsci.net [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.revsci.net [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.revsci.net [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.revsci.net [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.revsci.net [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.revsci.net [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.revsci.net [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.revsci.net [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.adopt.specificclick.net [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.realmedia.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.realmedia.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.revsci.net [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.revsci.net [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.revsci.net [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.zedo.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.revsci.net [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.revsci.net [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.revsci.net [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.revsci.net [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.revsci.net [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.revsci.net [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.revsci.net [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.revsci.net [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.revsci.net [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.revsci.net [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
media.adrevolver.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
media.adrevolver.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
media.adrevolver.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.adrevolver.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.adrevolver.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.advertising.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.advertising.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.advertising.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.advertising.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.adopt.specificclick.net [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.adopt.specificclick.net [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.adopt.specificclick.net [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.adopt.specificclick.net [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
adstats.cdfreaks.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.clickaider.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
3.adbrite.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.insightexpressai.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.insightexpressai.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.insightexpressai.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.insightexpressai.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.insightexpressai.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.insightexpressai.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.insightexpressai.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.insightexpressai.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.insightexpressai.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.insightexpressai.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.insightexpressai.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.insightexpressai.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.insightexpressai.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.insightexpressai.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.insightexpressai.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.insightexpressai.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.insightexpressai.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.insightexpressai.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.insightexpressai.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.insightexpressai.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.insightexpressai.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.insightexpressai.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.insightexpressai.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.insightexpressai.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.insightexpressai.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.insightexpressai.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.insightexpressai.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.insightexpressai.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.insightexpressai.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.insightexpressai.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.insightexpressai.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.insightexpressai.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.insightexpressai.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.insightexpressai.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.insightexpressai.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.insightexpressai.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.insightexpressai.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.insightexpressai.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.insightexpressai.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.insightexpressai.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.insightexpressai.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.insightexpressai.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.insightexpressai.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.insightexpressai.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.insightexpressai.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.insightexpressai.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.insightexpressai.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.insightexpressai.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.insightexpressai.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.insightexpressai.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
ads.adbrite.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
ads.adbrite.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
ads.adbrite.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
ads.adbrite.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
ads.adbrite.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
ads.adbrite.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
ads.adbrite.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
ad1.clickhype.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
ads3.blastro.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
ads3.blastro.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
ads3.blastro.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
ads3.blastro.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.tremor.adbureau.net [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
ads4.blastro.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
ads4.blastro.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
ads4.blastro.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
ads4.blastro.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
ads4.blastro.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
ads4.blastro.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.adtech.de [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.adtech.de [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.ehg-bskyb.hitbox.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.hitbox.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.hitbox.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.adultfriendfinder.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.adultfriendfinder.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.adserver.easyad.info [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
counter.search.bg [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.2o7.net [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.2o7.net [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.2o7.net [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.2o7.net [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.2o7.net [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.2o7.net [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.2o7.net [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.2o7.net [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.2o7.net [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.2o7.net [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.2o7.net [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.2o7.net [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.2o7.net [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.2o7.net [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.2o7.net [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.2o7.net [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.2o7.net [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.2o7.net [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.2o7.net [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.2o7.net [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.2o7.net [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.2o7.net [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.2o7.net [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.2o7.net [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.2o7.net [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.2o7.net [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.2o7.net [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.2o7.net [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.2o7.net [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.2o7.net [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.2o7.net [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.2o7.net [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.2o7.net [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.2o7.net [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.2o7.net [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.2o7.net [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.2o7.net [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.2o7.net [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.2o7.net [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.2o7.net [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.2o7.net [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.2o7.net [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.2o7.net [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.2o7.net [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.2o7.net [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.2o7.net [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.2o7.net [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.2o7.net [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.2o7.net [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.2o7.net [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.ads.pointroll.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.ads.pointroll.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.ads.pointroll.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.ads.pointroll.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.ads.pointroll.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.ads.pointroll.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.ads.pointroll.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.ads.pointroll.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.ads.pointroll.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.ehg-chartercommunications.hitbox.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.ehg-chartercommunications.hitbox.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.msnportal.112.2o7.net [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.eyewonder.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.questionmarket.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.questionmarket.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
www.googleadservices.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.adlegend.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.statcounter.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.statcounter.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.statcounter.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.statcounter.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.statcounter.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.statcounter.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.statcounter.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.statcounter.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.statcounter.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.statcounter.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.statcounter.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.statcounter.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.statcounter.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.statcounter.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.statcounter.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.statcounter.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.statcounter.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.statcounter.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.statcounter.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.casalemedia.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.casalemedia.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.casalemedia.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.casalemedia.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.casalemedia.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.casalemedia.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.casalemedia.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.casalemedia.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.casalemedia.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.casalemedia.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.casalemedia.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.casalemedia.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.tacoda.net [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.tacoda.net [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.tacoda.net [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.tacoda.net [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
stat.onestat.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
stat.onestat.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.imrworldwide.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.imrworldwide.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.brightcove.112.2o7.net [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.ehg-lgusa.hitbox.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.xiti.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.stats.adbrite.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.stats.adbrite.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.overture.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.ehg-dig.hitbox.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.ehg-dig.hitbox.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.ehg-dig.hitbox.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.serving-sys.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.serving-sys.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.serving-sys.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.serving-sys.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.serving-sys.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.bs.serving-sys.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.alivemedia.net [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.alivemedia.net [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.ehg-linksys.hitbox.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
itxt.vibrantmedia.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
data.coremetrics.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
hc2.humanclick.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
hc2.humanclick.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
www.googleadservices.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.countrywide.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.countrywide.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.countrywide.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
my.countrywide.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
www5.addfreestats.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.adopt.euroclick.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.adopt.euroclick.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.bizrate.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.bizrate.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.bizrate.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.bizrate.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.bizrate.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.bizrate.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.bizrate.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.ehg-tigerdirect2.hitbox.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
sales.liveperson.net [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
sales.liveperson.net [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.track.bestbuy.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.track.bestbuy.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.track.bestbuy.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.track.bestbuy.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.track.bestbuy.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.hotlog.ru [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.exitexchange.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.exitexchange.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.bluestreak.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.247realmedia.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
traffic.buyservices.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
www.googleadservices.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.clickbank.net [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
ads2.coreroot.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
www.warezquality.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
adserver5.teracent.net [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
www.fullreleases.biz [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
www.fullreleases.biz [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
www.fullreleases.biz [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.toplist.cz [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
www.fullreleases.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.trafficmp.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.trafficmp.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.trafficmp.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
.trafficmp.com [ D:\Windows.old\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\1wvwa74o.default\cookies.txt ]
D:\Windows.old\Documents and Settings\Administrator\Cookies\administrator@2o7[2].txt
D:\Windows.old\Documents and Settings\Administrator\Cookies\administrator@adbrite[2].txt
D:\Windows.old\Documents and Settings\Administrator\Cookies\administrator@adrevolver[2].txt
D:\Windows.old\Documents and Settings\Administrator\Cookies\administrator@adrevolver[3].txt
D:\Windows.old\Documents and Settings\Administrator\Cookies\administrator@ads.addesktop[2].txt
D:\Windows.old\Documents and Settings\Administrator\Cookies\administrator@ads.addynamix[1].txt
D:\Windows.old\Documents and Settings\Administrator\Cookies\administrator@ads.as4x.tmcs.ticketmaster[1].txt
D:\Windows.old\Documents and Settings\Administrator\Cookies\administrator@ads.cdfreaks[1].txt
D:\Windows.old\Documents and Settings\Administrator\Cookies\administrator@ads.cnn[1].txt
D:\Windows.old\Documents and Settings\Administrator\Cookies\administrator@ads.pointroll[1].txt
D:\Windows.old\Documents and Settings\Administrator\Cookies\administrator@as-us.falkag[1].txt
D:\Windows.old\Documents and Settings\Administrator\Cookies\administrator@atdmt[1].txt
D:\Windows.old\Documents and Settings\Administrator\Cookies\administrator@doubleclick[1].txt
D:\Windows.old\Documents and Settings\Administrator\Cookies\administrator@ehg-postnewsweek.hitbox[2].txt
D:\Windows.old\Documents and Settings\Administrator\Cookies\administrator@ehg-vmware.hitbox[1].txt
D:\Windows.old\Documents and Settings\Administrator\Cookies\administrator@fastclick[2].txt
D:\Windows.old\Documents and Settings\Administrator\Cookies\administrator@hitbox[2].txt
D:\Windows.old\Documents and Settings\Administrator\Cookies\administrator@icc.intellisrv[2].txt
D:\Windows.old\Documents and Settings\Administrator\Cookies\administrator@insightexpressai[2].txt
D:\Windows.old\Documents and Settings\Administrator\Cookies\administrator@media.fastclick[1].txt
D:\Windows.old\Documents and Settings\Administrator\Cookies\administrator@media1.gcn[2].txt
D:\Windows.old\Documents and Settings\Administrator\Cookies\administrator@mediaplex[1].txt
D:\Windows.old\Documents and Settings\Administrator\Cookies\administrator@microsofteup.112.2o7[1].txt
D:\Windows.old\Documents and Settings\Administrator\Cookies\administrator@msnportal.112.2o7[1].txt
D:\Windows.old\Documents and Settings\Administrator\Cookies\administrator@partner2profit[2].txt
D:\Windows.old\Documents and Settings\Administrator\Cookies\administrator@pntm.adbureau[1].txt
D:\Windows.old\Documents and Settings\Administrator\Cookies\administrator@questionmarket[2].txt
D:\Windows.old\Documents and Settings\Administrator\Cookies\administrator@revsci[1].txt
D:\Windows.old\Documents and Settings\Administrator\Cookies\administrator@sel.as-us.falkag[1].txt
D:\Windows.old\Documents and Settings\Administrator\Cookies\administrator@stat.onestat[2].txt
D:\Windows.old\Documents and Settings\Administrator\Cookies\administrator@statcounter[2].txt
D:\Windows.old\Documents and Settings\Administrator\Cookies\administrator@statse.webtrendslive[2].txt
D:\Windows.old\Documents and Settings\Administrator\Cookies\administrator@tacoda[1].txt
D:\Windows.old\Documents and Settings\Administrator\Cookies\administrator@tribalfusion[2].txt
D:\Windows.old\Documents and Settings\Administrator\Cookies\administrator@windowsmedia[2].txt
D:\Windows.old\Documents and Settings\Administrator\Cookies\administrator@www.burstbeacon[1].txt
D:\Windows.old\Documents and Settings\Administrator\Cookies\administrator@www.macromedia[1].txt
D:\Windows.old\Documents and Settings\Administrator\Cookies\administrator@z1.adserver[1].txt
D:\Windows.old\Documents and Settings\Administrator\Cookies\administrator@zedo[1].txt
.atdmt.com [ D:\Windows.old\Documents and Settings\SurfAccount\Application Data\Mozilla\Firefox\Profiles\xknnzcsj.default\cookies.txt ]
.2o7.net [ D:\Windows.old\Documents and Settings\SurfAccount\Application Data\Mozilla\Firefox\Profiles\xknnzcsj.default\cookies.txt ]

Trojan.Agent/Gen-FakeAlert
C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\1KU317.DLL
C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\5AA5K.DLL
C:\WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\Y3C793YW9.DLL
C:\_OTM\MOVEDFILES\06032010_163157\C_WINDOWS\SYSTEM32\-A420D717.EXE
C:\_OTM\MOVEDFILES\06032010_163157\C_WINDOWS\SYSTEM32\-F36DECBB.EXE
C:\_OTM\MOVEDFILES\06032010_192854\C_WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\9K179W1U9.DLL
C:\_OTM\MOVEDFILES\06032010_192854\C_WINDOWS\SYSTEM32\SPOOL\PRTPROCS\W32X86\9OCE93179.DLL

********DDS Log too long to post in one reply...see next post

 

[howardd]

And here is the latest DDS Log

DDS (Ver_10-03-17.01) - NTFSx86
Run by Howard at 22:05:49.29 on Thu 06/03/2010
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_16
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1983.1215 [GMT -5:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\Creative\Shared Files\CTAudSvc.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ATI\Catalyst Media Center\Kernel\TV\CLCapSvc.exe
C:\Program Files\ATI\Catalyst Media Center\Kernel\CLML_NTService\CLMLServer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Google\Update\1.2.183.27\GoogleCrashHandler.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
C:\Program Files\Seagate\DiscWizard\DiscWizardMonitor.exe
C:\Program Files\Seagate\DiscWizard\TimounterMonitor.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedhlp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Users\Howard\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Howard\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Howard\AppData\Local\Google\Update\1.2.183.27\GoogleCrashHandler.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Windows\ehome\ehsched.exe
C:\Windows\System32\mobsync.exe
C:\Windows\ehome\ehRecvr.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Users\Howard\Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = about:blank
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Google Update] "c:\users\howard\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [basicsmssmenu] "c:\program files\seagate\basics\basics status\MaxMenuMgrBasics.exe"
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [DiscWizardMonitor.exe] c:\program files\seagate\discwizard\DiscWizardMonitor.exe
mRun: [AcronisTimounterMonitor] c:\program files\seagate\discwizard\TimounterMonitor.exe
mRun: [Seagate Scheduler2 Service] "c:\program files\common files\seagate\schedule2\schedhlp.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRunOnce: [DefaultP17MIDI] MIDIDEF.EXE
dRunOnce: [DefaultP17] P17Def.Exe
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15111/CTPID.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
LSA: Authentication Packages = msv1_0 relog_ap

============= SERVICES / DRIVERS ===============

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files\common files\seagate\schedule2\schedul2.exe [2008-6-24 431384]
S2 gupdate1c8c2012b3c7789;Google Update Service (gupdate1c8c2012b3c7789);c:\program files\google\update\GoogleUpdate.exe [2008-7-15 133104]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files\common files\creative labs shared\service\AL6Licensing.exe [2010-2-7 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2010-2-7 79360]
S4 MSIU-a420d717;MSIU-a420d717;c:\windows\system32\-a420d717.exe --> c:\windows\system32\-a420d717.exe [?]
S4 MSIU-f36decbb;MSIU-f36decbb;c:\windows\system32\-f36decbb.exe --> c:\windows\system32\-f36decbb.exe [?]

=============== Created Last 30 ================

2010-06-04 01:42:37 0 d-----w- c:\users\howard\appdata\roaming\SUPERAntiSpyware.com
2010-06-04 01:42:37 0 d-----w- c:\programdata\SUPERAntiSpyware.com
2010-06-04 01:42:32 0 d-----w- c:\program files\SUPERAntiSpyware
2010-06-04 00:46:11 0 d-sh--w- C:\$RECYCLE.BIN
2010-06-03 21:31:57 0 d-----w- C:\_OTM
2010-06-02 03:39:43 98816 ----a-w- c:\windows\sed.exe
2010-06-02 03:39:43 77312 ----a-w- c:\windows\MBR.exe
2010-06-02 03:39:43 256512 ----a-w- c:\windows\PEV.exe
2010-06-02 03:39:43 161792 ----a-w- c:\windows\SWREG.exe
2010-06-02 03:30:45 12 ----a-w- c:\users\howard\appdata\roaming\czyiwa.dat
2010-05-22 23:53:35 123828 ---ha-w- c:\windows\system32\mlfcache.dat
2010-05-22 23:06:40 0 d-----w- c:\users\howard\appdata\roaming\mIRC
2010-05-22 17:17:50 0 d-----w- c:\users\howard\appdata\roaming\X-Chat 2
2010-05-20 04:24:55 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-20 04:24:54 0 d-----w- c:\programdata\Malwarebytes
2010-05-20 04:24:53 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-20 04:24:53 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-20 03:07:09 0 d-----w- c:\users\howard\appdata\roaming\uTorrent

==================== Find3M ====================

2010-05-06 15:36:38 221568 ----a-w- c:\windows\system32\MpSigStub.exe
2010-03-09 16:28:40 833024 ----a-w- c:\windows\system32\wininet.dll
2010-03-09 16:25:21 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-09 14:01:47 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2010-02-08 09:00:41 86016 ----a-w- c:\windows\inf\infstrng.dat
2010-02-08 09:00:41 51200 ----a-w- c:\windows\inf\infpub.dat
2010-02-08 09:00:38 86016 ----a-w- c:\windows\inf\infstor.dat
2009-02-16 06:31:11 174 --sha-w- c:\program files\desktop.ini
2009-02-16 06:23:27 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-01-02 19:56:28 174 --sha-w- c:\program files\desktop (2).ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2008-12-19 04:14:51 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\temp\cookies\index.dat
2008-12-19 04:14:51 16384 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\temp\history\history.ie5\index.dat
2008-12-19 04:14:51 32768 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\local\temp\temporary internet files\content.ie5\index.dat
2006-05-03 10:06:54 163328 --sha-r- c:\windows\system32\flvDX.dll
2007-02-21 11:47:16 31232 --sha-r- c:\windows\system32\msfDX.dll
2008-03-16 13:30:52 216064 --sha-r- c:\windows\system32\nbDX.dll
2008-10-05 20:11:39 16384 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\feeds cache\index.dat
2008-10-07 11:56:34 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012008092920081006\index.dat
2008-10-14 19:57:51 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012008100620081013\index.dat
2008-10-14 19:57:51 32768 --sha-w- c:\windows\system32\config\systemprofile\appdata\local\microsoft\windows\history\history.ie5\mshist012008101420081015\index.dat

============= FINISH: 22:06:52.48 ===============

 

[ken545]

This looks like the culprit, again drag Combofix to the trash and grab a fresh copy, make sure to download it to your desktop.



Open Notepad Go to Start> All Programs> Assessories> Notepad ( this will only work with Notepad )and copy all the text inside the Codebox by highlighting it all and pressing CTRL C on your keyboard, then paste it into Notepad, make sure there is no space before and above Driver::

Driver::
MSIU-a420d717
MSIU-f36decbb

Save this as CFScript to your desktop.

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply .


Also let me know how things are running now ???

 

[howardd]

Most things are working again.
1. Chrome was spewing an error cx0000135 when it tried to spawn a tab. Al over the web no-one seems to have an explanation or fix. After running SUPERAntiSpyware Chrome has returned to normal (no more error)

2. Browser redirects are gone. I can reliably get to safer-networking.org, google or other sites without redirects popping up.

3. Machine boots are slightly faster (not as much hdd thrashing)

4. BUT my Firefox.exe is gone. I'll try uninstall/cleanup/reinstall

This all started when I accidentally clicked on Windows PC Defender last December. Been cleaning up ever since.

Thanks

Combofix log:

ComboFix 10-06-03.01 - Howard 06/04/2010 15:47:50.4.1 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1983.1056 [GMT -5:00]
Running from: c:\users\Howard\Desktop\ComboFix.exe
Command switches used :: c:\users\Howard\Desktop\CFScript.txt
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_MSIU-a420d717
-------\Service_MSIU-f36decbb


((((((((((((((((((((((((( Files Created from 2010-05-04 to 2010-06-04 )))))))))))))))))))))))))))))))
.

2010-06-04 20:52 . 2010-06-04 20:56 -------- d-----w- c:\users\Howard\AppData\Local\temp
2010-06-04 20:52 . 2010-06-04 20:52 -------- d-----w- c:\users\Susanne\AppData\Local\temp
2010-06-04 20:52 . 2010-06-04 20:52 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-06-04 20:52 . 2010-06-04 20:52 -------- d-----w- c:\users\netlink\AppData\Local\temp
2010-06-04 20:52 . 2010-06-04 20:52 -------- d-----w- c:\users\Mcx1-SERVER01\AppData\Local\temp
2010-06-04 20:52 . 2010-06-04 20:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-06-04 20:52 . 2010-06-04 20:52 -------- d-----w- c:\users\db2admin\AppData\Local\temp
2010-06-04 20:52 . 2010-06-04 20:52 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2010-06-04 01:43 . 2010-06-04 01:43 63488 ----a-w- c:\users\Howard\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-06-04 01:43 . 2010-06-04 01:43 52224 ----a-w- c:\users\Howard\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-06-04 01:43 . 2010-06-04 01:43 117760 ----a-w- c:\users\Howard\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-06-04 01:42 . 2010-06-04 01:42 -------- d-----w- c:\users\Howard\AppData\Roaming\SUPERAntiSpyware.com
2010-06-04 01:42 . 2010-06-04 01:42 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-06-04 01:42 . 2010-06-04 01:42 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-06-03 21:31 . 2010-06-03 21:31 -------- d-----w- C:\_OTM
2010-05-22 23:53 . 2010-05-22 23:53 123828 ---ha-w- c:\windows\system32\mlfcache.dat
2010-05-22 23:06 . 2010-05-24 22:27 -------- d-----w- c:\users\Howard\AppData\Roaming\mIRC
2010-05-22 17:17 . 2010-05-22 17:39 -------- d-----w- c:\users\Howard\AppData\Roaming\X-Chat 2
2010-05-22 06:47 . 2010-06-02 07:12 439816 ----a-w- c:\users\Howard\AppData\Roaming\Real\Update\setup3.10\setup.exe
2010-05-20 04:24 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-20 04:24 . 2010-05-20 04:24 -------- d-----w- c:\programdata\Malwarebytes
2010-05-20 04:24 . 2010-06-02 22:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-20 04:24 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-20 03:07 . 2010-05-20 05:28 -------- d-----w- c:\users\Howard\AppData\Roaming\uTorrent

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-04 20:55 . 2007-11-06 08:11 2032 ----a-w- c:\users\Howard\AppData\Local\d3d9caps.dat
2010-06-02 05:15 . 2009-02-16 04:26 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-02 04:43 . 2009-02-16 04:25 -------- d-----w- c:\program files\Common Files\Adobe
2010-06-02 03:30 . 2010-06-02 03:30 12 ----a-w- c:\users\Howard\AppData\Roaming\czyiwa.dat
2010-05-28 21:44 . 2010-02-02 20:33 1 ----a-w- c:\users\Howard\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-05-20 14:05 . 2009-01-02 04:58 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-05-20 14:05 . 2009-09-25 22:08 -------- d-----w- c:\program files\TechSmith
2010-05-20 14:03 . 2009-03-11 17:20 -------- d-----w- c:\users\Howard\AppData\Roaming\Orbit
2010-05-20 14:02 . 2009-01-02 04:59 -------- d-----w- c:\programdata\Lavasoft
2010-05-06 15:36 . 2009-10-03 00:35 221568 ----a-w- c:\windows\system32\MpSigStub.exe
2010-04-19 01:07 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-03-26 15:33 . 2010-04-14 21:51 1496064 ----a-w- c:\users\Howard\AppData\Roaming\Mozilla\Firefox\Profiles\cktxihyw.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-03-26 15:33 . 2010-04-14 21:51 43008 ----a-w- c:\users\Howard\AppData\Roaming\Mozilla\Firefox\Profiles\cktxihyw.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-03-26 15:33 . 2010-04-14 21:51 339456 ----a-w- c:\users\Howard\AppData\Roaming\Mozilla\Firefox\Profiles\cktxihyw.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-03-26 15:32 . 2010-04-14 21:51 346112 ----a-w- c:\users\Howard\AppData\Roaming\Mozilla\Firefox\Profiles\cktxihyw.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2010-03-09 16:28 . 2010-03-30 18:13 833024 ----a-w- c:\windows\system32\wininet.dll
2010-03-09 16:25 . 2010-03-30 18:13 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-09 14:01 . 2010-03-30 18:13 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-01-02 19:56 . 2009-02-16 04:36 174 --sha-w- c:\program files\desktop (2).ini
2007-09-04 04:37 . 2009-02-16 04:29 135680 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2006-05-06 16:42 . 2009-02-16 04:29 7260160 ----a-w- c:\program files\mozilla firefox\plugins\libvlc.dll
2006-05-03 10:06 . 2010-02-21 20:13 163328 --sha-r- c:\windows\System32\flvDX.dll
2007-02-21 11:47 . 2010-02-21 20:13 31232 --sha-r- c:\windows\System32\msfDX.dll
2008-03-16 13:30 . 2010-02-21 20:13 216064 --sha-r- c:\windows\System32\nbDX.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-06-02_03.51.03 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-02-24 10:08 . 2010-01-23 09:26 19456 c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6002.18248_none_170a947c06d19246\tzupd.exe
+ 2010-02-24 10:08 . 2010-01-23 09:44 19456 c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6001.18464_none_150a7fae09bf1281\tzupd.exe
+ 2007-11-04 01:28 . 2010-06-04 03:04 46300 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2010-06-04 03:04 55790 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2007-11-04 01:13 . 2010-06-04 03:04 10932 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1905926303-259802968-3923504678-1000_UserData.bin
- 2006-11-02 13:02 . 2010-05-20 05:26 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2006-11-02 13:02 . 2010-06-04 20:54 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-06-04 20:44 . 2010-06-04 20:54 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2006-11-02 13:02 . 2010-05-20 05:26 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2006-11-02 13:02 . 2010-06-04 20:54 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2005-01-01 06:00 . 2010-06-04 03:01 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2005-01-01 06:00 . 2010-05-27 20:40 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2005-01-01 06:00 . 2010-06-04 03:01 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2005-01-01 06:00 . 2010-05-27 20:40 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2005-01-01 06:00 . 2010-05-27 20:40 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2005-01-01 06:00 . 2010-06-04 03:01 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2005-01-01 06:00 . 2010-05-27 05:23 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2005-01-01 06:00 . 2010-06-04 20:53 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2005-01-01 06:00 . 2010-06-04 20:53 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2005-01-01 06:00 . 2010-05-27 05:23 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2005-01-01 06:00 . 2010-05-27 05:23 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2005-01-01 06:00 . 2010-06-04 20:53 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-06-04 20:53 . 2010-06-04 20:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-05-27 05:23 . 2010-05-27 05:23 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-06-04 20:53 . 2010-06-04 20:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2010-05-27 05:23 . 2010-05-27 05:23 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2006-11-02 10:33 . 2010-06-04 03:05 703228 c:\windows\System32\perfc009.dat
+ 2010-06-02 04:44 . 2010-06-02 04:44 295606 c:\windows\Installer\{AC76BA86-7AD7-1033-7B44-A82000000003}\SC_Reader.exe
- 2006-11-02 10:22 . 2010-05-20 00:40 6553600 c:\windows\System32\SMI\Store\Machine\schema.dat
+ 2006-11-02 10:22 . 2010-06-03 21:34 6553600 c:\windows\System32\SMI\Store\Machine\schema.dat
+ 2006-11-02 10:33 . 2010-06-04 03:05 2385950 c:\windows\System32\perfh009.dat
+ 2010-06-02 04:44 . 2010-06-02 04:44 4272128 c:\windows\Installer\58589.msi
+ 2009-04-30 08:00 . 2010-06-02 06:42 253174122 c:\windows\winsxs\ManifestCache\6.0.6002.18005_001c11ba_blobs.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-07-03 135680]
"Google Update"="c:\users\Howard\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-08-28 133104]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-05-18 2397424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"basicsmssmenu"="c:\program files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe" [2007-10-09 169328]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"DiscWizardMonitor.exe"="c:\program files\Seagate\DiscWizard\DiscWizardMonitor.exe" [2008-06-25 1325848]
"AcronisTimounterMonitor"="c:\program files\Seagate\DiscWizard\TimounterMonitor.exe" [2008-06-25 904768]
"Seagate Scheduler2 Service"="c:\program files\Common Files\Seagate\Schedule2\schedhlp.exe" [2008-06-25 136472]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-02-02 149280]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-01-01 185896]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"DefaultP17MIDI"="MIDIDEF.EXE" [2002-12-03 49152]
"DefaultP17"="P17Def.Exe" [2005-05-03 20480]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\appcertdlls]
doskconv REG_SZ c:\windows\system32\audiolor.dll

R0 ntcdrdrv;ntcdrdrv;c:\windows\system32\DRIVERS\ntcdrdrv.sys [x]
R2 gupdate1c8c2012b3c7789;Google Update Service (gupdate1c8c2012b3c7789);c:\program files\Google\Update\GoogleUpdate.exe [2008-08-28 133104]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-02-08 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-02-07 79360]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files\Common Files\Seagate\Schedule2\schedul2.exe [2008-06-25 431384]

.
Contents of the 'Scheduled Tasks' folder

2010-06-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-07-16 16:17]

2010-06-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-07-16 16:17]

2010-06-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1905926303-259802968-3923504678-1000Core.job
- c:\users\Howard\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-03 16:17]

2010-06-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1905926303-259802968-3923504678-1000UA.job
- c:\users\Howard\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-03 16:17]

2010-06-04 c:\windows\Tasks\SDMsgUpdate (TE).job
- d:\progra~1\SMARTD~1\Messages\SDNotify.exe [2009-07-11 14:29]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-04 15:56
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(784)
c:\windows\system32\relog_ap.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Creative\Shared Files\CTAudSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Seagate\Basics\Service\SyncServicesBasics.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\ATI\Catalyst Media Center\Kernel\TV\CLCapSvc.exe
c:\program files\ATI\Catalyst Media Center\Kernel\CLML_NTService\CLMLServer.exe
c:\program files\Google\Update\1.2.183.27\GoogleCrashHandler.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\WUDFHost.exe
c:\program files\ATI\Catalyst Media Center\Kernel\TV\CLSched.exe
c:\windows\ehome\ehsched.exe
c:\windows\ehome\ehRecvr.exe
c:\windows\ehome\ehmsas.exe
c:\users\Howard\AppData\Local\Google\Update\1.2.183.27\GoogleCrashHandler.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2010-06-04 16:00:15 - machine was rebooted
ComboFix-quarantined-files.txt 2010-06-04 21:00
ComboFix2.txt 2010-06-04 00:47
ComboFix3.txt 2010-06-02 04:34
ComboFix4.txt 2010-06-02 03:54

Pre-Run: 46,797,815,808 bytes free
Post-Run: 46,438,944,768 bytes free

- - End Of File - - AFE2385C7902BA5EC415CFA267A3346F

 

[ken545]

Hi,

Glad things are better, that driver was installing new malware files as we deleted the old ones but its gone and I dont see any new files created.

But we need to check this one.

You need to enable windows to show all files and folders, instructions Here

Go to VirusTotal and submit this file for analysis, just use the browse feature and then Send File, you will get a report back, post the report into this thread for me to see. If the site says this file has already been checked, have them check it again


c:\windows\system32\audiolor.dll

If the site is busy you can try this one

http://virusscan.jotti.org/en

 

[howardd]

OK. I've searched the entire machine - cannot find file: audiolor.dll
Pretty confident windows (vista) is set to show all files (hidden/system)

 

[ken545]

Lets run this through Combofix


Open Notepad Go to Start> All Programs> Assessories> Notepad ( this will only work with Notepad )and copy all the text inside the Codebox by highlighting it all and pressing CTRL C on your keyboard, then paste it into Notepad, make sure there is no space before and above Registry::

Registry::
[-HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager\appcertdlls]

File::
c:\windows\system32\audiolor.dll

Save this as CFScript to your desktop.

Then drag the CFScript into ComboFix.exe as you see in the screenshot below.

This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply

 

[howardd]

Combofix did not ask to reboot after the last run. The log is posted here:

ComboFix 10-06-05.01 - Howard 06/05/2010 22:49:27.5.1 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.1983.1052 [GMT -5:00]
Running from: c:\users\Howard\Desktop\ComboFix.exe
Command switches used :: c:\users\Howard\Desktop\CFScript.txt
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

FILE ::
"c:\windows\system32\audiolor.dll"
.

((((((((((((((((((((((((( Files Created from 2010-05-06 to 2010-06-06 )))))))))))))))))))))))))))))))
.

2010-06-06 03:54 . 2010-06-06 03:54 -------- d-----w- c:\users\Howard\AppData\Local\temp
2010-06-06 03:54 . 2010-06-06 03:54 -------- d-----w- c:\users\Susanne\AppData\Local\temp
2010-06-06 03:54 . 2010-06-06 03:54 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-06-06 03:54 . 2010-06-06 03:54 -------- d-----w- c:\users\netlink\AppData\Local\temp
2010-06-06 03:54 . 2010-06-06 03:54 -------- d-----w- c:\users\Mcx1-SERVER01\AppData\Local\temp
2010-06-06 03:54 . 2010-06-06 03:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-06-06 03:54 . 2010-06-06 03:54 -------- d-----w- c:\users\db2admin\AppData\Local\temp
2010-06-06 03:54 . 2010-06-06 03:54 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2010-06-04 01:43 . 2010-06-04 01:43 63488 ----a-w- c:\users\Howard\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-06-04 01:43 . 2010-06-04 01:43 52224 ----a-w- c:\users\Howard\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-06-04 01:43 . 2010-06-04 01:43 117760 ----a-w- c:\users\Howard\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-06-04 01:42 . 2010-06-04 01:42 -------- d-----w- c:\users\Howard\AppData\Roaming\SUPERAntiSpyware.com
2010-06-04 01:42 . 2010-06-04 01:42 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-06-04 01:42 . 2010-06-04 01:42 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-06-03 21:31 . 2010-06-03 21:31 -------- d-----w- C:\_OTM
2010-05-22 23:53 . 2010-05-22 23:53 123828 ---ha-w- c:\windows\system32\mlfcache.dat
2010-05-22 23:06 . 2010-05-24 22:27 -------- d-----w- c:\users\Howard\AppData\Roaming\mIRC
2010-05-22 17:17 . 2010-05-22 17:39 -------- d-----w- c:\users\Howard\AppData\Roaming\X-Chat 2
2010-05-22 06:47 . 2010-06-02 07:12 439816 ----a-w- c:\users\Howard\AppData\Roaming\Real\Update\setup3.10\setup.exe
2010-05-20 04:24 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-20 04:24 . 2010-05-20 04:24 -------- d-----w- c:\programdata\Malwarebytes
2010-05-20 04:24 . 2010-06-02 22:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-20 04:24 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-20 03:07 . 2010-05-20 05:28 -------- d-----w- c:\users\Howard\AppData\Roaming\uTorrent

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-04 21:29 . 2007-11-06 08:11 2032 ----a-w- c:\users\Howard\AppData\Local\d3d9caps.dat
2010-06-02 05:15 . 2009-02-16 04:26 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-02 04:43 . 2009-02-16 04:25 -------- d-----w- c:\program files\Common Files\Adobe
2010-06-02 03:30 . 2010-06-02 03:30 12 ----a-w- c:\users\Howard\AppData\Roaming\czyiwa.dat
2010-05-28 21:44 . 2010-02-02 20:33 1 ----a-w- c:\users\Howard\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-05-20 14:05 . 2009-01-02 04:58 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-05-20 14:05 . 2009-09-25 22:08 -------- d-----w- c:\program files\TechSmith
2010-05-20 14:03 . 2009-03-11 17:20 -------- d-----w- c:\users\Howard\AppData\Roaming\Orbit
2010-05-20 14:02 . 2009-01-02 04:59 -------- d-----w- c:\programdata\Lavasoft
2010-05-06 15:36 . 2009-10-03 00:35 221568 ----a-w- c:\windows\system32\MpSigStub.exe
2010-04-19 01:07 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-03-26 15:33 . 2010-04-14 21:51 1496064 ----a-w- c:\users\Howard\AppData\Roaming\Mozilla\Firefox\Profiles\cktxihyw.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-03-26 15:33 . 2010-04-14 21:51 43008 ----a-w- c:\users\Howard\AppData\Roaming\Mozilla\Firefox\Profiles\cktxihyw.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-03-26 15:33 . 2010-04-14 21:51 339456 ----a-w- c:\users\Howard\AppData\Roaming\Mozilla\Firefox\Profiles\cktxihyw.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-03-26 15:32 . 2010-04-14 21:51 346112 ----a-w- c:\users\Howard\AppData\Roaming\Mozilla\Firefox\Profiles\cktxihyw.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2010-03-09 16:28 . 2010-03-30 18:13 833024 ----a-w- c:\windows\system32\wininet.dll
2010-03-09 16:25 . 2010-03-30 18:13 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-03-09 14:01 . 2010-03-30 18:13 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2009-01-02 19:56 . 2009-02-16 04:36 174 --sha-w- c:\program files\desktop (2).ini
2007-09-04 04:37 . 2009-02-16 04:29 135680 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
2006-05-06 16:42 . 2009-02-16 04:29 7260160 ----a-w- c:\program files\mozilla firefox\plugins\libvlc.dll
2006-05-03 10:06 . 2010-02-21 20:13 163328 --sha-r- c:\windows\System32\flvDX.dll
2007-02-21 11:47 . 2010-02-21 20:13 31232 --sha-r- c:\windows\System32\msfDX.dll
2008-03-16 13:30 . 2010-02-21 20:13 216064 --sha-r- c:\windows\System32\nbDX.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-06-02_03.51.03 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-02-24 10:08 . 2010-01-23 09:26 19456 c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6002.18248_none_170a947c06d19246\tzupd.exe
+ 2010-02-24 10:08 . 2010-01-23 09:44 19456 c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6001.18464_none_150a7fae09bf1281\tzupd.exe
+ 2007-11-04 01:28 . 2010-06-04 03:04 46300 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2010-06-04 20:58 55862 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2007-11-04 01:13 . 2010-06-04 20:58 11204 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1905926303-259802968-3923504678-1000_UserData.bin
- 2006-11-02 13:02 . 2010-05-20 05:26 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2006-11-02 13:02 . 2010-06-05 17:40 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-06-04 20:44 . 2010-06-05 17:40 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2006-11-02 13:02 . 2010-05-20 05:26 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2006-11-02 13:02 . 2010-06-05 17:40 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2005-01-01 06:00 . 2010-06-05 20:47 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2005-01-01 06:00 . 2010-05-27 20:40 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2005-01-01 06:00 . 2010-06-05 20:47 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2005-01-01 06:00 . 2010-05-27 20:40 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2005-01-01 06:00 . 2010-05-27 20:40 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2005-01-01 06:00 . 2010-06-05 20:47 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2005-01-01 06:00 . 2010-05-27 05:23 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2005-01-01 06:00 . 2010-06-04 20:53 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2005-01-01 06:00 . 2010-06-04 20:53 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2005-01-01 06:00 . 2010-05-27 05:23 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2005-01-01 06:00 . 2010-05-27 05:23 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2005-01-01 06:00 . 2010-06-04 20:53 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-06-04 20:53 . 2010-06-04 20:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-05-27 05:23 . 2010-05-27 05:23 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-06-04 20:53 . 2010-06-04 20:53 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2010-05-27 05:23 . 2010-05-27 05:23 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2006-11-02 10:33 . 2010-06-04 20:59 707414 c:\windows\System32\perfc009.dat
+ 2010-06-02 04:44 . 2010-06-02 04:44 295606 c:\windows\Installer\{AC76BA86-7AD7-1033-7B44-A82000000003}\SC_Reader.exe
- 2006-11-02 10:22 . 2010-05-20 00:40 6553600 c:\windows\System32\SMI\Store\Machine\schema.dat
+ 2006-11-02 10:22 . 2010-06-03 21:34 6553600 c:\windows\System32\SMI\Store\Machine\schema.dat
+ 2006-11-02 10:33 . 2010-06-04 20:59 2398332 c:\windows\System32\perfh009.dat
+ 2010-06-02 04:44 . 2010-06-02 04:44 4272128 c:\windows\Installer\58589.msi
+ 2009-04-30 08:00 . 2010-06-02 06:42 253174122 c:\windows\winsxs\ManifestCache\6.0.6002.18005_001c11ba_blobs.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-19 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-07-03 135680]
"Google Update"="c:\users\Howard\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-08-28 133104]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-05-18 2397424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"basicsmssmenu"="c:\program files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe" [2007-10-09 169328]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"DiscWizardMonitor.exe"="c:\program files\Seagate\DiscWizard\DiscWizardMonitor.exe" [2008-06-25 1325848]
"AcronisTimounterMonitor"="c:\program files\Seagate\DiscWizard\TimounterMonitor.exe" [2008-06-25 904768]
"Seagate Scheduler2 Service"="c:\program files\Common Files\Seagate\Schedule2\schedhlp.exe" [2008-06-25 136472]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-02-02 149280]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-01-01 185896]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"DefaultP17MIDI"="MIDIDEF.EXE" [2002-12-03 49152]
"DefaultP17"="P17Def.Exe" [2005-05-03 20480]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

R0 ntcdrdrv;ntcdrdrv;c:\windows\system32\DRIVERS\ntcdrdrv.sys [x]
R2 gupdate1c8c2012b3c7789;Google Update Service (gupdate1c8c2012b3c7789);c:\program files\Google\Update\GoogleUpdate.exe [2008-08-28 133104]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2010-02-08 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-02-07 79360]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files\Common Files\Seagate\Schedule2\schedul2.exe [2008-06-25 431384]

.
Contents of the 'Scheduled Tasks' folder

2010-06-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-07-16 16:17]

2010-06-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2008-07-16 16:17]

2010-06-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1905926303-259802968-3923504678-1000Core.job
- c:\users\Howard\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-03 16:17]

2010-06-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1905926303-259802968-3923504678-1000UA.job
- c:\users\Howard\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-03 16:17]

2010-06-05 c:\windows\Tasks\SDMsgUpdate (TE).job
- d:\progra~1\SMARTD~1\Messages\SDNotify.exe [2009-07-11 14:29]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-05 22:54
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(784)
c:\windows\system32\relog_ap.dll
.
Completion time: 2010-06-05 22:57:28
ComboFix-quarantined-files.txt 2010-06-06 03:57
ComboFix2.txt 2010-06-04 21:00
ComboFix3.txt 2010-06-04 00:47
ComboFix4.txt 2010-06-02 04:34
ComboFix5.txt 2010-06-06 03:48

Pre-Run: 46,124,146,688 bytes free
Post-Run: 46,932,971,520 bytes free

- - End Of File - - 04E4952F6F73340140D86F75FD468067

 

[ken545]

Good Morning,

Looks like your good to go, let me know how everything is running now and if all is ok I will link you to some tips and free tools to install to help keep you more secure.

c:\users\Howard\AppData\Roaming\uTorrent <--Want to give you a heads up on this , this also pertains to all file sharing programs like Limewire and all the torrents. Your downloading that file from an unknown source and not all but a good percentage of them contain malicious software, its kind of like playing Russian Roulette Malwarewise.

Read this please http://forums.spybot.info/showthread.php?t=282