Godless
2010-11-20, 06:28
After having to pay $200 for a virus repair to my computer at Best Buy, I became more protective of my computer. I bought "Trend Micro Titanium" for $40 at Best Buy too, and happily played and surf the internet for a month or so. The problem is....Trend Micro Titanium is either perfect or useless. It does block internet attacks as I've seen several pages being blocked by it, but whenever I run a scan, it's always a "0 threats detected". Call me a moron or anything else, but as far as I know it's a little bit weird to have nothing infecting a computer lol. So I went and downloaded "Spybot-Search & Destroy". Needless to say it detected quite a few of problems which never came up in the Trend Micro Titanium scans. After fixing them using Spybot, I re-ran it again and to my surprise one thing kept coming up; MyWay.MyWebSearch.
I searched google for ways to remove this and after a while I found a guide on this forum at http://forums.spybot.info/showthread.php?t=40394. I tried following what it said, but after skimming through it I saw the "If MyWay.MyWebSearch uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.", needless to say, I immediately downloaded, installed and ran "RootAlyzer". The result where 2 "Unknown ADS.". Luckily I saw the "Please do not blindly use .......visit....spybot forums" on top the report and here am I.
Before posting I read the facts and noticed that I can't post the log from RootAlyzer here If no expect has asked me to, instead I needed to the "DDS" program and make a DDS log. I did as I was told and here is my DDS log:
DDS (Ver_10-11-10.01) - NTFSx86
Run by Fabian at 19:52:06.21 on Fri 11/19/2010
Internet Explorer: 9.0.7930.16406 BrowserJavaVersion: 1.6.0_22
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.52.1033.18.2038.556 [GMT -8:00]
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k Akamai
C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Sony\Network Utility\NSUService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\PSIService.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\VAIO Care\VAIOCareService.exe
C:\Windows\Explorer.EXE
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Program Files\Windows Live\Device Manager\msgrdvmn.exe
C:\Program Files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\SSC Service Utility\ssc_serv.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Sony\VAIO Care\VCsystray.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWinMgr.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Users\Fabian\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Fabian\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Fabian\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\regedit.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Defender\MSASCui.exe
C:\Users\Fabian\Desktop\Documents\Desktop\RootAlyzer.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Users\Fabian\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Fabian\Desktop\Documents\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uSearch Page =
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=dsl&cd=TBD&bm=wl_home
uSearch Bar =
mStart Page = hxxp://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=dsl&cd=TBD&bm=wl_home
mDefault_Page_URL = hxxp://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=dsl&cd=TBD&bm=wl_home
uInternet Settings,ProxyServer = http=127.0.0.1:6522
uInternet Settings,ProxyOverride = *.local
mSearchAssistant =
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: PriceGongBHO Class: {1631550f-191d-4826-b069-d9439253d926} - c:\program files\pricegong\2.1.0\PriceGongIE.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: FireShot: {6e6e744e-4d20-4ce3-9a7a-26dfffe22f68} - c:\users\fabian\appdata\roaming\mozilla\firefox\profiles\cs714mgb.default\extensions\{0b457caa-602d-484a-8fe7-c1d894a011ba}\library\fsaddin-0.80.dll
TB: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [RunSpySweeperScheduleAtStartup] "c:\windows\system32\msfeedssync.exe" /ScheduleSweep=User_Feed_Synchronization-{0656CC57-EB5C-4A83-9331-643F65C42361}
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [Google Update] "c:\users\fabian\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [EPSON NX410 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatifca.exe /fu "c:\windows\temp\E_SD864.tmp" /EF "HKCU"
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [ares] "c:\users\fabian\documents\ares\Ares.exe" -h
uRun: [WindowsLivePhone] "c:\program files\windows live\device manager\msgrdvmn.exe" /AutoRun
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [VeohPlugin] "c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe"
mRun: [Trend Micro Client Framework] c:\program files\trend micro\uniclient\uifrmwrk\UIWatchDog.exe
mRun: [WindowsLivePhone] c:\program files\windows live\device manager\msgrdvmn.exe /AutoRun
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [VWLASU] "c:\program files\sony\vaio pc wireless lan wizard\AutoLaunchWLASU.exe"
mRun: [VerizonServicepoint.exe] "c:\program files\verizon\vsp\VerizonServicepoint.exe" /AUTORUN
mRun: [VAIOSurvey] "c:\program files\sony\vaio survey\Vista VAIO Survey.exe"
mRun: [VAIORegistration] "c:\program files\sony\first experience\WelcomeLauncher.exe"
mRun: [VAIO Help and Support Demo] "c:\program files\sony\vaio help and support demo\LaunchVHSD.exe"
mRun: [VAIO Center Access Bar] "c:\program files\sony\vaio center access bar\VCAB.exe" 1
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [Skytel] Skytel.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [Apoint] "c:\program files\apoint\Apoint.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRun: [msnmsgr] "c:\program files\msn messenger\msnmsgr.exe" /background
StartupFolder: c:\users\fabian\appdata\roaming\micros~1\windows\startm~1\programs\startup\digsby.lnk - c:\program files\digsby\digsby.exe
StartupFolder: c:\users\fabian\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C} - hxxp://o.aolcdn.com/pictures/ap/Resources/v2.15/cab/aolpPlugins.10.6.0.8.cab
DPF: {4C68DACE-E6BC-4650-9C7E-D036720CA729} - hxxp://kr.gameguard.nprotect.com/inca/onscan//tyscan/nps.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
Notify: VESWinlogon - VESWinlogon.dll
Hosts: 127.0.0.1 www.spywareinfo.com (http://www.spywareinfo.com)
================= FIREFOX ===================
FF - ProfilePath - c:\users\fabian\appdata\roaming\mozilla\firefox\profiles\f0yuobsa.default\
FF - component: c:\program files\pricegong\2.1.0\ff\components\PriceGongFF.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\users\fabian\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\users\fabian\appdata\local\yahoo!\browserplus\2.7.1\plugins\npybrowserplus_2.7.1.dll
FF - plugin: c:\users\fabian\downloads\favorites\netscape6\nppl3260.dll
FF - plugin: c:\users\fabian\downloads\favorites\netscape6\nprjplug.dll
FF - plugin: c:\users\fabian\downloads\favorites\netscape6\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
============= SERVICES / DRIVERS ===============
=============== Created Last 30 ================
2010-11-20 03:15:32 6273872 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{d0c6716a-8068-4cf4-bedc-f1f8db40ee02}\mpengine.dll
2010-11-20 03:15:29 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-11-19 01:24:14 -------- d-----w- c:\windows\system32\custom matrices
2010-11-19 01:24:10 -------- d-----w- c:\windows\system32\QuickTime
2010-11-19 01:24:10 -------- d-----w- c:\windows\system32\C2MP
2010-11-15 19:41:59 94208 ----a-w- c:\program files\internet explorer\en\iediag.resources.dll
2010-11-15 19:40:30 -------- d-----w- c:\program files\Feedback Tool
2010-11-15 18:08:38 -------- d-----w- c:\program files\Veoh Networks
2010-11-15 16:30:19 -------- d-----w- c:\program files\SSC Service Utility
2010-11-15 00:21:12 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-11-15 00:21:12 -------- d-----w- c:\progra~2\Spybot - Search & Destroy
2010-11-15 00:15:45 388096 ----a-r- c:\users\fabian\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2010-11-15 00:03:26 98816 ----a-w- c:\windows\sed.exe
2010-11-15 00:03:26 89088 ----a-w- c:\windows\MBR.exe
2010-11-15 00:03:26 256512 ----a-w- c:\windows\PEV.exe
2010-11-15 00:03:26 161792 ----a-w- c:\windows\SWREG.exe
2010-11-15 00:03:11 -------- d-s---w- C:\ComboFix
2010-11-14 23:00:53 -------- d-----w- c:\program files\Paint.NET
2010-11-14 23:00:51 -------- d-----w- c:\users\fabian\appdata\local\Paint.NET
2010-11-14 22:30:20 -------- d-----w- c:\users\fabian\appdata\roaming\TeamViewer
2010-11-14 22:30:09 -------- d-----w- c:\program files\TeamViewer
2010-11-13 23:55:30 -------- d-----w- C:\Neowiz
2010-11-12 04:05:15 -------- d-----w- c:\windows\Legendary Champions
2010-11-06 19:37:34 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2010-11-06 19:37:34 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2010-10-23 08:14:26 -------- d-----w- C:\Intel
==================== Find3M ====================
2010-09-15 11:50:37 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-13 13:56:41 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-09-08 18:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 18:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-06 16:20:29 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-09-06 16:19:06 17920 ----a-w- c:\windows\system32\netevent.dll
2010-09-01 08:46:36 1355264 ----a-w- c:\windows\system32\jscript9.dll
2010-09-01 08:44:32 367104 ----a-w- c:\windows\system32\html.iec
2010-09-01 08:44:30 1448448 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-01 08:44:24 1122304 ----a-w- c:\windows\system32\wininet.dll
2010-09-01 08:44:06 424960 ----a-w- c:\windows\system32\vbscript.dll
2010-09-01 08:43:22 23552 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-01 08:43:12 72704 ----a-w- c:\windows\system32\SetDepNx.exe
2010-09-01 08:43:12 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2010-09-01 08:43:12 114176 ----a-w- c:\windows\system32\iesysprep.dll
2010-09-01 08:43:10 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2010-09-01 08:43:10 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2010-09-01 08:42:58 51200 ----a-w- c:\windows\system32\admparse.dll
2010-09-01 08:42:54 75264 ----a-w- c:\windows\system32\iesetup.dll
2010-09-01 08:42:48 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2010-09-01 08:42:42 150016 ----a-w- c:\windows\system32\iexpress.exe
2010-09-01 08:42:42 149504 ----a-w- c:\windows\system32\wextract.exe
2010-09-01 08:42:20 33280 ----a-w- c:\windows\system32\imgutil.dll
2010-09-01 08:42:16 48640 ----a-w- c:\windows\system32\mshtmler.dll
2010-09-01 08:42:12 11264 ----a-w- c:\windows\system32\mshta.exe
2010-09-01 08:42:10 2381824 ----a-w- c:\windows\system32\mshtml.tlb
2010-09-01 08:42:04 63488 ----a-w- c:\windows\system32\tdc.ocx
2010-09-01 08:41:46 160768 ----a-w- c:\windows\system32\msls31.dll
2010-08-31 15:46:37 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-08-31 15:46:37 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-08-31 15:44:31 531968 ----a-w- c:\windows\system32\comctl32.dll
2010-08-31 13:27:38 2038272 ----a-w- c:\windows\system32\win32k.sys
2010-08-26 16:37:45 157184 ----a-w- c:\windows\system32\t2embed.dll
============= FINISH: 20:01:04.00 ===============
I'm also looking for ways to remove "Pricegong". I hadn't noticed it was on my system until I saw a pop-up on my firefox window yesterday.
I humbly request help for someone who could help me figure this out. Also, if there's anything weird with my system, please let me know,
Sincerely,
Fabian.
I searched google for ways to remove this and after a while I found a guide on this forum at http://forums.spybot.info/showthread.php?t=40394. I tried following what it said, but after skimming through it I saw the "If MyWay.MyWebSearch uses rootkit technologies, use our RootAlyzer or our Total Commander anti-rootkit plugins.", needless to say, I immediately downloaded, installed and ran "RootAlyzer". The result where 2 "Unknown ADS.". Luckily I saw the "Please do not blindly use .......visit....spybot forums" on top the report and here am I.
Before posting I read the facts and noticed that I can't post the log from RootAlyzer here If no expect has asked me to, instead I needed to the "DDS" program and make a DDS log. I did as I was told and here is my DDS log:
DDS (Ver_10-11-10.01) - NTFSx86
Run by Fabian at 19:52:06.21 on Fri 11/19/2010
Internet Explorer: 9.0.7930.16406 BrowserJavaVersion: 1.6.0_22
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.52.1033.18.2038.556 [GMT -8:00]
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k Akamai
C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Sony\Network Utility\NSUService.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\PSIService.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Program Files\Sony\VAIO Care\VAIOCareService.exe
C:\Windows\Explorer.EXE
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt.exe
C:\Program Files\Windows Live\Device Manager\msgrdvmn.exe
C:\Program Files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\SSC Service Utility\ssc_serv.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Sony\VAIO Care\VCsystray.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWinMgr.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Users\Fabian\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Fabian\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Fabian\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\regedit.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Defender\MSASCui.exe
C:\Users\Fabian\Desktop\Documents\Desktop\RootAlyzer.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Users\Fabian\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Fabian\Desktop\Documents\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uSearch Page =
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=dsl&cd=TBD&bm=wl_home
uSearch Bar =
mStart Page = hxxp://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=dsl&cd=TBD&bm=wl_home
mDefault_Page_URL = hxxp://wapp.verizon.net/bookmarks/bmredir.asp?region=all&bw=dsl&cd=TBD&bm=wl_home
uInternet Settings,ProxyServer = http=127.0.0.1:6522
uInternet Settings,ProxyOverride = *.local
mSearchAssistant =
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: PriceGongBHO Class: {1631550f-191d-4826-b069-d9439253d926} - c:\program files\pricegong\2.1.0\PriceGongIE.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: FireShot: {6e6e744e-4d20-4ce3-9a7a-26dfffe22f68} - c:\users\fabian\appdata\roaming\mozilla\firefox\profiles\cs714mgb.default\extensions\{0b457caa-602d-484a-8fe7-c1d894a011ba}\library\fsaddin-0.80.dll
TB: Easy Photo Print: {9421dd08-935f-4701-a9ca-22df90ac4ea6} - c:\program files\epson software\easy photo print\EPTBL.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [RunSpySweeperScheduleAtStartup] "c:\windows\system32\msfeedssync.exe" /ScheduleSweep=User_Feed_Synchronization-{0656CC57-EB5C-4A83-9331-643F65C42361}
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [Google Update] "c:\users\fabian\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [EPSON NX410 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatifca.exe /fu "c:\windows\temp\E_SD864.tmp" /EF "HKCU"
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [ares] "c:\users\fabian\documents\ares\Ares.exe" -h
uRun: [WindowsLivePhone] "c:\program files\windows live\device manager\msgrdvmn.exe" /AutoRun
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [VeohPlugin] "c:\program files\veoh networks\veohwebplayer\veohwebplayer.exe"
mRun: [Trend Micro Client Framework] c:\program files\trend micro\uniclient\uifrmwrk\UIWatchDog.exe
mRun: [WindowsLivePhone] c:\program files\windows live\device manager\msgrdvmn.exe /AutoRun
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [VWLASU] "c:\program files\sony\vaio pc wireless lan wizard\AutoLaunchWLASU.exe"
mRun: [VerizonServicepoint.exe] "c:\program files\verizon\vsp\VerizonServicepoint.exe" /AUTORUN
mRun: [VAIOSurvey] "c:\program files\sony\vaio survey\Vista VAIO Survey.exe"
mRun: [VAIORegistration] "c:\program files\sony\first experience\WelcomeLauncher.exe"
mRun: [VAIO Help and Support Demo] "c:\program files\sony\vaio help and support demo\LaunchVHSD.exe"
mRun: [VAIO Center Access Bar] "c:\program files\sony\vaio center access bar\VCAB.exe" 1
mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
mRun: [Skytel] Skytel.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [Apoint] "c:\program files\apoint\Apoint.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRun: [msnmsgr] "c:\program files\msn messenger\msnmsgr.exe" /background
StartupFolder: c:\users\fabian\appdata\roaming\micros~1\windows\startm~1\programs\startup\digsby.lnk - c:\program files\digsby\digsby.exe
StartupFolder: c:\users\fabian\appdata\roaming\micros~1\windows\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {26FCCDF9-A7E1-452A-A73D-7BF7B4D0BA6C} - hxxp://o.aolcdn.com/pictures/ap/Resources/v2.15/cab/aolpPlugins.10.6.0.8.cab
DPF: {4C68DACE-E6BC-4650-9C7E-D036720CA729} - hxxp://kr.gameguard.nprotect.com/inca/onscan//tyscan/nps.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
Notify: VESWinlogon - VESWinlogon.dll
Hosts: 127.0.0.1 www.spywareinfo.com (http://www.spywareinfo.com)
================= FIREFOX ===================
FF - ProfilePath - c:\users\fabian\appdata\roaming\mozilla\firefox\profiles\f0yuobsa.default\
FF - component: c:\program files\pricegong\2.1.0\ff\components\PriceGongFF.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programdata\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\users\fabian\appdata\local\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\users\fabian\appdata\local\yahoo!\browserplus\2.7.1\plugins\npybrowserplus_2.7.1.dll
FF - plugin: c:\users\fabian\downloads\favorites\netscape6\nppl3260.dll
FF - plugin: c:\users\fabian\downloads\favorites\netscape6\nprjplug.dll
FF - plugin: c:\users\fabian\downloads\favorites\netscape6\nprpjplug.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
============= SERVICES / DRIVERS ===============
=============== Created Last 30 ================
2010-11-20 03:15:32 6273872 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{d0c6716a-8068-4cf4-bedc-f1f8db40ee02}\mpengine.dll
2010-11-20 03:15:29 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-11-19 01:24:14 -------- d-----w- c:\windows\system32\custom matrices
2010-11-19 01:24:10 -------- d-----w- c:\windows\system32\QuickTime
2010-11-19 01:24:10 -------- d-----w- c:\windows\system32\C2MP
2010-11-15 19:41:59 94208 ----a-w- c:\program files\internet explorer\en\iediag.resources.dll
2010-11-15 19:40:30 -------- d-----w- c:\program files\Feedback Tool
2010-11-15 18:08:38 -------- d-----w- c:\program files\Veoh Networks
2010-11-15 16:30:19 -------- d-----w- c:\program files\SSC Service Utility
2010-11-15 00:21:12 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-11-15 00:21:12 -------- d-----w- c:\progra~2\Spybot - Search & Destroy
2010-11-15 00:15:45 388096 ----a-r- c:\users\fabian\appdata\roaming\microsoft\installer\{45a66726-69bc-466b-a7a4-12fcba4883d7}\HiJackThis.exe
2010-11-15 00:03:26 98816 ----a-w- c:\windows\sed.exe
2010-11-15 00:03:26 89088 ----a-w- c:\windows\MBR.exe
2010-11-15 00:03:26 256512 ----a-w- c:\windows\PEV.exe
2010-11-15 00:03:26 161792 ----a-w- c:\windows\SWREG.exe
2010-11-15 00:03:11 -------- d-s---w- C:\ComboFix
2010-11-14 23:00:53 -------- d-----w- c:\program files\Paint.NET
2010-11-14 23:00:51 -------- d-----w- c:\users\fabian\appdata\local\Paint.NET
2010-11-14 22:30:20 -------- d-----w- c:\users\fabian\appdata\roaming\TeamViewer
2010-11-14 22:30:09 -------- d-----w- c:\program files\TeamViewer
2010-11-13 23:55:30 -------- d-----w- C:\Neowiz
2010-11-12 04:05:15 -------- d-----w- c:\windows\Legendary Champions
2010-11-06 19:37:34 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2010-11-06 19:37:34 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll
2010-10-23 08:14:26 -------- d-----w- C:\Intel
==================== Find3M ====================
2010-09-15 11:50:37 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-13 13:56:41 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-09-08 18:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 18:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-06 16:20:29 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-09-06 16:19:06 17920 ----a-w- c:\windows\system32\netevent.dll
2010-09-01 08:46:36 1355264 ----a-w- c:\windows\system32\jscript9.dll
2010-09-01 08:44:32 367104 ----a-w- c:\windows\system32\html.iec
2010-09-01 08:44:30 1448448 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-01 08:44:24 1122304 ----a-w- c:\windows\system32\wininet.dll
2010-09-01 08:44:06 424960 ----a-w- c:\windows\system32\vbscript.dll
2010-09-01 08:43:22 23552 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-01 08:43:12 72704 ----a-w- c:\windows\system32\SetDepNx.exe
2010-09-01 08:43:12 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2010-09-01 08:43:12 114176 ----a-w- c:\windows\system32\iesysprep.dll
2010-09-01 08:43:10 76800 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2010-09-01 08:43:10 74752 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2010-09-01 08:42:58 51200 ----a-w- c:\windows\system32\admparse.dll
2010-09-01 08:42:54 75264 ----a-w- c:\windows\system32\iesetup.dll
2010-09-01 08:42:48 110592 ----a-w- c:\windows\system32\IEAdvpack.dll
2010-09-01 08:42:42 150016 ----a-w- c:\windows\system32\iexpress.exe
2010-09-01 08:42:42 149504 ----a-w- c:\windows\system32\wextract.exe
2010-09-01 08:42:20 33280 ----a-w- c:\windows\system32\imgutil.dll
2010-09-01 08:42:16 48640 ----a-w- c:\windows\system32\mshtmler.dll
2010-09-01 08:42:12 11264 ----a-w- c:\windows\system32\mshta.exe
2010-09-01 08:42:10 2381824 ----a-w- c:\windows\system32\mshtml.tlb
2010-09-01 08:42:04 63488 ----a-w- c:\windows\system32\tdc.ocx
2010-09-01 08:41:46 160768 ----a-w- c:\windows\system32\msls31.dll
2010-08-31 15:46:37 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-08-31 15:46:37 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-08-31 15:44:31 531968 ----a-w- c:\windows\system32\comctl32.dll
2010-08-31 13:27:38 2038272 ----a-w- c:\windows\system32\win32k.sys
2010-08-26 16:37:45 157184 ----a-w- c:\windows\system32\t2embed.dll
============= FINISH: 20:01:04.00 ===============
I'm also looking for ways to remove "Pricegong". I hadn't noticed it was on my system until I saw a pop-up on my firefox window yesterday.
I humbly request help for someone who could help me figure this out. Also, if there's anything weird with my system, please let me know,
Sincerely,
Fabian.