PDA

View Full Version : Redirection Problems



NaotoNekoCutie
2010-11-27, 09:24
Hi, I have a problem about getting a pop-up to a site while surfing Facebook.

It is always a pop-up for the same site and whatever is doing so also selects the address bar over and over making it difficult to type things anywhere on Facebook.

In addition, it copies what ever is in my address bar at the time, be it the Facebook URL or whatever I typed in the address bar while it was selected without my knowledge.

Here is my DDS log:

DDS (Ver_10-11-27.01) - NTFSx86
Run by Tony at 1:11:24.31 on 27/11/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
Microsoft Windows XP Home Edition 5.1.2600.3.1252.2.1033.18.767.134 [GMT -6:00]

AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Creative\Software Update 3\SoftAuto.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Documents and Settings\Tony\Application Data\InstallMon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Creative\Shared Files\CTDevSrv.exe
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Documents and Settings\Tony\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://flashflashrevolution.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program files\bitcomet\tools\BitCometBHO_1.4.11.9.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [SoftAuto.exe] "c:\program files\creative\software update 3\SoftAuto.exe"
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [c:\documents and settings\tony\application data\installmon.exe] c:\documents and settings\tony\application data\InstallMon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [Google Update] "c:\documents and settings\tony\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [RegistryBooster] "c:\program files\uniblue\registrybooster\launcher.exe" delay 20000
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [SpybotSnD] "c:\program files\spybot - search & destroy\SpybotSD.exe"
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\tony\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\d-link~1.lnk - c:\program files\d-link airplus g\AirPlus.exe
IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm
IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program files\bitcomet\tools\BitCometBHO_1.4.11.9.dll/206
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\tony\start menu\programs\imvu\Run IMVU.lnk
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1264568607218
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
TCP: {93558906-EC3D-4513-8296-6F9C9B17FBB5} = 142.161.130.154 142.161.2.154
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\tony\applic~1\mozilla\firefox\profiles\8b7oiedi.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.myfav.es/naotonekocutie
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en&q=
FF - component: c:\documents and settings\tony\application data\mozilla\firefox\profiles\8b7oiedi.default\extensions\{b042753d-f57e-4e8e-a01b-7379a6d4cefb}\components\IBitCometExtension.dll
FF - component: c:\documents and settings\tony\application data\mozilla\firefox\profiles\8b7oiedi.default\extensions\firesheep@codebutler.com\platform\winnt_x86-msvc\components\mozpopen.dll
FF - component: c:\program files\google\google gears\firefox\lib\ff36\gears.dll
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\tony\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\tony\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\documents and settings\tony\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Extension: Google Gears: {000a9d1c-beef-4f90-9363-039d445309b8} - c:\program files\google\google gears\Firefox
FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Extension: BlockSite: {dd3d7613-0246-469d-bc65-2a3cc1668adc} - c:\docume~1\tony\applic~1\mozilla\firefox\profiles\8b7oiedi.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}
FF - Extension: New Tab Homepage: {66E978CD-981F-47DF-AC42-E3CF417C1467} - c:\docume~1\tony\applic~1\mozilla\firefox\profiles\8b7oiedi.default\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}
FF - Extension: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - c:\docume~1\tony\applic~1\mozilla\firefox\profiles\8b7oiedi.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Extension: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - c:\docume~1\tony\applic~1\mozilla\firefox\profiles\8b7oiedi.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
FF - Extension: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - c:\docume~1\tony\applic~1\mozilla\firefox\profiles\8b7oiedi.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - Extension: Screengrab: {02450954-cdd9-410f-b1da-db804e18c671} - c:\docume~1\tony\applic~1\mozilla\firefox\profiles\8b7oiedi.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
FF - Extension: BitComet Video Downloader: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB} - c:\docume~1\tony\applic~1\mozilla\firefox\profiles\8b7oiedi.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}
FF - Extension: Firesheep: firesheep@codebutler.com - c:\docume~1\tony\applic~1\mozilla\firefox\profiles\8b7oiedi.default\extensions\firesheep@codebutler.com
FF - Extension: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - c:\docume~1\tony\applic~1\mozilla\firefox\profiles\8b7oiedi.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Extension: YouTube to MP3: youtube2mp3@mondayx.de - c:\docume~1\tony\applic~1\mozilla\firefox\profiles\8b7oiedi.default\extensions\youtube2mp3@mondayx.de
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\docume~1\tony\applic~1\mozilla\firefox\profiles\8b7oiedi.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Extension: Firebug: firebug@software.joehewitt.com - c:\docume~1\tony\applic~1\mozilla\firefox\profiles\8b7oiedi.default\extensions\firebug@software.joehewitt.com

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-7-11 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-7-11 17744]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-11 40384]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-6-25 35088]
R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys [2007-5-23 547744]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-11 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-11 40384]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [2010-7-12 30576]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-3-21 136176]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2010-9-7 16512]
S3 CTUPnPSv;Creative Centrale Media Server;c:\program files\creative\creative centrale\CTUPnPSv.exe [2008-5-21 64000]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

=============== Created Last 30 ================

2010-11-22 05:18:54 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2010-11-22 05:18:54 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2010-11-16 05:41:22 -------- d-----w- C:\SMBX
2010-11-13 06:08:37 -------- d-----w- c:\program files\BestGameEver
2010-11-13 06:00:47 -------- d-----w- c:\program files\Elaborate Bytes
2010-11-13 00:11:49 -------- d-----w- c:\docume~1\tony\applic~1\Supercade
2010-11-08 05:21:15 -------- d-----w- c:\program files\Cheat Engine
2010-11-06 17:37:34 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2010-11-06 17:37:34 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll

==================== Find3M ====================

2010-09-18 17:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-15 09:50:37 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-15 07:29:49 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-09-10 05:58:08 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58:06 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-08 16:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 16:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-07 15:12:17 38848 ----a-w- c:\windows\avastSS.scr
2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll
2010-08-31 13:42:52 1852800 ----a-w- c:\windows\system32\win32k.sys
2010-02-09 03:25:18 18499623 ----a-w- c:\program files\vlc-1.0.5-win32.exe

============= FINISH: 1:13:43.46 ===============

km2357
2010-11-30, 21:10
Hello and welcome to Safer Networking.

My name is km2357 and I will be helping you to remove any infection(s) that you may have.

I will be giving you a series of instructions that need to be followed in the order in which I give them to you.

If for any reason you do not understand an instruction or are just unsure then please do not guess, simply post back with your questions/concerns and we will go through it again.

Please do not start another thread or topic, I will assist you at this thread until we solve your problems.

Lastly the fix may take several attempts and my replies may take some time but I will stick with it if you do the same.

Sorry for the delay in replying, the forum is very busy. If you still need help, please do the following:


Step # 1 Download and run DDS

Download DDS and save it to your desktop from here (http://download.bleepingcomputer.com/sUBs/dds.scr) or here (http://www.infospyware.net/sUBs/dds) or here (http://download.bleepingcomputer.com/sUBs/dds.com)
Disable any script blocker, and then double click dds.scr to run the tool.
When done, DDS will open two (2) logs:
DDS.txt
Attach.txt

Save both reports to your desktop. Post them back to your topic.



Step # 2: Download and Run Gmer

Please download gmer.zip (http://www.gmer.net/gmer.zip) from Gmer and save it to your desktop.

***Please close any open programs ***

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOTKIT" entries unless advised by a trained Security Analyst

If possible rootkit activity is found, you will be asked if you would like to perform a full scan. Click No.

If you do not receive notice about possible rootkit activity remain on the Rootkit/Malware tab & make sure that the 'Sections' button is ticked and the 'Show All' button is unticked. Click the Scan button and let the program do its work. GMER will produce a log.

Once the scan is complete, you may receive another notice about rootkit activity.
Click OK.

GMER will produce a log. Click on the Save button, and save the log as gmer.txt somewhere you can easily find it, such as your desktop.

DO NOT touch the PC at ALL for Whatever reason/s until it has 100% completed its scan, or attempted scan in case of some error etc !

Please post the results from the GMER scan in your reply.


In your next post/reply, I need to see the following:

1. The two DDS Logs (DDS and Attach.txt)
2. The GMER Log

Use multiple posts if you can't fit everything into one post

NaotoNekoCutie
2010-12-02, 01:25
DDS.txt:

DDS (Ver_10-11-27.01) - NTFSx86
Run by Tony at 17:23:13.07 on 01/12/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
Microsoft Windows XP Home Edition 5.1.2600.3.1252.2.1033.18.767.268 [GMT -6:00]

AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-

1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\Software Update 3\SoftAuto.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Documents and Settings\Tony\Application Data\InstallMon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Creative\Shared Files\CTDevSrv.exe
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Tony\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://flashflashrevolution.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program

files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: BitComet Helper: {39f7e362-828a-4b5a-bcaf-5b79bfdfea60} - c:\program

files\bitcomet\tools\BitCometBHO_1.4.11.9.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1

\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program

files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} -

c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program

files\java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program

files\google\google gears\internet explorer\0.5.36.0\gears.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program

files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [SoftAuto.exe] "c:\program files\creative\software update 3\SoftAuto.exe"
uRun: [LightScribe Control Panel] c:\program files\common

files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [c:\documents and settings\tony\application data\installmon.exe] c:\documents and

settings\tony\application data\InstallMon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [Google Update] "c:\documents and settings\tony\local settings\application

data\google\update\GoogleUpdate.exe" /c
uRun: [RegistryBooster] "c:\program files\uniblue\registrybooster\launcher.exe" delay 20000
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [SpybotSnD] "c:\program files\spybot - search & destroy\SpybotSD.exe"
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0

\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [VirtualCloneDrive] "c:\program files\elaborate

bytes\virtualclonedrive\VCDDaemon.exe" /s
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\tony\startm~1\programs\startup\magicd~1.lnk - c:\program

files\magicdisc\MagicDisc.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\d-link~1.lnk - c:\program

files\d-link airplus g\AirPlus.exe
IE: &D&ownload &with BitComet - c:\program files\bitcomet\BitComet.exe/AddLink.htm
IE: &D&ownload all with BitComet - c:\program files\bitcomet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://c:\program

files\bitcomet\tools\BitCometBHO_1.4.11.9.dll/206
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\tony\start

menu\programs\imvu\Run IMVU.lnk
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} -

c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} -

c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} -

c:\progra~1\spybot~1\SDHelper.dll
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} -

hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} -

hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?

1264568607218
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-

1_6_0_22-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} -

hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-

1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-

1_6_0_22-windows-i586.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} -

hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
TCP: {93558906-EC3D-4513-8296-6F9C9B17FBB5} = 142.161.130.154 142.161.2.154
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program

files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1

\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32

\WPDShServiceObj.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common

files\lightscribe\LSRunOnce.exe"
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\tony\applic~1\mozilla\firefox\profiles\8b7oiedi.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.myfav.es/naotonekocutie
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en&q=
FF - component: c:\documents and settings\tony\application

data\mozilla\firefox\profiles\8b7oiedi.default\extensions\{b042753d-f57e-4e8e-a01b-

7379a6d4cefb}\components\IBitCometExtension.dll
FF - component: c:\documents and settings\tony\application

data\mozilla\firefox\profiles\8b7oiedi.default\extensions\firesheep@codebutler.com\platform

\winnt_x86-msvc\components\mozpopen.dll
FF - component: c:\program files\google\google gears\firefox\lib\ff36\gears.dll
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-

7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\tony\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\tony\local settings\application

data\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\documents and settings\tony\local settings\application

data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla

firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla

firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} -

c:\program files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program

files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b}

- c:\windows\microsoft.net\framework\v3.5\windows presentation

foundation\DotNetAssistantExtension
FF - Extension: Google Gears: {000a9d1c-beef-4f90-9363-039d445309b8} - c:\program

files\google\google gears\Firefox
FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6

\lib\deploy\jqs\ff
FF - Extension: BlockSite: {dd3d7613-0246-469d-bc65-2a3cc1668adc} - c:\docume~1

\tony\applic~1\mozilla\firefox\profiles\8b7oiedi.default\extensions\{dd3d7613-0246-469d-

bc65-2a3cc1668adc}
FF - Extension: New Tab Homepage: {66E978CD-981F-47DF-AC42-E3CF417C1467} - c:\docume~1

\tony\applic~1\mozilla\firefox\profiles\8b7oiedi.default\extensions\{66E978CD-981F-47DF-

AC42-E3CF417C1467}
FF - Extension: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - c:\docume~1

\tony\applic~1\mozilla\firefox\profiles\8b7oiedi.default\extensions\{d10d0bf8-f5b5-c8b4-

a8b2-2b9879e08c5d}
FF - Extension: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - c:\docume~1

\tony\applic~1\mozilla\firefox\profiles\8b7oiedi.default\extensions\{73a6fe31-595d-460b-

a920-fcc0f8843232}
FF - Extension: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - c:\docume~1\tony\applic~1

\mozilla\firefox\profiles\8b7oiedi.default\extensions\{a0d7ccb3-214d-498b-b4aa-

0e8fda9a7bf7}
FF - Extension: Screengrab: {02450954-cdd9-410f-b1da-db804e18c671} - c:\docume~1

\tony\applic~1\mozilla\firefox\profiles\8b7oiedi.default\extensions\{02450954-cdd9-410f-

b1da-db804e18c671}
FF - Extension: BitComet Video Downloader: {B042753D-F57E-4e8e-A01B-7379A6D4CEFB} -

c:\docume~1\tony\applic~1\mozilla\firefox\profiles\8b7oiedi.default\extensions\{B042753D-

F57E-4e8e-A01B-7379A6D4CEFB}
FF - Extension: Firesheep: firesheep@codebutler.com - c:\docume~1\tony\applic~1

\mozilla\firefox\profiles\8b7oiedi.default\extensions\firesheep@codebutler.com
FF - Extension: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - c:\docume~1

\tony\applic~1\mozilla\firefox\profiles\8b7oiedi.default\extensions\{e4a8a97b-f2ed-450b-

b12d-ee082ba24781}
FF - Extension: YouTube to MP3: youtube2mp3@mondayx.de - c:\docume~1\tony\applic~1

\mozilla\firefox\profiles\8b7oiedi.default\extensions\youtube2mp3@mondayx.de
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b}

- c:\docume~1\tony\applic~1\mozilla\firefox\profiles\8b7oiedi.default\extensions\{20a82645

-c095-46ed-80e3-08825760534b}
FF - Extension: Firebug: firebug@software.joehewitt.com - c:\docume~1\tony\applic~1

\mozilla\firefox\profiles\8b7oiedi.default\extensions\firebug@software.joehewitt.com

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-7-11 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-7-11 17744]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe

[2010-7-11 40384]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-6-25 35088]
R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32

\drivers\A3AB.sys [2007-5-23 547744]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5

\AvastSvc.exe [2010-7-11 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5

\AvastSvc.exe [2010-7-11 40384]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter

Driver;c:\windows\system32\drivers\nx6000.sys [2010-7-12 30576]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN

v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18

130384]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS

[2010-9-7 16512]

=============== Created Last 30 ================

2010-11-22 05:18:54 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2010-11-22 05:18:54 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2010-11-16 05:41:22 -------- d-----w- C:\SMBX
2010-11-13 06:08:37 -------- d-----w- c:\program files\BestGameEver
2010-11-13 06:00:47 -------- d-----w- c:\program files\Elaborate Bytes
2010-11-13 00:11:49 -------- d-----w- c:\docume~1\tony\applic~1\Supercade
2010-11-08 05:21:15 -------- d-----w- c:\program files\Cheat Engine
2010-11-06 17:37:34 103864 ----a-w- c:\program files\mozilla

firefox\plugins\nppdf32.dll
2010-11-06 17:37:34 103864 ----a-w- c:\program files\internet

explorer\plugins\nppdf32.dll

==================== Find3M ====================

2010-09-18 17:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-15 09:50:37 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-15 07:29:49 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-09-10 05:58:08 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58:06 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-08 16:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 16:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-07 15:12:17 38848 ----a-w- c:\windows\avastSS.scr
2010-02-09 03:25:18 18499623 ----a-w- c:\program files\vlc-1.0.5-

win32.exe

============= FINISH: 17:25:37.96 ===============


Attach.txt:

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-11-27.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 26/01/2010 9:50:28 PM
System Uptime: 28/11/2010 4:10:42 PM (73 hours ago)

Motherboard: MICRO-STAR INTERNATIONAL CO., LTD | | MS-6570
Processor: AMD Athlon(tm) XP 2500+ | Socket A | 1829/166mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 76 GiB total, 12.837 GiB free.
D: is Removable
E: is Removable
F: is Removable
G: is Removable
H: is CDROM ()
I: is CDROM ()
J: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP232: 24/09/2010 8:16:54 PM - System Checkpoint
RP233: 25/09/2010 9:09:22 PM - System Checkpoint
RP234: 27/09/2010 1:50:29 AM - System Checkpoint
RP235: 28/09/2010 2:24:44 AM - System Checkpoint
RP236: 29/09/2010 2:28:40 AM - System Checkpoint
RP237: 29/09/2010 6:42:49 AM - Software Distribution Service 3.0
RP238: 30/09/2010 7:08:11 AM - System Checkpoint
RP239: 01/10/2010 8:03:14 AM - System Checkpoint
RP240: 02/10/2010 12:00:22 AM - Software Distribution Service 3.0
RP241: 04/10/2010 4:31:42 AM - System Checkpoint
RP242: 05/10/2010 5:01:54 AM - System Checkpoint
RP243: 06/10/2010 5:27:24 AM - System Checkpoint
RP244: 07/10/2010 6:20:10 AM - System Checkpoint
RP245: 08/10/2010 6:32:14 AM - System Checkpoint
RP246: 09/10/2010 6:40:38 AM - System Checkpoint
RP247: 10/10/2010 6:53:58 AM - System Checkpoint
RP248: 11/10/2010 7:45:31 AM - System Checkpoint
RP249: 12/10/2010 9:43:38 PM - System Checkpoint
RP250: 13/10/2010 12:05:07 PM - Installed Java(TM) 6 Update 22
RP251: 14/10/2010 12:09:53 AM - Software Distribution Service 3.0
RP252: 15/10/2010 1:42:16 AM - System Checkpoint
RP253: 16/10/2010 2:32:31 AM - System Checkpoint
RP254: 17/10/2010 2:56:33 AM - System Checkpoint
RP255: 18/10/2010 3:53:47 AM - System Checkpoint
RP256: 19/10/2010 4:36:43 AM - System Checkpoint
RP257: 20/10/2010 5:15:59 AM - System Checkpoint
RP258: 20/10/2010 3:28:15 PM - Removed OpenOffice.org 3.2
RP259: 20/10/2010 3:32:10 PM - Installed OpenOffice.org 3.2
RP260: 21/10/2010 6:03:31 PM - System Checkpoint
RP261: 23/10/2010 5:10:14 AM - System Checkpoint
RP262: 24/10/2010 10:51:01 AM - System Checkpoint
RP263: 25/10/2010 8:28:25 PM - System Checkpoint
RP264: 27/10/2010 1:25:24 PM - System Checkpoint
RP265: 27/10/2010 4:25:27 PM - Installed D-Link AirPlus G Wireless LAN Adapter
RP266: 29/10/2010 1:47:09 AM - System Checkpoint
RP267: 30/10/2010 3:37:20 AM - System Checkpoint
RP268: 31/10/2010 4:06:42 AM - System Checkpoint
RP269: 01/11/2010 9:23:56 AM - System Checkpoint
RP270: 03/11/2010 3:00:34 AM - System Checkpoint
RP271: 04/11/2010 3:12:48 AM - System Checkpoint
RP272: 05/11/2010 4:04:52 AM - System Checkpoint
RP273: 06/11/2010 5:54:03 AM - System Checkpoint
RP274: 07/11/2010 5:23:09 AM - System Checkpoint
RP275: 08/11/2010 12:59:25 PM - System Checkpoint
RP276: 10/11/2010 12:54:22 AM - System Checkpoint
RP277: 10/11/2010 10:54:38 AM - Software Distribution Service 3.0
RP278: 12/11/2010 4:36:33 AM - System Checkpoint
RP279: 13/11/2010 12:08:34 AM - Installed Audiosurf.
RP280: 14/11/2010 12:00:26 AM - Software Distribution Service 3.0
RP281: 15/11/2010 4:27:43 PM - System Checkpoint
RP282: 17/11/2010 5:31:59 PM - System Checkpoint
RP283: 18/11/2010 11:40:17 PM - System Checkpoint
RP284: 19/11/2010 11:53:02 PM - System Checkpoint
RP285: 21/11/2010 9:05:06 AM - System Checkpoint
RP286: 22/11/2010 9:52:38 AM - System Checkpoint
RP287: 23/11/2010 1:10:07 PM - System Checkpoint
RP288: 24/11/2010 4:57:21 PM - System Checkpoint
RP289: 25/11/2010 5:56:12 PM - System Checkpoint
RP290: 27/11/2010 4:05:51 AM - System Checkpoint
RP291: 28/11/2010 4:35:51 PM - System Checkpoint
RP292: 30/11/2010 2:38:34 PM - System Checkpoint

==== Installed Programs ======================

3ivx MPEG-4 5.0.3 (remove only)
4Musics FLAC to MP3 Converter 4.0
Acrobat.com
Adobe AIR
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Illustrator CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Photoshop CS3
Adobe Reader 9.4.1
Adobe Setup
Adobe Shockwave Player 11.5
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Apple Application Support
Apple Software Update
Audacity 1.2.6
Audiosurf
avast! Free Antivirus
BitComet 1.24
BitPim 1.0.7
CGoban 3
Cheat Engine 5.6
Cheat Engine 5.6.1
Creative Centrale
Creative Removable Disk Manager
Creative Software Update
Creative ZEN Mozaic User's Guide
D-Link AirPlus G Wireless LAN Adapter
DebugMode Wax 2.0
ERUNT 1.1j
Facebook Plug-In
FlipShare
Free Audio Converter version 2.0
Free Window Registry Repair
Gmask 1.70 English
Google Chrome
Google Gears
Google Update Helper
Guitar Pro 5.0
Hex Workshop v6
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
IcoFX 1.6.4
Java Auto Updater
Java(TM) 6 Update 22
Junk Mail filter update
LADSPA_plugins-win-0.4.15
LAME v3.98.2 for Audacity
LG USB Drivers
LightScribe System Software 1.10.16.1
MagicDisc 2.7.106
Magnifixer 2.3
Messenger Plus! Live
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Corporation
Microsoft LifeCam
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional 2007
Microsoft Office Professional 2007 Trial
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
MixMeister BPM Analyzer 1.0
Mozilla Firefox (3.6.12)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 8 Essentials
neroxml
NVIDIA Audio Driver
OpenOffice.org 3.2
PDF Settings
QuickTime
Renoise 2.0.0
Security Update for 2007 Microsoft Office System (KB2288621)
Security Update for 2007 Microsoft Office System (KB2289158)
Security Update for 2007 Microsoft Office System (KB2344875)
Security Update for 2007 Microsoft Office System (KB2345043)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft Office Access 2007 (KB979440)
Security Update for Microsoft Office Excel 2007 (KB2345035)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office Outlook 2007 (KB2288953)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office PowerPoint Viewer (KB2413381)
Security Update for Microsoft Office Publisher 2007 (KB982124)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB2344993)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB2360131)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
Segoe UI
Skype Toolbars
Skype™ 4.2
Spybot - Search & Destroy
StepMania (remove only)
Super Mario Bros. X version 1.3
TeamSpeak 3 Client
Uninstall 1.0.0.1
Unity Web Player
Unknown Device Identifier 7.00
Update for 2007 Microsoft Office System (KB967642)
Update for Outlook 2007 Junk Email Filter (KB2443839)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VCRedistSetup
VirtualCloneDrive
VLC media player 1.0.3
VST Bridge 1.1
WebFldrs XP
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows XP Service Pack 3
WinPcap 4.1.2
WinRAR archiver

==== Event Viewer Messages From Past Week ========

30/11/2010 3:16:57 AM, error: W32Time [17] - Time Provider NtpClient: An error occurred

during DNS lookup of the manually configured peer 'time.windows.com,0x1'. NtpClient will

try the DNS lookup again in 15 minutes. The error was: A socket operation was attempted to

an unreachable host. (0x80072751)
30/11/2010 3:16:13 AM, error: ipnathlp [32003] - The Network Address Translator (NAT) was

unable to request an operation of the kernel-mode translation module. This may indicate

misconfiguration, insufficient resources, or an internal error. The data is the error code.
24/11/2010 3:56:00 AM, error: Service Control Manager [7011] - Timeout (30000

milliseconds) waiting for a transaction response from the Dnscache service.

==== End Of File ===========================

NaotoNekoCutie
2010-12-02, 02:50
GMER LOG:

GMER 1.0.15.15530 - http://www.gmer.net
Rootkit scan 2010-12-01 18:50:21
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 Maxtor_6Y080L0 rev.YAR41BW0
Running: gmer.exe; Driver: C:\DOCUME~1\Tony\LOCALS~1\Temp\awtiqfoc.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwClose [0xEE7CECF0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateKey [0xEE7CEBAC]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDeleteKey [0xEE7CF160]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDeleteValueKey [0xEE7CF08A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwDuplicateObject [0xEE7CE782]
SSDT spkc.sys ZwEnumerateKey [0xF766CDA4]
SSDT spkc.sys ZwEnumerateValueKey [0xF766D132]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenKey [0xEE7CEC86]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenProcess [0xEE7CE6C2]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwOpenThread [0xEE7CE726]
SSDT spkc.sys ZwQueryKey [0xF766D20A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwQueryValueKey [0xEE7CEDA6]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRenameKey [0xEE7CF22E]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwRestoreKey [0xEE7CED66]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwSetValueKey [0xEE7CEEE6]

INT 0x62 ? 83B71BF8
INT 0x63 ? 838D2F00
INT 0x73 ? 838D2F00
INT 0x82 ? 83B71BF8
INT 0x83 ? 838D2F00

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xEE7DBBAE]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0xEE7DB9D2]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0xEE7DBB0C]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

PAGE ntoskrnl.exe!ObInsertObject 8056503A 5 Bytes JMP EE7D8FFA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!NtCreateSection 805652B3 7 Bytes JMP EE7DB9D6 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ZwCreateProcessEx 8057FE4C 7 Bytes JMP EE7DBBB2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ObMakeTemporaryObject 8059F8CA 5 Bytes JMP EE7D75D4 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
PAGE ntoskrnl.exe!ZwLoadDriver 805A3B73 7 Bytes JMP EE7DBB10 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software)
? spkc.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload F6EFC8AC 5 Bytes JMP 838D24E0
init C:\WINDOWS\system32\drivers\nvax.sys entry point in "init" section [0xF7815E1E]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Alwil Software\Avast5\AvastSvc.exe[1900] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 4 Bytes [C2, 04, 00, 90] {RET 0x4; NOP }
.text C:\Program Files\Mozilla Firefox\firefox.exe[2448] ntdll.dll!LdrLoadDll 7C9163C3 5 Bytes JMP 004013F0 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \WINDOWS\System32\Drivers\SCSIPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 83B732D8
IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F767FD4C] spkc.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F767FDA0] spkc.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F764F042] spkc.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F764F13E] spkc.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F764F0C0] spkc.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F764F800] spkc.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F764F6D6] spkc.sys
IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!DbgBreakPoint] 838D25E0
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F765EE9C] spkc.sys

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\WINDOWS\system32\services.exe[812] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00390002
IAT C:\WINDOWS\system32\services.exe[812] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00390000

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)
Device \FileSystem\Ntfs \Ntfs 83B701F8

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \Driver\usbohci \Device\USBPDO-0 838EC500
Device \Driver\usbohci \Device\USBPDO-1 838EC500
Device \Driver\usbehci \Device\USBPDO-2 83943500
Device \Driver\NetBT \Device\NetBT_Tcpip_{BD061ED8-47CD-4B20-B86A-29CD7981FFCE} 839BB1F8

AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \Driver\Ftdisk \Device\HarddiskVolume1 83BDE1F8
Device \Driver\Cdrom \Device\CdRom0 8390F4B0
Device \Driver\usbstor \Device\00000072 838AB500
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [F75C8B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 [F75C8B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [F75C8B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e [F75C8B40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\Cdrom \Device\CdRom1 8390F4B0
Device \Driver\usbstor \Device\00000073 838AB500
Device \Driver\Cdrom \Device\CdRom2 8390F4B0
Device \Driver\usbstor \Device\00000074 838AB500
Device \Driver\usbstor \Device\00000075 838AB500
Device \Driver\usbstor \Device\00000076 838AB500
Device \Driver\NetBT \Device\NetBt_Wins_Export 839BB1F8
Device \Driver\NetBT \Device\NetbiosSmb 839BB1F8

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

Device \Driver\usbohci \Device\USBFDO-0 838EC500
Device \Driver\usbohci \Device\USBFDO-1 838EC500
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 838B2500
Device \Driver\usbehci \Device\USBFDO-2 83943500
Device \FileSystem\MRxSmb \Device\LanmanRedirector 838B2500
Device \Driver\Ftdisk \Device\FtControl 83BDE1F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{93558906-EC3D-4513-8296-6F9C9B17FBB5} 839BB1F8
Device \Driver\VClone \Device\Scsi\VClone1 838C4500
Device \Driver\VClone \Device\Scsi\VClone1Port3Path0Target0Lun0 838C4500
Device \FileSystem\Cdfs \Cdfs 838D6500

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792

---- EOF - GMER 1.0.15 ----

km2357
2010-12-02, 21:23
When you post your logs, make sure that Word Wrap is turned off, makes it easier to read your logs that way. :)


IMPORTANT I notice there are signs of one or more P2P (Person to Person) File Sharing Programs on your computer.

BitComet 1.24

I'd like you to read the Guidelines for P2P Programs (http://spywarewarrior.com/viewtopic.php?t=26216) where we explain why it's not a good idea to have them.

Also available here (http://malwareremoval.com/forum/viewtopic.php?p=491394#p491394).

My recommendation is you go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).


Step # 1: Disable Teatimer

Spybot S&D's tea timer normally provides real-time protection from spyware, however it may interfere with what we need to do. We will disable it until the machine is clean when it can be re-enabled.

This is a two step process.
First step: Right-click the Spybot Icon in the System Tray (looks like a blue/white calendar with a padlock symbol)
If you have the version 1.5 or 1.6, Click once on Resident Protection, then Right click the Spybot icon again and make sure Resident Protection is now Unchecked. The Spybot icon in the System tray should now be now colorless.
If you have Version 1.4, Click on Exit Spybot S&D Resident

Second step, For Either Version : Open Spybot S&D
Click Mode, choose Advanced Mode
Go To the bottom of the Vertical Panel on the Left, Click Tools
then, also in left panel, click Resident shows a red/white shield.
If your firewall raises a question, say OK
In the Resident protection status frame, Uncheck the box labeled Resident "Tea-Timer"(Protection of over-all system settings) active
OK any prompts.
Use File, Exit to terminate Spybot
Reboot your machine for the changes to take effect.



Step # 2 Download and Run CKScanner.exe

Download CKScanner from here:http://downloads.malwareremoval.com/CKScanner.exe
Important - Save it to your desktop.
Doubleclick CKScanner.exe and click Search For Files.
After a very short time, when the cursor hourglass disappears, click Save List To File.
A message box will verify the file saved.
Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.


Post the CKScanner Log in your next post/reply.

NaotoNekoCutie
2010-12-03, 08:20
CKScanner - Additional Security Risks - These are not necessarily bad
c:\documents and settings\tony\desktop\stuff\mameui32\icons\cracksht.ico
c:\documents and settings\tony\desktop\stuff\mm8bdm\mm8bdm stuff\a\actors\inventory\balladecracker.txt
c:\documents and settings\tony\desktop\stuff\mm8bdm\mm8bdm stuff\a\sprites\weapons\balladecracker\bhnda0
c:\documents and settings\tony\desktop\stuff\mm8bdm\mm8bdm stuff\a\sprites\weapons\balladecracker\bhndb0
c:\documents and settings\tony\desktop\stuff\mm8bdm\mm8bdm stuff\a\sprites\weapons\balladecracker\bhndc0
c:\documents and settings\tony\desktop\stuff\mm8bdm\mm8bdm stuff\a\sprites\weapons\balladecracker\bhndd0
c:\documents and settings\tony\desktop\stuff\mm8bdm\mm8bdm stuff\a\sprites\weapons\balladecracker\bhnde0
c:\documents and settings\tony\desktop\stuff\mm8bdm\mm8bdm stuff\a\sprites\weapons\balladecracker\bhndf0
c:\documents and settings\tony\desktop\stuff\mm8bdm\mm8bdm stuff\a\sprites\weapons\balladecracker\bhndg0
c:\documents and settings\tony\desktop\stuff\mm8bdm\mm8bdm stuff\a\sprites\weapons\balladecracker\bhndh0
c:\documents and settings\tony\desktop\stuff\mm8bdm\mm8bdm stuff\a\sprites\weapons\balladecracker\bhndi0
c:\documents and settings\tony\desktop\stuff\mm8bdm\mm8bdm stuff\b\actors\inventory\balladecracker.txt
c:\documents and settings\tony\desktop\stuff\mm8bdm\mm8bdm stuff\b\sprites\weapons\balladecracker\bhnda0
c:\documents and settings\tony\desktop\stuff\mm8bdm\mm8bdm stuff\b\sprites\weapons\balladecracker\bhndb0
c:\documents and settings\tony\desktop\stuff\mm8bdm\mm8bdm stuff\b\sprites\weapons\balladecracker\bhndc0
c:\documents and settings\tony\desktop\stuff\mm8bdm\mm8bdm stuff\b\sprites\weapons\balladecracker\bhndd0
c:\documents and settings\tony\desktop\stuff\mm8bdm\mm8bdm stuff\b\sprites\weapons\balladecracker\bhnde0
c:\documents and settings\tony\desktop\stuff\mm8bdm\mm8bdm stuff\b\sprites\weapons\balladecracker\bhndf0
c:\documents and settings\tony\desktop\stuff\mm8bdm\mm8bdm stuff\b\sprites\weapons\balladecracker\bhndg0
c:\documents and settings\tony\desktop\stuff\mm8bdm\mm8bdm stuff\b\sprites\weapons\balladecracker\bhndh0
c:\documents and settings\tony\desktop\stuff\mm8bdm\mm8bdm stuff\b\sprites\weapons\balladecracker\bhndi0
c:\documents and settings\tony\desktop\stuff\rom\ds\saves\4916 - tetris party deluxe (u)(suxxors)(precracked).sav
c:\documents and settings\tony\desktop\stuff\rom\trimmed roms\4669 - safecracker (eur) (clean).nds
c:\documents and settings\tony\desktop\stuff\rom\trimmed roms\4916 - tetris party deluxe (u)(suxxors)(precracked).nds
c:\downloads\celemony melodyne studio edition v3.1.2.0 incl keygen\a-cm312.r00
c:\downloads\celemony melodyne studio edition v3.1.2.0 incl keygen\a-cm312.r01
c:\downloads\celemony melodyne studio edition v3.1.2.0 incl keygen\a-cm312.r02
c:\downloads\celemony melodyne studio edition v3.1.2.0 incl keygen\a-cm312.r03
c:\downloads\celemony melodyne studio edition v3.1.2.0 incl keygen\a-cm312.r04
c:\downloads\celemony melodyne studio edition v3.1.2.0 incl keygen\a-cm312.r05
c:\downloads\celemony melodyne studio edition v3.1.2.0 incl keygen\a-cm312.r06
c:\downloads\celemony melodyne studio edition v3.1.2.0 incl keygen\a-cm312.r07
c:\downloads\celemony melodyne studio edition v3.1.2.0 incl keygen\a-cm312.rar
c:\downloads\celemony melodyne studio edition v3.1.2.0 incl keygen\air.nfo
c:\downloads\celemony melodyne studio edition v3.1.2.0 incl keygen\ccd.txt
c:\downloads\celemony melodyne studio edition v3.1.2.0 incl keygen\file_id.diz
c:\downloads\celemony melodyne studio edition v3.1.2.0 incl keygen\setup.exe
c:\downloads\celemony melodyne studio edition v3.1.2.0 incl keygen\torrent downloaded from demonoid.com.txt
c:\program files\bestgameever\audiosurf\engine\channels\crypt.dll
c:\program files\debugmode\wax 2.0\presets\vl presets\vl misc\cracked.wxpr
scanner sequence 3.ZZ.11
----- EOF -----

km2357
2010-12-03, 21:28
Uninstall the following programs, if found:

celemony melodyne studio edition v3.1.2.0

Messenger Plus! Live

Take extra care in answering questions posed by any Uninstaller.

Reboot your computer.

Delete the following folder, if found:

c:\downloads\celemony melodyne studio edition v3.1.2.0 incl keygen


Please disable avast! Antivirus as it may interfere with the fixes. Remember to re-enable it back before posting the logs.

* Right click on avast! Antivirus icon near the clock and select Stop On-Access Protection.
* Right click on this icon again and select Program Settings.
* On the left, click on Troubleshooting.
* Uncheck (untick) this box - Disable avast! self-defense module.
* Click OK to apply the settings

If the above doesn't work, do the following:

Right click on the toolbar icon, then pull down "avast shield control" and click "Disable for 1 hour".



Step # 1: Download and Run ComboFix

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

*Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

When finished, it shall produce a log for you. Please post C:\ComboFix.txt in your next reply.

NaotoNekoCutie
2010-12-04, 08:23
ComboFix 10-12-03.01 - Tony 04/12/2010 0:09.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.2.1033.18.767.370 [GMT -6:00]
Running from: c:\documents and settings\Tony\Desktop\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Tony\Application Data\7za.exe
c:\documents and settings\Tony\Application Data\WinInstallMon.exe
c:\windows\system32\_000005_.tmp.dll
c:\windows\system32\_000012_.tmp.dll
c:\windows\system32\system
c:\windows\system32\winregs.ocx

.
((((((((((((((((((((((((( Files Created from 2010-11-04 to 2010-12-04 )))))))))))))))))))))))))))))))
.

2010-11-27 06:56 . 2010-11-27 06:56 -------- d-----w- c:\program files\ERUNT
2010-11-22 05:18 . 2008-04-13 18:39 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2010-11-22 05:18 . 2008-04-13 18:39 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2010-11-16 05:41 . 2010-11-16 05:53 -------- d-----w- C:\SMBX
2010-11-13 06:08 . 2010-11-13 06:08 -------- d-----w- c:\program files\BestGameEver
2010-11-13 06:00 . 2010-11-13 06:00 -------- d-----w- c:\program files\Elaborate Bytes
2010-11-13 00:11 . 2010-11-13 00:11 -------- d-----w- c:\documents and settings\Tony\Application Data\Supercade
2010-11-12 23:25 . 2010-11-12 23:25 -------- d-----w- c:\program files\Microsoft.NET
2010-11-08 05:21 . 2010-11-26 17:31 -------- d-----w- c:\program files\Cheat Engine
2010-11-06 17:37 . 2010-11-06 17:37 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2010-11-06 17:37 . 2010-11-06 17:37 103864 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
2010-11-05 01:54 . 2010-11-05 01:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-18 23:42 . 2010-09-18 23:42 388096 ----a-r- c:\documents and settings\Tony\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-09-18 17:23 . 2004-08-04 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-08-04 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2004-08-04 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2004-08-04 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-15 09:50 . 2010-07-02 19:06 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-15 07:29 . 2010-07-02 19:06 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-09-10 05:58 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58 . 2004-08-04 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-08 16:17 . 2010-09-08 16:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 16:17 . 2010-09-08 16:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-07 15:12 . 2010-07-11 13:22 38848 ----a-w- c:\windows\avastSS.scr
2010-09-07 15:11 . 2010-07-11 13:22 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-09-07 14:52 . 2010-07-11 13:23 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-09-07 14:52 . 2010-07-11 13:23 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-09-07 14:47 . 2010-07-11 13:23 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-09-07 14:47 . 2010-07-11 13:23 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-09-07 14:47 . 2010-07-11 13:23 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-09-07 14:47 . 2010-07-11 13:23 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-09-07 14:46 . 2010-07-11 13:23 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-02-09 03:25 . 2010-02-09 03:24 18499623 ----a-w- c:\program files\vlc-1.0.5-win32.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"SoftAuto.exe"="c:\program files\Creative\Software Update 3\SoftAuto.exe" [2008-08-13 405504]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-09-20 455968]
"c:\documents and settings\Tony\Application Data\InstallMon.exe"="c:\documents and settings\Tony\Application Data\InstallMon.exe" [2010-06-26 24576]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-09-02 13351304]
"Google Update"="c:\documents and settings\Tony\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-06-16 136176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-09-07 2838912]
"SpybotSnD"="c:\program files\Spybot - Search & Destroy\SpybotSD.exe" [2009-01-26 5365592]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-08-27 135536]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]

c:\documents and settings\Tony\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2010-1-27 576000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
D-Link AirPlus G Configuration Utility.lnk - c:\program files\D-Link AirPlus G\AirPlus.exe [2010-10-27 294912]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\WINDOWS\\system32\\javaw.exe"=
"c:\\Documents and Settings\\Tony\\Desktop\\Stuff\\MM8BDM\\skulltag.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"c:\\Documents and Settings\\Tony\\Local Settings\\Apps\\2.0\\KZ2AK88Q.Z49\\0EV35YJG.T65\\supe..tion_d68356b82e9cbcf5_0001.0000_4c2ff79a5feeae0e\\SupercadeClient.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"15014:TCP"= 15014:TCP:BitComet 15014 TCP
"15014:UDP"= 15014:UDP:BitComet 15014 UDP

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [27/01/2010 9:55 PM 722416]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [11/07/2010 7:23 AM 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [11/07/2010 7:23 AM 17744]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [25/06/2010 11:07 AM 35088]
R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys [23/05/2007 3:15 AM 547744]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [12/07/2010 4:24 PM 30576]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 1:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [21/03/2010 7:40 PM 136176]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [07/09/2010 11:28 PM 16512]
S3 CTUPnPSv;Creative Centrale Media Server;c:\program files\Creative\Creative Centrale\CTUPnPSv.exe [21/05/2008 5:42 AM 64000]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 1:16 PM 753504]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-09-20 03:46 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-12-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-12-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-22 01:39]

2010-12-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-22 01:39]

2010-12-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-527237240-1123561945-682003330-1004Core.job
- c:\documents and settings\Tony\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-29 20:45]

2010-12-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-527237240-1123561945-682003330-1004UA.job
- c:\documents and settings\Tony\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-29 20:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://flashflashrevolution.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Tony\Start Menu\Programs\IMVU\Run IMVU.lnk
TCP: {93558906-EC3D-4513-8296-6F9C9B17FBB5} = 142.161.130.154 142.161.2.154
FF - ProfilePath - c:\documents and settings\Tony\Application Data\Mozilla\Firefox\Profiles\8b7oiedi.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.myfav.es/naotonekocutie
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en&q=
FF - component: c:\documents and settings\Tony\Application Data\Mozilla\Firefox\Profiles\8b7oiedi.default\extensions\firesheep@codebutler.com\platform\WINNT_x86-msvc\components\mozpopen.dll
FF - component: c:\program files\Google\Google Gears\Firefox\lib\ff36\gears.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\Tony\Application Data\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\Tony\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\documents and settings\Tony\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Extension: Google Gears: {000a9d1c-beef-4f90-9363-039d445309b8} - c:\program files\Google\Google Gears\Firefox
FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Extension: BlockSite: {dd3d7613-0246-469d-bc65-2a3cc1668adc} - c:\documents and settings\Tony\Application Data\Mozilla\Firefox\Profiles\8b7oiedi.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}
FF - Extension: New Tab Homepage: {66E978CD-981F-47DF-AC42-E3CF417C1467} - c:\documents and settings\Tony\Application Data\Mozilla\Firefox\Profiles\8b7oiedi.default\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}
FF - Extension: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - c:\documents and settings\Tony\Application Data\Mozilla\Firefox\Profiles\8b7oiedi.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Extension: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - c:\documents and settings\Tony\Application Data\Mozilla\Firefox\Profiles\8b7oiedi.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
FF - Extension: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - c:\documents and settings\Tony\Application Data\Mozilla\Firefox\Profiles\8b7oiedi.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - Extension: Screengrab: {02450954-cdd9-410f-b1da-db804e18c671} - c:\documents and settings\Tony\Application Data\Mozilla\Firefox\Profiles\8b7oiedi.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
FF - Extension: Firesheep: firesheep@codebutler.com - c:\documents and settings\Tony\Application Data\Mozilla\Firefox\Profiles\8b7oiedi.default\extensions\firesheep@codebutler.com
FF - Extension: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - c:\documents and settings\Tony\Application Data\Mozilla\Firefox\Profiles\8b7oiedi.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Extension: YouTube to MP3: youtube2mp3@mondayx.de - c:\documents and settings\Tony\Application Data\Mozilla\Firefox\Profiles\8b7oiedi.default\extensions\youtube2mp3@mondayx.de
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\documents and settings\Tony\Application Data\Mozilla\Firefox\Profiles\8b7oiedi.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Extension: Firebug: firebug@software.joehewitt.com - c:\documents and settings\Tony\Application Data\Mozilla\Firefox\Profiles\8b7oiedi.default\extensions\firebug@software.joehewitt.com
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-RegistryBooster - c:\program files\Uniblue\RegistryBooster\launcher.exe
AddRemove-4Musics FLAC to MP3 Converter 4.0 Shareware_is1 - c:\program files\4Musics FLAC to MP3 Converter\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-04 00:16
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2010-12-04 00:20:19
ComboFix-quarantined-files.txt 2010-12-04 06:20

Pre-Run: 16,103,653,376 bytes free
Post-Run: 17,198,104,576 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptOut
[spybotsd]
timeout.old=30

- - End Of File - - 1766745261AF5A5230A2CCDA3A1AB7E2

km2357
2010-12-04, 20:09
Step # 1: Run CFScript


Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:


KILLALL::

Registry::

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"15014:TCP"=-
"15014:UDP"=-

DDS::

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File


Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.




http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif


Note: This CFScript is for use on NatoNekoCutie's computer only! Do not use it on your computer.


Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


In your next post/reply, I need to see the following:

1. The ComboFix Log that appears after Step 1 has been completed.
2. A fresh DDS Log taken after Step 1 has been completed.

NaotoNekoCutie
2010-12-06, 08:54
ComboFix Log:

ComboFix 10-12-04.03 - Tony 06/12/2010 0:26.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.2.1033.18.767.544 [GMT -6:00]
Running from: c:\documents and settings\Tony\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Tony\Desktop\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((( Files Created from 2010-11-06 to 2010-12-06 )))))))))))))))))))))))))))))))
.

2010-12-03 23:27 . 2010-12-03 23:27 83249512 ----a-w- c:\program files\Common Files\Windows Live\.cache\wlcB2.tmp
2010-12-02 06:06 . 2008-04-14 00:12 129536 ------w- c:\windows\system32\SETCC.tmp
2010-12-02 06:02 . 2010-08-27 21:59 636784 ----a-w- c:\windows\system32\LCCoin35.dll
2010-12-02 06:02 . 2010-08-27 21:59 514416 ----a-w- c:\windows\system32\LcProxy2.ax
2010-12-02 06:02 . 2010-12-02 06:02 -------- d-----w- c:\program files\Microsoft LifeCam
2010-11-27 06:56 . 2010-11-27 06:56 -------- d-----w- c:\program files\ERUNT
2010-11-22 05:18 . 2008-04-13 18:39 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2010-11-22 05:18 . 2008-04-13 18:39 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2010-11-16 05:41 . 2010-11-16 05:53 -------- d-----w- C:\SMBX
2010-11-13 06:08 . 2010-11-13 06:08 -------- d-----w- c:\program files\BestGameEver
2010-11-13 06:00 . 2010-11-13 06:00 -------- d-----w- c:\program files\Elaborate Bytes
2010-11-13 00:11 . 2010-11-13 00:11 -------- d-----w- c:\documents and settings\Tony\Application Data\Supercade
2010-11-12 23:25 . 2010-11-12 23:25 -------- d-----w- c:\program files\Microsoft.NET
2010-11-08 05:21 . 2010-11-26 17:31 -------- d-----w- c:\program files\Cheat Engine
2010-11-06 17:37 . 2010-11-06 17:37 103864 ----a-w- c:\program files\Mozilla Firefox\plugins\nppdf32.dll
2010-11-06 17:37 . 2010-11-06 17:37 103864 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-18 23:42 . 2010-09-18 23:42 388096 ----a-r- c:\documents and settings\Tony\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-09-18 17:23 . 2004-08-04 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-08-04 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2004-08-04 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2004-08-04 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-15 09:50 . 2010-07-02 19:06 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-15 07:29 . 2010-07-02 19:06 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-09-10 05:58 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58 . 2004-08-04 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-08 16:17 . 2010-09-08 16:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 16:17 . 2010-09-08 16:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-07 15:12 . 2010-07-11 13:22 38848 ----a-w- c:\windows\avastSS.scr
2010-09-07 15:11 . 2010-07-11 13:22 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-09-07 14:52 . 2010-07-11 13:23 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-09-07 14:52 . 2010-07-11 13:23 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-09-07 14:47 . 2010-07-11 13:23 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-09-07 14:47 . 2010-07-11 13:23 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-09-07 14:47 . 2010-07-11 13:23 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-09-07 14:47 . 2010-07-11 13:23 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-09-07 14:46 . 2010-07-11 13:23 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-02-09 03:25 . 2010-02-09 03:24 18499623 ----a-w- c:\program files\vlc-1.0.5-win32.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"SoftAuto.exe"="c:\program files\Creative\Software Update 3\SoftAuto.exe" [2008-08-13 405504]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-09-20 455968]
"c:\documents and settings\Tony\Application Data\InstallMon.exe"="c:\documents and settings\Tony\Application Data\InstallMon.exe" [2010-06-26 24576]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-09-02 13351304]
"Google Update"="c:\documents and settings\Tony\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-06-16 136176]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-09-07 2838912]
"SpybotSnD"="c:\program files\Spybot - Search & Destroy\SpybotSD.exe" [2009-01-26 5365592]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-08-27 135536]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]

c:\documents and settings\Tony\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2010-1-27 576000]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
D-Link AirPlus G Configuration Utility.lnk - c:\program files\D-Link AirPlus G\AirPlus.exe [2010-10-27 294912]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\WINDOWS\\system32\\javaw.exe"=
"c:\\Documents and Settings\\Tony\\Desktop\\Stuff\\MM8BDM\\skulltag.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"c:\\Documents and Settings\\Tony\\Local Settings\\Apps\\2.0\\KZ2AK88Q.Z49\\0EV35YJG.T65\\supe..tion_d68356b82e9cbcf5_0001.0000_4c2ff79a5feeae0e\\SupercadeClient.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [27/01/2010 9:55 PM 722416]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [11/07/2010 7:23 AM 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [11/07/2010 7:23 AM 17744]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [25/06/2010 11:07 AM 35088]
R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys [23/05/2007 3:15 AM 547744]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [12/07/2010 4:24 PM 30576]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 1:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [21/03/2010 7:40 PM 136176]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [07/09/2010 11:28 PM 16512]
S3 CTUPnPSv;Creative Centrale Media Server;c:\program files\Creative\Creative Centrale\CTUPnPSv.exe [21/05/2008 5:42 AM 64000]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 1:16 PM 753504]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-09-20 03:46 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-12-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-12-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-22 01:39]

2010-12-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-22 01:39]

2010-12-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-527237240-1123561945-682003330-1004Core.job
- c:\documents and settings\Tony\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-29 20:45]

2010-12-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-527237240-1123561945-682003330-1004UA.job
- c:\documents and settings\Tony\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-29 20:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://flashflashrevolution.com/
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Tony\Start Menu\Programs\IMVU\Run IMVU.lnk
FF - ProfilePath - c:\documents and settings\Tony\Application Data\Mozilla\Firefox\Profiles\8b7oiedi.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.myfav.es/naotonekocutie
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en&q=
FF - component: c:\documents and settings\Tony\Application Data\Mozilla\Firefox\Profiles\8b7oiedi.default\extensions\firesheep@codebutler.com\platform\WINNT_x86-msvc\components\mozpopen.dll
FF - component: c:\program files\Google\Google Gears\Firefox\lib\ff36\gears.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\Tony\Application Data\Facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\Tony\Local Settings\Application Data\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\documents and settings\Tony\Local Settings\Application Data\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\Google\Update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Extension: Google Gears: {000a9d1c-beef-4f90-9363-039d445309b8} - c:\program files\Google\Google Gears\Firefox
FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Extension: BlockSite: {dd3d7613-0246-469d-bc65-2a3cc1668adc} - c:\documents and settings\Tony\Application Data\Mozilla\Firefox\Profiles\8b7oiedi.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}
FF - Extension: New Tab Homepage: {66E978CD-981F-47DF-AC42-E3CF417C1467} - c:\documents and settings\Tony\Application Data\Mozilla\Firefox\Profiles\8b7oiedi.default\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}
FF - Extension: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - c:\documents and settings\Tony\Application Data\Mozilla\Firefox\Profiles\8b7oiedi.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Extension: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - c:\documents and settings\Tony\Application Data\Mozilla\Firefox\Profiles\8b7oiedi.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
FF - Extension: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - c:\documents and settings\Tony\Application Data\Mozilla\Firefox\Profiles\8b7oiedi.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - Extension: Screengrab: {02450954-cdd9-410f-b1da-db804e18c671} - c:\documents and settings\Tony\Application Data\Mozilla\Firefox\Profiles\8b7oiedi.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
FF - Extension: Firesheep: firesheep@codebutler.com - c:\documents and settings\Tony\Application Data\Mozilla\Firefox\Profiles\8b7oiedi.default\extensions\firesheep@codebutler.com
FF - Extension: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - c:\documents and settings\Tony\Application Data\Mozilla\Firefox\Profiles\8b7oiedi.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Extension: YouTube to MP3: youtube2mp3@mondayx.de - c:\documents and settings\Tony\Application Data\Mozilla\Firefox\Profiles\8b7oiedi.default\extensions\youtube2mp3@mondayx.de
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\documents and settings\Tony\Application Data\Mozilla\Firefox\Profiles\8b7oiedi.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Extension: Firebug: firebug@software.joehewitt.com - c:\documents and settings\Tony\Application Data\Mozilla\Firefox\Profiles\8b7oiedi.default\extensions\firebug@software.joehewitt.com
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-06 00:40
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3308)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Creative\Shared Files\CTDevSrv.exe
c:\program files\Flip Video\FlipShare\FlipShareService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2010-12-06 00:50:40 - machine was rebooted
ComboFix-quarantined-files.txt 2010-12-06 06:50
ComboFix2.txt 2010-12-04 06:20

Pre-Run: 18,134,790,144 bytes free
Post-Run: 18,218,905,600 bytes free

- - End Of File - - 3A2E79674526E4CCB1ACC7699C408C61


DDS Log:


DDS (Ver_10-11-27.01) - NTFSx86
Run by Tony at 0:55:07.32 on 06/12/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
Microsoft Windows XP Home Edition 5.1.2600.3.1252.2.1033.18.767.273 [GMT -6:00]

AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Creative\Software Update 3\SoftAuto.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Documents and Settings\Tony\Application Data\InstallMon.exe
C:\Program Files\MagicDisc\MagicDisc.exe
svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Creative\Shared Files\CTDevSrv.exe
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Tony\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://flashflashrevolution.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [SoftAuto.exe] "c:\program files\creative\software update 3\SoftAuto.exe"
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [c:\documents and settings\tony\application data\installmon.exe] c:\documents and settings\tony\application data\InstallMon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [Google Update] "c:\documents and settings\tony\local settings\application data\google\update\GoogleUpdate.exe" /c
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [SpybotSnD] "c:\program files\spybot - search & destroy\SpybotSD.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\tony\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\d-link~1.lnk - c:\program files\d-link airplus g\AirPlus.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\tony\start menu\programs\imvu\Run IMVU.lnk
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1264568607218
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
TCP: {93558906-EC3D-4513-8296-6F9C9B17FBB5} = 142.161.130.154 142.161.2.154
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\tony\applic~1\mozilla\firefox\profiles\8b7oiedi.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.myfav.es/naotonekocutie
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en&q=
FF - component: c:\documents and settings\tony\application data\mozilla\firefox\profiles\8b7oiedi.default\extensions\firesheep@codebutler.com\platform\winnt_x86-msvc\components\mozpopen.dll
FF - component: c:\program files\google\google gears\firefox\lib\ff36\gears.dll
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\tony\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\tony\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\documents and settings\tony\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Extension: Google Gears: {000a9d1c-beef-4f90-9363-039d445309b8} - c:\program files\google\google gears\Firefox
FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Extension: BlockSite: {dd3d7613-0246-469d-bc65-2a3cc1668adc} - c:\docume~1\tony\applic~1\mozilla\firefox\profiles\8b7oiedi.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}
FF - Extension: New Tab Homepage: {66E978CD-981F-47DF-AC42-E3CF417C1467} - c:\docume~1\tony\applic~1\mozilla\firefox\profiles\8b7oiedi.default\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}
FF - Extension: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - c:\docume~1\tony\applic~1\mozilla\firefox\profiles\8b7oiedi.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Extension: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - c:\docume~1\tony\applic~1\mozilla\firefox\profiles\8b7oiedi.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
FF - Extension: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - c:\docume~1\tony\applic~1\mozilla\firefox\profiles\8b7oiedi.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - Extension: Screengrab: {02450954-cdd9-410f-b1da-db804e18c671} - c:\docume~1\tony\applic~1\mozilla\firefox\profiles\8b7oiedi.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
FF - Extension: Firesheep: firesheep@codebutler.com - c:\docume~1\tony\applic~1\mozilla\firefox\profiles\8b7oiedi.default\extensions\firesheep@codebutler.com
FF - Extension: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - c:\docume~1\tony\applic~1\mozilla\firefox\profiles\8b7oiedi.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Extension: YouTube to MP3: youtube2mp3@mondayx.de - c:\docume~1\tony\applic~1\mozilla\firefox\profiles\8b7oiedi.default\extensions\youtube2mp3@mondayx.de
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\docume~1\tony\applic~1\mozilla\firefox\profiles\8b7oiedi.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Extension: Firebug: firebug@software.joehewitt.com - c:\docume~1\tony\applic~1\mozilla\firefox\profiles\8b7oiedi.default\extensions\firebug@software.joehewitt.com

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-7-11 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-7-11 17744]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-11 40384]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-6-25 35088]
R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys [2007-5-23 547744]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [2010-7-12 30576]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-3-21 136176]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2010-9-7 16512]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-11 40384]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-11 40384]
S3 CTUPnPSv;Creative Centrale Media Server;c:\program files\creative\creative centrale\CTUPnPSv.exe [2008-5-21 64000]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

=============== Created Last 30 ================

2010-12-04 06:05:47 -------- d-sha-r- C:\cmdcons
2010-12-04 06:01:55 98816 ----a-w- c:\windows\sed.exe
2010-12-04 06:01:55 89088 ----a-w- c:\windows\MBR.exe
2010-12-04 06:01:55 256512 ----a-w- c:\windows\PEV.exe
2010-12-04 06:01:55 161792 ----a-w- c:\windows\SWREG.exe
2010-12-03 23:27:43 83249512 ----a-w- c:\program files\common files\windows live\.cache\wlcB2.tmp
2010-12-02 06:06:27 129536 ------w- c:\windows\system32\SETCC.tmp
2010-12-02 06:02:41 636784 ----a-w- c:\windows\system32\LCCoin35.dll
2010-12-02 06:02:41 514416 ----a-w- c:\windows\system32\LcProxy2.ax
2010-12-02 06:02:14 -------- d-----w- c:\program files\Microsoft LifeCam
2010-11-22 05:18:54 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2010-11-22 05:18:54 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2010-11-16 05:41:22 -------- d-----w- C:\SMBX
2010-11-13 06:08:37 -------- d-----w- c:\program files\BestGameEver
2010-11-13 06:00:47 -------- d-----w- c:\program files\Elaborate Bytes
2010-11-13 00:11:49 -------- d-----w- c:\docume~1\tony\applic~1\Supercade
2010-11-08 05:21:15 -------- d-----w- c:\program files\Cheat Engine
2010-11-06 17:37:34 103864 ----a-w- c:\program files\mozilla firefox\plugins\nppdf32.dll
2010-11-06 17:37:34 103864 ----a-w- c:\program files\internet explorer\plugins\nppdf32.dll

==================== Find3M ====================

2010-09-18 17:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-15 09:50:37 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-15 07:29:49 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-09-10 05:58:08 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58:06 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-08 16:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 16:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-07 15:12:17 38848 ----a-w- c:\windows\avastSS.scr
2010-02-09 03:25:18 18499623 ----a-w- c:\program files\vlc-1.0.5-win32.exe

============= FINISH: 0:56:04.04 ===============

km2357
2010-12-06, 21:21
Registry Cleaners + "Tweak" Tools

Re. Free Window Registry Repair

I don't personally recommend the use of ANY Registry Cleaners or "Tweak" Tools

They are marketed as ways to make your machine run faster and more efficiently ...... Some will actually achieve this .... IF you know how to use them correctly.
Removing "Orphaned/Old/Obsolete" registry entries is fine ..... as long as they actually are "Orphaned/Old/Obsolete", it won't speed up your machine though
Stopping services and setting policies can speed up your machine ..... as long as you stop and set the right ones, and even then it's debatable if you will notice the improvement.

Remove the wrong registry entry, or stop the wrong service, and not only can you slow your machine .... you could kill it !

To use a Registry Cleaner or "Tweak" tool to its full advantage, you really need to know what it is they are doing and what else the changes may affect.
In short, if you know how to use them safely ----- you don't actually need them.

discussion on regcleaners >> http://forums.whatthetech.com/Regcleaner_t42862.html
And for more good information see what Miekiemoes has to say >> http://miekiemoes.blogspot.com/2008/02/registry-cleaners-and-system-tweaking_13.html


Step # 1: Download and Run ATF Cleaner
Download ATF (Atribune Temp File) Cleaner© by Atribune (http://www.atribune.org/ccount/click.php?id=1) to your desktop.

Double-click ATF Cleaner.exe to open it.

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.



Step # 2 Download and Run Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware from Here (http://www.malwarebytes.org/mbam-download.php).

Double Click mbam-setup.exe to install the application.
Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.


Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


Post the MalwareBytes' Log in your next post/reply.

NaotoNekoCutie
2010-12-07, 07:30
Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Database version: 5259

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

06/12/2010 11:24:38 PM
mbam-log-2010-12-06 (23-24-38).txt

Scan type: Quick scan
Objects scanned: 135573
Time elapsed: 7 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\Tony\application data\microsoft\a1.7z (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\documents and settings\Tony\application data\microsoft\n (Malware.Traces) -> Quarantined and deleted successfully.

km2357
2010-12-07, 21:11
Step # 1: Run Kaspersky Online Scan

Please go to Kaspersky website (http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html) and perform an online antivirus scan.

Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, Adware, Dialers, and other potentially dangerous programs
Archives
Mail databases Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Please post this log in your next reply.


In your next post/reply, I need to see the following:

1. Kaspersky Log
2. A fresh DDS Log
3. How is your computer doing, any problems?

NaotoNekoCutie
2010-12-08, 06:03
I'm having trouble with the scanner you linked me to. The update download kept going back to 0%. This has been going on for a few hours. Is there an alternative, or am I doing something wrong?

km2357
2010-12-08, 07:16
We'll try another online scanner.

I'd like us to scan your machine with ESET OnlineScan Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan (http://eset.com/onlinescan) Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetOnline.png button. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps) Click on http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png to download the ESET Smart Installer. Save it to your desktop. Double click on the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetSmartInstallDesktopIcon.png icon on your desktop. Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetAcceptTerms.png Click the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetStart.png button. Accept any security warnings from your browser. Check http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetScanArchives.png Push the Start button. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time. When the scan completes, push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetListThreats.png
Make sure that Remove found threats is unchecked
Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetExport.png, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply. Push the http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetBack.png button. Push http://billy-oneal.com/Canned%20Speeches/speechimages/eset/esetFinish.png


Post the ESET Log, A fresh DDS Log and let me know how your computer is doing in your next post/reply.

NaotoNekoCutie
2010-12-09, 05:59
The computer is a bit slow and the Pop-Up that selects the Address bar and opens a window to an inactive site is still happening. As well, when playing flash games, the controls sometimes "lock up" or stick.

Anyway, here are the logs...

ESET Log:

C:\Downloads\acidpro70a.zip a variant of Win32/Keygen.AR application deleted - quarantined

DDS Log:

DDS (Ver_10-11-27.01) - NTFSx86
Run by Tony at 21:55:03.43 on 08/12/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22
Microsoft Windows XP Home Edition 5.1.2600.3.1252.2.1033.18.767.72 [GMT -6:00]

AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Creative\Software Update 3\SoftAuto.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Documents and Settings\Tony\Application Data\InstallMon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Creative\Shared Files\CTDevSrv.exe
C:\Program Files\Flip Video\FlipShare\FlipShareService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe
C:\WINDOWS\system32\SNDVOL32.EXE
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Tony\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://flashflashrevolution.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [SoftAuto.exe] "c:\program files\creative\software update 3\SoftAuto.exe"
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
uRun: [c:\documents and settings\tony\application data\installmon.exe] c:\documents and settings\tony\application data\InstallMon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [Google Update] "c:\documents and settings\tony\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [SpybotSnD] "c:\program files\spybot - search & destroy\SpybotSD.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\docume~1\tony\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\d-link~1.lnk - c:\program files\d-link airplus g\AirPlus.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\tony\start menu\programs\imvu\Run IMVU.lnk
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1264568607218
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
TCP: {93558906-EC3D-4513-8296-6F9C9B17FBB5} = 142.161.130.154 142.161.2.154
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\tony\applic~1\mozilla\firefox\profiles\8b7oiedi.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.myfav.es/naotonekocutie
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en&q=
FF - component: c:\documents and settings\tony\application data\mozilla\firefox\profiles\8b7oiedi.default\extensions\firesheep@codebutler.com\platform\winnt_x86-msvc\components\mozpopen.dll
FF - component: c:\program files\google\google gears\firefox\lib\ff36\gears.dll
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\tony\application data\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\documents and settings\tony\local settings\application data\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\documents and settings\tony\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Extension: Skype extension for Firefox: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Extension: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Extension: Google Gears: {000a9d1c-beef-4f90-9363-039d445309b8} - c:\program files\google\google gears\Firefox
FF - Extension: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Extension: BlockSite: {dd3d7613-0246-469d-bc65-2a3cc1668adc} - c:\docume~1\tony\applic~1\mozilla\firefox\profiles\8b7oiedi.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}
FF - Extension: New Tab Homepage: {66E978CD-981F-47DF-AC42-E3CF417C1467} - c:\docume~1\tony\applic~1\mozilla\firefox\profiles\8b7oiedi.default\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}
FF - Extension: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - c:\docume~1\tony\applic~1\mozilla\firefox\profiles\8b7oiedi.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Extension: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - c:\docume~1\tony\applic~1\mozilla\firefox\profiles\8b7oiedi.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
FF - Extension: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - c:\docume~1\tony\applic~1\mozilla\firefox\profiles\8b7oiedi.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - Extension: Screengrab: {02450954-cdd9-410f-b1da-db804e18c671} - c:\docume~1\tony\applic~1\mozilla\firefox\profiles\8b7oiedi.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
FF - Extension: Firesheep: firesheep@codebutler.com - c:\docume~1\tony\applic~1\mozilla\firefox\profiles\8b7oiedi.default\extensions\firesheep@codebutler.com
FF - Extension: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - c:\docume~1\tony\applic~1\mozilla\firefox\profiles\8b7oiedi.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Extension: YouTube to MP3: youtube2mp3@mondayx.de - c:\docume~1\tony\applic~1\mozilla\firefox\profiles\8b7oiedi.default\extensions\youtube2mp3@mondayx.de
FF - Extension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\docume~1\tony\applic~1\mozilla\firefox\profiles\8b7oiedi.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Extension: Firebug: firebug@software.joehewitt.com - c:\docume~1\tony\applic~1\mozilla\firefox\profiles\8b7oiedi.default\extensions\firebug@software.joehewitt.com

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-7-11 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-7-11 17744]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-11 40384]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-6-25 35088]
R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys [2007-5-23 547744]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [2010-7-12 30576]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-3-21 136176]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2010-9-7 16512]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-11 40384]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-7-11 40384]
S3 CTUPnPSv;Creative Centrale Media Server;c:\program files\creative\creative centrale\CTUPnPSv.exe [2008-5-21 64000]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

=============== Created Last 30 ================

2010-12-09 00:35:37 -------- d-----w- c:\program files\ESET
2010-12-07 05:15:37 -------- d-----w- c:\docume~1\tony\applic~1\Malwarebytes
2010-12-07 05:15:29 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-07 05:15:28 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-12-07 05:15:17 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-07 05:15:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-04 06:05:47 -------- d-sha-r- C:\cmdcons
2010-12-04 06:01:55 98816 ----a-w- c:\windows\sed.exe
2010-12-04 06:01:55 89088 ----a-w- c:\windows\MBR.exe
2010-12-04 06:01:55 256512 ----a-w- c:\windows\PEV.exe
2010-12-04 06:01:55 161792 ----a-w- c:\windows\SWREG.exe
2010-12-03 23:27:43 83249512 ----a-w- c:\program files\common files\windows live\.cache\wlcB2.tmp
2010-12-02 06:06:27 129536 ------w- c:\windows\system32\SETCC.tmp
2010-12-02 06:02:41 636784 ----a-w- c:\windows\system32\LCCoin35.dll
2010-12-02 06:02:41 514416 ----a-w- c:\windows\system32\LcProxy2.ax
2010-12-02 06:02:14 -------- d-----w- c:\program files\Microsoft LifeCam
2010-11-22 05:18:54 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2010-11-22 05:18:54 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2010-11-16 05:41:22 -------- d-----w- C:\SMBX
2010-11-13 06:08:37 -------- d-----w- c:\program files\BestGameEver
2010-11-13 06:00:47 -------- d-----w- c:\program files\Elaborate Bytes
2010-11-13 00:11:49 -------- d-----w- c:\docume~1\tony\applic~1\Supercade

==================== Find3M ====================

2010-09-18 17:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-09-15 09:50:37 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-15 07:29:49 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-09-10 05:58:08 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-10 05:58:06 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-10 05:58:06 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-02-09 03:25:18 18499623 ----a-w- c:\program files\vlc-1.0.5-win32.exe

============= FINISH: 21:56:37.57 ===============

km2357
2010-12-09, 08:16
The computer is a bit slow

Try the tips at the website below to see if that helps speed up the computer any:

http://www.malwareremoval.com/tutorials/runningslowly.php



As well, when playing flash games, the controls sometimes "lock up" or stick.

Try updating Flash on your computer, if you don't have the latest version. The latest version is 10.1.102.64



the Pop-Up that selects the Address bar and opens a window to an inactive site is still happening.

Does the pop-up only occur on FaceBook or does it happen on other websites? Does it happen only in Internet Explorer? Firefox? Or both?

NaotoNekoCutie
2010-12-10, 01:30
The tips you linked me to have helped speed up my computer a bit, but I have yet to defrag my harddrive.

Also, I have installed the latest flash player, and still have the same problem with flash games as I did before.

It might be an issue with the sites, because I use a standalone player to play Flash Flash Revolution and have almost no problems. The same can be said about ThirdStyle.

The problem with flash games I noted have only been experienced on the site called Newgrounds, because I don't really play flash games anywhere else.

As for the pop-up, it only occurs if I am on Facebook and happens in all browsers, except for Google Chrome, in which case causes the browser to crash instead.

NaotoNekoCutie
2010-12-10, 01:32
It might be an issue with the sites, because I use a standalone player to play Flash Flash Revolution and have almost no problems. The same can be said about ThirdStyle.

I forgot to mention that the standalone I use is Flash Player 8, and that I only play Flash Flash Revolution on it. ThirdStyle is playable within the respective website.

km2357
2010-12-10, 22:14
Since your flash problem only happens at newgrounds, it very well may be a problem with the site and not your flash player/flash itself. You may want to contact them to see if they have any knowledge/ideas to have solve the problem.



As for the pop-up, it only occurs if I am on Facebook and happens in all browsers, except for Google Chrome, in which case causes the browser to crash instead.

Ok, thanks for the info. :)


Step # 1: Download and Run GooredFix

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1 (http://jpshortstuff.247fixes.com/GooredFix.exe)
Download Mirror #2 (http://downloads.securitycadets.com/GooredFix.exe)
Ensure all Firefox windows are closed.
To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
When prompted to run the scan, click Yes.
GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).


Besides running GooredFix, I'd also like to get scans from the latest versions of both ComboFix and MalwareBytes' Anti-Malware.


First, delete ComboFix.exe off of your computer and download the latest version from one of the two links below:


Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.infospyware.net/antimalware/combofix/)


Be sure to save ComboFix.exe to your Desktop and make sure that both Avast and Spybot's Teatimer are both disabled before you run ComboFix.


Finally, I'd like for you to update MalwareBytes ( click the Update tab, next click Check for Updates to download any updates, if available. ) and run a Quick Scan. The MalwareBytes' database at the time of this writing is 5289.


In your next post/reply, I need to see the following:

1. GooredFix Log
2. ComboFix Log
3. MalwareBytes' Log

NaotoNekoCutie
2010-12-10, 23:51
The GooredFix keeps giving me an error report thing and closes.

This has happened from both download locations.

I have not scanned with ComboFix or Malwarebyte as of yet, because I am unsure if the GooredFix is necessary before the scans from the other two programs.

km2357
2010-12-11, 04:28
The GooredFix keeps giving me an error report thing and closes.

This has happened from both download locations.

What does the error report/message say?

NaotoNekoCutie
2010-12-13, 06:03
The GooredFix keeps giving me an error report thing and closes.

This has happened from both download locations.

I have not scanned with ComboFix or Malwarebyte as of yet, because I am unsure if the GooredFix is necessary before the scans from the other two programs.


What does the error report/message say?

Here are the windows I get when I run GooredFix:

http://i752.photobucket.com/albums/xx163/naotonekocutie/untitled.jpg

km2357
2010-12-13, 08:15
Thanks for the screenshot. :)

I need to ask the creator of GooredFix to see if he has any ideas, be back ASAP.

km2357
2010-12-13, 22:46
Thanks to jpshortstuff for his help. :)

Check your Desktop and if GooredFix.txt is on the Desktop, post the contents of that file in your next post/reply.

Also, go to C:\GooredFix Backups folder and see if there are logs in that folder, if there are post those as well in your next post/reply.

NaotoNekoCutie
2010-12-14, 05:37
Here is what was in the GooredFix log that is on my desktop:


GooredFix by jpshortstuff (03.07.10.1)
Log created at 21:36 on 13/12/2010 (Tony)
Firefox version 3.6.13 (en-US)

========== GooredScan ==========

As for the GooredFix Backups folder, there is only a 0KB file named "reboot.txt".

There no text in the document.

km2357
2010-12-14, 21:07
Ok, it looks like GooredFix didn't find anything.

We can move onto ComboFix and MalwareBytes'


Since ComboFix is frequently updated, delete ComboFix.exe and download the latest version from one of the two links below:

Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.infospyware.net/antimalware/combofix/)

Be sure to save ComboFix.exe to your Desktop and make sure that both Avast and Spybot's Teatimer are both disabled before you run ComboFix. :)


Finally, I'd like for you to update MalwareBytes ( click the Update tab, next click Check for Updates to download any updates, if available. ) and run a Quick Scan. The MalwareBytes' database at the time of this writing is 5313.


Post both the ComboFix and MalwareBytes' Logs in your next post/reply.

NaotoNekoCutie
2010-12-15, 09:37
ComboFix Log

ComboFix 10-12-14.04 - Tony 15/12/2010 1:10.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.2.1033.18.767.358 [GMT -6:00]
Running from: c:\documents and settings\Tony\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((( Files Created from 2010-11-15 to 2010-12-15 )))))))))))))))))))))))))))))))
.

2010-12-15 00:59 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2010-12-15 00:54 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2010-12-13 03:13 . 2010-12-13 03:13 -------- d-----w- c:\program files\Common Files\Skype
2010-12-09 23:26 . 2010-12-09 23:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-12-09 00:35 . 2010-12-09 00:35 -------- d-----w- c:\program files\ESET
2010-12-07 05:15 . 2010-12-07 05:15 -------- d-----w- c:\documents and settings\Tony\Application Data\Malwarebytes
2010-12-07 05:15 . 2010-11-29 23:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-07 05:15 . 2010-12-07 05:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-12-07 05:15 . 2010-12-07 05:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-12-07 05:15 . 2010-11-29 23:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-03 23:27 . 2010-12-03 23:27 83249512 ----a-w- c:\program files\Common Files\Windows Live\.cache\wlcB2.tmp
2010-12-02 06:06 . 2008-04-14 00:12 129536 ------w- c:\windows\system32\SETCC.tmp
2010-12-02 06:02 . 2010-08-27 21:59 636784 ----a-w- c:\windows\system32\LCCoin35.dll
2010-12-02 06:02 . 2010-08-27 21:59 514416 ----a-w- c:\windows\system32\LcProxy2.ax
2010-12-02 06:02 . 2010-12-02 06:02 -------- d-----w- c:\program files\Microsoft LifeCam
2010-11-29 23:38 . 2010-11-29 23:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 23:38 . 2010-11-29 23:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-27 06:56 . 2010-11-27 06:56 -------- d-----w- c:\program files\ERUNT
2010-11-22 05:18 . 2008-04-13 18:39 14592 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2010-11-22 05:18 . 2008-04-13 18:39 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2010-11-18 18:12 . 2010-11-18 18:12 81920 -c----w- c:\windows\system32\dllcache\isign32.dll
2010-11-16 05:41 . 2010-11-16 05:53 -------- d-----w- C:\SMBX

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-18 18:12 . 2010-01-27 03:45 81920 ----a-w- c:\windows\system32\isign32.dll
2010-11-06 00:26 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-11-06 00:26 . 2004-08-04 12:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-06 00:26 . 2004-08-04 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-11-03 12:25 . 2004-08-04 12:00 385024 ----a-w- c:\windows\system32\html.iec
2010-11-02 15:17 . 2004-08-04 12:00 40960 ----a-w- c:\windows\system32\drivers\ndproxy.sys
2010-10-28 13:13 . 2004-08-04 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-10-26 13:25 . 2004-08-04 12:00 1853312 ----a-w- c:\windows\system32\win32k.sys
2010-09-18 23:42 . 2010-09-18 23:42 388096 ----a-r- c:\documents and settings\Tony\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-09-18 17:23 . 2004-08-04 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll
2010-09-18 06:53 . 2004-08-04 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll
2010-09-18 06:53 . 2004-08-04 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll
2010-09-18 06:53 . 2004-08-04 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll
2010-02-09 03:25 . 2010-02-09 03:24 18499623 ----a-w- c:\program files\vlc-1.0.5-win32.exe
.

((((((((((((((((((((((((((((( SnapShot@2010-12-04_06.16.31 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-12-15 06:57 . 2010-12-15 06:57 16384 c:\windows\Temp\Perflib_Perfdata_d14.dat
+ 2010-12-15 06:55 . 2010-12-15 06:55 16384 c:\windows\Temp\Perflib_Perfdata_274.dat
+ 2010-01-27 05:37 . 2010-11-03 13:12 46080 c:\windows\system32\tzchange.exe
- 2010-01-27 05:37 . 2010-06-21 14:46 46080 c:\windows\system32\tzchange.exe
- 2010-09-15 05:02 . 2010-02-22 14:23 17272 c:\windows\system32\spmsg.dll
+ 2010-09-15 05:02 . 2009-05-26 11:40 17272 c:\windows\system32\spmsg.dll
+ 2004-08-04 12:00 . 2010-11-06 00:26 66560 c:\windows\system32\mshtmled.dll
- 2004-08-04 12:00 . 2010-09-10 05:58 66560 c:\windows\system32\mshtmled.dll
- 2009-03-08 10:31 . 2010-09-10 05:58 55296 c:\windows\system32\msfeedsbs.dll
+ 2009-03-08 10:31 . 2010-11-06 00:26 55296 c:\windows\system32\msfeedsbs.dll
+ 2004-08-04 12:00 . 2010-11-06 00:26 25600 c:\windows\system32\jsproxy.dll
- 2004-08-04 12:00 . 2010-09-10 05:58 25600 c:\windows\system32\jsproxy.dll
- 2010-01-27 05:39 . 2010-09-10 05:58 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2010-01-27 05:39 . 2010-11-06 00:26 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2004-08-04 12:00 . 2008-04-14 00:12 11776 c:\windows\system32\dllcache\regsvr32.exe
- 2004-08-04 12:00 . 2010-09-10 05:58 66560 c:\windows\system32\dllcache\mshtmled.dll
+ 2004-08-04 12:00 . 2010-11-06 00:26 66560 c:\windows\system32\dllcache\mshtmled.dll
- 2010-01-27 05:39 . 2010-09-10 05:58 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2010-01-27 05:39 . 2010-11-06 00:26 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2004-08-04 12:00 . 2010-09-10 05:58 43520 c:\windows\system32\dllcache\licmgr10.dll
+ 2004-08-04 12:00 . 2010-11-06 00:26 43520 c:\windows\system32\dllcache\licmgr10.dll
- 2004-08-04 12:00 . 2010-09-10 05:58 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2004-08-04 12:00 . 2010-11-06 00:26 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2010-02-10 05:20 . 2010-12-15 06:19 35088 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\oisicon.exe
- 2010-02-10 05:20 . 2010-11-10 16:58 35088 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\oisicon.exe
+ 2010-02-10 05:20 . 2010-12-15 06:19 18704 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\mspicons.exe
- 2010-02-10 05:20 . 2010-11-10 16:58 18704 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\mspicons.exe
+ 2010-02-10 05:20 . 2010-12-15 06:19 20240 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\cagicon.exe
- 2010-02-10 05:20 . 2010-11-10 16:58 20240 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\cagicon.exe
+ 2010-12-15 06:17 . 2010-09-10 05:58 12800 c:\windows\ie8updates\KB2416400-IE8\xpshims.dll
+ 2010-12-15 06:16 . 2010-09-10 05:58 66560 c:\windows\ie8updates\KB2416400-IE8\mshtmled.dll
+ 2010-12-15 06:16 . 2010-09-10 05:58 55296 c:\windows\ie8updates\KB2416400-IE8\msfeedsbs.dll
+ 2010-12-15 06:16 . 2010-09-10 05:58 43520 c:\windows\ie8updates\KB2416400-IE8\licmgr10.dll
+ 2010-12-15 06:16 . 2010-09-10 05:58 25600 c:\windows\ie8updates\KB2416400-IE8\jsproxy.dll
+ 2004-08-04 12:00 . 2010-11-06 00:26 206848 c:\windows\system32\occache.dll
- 2004-08-04 12:00 . 2010-09-10 05:58 206848 c:\windows\system32\occache.dll
+ 2004-08-04 12:00 . 2010-11-06 00:26 611840 c:\windows\system32\mstime.dll
- 2004-08-04 12:00 . 2010-09-10 05:58 611840 c:\windows\system32\mstime.dll
+ 2009-03-08 10:32 . 2010-11-06 00:26 602112 c:\windows\system32\msfeeds.dll
- 2009-03-08 10:32 . 2010-09-10 05:58 602112 c:\windows\system32\msfeeds.dll
- 2010-11-07 22:23 . 2010-11-07 22:23 233936 c:\windows\system32\Macromed\Flash\FlashUtil10l_Plugin.exe
+ 2010-11-07 22:23 . 2010-12-09 22:59 233936 c:\windows\system32\Macromed\Flash\FlashUtil10l_Plugin.exe
- 2004-08-04 12:00 . 2010-09-10 05:58 184320 c:\windows\system32\iepeers.dll
+ 2004-08-04 12:00 . 2010-11-06 00:26 184320 c:\windows\system32\iepeers.dll
- 2004-08-04 12:00 . 2010-09-10 05:58 387584 c:\windows\system32\iedkcs32.dll
+ 2004-08-04 12:00 . 2010-11-06 00:26 387584 c:\windows\system32\iedkcs32.dll
+ 2004-08-04 12:00 . 2010-11-03 12:26 173568 c:\windows\system32\ie4uinit.exe
- 2004-08-04 12:00 . 2010-09-10 05:58 916480 c:\windows\system32\dllcache\wininet.dll
+ 2004-08-04 12:00 . 2010-11-06 00:26 916480 c:\windows\system32\dllcache\wininet.dll
+ 2004-08-04 12:00 . 2010-11-06 00:26 206848 c:\windows\system32\dllcache\occache.dll
- 2004-08-04 12:00 . 2010-09-10 05:58 206848 c:\windows\system32\dllcache\occache.dll
+ 2004-08-04 12:00 . 2010-11-06 00:26 611840 c:\windows\system32\dllcache\mstime.dll
- 2004-08-04 12:00 . 2010-09-10 05:58 611840 c:\windows\system32\dllcache\mstime.dll
+ 2010-01-27 05:39 . 2010-11-06 00:26 602112 c:\windows\system32\dllcache\msfeeds.dll
- 2010-01-27 05:39 . 2010-09-10 05:58 602112 c:\windows\system32\dllcache\msfeeds.dll
+ 2010-01-27 05:39 . 2010-11-06 00:26 247808 c:\windows\system32\dllcache\ieproxy.dll
- 2010-01-27 05:39 . 2010-09-10 05:58 247808 c:\windows\system32\dllcache\ieproxy.dll
- 2004-08-04 12:00 . 2010-09-10 05:58 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2004-08-04 12:00 . 2010-11-06 00:26 184320 c:\windows\system32\dllcache\iepeers.dll
- 2010-06-09 23:37 . 2010-09-10 05:58 743424 c:\windows\system32\dllcache\iedvtool.dll
+ 2010-06-09 23:37 . 2010-11-06 00:26 743424 c:\windows\system32\dllcache\iedvtool.dll
- 2004-08-04 12:00 . 2010-09-10 05:58 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2004-08-04 12:00 . 2010-11-06 00:26 387584 c:\windows\system32\dllcache\iedkcs32.dll
+ 2004-08-04 12:00 . 2010-11-03 12:26 173568 c:\windows\system32\dllcache\ie4uinit.exe
+ 2010-04-20 05:30 . 2010-10-28 13:13 290048 c:\windows\system32\dllcache\atmfd.dll
+ 2010-12-09 23:30 . 2010-12-09 23:30 811008 c:\windows\Installer\e36805e.msi
+ 2010-07-23 07:03 . 2010-07-23 07:03 338432 c:\windows\Installer\5c836e3.msp
+ 2010-12-13 03:16 . 2010-12-13 03:16 689152 c:\windows\Installer\29500.msi
+ 2010-12-13 03:13 . 2010-12-13 03:13 371272 c:\windows\Installer\{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}\SkypeIcon.exe
+ 2010-02-10 05:20 . 2010-12-15 06:19 888080 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\wordicon.exe
- 2010-02-10 05:20 . 2010-11-10 16:58 888080 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\wordicon.exe
- 2010-02-10 05:20 . 2010-11-10 16:58 272648 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pubs.exe
+ 2010-02-10 05:20 . 2010-12-15 06:19 272648 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pubs.exe
- 2010-02-10 05:20 . 2010-11-10 16:58 922384 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pptico.exe
+ 2010-02-10 05:20 . 2010-12-15 06:19 922384 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\pptico.exe
+ 2010-02-10 05:20 . 2010-12-15 06:19 845584 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\outicon.exe
- 2010-02-10 05:20 . 2010-11-10 16:58 845584 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\outicon.exe
+ 2010-02-10 05:20 . 2010-12-15 06:19 217864 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\misc.exe
- 2010-02-10 05:20 . 2010-11-10 16:58 217864 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\misc.exe
+ 2008-11-04 10:13 . 2008-11-04 10:13 118128 c:\windows\Installer\$PatchCache$\Managed\00002119410000000000000000F01FEC\12.0.6425\MSCONV97.DLL
+ 2010-12-15 06:16 . 2010-09-10 05:58 916480 c:\windows\ie8updates\KB2416400-IE8\wininet.dll
+ 2010-12-15 06:17 . 2010-07-05 13:16 382840 c:\windows\ie8updates\KB2416400-IE8\spuninst\updspapi.dll
+ 2010-12-15 06:17 . 2010-02-22 14:23 231288 c:\windows\ie8updates\KB2416400-IE8\spuninst\spuninst.exe
+ 2010-12-15 06:16 . 2010-09-10 05:58 206848 c:\windows\ie8updates\KB2416400-IE8\occache.dll
+ 2010-12-15 06:16 . 2010-09-10 05:58 611840 c:\windows\ie8updates\KB2416400-IE8\mstime.dll
+ 2010-12-15 06:16 . 2010-09-10 05:58 602112 c:\windows\ie8updates\KB2416400-IE8\msfeeds.dll
+ 2010-12-15 06:17 . 2010-09-10 05:58 247808 c:\windows\ie8updates\KB2416400-IE8\ieproxy.dll
+ 2010-12-15 06:16 . 2010-09-10 05:58 184320 c:\windows\ie8updates\KB2416400-IE8\iepeers.dll
+ 2010-12-15 06:17 . 2010-09-10 05:58 743424 c:\windows\ie8updates\KB2416400-IE8\iedvtool.dll
+ 2010-12-15 06:17 . 2010-09-10 05:58 387584 c:\windows\ie8updates\KB2416400-IE8\iedkcs32.dll
+ 2010-12-15 06:17 . 2010-08-26 12:22 173056 c:\windows\ie8updates\KB2416400-IE8\ie4uinit.exe
+ 2004-08-04 12:00 . 2010-11-06 00:26 1210880 c:\windows\system32\urlmon.dll
- 2004-08-04 12:00 . 2010-09-10 05:58 1210880 c:\windows\system32\urlmon.dll
+ 2004-08-04 12:00 . 2010-11-06 00:26 5959168 c:\windows\system32\mshtml.dll
+ 2010-01-27 01:07 . 2010-12-09 22:59 5971408 c:\windows\system32\Macromed\Flash\NPSWF32.dll
- 2010-01-27 01:07 . 2010-11-07 22:23 5971408 c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2009-03-08 10:32 . 2010-11-06 00:26 1991680 c:\windows\system32\iertutil.dll
+ 2010-01-26 21:32 . 2010-12-15 06:55 1705960 c:\windows\system32\FNTCACHE.DAT
+ 2009-08-14 13:21 . 2010-10-26 13:25 1853312 c:\windows\system32\dllcache\win32k.sys
- 2004-08-04 12:00 . 2010-09-10 05:58 1210880 c:\windows\system32\dllcache\urlmon.dll
+ 2004-08-04 12:00 . 2010-11-06 00:26 1210880 c:\windows\system32\dllcache\urlmon.dll
+ 2004-08-04 12:00 . 2010-11-06 00:26 5959168 c:\windows\system32\dllcache\mshtml.dll
+ 2010-01-27 05:39 . 2010-11-06 00:26 1991680 c:\windows\system32\dllcache\iertutil.dll
+ 2010-12-09 23:27 . 2010-12-09 23:27 9472000 c:\windows\Installer\e36804d.msi
+ 2010-10-22 00:10 . 2010-10-22 00:10 3995136 c:\windows\Installer\5c83707.msp
+ 2010-11-21 05:35 . 2010-11-21 05:35 3359744 c:\windows\Installer\5c836f5.msp
+ 2010-12-13 03:13 . 2010-12-13 03:13 1580544 c:\windows\Installer\294ea.msi
- 2010-02-10 05:20 . 2010-11-10 16:58 1172240 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\xlicons.exe
+ 2010-02-10 05:20 . 2010-12-15 06:19 1172240 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\xlicons.exe
- 2010-02-10 05:20 . 2010-11-10 16:58 1165584 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\accicons.exe
+ 2010-02-10 05:20 . 2010-12-15 06:19 1165584 c:\windows\Installer\{91120000-0014-0000-0000-0000000FF1CE}\accicons.exe
+ 2010-12-15 06:16 . 2010-09-10 05:58 1210880 c:\windows\ie8updates\KB2416400-IE8\urlmon.dll
+ 2010-12-15 06:16 . 2010-09-10 05:58 5957120 c:\windows\ie8updates\KB2416400-IE8\mshtml.dll
+ 2010-12-15 06:16 . 2010-09-10 05:58 1986560 c:\windows\ie8updates\KB2416400-IE8\iertutil.dll
+ 2010-01-28 04:54 . 2010-12-15 06:03 37366216 c:\windows\system32\MRT.exe
+ 2009-03-08 10:39 . 2010-11-06 00:26 11080704 c:\windows\system32\ieframe.dll
+ 2010-01-27 05:39 . 2010-11-06 00:26 11080704 c:\windows\system32\dllcache\ieframe.dll
+ 2010-10-09 04:07 . 2010-10-09 04:07 11559424 c:\windows\Installer\5c836d0.msp
+ 2010-12-15 06:16 . 2010-09-10 05:58 11080192 c:\windows\ie8updates\KB2416400-IE8\ieframe.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"SoftAuto.exe"="c:\program files\Creative\Software Update 3\SoftAuto.exe" [2008-08-13 405504]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-09-20 455968]
"c:\documents and settings\Tony\Application Data\InstallMon.exe"="c:\documents and settings\Tony\Application Data\InstallMon.exe" [2010-06-26 24576]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Google Update"="c:\documents and settings\Tony\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-06-16 136176]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-10-11 14940040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-09-07 2838912]
"SpybotSnD"="c:\program files\Spybot - Search & Destroy\SpybotSD.exe" [2009-01-26 5365592]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-08-27 135536]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
D-Link AirPlus G Configuration Utility.lnk - c:\program files\D-Link AirPlus G\AirPlus.exe [2010-10-27 294912]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\WINDOWS\\system32\\javaw.exe"=
"c:\\Documents and Settings\\Tony\\Desktop\\Stuff\\MM8BDM\\skulltag.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\helpctr.exe"=
"c:\\Documents and Settings\\Tony\\Local Settings\\Apps\\2.0\\KZ2AK88Q.Z49\\0EV35YJG.T65\\supe..tion_d68356b82e9cbcf5_0001.0000_4c2ff79a5feeae0e\\SupercadeClient.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeEnC2.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeTray.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [27/01/2010 9:55 PM 722416]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [11/07/2010 7:23 AM 165584]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [11/07/2010 7:23 AM 17744]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [25/06/2010 11:07 AM 35088]
R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys [23/05/2007 3:15 AM 547744]
R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\drivers\nx6000.sys [12/07/2010 4:24 PM 30576]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 1:16 PM 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [21/03/2010 7:40 PM 136176]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [07/09/2010 11:28 PM 16512]
S3 CTUPnPSv;Creative Centrale Media Server;c:\program files\Creative\Creative Centrale\CTUPnPSv.exe [21/05/2008 5:42 AM 64000]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 1:16 PM 753504]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-09-20 03:46 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder

2010-12-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2010-12-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-22 01:39]

2010-12-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-22 01:39]

2010-12-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-527237240-1123561945-682003330-1004Core.job
- c:\documents and settings\Tony\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-29 20:45]

2010-12-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-527237240-1123561945-682003330-1004UA.job
- c:\documents and settings\Tony\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-07-29 20:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://flashflashrevolution.com/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Tony\Start Menu\Programs\IMVU\Run IMVU.lnk
TCP: {93558906-EC3D-4513-8296-6F9C9B17FBB5} = 142.161.130.154 142.161.2.154
FF - ProfilePath - c:\documents and settings\Tony\Application Data\Mozilla\Firefox\Profiles\8b7oiedi.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.myfav.es/naotonekocutie
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com
FF - Ext: Firesheep: firesheep@codebutler.com - %profile%\extensions\firesheep@codebutler.com
FF - Ext: YouTube to MP3: youtube2mp3@mondayx.de - %profile%\extensions\youtube2mp3@mondayx.de
FF - Ext: Screengrab: {02450954-cdd9-410f-b1da-db804e18c671} - %profile%\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: New Tab Homepage: {66E978CD-981F-47DF-AC42-E3CF417C1467} - %profile%\extensions\{66E978CD-981F-47DF-AC42-E3CF417C1467}
FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
FF - Ext: WOT: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} - %profile%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: BlockSite: {dd3d7613-0246-469d-bc65-2a3cc1668adc} - %profile%\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Google Gears: {000a9d1c-beef-4f90-9363-039d445309b8} - c:\program files\Google\Google Gears\Firefox
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-12-15 01:19
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3356)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2010-12-15 01:24:50
ComboFix-quarantined-files.txt 2010-12-15 07:24
ComboFix2.txt 2010-12-06 06:50
ComboFix3.txt 2010-12-04 06:20

Pre-Run: 22,659,436,544 bytes free
Post-Run: 22,803,525,632 bytes free

- - End Of File - - 396D98D8415146A2215F7C338D2FB423


MalwareBytes Log

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Database version: 5317

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

15/12/2010 1:34:44 AM
mbam-log-2010-12-15 (01-34-44).txt

Scan type: Quick scan
Objects scanned: 136023
Time elapsed: 5 minute(s), 9 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

km2357
2010-12-15, 21:12
Don't see anything in either the new ComboFix or MalwareBytes' Log.

Has there been any change or do you still get the popup on Facebook?

And does this popup only happen on one Facebook account or does it happen on every FaceBook account on your computer, assuming that you/your family has multiple FaceBook accounts?

NaotoNekoCutie
2010-12-16, 07:34
The pop-ups have seemed to stop, but the address bar thing that usually happened right before the pop-up were to show up is still happening.

It happens on any account, even when I log out of Facebook and happen to be on the front page.

It's a click war when whatever does this tries to select the address bar over and over.

Another thing I noticed about the behavior of whatever is selecting the address bar is that it copies what is in the address bar at the time. I happened to try to copy and paste after one of said click wars and was greeted by the URL of the page I was just on.

I'm still not completely sure if the pop-ups have stopped, but I will keep you posted.

km2357
2010-12-16, 21:23
That's good news that the popups have stopped appearing. :) Keep me updated if they come back.

Try doing the following to see if helps keep the popups away and fixes the problem with the address bar:

Step # 1 Download HostsXpert

Download HostsXpert (http://www.funkytoad.com/download/HostsXpert.zip) and unzip it to your desktop.

Open HostsXpert that you earlier unzipped on your Desktop.

Click "Make Hosts Writable?" upper right corner (if available)
Click "Restore Microsoft's Original Hosts File" and then click OK
Close HostsXpert
Note; IF you used any custom Hosts (eg. MVPS Hosts), you will have put them back manually


Also, you can try uininstalling then reinstalling your browsers (IE, Firefox and Chrome) to see if that fixes the problem.


Finally, does your computer connect to the Internet through a router or directly through a modem?

NaotoNekoCutie
2010-12-17, 04:34
The address bar thing is still happening after I used the HostsXpert tool.

I have uninstalled my browsers in the past and it did not fix the problem, but I will try again sometime soon when I have more time.

As for Internet access, I am connected directly to a modem.

Also, should I have put my hosts file back to read only before exiting the program?

km2357
2010-12-17, 21:22
Also, should I have put my hosts file back to read only before exiting the program?

Yes, you can set your hosts back to read-only.



As for Internet access, I am connected directly to a modem.

Try resetting your modem (Turn your computer off, unplug your modem, wait 30 seconds, plug it back in, wait till its fully powered up, then turn your computer back on) and see if that fixes the problem.



I have uninstalled my browsers in the past and it did not fix the problem, but I will try again sometime soon when I have more time.

Ok. :) Let me know how it goes with uninstalling/reinstalling your browsers.

km2357
2010-12-21, 21:10
NaotoNekoCutie? How are things coming along?

NaotoNekoCutie
2010-12-23, 05:25
NaotoNekoCutie? How are things coming along?

Not very well, I've had the Stomach Flu for almost 3 days now, sorry if my responses are getting sparse.

km2357
2010-12-23, 21:26
Sorry that you're not feeling well.

Once you're feeling better, go ahead and do the instructions from post #33 (http://forums.spybot.info/showpost.php?p=391219&postcount=33) of the thread and let me know if there is any change. :)

NaotoNekoCutie
2010-12-23, 21:52
Sorry that you're not feeling well.

Once you're feeling better, go ahead and do the instructions from post #33 (http://forums.spybot.info/showpost.php?p=391219&postcount=33) of the thread and let me know if there is any change. :)

Okay I did all of this, and it seems that Google Chrome is usable now and Firefox doesn't seem to be getting the pop-ups anymore. Thank you =D

If the pop-ups come up again, I'll let you know ASAP.

km2357
2010-12-23, 22:00
Okay I did all of this, and it seems that Google Chrome is usable now and Firefox doesn't seem to be getting the pop-ups anymore. Thank you =D

If the pop-ups come up again, I'll let you know ASAP.

That's great news. :bigthumb::bigthumb:

Go ahead and use your computer like you normally would and if the popups don't come back by the 26th (in three days), we can finish up here. :)

If the popups come back before then, let me know that as well.

NaotoNekoCutie
2010-12-23, 22:26
That's great news. :bigthumb::bigthumb:

Go ahead and use your computer like you normally would and if the popups don't come back by the 26th (in three days), we can finish up here. :)

If the popups come back before then, let me know that as well.

The Pop-ups came back T_T

km2357
2010-12-24, 01:06
Ok.

Did they come back on Firefox or on Chrome? And is it the same popups as before or different ones?

km2357
2010-12-29, 07:18
This topic has been archived due to inactivity.

If it has been three days or more since your last post, and the helper assisting you
posted a response to that post to which you did not reply, your topic will not be
reopened. At that point, if you still require help, please start a new topic and include
a new DDS log with a link to your previous thread. Please do not add any logs that
might have been requested in the closed topic, you would be starting fresh.

Applies only to the original poster, anyone else with similar problems please start a new
topic.