hackbar stoolbar problem [Archive] - Safer-Networking Forums

View Full Version : hackbar stoolbar problem

JSeringer

2011-03-20, 17:20

Trying to remove Hackbar Stoolbar

Thank you -- Here is the DDS file

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 5/11/2007 3:51:28 PM
System Uptime: 2/20/2011 8:45:41 AM (2 hours ago)
.
Motherboard: Dell Inc. | | 0DN075
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | Microprocessor | 2992/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 74 GiB total, 35.374 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 186 GiB total, 176.784 GiB free.
H: is NetworkDisk (NTFS) - 533 GiB total, 501.22 GiB free.
J: is NetworkDisk (NTFS) - 533 GiB total, 501.22 GiB free.
P: is NetworkDisk (NTFS) - 533 GiB total, 501.22 GiB free.
U: is NetworkDisk (NTFS) - 533 GiB total, 501.22 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1527: 1/4/2011 5:01:26 PM - System Checkpoint
RP1528: 1/5/2011 5:10:31 PM - System Checkpoint
RP1529: 1/6/2011 11:10:15 AM - Configured Microsoft Office Home and Student 2010
RP1530: 1/7/2011 9:21:12 AM - Configured Microsoft Office Home and Student 2010
RP1531: 1/8/2011 12:19:51 PM - System Checkpoint
RP1532: 1/10/2011 7:41:18 PM - System Checkpoint
RP1533: 1/12/2011 12:17:15 PM - System Checkpoint
RP1534: 1/13/2011 12:29:08 PM - System Checkpoint
RP1535: 1/14/2011 8:52:46 AM - Configured Microsoft Office Home and Student 2010
RP1536: 1/15/2011 9:29:07 AM - System Checkpoint
RP1537: 1/15/2011 11:28:16 AM - Configured Microsoft Office Home and Student 2010
RP1538: 1/16/2011 11:29:07 AM - System Checkpoint
RP1539: 1/17/2011 11:32:14 AM - System Checkpoint
RP1540: 1/18/2011 12:19:22 PM - System Checkpoint
RP1541: 1/19/2011 12:29:08 PM - System Checkpoint
RP1542: 1/20/2011 1:07:24 PM - System Checkpoint
RP1543: 1/21/2011 1:38:31 PM - System Checkpoint
RP1544: 1/22/2011 10:36:00 PM - System Checkpoint
RP1545: 1/24/2011 12:01:34 PM - System Checkpoint
RP1546: 1/25/2011 12:34:05 PM - System Checkpoint
RP1547: 1/26/2011 4:37:37 PM - System Checkpoint
RP1548: 1/27/2011 1:55:46 PM - Configured Microsoft Office Home and Student 2010
RP1549: 1/28/2011 3:12:59 PM - System Checkpoint
RP1550: 1/28/2011 4:14:57 PM - Configured Microsoft Office Home and Student 2010
RP1551: 1/28/2011 4:15:24 PM - Configured Microsoft Office Home and Student 2010
RP1552: 1/29/2011 4:36:30 PM - System Checkpoint
RP1553: 1/30/2011 5:36:29 PM - System Checkpoint
RP1554: 1/31/2011 8:50:49 AM - Removed iTunes
RP1555: 1/31/2011 10:24:17 AM - Configured Microsoft Office Home and Student 2010
RP1556: 2/1/2011 9:35:10 AM - Configured Microsoft Office Home and Student 2010
RP1557: 2/2/2011 10:27:05 AM - Installed HP Software Update
RP1558: 2/3/2011 11:02:39 AM - System Checkpoint
RP1559: 2/4/2011 5:26:41 PM - System Checkpoint
RP1560: 2/7/2011 7:32:48 AM - System Checkpoint
RP1561: 2/8/2011 9:19:20 AM - System Checkpoint
RP1562: 2/9/2011 9:07:24 AM - Configured Microsoft Office Home and Student 2010
RP1563: 2/10/2011 11:50:29 AM - System Checkpoint
RP1564: 2/10/2011 5:50:05 PM - Configured Microsoft Office Home and Student 2010
RP1565: 2/10/2011 5:50:29 PM - Configured Microsoft Office Home and Student 2010
RP1566: 2/12/2011 9:12:24 AM - System Checkpoint
RP1567: 2/13/2011 9:48:52 AM - System Checkpoint
RP1568: 2/14/2011 12:05:22 PM - System Checkpoint
RP1569: 2/14/2011 2:45:37 PM - Installed Windows Media Player 11
RP1570: 2/14/2011 2:47:35 PM - Installed Windows XP MSCompPackV1.
RP1571: 2/15/2011 12:40:24 PM - Configured Microsoft Office Home and Student 2010
RP1572: 2/16/2011 11:02:10 AM - Configured Microsoft Office Home and Student 2010
RP1573: 2/17/2011 11:45:01 AM - System Checkpoint
RP1574: 2/17/2011 12:44:01 PM - Configured Microsoft Office Home and Student 2010
RP1575: 2/18/2011 10:24:27 AM - Configured Microsoft Office Home and Student 2010
RP1576: 2/19/2011 11:10:39 AM - System Checkpoint
RP1577: 2/20/2011 12:09:41 PM - System Checkpoint
RP1578: 2/21/2011 12:10:42 PM - System Checkpoint
RP1579: 2/22/2011 3:37:04 PM - System Checkpoint
RP1580: 2/23/2011 2:35:44 PM - Configured Microsoft Office Home and Student 2010
RP1581: 2/24/2011 8:24:12 AM - Configured Microsoft Office Home and Student 2010
RP1582: 2/24/2011 8:24:54 AM - Configured Microsoft Office Home and Student 2010
RP1583: 2/24/2011 9:02:46 AM - Configured Microsoft Office Home and Student 2010
RP1584: 2/24/2011 9:56:45 AM - Configured Microsoft Office Home and Student 2010
RP1585: 2/24/2011 3:47:55 PM - Configured Microsoft Office Home and Student 2010
RP1586: 2/25/2011 10:44:22 AM - Configured Microsoft Office Home and Student 2010
RP1587: 2/26/2011 11:21:15 AM - System Checkpoint
RP1588: 2/27/2011 11:35:33 AM - System Checkpoint
RP1589: 2/28/2011 11:44:24 AM - System Checkpoint
RP1590: 3/1/2011 11:53:54 AM - System Checkpoint
RP1591: 3/2/2011 12:35:33 PM - System Checkpoint
RP1592: 3/3/2011 1:35:33 PM - System Checkpoint
RP1593: 3/4/2011 5:04:47 PM - System Checkpoint
RP1594: 3/7/2011 11:47:46 AM - System Checkpoint
RP1595: 3/8/2011 2:23:10 PM - System Checkpoint
RP1596: 3/9/2011 2:29:12 PM - System Checkpoint
RP1597: 3/10/2011 3:29:12 PM - System Checkpoint
RP1598: 3/11/2011 4:01:54 PM - System Checkpoint
RP1599: 3/12/2011 4:29:13 PM - System Checkpoint
RP1600: 3/13/2011 6:29:13 PM - System Checkpoint
RP1601: 3/14/2011 8:05:21 PM - System Checkpoint
RP1602: 3/15/2011 8:09:05 PM - System Checkpoint
RP1603: 3/16/2011 10:45:17 AM - Configured Microsoft Office Home and Student 2010
RP1604: 3/17/2011 9:41:10 AM - Configured Microsoft Office Home and Student 2010
RP1605: 3/18/2011 12:09:58 PM - System Checkpoint
RP1606: 2/18/2011 3:43:15 PM - Installed Windows XP KB959252-v2.
RP1607: 2/18/2011 3:44:11 PM - Installed Windows XP KB953155.
RP1608: 2/18/2011 3:50:42 PM - Installed Windows XP KB953155.
RP1609: 2/18/2011 3:51:21 PM - Installed Windows XP KB955704.
RP1610: 2/18/2011 3:51:46 PM - Installed Windows XP KB950582.
RP1611: 2/18/2011 3:52:03 PM - Installed Windows XP KB833407.
RP1612: 2/18/2011 3:52:26 PM - Installed Windows XP KB975254.
RP1613: 2/19/2011 10:56:54 AM - Installed CounterSpy.
RP1614: 2/19/2011 11:44:43 AM - Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
RP1615: 2/19/2011 11:44:55 AM - Installed AVG 2011
RP1616: 2/19/2011 11:55:33 AM - Installed AVG 2011
RP1617: 2/19/2011 12:36:35 PM - Installed FixCleaner
.
==== Installed Programs ======================
.
Acrobat.com
Active Audio Record 2.0
Adobe Acrobat 5.0
Adobe AIR
Adobe ConnectNow Add-in
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.2.6
AVG 2011
AVG Anti-Rootkit Free
Batch DOCX to DOC Converter 2010
Broadcom Advanced Control Suite
Broadcom ASF Management Applications
CAT DLLs
CCleaner (remove only)
Citrix Presentation Server Client
Clip Art Collection
Compatibility Pack for the 2007 Office system
Comtribute Download Manager
CounterSpy
Critical Update for Windows Media Player 11 (KB959772)
Dell ETS Factory Installation
DialClientIPC
DialServer
DigiRecMP3
DocScan Pro version 6.1 b225
ERUNT 1.1j
FileZilla (remove only)
FileZilla Client 3.3.5.1
FixCleaner
Freeze.com NetAssistant
GNU Privacy Guard
GnuPG For Windows
Google Chrome
Google Chrome Frame
Google Desktop
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
GoToAssist Customer 1.5.0.258
GradeSpeed Lite for Windows 95/98/NT
High Definition Audio Driver Package - KB835221
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB959252-v2)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
hp LaserJet 1160/1320 series
HP Software Update
Hunt Bar . Stoolbar Removal Tool [1]
Inbox Toolbar
Intel(R) Matrix Storage Manager
Java 2 Runtime Environment, SE v1.4.2_18
Java Auto Updater
Java(TM) 6 Update 21
Java(TM) SE Runtime Environment 6 Update 1
Junk Mail filter update
KONICA MINOLTA magicolor 2480MF
magicolor 2480MF scan
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Professional
Microsoft Office 97, Professional Edition
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Visio IFilter 2003
Microsoft Office Visio Standard 2003
Microsoft Office Word MUI (English) 2010
Microsoft Outlook Web Access S/MIME
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 14
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft UI Engine
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox (3.6.15)
MSN Toolbar
MSN Toolbar Platform
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
NetAssistant
NetMeeting Resource Kit 3.0
NVIDIA Drivers
Octoshape add-in for Adobe Flash Player
OGA Notifier 2.0.0048.0
OpenOffice.org Installer 1.0
orion
PCFix
PowerDVD 5.7
PrintScreen
Project1
QuickBooks Pro 2007
QuickBooks Product Listing Service
QuickTime
RegCure
RunAlyzer
SearchAssist
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950582)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975254)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Segoe UI
SHELL (C:\Program Files\SHELL\) #5
SHELL (C:\Program Files\SHELL\) #6
SHELL (C:\Program Files\SHELL\) #7
SHELL (C:\Program Files\SHELL\) #8
Skype Toolbars

Blade81

2011-03-22, 20:49

Hi,

Please post dds.txt part too :)

JSeringer

2011-03-23, 14:12

Hello Blade

I posted the DDS text file and also attached something called the SpybotSD.Results.txt. Is there anything else you need

Thanks

Blade81

2011-03-23, 16:33

Hi,

Please re-run DDS and you should get two logs as output: dds.txt & attach.txt. Copy-paste contents of those into your reply :)

JSeringer

2011-03-23, 20:28

Thank you, here they are

DDS.txt

DDS (Ver_11-03-05.01) - NTFSx86
Run by Joe Seringer at 14:22:52.04 on Wed 03/23/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.835 [GMT -5:00]
.
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\ICWM\Printer\RDIConverterService.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\MSN Toolbar\Platform\4.0.0401.0\mswinext.exe
C:\Documents and Settings\All Users\Application Data\Comtribute\jseringer.wesearch.co.il\Enposit.Update.exe
C:\Program Files\AVG\AVG10\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
C:\Program Files\FixCleaner\FixCleaner.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\Program Files\AVG\AVG10\avgcsrvx.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Spyware Cease 2011\SpywareCease2011.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files\Adobe\Reader 8.0\Reader\AcroRd32.exe
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Joe Seringer\Local Settings\Temporary Internet Files\Content.IE5\Z1FL9YW9\dds[1].com
.
============== Pseudo HJT Report ===============
.
uSearch Bar = hxxp://toolbar.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://google.com/
mStart Page = hxxp://jseringer.wesearch.co.il
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
mCustomizeSearch = hxxp://toolbar.inbox.com/help/sa_customize.aspx?tbid=80114
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
uURLSearchHooks: N/A: {d3d233d5-9f6d-436c-b6c7-e63f77503b30} - c:\progra~1\inboxt~1\Inbox.dll
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.6209.1142\swg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\4.0.0401.0\npwinext.dll
BHO: : {d3d233d5-9f6d-436c-b6c7-e63f77503b30} - c:\progra~1\inboxt~1\Inbox.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: orion : {ecb75292-6320-4cd2-be42-ba4bdc219155} - mscoree.dll
TB: &Inbox Toolbar: {d7e97865-918f-41e4-9cd0-25ab1c574ce8} - c:\progra~1\inboxt~1\Inbox.dll
TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\4.0.0401.0\npwinext.dll
TB: orion : {ecb75292-6320-4cd2-be42-ba4bdc219155} - mscoree.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
TB: {F5046A39-68F3-4732-995F-EB2EA26D93FB} - No File
TB: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\Iaanotif.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [StatusClient 2.6] c:\program files\hewlett-packard\toolbox\statusclient\StatusClient.exe /auto
mRun: [TomcatStartup 2.5] c:\program files\hewlett-packard\toolbox\hpbpsttp.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [MSN Toolbar] "c:\program files\msn toolbar\platform\4.0.0401.0\mswinext.exe"
mRun: [Comtribute Download Manager] "c:\documents and settings\all users\application data\comtribute\Comtribute.DownloadManager.exe" /checkupdate
mRun: [jseringer.wesearch.co.il Updater] c:\documents and settings\all users\application data\comtribute\jseringer.wesearch.co.il\Enposit.Update.exe
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [SNM] c:\program files\spynomore\SNM.exe /startup
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\joeser~1\startm~1\programs\startup\micros~2.lnk - c:\program files\microsoft office\office\FINDFAST.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~2.lnk - c:\program files\microsoft office\office\FINDFAST.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office2000\office\OSA9.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\office~1.lnk - c:\program files\microsoft office\office\OSA.EXE
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\QuickBooks Update Agent.lnk.disabled
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
mPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: EnableVirtualization = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: mail
DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} - hxxp://gethelp.bankofamerica.com/sdccommon/download/tgctlsr.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {41564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab
DPF: {61F38134-94CB-491C-AECA-37B387E73C23} - hxxps://vge.on.webvisuals.net/confmgr/mount/12418/branding/installs/ICWMInstall.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {8BBDC81D-81B3-49EE-87E8-47B7A707FAE8} - hxxps://www1.gotomeeting.com/default/applets/g2mdlax.cab
DPF: {A7ECD556-D6F6-4F41-8C6B-14AB246801A0} - hxxps://contentdelivery.verizon.com/webapps/bsgdirect/kdx/kdx.cab
DPF: {A93B47FD-9BF6-4DA8-97FC-9270B9D64A6C} - hxxp://192.168.0.99/plugin/h263ctrl.cab
DPF: {CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://freetrial.webex.com/client/T27LC/webex/ieatgpc.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg10\toolbar\IEToolbar.dll
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - c:\program files\google\chrome frame\application\10.0.648.151\npchrome_frame.dll
Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - c:\progra~1\inboxt~1\Inbox.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: x-excid - {9D6CC632-1337-4a33-9214-2DA092E776F4} - c:\windows\downloaded program files\mimectl.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: GoToAssist Express Customer - c:\program files\citrix\gotoassist express customer\258\g2ax_winlogon.dll
AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\joeser~1\applic~1\mozilla\firefox\profiles\kodwsnpb.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.inbox.com/homepage.aspx?tbid=80114&lng=en
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4d60046b&v=6.011.025.001&i=26&tp=ab&iy=&ychte=us&lng=en-US&q=
FF - component: c:\documents and settings\all users\application data\comtribute\jseringer.wesearch.co.il\firefox\components\Enposit.Firefox.Toolband2.dll
FF - component: c:\documents and settings\joe seringer\application data\mozilla\firefox\profiles\kodwsnpb.default\extensions\inboxcomtoolbar@inbox.com\components\plugins.dll
FF - component: c:\program files\avg\avg10\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg10\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Inbox Toolbar: inboxcomtoolbar@inbox.com - %profile%\extensions\inboxcomtoolbar@inbox.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: AddThis: {3e0e7d2a-070f-4a47-b019-91fe5385ba79} - %profile%\extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: orion Toolbar: toolbar@jseringer.wesearch.co.il.com - c:\documents and settings\all users\application data\comtribute\jseringer.wesearch.co.il\Firefox
FF - Ext: XULRunner: {FDE65E59-80B8-4943-8DAF-67FDE97FC689} - c:\documents and settings\joe seringer\local settings\application data\{FDE65E59-80B8-4943-8DAF-67FDE97FC689}
FF - Ext: XULRunner: {04E176C3-3182-4C3B-9FD5-9D223204FB27} - c:\documents and settings\test\local settings\application data\{04E176C3-3182-4C3B-9FD5-9D223204FB27}
FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\avg\avg10\Firefox
FF - Ext: AVG Security Toolbar em:version=6.011.025.001 em:displayname=AVG Security Toolbar em:iconURL=chrome://tavgp/skin/logo.ico em:creator=AVG Technologies em:description=AVG Security Toolbar em:homepageURL=http://www.avg.com >: avg@igeared - c:\program files\avg\avg10\toolbar\firefox\avg@igeared
.
============= SERVICES / DRIVERS ===============
.
R0 AVG Anti-Rootkit;AVG Anti-Rootkit;c:\windows\system32\drivers\avgarkt.sys [2007-1-31 5632]
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 25680]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 26064]
R1 AvgArCln;Avg Anti-Rootkit Clean Driver;c:\windows\system32\drivers\AvgArCln.sys [2011-2-19 3968]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-12-8 251728]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34384]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-11-12 299984]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]
R2 ASFIPmon;Broadcom ASF IP Monitor;c:\program files\broadcom\asfipmon\AsfIpMon.exe [2006-3-17 65536]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2010-10-22 265400]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2010-11-17 54760]
R2 RDIConverterPrintHelper;RDI Document Conversion Helper;c:\program files\common files\icwm\printer\RDIConverterService.exe [2008-10-1 64888]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-3 123472]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-3 30288]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-3 26192]
R3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S0 TfFsMon;TfFsMon; [x]
S0 TfSysMon;TfSysMon; [x]
S1 SBRE;SBRE;\??\c:\windows\system32\drivers\sbredrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-1-6 6128720]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-10 135664]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg10\toolbar\ToolbarBroker.exe [2011-2-19 517448]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-5-10 30192]
S3 GoToAssist Express Customer;GoToAssist Express Customer;c:\program files\citrix\gotoassist express customer\258\g2ax_service.exe [2010-12-15 161144]
S3 RkHit;RkHit;\??\c:\windows\system32\drivers\rkhit.sys --> c:\windows\system32\drivers\RKHit.sys [?]
S3 TfNetMon;TfNetMon; [x]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [2010-8-5 100496]
S3 VBoxNetFlt;VBoxNetFlt Service; [x]
.
=============== Created Last 30 ================
.
2011-03-22 14:31:41 -------- d-----w- c:\windows\pss
.
==================== Find3M ====================
.
2011-02-19 18:41:11 1152 ----a-w- c:\windows\system32\windrv.sys
2011-02-07 12:53:44 0 ----a-w- c:\windows\Tvulecabafojoce.bin
2011-01-31 23:36:46 12368840 ----a-w- c:\program files\malware_removal.exe
.
============= FINISH: 14:24:01.82 ===============

ATTACH.txt

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 5/11/2007 3:51:28 PM
System Uptime: 3/21/2011 1:43:59 PM (49 hours ago)
.
Motherboard: Dell Inc. | | 0DN075
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | Microprocessor | 2992/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 74 GiB total, 35.369 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 186 GiB total, 176.784 GiB free.
H: is NetworkDisk (NTFS) - 533 GiB total, 501.217 GiB free.
J: is NetworkDisk (NTFS) - 533 GiB total, 501.217 GiB free.
P: is NetworkDisk (NTFS) - 533 GiB total, 501.217 GiB free.
U: is NetworkDisk (NTFS) - 533 GiB total, 501.217 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1527: 1/4/2011 5:01:26 PM - System Checkpoint
RP1528: 1/5/2011 5:10:31 PM - System Checkpoint
RP1529: 1/6/2011 11:10:15 AM - Configured Microsoft Office Home and Student 2010
RP1530: 1/7/2011 9:21:12 AM - Configured Microsoft Office Home and Student 2010
RP1531: 1/8/2011 12:19:51 PM - System Checkpoint
RP1532: 1/10/2011 7:41:18 PM - System Checkpoint
RP1533: 1/12/2011 12:17:15 PM - System Checkpoint
RP1534: 1/13/2011 12:29:08 PM - System Checkpoint
RP1535: 1/14/2011 8:52:46 AM - Configured Microsoft Office Home and Student 2010
RP1536: 1/15/2011 9:29:07 AM - System Checkpoint
RP1537: 1/15/2011 11:28:16 AM - Configured Microsoft Office Home and Student 2010
RP1538: 1/16/2011 11:29:07 AM - System Checkpoint
RP1539: 1/17/2011 11:32:14 AM - System Checkpoint
RP1540: 1/18/2011 12:19:22 PM - System Checkpoint
RP1541: 1/19/2011 12:29:08 PM - System Checkpoint
RP1542: 1/20/2011 1:07:24 PM - System Checkpoint
RP1543: 1/21/2011 1:38:31 PM - System Checkpoint
RP1544: 1/22/2011 10:36:00 PM - System Checkpoint
RP1545: 1/24/2011 12:01:34 PM - System Checkpoint
RP1546: 1/25/2011 12:34:05 PM - System Checkpoint
RP1547: 1/26/2011 4:37:37 PM - System Checkpoint
RP1548: 1/27/2011 1:55:46 PM - Configured Microsoft Office Home and Student 2010
RP1549: 1/28/2011 3:12:59 PM - System Checkpoint
RP1550: 1/28/2011 4:14:57 PM - Configured Microsoft Office Home and Student 2010
RP1551: 1/28/2011 4:15:24 PM - Configured Microsoft Office Home and Student 2010
RP1552: 1/29/2011 4:36:30 PM - System Checkpoint
RP1553: 1/30/2011 5:36:29 PM - System Checkpoint
RP1554: 1/31/2011 8:50:49 AM - Removed iTunes
RP1555: 1/31/2011 10:24:17 AM - Configured Microsoft Office Home and Student 2010
RP1556: 2/1/2011 9:35:10 AM - Configured Microsoft Office Home and Student 2010
RP1557: 2/2/2011 10:27:05 AM - Installed HP Software Update
RP1558: 2/3/2011 11:02:39 AM - System Checkpoint
RP1559: 2/4/2011 5:26:41 PM - System Checkpoint
RP1560: 2/7/2011 7:32:48 AM - System Checkpoint
RP1561: 2/8/2011 9:19:20 AM - System Checkpoint
RP1562: 2/9/2011 9:07:24 AM - Configured Microsoft Office Home and Student 2010
RP1563: 2/10/2011 11:50:29 AM - System Checkpoint
RP1564: 2/10/2011 5:50:05 PM - Configured Microsoft Office Home and Student 2010
RP1565: 2/10/2011 5:50:29 PM - Configured Microsoft Office Home and Student 2010
RP1566: 2/12/2011 9:12:24 AM - System Checkpoint
RP1567: 2/13/2011 9:48:52 AM - System Checkpoint
RP1568: 2/14/2011 12:05:22 PM - System Checkpoint
RP1569: 2/14/2011 2:45:37 PM - Installed Windows Media Player 11
RP1570: 2/14/2011 2:47:35 PM - Installed Windows XP MSCompPackV1.
RP1571: 2/15/2011 12:40:24 PM - Configured Microsoft Office Home and Student 2010
RP1572: 2/16/2011 11:02:10 AM - Configured Microsoft Office Home and Student 2010
RP1573: 2/17/2011 11:45:01 AM - System Checkpoint
RP1574: 2/17/2011 12:44:01 PM - Configured Microsoft Office Home and Student 2010
RP1575: 2/18/2011 10:24:27 AM - Configured Microsoft Office Home and Student 2010
RP1576: 2/19/2011 11:10:39 AM - System Checkpoint
RP1577: 2/20/2011 12:09:41 PM - System Checkpoint
RP1578: 2/21/2011 12:10:42 PM - System Checkpoint
RP1579: 2/22/2011 3:37:04 PM - System Checkpoint
RP1580: 2/23/2011 2:35:44 PM - Configured Microsoft Office Home and Student 2010
RP1581: 2/24/2011 8:24:12 AM - Configured Microsoft Office Home and Student 2010
RP1582: 2/24/2011 8:24:54 AM - Configured Microsoft Office Home and Student 2010
RP1583: 2/24/2011 9:02:46 AM - Configured Microsoft Office Home and Student 2010
RP1584: 2/24/2011 9:56:45 AM - Configured Microsoft Office Home and Student 2010
RP1585: 2/24/2011 3:47:55 PM - Configured Microsoft Office Home and Student 2010
RP1586: 2/25/2011 10:44:22 AM - Configured Microsoft Office Home and Student 2010
RP1587: 2/26/2011 11:21:15 AM - System Checkpoint
RP1588: 2/27/2011 11:35:33 AM - System Checkpoint
RP1589: 2/28/2011 11:44:24 AM - System Checkpoint
RP1590: 3/1/2011 11:53:54 AM - System Checkpoint
RP1591: 3/2/2011 12:35:33 PM - System Checkpoint
RP1592: 3/3/2011 1:35:33 PM - System Checkpoint
RP1593: 3/4/2011 5:04:47 PM - System Checkpoint
RP1594: 3/7/2011 11:47:46 AM - System Checkpoint
RP1595: 3/8/2011 2:23:10 PM - System Checkpoint
RP1596: 3/9/2011 2:29:12 PM - System Checkpoint
RP1597: 3/10/2011 3:29:12 PM - System Checkpoint
RP1598: 3/11/2011 4:01:54 PM - System Checkpoint
RP1599: 3/12/2011 4:29:13 PM - System Checkpoint
RP1600: 3/13/2011 6:29:13 PM - System Checkpoint
RP1601: 3/14/2011 8:05:21 PM - System Checkpoint
RP1602: 3/15/2011 8:09:05 PM - System Checkpoint
RP1603: 3/16/2011 10:45:17 AM - Configured Microsoft Office Home and Student 2010
RP1604: 3/17/2011 9:41:10 AM - Configured Microsoft Office Home and Student 2010
RP1605: 3/18/2011 12:09:58 PM - System Checkpoint
RP1606: 2/18/2011 3:43:15 PM - Installed Windows XP KB959252-v2.
RP1607: 2/18/2011 3:44:11 PM - Installed Windows XP KB953155.
RP1608: 2/18/2011 3:50:42 PM - Installed Windows XP KB953155.
RP1609: 2/18/2011 3:51:21 PM - Installed Windows XP KB955704.
RP1610: 2/18/2011 3:51:46 PM - Installed Windows XP KB950582.
RP1611: 2/18/2011 3:52:03 PM - Installed Windows XP KB833407.
RP1612: 2/18/2011 3:52:26 PM - Installed Windows XP KB975254.
RP1613: 2/19/2011 10:56:54 AM - Installed CounterSpy.
RP1614: 2/19/2011 11:44:43 AM - Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
RP1615: 2/19/2011 11:44:55 AM - Installed AVG 2011
RP1616: 2/19/2011 11:55:33 AM - Installed AVG 2011
RP1617: 2/19/2011 12:36:35 PM - Installed FixCleaner
RP1618: 3/21/2011 12:08:48 PM - Removed CounterSpy.
RP1619: 3/21/2011 1:47:25 PM - Removed FixCleaner
RP1620: 3/22/2011 2:59:21 PM - System Checkpoint
.
==== Installed Programs ======================
.
Acrobat.com
Active Audio Record 2.0
Adobe Acrobat 5.0
Adobe AIR
Adobe ConnectNow Add-in
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.2.6
AVG 2011
AVG Anti-Rootkit Free
Batch DOCX to DOC Converter 2010
Broadcom Advanced Control Suite
Broadcom ASF Management Applications
CAT DLLs
Citrix Presentation Server Client
Clip Art Collection
Compatibility Pack for the 2007 Office system
Comtribute Download Manager
Critical Update for Windows Media Player 11 (KB959772)
Dell ETS Factory Installation
DialClientIPC
DialServer
DigiRecMP3
DocScan Pro version 6.1 b225
ERUNT 1.1j
FileZilla (remove only)
FileZilla Client 3.3.5.1
Freeze.com NetAssistant
GNU Privacy Guard
GnuPG For Windows
Google Chrome
Google Chrome Frame
Google Desktop
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
GoToAssist Customer 1.5.0.258
High Definition Audio Driver Package - KB835221
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB959252-v2)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
hp LaserJet 1160/1320 series
HP Software Update
Hunt Bar . Stoolbar Removal Tool [1]
Inbox Toolbar
Intel(R) Matrix Storage Manager
Java 2 Runtime Environment, SE v1.4.2_18
Java Auto Updater
Java(TM) 6 Update 21
Java(TM) SE Runtime Environment 6 Update 1
Junk Mail filter update
KONICA MINOLTA magicolor 2480MF
magicolor 2480MF scan
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Professional
Microsoft Office 97, Professional Edition
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Visio IFilter 2003
Microsoft Office Visio Standard 2003
Microsoft Office Word MUI (English) 2010
Microsoft Outlook Web Access S/MIME
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 14
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft UI Engine
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox (3.6.15)
MSN Toolbar
MSN Toolbar Platform
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
NetAssistant
NetMeeting Resource Kit 3.0
NVIDIA Drivers
Octoshape add-in for Adobe Flash Player
OGA Notifier 2.0.0048.0
OpenOffice.org Installer 1.0
orion
PowerDVD 5.7
PrintScreen
Project1
QuickBooks Pro 2007
QuickBooks Product Listing Service
QuickTime
RunAlyzer
SearchAssist
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950582)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975254)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Segoe UI
SHELL (C:\Program Files\SHELL\) #5
SHELL (C:\Program Files\SHELL\) #6
SHELL (C:\Program Files\SHELL\) #7
SHELL (C:\Program Files\SHELL\) #8
Skype Toolbars
Skype™ 5.0
Smart PDF Converter 4.2.3.249
Spybot - Search & Destroy
SUPERAntiSpyware
SupportSoft Assisted Service
UltraVNC v1.0
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB968220)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955704)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
URL Assistant
Web Visuals Client
WebEx
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Photo Gallery
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Hotfix - KB833407
Windows XP Service Pack 3
WinZip 11.2
.
==== Event Viewer Messages From Past Week ========
.
3/23/2011 10:56:31 AM, error: EventLog [6004] - A driver packet received from the I/O subsystem was invalid. The data is the packet.
3/21/2011 11:44:18 AM, error: DCOM [10009] - DCOM was unable to communicate with the computer MIKES using any of the configured protocols.
3/21/2011 1:46:05 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SBRE TfFsMon TfSysMon
3/16/2011 8:41:52 PM, error: TermServDevices [1111] - Driver HP LaserJet 1022 required for printer Auto HP LaserJet 1022 on GAILSA64 is unknown. Contact the administrator to install the driver before you log in again.
3/16/2011 8:41:52 PM, error: TermServDevices [1111] - Driver HP LaserJet 1022 required for printer !!GAILSA64!HP LaserJet 1022 is unknown. Contact the administrator to install the driver before you log in again.
.
==== End Of File ===========================

Blade81

2011-03-23, 21:10

Hi

Please visit this webpage for download links, and instructions for running ComboFix tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please ensure you read this guide carefully first.

Please continue as follows:

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link (http://www.bleepingcomputer.com/forums/topic114351.html)
Remember to re-enable them afterwards.

Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New dds log.

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

JSeringer

2011-03-23, 22:52

Thank you very much. Here is the txt file

ComboFix 11-03-23.03 - Joe Seringer 03/23/2011 16:32:02.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1182 [GMT -5:00]
Running from: c:\documents and settings\Joe Seringer\My Documents\Downloads\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\docume~1\JOESER~1\LOCALS~1\Temp\SAS20A.tmp
c:\docume~1\JOESER~1\LOCALS~1\Temp\SAS20B.tmp
c:\documents and settings\Joe Seringer\Application Data\Adobe\AdobeUpdate .exe
c:\documents and settings\Joe Seringer\Application Data\Adobe\plugs
c:\documents and settings\Joe Seringer\Application Data\PriceGong
c:\documents and settings\Joe Seringer\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Joe Seringer\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Joe Seringer\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Joe Seringer\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Joe Seringer\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Joe Seringer\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Joe Seringer\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Joe Seringer\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Joe Seringer\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Joe Seringer\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Joe Seringer\Application Data\PriceGong\Data\J.xml
c:\documents and settings\Joe Seringer\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Joe Seringer\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Joe Seringer\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Joe Seringer\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Joe Seringer\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Joe Seringer\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Joe Seringer\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Joe Seringer\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Joe Seringer\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Joe Seringer\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Joe Seringer\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Joe Seringer\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Joe Seringer\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Joe Seringer\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Joe Seringer\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Joe Seringer\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Joe Seringer\Application Data\PriceGong\Data\z.xml
c:\documents and settings\Joe Seringer\g2ax_customer_downloadhelper_win32_x86.exe
c:\documents and settings\Joe Seringer\Local Settings\Application Data\{FDE65E59-80B8-4943-8DAF-67FDE97FC689}
c:\documents and settings\Joe Seringer\Local Settings\Application Data\{FDE65E59-80B8-4943-8DAF-67FDE97FC689}\chrome.manifest
c:\documents and settings\Joe Seringer\Local Settings\Application Data\{FDE65E59-80B8-4943-8DAF-67FDE97FC689}\chrome\content\_cfg.js
c:\documents and settings\Joe Seringer\Local Settings\Application Data\{FDE65E59-80B8-4943-8DAF-67FDE97FC689}\chrome\content\overlay.xul
c:\documents and settings\Joe Seringer\Local Settings\Application Data\{FDE65E59-80B8-4943-8DAF-67FDE97FC689}\install.rdf
c:\documents and settings\Joe Seringer\Local Settings\Temp\SAS20A.tmp
c:\documents and settings\Joe Seringer\Local Settings\Temp\SAS20B.tmp
c:\documents and settings\Joe Seringer\Start Menu\Programs\HDD Rescue
c:\documents and settings\Joe Seringer\System
c:\documents and settings\Joe Seringer\System\win_qs8.jqx
c:\documents and settings\TEST\Application Data\PriceGong
c:\documents and settings\TEST\Application Data\PriceGong\Data\1.xml
c:\documents and settings\TEST\Application Data\PriceGong\Data\a.xml
c:\documents and settings\TEST\Application Data\PriceGong\Data\b.xml
c:\documents and settings\TEST\Application Data\PriceGong\Data\c.xml
c:\documents and settings\TEST\Application Data\PriceGong\Data\d.xml
c:\documents and settings\TEST\Application Data\PriceGong\Data\e.xml
c:\documents and settings\TEST\Application Data\PriceGong\Data\f.xml
c:\documents and settings\TEST\Application Data\PriceGong\Data\g.xml
c:\documents and settings\TEST\Application Data\PriceGong\Data\h.xml
c:\documents and settings\TEST\Application Data\PriceGong\Data\i.xml
c:\documents and settings\TEST\Application Data\PriceGong\Data\J.xml
c:\documents and settings\TEST\Application Data\PriceGong\Data\k.xml
c:\documents and settings\TEST\Application Data\PriceGong\Data\l.xml
c:\documents and settings\TEST\Application Data\PriceGong\Data\m.xml
c:\documents and settings\TEST\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\TEST\Application Data\PriceGong\Data\n.xml
c:\documents and settings\TEST\Application Data\PriceGong\Data\o.xml
c:\documents and settings\TEST\Application Data\PriceGong\Data\p.xml
c:\documents and settings\TEST\Application Data\PriceGong\Data\q.xml
c:\documents and settings\TEST\Application Data\PriceGong\Data\r.xml
c:\documents and settings\TEST\Application Data\PriceGong\Data\s.xml
c:\documents and settings\TEST\Application Data\PriceGong\Data\t.xml
c:\documents and settings\TEST\Application Data\PriceGong\Data\u.xml
c:\documents and settings\TEST\Application Data\PriceGong\Data\v.xml
c:\documents and settings\TEST\Application Data\PriceGong\Data\w.xml
c:\documents and settings\TEST\Application Data\PriceGong\Data\x.xml
c:\documents and settings\TEST\Application Data\PriceGong\Data\y.xml
c:\documents and settings\TEST\Application Data\PriceGong\Data\z.xml
c:\documents and settings\TEST\Local Settings\Application Data\{04E176C3-3182-4C3B-9FD5-9D223204FB27}
c:\documents and settings\TEST\Local Settings\Application Data\{04E176C3-3182-4C3B-9FD5-9D223204FB27}\chrome.manifest
c:\documents and settings\TEST\Local Settings\Application Data\{04E176C3-3182-4C3B-9FD5-9D223204FB27}\chrome\content\_cfg.js
c:\documents and settings\TEST\Local Settings\Application Data\{04E176C3-3182-4C3B-9FD5-9D223204FB27}\chrome\content\overlay.xul
c:\documents and settings\TEST\Local Settings\Application Data\{04E176C3-3182-4C3B-9FD5-9D223204FB27}\install.rdf
c:\program files\Search Toolbar
c:\program files\Search Toolbar\icon.ico
c:\program files\Search Toolbar\SearchToolbar.dll
c:\program files\Search Toolbar\SearchToolbarUninstall.exe
c:\program files\Search Toolbar\SearchToolbarUpdater.exe
c:\windows\autorun2.inf
c:\windows\ff.exe
c:\windows\gc.exe
c:\windows\im.exe
c:\windows\op.exe
c:\windows\pspv.exe
c:\windows\rd.exe
c:\windows\ST6UNST.000
c:\windows\System\MSMask32.ocx
c:\windows\system32\Systems
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_RKHIT
-------\Service_RkHit
.
.
((((((((((((((((((((((((( Files Created from 2011-02-23 to 2011-03-23 )))))))))))))))))))))))))))))))
.
.
No new files created in this timespan
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-19 18:41 . 2011-02-19 18:41 1152 ----a-w- c:\windows\system32\windrv.sys
2011-01-31 23:42 . 2011-01-31 23:42 162816 ----a-w- c:\windows\system32\drivers\NETBT.SYS
2011-01-31 23:36 . 2011-01-31 23:36 12368840 ----a-w- c:\program files\malware_removal.exe
2011-01-30 08:15 . 2011-01-30 08:15 162816 ----a-w- c:\windows\system32\drivers\vqijoumk.sys
2011-01-29 07:36 . 2011-01-29 06:36 177 ----a-w- c:\documents and settings\NetworkService\Application Data\del.bat
2010-07-07 03:50 . 2010-07-07 03:50 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ECB75292-6320-4CD2-BE42-BA4BDC219155}]
2009-11-07 06:07 297808 ----a-w- c:\windows\system32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ECB75292-6320-4CD2-BE42-BA4BDC219155}"= "mscoree.dll" [2009-11-07 297808]
.
[HKEY_CLASSES_ROOT\clsid\{ecb75292-6320-4cd2-be42-ba4bdc219155}]
[HKEY_CLASSES_ROOT\Enposit.Toolband.Toolband]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{ECB75292-6320-4CD2-BE42-BA4BDC219155}"= "mscoree.dll" [2009-11-07 297808]
.
[HKEY_CLASSES_ROOT\clsid\{ecb75292-6320-4cd2-be42-ba4bdc219155}]
[HKEY_CLASSES_ROOT\Enposit.Toolband.Toolband]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-15 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-21 7204864]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-07 30192]
"StatusClient 2.6"="c:\program files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe" [2004-02-27 61440]
"TomcatStartup 2.5"="c:\program files\Hewlett-Packard\Toolbox\hpbpsttp.exe" [2004-05-20 188416]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-01-22 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"MSN Toolbar"="c:\program files\MSN Toolbar\Platform\4.0.0401.0\mswinext.exe" [2010-02-12 240992]
"Comtribute Download Manager"="c:\documents and settings\All Users\Application Data\Comtribute\Comtribute.DownloadManager.exe" [2010-10-24 497640]
"jseringer.wesearch.co.il Updater"="c:\documents and settings\All Users\Application Data\Comtribute\jseringer.wesearch.co.il\Enposit.Update.exe" [2010-10-24 208872]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2010-02-28 519584]
.
c:\documents and settings\Joe Seringer\Start Menu\Programs\Startup\
Microsoft Find Fast.lnk - c:\program files\Microsoft Office\Office\FINDFAST.EXE [1997-8-1 111376]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Find Fast.lnk - c:\program files\Microsoft Office\Office\FINDFAST.EXE [1997-8-1 111376]
Microsoft Office.lnk - c:\program files\Microsoft Office2000\Office\OSA9.EXE [1999-2-17 65588]
Office Startup.lnk - c:\program files\Microsoft Office\Office\OSA.EXE [1997-8-1 51984]
QuickBooks Update Agent.lnk.disabled [2008-1-5 2109]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-4-28 415072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"PromptOnSecureDesktop"= 0 (0x0)
"EnableVirtualization"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist Express Customer]
2010-12-15 16:57 147832 ----a-w- c:\program files\Citrix\GoToAssist Express Customer\258\g2ax_winlogon.dll
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"FixCleaner"=c:\program files\FixCleaner\FixCleaner.exe -boot
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\UltraVNC\\vncviewer.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2007\\QBDBMgrN.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\Program Files\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe"=
"c:\\Documents and Settings\\Joe Seringer\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\kdx\\khost.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R2 ASFIPmon;Broadcom ASF IP Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [3/17/2006 5:25 PM 65536]
R2 RDIConverterPrintHelper;RDI Document Conversion Helper;c:\program files\Common Files\ICWM\Printer\RDIConverterService.exe [10/1/2008 4:13 PM 64888]
S0 TfFsMon;TfFsMon; [x]
S0 TfSysMon;TfSysMon; [x]
S1 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/10/2009 2:33 PM 135664]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [5/10/2007 6:52 AM 30192]
S3 GoToAssist Express Customer;GoToAssist Express Customer;c:\program files\Citrix\GoToAssist Express Customer\258\g2ax_service.exe [12/15/2010 11:57 AM 161144]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 10:37 PM 4640000]
S3 TfNetMon;TfNetMon; [x]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [8/5/2010 2:08 PM 100496]
S3 VBoxNetFlt;VBoxNetFlt Service; [x]
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-23 c:\windows\Tasks\02-18-2011_153933.job
- c:\program files\Spyware Cease 2011\SpywareCease2011.exe [2011-02-18 23:37]
.
2011-03-23 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-05-11 22:03]
.
2011-03-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-10 19:33]
.
2011-03-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-10 19:33]
.
2011-03-23 c:\windows\Tasks\User_Feed_Synchronization-{A9C01474-AD2A-4BF9-9D1C-C4C6A5ED00BA}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 09:31]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://google.com/
mStart Page = hxxp://jseringer.wesearch.co.il
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
Trusted Zone: mail
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
FF - ProfilePath - c:\documents and settings\Joe Seringer\Application Data\Mozilla\Firefox\Profiles\kodwsnpb.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.inbox.com/homepage.aspx?tbid=80114&lng=en
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4d60046b&v=6.011.025.001&i=26&tp=ab&iy=&ychte=us&lng=en-US&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Inbox Toolbar: inboxcomtoolbar@inbox.com - %profile%\extensions\inboxcomtoolbar@inbox.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: AddThis: {3e0e7d2a-070f-4a47-b019-91fe5385ba79} - %profile%\extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: orion Toolbar: toolbar@jseringer.wesearch.co.il.com - c:\documents and settings\All Users\Application Data\Comtribute\jseringer.wesearch.co.il\Firefox
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
URLSearchHooks-{E38FA08E-F56A-4169-ABF5-5C71E3C153A1} - (no file)
URLSearchHooks-{f5046a39-68f3-4732-995f-eb2ea26d93fb} - (no file)
Toolbar-Locked - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{F5046A39-68F3-4732-995F-EB2EA26D93FB} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKLM-Run-SNM - c:\program files\SpyNoMore\SNM.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-23 16:41
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\docume~1\JOESER~1\LOCALS~1\Temp\RES10.tmp 1220 bytes
c:\docume~1\JOESER~1\LOCALS~1\Temp\11ny7tvb.0.cs 25790 bytes
c:\docume~1\JOESER~1\LOCALS~1\Temp\11ny7tvb.cmdline 511 bytes
c:\docume~1\JOESER~1\LOCALS~1\Temp\11ny7tvb.dll 0 bytes
c:\docume~1\JOESER~1\LOCALS~1\Temp\11ny7tvb.err 0 bytes
c:\docume~1\JOESER~1\LOCALS~1\Temp\11ny7tvb.out 594 bytes
c:\docume~1\JOESER~1\LOCALS~1\Temp\11ny7tvb.tmp 0 bytes
c:\docume~1\JOESER~1\LOCALS~1\Temp\CSCF.tmp 652 bytes
.
scan completed successfully
hidden files: 8
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(788)
c:\program files\Citrix\GoToAssist Express Customer\258\g2ax_winlogon.dll
.
- - - - - - - > 'explorer.exe'(2900)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\wscntfy.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
c:\documents and settings\All Users\Application Data\Comtribute\jseringer.wesearch.co.il\Enposit.Services.exe
.
**************************************************************************
.
Completion time: 2011-03-23 16:45:14 - machine was rebooted
ComboFix-quarantined-files.txt 2011-03-23 21:45
.
Pre-Run: 38,152,613,888 bytes free
Post-Run: 38,143,758,336 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn
[spybotsd]
timeout.old=30
.
- - End Of File - - E55884B8F8B849ACD83D09622FCE7B5C

Blade81

2011-03-24, 07:24

Hi,

Update MBAM and run a full scan with it. Post back the report + fresh dds.txt contents.

JSeringer

2011-03-24, 14:59

Thank you.

Here are the logs post the mbam run:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6151

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

3/24/2011 8:48:46 AM
mbam-log-2011-03-24 (08-48-46).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 259847
Time elapsed: 37 minute(s), 48 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\system volume information\_restore{46de8921-1d39-44d2-a9e9-64119261f211}\RP1612\A0140554.sys (Trojan.Agent) -> Quarantined and deleted successfully.

_______________________________________________________________
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 5/11/2007 3:51:28 PM
System Uptime: 3/23/2011 4:39:31 PM (16 hours ago)
.
Motherboard: Dell Inc. | | 0DN075
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | Microprocessor | 2992/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 74 GiB total, 35.626 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 186 GiB total, 176.784 GiB free.
H: is NetworkDisk (NTFS) - 533 GiB total, 501.216 GiB free.
J: is NetworkDisk (NTFS) - 533 GiB total, 501.216 GiB free.
P: is NetworkDisk (NTFS) - 533 GiB total, 501.216 GiB free.
U: is NetworkDisk (NTFS) - 533 GiB total, 501.216 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1527: 1/4/2011 5:01:26 PM - System Checkpoint
RP1528: 1/5/2011 5:10:31 PM - System Checkpoint
RP1529: 1/6/2011 11:10:15 AM - Configured Microsoft Office Home and Student 2010
RP1530: 1/7/2011 9:21:12 AM - Configured Microsoft Office Home and Student 2010
RP1531: 1/8/2011 12:19:51 PM - System Checkpoint
RP1532: 1/10/2011 7:41:18 PM - System Checkpoint
RP1533: 1/12/2011 12:17:15 PM - System Checkpoint
RP1534: 1/13/2011 12:29:08 PM - System Checkpoint
RP1535: 1/14/2011 8:52:46 AM - Configured Microsoft Office Home and Student 2010
RP1536: 1/15/2011 9:29:07 AM - System Checkpoint
RP1537: 1/15/2011 11:28:16 AM - Configured Microsoft Office Home and Student 2010
RP1538: 1/16/2011 11:29:07 AM - System Checkpoint
RP1539: 1/17/2011 11:32:14 AM - System Checkpoint
RP1540: 1/18/2011 12:19:22 PM - System Checkpoint
RP1541: 1/19/2011 12:29:08 PM - System Checkpoint
RP1542: 1/20/2011 1:07:24 PM - System Checkpoint
RP1543: 1/21/2011 1:38:31 PM - System Checkpoint
RP1544: 1/22/2011 10:36:00 PM - System Checkpoint
RP1545: 1/24/2011 12:01:34 PM - System Checkpoint
RP1546: 1/25/2011 12:34:05 PM - System Checkpoint
RP1547: 1/26/2011 4:37:37 PM - System Checkpoint
RP1548: 1/27/2011 1:55:46 PM - Configured Microsoft Office Home and Student 2010
RP1549: 1/28/2011 3:12:59 PM - System Checkpoint
RP1550: 1/28/2011 4:14:57 PM - Configured Microsoft Office Home and Student 2010
RP1551: 1/28/2011 4:15:24 PM - Configured Microsoft Office Home and Student 2010
RP1552: 1/29/2011 4:36:30 PM - System Checkpoint
RP1553: 1/30/2011 5:36:29 PM - System Checkpoint
RP1554: 1/31/2011 8:50:49 AM - Removed iTunes
RP1555: 1/31/2011 10:24:17 AM - Configured Microsoft Office Home and Student 2010
RP1556: 2/1/2011 9:35:10 AM - Configured Microsoft Office Home and Student 2010
RP1557: 2/2/2011 10:27:05 AM - Installed HP Software Update
RP1558: 2/3/2011 11:02:39 AM - System Checkpoint
RP1559: 2/4/2011 5:26:41 PM - System Checkpoint
RP1560: 2/7/2011 7:32:48 AM - System Checkpoint
RP1561: 2/8/2011 9:19:20 AM - System Checkpoint
RP1562: 2/9/2011 9:07:24 AM - Configured Microsoft Office Home and Student 2010
RP1563: 2/10/2011 11:50:29 AM - System Checkpoint
RP1564: 2/10/2011 5:50:05 PM - Configured Microsoft Office Home and Student 2010
RP1565: 2/10/2011 5:50:29 PM - Configured Microsoft Office Home and Student 2010
RP1566: 2/12/2011 9:12:24 AM - System Checkpoint
RP1567: 2/13/2011 9:48:52 AM - System Checkpoint
RP1568: 2/14/2011 12:05:22 PM - System Checkpoint
RP1569: 2/14/2011 2:45:37 PM - Installed Windows Media Player 11
RP1570: 2/14/2011 2:47:35 PM - Installed Windows XP MSCompPackV1.
RP1571: 2/15/2011 12:40:24 PM - Configured Microsoft Office Home and Student 2010
RP1572: 2/16/2011 11:02:10 AM - Configured Microsoft Office Home and Student 2010
RP1573: 2/17/2011 11:45:01 AM - System Checkpoint
RP1574: 2/17/2011 12:44:01 PM - Configured Microsoft Office Home and Student 2010
RP1575: 2/18/2011 10:24:27 AM - Configured Microsoft Office Home and Student 2010
RP1576: 2/19/2011 11:10:39 AM - System Checkpoint
RP1577: 2/20/2011 12:09:41 PM - System Checkpoint
RP1578: 2/21/2011 12:10:42 PM - System Checkpoint
RP1579: 2/22/2011 3:37:04 PM - System Checkpoint
RP1580: 2/23/2011 2:35:44 PM - Configured Microsoft Office Home and Student 2010
RP1581: 2/24/2011 8:24:12 AM - Configured Microsoft Office Home and Student 2010
RP1582: 2/24/2011 8:24:54 AM - Configured Microsoft Office Home and Student 2010
RP1583: 2/24/2011 9:02:46 AM - Configured Microsoft Office Home and Student 2010
RP1584: 2/24/2011 9:56:45 AM - Configured Microsoft Office Home and Student 2010
RP1585: 2/24/2011 3:47:55 PM - Configured Microsoft Office Home and Student 2010
RP1586: 2/25/2011 10:44:22 AM - Configured Microsoft Office Home and Student 2010
RP1587: 2/26/2011 11:21:15 AM - System Checkpoint
RP1588: 2/27/2011 11:35:33 AM - System Checkpoint
RP1589: 2/28/2011 11:44:24 AM - System Checkpoint
RP1590: 3/1/2011 11:53:54 AM - System Checkpoint
RP1591: 3/2/2011 12:35:33 PM - System Checkpoint
RP1592: 3/3/2011 1:35:33 PM - System Checkpoint
RP1593: 3/4/2011 5:04:47 PM - System Checkpoint
RP1594: 3/7/2011 11:47:46 AM - System Checkpoint
RP1595: 3/8/2011 2:23:10 PM - System Checkpoint
RP1596: 3/9/2011 2:29:12 PM - System Checkpoint
RP1597: 3/10/2011 3:29:12 PM - System Checkpoint
RP1598: 3/11/2011 4:01:54 PM - System Checkpoint
RP1599: 3/12/2011 4:29:13 PM - System Checkpoint
RP1600: 3/13/2011 6:29:13 PM - System Checkpoint
RP1601: 3/14/2011 8:05:21 PM - System Checkpoint
RP1602: 3/15/2011 8:09:05 PM - System Checkpoint
RP1603: 3/16/2011 10:45:17 AM - Configured Microsoft Office Home and Student 2010
RP1604: 3/17/2011 9:41:10 AM - Configured Microsoft Office Home and Student 2010
RP1605: 3/18/2011 12:09:58 PM - System Checkpoint
RP1606: 2/18/2011 3:43:15 PM - Installed Windows XP KB959252-v2.
RP1607: 2/18/2011 3:44:11 PM - Installed Windows XP KB953155.
RP1608: 2/18/2011 3:50:42 PM - Installed Windows XP KB953155.
RP1609: 2/18/2011 3:51:21 PM - Installed Windows XP KB955704.
RP1610: 2/18/2011 3:51:46 PM - Installed Windows XP KB950582.
RP1611: 2/18/2011 3:52:03 PM - Installed Windows XP KB833407.
RP1612: 2/18/2011 3:52:26 PM - Installed Windows XP KB975254.
RP1613: 2/19/2011 10:56:54 AM - Installed CounterSpy.
RP1614: 2/19/2011 11:44:43 AM - Installed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
RP1615: 2/19/2011 11:44:55 AM - Installed AVG 2011
RP1616: 2/19/2011 11:55:33 AM - Installed AVG 2011
RP1617: 2/19/2011 12:36:35 PM - Installed FixCleaner
RP1618: 3/21/2011 12:08:48 PM - Removed CounterSpy.
RP1619: 3/21/2011 1:47:25 PM - Removed FixCleaner
RP1620: 3/22/2011 2:59:21 PM - System Checkpoint
RP1621: 3/23/2011 4:15:57 PM - Removed AVG 2011
RP1622: 3/23/2011 4:16:41 PM - Removed AVG 2011
.
==== Installed Programs ======================
.
Acrobat.com
Active Audio Record 2.0
Adobe Acrobat 5.0
Adobe AIR
Adobe ConnectNow Add-in
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.2.6
AVG Anti-Rootkit Free
Batch DOCX to DOC Converter 2010
Broadcom Advanced Control Suite
Broadcom ASF Management Applications
CAT DLLs
Citrix Presentation Server Client
Clip Art Collection
Compatibility Pack for the 2007 Office system
Comtribute Download Manager
Critical Update for Windows Media Player 11 (KB959772)
Dell ETS Factory Installation
DialClientIPC
DialServer
DigiRecMP3
DocScan Pro version 6.1 b225
ERUNT 1.1j
FileZilla (remove only)
FileZilla Client 3.3.5.1
Freeze.com NetAssistant
GNU Privacy Guard
GnuPG For Windows
Google Chrome
Google Chrome Frame
Google Desktop
Google Earth
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
GoToAssist Customer 1.5.0.258
High Definition Audio Driver Package - KB835221
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB959252-v2)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
hp LaserJet 1160/1320 series
HP Software Update
Hunt Bar . Stoolbar Removal Tool [1]
Inbox Toolbar
Intel(R) Matrix Storage Manager
Java 2 Runtime Environment, SE v1.4.2_18
Java Auto Updater
Java(TM) 6 Update 21
Java(TM) SE Runtime Environment 6 Update 1
Junk Mail filter update
KONICA MINOLTA magicolor 2480MF
magicolor 2480MF scan
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Professional
Microsoft Office 97, Professional Edition
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Home and Student 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Visio IFilter 2003
Microsoft Office Visio Standard 2003
Microsoft Office Word MUI (English) 2010
Microsoft Outlook Web Access S/MIME
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 14
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft UI Engine
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox (3.6.15)
MSN Toolbar
MSN Toolbar Platform
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
NetAssistant
NetMeeting Resource Kit 3.0
NVIDIA Drivers
Octoshape add-in for Adobe Flash Player
OGA Notifier 2.0.0048.0
OpenOffice.org Installer 1.0
orion
PowerDVD 5.7
PrintScreen
Project1
QuickBooks Pro 2007
QuickBooks Product Listing Service
QuickTime
RunAlyzer
SearchAssist
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 8 (KB2183461)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB917734)
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950582)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975254)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Segoe UI
SHELL (C:\Program Files\SHELL\) #5
SHELL (C:\Program Files\SHELL\) #6
SHELL (C:\Program Files\SHELL\) #7
SHELL (C:\Program Files\SHELL\) #8
Skype Toolbars
Skype™ 5.0
Smart PDF Converter 4.2.3.249
Spybot - Search & Destroy
SupportSoft Assisted Service
UltraVNC v1.0
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB968220)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows Internet Explorer 8 (KB980182)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955704)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
URL Assistant
Web Visuals Client
WebEx
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Mail
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Photo Gallery
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Hotfix - KB833407
Windows XP Service Pack 3
WinZip 11.2
.
==== Event Viewer Messages From Past Week ========
.
3/23/2011 10:56:31 AM, error: EventLog [6004] - A driver packet received from the I/O subsystem was invalid. The data is the packet.
3/23/2011 10:35:12 AM, error: DCOM [10009] - DCOM was unable to communicate with the computer MIKES using any of the configured protocols.
3/21/2011 1:46:05 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: SBRE TfFsMon TfSysMon
.
==== End Of File ===========================

Blade81

2011-03-24, 15:08

Hi,

That's attach.txt part of DDS you posted there :) Could you post dds.txt part, please?

JSeringer

2011-03-24, 15:48

Sorry - Here's the DDS.txt. It appears that the infection has been removed. The problem orginally manifested itself in an inability to access http:/mail/exchange. do I need to reinstall Outlook Web Access

thanks

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Joe Seringer at 9:45:52.90 on Thu 03/24/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1245 [GMT -5:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\ICWM\Printer\RDIConverterService.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\MSN Toolbar\Platform\4.0.0401.0\mswinext.exe
C:\Documents and Settings\All Users\Application Data\Comtribute\jseringer.wesearch.co.il\Enposit.Update.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Joe Seringer\Local Settings\Temporary Internet Files\Content.IE5\2Z6GCVRG\dds[1].scr
.
============== Pseudo HJT Report ===============
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://google.com/
mStart Page = hxxp://jseringer.wesearch.co.il
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: N/A: {d3d233d5-9f6d-436c-b6c7-e63f77503b30} - c:\progra~1\inboxt~1\Inbox.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.6209.1142\swg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\4.0.0401.0\npwinext.dll
BHO: : {d3d233d5-9f6d-436c-b6c7-e63f77503b30} - c:\progra~1\inboxt~1\Inbox.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: orion : {ecb75292-6320-4cd2-be42-ba4bdc219155} - mscoree.dll
TB: &Inbox Toolbar: {d7e97865-918f-41e4-9cd0-25ab1c574ce8} - c:\progra~1\inboxt~1\Inbox.dll
TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\4.0.0401.0\npwinext.dll
TB: orion : {ecb75292-6320-4cd2-be42-ba4bdc219155} - mscoree.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\Iaanotif.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [StatusClient 2.6] c:\program files\hewlett-packard\toolbox\statusclient\StatusClient.exe /auto
mRun: [TomcatStartup 2.5] c:\program files\hewlett-packard\toolbox\hpbpsttp.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [MSN Toolbar] "c:\program files\msn toolbar\platform\4.0.0401.0\mswinext.exe"
mRun: [Comtribute Download Manager] "c:\documents and settings\all users\application data\comtribute\Comtribute.DownloadManager.exe" /checkupdate
mRun: [jseringer.wesearch.co.il Updater] c:\documents and settings\all users\application data\comtribute\jseringer.wesearch.co.il\Enposit.Update.exe
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\joeser~1\startm~1\programs\startup\micros~2.lnk - c:\program files\microsoft office\office\FINDFAST.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~2.lnk - c:\program files\microsoft office\office\FINDFAST.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office2000\office\OSA9.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\office~1.lnk - c:\program files\microsoft office\office\OSA.EXE
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\QuickBooks Update Agent.lnk.disabled
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
mPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: EnableVirtualization = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: mail
DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} - hxxp://gethelp.bankofamerica.com/sdccommon/download/tgctlsr.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {41564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab
DPF: {61F38134-94CB-491C-AECA-37B387E73C23} - hxxps://vge.on.webvisuals.net/confmgr/mount/12418/branding/installs/ICWMInstall.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {8BBDC81D-81B3-49EE-87E8-47B7A707FAE8} - hxxps://www1.gotomeeting.com/default/applets/g2mdlax.cab
DPF: {A7ECD556-D6F6-4F41-8C6B-14AB246801A0} - hxxps://contentdelivery.verizon.com/webapps/bsgdirect/kdx/kdx.cab
DPF: {A93B47FD-9BF6-4DA8-97FC-9270B9D64A6C} - hxxp://192.168.0.99/plugin/h263ctrl.cab
DPF: {CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://freetrial.webex.com/client/T27LC/webex/ieatgpc.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - c:\program files\google\chrome frame\application\10.0.648.151\npchrome_frame.dll
Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - c:\progra~1\inboxt~1\Inbox.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: x-excid - {9D6CC632-1337-4a33-9214-2DA092E776F4} - c:\windows\downloaded program files\mimectl.dll
Notify: GoToAssist Express Customer - c:\program files\citrix\gotoassist express customer\258\g2ax_winlogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\joeser~1\applic~1\mozilla\firefox\profiles\kodwsnpb.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.inbox.com/homepage.aspx?tbid=80114&lng=en
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4d60046b&v=6.011.025.001&i=26&tp=ab&iy=&ychte=us&lng=en-US&q=
FF - component: c:\documents and settings\all users\application data\comtribute\jseringer.wesearch.co.il\firefox\components\Enposit.Firefox.Toolband2.dll
FF - component: c:\documents and settings\joe seringer\application data\mozilla\firefox\profiles\kodwsnpb.default\extensions\inboxcomtoolbar@inbox.com\components\plugins.dll
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Inbox Toolbar: inboxcomtoolbar@inbox.com - %profile%\extensions\inboxcomtoolbar@inbox.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: AddThis: {3e0e7d2a-070f-4a47-b019-91fe5385ba79} - %profile%\extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: orion Toolbar: toolbar@jseringer.wesearch.co.il.com - c:\documents and settings\all users\application data\comtribute\jseringer.wesearch.co.il\Firefox
.
============= SERVICES / DRIVERS ===============
.
R0 AVG Anti-Rootkit;AVG Anti-Rootkit;c:\windows\system32\drivers\avgarkt.sys [2007-1-31 5632]
R1 AvgArCln;Avg Anti-Rootkit Clean Driver;c:\windows\system32\drivers\AvgArCln.sys [2011-2-19 3968]
R2 ASFIPmon;Broadcom ASF IP Monitor;c:\program files\broadcom\asfipmon\AsfIpMon.exe [2006-3-17 65536]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2010-11-17 54760]
R2 RDIConverterPrintHelper;RDI Document Conversion Helper;c:\program files\common files\icwm\printer\RDIConverterService.exe [2008-10-1 64888]
S0 TfFsMon;TfFsMon; [x]
S0 TfSysMon;TfSysMon; [x]
S1 SBRE;SBRE;\??\c:\windows\system32\drivers\sbredrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-10 135664]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-5-10 30192]
S3 GoToAssist Express Customer;GoToAssist Express Customer;c:\program files\citrix\gotoassist express customer\258\g2ax_service.exe [2010-12-15 161144]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 RkHit;RkHit;\??\c:\windows\system32\drivers\rkhit.sys --> c:\windows\system32\drivers\RKHit.sys [?]
S3 TfNetMon;TfNetMon; [x]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [2010-8-5 100496]
S3 VBoxNetFlt;VBoxNetFlt Service; [x]
.
=============== Created Last 30 ================
.
2011-03-23 21:31:04 -------- d-sha-r- C:\cmdcons
2011-03-23 21:29:35 98816 ----a-w- c:\windows\sed.exe
2011-03-23 21:29:35 89088 ----a-w- c:\windows\MBR.exe
2011-03-23 21:29:35 256512 ----a-w- c:\windows\PEV.exe
2011-03-23 21:29:35 161792 ----a-w- c:\windows\SWREG.exe
2011-03-22 14:31:41 -------- d-----w- c:\windows\pss
.
==================== Find3M ====================
.
2011-02-19 18:41:11 1152 ----a-w- c:\windows\system32\windrv.sys
2011-02-07 12:53:44 0 ----a-w- c:\windows\Tvulecabafojoce.bin
2011-01-31 23:36:46 12368840 ----a-w- c:\program files\malware_removal.exe
.
============= FINISH: 9:46:53.25 ===============

Blade81

2011-03-24, 15:59

Hi again,

Let's see some further steps even if symptoms seem to have disappeared.

Open notepad and copy/paste the text in the quotebox below into it:

DDS::
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
File::
c:\windows\Tvulecabafojoce.bin
FileLook::
c:\program files\malware_removal.exe

Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

http://img.photobucket.com/albums/v666/sUBs/CFScriptB-4.gif

Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.

Uninstall old Adobe Reader versions and get the latest one ((Adobe Reader X + 10.0.1 update for it)) here (http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows) or get Foxit Reader here (http://www.foxitsoftware.com/pdf/reader_2/down_reader.htm). Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here (http://pdfreaders.org/).

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

Updating Java:

Download the latest version of Java Runtime Environment (JRE) 6 Update 24 (http://java.sun.com/javase/downloads/index.jsp).
Click the
Download
button to the right.
Select Windows on platform combobox and check the box that says:
Accept License Agreement. Click continue.

The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u24-windows-i586-p.exe to install the newest version. Uncheck Carbonite online backup trial if it's offered there.

Adobe Acrobat 5.0 is not supported anymore either so it's recommended to uninstall it.

* Go here (http://www.eset.eu/online-scanner) to run an online scanner from ESET.
Note: You will need to use Internet explorer for this scan
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Click Start
Make sure that the option Remove found threats is not checked.
Click Scan
Wait for the scan to finish.

Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.

JSeringer

2011-03-24, 16:52

Thanks, Here is the new Combo log file:

ComboFix 11-03-23.06 - Joe Seringer 03/24/2011 10:40:08.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1530 [GMT -5:00]
Running from: c:\documents and settings\Joe Seringer\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Joe Seringer\Desktop\CFScript.txt
.
FILE ::
"c:\windows\Tvulecabafojoce.bin"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\Tvulecabafojoce.bin
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_RkHit
.
.
((((((((((((((((((((((((( Files Created from 2011-02-24 to 2011-03-24 )))))))))))))))))))))))))))))))
.
.
No new files created in this timespan
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-19 18:41 . 2011-02-19 18:41 1152 ----a-w- c:\windows\system32\windrv.sys
2011-01-31 23:42 . 2011-01-31 23:42 162816 ----a-w- c:\windows\system32\drivers\NETBT.SYS
2011-01-31 23:36 . 2011-01-31 23:36 12368840 ----a-w- c:\program files\malware_removal.exe
2011-01-30 08:15 . 2011-01-30 08:15 162816 ----a-w- c:\windows\system32\drivers\vqijoumk.sys
2011-01-29 07:36 . 2011-01-29 06:36 177 ----a-w- c:\documents and settings\NetworkService\Application Data\del.bat
2010-07-07 03:50 . 2010-07-07 03:50 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
--- c:\program files\malware_removal.exe ---
Company: Microsoft Corporation
File Description: Microsoft Windows Malicious Software Removal Tool (KB890830) - Setup Self-Extracting Cabinet
File Version: 3.15.4500.0
Product Name: Microsoft Windows Malicious Software Removal Tool
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: Windows-KB890830-V3.15.exe
File size: 12368840
Created time: 2011-01-31 23:36
Modified time: 2011-01-31 23:36
MD5: A57A70DD56A7AA394156E320E0BA05C0
SHA1: F347755E391F6AB98891CFE83AA0012146371066
.
.
((((((((((((((((((((((((((((( SnapShot@2011-03-23_21.41.17 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-03-24 15:46 . 2011-03-24 15:46 16384 c:\windows\Temp\Perflib_Perfdata_768.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ECB75292-6320-4CD2-BE42-BA4BDC219155}]
2009-11-07 06:07 297808 ----a-w- c:\windows\system32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ECB75292-6320-4CD2-BE42-BA4BDC219155}"= "mscoree.dll" [2009-11-07 297808]
.
[HKEY_CLASSES_ROOT\clsid\{ecb75292-6320-4cd2-be42-ba4bdc219155}]
[HKEY_CLASSES_ROOT\Enposit.Toolband.Toolband]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{ECB75292-6320-4CD2-BE42-BA4BDC219155}"= "mscoree.dll" [2009-11-07 297808]
.
[HKEY_CLASSES_ROOT\clsid\{ecb75292-6320-4cd2-be42-ba4bdc219155}]
[HKEY_CLASSES_ROOT\Enposit.Toolband.Toolband]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-15 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-21 7204864]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-07 30192]
"StatusClient 2.6"="c:\program files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe" [2004-02-27 61440]
"TomcatStartup 2.5"="c:\program files\Hewlett-Packard\Toolbox\hpbpsttp.exe" [2004-05-20 188416]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-01-22 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"MSN Toolbar"="c:\program files\MSN Toolbar\Platform\4.0.0401.0\mswinext.exe" [2010-02-12 240992]
"Comtribute Download Manager"="c:\documents and settings\All Users\Application Data\Comtribute\Comtribute.DownloadManager.exe" [2010-10-24 497640]
"jseringer.wesearch.co.il Updater"="c:\documents and settings\All Users\Application Data\Comtribute\jseringer.wesearch.co.il\Enposit.Update.exe" [2010-10-24 208872]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2010-02-28 519584]
.
c:\documents and settings\Joe Seringer\Start Menu\Programs\Startup\
Microsoft Find Fast.lnk - c:\program files\Microsoft Office\Office\FINDFAST.EXE [1997-8-1 111376]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Find Fast.lnk - c:\program files\Microsoft Office\Office\FINDFAST.EXE [1997-8-1 111376]
Microsoft Office.lnk - c:\program files\Microsoft Office2000\Office\OSA9.EXE [1999-2-17 65588]
Office Startup.lnk - c:\program files\Microsoft Office\Office\OSA.EXE [1997-8-1 51984]
QuickBooks Update Agent.lnk.disabled [2008-1-5 2109]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-4-28 415072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"PromptOnSecureDesktop"= 0 (0x0)
"EnableVirtualization"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist Express Customer]
2010-12-15 16:57 147832 ----a-w- c:\program files\Citrix\GoToAssist Express Customer\258\g2ax_winlogon.dll
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"FixCleaner"=c:\program files\FixCleaner\FixCleaner.exe -boot
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\UltraVNC\\vncviewer.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2007\\QBDBMgrN.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\Program Files\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe"=
"c:\\Documents and Settings\\Joe Seringer\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\kdx\\khost.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R2 ASFIPmon;Broadcom ASF IP Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [3/17/2006 5:25 PM 65536]
R2 RDIConverterPrintHelper;RDI Document Conversion Helper;c:\program files\Common Files\ICWM\Printer\RDIConverterService.exe [10/1/2008 4:13 PM 64888]
S0 TfFsMon;TfFsMon; [x]
S0 TfSysMon;TfSysMon; [x]
S1 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/10/2009 2:33 PM 135664]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [5/10/2007 6:52 AM 30192]
S3 GoToAssist Express Customer;GoToAssist Express Customer;c:\program files\Citrix\GoToAssist Express Customer\258\g2ax_service.exe [12/15/2010 11:57 AM 161144]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 10:37 PM 4640000]
S3 TfNetMon;TfNetMon; [x]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [8/5/2010 2:08 PM 100496]
S3 VBoxNetFlt;VBoxNetFlt Service; [x]
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-24 c:\windows\Tasks\02-18-2011_153933.job
- c:\program files\Spyware Cease 2011\SpywareCease2011.exe [2011-02-18 23:37]
.
2011-03-24 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-05-11 22:03]
.
2011-03-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-10 19:33]
.
2011-03-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-10 19:33]
.
2011-03-24 c:\windows\Tasks\User_Feed_Synchronization-{A9C01474-AD2A-4BF9-9D1C-C4C6A5ED00BA}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 09:31]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://google.com/
mStart Page = hxxp://jseringer.wesearch.co.il
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
Trusted Zone: mail
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
FF - ProfilePath - c:\documents and settings\Joe Seringer\Application Data\Mozilla\Firefox\Profiles\kodwsnpb.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.inbox.com/homepage.aspx?tbid=80114&lng=en
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4d60046b&v=6.011.025.001&i=26&tp=ab&iy=&ychte=us&lng=en-US&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Inbox Toolbar: inboxcomtoolbar@inbox.com - %profile%\extensions\inboxcomtoolbar@inbox.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: AddThis: {3e0e7d2a-070f-4a47-b019-91fe5385ba79} - %profile%\extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: orion Toolbar: toolbar@jseringer.wesearch.co.il.com - c:\documents and settings\All Users\Application Data\Comtribute\jseringer.wesearch.co.il\Firefox
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-24 10:48
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(788)
c:\program files\Citrix\GoToAssist Express Customer\258\g2ax_winlogon.dll
.
- - - - - - - > 'explorer.exe'(508)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Malwarebytes' Anti-Malware\mbamext.dll
c:\program files\WinZip\wzshlstb.dll
c:\progra~1\GNU\GnuPG\GPGee.dll
c:\progra~1\SPYBOT~1\SDHelper.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wscntfy.exe
c:\program files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
c:\documents and settings\All Users\Application Data\Comtribute\jseringer.wesearch.co.il\Enposit.Services.exe
.
**************************************************************************
.
Completion time: 2011-03-24 10:52:23 - machine was rebooted
ComboFix-quarantined-files.txt 2011-03-24 15:52
ComboFix2.txt 2011-03-23 21:45
.
Pre-Run: 38,257,852,416 bytes free
Post-Run: 38,264,979,456 bytes free
.
- - End Of File - - CD556CCB2B18B2C5FC9909509CA96903

JSeringer

2011-03-24, 18:51

Here are the 3 requested files

ComboFix
ComboFix 11-03-23.06 - Joe Seringer 03/24/2011 10:40:08.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1530 [GMT -5:00]
Running from: c:\documents and settings\Joe Seringer\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Joe Seringer\Desktop\CFScript.txt
.
FILE ::
"c:\windows\Tvulecabafojoce.bin"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\Tvulecabafojoce.bin
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_RkHit
.
.
((((((((((((((((((((((((( Files Created from 2011-02-24 to 2011-03-24 )))))))))))))))))))))))))))))))
.
.
No new files created in this timespan
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-19 18:41 . 2011-02-19 18:41 1152 ----a-w- c:\windows\system32\windrv.sys
2011-01-31 23:42 . 2011-01-31 23:42 162816 ----a-w- c:\windows\system32\drivers\NETBT.SYS
2011-01-31 23:36 . 2011-01-31 23:36 12368840 ----a-w- c:\program files\malware_removal.exe
2011-01-30 08:15 . 2011-01-30 08:15 162816 ----a-w- c:\windows\system32\drivers\vqijoumk.sys
2011-01-29 07:36 . 2011-01-29 06:36 177 ----a-w- c:\documents and settings\NetworkService\Application Data\del.bat
2010-07-07 03:50 . 2010-07-07 03:50 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
--- c:\program files\malware_removal.exe ---
Company: Microsoft Corporation
File Description: Microsoft Windows Malicious Software Removal Tool (KB890830) - Setup Self-Extracting Cabinet
File Version: 3.15.4500.0
Product Name: Microsoft Windows Malicious Software Removal Tool
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: Windows-KB890830-V3.15.exe
File size: 12368840
Created time: 2011-01-31 23:36
Modified time: 2011-01-31 23:36
MD5: A57A70DD56A7AA394156E320E0BA05C0
SHA1: F347755E391F6AB98891CFE83AA0012146371066
.
.
((((((((((((((((((((((((((((( SnapShot@2011-03-23_21.41.17 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-03-24 15:46 . 2011-03-24 15:46 16384 c:\windows\Temp\Perflib_Perfdata_768.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ECB75292-6320-4CD2-BE42-BA4BDC219155}]
2009-11-07 06:07 297808 ----a-w- c:\windows\system32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ECB75292-6320-4CD2-BE42-BA4BDC219155}"= "mscoree.dll" [2009-11-07 297808]
.
[HKEY_CLASSES_ROOT\clsid\{ecb75292-6320-4cd2-be42-ba4bdc219155}]
[HKEY_CLASSES_ROOT\Enposit.Toolband.Toolband]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{ECB75292-6320-4CD2-BE42-BA4BDC219155}"= "mscoree.dll" [2009-11-07 297808]
.
[HKEY_CLASSES_ROOT\clsid\{ecb75292-6320-4cd2-be42-ba4bdc219155}]
[HKEY_CLASSES_ROOT\Enposit.Toolband.Toolband]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-15 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-21 7204864]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-07 30192]
"StatusClient 2.6"="c:\program files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe" [2004-02-27 61440]
"TomcatStartup 2.5"="c:\program files\Hewlett-Packard\Toolbox\hpbpsttp.exe" [2004-05-20 188416]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-01-22 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"MSN Toolbar"="c:\program files\MSN Toolbar\Platform\4.0.0401.0\mswinext.exe" [2010-02-12 240992]
"Comtribute Download Manager"="c:\documents and settings\All Users\Application Data\Comtribute\Comtribute.DownloadManager.exe" [2010-10-24 497640]
"jseringer.wesearch.co.il Updater"="c:\documents and settings\All Users\Application Data\Comtribute\jseringer.wesearch.co.il\Enposit.Update.exe" [2010-10-24 208872]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2010-02-28 519584]
.
c:\documents and settings\Joe Seringer\Start Menu\Programs\Startup\
Microsoft Find Fast.lnk - c:\program files\Microsoft Office\Office\FINDFAST.EXE [1997-8-1 111376]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Microsoft Find Fast.lnk - c:\program files\Microsoft Office\Office\FINDFAST.EXE [1997-8-1 111376]
Microsoft Office.lnk - c:\program files\Microsoft Office2000\Office\OSA9.EXE [1999-2-17 65588]
Office Startup.lnk - c:\program files\Microsoft Office\Office\OSA.EXE [1997-8-1 51984]
QuickBooks Update Agent.lnk.disabled [2008-1-5 2109]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-4-28 415072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"PromptOnSecureDesktop"= 0 (0x0)
"EnableVirtualization"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist Express Customer]
2010-12-15 16:57 147832 ----a-w- c:\program files\Citrix\GoToAssist Express Customer\258\g2ax_winlogon.dll
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"FixCleaner"=c:\program files\FixCleaner\FixCleaner.exe -boot
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\UltraVNC\\vncviewer.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2007\\QBDBMgrN.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\Program Files\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe"=
"c:\\Documents and Settings\\Joe Seringer\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\kdx\\khost.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R2 ASFIPmon;Broadcom ASF IP Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [3/17/2006 5:25 PM 65536]
R2 RDIConverterPrintHelper;RDI Document Conversion Helper;c:\program files\Common Files\ICWM\Printer\RDIConverterService.exe [10/1/2008 4:13 PM 64888]
S0 TfFsMon;TfFsMon; [x]
S0 TfSysMon;TfSysMon; [x]
S1 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/10/2009 2:33 PM 135664]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [5/10/2007 6:52 AM 30192]
S3 GoToAssist Express Customer;GoToAssist Express Customer;c:\program files\Citrix\GoToAssist Express Customer\258\g2ax_service.exe [12/15/2010 11:57 AM 161144]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 10:37 PM 4640000]
S3 TfNetMon;TfNetMon; [x]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [8/5/2010 2:08 PM 100496]
S3 VBoxNetFlt;VBoxNetFlt Service; [x]
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-24 c:\windows\Tasks\02-18-2011_153933.job
- c:\program files\Spyware Cease 2011\SpywareCease2011.exe [2011-02-18 23:37]
.
2011-03-24 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-05-11 22:03]
.
2011-03-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-10 19:33]
.
2011-03-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-10 19:33]
.
2011-03-24 c:\windows\Tasks\User_Feed_Synchronization-{A9C01474-AD2A-4BF9-9D1C-C4C6A5ED00BA}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 09:31]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://google.com/
mStart Page = hxxp://jseringer.wesearch.co.il
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
Trusted Zone: mail
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
FF - ProfilePath - c:\documents and settings\Joe Seringer\Application Data\Mozilla\Firefox\Profiles\kodwsnpb.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.inbox.com/homepage.aspx?tbid=80114&lng=en
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4d60046b&v=6.011.025.001&i=26&tp=ab&iy=&ychte=us&lng=en-US&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: Inbox Toolbar: - %profile%\extensions\inboxcomtoolbar@inbox.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: AddThis: {3e0e7d2a-070f-4a47-b019-91fe5385ba79} - %profile%\extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: orion Toolbar: - c:\documents and settings\All Users\Application Data\Comtribute\jseringer.wesearch.co.il\Firefox
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-24 10:48
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(788)
c:\program files\Citrix\GoToAssist Express Customer\258\g2ax_winlogon.dll
.
- - - - - - - > 'explorer.exe'(508)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\program files\Malwarebytes' Anti-Malware\mbamext.dll
c:\program files\WinZip\wzshlstb.dll
c:\progra~1\GNU\GnuPG\GPGee.dll
c:\progra~1\SPYBOT~1\SDHelper.dll
c:\program files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\wscntfy.exe
c:\program files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
c:\documents and settings\All Users\Application Data\Comtribute\jseringer.wesearch.co.il\Enposit.Services.exe
.
**************************************************************************
.
Completion time: 2011-03-24 10:52:23 - machine was rebooted
ComboFix-quarantined-files.txt 2011-03-24 15:52
ComboFix2.txt 2011-03-23 21:45
.
Pre-Run: 38,257,852,416 bytes free
Post-Run: 38,264,979,456 bytes free
.
- - End Of File - - CD556CCB2B18B2C5FC9909509CA96903

DDS:

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Joe Seringer at 12:46:01.28 on Thu 03/24/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1136 [GMT -5:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\ICWM\Printer\RDIConverterService.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\MSN Toolbar\Platform\4.0.0401.0\mswinext.exe
C:\Documents and Settings\All Users\Application Data\Comtribute\jseringer.wesearch.co.il\Enposit.Update.exe
C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Joe Seringer\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://google.com/
mStart Page = hxxp://jseringer.wesearch.co.il
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: N/A: {d3d233d5-9f6d-436c-b6c7-e63f77503b30} - c:\progra~1\inboxt~1\Inbox.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.6209.1142\swg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\4.0.0401.0\npwinext.dll
BHO: : {d3d233d5-9f6d-436c-b6c7-e63f77503b30} - c:\progra~1\inboxt~1\Inbox.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: orion : {ecb75292-6320-4cd2-be42-ba4bdc219155} - mscoree.dll
TB: &Inbox Toolbar: {d7e97865-918f-41e4-9cd0-25ab1c574ce8} - c:\progra~1\inboxt~1\Inbox.dll
TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\4.0.0401.0\npwinext.dll
TB: orion : {ecb75292-6320-4cd2-be42-ba4bdc219155} - mscoree.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\Iaanotif.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [StatusClient 2.6] c:\program files\hewlett-packard\toolbox\statusclient\StatusClient.exe /auto
mRun: [TomcatStartup 2.5] c:\program files\hewlett-packard\toolbox\hpbpsttp.exe
mRun: [MSN Toolbar] "c:\program files\msn toolbar\platform\4.0.0401.0\mswinext.exe"
mRun: [Comtribute Download Manager] "c:\documents and settings\all users\application data\comtribute\Comtribute.DownloadManager.exe" /checkupdate
mRun: [jseringer.wesearch.co.il Updater] c:\documents and settings\all users\application data\comtribute\jseringer.wesearch.co.il\Enposit.Update.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRunOnce: [Uninstall Adobe Download Manager] "c:\program files\nos\bin\getPlusUninst_Adobe.exe" /Get1noarp
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\joeser~1\startm~1\programs\startup\micros~2.lnk - c:\program files\microsoft office\office\FINDFAST.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~2.lnk - c:\program files\microsoft office\office\FINDFAST.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office2000\office\OSA9.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\office~1.lnk - c:\program files\microsoft office\office\OSA.EXE
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\QuickBooks Update Agent.lnk.disabled
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
mPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: EnableVirtualization = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: mail
DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} - hxxp://gethelp.bankofamerica.com/sdccommon/download/tgctlsr.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {41564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab
DPF: {61F38134-94CB-491C-AECA-37B387E73C23} - hxxps://vge.on.webvisuals.net/confmgr/mount/12418/branding/installs/ICWMInstall.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {8BBDC81D-81B3-49EE-87E8-47B7A707FAE8} - hxxps://www1.gotomeeting.com/default/applets/g2mdlax.cab
DPF: {A7ECD556-D6F6-4F41-8C6B-14AB246801A0} - hxxps://contentdelivery.verizon.com/webapps/bsgdirect/kdx/kdx.cab
DPF: {A93B47FD-9BF6-4DA8-97FC-9270B9D64A6C} - hxxp://192.168.0.99/plugin/h263ctrl.cab
DPF: {CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://freetrial.webex.com/client/T27LC/webex/ieatgpc.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - c:\program files\google\chrome frame\application\10.0.648.151\npchrome_frame.dll
Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - c:\progra~1\inboxt~1\Inbox.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: x-excid - {9D6CC632-1337-4a33-9214-2DA092E776F4} - c:\windows\downloaded program files\mimectl.dll
Notify: GoToAssist Express Customer - c:\program files\citrix\gotoassist express customer\258\g2ax_winlogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\joeser~1\applic~1\mozilla\firefox\profiles\kodwsnpb.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.inbox.com/homepage.aspx?tbid=80114&lng=en
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4d60046b&v=6.011.025.001&i=26&tp=ab&iy=&ychte=us&lng=en-US&q=
FF - component: c:\documents and settings\all users\application data\comtribute\jseringer.wesearch.co.il\firefox\components\Enposit.Firefox.Toolband2.dll
FF - component: c:\documents and settings\joe seringer\application data\mozilla\firefox\profiles\kodwsnpb.default\extensions\inboxcomtoolbar@inbox.com\components\plugins.dll
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\nos\bin\np_gp.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Inbox Toolbar: inboxcomtoolbar@inbox.com - %profile%\extensions\inboxcomtoolbar@inbox.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: AddThis: {3e0e7d2a-070f-4a47-b019-91fe5385ba79} - %profile%\extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: orion Toolbar: toolbar@jseringer.wesearch.co.il.com - c:\documents and settings\all users\application data\comtribute\jseringer.wesearch.co.il\Firefox
.
============= SERVICES / DRIVERS ===============
.
R0 AVG Anti-Rootkit;AVG Anti-Rootkit;c:\windows\system32\drivers\avgarkt.sys [2007-1-31 5632]
R1 AvgArCln;Avg Anti-Rootkit Clean Driver;c:\windows\system32\drivers\AvgArCln.sys [2011-2-19 3968]
R2 ASFIPmon;Broadcom ASF IP Monitor;c:\program files\broadcom\asfipmon\AsfIpMon.exe [2006-3-17 65536]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2010-11-17 54760]
R2 RDIConverterPrintHelper;RDI Document Conversion Helper;c:\program files\common files\icwm\printer\RDIConverterService.exe [2008-10-1 64888]
S0 TfFsMon;TfFsMon; [x]
S0 TfSysMon;TfSysMon; [x]
S1 SBRE;SBRE;\??\c:\windows\system32\drivers\sbredrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-10 135664]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-5-10 30192]
S3 GoToAssist Express Customer;GoToAssist Express Customer;c:\program files\citrix\gotoassist express customer\258\g2ax_service.exe [2010-12-15 161144]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2004-8-11 14336]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 TfNetMon;TfNetMon; [x]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [2010-8-5 100496]
S3 VBoxNetFlt;VBoxNetFlt Service; [x]
.
=============== Created Last 30 ================
.
2011-03-24 16:13:51 -------- d-----w- c:\program files\ESET
2011-03-24 15:59:32 -------- d-----w- c:\program files\McAfee Security Scan
2011-03-24 15:59:32 -------- d-----w- c:\docume~1\alluse~1\applic~1\McAfee Security Scan
2011-03-24 15:59:25 32592 ----a-w- c:\program files\mozilla firefox\plugins\np_gp.dll
2011-03-23 21:31:04 -------- d-sha-r- C:\cmdcons
2011-03-23 21:29:35 98816 ----a-w- c:\windows\sed.exe
2011-03-23 21:29:35 89088 ----a-w- c:\windows\MBR.exe
2011-03-23 21:29:35 256512 ----a-w- c:\windows\PEV.exe
2011-03-23 21:29:35 161792 ----a-w- c:\windows\SWREG.exe
2011-03-22 14:31:41 -------- d-----w- c:\windows\pss
.
==================== Find3M ====================
.
2011-03-24 16:07:23 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-03-24 16:07:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-19 18:41:11 1152 ----a-w- c:\windows\system32\windrv.sys
2011-01-31 23:36:46 12368840 ----a-w- c:\program files\malware_removal.exe
.
============= FINISH: 12:46:59.82 ===============

And ESET File

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Joe Seringer at 12:46:01.28 on Thu 03/24/2011
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_24
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1136 [GMT -5:00]
.
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Google\Update\1.2.183.39\GoogleCrashHandler.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\ICWM\Printer\RDIConverterService.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\MSN Toolbar\Platform\4.0.0401.0\mswinext.exe
C:\Documents and Settings\All Users\Application Data\Comtribute\jseringer.wesearch.co.il\Enposit.Update.exe
C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Joe Seringer\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://google.com/
mStart Page = hxxp://jseringer.wesearch.co.il
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: N/A: {d3d233d5-9f6d-436c-b6c7-e63f77503b30} - c:\progra~1\inboxt~1\Inbox.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.6209.1142\swg.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~2\office14\URLREDIR.DLL
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
BHO: MSN Toolbar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn toolbar\platform\4.0.0401.0\npwinext.dll
BHO: : {d3d233d5-9f6d-436c-b6c7-e63f77503b30} - c:\progra~1\inboxt~1\Inbox.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: orion : {ecb75292-6320-4cd2-be42-ba4bdc219155} - mscoree.dll
TB: &Inbox Toolbar: {d7e97865-918f-41e4-9cd0-25ab1c574ce8} - c:\progra~1\inboxt~1\Inbox.dll
TB: MSN Toolbar: {8dcb7100-df86-4384-8842-8fa844297b3f} - c:\program files\msn toolbar\platform\4.0.0401.0\npwinext.dll
TB: orion : {ecb75292-6320-4cd2-be42-ba4bdc219155} - mscoree.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\Iaanotif.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [StatusClient 2.6] c:\program files\hewlett-packard\toolbox\statusclient\StatusClient.exe /auto
mRun: [TomcatStartup 2.5] c:\program files\hewlett-packard\toolbox\hpbpsttp.exe
mRun: [MSN Toolbar] "c:\program files\msn toolbar\platform\4.0.0401.0\mswinext.exe"
mRun: [Comtribute Download Manager] "c:\documents and settings\all users\application data\comtribute\Comtribute.DownloadManager.exe" /checkupdate
mRun: [jseringer.wesearch.co.il Updater] c:\documents and settings\all users\application data\comtribute\jseringer.wesearch.co.il\Enposit.Update.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 10.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRunOnce: [Uninstall Adobe Download Manager] "c:\program files\nos\bin\getPlusUninst_Adobe.exe" /Get1noarp
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\joeser~1\startm~1\programs\startup\micros~2.lnk - c:\program files\microsoft office\office\FINDFAST.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~2.lnk - c:\program files\microsoft office\office\FINDFAST.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office2000\office\OSA9.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\office~1.lnk - c:\program files\microsoft office\office\OSA.EXE
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\QuickBooks Update Agent.lnk.disabled
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
mPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: EnableVirtualization = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: mail
DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} - hxxp://gethelp.bankofamerica.com/sdccommon/download/tgctlsr.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {41564D57-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6770.cab
DPF: {61F38134-94CB-491C-AECA-37B387E73C23} - hxxps://vge.on.webvisuals.net/confmgr/mount/12418/branding/installs/ICWMInstall.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {8BBDC81D-81B3-49EE-87E8-47B7A707FAE8} - hxxps://www1.gotomeeting.com/default/applets/g2mdlax.cab
DPF: {A7ECD556-D6F6-4F41-8C6B-14AB246801A0} - hxxps://contentdelivery.verizon.com/webapps/bsgdirect/kdx/kdx.cab
DPF: {A93B47FD-9BF6-4DA8-97FC-9270B9D64A6C} - hxxp://192.168.0.99/plugin/h263ctrl.cab
DPF: {CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://freetrial.webex.com/client/T27LC/webex/ieatgpc.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - c:\program files\google\chrome frame\application\10.0.648.151\npchrome_frame.dll
Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - c:\progra~1\inboxt~1\Inbox.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: x-excid - {9D6CC632-1337-4a33-9214-2DA092E776F4} - c:\windows\downloaded program files\mimectl.dll
Notify: GoToAssist Express Customer - c:\program files\citrix\gotoassist express customer\258\g2ax_winlogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\docume~1\joeser~1\applic~1\mozilla\firefox\profiles\kodwsnpb.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.inbox.com/homepage.aspx?tbid=80114&lng=en
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4d60046b&v=6.011.025.001&i=26&tp=ab&iy=&ychte=us&lng=en-US&q=
FF - component: c:\documents and settings\all users\application data\comtribute\jseringer.wesearch.co.il\firefox\components\Enposit.Firefox.Toolband2.dll
FF - component: c:\documents and settings\joe seringer\application data\mozilla\firefox\profiles\kodwsnpb.default\extensions\inboxcomtoolbar@inbox.com\components\plugins.dll
FF - plugin: c:\progra~1\micros~2\office14\NPAUTHZ.DLL
FF - plugin: c:\progra~1\micros~2\office14\NPSPWRAP.DLL
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\nos\bin\np_gp.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Inbox Toolbar: inboxcomtoolbar@inbox.com - %profile%\extensions\inboxcomtoolbar@inbox.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: AddThis: {3e0e7d2a-070f-4a47-b019-91fe5385ba79} - %profile%\extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: orion Toolbar: toolbar@jseringer.wesearch.co.il.com - c:\documents and settings\all users\application data\comtribute\jseringer.wesearch.co.il\Firefox
.
============= SERVICES / DRIVERS ===============
.
R0 AVG Anti-Rootkit;AVG Anti-Rootkit;c:\windows\system32\drivers\avgarkt.sys [2007-1-31 5632]
R1 AvgArCln;Avg Anti-Rootkit Clean Driver;c:\windows\system32\drivers\AvgArCln.sys [2011-2-19 3968]
R2 ASFIPmon;Broadcom ASF IP Monitor;c:\program files\broadcom\asfipmon\AsfIpMon.exe [2006-3-17 65536]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2010-11-17 54760]
R2 RDIConverterPrintHelper;RDI Document Conversion Helper;c:\program files\common files\icwm\printer\RDIConverterService.exe [2008-10-1 64888]
S0 TfFsMon;TfFsMon; [x]
S0 TfSysMon;TfSysMon; [x]
S1 SBRE;SBRE;\??\c:\windows\system32\drivers\sbredrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2009-12-10 135664]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2007-5-10 30192]
S3 GoToAssist Express Customer;GoToAssist Express Customer;c:\program files\citrix\gotoassist express customer\258\g2ax_service.exe [2010-12-15 161144]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2004-8-11 14336]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 TfNetMon;TfNetMon; [x]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [2010-8-5 100496]
S3 VBoxNetFlt;VBoxNetFlt Service; [x]
.
=============== Created Last 30 ================
.
2011-03-24 16:13:51 -------- d-----w- c:\program files\ESET
2011-03-24 15:59:32 -------- d-----w- c:\program files\McAfee Security Scan
2011-03-24 15:59:32 -------- d-----w- c:\docume~1\alluse~1\applic~1\McAfee Security Scan
2011-03-24 15:59:25 32592 ----a-w- c:\program files\mozilla firefox\plugins\np_gp.dll
2011-03-23 21:31:04 -------- d-sha-r- C:\cmdcons
2011-03-23 21:29:35 98816 ----a-w- c:\windows\sed.exe
2011-03-23 21:29:35 89088 ----a-w- c:\windows\MBR.exe
2011-03-23 21:29:35 256512 ----a-w- c:\windows\PEV.exe
2011-03-23 21:29:35 161792 ----a-w- c:\windows\SWREG.exe
2011-03-22 14:31:41 -------- d-----w- c:\windows\pss
.
==================== Find3M ====================
.
2011-03-24 16:07:23 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-03-24 16:07:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-19 18:41:11 1152 ----a-w- c:\windows\system32\windrv.sys
2011-01-31 23:36:46 12368840 ----a-w- c:\program files\malware_removal.exe
.
============= FINISH: 12:46:59.82 ===============
Thanks

Blade81

2011-03-24, 20:57

Hi,

Let's run ComboFix with the following script:

http://forums.spybot.info/showthread.php?p=398694#post398694
Suspect::[76]
c:\windows\system32\drivers\vqijoumk.sys

Post back the report.

JSeringer

2011-03-24, 21:30

OK, here's the file after running ComboFix again:

ComboFix 11-03-24.01 - Joe Seringer 03/24/2011 15:15:44.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1526 [GMT -5:00]
Running from: c:\documents and settings\Joe Seringer\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Joe Seringer\Desktop\CFScript.txt
.
file zipped: c:\windows\system32\drivers\vqijoumk.sys
.
.
((((((((((((((((((((((((( Files Created from 2011-02-24 to 2011-03-24 )))))))))))))))))))))))))))))))
.
.
2011-03-24 16:13 . 2011-03-24 16:13 -------- d-----w- c:\program files\ESET
2011-03-24 16:00 . 2011-03-24 16:00 -------- d-----w- c:\program files\Common Files\Adobe AIR
2011-03-24 15:59 . 2011-03-24 15:59 -------- d-----w- c:\program files\McAfee Security Scan
2011-03-24 15:59 . 2011-03-24 15:59 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee Security Scan
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-24 16:07 . 2010-06-22 11:10 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-03-24 16:07 . 2009-07-16 21:26 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-02-19 18:41 . 2011-02-19 18:41 1152 ----a-w- c:\windows\system32\windrv.sys
2011-01-31 23:42 . 2011-01-31 23:42 162816 ----a-w- c:\windows\system32\drivers\NETBT.SYS
2011-01-31 23:36 . 2011-01-31 23:36 12368840 ----a-w- c:\program files\malware_removal.exe
2011-01-30 08:15 . 2011-01-30 08:15 162816 ----a-w- c:\windows\system32\drivers\vqijoumk.sys
2011-01-29 07:36 . 2011-01-29 06:36 177 ----a-w- c:\documents and settings\NetworkService\Application Data\del.bat
2010-07-07 03:50 . 2010-07-07 03:50 119808 ----a-w- c:\program files\mozilla firefox\components\GoogleDesktopMozilla.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-03-23_21.41.17 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-03-24 16:07 . 2011-03-24 16:07 16384 c:\windows\Temp\Perflib_Perfdata_ec8.dat
+ 2011-03-24 16:00 . 2011-03-24 16:00 28160 c:\windows\Installer\a081c.msi
+ 2010-11-10 17:49 . 2010-11-10 17:49 17304 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\ViewerPS.dll
+ 2010-11-10 17:49 . 2010-11-10 17:49 35736 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\reader_sl.exe
+ 2010-11-10 17:49 . 2010-11-10 17:49 84896 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\PDFPrevHndlr.dll
+ 2010-11-10 17:49 . 2010-11-10 17:49 94608 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\eula.exe
+ 2010-11-10 17:49 . 2010-11-10 17:49 49064 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\acrotextextractor.exe
+ 2010-11-10 17:49 . 2010-11-10 17:49 17824 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AcroRd32Info.exe
+ 2010-11-10 17:49 . 2010-11-10 17:49 62376 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\acroiehelpershim.dll
+ 2010-11-10 17:49 . 2010-11-10 17:49 64928 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AcroIEHelper.dll
+ 2010-11-10 17:49 . 2010-11-10 17:49 63384 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\Acrofx32.dll
+ 2011-03-24 16:07 . 2011-03-24 16:07 157472 c:\windows\system32\javaws.exe
- 2010-06-22 11:10 . 2010-07-17 10:00 145184 c:\windows\system32\javaw.exe
+ 2011-03-24 16:07 . 2011-03-24 16:07 145184 c:\windows\system32\javaw.exe
- 2010-06-22 11:10 . 2010-07-17 10:00 145184 c:\windows\system32\java.exe
+ 2011-03-24 16:07 . 2011-03-24 16:07 145184 c:\windows\system32\java.exe
+ 2011-03-24 16:08 . 2011-03-24 16:08 180224 c:\windows\Installer\a0b65.msi
+ 2011-03-24 16:07 . 2011-03-24 16:07 390144 c:\windows\Installer\a0b55.msi
+ 2011-03-24 16:07 . 2011-03-24 16:07 675840 c:\windows\Installer\a0b4f.msi
+ 2011-03-24 16:05 . 2011-03-24 16:05 533504 c:\windows\Installer\a08dc.msi
+ 2010-11-10 17:49 . 2010-11-10 17:49 390552 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\pdfshell.dll
+ 2010-11-10 17:49 . 2010-11-10 17:49 101288 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\PDFPrevHndlrShim.exe
+ 2010-11-10 17:49 . 2010-11-10 17:49 135568 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\nppdf32.dll
+ 2010-11-10 17:49 . 2010-11-10 17:49 681872 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\JP2KLib.dll
+ 2010-11-10 17:49 . 2010-11-10 17:49 104344 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AiodLite.dll
+ 2010-11-10 17:49 . 2010-11-10 17:49 702352 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AcroPDF.dll
+ 2010-11-10 17:49 . 2010-11-10 17:49 294808 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\acrobroker.exe
+ 2010-11-10 17:49 . 2010-11-10 17:49 205720 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\a3dutils.dll
+ 2011-03-24 16:01 . 2011-03-24 16:01 2283008 c:\windows\Installer\a08d7.msi
+ 2010-11-10 17:49 . 2010-11-10 17:49 2207632 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\rt3d.dll
+ 2010-11-10 17:49 . 2010-11-10 17:49 6222744 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\authplay.dll
+ 2010-11-10 17:49 . 2010-11-10 17:49 5503368 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AGM.dll
+ 2010-11-10 17:49 . 2010-11-10 17:49 1216416 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AdobeCollabSync.exe
+ 2010-11-10 17:49 . 2010-11-10 17:49 1289624 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AcroRd32.exe
+ 2011-01-30 20:44 . 2011-01-30 20:44 12425728 c:\windows\Installer\a08d8.msp
+ 2010-11-10 17:49 . 2010-11-10 17:49 23724952 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B744AA0000000010\10.0.0\AcroRd32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ECB75292-6320-4CD2-BE42-BA4BDC219155}]
2009-11-07 06:07 297808 ----a-w- c:\windows\system32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{ECB75292-6320-4CD2-BE42-BA4BDC219155}"= "mscoree.dll" [2009-11-07 297808]
.
[HKEY_CLASSES_ROOT\clsid\{ecb75292-6320-4cd2-be42-ba4bdc219155}]
[HKEY_CLASSES_ROOT\Enposit.Toolband.Toolband]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{ECB75292-6320-4CD2-BE42-BA4BDC219155}"= "mscoree.dll" [2009-11-07 297808]
.
[HKEY_CLASSES_ROOT\clsid\{ecb75292-6320-4cd2-be42-ba4bdc219155}]
[HKEY_CLASSES_ROOT\Enposit.Toolband.Toolband]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-15 68856]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-21 7204864]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 151552]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-07-07 30192]
"StatusClient 2.6"="c:\program files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe" [2004-02-27 61440]
"TomcatStartup 2.5"="c:\program files\Hewlett-Packard\Toolbox\hpbpsttp.exe" [2004-05-20 188416]
"MSN Toolbar"="c:\program files\MSN Toolbar\Platform\4.0.0401.0\mswinext.exe" [2010-02-12 240992]
"Comtribute Download Manager"="c:\documents and settings\All Users\Application Data\Comtribute\Comtribute.DownloadManager.exe" [2010-10-24 497640]
"jseringer.wesearch.co.il Updater"="c:\documents and settings\All Users\Application Data\Comtribute\jseringer.wesearch.co.il\Enposit.Update.exe" [2010-10-24 208872]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-01-30 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2010-02-28 519584]
.
c:\documents and settings\Joe Seringer\Start Menu\Programs\Startup\
Microsoft Find Fast.lnk - c:\program files\Microsoft Office\Office\FINDFAST.EXE [1997-8-1 111376]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
Microsoft Find Fast.lnk - c:\program files\Microsoft Office\Office\FINDFAST.EXE [1997-8-1 111376]
Microsoft Office.lnk - c:\program files\Microsoft Office2000\Office\OSA9.EXE [1999-2-17 65588]
Office Startup.lnk - c:\program files\Microsoft Office\Office\OSA.EXE [1997-8-1 51984]
QuickBooks Update Agent.lnk.disabled [2008-1-5 2109]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-4-28 415072]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"PromptOnSecureDesktop"= 0 (0x0)
"EnableVirtualization"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist Express Customer]
2010-12-15 16:57 147832 ----a-w- c:\program files\Citrix\GoToAssist Express Customer\258\g2ax_winlogon.dll
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"FixCleaner"=c:\program files\FixCleaner\FixCleaner.exe -boot
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\UltraVNC\\vncviewer.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2007\\QBDBMgrN.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\msiexec.exe"=
"c:\\Program Files\\Hewlett-Packard\\Toolbox\\jre\\bin\\javaw.exe"=
"c:\\Documents and Settings\\Joe Seringer\\Application Data\\Macromedia\\Flash Player\\www.macromedia.com\\bin\\octoshape\\octoshape.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\kdx\\khost.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Microsoft Office\\Office14\\ONENOTE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office14\\OUTLOOK.EXE"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
.
R2 ASFIPmon;Broadcom ASF IP Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [3/17/2006 5:25 PM 65536]
R2 RDIConverterPrintHelper;RDI Document Conversion Helper;c:\program files\Common Files\ICWM\Printer\RDIConverterService.exe [10/1/2008 4:13 PM 64888]
S0 TfFsMon;TfFsMon; [x]
S0 TfSysMon;TfSysMon; [x]
S1 SBRE;SBRE;\??\c:\windows\system32\drivers\SBREdrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [12/10/2009 2:33 PM 135664]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\Google\Google Desktop Search\GoogleDesktop.exe [5/10/2007 6:52 AM 30192]
S3 GoToAssist Express Customer;GoToAssist Express Customer;c:\program files\Citrix\GoToAssist Express Customer\258\g2ax_service.exe [12/15/2010 11:57 AM 161144]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 7:49 AM 227232]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [1/9/2010 10:37 PM 4640000]
S3 TfNetMon;TfNetMon; [x]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [8/5/2010 2:08 PM 100496]
S3 VBoxNetFlt;VBoxNetFlt Service; [x]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - JAVAQUICKSTARTERSERVICE
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-24 c:\windows\Tasks\02-18-2011_153933.job
- c:\program files\Spyware Cease 2011\SpywareCease2011.exe [2011-02-18 23:37]
.
2011-03-24 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-05-11 22:03]
.
2011-03-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-10 19:33]
.
2011-03-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-10 19:33]
.
2011-03-24 c:\windows\Tasks\User_Feed_Synchronization-{A9C01474-AD2A-4BF9-9D1C-C4C6A5ED00BA}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 09:31]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://google.com/
mStart Page = hxxp://jseringer.wesearch.co.il
uInternet Settings,ProxyOverride = <local>
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
Trusted Zone: mail
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
FF - ProfilePath - c:\documents and settings\Joe Seringer\Application Data\Mozilla\Firefox\Profiles\kodwsnpb.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=IEFM1&q=
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.inbox.com/homepage.aspx?tbid=80114&lng=en
FF - prefs.js: keyword.URL - hxxp://search.avg.com/route/?d=4d60046b&v=6.011.025.001&i=26&tp=ab&iy=&ychte=us&lng=en-US&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Inbox Toolbar: inboxcomtoolbar@inbox.com - %profile%\extensions\inboxcomtoolbar@inbox.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: AddThis: {3e0e7d2a-070f-4a47-b019-91fe5385ba79} - %profile%\extensions\{3e0e7d2a-070f-4a47-b019-91fe5385ba79}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: orion Toolbar: toolbar@jseringer.wesearch.co.il.com - c:\documents and settings\All Users\Application Data\Comtribute\jseringer.wesearch.co.il\Firefox
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-24 15:23
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(788)
c:\program files\Citrix\GoToAssist Express Customer\258\g2ax_winlogon.dll
.
- - - - - - - > 'explorer.exe'(2800)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2011-03-24 15:26:14
ComboFix-quarantined-files.txt 2011-03-24 20:26
ComboFix2.txt 2011-03-24 15:52
ComboFix3.txt 2011-03-23 21:45
.
Pre-Run: 37,949,341,696 bytes free
Post-Run: 37,985,660,928 bytes free
.
- - End Of File - - C89490F62C3668E44B0DC1A05B5F1242
Upload was successful

Blade81

2011-03-24, 21:35

Thanks. Looks ok. Are you still noticing any problems? If not, it's time to secure your system to prevent against further intrusions :)

THESE STEPS ARE VERY IMPORTANT

Let's reset system restore
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.

1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.
NOTE: only do this ONCE,NOT on a regular basis

Now lets uninstall ComboFix:

Click START then RUN
Now copy-paste Combofix /uninstall in the runbox and click OK

UPDATING WINDOWS AND INTERNET EXPLORER

IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site (http://windowsupdate.microsoft.com/) to get the critical updates.

If you are running Microsoft Office, or any portion thereof, go to the Microsoft's Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update.

Make your Internet Explorer more secure

This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.

The following are recommended third party programs that are designed to keep your computer clean. A link as well as a brief description is included with each item.

Download and run Secunia Personal Software Inspector (PSI) (http://secunia.com/vulnerability_scanning/personal/) and fix its findings.
Get Anti Virus Software and keep it updated - Most AVs will update automatically, but if not I would recommend making updating the AV the first job every time the PC is connected to the internet. An AV that is using defs that are seven days old is not going to be much protection. If you do not update your anti virus software then it will not be able to catch any of the new variants that may come out. Good free antivirus programs are:
Antivir (http://free-av.com/en/download/1/download_avira_antivir_personal__free_antivirus.html)
Avast! (http://www.avast.com/eng/download-avast-home.html)
Good commercial ones are from:
Kaspersky (http://www.kaspersky.com/homeuser) and
ESET (http://www.eset.com/products/index.php)

Alternatively you can reinstall AVG that you had installed there.

Just a final reminder for you. I am trying to stress these two points.
UPDATE UPDATE UPDATE!!! Make sure you do this about every 1-2 weeks.
Make sure all of your security programs are up to date.
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

Once again, please post and tell me how things are going with your system... problems etc.

Have a great day,
Blade :cool:

JSeringer

2011-03-24, 22:01

I still get a "Page cannot be found" when I launch http://mail/exhange

JSeringer

2011-03-25, 14:25

Thank you very much Blade. You have made this process easy! I will secure the system as advised and Go Finland!

Blade81

2011-03-25, 17:15

Hi,

That remaining problem doesn't look like malware related. Reinstalling Outlook Web Access might help but I'm not sure. Do both Internet Explorer and Firefox give the same result?

JSeringer

2011-03-25, 19:53

No, Firefox returns Outlook but Explorer returns a "Page cannot be found". I will have someone look at it

Thank you again for your help

Blade81

2011-03-25, 19:56

You're welcome :)

Blade81

2011-04-01, 18:12

Since this issue appears to be resolved ... this Topic has been closed. Glad I could help. :)

Note:If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread.

If it has been less than three days since your last response and you need the thread re-opened, please send me or other MOD a private message (pm). A valid, working link to the closed topic is required.