-
savetubevideo redirect
Hi, I hope you can help with my laptop problem. It is a Toshiba Equium, Intel Pentium Dual CPU T2370 @ 1.73GHz 1.73GHz, 2.0 GB RAM. I'm running Windows Vista Home Premium with SP2, Internet Explorer 8.0.6001.18975, Mozilla Firefox 3.6.11, Avast! Free Antivirus 5.0.677, Spybot Search & Destroy 1.6.2 and Malwarebytes 1.46
A short while ago I downloaded and installed "Download Youtube Free" :oops:
Shortly after this I noticed that occasionally, when using the Bing search engine on Firefox, if I click on a website link it will initially load the expected website but almost immediately redirects to a Google search box with "landing.savetubevideo" in the address bar (actually it's a full web address, but I'm reluctant to type it out in full on here). The page flickers constantly as if it is trying to close or to move on elsewhere but can't quite manage it. It seems that IE is not affected (yet).
I have deleted the offending program and have used CCleaner to remove any remaining registry references. (That was before I read the advice on your website). Unfortunately the problem persists. Neither Spybot nor Malwarebytes can find any problem and I don't know what else to try.
Thanks in advance for any help you can give. :heart:
DDS (Ver_10-10-21.01) - NTFSx86
Run by Don at 15:07:59.72 on 21/10/2010
Internet Explorer: 8.0.6001.18975 BrowserJavaVersion: 1.6.0_21
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2038.1153 [GMT 1:00]
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Windows\system32\fsproflt.exe
C:\Program Files\Nero\Update\NASvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\TalkTalk\bin\sprtsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe
C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Windows\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Don\Desktop\dds.scr
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://www.msn.com
uInternet Settings,ProxyServer = http=
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
BHO: Disabled:{5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: FireShot: {6e6e744e-4d20-4ce3-9a7a-26dfffe22f68} - c:\users\don\appdata\roaming\mozilla\firefox\profiles\dbhpypvr.default\extensions\{0b457caa-602d-484a-8fe7-c1d894a011ba}\library\fsaddin-0.85.dll
TB: {4974A391-29D6-4419-A63B-49C1C7142489} - No File
TB: {31C7D459-9CC3-44F2-9DCA-FC11795309B4} - No File
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Openwares LiveUpdate] c:\program files\liveupdate\LiveUpdate.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
dRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
StartupFolder: c:\users\don\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Save Page As PDF ... - file://c:\program files\nitro pdf\pdf download\nitroweb.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - %SystemRoot%\system32\wpdshserviceobj.dll
SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File
================= FIREFOX ===================
FF - ProfilePath - c:\users\don\appdata\roaming\mozilla\firefox\profiles\dbhpypvr.default\
FF - prefs.js: browser.startup.homepage - hxxp://uk.msn.com/?ocid=hmlogout
FF - prefs.js: keyword.URL - hxxp://www.veerboo.com/results.php?q=
FF - component: c:\users\don\appdata\roaming\mozilla\firefox\profiles\dbhpypvr.default\extensions\{0b457caa-602d-484a-8fe7-c1d894a011ba}\platform\winnt_x86-msvc\components\SSSLauncher.dll
FF - component: c:\users\don\appdata\roaming\mozilla\firefox\profiles\dbhpypvr.default\extensions\{4974a391-29d6-4419-a63b-49c1c7142489}\components\FFExternalAlert.dll
FF - component: c:\users\don\appdata\roaming\mozilla\firefox\profiles\dbhpypvr.default\extensions\{4974a391-29d6-4419-a63b-49c1c7142489}\components\RadioWMPCore.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
FF - plugin: c:\program files\tracker software\pdf viewer\npPDFXCviewNPPlugin.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\don\appdata\roaming\mozilla\firefox\profiles\dbhpypvr.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
============= SERVICES / DRIVERS ===============
R0 FSProFilter;FSPro File Filter;c:\windows\system32\drivers\FSPFltd.sys [2010-3-25 43792]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2009-3-13 165584]
R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\drivers\RtlProt.sys [2007-11-5 25896]
R2 a2free;a-squared Free Service;c:\program files\a-squared free\a2service.exe [2009-1-31 1872320]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-3-13 17744]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-3-13 50768]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-8 40384]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2007-12-25 40960]
R2 fsproflt;FSPro Filter Service;c:\windows\system32\fsproflt.exe [2010-3-25 142648]
R2 NAUpdate;Nero Update;c:\program files\nero\update\NASvc.exe [2010-5-4 503080]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2008-11-6 1153368]
R2 sprtsvc_TalkTalk;SupportSoft Sprocket Service (TalkTalk);c:\program files\talktalk\bin\sprtsvc.exe [2007-10-12 202016]
R2 tgsrvc_TalkTalk;SupportSoft Repair Service (TalkTalk);c:\program files\common files\supportsoft\bin\tgsrvc.exe [2007-8-2 148768]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2007-12-3 126976]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-8 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-8 40384]
R3 CnxtHdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service;c:\windows\system32\drivers\CHDART.sys [2008-2-26 187904]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-2-26 111616]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2008-1-15 48472]
R3 QIOMem;Generic IO & Memory Access;c:\windows\system32\drivers\QIOMem.sys [2007-4-9 8192]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [2009-6-10 347648]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1c9b90bc6621174;Google Update Service (gupdate1c9b90bc6621174);"c:\program files\google\update\googleupdate.exe" /svc --> c:\program files\google\update\GoogleUpdate.exe [?]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2010-10-15 84832]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-8-26 54632]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-6 34064]
S3 ultradfg;ultradfg;c:\windows\system32\drivers\ultradfg.sys [2009-10-6 41984]
S3 WipeFile;WipeFile;c:\windows\system32\drivers\WipeFile.sys [2007-3-3 57472]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
=============== Created Last 30 ================
2010-10-20 18:55:03 -------- d-----w- c:\users\don\appdata\roaming\Malwarebytes
2010-10-20 18:54:48 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-20 18:54:47 -------- d-----w- c:\progra~2\Malwarebytes
2010-10-20 18:54:46 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-20 18:54:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-19 20:35:13 6146896 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{842615c3-7176-461c-a29d-133ae26d34e2}\mpengine.dll
2010-10-18 21:46:59 1181696 ----a-w- c:\windows\system32\WsmSvc.dll
2010-10-17 12:02:58 -------- d-----w- c:\progra~2\STOPzilla!
2010-10-16 16:25:20 -------- d-----w- c:\users\don\appdata\local\Paint.NET
2010-10-15 16:13:26 84832 ----a-w- c:\windows\system32\drivers\ASPI32.SYS
2010-10-15 16:13:26 45056 ----a-w- c:\windows\system32\WNASPI32.DLL
2010-10-15 16:13:12 -------- d-----w- c:\program files\Free DVD Ripper
2010-10-15 15:47:41 -------- d-----w- c:\users\don\Copied Films and Discs
2010-10-14 12:55:59 168960 ----a-w- c:\program files\windows media player\wmplayer.exe
2010-10-14 12:55:44 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-10-14 12:55:17 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-10-14 12:55:16 304128 ----a-w- c:\windows\system32\drivers\srv.sys
2010-10-14 12:55:16 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-10-14 12:55:16 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-10-14 12:55:15 17920 ----a-w- c:\windows\system32\netevent.dll
2010-10-14 12:55:05 274944 ----a-w- c:\windows\system32\schannel.dll
2010-10-14 12:55:03 339968 ----a-w- c:\program files\windows nt\accessories\wordpad.exe
2010-10-14 12:55:03 1316864 ----a-w- c:\windows\system32\ole32.dll
2010-10-14 12:55:01 157184 ----a-w- c:\windows\system32\t2embed.dll
2010-10-13 14:27:54 553696 ----a-w- c:\program files\mozilla firefox\uninstall\helper.exe
2010-10-08 22:51:35 -------- d-----w- c:\users\don\Fireshot captures
2010-10-08 22:46:44 -------- d-----w- c:\users\don\appdata\roaming\FireShot
2010-10-08 16:51:17 30016 ----a-w- c:\windows\system32\uxtuneup.dll
2010-10-08 16:51:17 21312 ----a-w- c:\windows\system32\authuitu.dll
2010-10-06 21:20:31 -------- d-----w- c:\program files\Tracker Software
2010-10-06 21:18:20 -------- d-----w- c:\program files\DVDSmith Movie Backup
2010-10-06 20:49:48 290816 ----a-w- c:\windows\system32\cyviewer.ocx
2010-10-06 20:49:47 -------- d-----w- c:\program files\Ashampoo
2010-09-28 18:45:37 2048 ----a-w- c:\windows\system32\tzres.dll
2010-09-28 18:45:23 13312 ----a-w- c:\program files\internet explorer\iecompat.dll
==================== Find3M ====================
2010-10-21 13:57:57 44544 ----a-w- c:\windows\system32\agremove.exe
2010-09-30 15:15:06 30528 ----a-w- c:\windows\system32\TURegOpt.exe
2010-09-08 10:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 10:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-08 06:01:28 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 05:57:18 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-08 05:57:05 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-08 05:56:53 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-09-08 05:56:53 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-09-08 05:04:36 385024 ----a-w- c:\windows\system32\html.iec
2010-09-08 04:26:46 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-09-08 04:25:15 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-09-07 15:12:17 38848 ----a-w- c:\windows\avastSS.scr
2010-08-31 15:46:37 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-08-31 15:46:37 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-08-31 15:44:31 531968 ----a-w- c:\windows\system32\comctl32.dll
2010-08-31 13:27:38 2038272 ----a-w- c:\windows\system32\win32k.sys
2010-08-20 16:05:07 867328 ----a-w- c:\windows\system32\wmpmde.dll
2010-08-17 14:11:37 128000 ----a-w- c:\windows\system32\spoolsv.exe
============= FINISH: 15:08:47.80 ===============
-
Hi,
Does this issue happen only with Firefox or is IE affected too? Please update MBAM, run a full scan with it and delete found items (if any). Post back report + fresh dds log.
-
Hello Blade81, thanks for giving your time to try and help me solve my problem.
The problem seems to affect only Firefox - I have tried to replicate it on IE but so far it seems ok.
Here are the logs you asked for:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4963
Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18975
27/10/2010 15:07:45
mbam-log-2010-10-27 (15-07-45).txt
Scan type: Full scan (C:\|D:\|)
Objects scanned: 286167
Time elapsed: 1 hour(s), 26 minute(s), 35 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
DDS (Ver_10-10-21.01) - NTFSx86
Run by Don at 15:18:35.39 on 27/10/2010
Internet Explorer: 8.0.6001.18975 BrowserJavaVersion: 1.6.0_22
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2038.1027 [GMT 1:00]
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Windows\system32\fsproflt.exe
C:\Program Files\Nero\Update\NASvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\TalkTalk\bin\sprtsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe
C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Don\Desktop\dds.scr
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mStart Page = hxxp://www.msn.com
uInternet Settings,ProxyServer = http=
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
BHO: Disabled:{5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: FireShot: {6e6e744e-4d20-4ce3-9a7a-26dfffe22f68} - c:\users\don\appdata\roaming\mozilla\firefox\profiles\dbhpypvr.default\extensions\{0b457caa-602d-484a-8fe7-c1d894a011ba}\library\fsaddin-0.85.dll
TB: {4974A391-29D6-4419-A63B-49C1C7142489} - No File
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {31C7D459-9CC3-44F2-9DCA-FC11795309B4} - No File
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [Privacy Suite RiskMonitor]
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Openwares LiveUpdate] c:\program files\liveupdate\LiveUpdate.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
dRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
StartupFolder: c:\users\don\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Save Page As PDF ... - file://c:\program files\nitro pdf\pdf download\nitroweb.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - %SystemRoot%\system32\wpdshserviceobj.dll
SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File
================= FIREFOX ===================
FF - ProfilePath - c:\users\don\appdata\roaming\mozilla\firefox\profiles\dbhpypvr.default\
FF - prefs.js: browser.startup.homepage - hxxp://uk.msn.com/?ocid=hmlogout
FF - prefs.js: keyword.URL - hxxp://www.veerboo.com/results.php?q=
FF - component: c:\users\don\appdata\roaming\mozilla\firefox\profiles\dbhpypvr.default\extensions\{0b457caa-602d-484a-8fe7-c1d894a011ba}\platform\winnt_x86-msvc\components\SSSLauncher.dll
FF - component: c:\users\don\appdata\roaming\mozilla\firefox\profiles\dbhpypvr.default\extensions\{4974a391-29d6-4419-a63b-49c1c7142489}\components\FFExternalAlert.dll
FF - component: c:\users\don\appdata\roaming\mozilla\firefox\profiles\dbhpypvr.default\extensions\{4974a391-29d6-4419-a63b-49c1c7142489}\components\RadioWMPCore.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
FF - plugin: c:\program files\tracker software\pdf viewer\npPDFXCviewNPPlugin.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
============= SERVICES / DRIVERS ===============
R0 FSProFilter;FSPro File Filter;c:\windows\system32\drivers\FSPFltd.sys [2010-3-25 43792]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2009-3-13 165584]
R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\drivers\RtlProt.sys [2007-11-5 25896]
R2 a2free;a-squared Free Service;c:\program files\a-squared free\a2service.exe [2009-1-31 1872320]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-3-13 17744]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-3-13 50768]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-8 40384]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2007-12-25 40960]
R2 fsproflt;FSPro Filter Service;c:\windows\system32\fsproflt.exe [2010-3-25 142648]
R2 NAUpdate;Nero Update;c:\program files\nero\update\NASvc.exe [2010-5-4 503080]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2008-11-6 1153368]
R2 sprtsvc_TalkTalk;SupportSoft Sprocket Service (TalkTalk);c:\program files\talktalk\bin\sprtsvc.exe [2007-10-12 202016]
R2 tgsrvc_TalkTalk;SupportSoft Repair Service (TalkTalk);c:\program files\common files\supportsoft\bin\tgsrvc.exe [2007-8-2 148768]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2007-12-3 126976]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-8 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-8 40384]
R3 CnxtHdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service;c:\windows\system32\drivers\CHDART.sys [2008-2-26 187904]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-2-26 111616]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2008-1-15 48472]
R3 QIOMem;Generic IO & Memory Access;c:\windows\system32\drivers\QIOMem.sys [2007-4-9 8192]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [2009-6-10 347648]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1c9b90bc6621174;Google Update Service (gupdate1c9b90bc6621174);"c:\program files\google\update\googleupdate.exe" /svc --> c:\program files\google\update\GoogleUpdate.exe [?]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2010-10-15 84832]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-10-22 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-6 34064]
S3 ultradfg;ultradfg;c:\windows\system32\drivers\ultradfg.sys [2009-10-6 41984]
S3 WipeFile;WipeFile;c:\windows\system32\drivers\WipeFile.sys [2007-3-3 57472]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
=============== Created Last 30 ================
2010-10-26 17:17:25 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-10-26 17:17:24 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-10-26 17:17:23 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-10-23 11:27:16 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2010-10-22 05:54:22 -------- d-----w- c:\windows\en
2010-10-22 05:53:56 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2010-10-22 05:50:05 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2010-10-22 05:50:05 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2010-10-22 05:50:05 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2010-10-22 05:43:21 469256 ----a-w- c:\program files\common files\windows live\.cache\730d7101cb71ac2c\InstallManager_WLE_WLE.exe
2010-10-22 05:42:54 15712 ----a-w- c:\program files\common files\windows live\.cache\f92d9ef01cb71ab1f\MeshBetaRemover.exe
2010-10-22 05:42:33 94040 ----a-w- c:\program files\common files\windows live\.cache\ebda8c901cb71ab18\DSETUP.dll
2010-10-22 05:42:33 525656 ----a-w- c:\program files\common files\windows live\.cache\ebda8c901cb71ab18\DXSETUP.exe
2010-10-22 05:42:33 1691480 ----a-w- c:\program files\common files\windows live\.cache\ebda8c901cb71ab18\dsetup32.dll
2010-10-22 05:42:31 94040 ----a-w- c:\program files\common files\windows live\.cache\ea568c701cb71ab17\DSETUP.dll
2010-10-22 05:42:31 525656 ----a-w- c:\program files\common files\windows live\.cache\ea568c701cb71ab17\DXSETUP.exe
2010-10-22 05:42:31 1691480 ----a-w- c:\program files\common files\windows live\.cache\ea568c701cb71ab17\dsetup32.dll
2010-10-22 05:41:19 -------- d-----w- c:\users\don\appdata\local\Windows Live
2010-10-22 05:40:42 754688 ----a-w- c:\windows\system32\webservices.dll
2010-10-21 21:38:45 -------- d-----w- c:\users\don\appdata\local\Microsoft Corporation
2010-10-21 21:37:19 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
2010-10-20 18:55:03 -------- d-----w- c:\users\don\appdata\roaming\Malwarebytes
2010-10-20 18:54:48 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-20 18:54:47 -------- d-----w- c:\progra~2\Malwarebytes
2010-10-20 18:54:46 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-20 18:54:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-19 20:35:13 6146896 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{842615c3-7176-461c-a29d-133ae26d34e2}\mpengine.dll
2010-10-18 21:46:59 1181696 ----a-w- c:\windows\system32\WsmSvc.dll
2010-10-17 12:02:58 -------- d-----w- c:\progra~2\STOPzilla!
2010-10-16 16:25:20 -------- d-----w- c:\users\don\appdata\local\Paint.NET
2010-10-15 16:13:26 84832 ----a-w- c:\windows\system32\drivers\ASPI32.SYS
2010-10-15 16:13:26 45056 ----a-w- c:\windows\system32\WNASPI32.DLL
2010-10-15 16:13:12 -------- d-----w- c:\program files\Free DVD Ripper
2010-10-15 15:47:41 -------- d-----w- c:\users\don\Copied Films and Discs
2010-10-14 12:55:59 168960 ----a-w- c:\program files\windows media player\wmplayer.exe
2010-10-14 12:55:44 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-10-14 12:55:17 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-10-14 12:55:16 304128 ----a-w- c:\windows\system32\drivers\srv.sys
2010-10-14 12:55:16 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-10-14 12:55:16 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-10-14 12:55:15 17920 ----a-w- c:\windows\system32\netevent.dll
2010-10-14 12:55:05 274944 ----a-w- c:\windows\system32\schannel.dll
2010-10-14 12:55:03 339968 ----a-w- c:\program files\windows nt\accessories\wordpad.exe
2010-10-14 12:55:03 1316864 ----a-w- c:\windows\system32\ole32.dll
2010-10-14 12:55:01 157184 ----a-w- c:\windows\system32\t2embed.dll
2010-10-13 14:27:54 553696 ----a-w- c:\program files\mozilla firefox\uninstall\helper.exe
2010-10-08 22:51:35 -------- d-----w- c:\users\don\Fireshot captures
2010-10-08 22:46:44 -------- d-----w- c:\users\don\appdata\roaming\FireShot
2010-10-08 16:51:17 30016 ----a-w- c:\windows\system32\uxtuneup.dll
2010-10-08 16:51:17 21312 ----a-w- c:\windows\system32\authuitu.dll
2010-10-06 21:20:31 -------- d-----w- c:\program files\Tracker Software
2010-10-06 21:18:20 -------- d-----w- c:\program files\DVDSmith Movie Backup
2010-10-06 20:49:48 290816 ----a-w- c:\windows\system32\cyviewer.ocx
2010-10-06 20:49:47 -------- d-----w- c:\program files\Ashampoo
2010-09-28 18:45:37 2048 ----a-w- c:\windows\system32\tzres.dll
2010-09-28 18:45:23 13312 ----a-w- c:\program files\internet explorer\iecompat.dll
==================== Find3M ====================
2010-10-27 12:25:13 44544 ----a-w- c:\windows\system32\agremove.exe
2010-09-30 15:15:06 30528 ----a-w- c:\windows\system32\TURegOpt.exe
2010-09-22 23:47:28 49016 ----a-w- c:\windows\system32\sirenacm.dll
2010-09-22 23:32:56 301936 ----a-w- c:\windows\WLXPGSS.SCR
2010-09-15 03:50:37 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-08 10:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 10:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-08 06:01:28 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 05:57:18 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-08 05:57:05 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-08 05:56:53 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-09-08 05:56:53 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-09-08 05:04:36 385024 ----a-w- c:\windows\system32\html.iec
2010-09-08 04:26:46 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-09-08 04:25:15 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-09-07 15:12:17 38848 ----a-w- c:\windows\avastSS.scr
2010-08-31 15:46:37 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-08-31 15:46:37 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-08-31 15:44:31 531968 ----a-w- c:\windows\system32\comctl32.dll
2010-08-31 13:27:38 2038272 ----a-w- c:\windows\system32\win32k.sys
2010-08-26 16:33:06 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2010-08-26 16:33:04 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2010-08-26 16:33:04 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2010-08-26 16:33:04 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2010-08-20 16:05:07 867328 ----a-w- c:\windows\system32\wmpmde.dll
2010-08-17 14:11:37 128000 ----a-w- c:\windows\system32\spoolsv.exe
============= FINISH: 15:19:32.57 ===============
-
Thanks for the logs. Let's continue.
Please visit this webpage for download links, and instructions for running ComboFix tool:
http://www.bleepingcomputer.com/comb...o-use-combofix
Please ensure you read this guide carefully first.
Please continue as follows:
- Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
Remember to re-enable them afterwards.
- Click Yes to allow ComboFix to continue scanning for malware.
When the tool is finished, it will produce a report for you.
Please include the following reports for further review, and so we may continue cleansing the system:
C:\ComboFix.txt
New dds log.
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
-
Thanks for your continued support. Here are the latest log files:
ComboFix 10-10-26.04 - Don 27/10/2010 19:24:08.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2038.1162 [GMT 1:00]
Running from: c:\users\Don\Desktop\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\Don\AppData\Local\cqqwuag.dat
c:\users\Don\AppData\Local\cqqwuag_nav.dat
c:\users\Don\AppData\Local\cqqwuag_navps.dat
D:\install.exe
D:\resycled
c:\windows\System32\autochk.exe . . . is infected!!
.
((((((((((((((((((((((((( Files Created from 2010-09-27 to 2010-10-27 )))))))))))))))))))))))))))))))
.
2010-10-27 18:44 . 2010-10-27 18:44 -------- d-----w- c:\users\Don\AppData\Local\temp
2010-10-27 18:19 . 2010-10-27 18:19 17408 ----a-w- c:\windows\system32\rpcnetp.dll
2010-10-27 18:19 . 2010-10-27 18:19 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2010-10-26 17:17 . 2010-08-26 16:34 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-10-26 17:17 . 2010-08-26 16:33 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-10-26 17:17 . 2010-08-26 14:23 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-10-22 05:54 . 2010-10-22 05:54 -------- d-----w- c:\windows\en
2010-10-22 05:53 . 2010-09-22 23:21 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2010-10-22 05:50 . 2009-09-04 16:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2010-10-22 05:50 . 2009-09-04 16:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2010-10-22 05:50 . 2009-09-04 16:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2010-10-22 05:43 . 2010-10-22 05:43 469256 ----a-w- c:\program files\Common Files\Windows Live\.cache\730d7101cb71ac2c\InstallManager_WLE_WLE.exe
2010-10-22 05:42 . 2010-10-22 05:42 15712 ----a-w- c:\program files\Common Files\Windows Live\.cache\f92d9ef01cb71ab1f\MeshBetaRemover.exe
2010-10-22 05:42 . 2010-10-22 05:42 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\ebda8c901cb71ab18\DSETUP.dll
2010-10-22 05:42 . 2010-10-22 05:42 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\ebda8c901cb71ab18\DXSETUP.exe
2010-10-22 05:42 . 2010-10-22 05:42 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\ebda8c901cb71ab18\dsetup32.dll
2010-10-22 05:42 . 2010-10-22 05:42 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\ea568c701cb71ab17\DSETUP.dll
2010-10-22 05:42 . 2010-10-22 05:42 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\ea568c701cb71ab17\DXSETUP.exe
2010-10-22 05:42 . 2010-10-22 05:42 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\ea568c701cb71ab17\dsetup32.dll
2010-10-22 05:41 . 2010-10-22 05:41 -------- d-----w- c:\users\Don\AppData\Local\Windows Live
2010-10-22 05:40 . 2009-08-04 08:02 754688 ----a-w- c:\windows\system32\webservices.dll
2010-10-21 21:38 . 2010-10-21 21:38 -------- d-----w- c:\users\Don\AppData\Local\Microsoft Corporation
2010-10-21 21:37 . 2010-10-21 21:37 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
2010-10-21 21:24 . 2010-10-21 21:24 -------- d-----w- c:\programdata\Microsoft Corporation
2010-10-21 14:02 . 2010-10-21 14:02 -------- d-----w- c:\program files\ERUNT
2010-10-20 18:55 . 2010-10-20 18:55 -------- d-----w- c:\users\Don\AppData\Roaming\Malwarebytes
2010-10-20 18:54 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-20 18:54 . 2010-10-20 18:54 -------- d-----w- c:\programdata\Malwarebytes
2010-10-20 18:54 . 2010-10-20 18:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-20 18:54 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-19 20:35 . 2010-10-18 08:41 6146896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{842615C3-7176-461C-A29D-133AE26D34E2}\mpengine.dll
2010-10-18 21:46 . 2009-10-09 21:56 1181696 ----a-w- c:\windows\system32\WsmSvc.dll
2010-10-17 12:02 . 2010-10-17 15:47 -------- d-----w- c:\programdata\STOPzilla!
2010-10-16 16:25 . 2010-10-17 12:52 -------- d-----w- c:\users\Don\AppData\Local\Paint.NET
2010-10-15 16:13 . 2002-07-17 14:23 45056 ----a-w- c:\windows\system32\WNASPI32.DLL
2010-10-15 16:13 . 2002-07-17 14:20 84832 ----a-w- c:\windows\system32\drivers\ASPI32.SYS
2010-10-15 16:13 . 2010-10-16 09:17 -------- d-----w- c:\program files\Free DVD Ripper
2010-10-15 15:48 . 2010-10-15 15:48 -------- d-----w- c:\users\Don\AppData\Roaming\dvdcss
2010-10-15 15:47 . 2010-10-15 15:48 -------- d-----w- c:\users\Don\Copied Films and Discs
2010-10-14 12:55 . 2010-09-13 13:56 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2010-10-14 12:55 . 2010-09-13 13:56 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-10-14 12:55 . 2010-09-06 16:20 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-10-14 12:55 . 2010-09-06 13:45 304128 ----a-w- c:\windows\system32\drivers\srv.sys
2010-10-14 12:55 . 2010-09-06 13:45 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-10-14 12:55 . 2010-09-06 13:45 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-10-14 12:55 . 2010-09-06 16:19 17920 ----a-w- c:\windows\system32\netevent.dll
2010-10-14 12:55 . 2010-08-10 15:53 274944 ----a-w- c:\windows\system32\schannel.dll
2010-10-14 12:55 . 2010-06-28 17:00 1316864 ----a-w- c:\windows\system32\ole32.dll
2010-10-14 12:55 . 2010-06-28 14:54 339968 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe
2010-10-14 12:55 . 2010-08-26 16:37 157184 ----a-w- c:\windows\system32\t2embed.dll
2010-10-08 22:51 . 2010-10-08 22:52 -------- d-----w- c:\users\Don\Fireshot captures
2010-10-08 22:46 . 2010-10-08 22:46 -------- d-----w- c:\users\Don\AppData\Roaming\FireShot
2010-10-08 16:51 . 2010-09-30 15:09 21312 ----a-w- c:\windows\system32\authuitu.dll
2010-10-08 16:51 . 2010-09-30 15:09 30016 ----a-w- c:\windows\system32\uxtuneup.dll
2010-10-06 21:20 . 2010-10-06 21:20 -------- d-----w- c:\program files\Tracker Software
2010-10-06 21:18 . 2010-10-06 21:18 -------- d-----w- c:\program files\DVDSmith Movie Backup
2010-10-06 20:49 . 2008-05-07 15:03 290816 ----a-w- c:\windows\system32\cyviewer.ocx
2010-10-06 20:49 . 2010-10-06 20:49 -------- d-----w- c:\program files\Ashampoo
2010-09-28 18:45 . 2010-06-22 13:30 2048 ----a-w- c:\windows\system32\tzres.dll
2010-09-28 18:45 . 2010-08-26 04:23 13312 ----a-w- c:\program files\Internet Explorer\iecompat.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-27 17:10 . 2008-11-20 18:42 44544 ----a-w- c:\windows\system32\agremove.exe
2010-09-30 15:15 . 2010-06-07 14:26 30528 ----a-w- c:\windows\system32\TURegOpt.exe
2010-09-22 23:47 . 2010-09-22 23:47 49016 ----a-w- c:\windows\system32\sirenacm.dll
2010-09-22 23:32 . 2010-09-22 23:32 301936 ----a-w- c:\windows\WLXPGSS.SCR
2010-09-15 03:50 . 2010-04-17 15:14 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-08 10:17 . 2010-09-08 10:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 10:17 . 2010-09-08 10:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-07 15:12 . 2010-06-29 15:18 38848 ----a-w- c:\windows\avastSS.scr
2010-09-07 15:11 . 2009-03-13 15:12 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-09-07 14:52 . 2009-03-13 15:12 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-09-07 14:52 . 2009-03-13 15:12 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-09-07 14:47 . 2009-03-13 15:12 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-09-07 14:47 . 2009-03-13 15:12 50768 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-09-07 14:47 . 2009-03-13 15:12 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-08-26 16:33 . 2010-10-26 17:17 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2010-08-26 16:33 . 2010-10-26 17:17 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2010-08-26 16:33 . 2010-10-26 17:17 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2010-08-26 16:33 . 2010-10-26 17:17 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2010-08-17 14:11 . 2010-09-15 13:36 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-05 17:10 . 2010-08-05 17:10 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-02-26 141848]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-02-26 150552]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-09-07 2838912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-02-26 173592]
"Openwares LiveUpdate"="c:\program files\LiveUpdate\LiveUpdate.exe" [2003-12-13 61440]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-20 413696]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-09-22 4240760]
c:\users\Don\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" -autorun
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3255058789-4097180596-3726220330-1000]
"EnableNotificationsRef"=dword:00000002
R0 rpcnetp;rpcnetp; [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1c9b90bc6621174;Google Update Service (gupdate1c9b90bc6621174);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys [2002-07-17 84832]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-06 34064]
S0 FSProFilter;FSPro File Filter;c:\windows\System32\Drivers\FSPFltd.sys [2008-06-05 43792]
S1 aswSP;aswSP; [x]
S2 a2free;a-squared Free Service;c:\program files\a-squared Free\a2service.exe [2010-05-12 1872320]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2007-12-25 40960]
S2 fsproflt;FSPro Filter Service;c:\windows\system32\fsproflt.exe [2010-01-06 142648]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-05-04 503080]
S3 CnxtHdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service;c:\windows\system32\drivers\CHDART.sys [2008-02-01 187904]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2007-06-06 111616]
S3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2008-01-15 48472]
S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys [2007-04-09 8192]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
2010-10-27 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2008-11-06 10:14]
2010-09-11 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2010-09-11 17:08]
2010-10-27 c:\windows\Tasks\User_Feed_Synchronization-{C3424DA8-C7DF-4615-AD60-46AA957ED8B3}.job
- c:\windows\system32\msfeedssync.exe [2010-10-14 04:25]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://www.msn.com
uInternet Settings,ProxyServer = http=
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Save Page As PDF ... - file://c:\program files\Nitro PDF\PDF Download\nitroweb.htm
FF - ProfilePath - c:\users\Don\AppData\Roaming\Mozilla\Firefox\Profiles\dbhpypvr.default\
FF - prefs.js: browser.startup.homepage - hxxp://uk.msn.com/?ocid=hmlogout
FF - prefs.js: keyword.URL - hxxp://www.veerboo.com/results.php?q=
FF - component: c:\users\Don\AppData\Roaming\Mozilla\Firefox\Profiles\dbhpypvr.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\platform\WINNT_x86-msvc\components\SSSLauncher.dll
FF - component: c:\users\Don\AppData\Roaming\Mozilla\Firefox\Profiles\dbhpypvr.default\extensions\{4974a391-29d6-4419-a63b-49c1c7142489}\components\FFExternalAlert.dll
FF - component: c:\users\Don\AppData\Roaming\Mozilla\Firefox\Profiles\dbhpypvr.default\extensions\{4974a391-29d6-4419-a63b-49c1c7142489}\components\RadioWMPCore.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -
WebBrowser-{4974A391-29D6-4419-A63B-49C1C7142489} - (no file)
WebBrowser-{31C7D459-9CC3-44F2-9DCA-FC11795309B4} - (no file)
HKCU-Run-Privacy Suite RiskMonitor - (no file)
ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-10-27 19:44
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
C:\My Lockbox
scan completed successfully
hidden files: 1
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1c,d1,ba,c3,57,b6,70,4a,8b,33,4b,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1c,d1,ba,c3,57,b6,70,4a,8b,33,4b,\
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-10-27 19:47:29
ComboFix-quarantined-files.txt 2010-10-27 18:47
Pre-Run: 40,349,716,480 bytes free
Post-Run: 40,130,482,176 bytes free
Current=1 Default=1 Failed=0 LastKnownGood=11 Sets=1,2,3,4,5,6,7,8,9,11
- - End Of File - - 168D35DA9C57F9F1B94F52837E007E1B
DDS (Ver_10-10-21.01) - NTFSx86
Run by Don at 19:54:13.66 on 27/10/2010
Internet Explorer: 8.0.6001.18975 BrowserJavaVersion: 1.6.0_22
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2038.988 [GMT 1:00]
SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Windows\system32\fsproflt.exe
C:\Program Files\Nero\Update\NASvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\TalkTalk\bin\sprtsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe
C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\conime.exe
C:\Windows\explorer.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Don\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
mStart Page = hxxp://www.msn.com
uInternet Settings,ProxyServer = http=
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
BHO: Disabled:{5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: FireShot: {6e6e744e-4d20-4ce3-9a7a-26dfffe22f68} - c:\users\don\appdata\roaming\mozilla\firefox\profiles\dbhpypvr.default\extensions\{0b457caa-602d-484a-8fe7-c1d894a011ba}\library\fsaddin-0.85.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Openwares LiveUpdate] c:\program files\liveupdate\LiveUpdate.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
dRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
StartupFolder: c:\users\don\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Save Page As PDF ... - file://c:\program files\nitro pdf\pdf download\nitroweb.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - %SystemRoot%\system32\wpdshserviceobj.dll
================= FIREFOX ===================
FF - ProfilePath - c:\users\don\appdata\roaming\mozilla\firefox\profiles\dbhpypvr.default\
FF - prefs.js: browser.startup.homepage - hxxp://uk.msn.com/?ocid=hmlogout
FF - prefs.js: keyword.URL - hxxp://www.veerboo.com/results.php?q=
FF - component: c:\users\don\appdata\roaming\mozilla\firefox\profiles\dbhpypvr.default\extensions\{0b457caa-602d-484a-8fe7-c1d894a011ba}\platform\winnt_x86-msvc\components\SSSLauncher.dll
FF - component: c:\users\don\appdata\roaming\mozilla\firefox\profiles\dbhpypvr.default\extensions\{4974a391-29d6-4419-a63b-49c1c7142489}\components\FFExternalAlert.dll
FF - component: c:\users\don\appdata\roaming\mozilla\firefox\profiles\dbhpypvr.default\extensions\{4974a391-29d6-4419-a63b-49c1c7142489}\components\RadioWMPCore.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
============= SERVICES / DRIVERS ===============
R0 FSProFilter;FSPro File Filter;c:\windows\system32\drivers\FSPFltd.sys [2010-3-25 43792]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2009-3-13 165584]
R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\drivers\RtlProt.sys [2007-11-5 25896]
R2 a2free;a-squared Free Service;c:\program files\a-squared free\a2service.exe [2009-1-31 1872320]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-3-13 17744]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-3-13 50768]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-8 40384]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2007-12-25 40960]
R2 fsproflt;FSPro Filter Service;c:\windows\system32\fsproflt.exe [2010-3-25 142648]
R2 NAUpdate;Nero Update;c:\program files\nero\update\NASvc.exe [2010-5-4 503080]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2008-11-6 1153368]
R2 sprtsvc_TalkTalk;SupportSoft Sprocket Service (TalkTalk);c:\program files\talktalk\bin\sprtsvc.exe [2007-10-12 202016]
R2 tgsrvc_TalkTalk;SupportSoft Repair Service (TalkTalk);c:\program files\common files\supportsoft\bin\tgsrvc.exe [2007-8-2 148768]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2007-12-3 126976]
R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-8 40384]
R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-8 40384]
R3 CnxtHdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service;c:\windows\system32\drivers\CHDART.sys [2008-2-26 187904]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-2-26 111616]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2008-1-15 48472]
R3 QIOMem;Generic IO & Memory Access;c:\windows\system32\drivers\QIOMem.sys [2007-4-9 8192]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [2009-6-10 347648]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1c9b90bc6621174;Google Update Service (gupdate1c9b90bc6621174);"c:\program files\google\update\googleupdate.exe" /svc --> c:\program files\google\update\GoogleUpdate.exe [?]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2010-10-15 84832]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-10-22 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-6 34064]
S3 ultradfg;ultradfg;c:\windows\system32\drivers\ultradfg.sys [2009-10-6 41984]
S3 WipeFile;WipeFile;c:\windows\system32\drivers\WipeFile.sys [2007-3-3 57472]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
SUnknown rpcnetp;rpcnetp; [x]
=============== Created Last 30 ================
2010-10-27 18:47:37 -------- d-sh--w- C:\$RECYCLE.BIN
2010-10-27 18:47:31 -------- d-----w- c:\users\don\appdata\local\temp
2010-10-27 18:21:33 98816 ----a-w- c:\windows\sed.exe
2010-10-27 18:21:33 79872 ----a-w- c:\windows\MBR.exe
2010-10-27 18:21:33 256512 ----a-w- c:\windows\PEV.exe
2010-10-27 18:21:33 161792 ----a-w- c:\windows\SWREG.exe
2010-10-27 18:19:33 17408 ----a-w- c:\windows\system32\rpcnetp.dll
2010-10-27 18:19:19 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2010-10-27 18:17:52 -------- d-----w- C:\ComboFix
2010-10-26 17:17:25 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-10-26 17:17:24 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-10-26 17:17:23 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-10-23 11:27:16 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2010-10-22 05:54:22 -------- d-----w- c:\windows\en
2010-10-22 05:53:56 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2010-10-22 05:50:05 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2010-10-22 05:50:05 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2010-10-22 05:50:05 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2010-10-22 05:43:21 469256 ----a-w- c:\program files\common files\windows live\.cache\730d7101cb71ac2c\InstallManager_WLE_WLE.exe
2010-10-22 05:42:54 15712 ----a-w- c:\program files\common files\windows live\.cache\f92d9ef01cb71ab1f\MeshBetaRemover.exe
2010-10-22 05:42:33 94040 ----a-w- c:\program files\common files\windows live\.cache\ebda8c901cb71ab18\DSETUP.dll
2010-10-22 05:42:33 525656 ----a-w- c:\program files\common files\windows live\.cache\ebda8c901cb71ab18\DXSETUP.exe
2010-10-22 05:42:33 1691480 ----a-w- c:\program files\common files\windows live\.cache\ebda8c901cb71ab18\dsetup32.dll
2010-10-22 05:42:31 94040 ----a-w- c:\program files\common files\windows live\.cache\ea568c701cb71ab17\DSETUP.dll
2010-10-22 05:42:31 525656 ----a-w- c:\program files\common files\windows live\.cache\ea568c701cb71ab17\DXSETUP.exe
2010-10-22 05:42:31 1691480 ----a-w- c:\program files\common files\windows live\.cache\ea568c701cb71ab17\dsetup32.dll
2010-10-22 05:41:19 -------- d-----w- c:\users\don\appdata\local\Windows Live
2010-10-22 05:40:42 754688 ----a-w- c:\windows\system32\webservices.dll
2010-10-21 21:38:45 -------- d-----w- c:\users\don\appdata\local\Microsoft Corporation
2010-10-21 21:37:19 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
2010-10-20 18:55:03 -------- d-----w- c:\users\don\appdata\roaming\Malwarebytes
2010-10-20 18:54:48 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-20 18:54:47 -------- d-----w- c:\progra~2\Malwarebytes
2010-10-20 18:54:46 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-20 18:54:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-19 20:35:13 6146896 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{842615c3-7176-461c-a29d-133ae26d34e2}\mpengine.dll
2010-10-18 21:46:59 1181696 ----a-w- c:\windows\system32\WsmSvc.dll
2010-10-17 12:02:58 -------- d-----w- c:\progra~2\STOPzilla!
2010-10-16 16:25:20 -------- d-----w- c:\users\don\appdata\local\Paint.NET
2010-10-15 16:13:26 84832 ----a-w- c:\windows\system32\drivers\ASPI32.SYS
2010-10-15 16:13:26 45056 ----a-w- c:\windows\system32\WNASPI32.DLL
2010-10-15 16:13:12 -------- d-----w- c:\program files\Free DVD Ripper
2010-10-15 15:47:41 -------- d-----w- c:\users\don\Copied Films and Discs
2010-10-14 12:55:59 168960 ----a-w- c:\program files\windows media player\wmplayer.exe
2010-10-14 12:55:44 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-10-14 12:55:17 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-10-14 12:55:16 304128 ----a-w- c:\windows\system32\drivers\srv.sys
2010-10-14 12:55:16 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-10-14 12:55:16 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-10-14 12:55:15 17920 ----a-w- c:\windows\system32\netevent.dll
2010-10-14 12:55:05 274944 ----a-w- c:\windows\system32\schannel.dll
2010-10-14 12:55:03 339968 ----a-w- c:\program files\windows nt\accessories\wordpad.exe
2010-10-14 12:55:03 1316864 ----a-w- c:\windows\system32\ole32.dll
2010-10-14 12:55:01 157184 ----a-w- c:\windows\system32\t2embed.dll
2010-10-13 14:27:54 553696 ----a-w- c:\program files\mozilla firefox\uninstall\helper.exe
2010-10-08 22:51:35 -------- d-----w- c:\users\don\Fireshot captures
2010-10-08 22:46:44 -------- d-----w- c:\users\don\appdata\roaming\FireShot
2010-10-08 16:51:17 30016 ----a-w- c:\windows\system32\uxtuneup.dll
2010-10-08 16:51:17 21312 ----a-w- c:\windows\system32\authuitu.dll
2010-10-06 21:20:31 -------- d-----w- c:\program files\Tracker Software
2010-10-06 21:18:20 -------- d-----w- c:\program files\DVDSmith Movie Backup
2010-10-06 20:49:48 290816 ----a-w- c:\windows\system32\cyviewer.ocx
2010-10-06 20:49:47 -------- d-----w- c:\program files\Ashampoo
2010-09-28 18:45:37 2048 ----a-w- c:\windows\system32\tzres.dll
2010-09-28 18:45:23 13312 ----a-w- c:\program files\internet explorer\iecompat.dll
==================== Find3M ====================
2010-10-27 17:10:23 44544 ----a-w- c:\windows\system32\agremove.exe
2010-09-30 15:15:06 30528 ----a-w- c:\windows\system32\TURegOpt.exe
2010-09-22 23:47:28 49016 ----a-w- c:\windows\system32\sirenacm.dll
2010-09-22 23:32:56 301936 ----a-w- c:\windows\WLXPGSS.SCR
2010-09-15 03:50:37 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-08 10:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 10:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-08 06:01:28 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 05:57:18 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-08 05:57:05 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-08 05:56:53 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-09-08 05:56:53 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-09-08 05:04:36 385024 ----a-w- c:\windows\system32\html.iec
2010-09-08 04:26:46 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-09-08 04:25:15 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-09-07 15:12:17 38848 ----a-w- c:\windows\avastSS.scr
2010-08-31 15:46:37 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-08-31 15:46:37 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-08-31 15:44:31 531968 ----a-w- c:\windows\system32\comctl32.dll
2010-08-31 13:27:38 2038272 ----a-w- c:\windows\system32\win32k.sys
2010-08-26 16:33:06 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2010-08-26 16:33:04 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2010-08-26 16:33:04 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2010-08-26 16:33:04 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2010-08-20 16:05:07 867328 ----a-w- c:\windows\system32\wmpmde.dll
2010-08-17 14:11:37 128000 ----a-w- c:\windows\system32\spoolsv.exe
============= FINISH: 19:54:52.03 ===============
-
Hi,
Upload c:\windows\System32\autochk.exe file to http://www.virustotal.com (reanalyze if asked) and post back the results or a link to the results.
Open notepad and copy/paste the text in the quotebox below into it:
Code:
Firefox::
FF - ProfilePath - c:\users\Don\AppData\Roaming\Mozilla\Firefox\Profiles\dbhpypvr.default\
FF - prefs.js: keyword.URL - hxxp://www.veerboo.com/results.php?q=
DDS::
BHO: Disabled:{5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No File
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
Save this as
CFScript
A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.
http://img.photobucket.com/albums/v6...FScriptB-4.gif
Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.
Uninstall these old Javas:
Java(TM) 6 Update 2
Java(TM) 6 Update 3
Java(TM) 6 Update 7
Please run an online scan with Kaspersky Online Scanner as instructed in the screenshot here.
Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.
-
Sorry for the delay, the Kaspersky scan took a long time!
The old Javas have been unistalled.
Reports as follows:
0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.
File name: autochk.exe
Submission date: 2010-10-27 19:39:13 (UTC)
Current status: queued (#25) queued (#15) analysing finished
Result: 0/ 40 (0.0%)
VT Community
not reviewed
Safety score: -
Compact Print results Antivirus Version Last Update Result
AntiVir 7.10.13.59 2010.10.27 -
Antiy-AVL 2.0.3.7 2010.10.27 -
Authentium 5.2.0.5 2010.10.27 -
Avast 4.8.1351.0 2010.10.27 -
Avast5 5.0.594.0 2010.10.27 -
BitDefender 7.2 2010.10.27 -
CAT-QuickHeal 11.00 2010.10.26 -
ClamAV 0.96.2.0-git 2010.10.27 -
Comodo 6530 2010.10.27 -
Comodo 6530 2010.10.27 -
Comodo 6530 2010.10.27 -
DrWeb 5.0.2.03300 2010.10.27 -
Emsisoft 5.0.0.50 2010.10.27 -
eTrust-Vet 36.1.7939 2010.10.27 -
F-Prot 4.6.2.117 2010.10.26 -
F-Secure 9.0.16160.0 2010.10.27 -
Fortinet 4.2.249.0 2010.10.27 -
GData 21 2010.10.27 -
Ikarus T3.1.1.90.0 2010.10.27 -
Jiangmin 13.0.900 2010.10.27 -
K7AntiVirus 9.66.2847 2010.10.27 -
Kaspersky 7.0.0.125 2010.10.27 -
McAfee 5.400.0.1158 2010.10.27 -
McAfee-GW-Edition 2010.1C 2010.10.27 -
Microsoft 1.6301 2010.10.27 -
NOD32 5568 2010.10.27 -
nProtect 2010-10-27.01 2010.10.27 -
Panda 10.0.2.7 2010.10.27 -
PCTools 7.0.3.5 2010.10.27 -
Prevx 3.0 2010.10.27 -
Rising 22.71.01.04 2010.10.27 -
Sophos 4.58.0 2010.10.27 -
SUPERAntiSpyware 4.40.0.1006 2010.10.27 -
Symantec 20101.2.0.161 2010.10.27 -
TheHacker 6.7.0.1.069 2010.10.27 -
TrendMicro 9.120.0.1004 2010.10.27 -
TrendMicro-HouseCall 9.120.0.1004 2010.10.27 -
VBA32 3.12.14.1 2010.10.27 -
ViRobot 2010.10.25.4110 2010.10.27 -
VirusBuster 12.70.8.0 2010.10.27 -
Additional information
MD5 : 4268ea2e81a50d929ec17ef7eb92616a
SHA1 : 188bbd66cc7907c5e58296961e602d9bfcc1f3f3
SHA256: ba7ec81d0c0f2e2abdbc60386901ac4b7574ee39345613eebfe3435164009058
ssdeep: 12288:3ASEAtt25iCeWblH8BYP7JcCAUC6B+KYQmvFNo:3A4/u/VbbPdcC/XBbYFv3
File size : 643072 bytes
First seen: 2010-10-27 19:39:13
Last seen : 2010-10-27 19:39:13
TrID:
Unknown!
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned
ComboFix 10-10-26.04 - Don 27/10/2010 21:18:03.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2038.1133 [GMT 1:00]
Running from: c:\users\Don\Desktop\ComboFix.exe
Command switches used :: c:\users\Don\Desktop\CFScript.txt
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
.
((((((((((((((((((((((((( Files Created from 2010-09-27 to 2010-10-27 )))))))))))))))))))))))))))))))
.
2010-10-27 20:27 . 2010-10-27 20:31 -------- d-----w- c:\users\Don\AppData\Local\temp
2010-10-27 20:27 . 2010-10-27 20:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-10-27 18:19 . 2010-10-27 20:29 17408 ----a-w- c:\windows\system32\rpcnetp.dll
2010-10-27 18:19 . 2010-10-27 20:28 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2010-10-26 17:17 . 2010-08-26 16:34 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-10-26 17:17 . 2010-08-26 16:33 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-10-26 17:17 . 2010-08-26 14:23 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-10-22 05:54 . 2010-10-22 05:54 -------- d-----w- c:\windows\en
2010-10-22 05:53 . 2010-09-22 23:21 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2010-10-22 05:50 . 2009-09-04 16:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2010-10-22 05:50 . 2009-09-04 16:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2010-10-22 05:50 . 2009-09-04 16:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2010-10-22 05:43 . 2010-10-22 05:43 469256 ----a-w- c:\program files\Common Files\Windows Live\.cache\730d7101cb71ac2c\InstallManager_WLE_WLE.exe
2010-10-22 05:42 . 2010-10-22 05:42 15712 ----a-w- c:\program files\Common Files\Windows Live\.cache\f92d9ef01cb71ab1f\MeshBetaRemover.exe
2010-10-22 05:42 . 2010-10-22 05:42 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\ebda8c901cb71ab18\DSETUP.dll
2010-10-22 05:42 . 2010-10-22 05:42 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\ebda8c901cb71ab18\DXSETUP.exe
2010-10-22 05:42 . 2010-10-22 05:42 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\ebda8c901cb71ab18\dsetup32.dll
2010-10-22 05:42 . 2010-10-22 05:42 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\ea568c701cb71ab17\DSETUP.dll
2010-10-22 05:42 . 2010-10-22 05:42 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\ea568c701cb71ab17\DXSETUP.exe
2010-10-22 05:42 . 2010-10-22 05:42 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\ea568c701cb71ab17\dsetup32.dll
2010-10-22 05:41 . 2010-10-22 05:41 -------- d-----w- c:\users\Don\AppData\Local\Windows Live
2010-10-22 05:40 . 2009-08-04 08:02 754688 ----a-w- c:\windows\system32\webservices.dll
2010-10-21 21:38 . 2010-10-21 21:38 -------- d-----w- c:\users\Don\AppData\Local\Microsoft Corporation
2010-10-21 21:37 . 2010-10-21 21:37 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
2010-10-21 21:24 . 2010-10-21 21:24 -------- d-----w- c:\programdata\Microsoft Corporation
2010-10-20 18:55 . 2010-10-20 18:55 -------- d-----w- c:\users\Don\AppData\Roaming\Malwarebytes
2010-10-20 18:54 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-20 18:54 . 2010-10-20 18:54 -------- d-----w- c:\programdata\Malwarebytes
2010-10-20 18:54 . 2010-10-20 18:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-20 18:54 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-19 20:35 . 2010-10-18 08:41 6146896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{842615C3-7176-461C-A29D-133AE26D34E2}\mpengine.dll
2010-10-18 21:46 . 2009-10-09 21:56 1181696 ----a-w- c:\windows\system32\WsmSvc.dll
2010-10-17 12:02 . 2010-10-17 15:47 -------- d-----w- c:\programdata\STOPzilla!
2010-10-16 16:25 . 2010-10-17 12:52 -------- d-----w- c:\users\Don\AppData\Local\Paint.NET
2010-10-15 16:13 . 2002-07-17 14:23 45056 ----a-w- c:\windows\system32\WNASPI32.DLL
2010-10-15 16:13 . 2002-07-17 14:20 84832 ----a-w- c:\windows\system32\drivers\ASPI32.SYS
2010-10-15 16:13 . 2010-10-16 09:17 -------- d-----w- c:\program files\Free DVD Ripper
2010-10-15 15:48 . 2010-10-15 15:48 -------- d-----w- c:\users\Don\AppData\Roaming\dvdcss
2010-10-15 15:47 . 2010-10-15 15:48 -------- d-----w- c:\users\Don\Copied Films and Discs
2010-10-14 12:55 . 2010-09-13 13:56 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2010-10-14 12:55 . 2010-09-13 13:56 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-10-14 12:55 . 2010-09-06 16:20 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-10-14 12:55 . 2010-09-06 13:45 304128 ----a-w- c:\windows\system32\drivers\srv.sys
2010-10-14 12:55 . 2010-09-06 13:45 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-10-14 12:55 . 2010-09-06 13:45 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-10-14 12:55 . 2010-09-06 16:19 17920 ----a-w- c:\windows\system32\netevent.dll
2010-10-14 12:55 . 2010-08-10 15:53 274944 ----a-w- c:\windows\system32\schannel.dll
2010-10-14 12:55 . 2010-06-28 17:00 1316864 ----a-w- c:\windows\system32\ole32.dll
2010-10-14 12:55 . 2010-06-28 14:54 339968 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe
2010-10-14 12:55 . 2010-08-26 16:37 157184 ----a-w- c:\windows\system32\t2embed.dll
2010-10-08 22:51 . 2010-10-08 22:52 -------- d-----w- c:\users\Don\Fireshot captures
2010-10-08 22:46 . 2010-10-08 22:46 -------- d-----w- c:\users\Don\AppData\Roaming\FireShot
2010-10-08 16:51 . 2010-09-30 15:09 21312 ----a-w- c:\windows\system32\authuitu.dll
2010-10-08 16:51 . 2010-09-30 15:09 30016 ----a-w- c:\windows\system32\uxtuneup.dll
2010-10-06 21:20 . 2010-10-06 21:20 -------- d-----w- c:\program files\Tracker Software
2010-10-06 21:18 . 2010-10-06 21:18 -------- d-----w- c:\program files\DVDSmith Movie Backup
2010-10-06 20:49 . 2008-05-07 15:03 290816 ----a-w- c:\windows\system32\cyviewer.ocx
2010-10-06 20:49 . 2010-10-06 20:49 -------- d-----w- c:\program files\Ashampoo
2010-09-28 18:45 . 2010-06-22 13:30 2048 ----a-w- c:\windows\system32\tzres.dll
2010-09-28 18:45 . 2010-08-26 04:23 13312 ----a-w- c:\program files\Internet Explorer\iecompat.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-27 17:10 . 2008-11-20 18:42 44544 ----a-w- c:\windows\system32\agremove.exe
2010-09-30 15:15 . 2010-06-07 14:26 30528 ----a-w- c:\windows\system32\TURegOpt.exe
2010-09-22 23:47 . 2010-09-22 23:47 49016 ----a-w- c:\windows\system32\sirenacm.dll
2010-09-22 23:32 . 2010-09-22 23:32 301936 ----a-w- c:\windows\WLXPGSS.SCR
2010-09-15 03:50 . 2010-04-17 15:14 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-08 10:17 . 2010-09-08 10:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 10:17 . 2010-09-08 10:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-07 15:12 . 2010-06-29 15:18 38848 ----a-w- c:\windows\avastSS.scr
2010-09-07 15:11 . 2009-03-13 15:12 167592 ----a-w- c:\windows\system32\aswBoot.exe
2010-09-07 14:52 . 2009-03-13 15:12 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-09-07 14:52 . 2009-03-13 15:12 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-09-07 14:47 . 2009-03-13 15:12 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-09-07 14:47 . 2009-03-13 15:12 50768 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2010-09-07 14:47 . 2009-03-13 15:12 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-08-26 16:33 . 2010-10-26 17:17 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2010-08-26 16:33 . 2010-10-26 17:17 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2010-08-26 16:33 . 2010-10-26 17:17 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2010-08-26 16:33 . 2010-10-26 17:17 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2010-08-17 14:11 . 2010-09-15 13:36 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-05 17:10 . 2010-08-05 17:10 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-02-26 141848]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-02-26 150552]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-09-07 2838912]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-02-26 173592]
"Openwares LiveUpdate"="c:\program files\LiveUpdate\LiveUpdate.exe" [2003-12-13 61440]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-20 413696]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-09-22 4240760]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" -autorun
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3255058789-4097180596-3726220330-1000]
"EnableNotificationsRef"=dword:00000002
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate1c9b90bc6621174;Google Update Service (gupdate1c9b90bc6621174);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys [2002-07-17 84832]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-06 34064]
S0 FSProFilter;FSPro File Filter;c:\windows\System32\Drivers\FSPFltd.sys [2008-06-05 43792]
S0 rpcnetp;rpcnetp; [x]
S1 aswSP;aswSP; [x]
S2 a2free;a-squared Free Service;c:\program files\a-squared Free\a2service.exe [2010-05-12 1872320]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]
S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2007-12-25 40960]
S2 fsproflt;FSPro Filter Service;c:\windows\system32\fsproflt.exe [2010-01-06 142648]
S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-05-04 503080]
S3 CnxtHdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service;c:\windows\system32\drivers\CHDART.sys [2008-02-01 187904]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2007-06-06 111616]
S3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2008-01-15 48472]
S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys [2007-04-09 8192]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder
2010-10-27 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2008-11-06 10:14]
2010-10-27 c:\windows\Tasks\User_Feed_Synchronization-{C3424DA8-C7DF-4615-AD60-46AA957ED8B3}.job
- c:\windows\system32\msfeedssync.exe [2010-10-14 04:25]
.
.
------- Supplementary Scan -------
.
mStart Page = hxxp://www.msn.com
uInternet Settings,ProxyServer = http=
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Save Page As PDF ... - file://c:\program files\Nitro PDF\PDF Download\nitroweb.htm
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - ProfilePath - c:\users\Don\AppData\Roaming\Mozilla\Firefox\Profiles\dbhpypvr.default\
FF - prefs.js: browser.startup.homepage - hxxp://uk.msn.com/?ocid=hmlogout
FF - component: c:\users\Don\AppData\Roaming\Mozilla\Firefox\Profiles\dbhpypvr.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\platform\WINNT_x86-msvc\components\SSSLauncher.dll
FF - component: c:\users\Don\AppData\Roaming\Mozilla\Firefox\Profiles\dbhpypvr.default\extensions\{4974a391-29d6-4419-a63b-49c1c7142489}\components\FFExternalAlert.dll
FF - component: c:\users\Don\AppData\Roaming\Mozilla\Firefox\Profiles\dbhpypvr.default\extensions\{4974a391-29d6-4419-a63b-49c1c7142489}\components\RadioWMPCore.dll
---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
**************************************************************************
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files:
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1c,d1,ba,c3,57,b6,70,4a,8b,33,4b,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1c,d1,ba,c3,57,b6,70,4a,8b,33,4b,\
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\O2Micro Flash Memory Card Driver\o2flash.exe
c:\windows\System32\rpcnetp.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\TalkTalk\bin\sprtsvc.exe
c:\program files\Common Files\Supportsoft\bin\tgsrvc.exe
c:\program files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
c:\windows\system32\TODDSrv.exe
c:\program files\Toshiba\Power Saver\TosCoSrv.exe
c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Spybot - Search & Destroy\SDWinSec.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\conime.exe
c:\program files\Alwil Software\Avast5\AvastUI.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2010-10-27 21:35:59 - machine was rebooted
ComboFix-quarantined-files.txt 2010-10-27 20:35
ComboFix2.txt 2010-10-27 18:47
Pre-Run: 40,179,585,024 bytes free
Post-Run: 40,122,572,800 bytes free
- - End Of File - - 75037A6F01940A07EDD3A1F9BA29127D
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Thursday, October 28, 2010
Operating system: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 2 (build 6002)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Wednesday, October 27, 2010 14:50:57
Records in database: 4179029
--------------------------------------------------------------------------------
Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes
Scan area - My Computer:
C:\
D:\
E:\
Scan statistics:
Objects scanned: 155193
Threats found: 0
Infected objects found: 0
Suspicious objects found: 0
Scan duration: 03:19:00
No threats found. Scanned area is clean.
Selected area has been scanned.
DDS (Ver_10-10-21.01) - NTFSx86
Run by Don at 6:41:30.85 on 28/10/2010
Internet Explorer: 8.0.6001.18975 BrowserJavaVersion: 1.6.0_22
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2038.1237 [GMT 1:00]
SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
============== Running Processes ===============
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Windows\system32\fsproflt.exe
C:\Program Files\Nero\Update\NASvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\TalkTalk\bin\sprtsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe
C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
C:\Windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Don\Desktop\dds.scr
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe
============== Pseudo HJT Report ===============
mStart Page = hxxp://www.msn.com
uInternet Settings,ProxyServer = http=
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
BHO: Disabled:{5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - No File
TB: FireShot: {6e6e744e-4d20-4ce3-9a7a-26dfffe22f68} - c:\users\don\appdata\roaming\mozilla\firefox\profiles\dbhpypvr.default\extensions\{0b457caa-602d-484a-8fe7-c1d894a011ba}\library\fsaddin-0.85.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Openwares LiveUpdate] c:\program files\liveupdate\LiveUpdate.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Save Page As PDF ... - file://c:\program files\nitro pdf\pdf download\nitroweb.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - %SystemRoot%\system32\wpdshserviceobj.dll
================= FIREFOX ===================
FF - ProfilePath - c:\users\don\appdata\roaming\mozilla\firefox\profiles\dbhpypvr.default\
FF - prefs.js: browser.startup.homepage - hxxp://uk.msn.com/?ocid=hmlogout
FF - component: c:\users\don\appdata\roaming\mozilla\firefox\profiles\dbhpypvr.default\extensions\{0b457caa-602d-484a-8fe7-c1d894a011ba}\platform\winnt_x86-msvc\components\SSSLauncher.dll
FF - component: c:\users\don\appdata\roaming\mozilla\firefox\profiles\dbhpypvr.default\extensions\{4974a391-29d6-4419-a63b-49c1c7142489}\components\FFExternalAlert.dll
FF - component: c:\users\don\appdata\roaming\mozilla\firefox\profiles\dbhpypvr.default\extensions\{4974a391-29d6-4419-a63b-49c1c7142489}\components\RadioWMPCore.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
============= SERVICES / DRIVERS ===============
R0 FSProFilter;FSPro File Filter;c:\windows\system32\drivers\FSPFltd.sys [2010-3-25 43792]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2009-3-13 165584]
R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\drivers\RtlProt.sys [2007-11-5 25896]
R2 a2free;a-squared Free Service;c:\program files\a-squared free\a2service.exe [2009-1-31 1872320]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-3-13 17744]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-3-13 50768]
R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-8 40384]
R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2007-12-25 40960]
R2 fsproflt;FSPro Filter Service;c:\windows\system32\fsproflt.exe [2010-3-25 142648]
R2 NAUpdate;Nero Update;c:\program files\nero\update\NASvc.exe [2010-5-4 503080]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2008-11-6 1153368]
R2 sprtsvc_TalkTalk;SupportSoft Sprocket Service (TalkTalk);c:\program files\talktalk\bin\sprtsvc.exe [2007-10-12 202016]
R2 tgsrvc_TalkTalk;SupportSoft Repair Service (TalkTalk);c:\program files\common files\supportsoft\bin\tgsrvc.exe [2007-8-2 148768]
R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2007-12-3 126976]
R3 CnxtHdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service;c:\windows\system32\drivers\CHDART.sys [2008-2-26 187904]
R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-2-26 111616]
R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2008-1-15 48472]
R3 QIOMem;Generic IO & Memory Access;c:\windows\system32\drivers\QIOMem.sys [2007-4-9 8192]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [2009-6-10 347648]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1c9b90bc6621174;Google Update Service (gupdate1c9b90bc6621174);"c:\program files\google\update\googleupdate.exe" /svc --> c:\program files\google\update\GoogleUpdate.exe [?]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2010-10-15 84832]
S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-8 40384]
S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-8 40384]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-10-22 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-6 34064]
S3 ultradfg;ultradfg;c:\windows\system32\drivers\ultradfg.sys [2009-10-6 41984]
S3 WipeFile;WipeFile;c:\windows\system32\drivers\WipeFile.sys [2007-3-3 57472]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
=============== Created Last 30 ================
2010-10-27 20:36:01 -------- d-----w- c:\users\don\appdata\local\temp
2010-10-27 20:30:59 -------- d-sh--w- C:\$RECYCLE.BIN
2010-10-27 18:21:33 98816 ----a-w- c:\windows\sed.exe
2010-10-27 18:21:33 79872 ----a-w- c:\windows\MBR.exe
2010-10-27 18:21:33 256512 ----a-w- c:\windows\PEV.exe
2010-10-27 18:21:33 161792 ----a-w- c:\windows\SWREG.exe
2010-10-27 18:19:33 17408 ----a-w- c:\windows\system32\rpcnetp.dll
2010-10-27 18:19:19 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2010-10-26 17:17:25 1696256 ----a-w- c:\windows\system32\gameux.dll
2010-10-26 17:17:24 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2010-10-26 17:17:23 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2010-10-23 11:27:16 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
2010-10-22 05:54:22 -------- d-----w- c:\windows\en
2010-10-22 05:53:56 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2010-10-22 05:50:05 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2010-10-22 05:50:05 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2010-10-22 05:50:05 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2010-10-22 05:43:21 469256 ----a-w- c:\program files\common files\windows live\.cache\730d7101cb71ac2c\InstallManager_WLE_WLE.exe
2010-10-22 05:42:54 15712 ----a-w- c:\program files\common files\windows live\.cache\f92d9ef01cb71ab1f\MeshBetaRemover.exe
2010-10-22 05:42:33 94040 ----a-w- c:\program files\common files\windows live\.cache\ebda8c901cb71ab18\DSETUP.dll
2010-10-22 05:42:33 525656 ----a-w- c:\program files\common files\windows live\.cache\ebda8c901cb71ab18\DXSETUP.exe
2010-10-22 05:42:33 1691480 ----a-w- c:\program files\common files\windows live\.cache\ebda8c901cb71ab18\dsetup32.dll
2010-10-22 05:42:31 94040 ----a-w- c:\program files\common files\windows live\.cache\ea568c701cb71ab17\DSETUP.dll
2010-10-22 05:42:31 525656 ----a-w- c:\program files\common files\windows live\.cache\ea568c701cb71ab17\DXSETUP.exe
2010-10-22 05:42:31 1691480 ----a-w- c:\program files\common files\windows live\.cache\ea568c701cb71ab17\dsetup32.dll
2010-10-22 05:41:19 -------- d-----w- c:\users\don\appdata\local\Windows Live
2010-10-22 05:40:42 754688 ----a-w- c:\windows\system32\webservices.dll
2010-10-21 21:38:45 -------- d-----w- c:\users\don\appdata\local\Microsoft Corporation
2010-10-21 21:37:19 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
2010-10-20 18:55:03 -------- d-----w- c:\users\don\appdata\roaming\Malwarebytes
2010-10-20 18:54:48 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-20 18:54:47 -------- d-----w- c:\progra~2\Malwarebytes
2010-10-20 18:54:46 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-20 18:54:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-19 20:35:13 6146896 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{842615c3-7176-461c-a29d-133ae26d34e2}\mpengine.dll
2010-10-18 21:46:59 1181696 ----a-w- c:\windows\system32\WsmSvc.dll
2010-10-17 12:02:58 -------- d-----w- c:\progra~2\STOPzilla!
2010-10-16 16:25:20 -------- d-----w- c:\users\don\appdata\local\Paint.NET
2010-10-15 16:13:26 84832 ----a-w- c:\windows\system32\drivers\ASPI32.SYS
2010-10-15 16:13:26 45056 ----a-w- c:\windows\system32\WNASPI32.DLL
2010-10-15 16:13:12 -------- d-----w- c:\program files\Free DVD Ripper
2010-10-15 15:47:41 -------- d-----w- c:\users\don\Copied Films and Discs
2010-10-14 12:55:59 168960 ----a-w- c:\program files\windows media player\wmplayer.exe
2010-10-14 12:55:44 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2010-10-14 12:55:17 125952 ----a-w- c:\windows\system32\srvsvc.dll
2010-10-14 12:55:16 304128 ----a-w- c:\windows\system32\drivers\srv.sys
2010-10-14 12:55:16 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-10-14 12:55:16 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-10-14 12:55:15 17920 ----a-w- c:\windows\system32\netevent.dll
2010-10-14 12:55:05 274944 ----a-w- c:\windows\system32\schannel.dll
2010-10-14 12:55:03 339968 ----a-w- c:\program files\windows nt\accessories\wordpad.exe
2010-10-14 12:55:03 1316864 ----a-w- c:\windows\system32\ole32.dll
2010-10-14 12:55:01 157184 ----a-w- c:\windows\system32\t2embed.dll
2010-10-13 14:27:54 553696 ----a-w- c:\program files\mozilla firefox\uninstall\helper.exe
2010-10-08 22:51:35 -------- d-----w- c:\users\don\Fireshot captures
2010-10-08 22:46:44 -------- d-----w- c:\users\don\appdata\roaming\FireShot
2010-10-08 16:51:17 30016 ----a-w- c:\windows\system32\uxtuneup.dll
2010-10-08 16:51:17 21312 ----a-w- c:\windows\system32\authuitu.dll
2010-10-06 21:20:31 -------- d-----w- c:\program files\Tracker Software
2010-10-06 21:18:20 -------- d-----w- c:\program files\DVDSmith Movie Backup
2010-10-06 20:49:48 290816 ----a-w- c:\windows\system32\cyviewer.ocx
2010-10-06 20:49:47 -------- d-----w- c:\program files\Ashampoo
2010-09-28 18:45:37 2048 ----a-w- c:\windows\system32\tzres.dll
2010-09-28 18:45:23 13312 ----a-w- c:\program files\internet explorer\iecompat.dll
==================== Find3M ====================
2010-10-27 20:58:08 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-10-27 17:10:23 44544 ----a-w- c:\windows\system32\agremove.exe
2010-09-30 15:15:06 30528 ----a-w- c:\windows\system32\TURegOpt.exe
2010-09-22 23:47:28 49016 ----a-w- c:\windows\system32\sirenacm.dll
2010-09-22 23:32:56 301936 ----a-w- c:\windows\WLXPGSS.SCR
2010-09-08 10:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-09-08 10:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-09-08 06:01:28 916480 ----a-w- c:\windows\system32\wininet.dll
2010-09-08 05:57:18 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-09-08 05:57:05 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2010-09-08 05:56:53 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-09-08 05:56:53 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-09-08 05:04:36 385024 ----a-w- c:\windows\system32\html.iec
2010-09-08 04:26:46 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2010-09-08 04:25:15 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-09-07 15:12:17 38848 ----a-w- c:\windows\avastSS.scr
2010-08-31 15:46:37 954752 ----a-w- c:\windows\system32\mfc40.dll
2010-08-31 15:46:37 954288 ----a-w- c:\windows\system32\mfc40u.dll
2010-08-31 15:44:31 531968 ----a-w- c:\windows\system32\comctl32.dll
2010-08-31 13:27:38 2038272 ----a-w- c:\windows\system32\win32k.sys
2010-08-26 16:33:06 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2010-08-26 16:33:04 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2010-08-26 16:33:04 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2010-08-26 16:33:04 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2010-08-20 16:05:07 867328 ----a-w- c:\windows\system32\wmpmde.dll
2010-08-17 14:11:37 128000 ----a-w- c:\windows\system32\spoolsv.exe
============= FINISH: 6:42:22.05 ===============
-
Good. Does redirecting still occur?
-
Yes, redirecting does still occur sporadically.
-
Hi,
Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2- Ensure all Firefox windows are closed.
- To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
- When prompted to run the scan, click Yes.
- GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).