Page 1 of 3 123 LastLast
Results 1 to 10 of 25

Thread: Got some browser trouble: redirects and random ad pages opening in new tabs

  1. #1
    Junior Member
    Join Date
    Sep 2010
    Posts
    13

    Default Got some browser trouble: redirects and random ad pages opening in new tabs

    Hi, during the past couple of weeks, I've been having trouble with my browser (IE, Firefox, and Chrome all affected) getting redirected while conducting searches on the web through Google. I've tried scanning with multiple products (Spybot, Ad-Aware, Malware-Bytes, Norton Anti-Virus), and though these searches found multiple malware files that I then was able to fix, the problem I was having with the redirects persisted. I tried installing Redirect Remover on Firefox (what I usually use) to solve it, but that didn't help. So, I thought I'd come to the experts here at Spybot for some more in-depth help .

    In addition to the redirects, I have noticed that svchost.exe will use up to 160,000 K of my memory. I read about this happening in another post here, and thought I should mention it.

    Finally, while investigating some quarantined files with Norton, I tried deleting a couple, not knowing what would happen. Now, I get a prompt upon starting Windows that atrpos32.dll can't be found. Not sure if this will be a problem down the road or not. Anyway, thanks for your help!

    DDS follows...

    DDS (Ver_10-03-17.01) - NTFSx86
    Run by Daniel at 19:41:41.32 on Fri 09/10/2010
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.967 [GMT -5:00]

    AV: *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
    FW: *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

    ============== Running Processes ===============

    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    svchost.exe
    svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    C:\WINDOWS\system32\spoolsv.exe
    c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
    svchost.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\PnkBstrB.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
    C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
    C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\system32\ElkCtrl.exe
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\Program Files\Microsoft IntelliPoint\point32.exe
    C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
    C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\WINDOWS\system32\lvcomsx.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.PROBLEM.exe
    C:\Documents and Settings\Daniel\Local Settings\Application Data\Google\Update\1.2.183.29\GoogleCrashHandler.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\Daniel\Desktop\dds.com

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://securityresponse.symantec.com/avcenter/fix_homepage
    uSearch Bar =
    uDefault_Page_URL = http://www.google.com/ig/dell?hl=en&...suk&channel=us
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    mWinlogon: Userinit=c:\windows\system32\userinit.exe
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
    BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
    BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
    uRun: [Kyubu] rundll32.exe "c:\windows\atrpos32.dll",Startup
    uRun: [Google Update] "c:\documents and settings\daniel\local settings\application data\google\update\GoogleUpdate.exe" /c
    mRun: [VolPanel] "c:\program files\creative\sound blaster x-fi\volume panel\VolPanel.exe" /r
    mRun: [AudioDrvEmulator] "c:\program files\creative\shared files\module loader\dllml.exe" -1 audiodrvemulator "c:\program files\creative\shared files\module loader\audio emulator\AudDrvEm.dll"
    mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
    mRun: [LogitechCameraService(E)] c:\windows\system32\ElkCtrl.exe /automation
    mRun: [CTHelper] CTHELPER.EXE
    mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
    mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
    mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
    mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\point32.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [Jkirova] rundll32.exe "c:\windows\ovovurogehuda.dll",Startup
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    dRunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy'
    dRunOnce: [WUAppSetup] c:\program files\common files\logishrd\WUApp32.exe -v 0x046d -p 0x08c1 -f video -m logitech -d 11.0.0.1217
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\reader 8.0\reader\AdobeCollabSync.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.PROBLEM.exe
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
    IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
    IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
    IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
    DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
    DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
    DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader3.cab
    DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {8BC53B30-32E4-4ED3-BEF9-DB761DB77453} - hxxp://u3.sandisk.com/download/apps/LPInstaller.CAB
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} - hxxp://aolsvc.aol.com/onlinegames/free-trial-burger-shop/GoBitGamesPlayer_v4.cab
    DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
    DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://download.games.yahoo.com/games/web_games/popcap/chuzzle/popcaploader_v6.cab
    DPF: {FE5B9F54-7764-4C01-89F0-4862601EE954} - hxxp://photos.msn.com/resources/neutral/controls/DigWebX2.cab?10,0,910,0
    DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.6.cab
    Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: AtiExtEvent - Ati2evxx.dll
    Notify: NavLogon - c:\windows\system32\NavLogon.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    Hosts: 127.0.0.1 www.spywareinfo.com

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\daniel\applic~1\mozilla\firefox\profiles\me7gvhrl.default\
    FF - component: c:\program files\google\google gears\firefox\lib\ff36\gears.dll
    FF - plugin: c:\documents and settings\daniel\local settings\application data\google\update\1.2.183.29\npGoogleOneClick8.dll
    FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
    FF - HiddenExtension: XULRunner: {1C187B0E-32E9-4CE1-8829-BC613EF88842} - c:\documents and settings\daniel\local settings\application data\{1C187B0E-32E9-4CE1-8829-BC613EF88842}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
    c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
    c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
    c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
    c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

    ============= SERVICES / DRIVERS ===============

    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-9-8 64288]
    R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2005-12-19 337592]
    R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2005-12-19 54968]
    R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2006-3-7 192160]
    R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2006-3-7 169632]
    R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-8-12 1355928]
    R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2006-3-17 1799408]
    R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-5-20 24652]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-5-29 102448]
    R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20100910.003\naveng.sys [2010-9-10 85424]
    R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20100910.003\navex15.sys [2010-9-10 1362608]
    S2 gupdate1c93c888294d7c2;Google Update Service (gupdate1c93c888294d7c2);c:\program files\google\update\GoogleUpdate.exe [2008-11-1 133104]
    S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-8-12 15008]
    S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2006-3-17 115952]

    =============== Created Last 30 ================

    2010-09-10 21:19:16 0 d-----w- c:\docume~1\alluse~1\applic~1\F-Secure
    2010-09-10 20:42:22 0 d-----w- c:\docume~1\daniel\applic~1\Malwarebytes
    2010-09-10 20:42:15 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-09-10 20:42:14 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
    2010-09-10 20:42:13 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-09-10 20:42:12 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-09-10 01:52:17 37 ----a-w- c:\windows\Viewer.ini
    2010-09-10 01:50:41 409 ----a-w- c:\windows\SIERRA.IN~
    2010-09-10 01:50:30 0 d-----w- C:\SIERRA
    2010-09-10 01:47:02 482 ----a-w- c:\windows\SIERRA.INI
    2010-09-09 04:00:47 15880 ----a-w- c:\windows\system32\lsdelete.exe
    2010-09-09 03:43:00 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
    2010-09-09 03:40:04 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{ECC164E0-3133-4C70-A831-F08DB2940F70}
    2010-09-09 03:39:36 0 d-----w- c:\program files\Lavasoft
    2010-08-15 23:21:24 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2010-08-15 23:21:24 423656 ----a-w- c:\windows\system32\deployJava1.dll

    ==================== Find3M ====================

    2010-09-10 21:22:08 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
    2010-08-10 23:29:39 138576 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
    2010-08-10 23:29:30 215104 ----a-w- c:\windows\system32\PnkBstrB.exe
    2010-07-27 06:30:35 8462336 ------w- c:\windows\system32\dllcache\shell32.dll
    2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll
    2010-06-30 12:31:35 149504 ------w- c:\windows\system32\dllcache\schannel.dll
    2010-06-24 22:51:58 11077120 ------w- c:\windows\system32\dllcache\ieframe.dll
    2010-06-24 12:22:03 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-06-24 12:22:03 916480 ------w- c:\windows\system32\dllcache\wininet.dll
    2010-06-24 12:22:03 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
    2010-06-24 12:22:02 1210368 ------w- c:\windows\system32\dllcache\urlmon.dll
    2010-06-24 12:22:01 611840 ----a-w- c:\windows\system32\dllcache\mstime.dll
    2010-06-24 12:22:01 5951488 ------w- c:\windows\system32\dllcache\mshtml.dll
    2010-06-24 12:22:01 206848 ----a-w- c:\windows\system32\dllcache\occache.dll
    2010-06-24 12:21:59 599040 ----a-w- c:\windows\system32\dllcache\msfeeds.dll
    2010-06-24 12:21:59 55296 ----a-w- c:\windows\system32\dllcache\msfeedsbs.dll
    2010-06-24 12:21:59 25600 ------w- c:\windows\system32\dllcache\jsproxy.dll
    2010-06-24 12:21:58 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
    2010-06-24 12:21:58 1986560 ------w- c:\windows\system32\dllcache\iertutil.dll
    2010-06-24 12:21:58 184320 ----a-w- c:\windows\system32\dllcache\iepeers.dll
    2010-06-24 12:21:56 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
    2010-06-24 12:21:55 387584 ------w- c:\windows\system32\dllcache\iedkcs32.dll
    2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys
    2010-06-23 13:44:04 1851904 ------w- c:\windows\system32\dllcache\win32k.sys
    2010-06-23 12:08:09 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
    2010-06-21 15:27:11 354304 ------w- c:\windows\system32\dllcache\srv.sys
    2010-06-18 13:36:12 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
    2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll
    2010-06-14 14:31:20 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
    2010-06-14 07:41:45 1172480 ----a-w- c:\windows\system32\msxml3.dll
    2010-06-14 07:41:45 1172480 ------w- c:\windows\system32\dllcache\msxml3.dll
    2008-02-18 02:10:22 88 --sh--r- c:\windows\system32\2DF8D85242.sys
    2008-02-18 02:10:22 3350 --sha-w- c:\windows\system32\KGyGaAvL.sys
    2008-11-13 02:20:18 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008111220081113\index.dat

    ============= FINISH: 19:43:51.32 ===============

  2. #2
    Security Expert ken545's Avatar
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default




    Please read Before You Post
    While best efforts are made to assist in removing infections safely, unexpected stuff can happen. It is advisable that you back up your important data before starting any clean up procedure. Neither Safer Networking Forums nor the Analyst providing the advice may be held responsible for any loss.

    I am looking at possible markers in your log for a Rootkit



    Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

    Link 1
    Link 2







    * IMPORTANT !!! Save ComboFix.exe to your Desktop


    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
    • See this Link for programs that need to be disabled and instruction on how to disable them.
    • Remember to re-enable them when we're done.

    • Double click on ComboFix.exe & follow the prompts.

    • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.


    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.




    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    Click on Yes, to continue scanning for malware.

    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a New Hijackthis log.

    *If there is no internet connection when Combofix has completely finished then restart your computer to restore back the connections.
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  3. #3
    Junior Member
    Join Date
    Sep 2010
    Posts
    13

    Default ComboFix scan completed

    Hey Ken545, thanks for the quick response. I ran the ComboFix this morning and have pasted the log below. Below that is the new DDS log (I'm assuming that's what was meant by a new HijackThis log, but if I'm wrong, I'll gladly replay with what's needed). I've also attached the "attach.zip" file that was created (named it attach2.zip).

    Two things happened during the ComboFix scan that I thought I should tell you about. First, after ComboFix found a rootkit and restarted, my Symantec auto-protect kicked in, even though I thought I had disabled it, and informed me that it had encountered a couple of risks (Backdoor.Tidserv.I!inf), and that it could only partially resolve. I have attached this log as well: "symantec log.csv". The second thing that happened was that after ComboFix had completed its entire scan and was restarting my computer, I received a brief notification that some "instruction @ FreeAgentService" or something had failed. Unfortunately, that was all I could read before the notice disappeared and my computer restarted.

    Anyway, thanks again for your help! You guys at Spybot rock!

    ComboFix log follows:

    ComboFix 10-09-11.03 - Daniel 09/12/2010 9:25.1.2 - x86
    Running from: c:\documents and settings\Daniel\Desktop\Combo-Fix.exe
    AV: *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
    FW: *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\Dad\Local Settings\Application Data\{F42AAAB4-FFA0-4963-86AA-FA1C560F477C}
    c:\documents and settings\Dad\Local Settings\Application Data\{F42AAAB4-FFA0-4963-86AA-FA1C560F477C}\chrome.manifest
    c:\documents and settings\Dad\Local Settings\Application Data\{F42AAAB4-FFA0-4963-86AA-FA1C560F477C}\chrome\content\_cfg.js
    c:\documents and settings\Dad\Local Settings\Application Data\{F42AAAB4-FFA0-4963-86AA-FA1C560F477C}\chrome\content\overlay.xul
    c:\documents and settings\Dad\Local Settings\Application Data\{F42AAAB4-FFA0-4963-86AA-FA1C560F477C}\install.rdf
    c:\documents and settings\Daniel\Local Settings\Application Data\{1C187B0E-32E9-4CE1-8829-BC613EF88842}
    c:\documents and settings\Daniel\Local Settings\Application Data\{1C187B0E-32E9-4CE1-8829-BC613EF88842}\chrome.manifest
    c:\documents and settings\Daniel\Local Settings\Application Data\{1C187B0E-32E9-4CE1-8829-BC613EF88842}\chrome\content\_cfg.js
    c:\documents and settings\Daniel\Local Settings\Application Data\{1C187B0E-32E9-4CE1-8829-BC613EF88842}\chrome\content\overlay.xul
    c:\documents and settings\Daniel\Local Settings\Application Data\{1C187B0E-32E9-4CE1-8829-BC613EF88842}\install.rdf
    c:\documents and settings\Daniel\My Documents\backup.reg
    c:\temp\0b9
    c:\windows\system32\_000005_.tmp.dll
    c:\windows\system32\_000006_.tmp.dll
    c:\windows\system32\drivers\etc\lmhosts
    c:\windows\system32\pthreadVC.dll

    Infected copy of c:\windows\system32\drivers\cdrom.sys was found and disinfected
    Restored copy from - Kitty had a snack :p
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_NPF


    ((((((((((((((((((((((((( Files Created from 2010-08-12 to 2010-09-12 )))))))))))))))))))))))))))))))
    .

    2010-09-12 03:54 . 2010-09-12 03:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Seagate
    2010-09-12 03:54 . 2010-09-12 03:54 -------- d-----w- c:\program files\Seagate
    2010-09-12 03:53 . 2010-09-12 03:53 -------- d-----w- c:\program files\Carbonite
    2010-09-11 19:16 . 2010-09-11 19:16 -------- d-----w- c:\program files\Common Files\Skype
    2010-09-11 00:38 . 2010-09-11 00:39 -------- d-----w- c:\program files\ERUNT
    2010-09-10 21:19 . 2010-09-10 21:19 -------- d-----w- c:\documents and settings\All Users\Application Data\F-Secure
    2010-09-10 20:42 . 2010-09-10 20:42 -------- d-----w- c:\documents and settings\Daniel\Application Data\Malwarebytes
    2010-09-10 20:42 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-09-10 20:42 . 2010-09-10 20:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-09-10 20:42 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-09-10 20:42 . 2010-09-10 20:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-09-10 01:50 . 2010-09-10 01:50 -------- d-----w- C:\SIERRA
    2010-09-09 04:00 . 2010-08-12 12:15 15880 ----a-w- c:\windows\system32\lsdelete.exe
    2010-09-09 03:43 . 2010-08-12 12:15 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
    2010-09-09 03:40 . 2010-09-09 03:40 -------- d-----w- c:\documents and settings\Daniel\Local Settings\Application Data\Sunbelt Software
    2010-09-09 03:40 . 2010-09-09 03:40 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}
    2010-09-09 03:39 . 2010-09-09 03:39 -------- d-----w- c:\program files\Lavasoft
    2010-09-03 02:04 . 2010-09-03 02:04 214040 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    2010-08-15 23:22 . 2010-08-15 23:22 -------- d-----w- c:\program files\Common Files\Java
    2010-08-15 23:21 . 2010-08-15 23:21 423656 ----a-w- c:\windows\system32\deployJava1.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-09-12 14:42 . 2006-07-22 02:31 -------- d-----w- c:\program files\Symantec AntiVirus
    2010-09-12 14:38 . 2006-07-23 19:33 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
    2010-09-12 11:13 . 2010-08-11 05:29 664 ----a-w- c:\windows\system32\d3d9caps.dat
    2010-09-12 03:54 . 2006-07-19 17:03 -------- d--h--w- c:\program files\InstallShield Installation Information
    2010-09-11 22:39 . 2010-01-11 18:37 -------- d-----w- c:\documents and settings\Daniel\Application Data\Skype
    2010-09-11 19:10 . 2010-01-11 18:42 -------- d-----w- c:\documents and settings\Daniel\Application Data\skypePM
    2010-09-11 04:44 . 2010-08-11 04:16 120 ----a-w- c:\windows\Vhosadi.dat
    2010-09-10 20:09 . 2007-06-28 03:33 -------- d-----w- c:\program files\QuickTime
    2010-09-10 20:06 . 2007-06-28 03:32 -------- d-----w- c:\program files\Apple Software Update
    2010-09-10 18:29 . 2010-08-11 04:16 0 ----a-w- c:\windows\Uromaciwi.bin
    2010-09-09 03:39 . 2009-03-17 15:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
    2010-08-20 00:58 . 2010-08-20 00:58 0 ----a-w- c:\documents and settings\All Users\Application Data\ISx3B.tmp
    2010-08-20 00:54 . 2010-08-20 00:54 0 ----a-w- c:\documents and settings\All Users\Application Data\ISx39.tmp
    2010-08-17 00:15 . 2010-08-17 00:15 0 ----a-w- c:\documents and settings\All Users\Application Data\ISx1B.tmp
    2010-08-17 00:13 . 2010-08-17 00:13 0 ----a-w- c:\documents and settings\All Users\Application Data\ISx19.tmp
    2010-08-15 23:20 . 2006-07-19 16:59 -------- d-----w- c:\program files\Java
    2010-08-15 04:13 . 2009-10-15 22:57 -------- d-----w- c:\program files\Windows Desktop Search
    2010-08-12 21:09 . 2006-07-19 17:09 -------- d-----w- c:\documents and settings\All Users\Application Data\GTek
    2010-08-12 21:07 . 2006-07-19 17:03 -------- d-----w- c:\program files\Dell
    2010-08-12 21:07 . 2006-07-19 17:07 -------- d-----w- c:\program files\Real
    2010-08-12 20:57 . 2006-07-19 17:03 -------- d-----w- c:\program files\Common Files\Sonic Shared
    2010-08-12 20:56 . 2006-07-19 17:03 -------- d-----w- c:\program files\Common Files\Roxio Shared
    2010-08-12 20:52 . 2007-06-28 18:48 -------- d-----w- c:\program files\Steam
    2010-08-12 20:44 . 2006-07-19 17:07 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL
    2010-08-12 20:44 . 2006-07-19 17:07 -------- d-----w- c:\program files\Common Files\AOL
    2010-08-12 20:43 . 2006-07-19 17:07 -------- d-----w- c:\program files\Common Files\aolshare
    2010-08-10 23:29 . 2007-12-25 20:31 138576 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
    2010-08-10 23:29 . 2007-12-25 20:31 215104 ----a-w- c:\windows\system32\PnkBstrB.exe
    2010-08-10 01:26 . 2010-08-10 01:26 0 ----a-w- c:\documents and settings\All Users\Application Data\ISx22.tmp
    2010-08-10 01:26 . 2010-08-10 01:26 0 ----a-w- c:\documents and settings\All Users\Application Data\ISx21.tmp
    2010-08-10 01:24 . 2010-08-10 01:24 0 ----a-w- c:\documents and settings\All Users\Application Data\ISx20.tmp
    2010-08-10 01:24 . 2010-08-10 01:24 0 ----a-w- c:\documents and settings\All Users\Application Data\ISx1F.tmp
    2010-08-10 01:23 . 2010-08-10 01:23 0 ----a-w- c:\documents and settings\All Users\Application Data\ISx1E.tmp
    2010-08-10 01:19 . 2010-08-10 01:19 0 ----a-w- c:\documents and settings\All Users\Application Data\ISx1D.tmp
    2010-08-10 00:39 . 2010-08-10 00:39 0 ----a-w- c:\documents and settings\All Users\Application Data\ISx5C.tmp
    2010-08-10 00:37 . 2010-08-10 00:37 0 ----a-w- c:\documents and settings\All Users\Application Data\ISx56.tmp
    2010-08-10 00:33 . 2010-08-10 00:33 0 ----a-w- c:\documents and settings\All Users\Application Data\ISx3D.tmp
    2010-08-03 21:15 . 2006-09-04 19:56 -------- d-----w- c:\documents and settings\Daniel\Application Data\Image Zone Express
    2010-08-01 04:13 . 2010-08-01 04:13 -------- d-----w- c:\documents and settings\Daniel\Application Data\MSNInstaller
    2010-07-30 05:29 . 2010-07-30 05:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Belkin
    2010-07-30 03:43 . 2010-07-30 03:43 -------- d-----w- c:\program files\Belkin
    2010-06-30 12:31 . 2004-08-11 22:00 149504 ----a-w- c:\windows\system32\schannel.dll
    2010-06-24 12:22 . 2004-08-11 22:00 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-06-23 13:44 . 2004-08-11 22:00 1851904 ----a-w- c:\windows\system32\win32k.sys
    2010-06-21 15:27 . 2004-08-11 22:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
    2010-06-17 14:03 . 2004-08-11 22:00 80384 ----a-w- c:\windows\system32\iccvid.dll
    2010-06-15 17:19 . 2010-06-15 17:19 0 ----a-w- c:\documents and settings\All Users\Application Data\ISx15.tmp
    2008-02-18 02:10 . 2006-07-22 22:12 88 --sh--r- c:\windows\system32\2DF8D85242.sys
    2008-02-18 02:10 . 2006-07-22 22:12 3350 --sha-w- c:\windows\system32\KGyGaAvL.sys
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Google Update"="c:\documents and settings\Daniel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-03-18 136176]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-10-14 122880]
    "AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 49152]
    "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-03-07 53408]
    "LogitechCameraService(E)"="c:\windows\system32\ElkCtrl.exe" [2004-11-01 262144]
    "CTHelper"="CTHELPER.EXE" [2006-12-12 19456]
    "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
    "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
    "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2004-06-03 204800]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]
    "CarboniteSetupLite"="c:\program files\Carbonite\CarbonitePreinstaller.exe" [2009-08-04 318096]
    "MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-09-26 185640]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "SetDefaultMIDI"="MIDIDEF.EXE" [2005-11-08 25600]
    "WUAppSetup"="c:\program files\Common Files\logishrd\WUApp32.exe" [2007-05-11 441120]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ lsdelete

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
    backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
    backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
    backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
    backup=c:\windows\pss\Windows Search.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^Daniel^Start Menu^Programs^Startup^YouTube Uploader.lnk]
    path=c:\documents and settings\Daniel\Start Menu\Programs\Startup\YouTube Uploader.lnk
    backup=c:\windows\pss\YouTube Uploader.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
    c:\windows\system32\dumprep 0 -k [X]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
    2010-09-09 03:42 864624 ----a-w- c:\program files\Lavasoft\Ad-Aware\AAWTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
    2008-07-23 00:42 116040 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDET]
    2003-06-18 06:00 45056 ------w- c:\program files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2008-07-30 14:47 289064 ----a-w- c:\program files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
    2007-04-01 18:04 67128 ----a-w- c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraAssistant]
    2005-12-07 14:26 489472 ----a-w- c:\program files\Logitech\Video\CameraAssistant.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideo[inspector]]
    2005-12-07 14:33 73728 ----a-w- c:\program files\Logitech\Video\InstallHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
    2005-07-13 00:05 1117184 ----a-w- c:\program files\McAfee\SpamKiller\MSKDetct.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MtdAcq]
    2005-09-14 19:40 229466 ------w- c:\program files\Creative\Shared Files\Media Sniffer\MtdAcq.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-08-10 10:15 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
    2010-05-12 04:08 1238352 ----a-w- c:\program files\Steam\Steam.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2010-05-14 16:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2009-03-16 04:07 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
    2000-05-11 06:00 90112 ------w- c:\windows\Updreg.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vptray]
    2006-03-17 10:34 124656 ----a-w- c:\progra~1\SYMANT~1\VPTray.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "Aim6"=
    "ctfmon.exe"=c:\windows\system32\ctfmon.exe
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    "Kyubu"=rundll32.exe "c:\windows\atrpos32.dll",Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "LVCOMSX"=c:\windows\system32\LVCOMSX.EXE
    "type32"="c:\program files\Microsoft IntelliType Pro\type32.exe"
    "HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    "CTxfiHlp"=CTXFIHLP.EXE
    "Jkirova"=rundll32.exe "c:\windows\ovovurogehuda.dll",Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\America Online 9.0\\waol.exe"=
    "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
    "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
    "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
    "c:\\Program Files\\Steam\\Steam.exe"=
    "c:\\Program Files\\Steam\\steamapps\\dmw2788\\counter-strike\\hl.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrA.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrB.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
    "c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
    "c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=
    "c:\\Program Files\\Steam\\steamapps\\tubabubba\\team fortress 2\\hl2.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [9/8/2010 10:43 PM 64288]
    R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [9/25/2009 11:32 PM 189736]
    R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [5/20/2007 11:18 PM 24652]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/29/2010 12:02 AM 102448]
    S2 gupdate1c93c888294d7c2;Google Update Service (gupdate1c93c888294d7c2);c:\program files\Google\Update\GoogleUpdate.exe [11/1/2008 8:15 PM 133104]
    S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [8/12/2010 7:15 AM 1355928]
    S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [8/12/2010 7:15 AM 15008]
    S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [3/17/2006 5:34 AM 115952]
    .
    Contents of the 'Scheduled Tasks' folder

    2010-09-12 c:\windows\Tasks\Ad-Aware Update (Weekly).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-08-12 03:42]

    2009-09-02 c:\windows\Tasks\Blue Devils - F-Tuning (Ditty Cadence).job
    - c:\documents and settings\Daniel\My Documents\My Music\iTunes\iTunes Music\Unknown Artist\Naruto\11 Track 11 (rap).m4a [2007-10-07 06:11]

    2010-06-16 c:\windows\Tasks\Cancel apartment insurance policy reminder.job
    - c:\documents and settings\Daniel\My Documents\Cancel your apartment insurance.doc [2010-06-16 18:24]

    2010-08-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2008-11-02 01:15]

    2010-09-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2008-11-02 01:15]

    2010-09-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3311269471-1733383960-847243865-1005Core.job
    - c:\documents and settings\Daniel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-07 18:59]

    2010-09-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3311269471-1733383960-847243865-1005UA.job
    - c:\documents and settings\Daniel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-07 18:59]

    2009-01-03 c:\windows\Tasks\Journal reminder.job
    - c:\documents and settings\Daniel\My Documents\Journal\reminder 2.txt [2007-08-24 02:00]

    2010-09-12 c:\windows\Tasks\Microsoft Office Word 2003.job
    - c:\documents and settings\All Users\Start Menu\Programs\Microsoft Office\Microsoft Office Word 2003.lnk [2006-07-22 02:03]

    2010-09-08 c:\windows\Tasks\User_Feed_Synchronization-{1BF8318D-0EC3-416B-BC83-385052EB66C3}.job
    - c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]
    .
    .
    ------- Supplementary Scan -------
    .
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    FF - ProfilePath - c:\documents and settings\Daniel\Application Data\Mozilla\Firefox\Profiles\me7gvhrl.default\
    FF - component: c:\program files\Google\Google Gears\Firefox\lib\ff36\gears.dll
    FF - plugin: c:\documents and settings\Daniel\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    .
    - - - - ORPHANS REMOVED - - - -

    MSConfigStartUp-ATICCC - c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe
    MSConfigStartUp-ATIPTA - c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    MSConfigStartUp-DMXLauncher - c:\program files\Dell\Media Experience\DMXLauncher.exe
    MSConfigStartUp-Google Desktop Search - c:\program files\Google\Google Desktop Search\GoogleDesktop.exe
    MSConfigStartUp-Google Update - c:\documents and settings\Daniel\Local Settings\Application Data\Google\Update\1.0.97.0\GoogleUpdate.exe
    MSConfigStartUp-revsuqxm - c:\documents and settings\Daniel\Local Settings\Application Data\hkeektqfd\eenbfbgtssd.exe
    AddRemove-AndesOLI - c:\andesoli\Uninst.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-09-12 09:40
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    CTHelper = CTHELPER.EXE?

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-3311269471-1733383960-847243865-1005\Software\SecuROM\License information*]
    "datasecu"=hex:ec,d2,b5,c5,5b,e0,ba,21,79,a9,45,83,db,8a,91,83,3f,3d,41,48,f7,
    01,26,3b,18,b4,d9,d4,20,e8,31,a7,d7,4d,ba,ab,dc,43,ce,bc,a6,9d,f5,eb,71,b7,\
    "rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(776)
    c:\windows\system32\Ati2evxx.dll

    - - - - - - - > 'explorer.exe'(8668)
    c:\windows\system32\WININET.dll
    c:\program files\Common Files\Logitech\LVMVFM\LVPrcInj.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\Ati2evxx.exe
    c:\windows\system32\Ati2evxx.exe
    c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
    c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
    c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
    c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\windows\system32\CTsvcCDA.exe
    c:\program files\Symantec AntiVirus\DefWatch.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    c:\windows\system32\PnkBstrA.exe
    c:\windows\system32\PnkBstrB.exe
    c:\program files\Symantec AntiVirus\Rtvscan.exe
    c:\program files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
    c:\program files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
    c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    c:\windows\SYSTEM32\CTXFISPI.EXE
    c:\windows\system32\CTHELPER.EXE
    c:\program files\HP\Digital Imaging\bin\hpqtra08.PROBLEM.exe
    c:\documents and settings\Daniel\Local Settings\Application Data\Google\Update\1.2.183.29\GoogleCrashHandler.exe
    c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
    .
    **************************************************************************
    .
    Completion time: 2010-09-12 09:51:48 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-09-12 14:51

    Pre-Run: 92,031,213,568 bytes free
    Post-Run: 92,034,752,512 bytes free

    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

    - - End Of File - - D6CD9E6C4F1696593475FBB527311DC1


    Here is the new DDS log:


    DDS (Ver_10-03-17.01) - NTFSx86
    Run by Daniel at 9:58:52.57 on Sun 09/12/2010
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1303 [GMT -5:00]

    AV: *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
    FW: *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

    ============== Running Processes ===============

    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    C:\WINDOWS\system32\Ati2evxx.exe
    svchost.exe
    svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
    svchost.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\PnkBstrB.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
    C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
    C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\WINDOWS\system32\ElkCtrl.exe
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\WINDOWS\system32\lvcomsx.exe
    C:\Program Files\Microsoft IntelliPoint\point32.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Carbonite\CarbonitePreinstaller.exe
    C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.PROBLEM.exe
    C:\Documents and Settings\Daniel\Local Settings\Application Data\Google\Update\1.2.183.29\GoogleCrashHandler.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\WINDOWS\explorer.exe
    C:\Documents and Settings\Daniel\Desktop\dds.com

    ============== Pseudo HJT Report ===============

    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
    BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    uRun: [Google Update] "c:\documents and settings\daniel\local settings\application data\google\update\GoogleUpdate.exe" /c
    mRun: [VolPanel] "c:\program files\creative\sound blaster x-fi\volume panel\VolPanel.exe" /r
    mRun: [AudioDrvEmulator] "c:\program files\creative\shared files\module loader\dllml.exe" -1 audiodrvemulator "c:\program files\creative\shared files\module loader\audio emulator\AudDrvEm.dll"
    mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
    mRun: [LogitechCameraService(E)] c:\windows\system32\ElkCtrl.exe /automation
    mRun: [CTHelper] CTHELPER.EXE
    mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
    mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
    mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
    mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\point32.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [CarboniteSetupLite] "c:\program files\carbonite\CarbonitePreinstaller.exe" /preinstalled /showonfirst /reshowat=900
    mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"
    dRunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy'
    dRunOnce: [WUAppSetup] c:\program files\common files\logishrd\WUApp32.exe -v 0x046d -p 0x08c1 -f video -m logitech -d 11.0.0.1217
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\reader 8.0\reader\AdobeCollabSync.exe
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.PROBLEM.exe
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
    IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
    DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
    DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
    DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader3.cab
    DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {8BC53B30-32E4-4ED3-BEF9-DB761DB77453} - hxxp://u3.sandisk.com/download/apps/LPInstaller.CAB
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
    DPF: {FE5B9F54-7764-4C01-89F0-4862601EE954} - hxxp://photos.msn.com/resources/neutral/controls/DigWebX2.cab?10,0,910,0
    DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.6.cab
    Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: AtiExtEvent - Ati2evxx.dll
    Notify: NavLogon - c:\windows\system32\NavLogon.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\daniel\applic~1\mozilla\firefox\profiles\me7gvhrl.default\
    FF - component: c:\program files\google\google gears\firefox\lib\ff36\gears.dll
    FF - plugin: c:\documents and settings\daniel\local settings\application data\google\update\1.2.183.29\npGoogleOneClick8.dll
    FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
    c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
    c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
    c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
    c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

    ============= SERVICES / DRIVERS ===============

    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-9-8 64288]
    R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2005-12-19 337592]
    R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2005-12-19 54968]
    R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2006-3-7 192160]
    R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2006-3-7 169632]
    R2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-9-25 189736]
    R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2006-3-17 1799408]
    R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-5-20 24652]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-5-29 102448]
    R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20100910.003\naveng.sys [2010-9-10 85424]
    R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20100910.003\navex15.sys [2010-9-10 1362608]
    S2 gupdate1c93c888294d7c2;Google Update Service (gupdate1c93c888294d7c2);c:\program files\google\update\GoogleUpdate.exe [2008-11-1 133104]
    S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-8-12 1355928]
    S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-8-12 15008]
    S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2006-3-17 115952]

    =============== Created Last 30 ================

    2010-09-12 14:14:53 0 d-sha-r- C:\cmdcons
    2010-09-12 14:10:40 98816 ----a-w- c:\windows\sed.exe
    2010-09-12 14:10:40 77312 ----a-w- c:\windows\MBR.exe
    2010-09-12 14:10:40 256512 ----a-w- c:\windows\PEV.exe
    2010-09-12 14:10:40 161792 ----a-w- c:\windows\SWREG.exe
    2010-09-12 03:54:27 0 d-----w- c:\docume~1\alluse~1\applic~1\Seagate
    2010-09-12 03:54:26 0 d-----w- c:\program files\Seagate
    2010-09-12 03:53:11 0 d-----w- c:\program files\Carbonite
    2010-09-10 21:19:16 0 d-----w- c:\docume~1\alluse~1\applic~1\F-Secure
    2010-09-10 20:42:22 0 d-----w- c:\docume~1\daniel\applic~1\Malwarebytes
    2010-09-10 20:42:15 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-09-10 20:42:14 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
    2010-09-10 20:42:13 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-09-10 20:42:12 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-09-10 01:52:17 37 ----a-w- c:\windows\Viewer.ini
    2010-09-10 01:50:41 409 ----a-w- c:\windows\SIERRA.IN~
    2010-09-10 01:50:30 0 d-----w- C:\SIERRA
    2010-09-10 01:47:02 482 ----a-w- c:\windows\SIERRA.INI
    2010-09-09 04:00:47 15880 ----a-w- c:\windows\system32\lsdelete.exe
    2010-09-09 03:43:00 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
    2010-09-09 03:40:04 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{ECC164E0-3133-4C70-A831-F08DB2940F70}
    2010-09-09 03:39:36 0 d-----w- c:\program files\Lavasoft
    2010-08-15 23:21:24 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2010-08-15 23:21:24 423656 ----a-w- c:\windows\system32\deployJava1.dll

    ==================== Find3M ====================

    2010-09-12 14:38:27 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
    2010-08-10 23:29:39 138576 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
    2010-08-10 23:29:30 215104 ----a-w- c:\windows\system32\PnkBstrB.exe
    2010-07-27 06:30:35 8462336 ------w- c:\windows\system32\dllcache\shell32.dll
    2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll
    2010-06-30 12:31:35 149504 ------w- c:\windows\system32\dllcache\schannel.dll
    2010-06-24 22:51:58 11077120 ------w- c:\windows\system32\dllcache\ieframe.dll
    2010-06-24 12:22:03 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-06-24 12:22:03 916480 ------w- c:\windows\system32\dllcache\wininet.dll
    2010-06-24 12:22:03 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
    2010-06-24 12:22:02 1210368 ------w- c:\windows\system32\dllcache\urlmon.dll
    2010-06-24 12:22:01 611840 ----a-w- c:\windows\system32\dllcache\mstime.dll
    2010-06-24 12:22:01 5951488 ------w- c:\windows\system32\dllcache\mshtml.dll
    2010-06-24 12:22:01 206848 ----a-w- c:\windows\system32\dllcache\occache.dll
    2010-06-24 12:21:59 599040 ----a-w- c:\windows\system32\dllcache\msfeeds.dll
    2010-06-24 12:21:59 55296 ----a-w- c:\windows\system32\dllcache\msfeedsbs.dll
    2010-06-24 12:21:59 25600 ------w- c:\windows\system32\dllcache\jsproxy.dll
    2010-06-24 12:21:58 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
    2010-06-24 12:21:58 1986560 ------w- c:\windows\system32\dllcache\iertutil.dll
    2010-06-24 12:21:58 184320 ----a-w- c:\windows\system32\dllcache\iepeers.dll
    2010-06-24 12:21:56 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
    2010-06-24 12:21:55 387584 ------w- c:\windows\system32\dllcache\iedkcs32.dll
    2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys
    2010-06-23 13:44:04 1851904 ------w- c:\windows\system32\dllcache\win32k.sys
    2010-06-23 12:08:09 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
    2010-06-21 15:27:11 354304 ------w- c:\windows\system32\dllcache\srv.sys
    2010-06-18 13:36:12 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
    2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll
    2008-02-18 02:10:22 88 --sh--r- c:\windows\system32\2DF8D85242.sys
    2008-02-18 02:10:22 3350 --sha-w- c:\windows\system32\KGyGaAvL.sys
    2008-11-13 02:20:18 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008111220081113\index.dat

    ============= FINISH: 9:59:21.65 ===============

  4. #4
    Security Expert ken545's Avatar
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Great, looks like your CD Rom driver was infected and CF fixed it. What Symantec found where entries in Qoobox and are backups of what CF removed.

    It also found entries in your Java Cache, lets flush it all out.
    1. Click Start > Settings > Control Panel.
    2. Double-click the Java Plug-in icon in the control panel.
    3. Click the Cache tab.
    4. Click Clear A confirmation dialog box appears.
    5. Click Yes to confirm.
    6. Click Apply.


    Still not done, see some more that needs to be removed, This is what I would like you to do.

    Run a system cleaner, than, you have Malwarebytes installed, update it , run a quick scan and post the log.


    Please download ATF Cleaner by Atribune to your desktop.
    • Double-click ATF-Cleaner.exe to run the program.
    • Under Main choose: Select All
    • Click the Empty Selected button.
    Your system may start up slower after running ATF Cleaner, this is expected but will be back to normal after the first or second boot up
    Please note: If you use online banking or are registered online with any other organizations, ensure you have memorized password and other personal information as removing cookies will temporarily disable the auto-login facility.



    Then rerun DDS and post a new log, we dont use Hijackthis much anymore, forgot to remove it before I posted so not to worry about it.
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  5. #5
    Junior Member
    Join Date
    Sep 2010
    Posts
    13

    Default Java cache cleared, ATF Cleaner and Malwarebytes Scan completed

    Ok, I did what you suggested. The steps for clearing out the Java didn't line up exactly with the options I was given by whatever Java version I have (must be a minor interface change from an update), so I looked up on Java.com's website how to clear the cache. Here's what I did, just so you know, but I think it accomplished the same thing:

    Once inside control panel:
    1) Double-clicked Java icon
    2) Clicked "Settings" under Temporary Internet Files region of the General tab
    3) Clicked "Delete Files"
    4) Selected both options (Applications and Applets as well as Trace and Log Files)
    5) Clicked "Ok" (cache was then cleared)

    I also ran the ATF cleaner, which I think I may have run a few days ago, actually, following some advice I had read in a different forum last week before I found this site. It cleaned out a lot.

    When I ran the Malwarebyte's quick scan, though, nothing was found. Wondering if maybe whatever problem I have had been overlooked, I followed it up with a full scan, but again, nothing was found. The log I will post is from the initial quick scan, though I do have the results for the full scan as well.

    Finally, Symantec Auto-Protect kicked in again during the Malwarebyte's full scan, this time coming up with 9 more instances of the Backdoor.Tidserv.I!inf. I've attached the log of this as well if you want to look at it, but I deleted most of the previous history for simplicity's sake. It seems that this time it caught instances of the infection in system restore. This is attached as symantec log2.txt.

    Again, thanks SO MUCH for your help! I really appreciate this.

    Malwarebyte's Quick Scan log:

    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4601

    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702

    9/12/2010 1:25:27 PM
    mbam-log-2010-09-12 (13-25-27).txt

    Scan type: Quick scan
    Objects scanned: 157784
    Time elapsed: 6 minute(s), 36 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)


    Updated DDS log:


    DDS (Ver_10-03-17.01) - NTFSx86
    Run by Daniel at 16:45:41.67 on Sun 09/12/2010
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_21
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1038 [GMT -5:00]

    AV: *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
    FW: *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

    ============== Running Processes ===============

    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    svchost.exe
    svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    c:\program files\common files\logitech\lvmvfm\LVPrcSrv.exe
    svchost.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\Program Files\Symantec AntiVirus\DefWatch.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\PnkBstrB.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Symantec AntiVirus\Rtvscan.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
    C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
    C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
    C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\WINDOWS\system32\ElkCtrl.exe
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\WINDOWS\System32\DLA\DLACTRLW.EXE
    C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
    C:\Program Files\Microsoft IntelliPoint\point32.exe
    C:\WINDOWS\system32\lvcomsx.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Documents and Settings\Daniel\Local Settings\Application Data\Google\Update\1.2.183.29\GoogleCrashHandler.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.PROBLEM.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Documents and Settings\Daniel\Desktop\dds.com

    ============== Pseudo HJT Report ===============

    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.5126.1836\swg.dll
    BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\bae\BAE.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
    BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    uRun: [Google Update] "c:\documents and settings\daniel\local settings\application data\google\update\GoogleUpdate.exe" /c
    mRun: [VolPanel] "c:\program files\creative\sound blaster x-fi\volume panel\VolPanel.exe" /r
    mRun: [AudioDrvEmulator] "c:\program files\creative\shared files\module loader\dllml.exe" -1 audiodrvemulator "c:\program files\creative\shared files\module loader\audio emulator\AudDrvEm.dll"
    mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
    mRun: [LogitechCameraService(E)] c:\windows\system32\ElkCtrl.exe /automation
    mRun: [CTHelper] CTHELPER.EXE
    mRun: [DLA] c:\windows\system32\dla\DLACTRLW.EXE
    mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
    mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup
    mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\point32.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    dRunOnce: [SetDefaultMIDI] MIDIDEF.EXE /s:'Creative SoundFont Synthesizer' /w:'SB Audigy'
    dRunOnce: [WUAppSetup] c:\program files\common files\logishrd\WUApp32.exe -v 0x046d -p 0x08c1 -f video -m logitech -d 11.0.0.1217
    StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\reader 8.0\reader\AdobeCollabSync.exe
    StartupFolder: c:\documents and settings\all users\start menu\programs\startup\HP Digital Imaging Monitor.lnk.disabled
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
    IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
    DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
    DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
    DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
    DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab
    DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader3.cab
    DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {8BC53B30-32E4-4ED3-BEF9-DB761DB77453} - hxxp://u3.sandisk.com/download/apps/LPInstaller.CAB
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
    DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
    DPF: {FE5B9F54-7764-4C01-89F0-4862601EE954} - hxxp://photos.msn.com/resources/neutral/controls/DigWebX2.cab?10,0,910,0
    DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.6.cab
    Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
    Notify: AtiExtEvent - Ati2evxx.dll
    Notify: NavLogon - c:\windows\system32\NavLogon.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\docume~1\daniel\applic~1\mozilla\firefox\profiles\me7gvhrl.default\
    FF - component: c:\program files\google\google gears\firefox\lib\ff36\gears.dll
    FF - plugin: c:\documents and settings\daniel\local settings\application data\google\update\1.2.183.29\npGoogleOneClick8.dll
    FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
    c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
    c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
    c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
    c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
    c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
    c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
    c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

    ============= SERVICES / DRIVERS ===============

    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-9-8 64288]
    R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2005-12-19 337592]
    R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2005-12-19 54968]
    R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2006-3-7 192160]
    R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2006-3-7 169632]
    R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2006-3-17 1799408]
    R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2007-5-20 24652]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-5-29 102448]
    R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-8-12 1355928]
    R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20100910.003\naveng.sys [2010-9-10 85424]
    R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20100910.003\navex15.sys [2010-9-10 1362608]
    S2 gupdate1c93c888294d7c2;Google Update Service (gupdate1c93c888294d7c2);c:\program files\google\update\GoogleUpdate.exe [2008-11-1 133104]
    S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-8-12 15008]
    S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2006-3-17 115952]

    =============== Created Last 30 ================

    2010-09-12 14:14:53 0 d-sha-r- C:\cmdcons
    2010-09-12 14:10:40 98816 ----a-w- c:\windows\sed.exe
    2010-09-12 14:10:40 77312 ----a-w- c:\windows\MBR.exe
    2010-09-12 14:10:40 256512 ----a-w- c:\windows\PEV.exe
    2010-09-12 14:10:40 161792 ----a-w- c:\windows\SWREG.exe
    2010-09-12 03:54:27 0 d-----w- c:\docume~1\alluse~1\applic~1\Seagate
    2010-09-12 03:54:26 0 d-----w- c:\program files\Seagate
    2010-09-12 03:53:11 0 d-----w- c:\program files\Carbonite
    2010-09-10 21:19:16 0 d-----w- c:\docume~1\alluse~1\applic~1\F-Secure
    2010-09-10 20:42:22 0 d-----w- c:\docume~1\daniel\applic~1\Malwarebytes
    2010-09-10 20:42:15 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-09-10 20:42:14 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
    2010-09-10 20:42:13 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-09-10 20:42:12 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-09-10 01:52:17 37 ----a-w- c:\windows\Viewer.ini
    2010-09-10 01:50:41 409 ----a-w- c:\windows\SIERRA.IN~
    2010-09-10 01:50:30 0 d-----w- C:\SIERRA
    2010-09-10 01:47:02 482 ----a-w- c:\windows\SIERRA.INI
    2010-09-09 04:00:47 15880 ----a-w- c:\windows\system32\lsdelete.exe
    2010-09-09 03:43:00 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
    2010-09-09 03:40:04 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{ECC164E0-3133-4C70-A831-F08DB2940F70}
    2010-09-09 03:39:36 0 d-----w- c:\program files\Lavasoft
    2010-08-15 23:21:24 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2010-08-15 23:21:24 423656 ----a-w- c:\windows\system32\deployJava1.dll

    ==================== Find3M ====================

    2010-09-12 21:42:19 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
    2010-08-10 23:29:39 138576 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
    2010-08-10 23:29:30 215104 ----a-w- c:\windows\system32\PnkBstrB.exe
    2010-07-27 06:30:35 8462336 ------w- c:\windows\system32\dllcache\shell32.dll
    2010-06-30 12:31:35 149504 ----a-w- c:\windows\system32\schannel.dll
    2010-06-30 12:31:35 149504 ------w- c:\windows\system32\dllcache\schannel.dll
    2010-06-24 22:51:58 11077120 ------w- c:\windows\system32\dllcache\ieframe.dll
    2010-06-24 12:22:03 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-06-24 12:22:03 916480 ------w- c:\windows\system32\dllcache\wininet.dll
    2010-06-24 12:22:03 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
    2010-06-24 12:22:02 1210368 ------w- c:\windows\system32\dllcache\urlmon.dll
    2010-06-24 12:22:01 611840 ----a-w- c:\windows\system32\dllcache\mstime.dll
    2010-06-24 12:22:01 5951488 ------w- c:\windows\system32\dllcache\mshtml.dll
    2010-06-24 12:22:01 206848 ----a-w- c:\windows\system32\dllcache\occache.dll
    2010-06-24 12:21:59 599040 ----a-w- c:\windows\system32\dllcache\msfeeds.dll
    2010-06-24 12:21:59 55296 ----a-w- c:\windows\system32\dllcache\msfeedsbs.dll
    2010-06-24 12:21:59 25600 ------w- c:\windows\system32\dllcache\jsproxy.dll
    2010-06-24 12:21:58 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
    2010-06-24 12:21:58 1986560 ------w- c:\windows\system32\dllcache\iertutil.dll
    2010-06-24 12:21:58 184320 ----a-w- c:\windows\system32\dllcache\iepeers.dll
    2010-06-24 12:21:56 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
    2010-06-24 12:21:55 387584 ------w- c:\windows\system32\dllcache\iedkcs32.dll
    2010-06-23 13:44:04 1851904 ----a-w- c:\windows\system32\win32k.sys
    2010-06-23 13:44:04 1851904 ------w- c:\windows\system32\dllcache\win32k.sys
    2010-06-23 12:08:09 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
    2010-06-21 15:27:11 354304 ------w- c:\windows\system32\dllcache\srv.sys
    2010-06-18 13:36:12 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
    2010-06-17 14:03:00 80384 ----a-w- c:\windows\system32\iccvid.dll
    2008-02-18 02:10:22 88 --sh--r- c:\windows\system32\2DF8D85242.sys
    2008-02-18 02:10:22 3350 --sha-w- c:\windows\system32\KGyGaAvL.sys
    2008-11-13 02:20:18 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008111220081113\index.dat

    ============= FINISH: 16:46:25.40 ===============

  6. #6
    Security Expert ken545's Avatar
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Hi,

    Go to your Add Remove Programs in the Control Panel and uninstall Viewpoint, it installs without your knowledge or consent, is considered Adware, uses system resources and is not needed for anything.



    Open Notepad Go to Start> All Programs> Assessories> Notepad ( this will only work with Notepad )and copy all the text inside the Codebox by highlighting it all and pressing CTRL C on your keyboard, then paste it into Notepad, make sure there is no space before and above the link to this thread


    Code:
    http://forums.spybot.info/showthread.php?t=59398
    
    Collect::
    c:\windows\Vhosadi.dat
    c:\windows\Uromaciwi.bin
    c:\windows\atrpos32.dll
    c:\windows\ovovurogehuda.dll
    
    
    Registry::
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "Kyubu"=-
    
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "Jkirova"=-
    Save this as CFScript to your desktop.

    Then drag the CFScript into ComboFix.exe as you see in the screenshot below.




    This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply.
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  7. #7
    Junior Member
    Join Date
    Sep 2010
    Posts
    13

    Default ComboFix run again

    All right, thanks for being so prompt in replying Ken545. I noticed that in the code text from above, two startup processes were listed. I actually saw these a few days ago when checking out my startup processes, and since I didn't recognize them, I unchecked them.

    After following your instructions, here is the log for ComboFix's scan...

    ComboFix scan log:

    ComboFix 10-09-12.01 - Daniel 09/12/2010 18:57:41.2.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1060 [GMT -5:00]
    Running from: c:\documents and settings\Daniel\Desktop\Combo-Fix.exe
    Command switches used :: c:\documents and settings\Daniel\Desktop\CFScript.txt
    AV: *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
    FW: *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

    file zipped: c:\windows\ovovurogehuda.dll
    file zipped: c:\windows\Uromaciwi.bin
    file zipped: c:\windows\Vhosadi.dat
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\ovovurogehuda.dll
    c:\windows\Uromaciwi.bin
    c:\windows\Vhosadi.dat

    .
    ((((((((((((((((((((((((( Files Created from 2010-08-13 to 2010-09-13 )))))))))))))))))))))))))))))))
    .

    2010-09-12 21:44 . 2010-09-12 21:44 -------- d-sh--w- c:\documents and settings\LocalService\UserData
    2010-09-12 21:44 . 2010-09-12 21:44 -------- d-sh--w- c:\documents and settings\LocalService\IECompatCache
    2010-09-12 21:43 . 2010-09-12 21:43 -------- d-sh--w- c:\documents and settings\LocalService\PrivacIE
    2010-09-12 03:54 . 2010-09-12 03:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Seagate
    2010-09-12 03:54 . 2010-09-12 03:54 -------- d-----w- c:\program files\Seagate
    2010-09-12 03:53 . 2010-09-12 17:57 -------- d-----w- c:\program files\Carbonite
    2010-09-11 19:16 . 2010-09-11 19:16 -------- d-----w- c:\program files\Common Files\Skype
    2010-09-11 00:38 . 2010-09-11 00:39 -------- d-----w- c:\program files\ERUNT
    2010-09-10 21:19 . 2010-09-10 21:19 -------- d-----w- c:\documents and settings\All Users\Application Data\F-Secure
    2010-09-10 20:42 . 2010-09-10 20:42 -------- d-----w- c:\documents and settings\Daniel\Application Data\Malwarebytes
    2010-09-10 20:42 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-09-10 20:42 . 2010-09-10 20:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-09-10 20:42 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-09-10 20:42 . 2010-09-10 20:42 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-09-10 01:50 . 2010-09-10 01:50 -------- d-----w- C:\SIERRA
    2010-09-09 04:00 . 2010-08-12 12:15 15880 ----a-w- c:\windows\system32\lsdelete.exe
    2010-09-09 03:43 . 2010-08-12 12:15 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
    2010-09-09 03:40 . 2010-09-09 03:40 -------- d-----w- c:\documents and settings\Daniel\Local Settings\Application Data\Sunbelt Software
    2010-09-09 03:40 . 2010-09-09 03:40 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}
    2010-09-09 03:40 . 2010-08-12 12:16 2979848 -c--a-w- c:\documents and settings\All Users\Application Data\{ECC164E0-3133-4C70-A831-F08DB2940F70}\Ad-AwareInstall.exe
    2010-09-09 03:39 . 2010-09-09 03:39 -------- d-----w- c:\program files\Lavasoft
    2010-09-03 02:04 . 2010-09-03 02:04 214040 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
    2010-08-15 23:22 . 2010-08-15 23:22 -------- d-----w- c:\program files\Common Files\Java
    2010-08-15 23:21 . 2010-08-15 23:21 503808 ----a-w- c:\documents and settings\Daniel\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-4e865eca-n\msvcp71.dll
    2010-08-15 23:21 . 2010-08-15 23:21 499712 ----a-w- c:\documents and settings\Daniel\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-4e865eca-n\jmc.dll
    2010-08-15 23:21 . 2010-08-15 23:21 61440 ----a-w- c:\documents and settings\Daniel\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-4227d90b-n\decora-sse.dll
    2010-08-15 23:21 . 2010-08-15 23:21 348160 ----a-w- c:\documents and settings\Daniel\Application Data\Sun\Java\Deployment\SystemCache\6.0\4\7ec4bf04-4e865eca-n\msvcr71.dll
    2010-08-15 23:21 . 2010-08-15 23:21 12800 ----a-w- c:\documents and settings\Daniel\Application Data\Sun\Java\Deployment\SystemCache\6.0\42\4488892a-4227d90b-n\decora-d3d.dll
    2010-08-15 23:21 . 2010-08-15 23:21 423656 ----a-w- c:\windows\system32\deployJava1.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-09-12 23:53 . 2006-07-22 02:31 -------- d-----w- c:\program files\Symantec AntiVirus
    2010-09-12 23:48 . 2006-07-19 17:08 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
    2010-09-12 21:42 . 2006-07-23 19:33 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs
    2010-09-12 18:01 . 2006-07-19 17:03 -------- d--h--w- c:\program files\InstallShield Installation Information
    2010-09-12 11:13 . 2010-08-11 05:29 664 ----a-w- c:\windows\system32\d3d9caps.dat
    2010-09-11 22:39 . 2010-01-11 18:37 -------- d-----w- c:\documents and settings\Daniel\Application Data\Skype
    2010-09-11 19:10 . 2010-01-11 18:42 -------- d-----w- c:\documents and settings\Daniel\Application Data\skypePM
    2010-09-10 20:09 . 2007-06-28 03:33 -------- d-----w- c:\program files\QuickTime
    2010-09-10 20:06 . 2007-06-28 03:32 -------- d-----w- c:\program files\Apple Software Update
    2010-09-09 03:39 . 2009-03-17 15:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
    2010-08-20 00:58 . 2010-08-20 00:58 0 ----a-w- c:\documents and settings\All Users\Application Data\ISx3B.tmp
    2010-08-20 00:54 . 2010-08-20 00:54 0 ----a-w- c:\documents and settings\All Users\Application Data\ISx39.tmp
    2010-08-17 00:15 . 2010-08-17 00:15 0 ----a-w- c:\documents and settings\All Users\Application Data\ISx1B.tmp
    2010-08-17 00:13 . 2010-08-17 00:13 0 ----a-w- c:\documents and settings\All Users\Application Data\ISx19.tmp
    2010-08-15 23:20 . 2006-07-19 16:59 -------- d-----w- c:\program files\Java
    2010-08-15 04:13 . 2009-10-15 22:57 -------- d-----w- c:\program files\Windows Desktop Search
    2010-08-12 21:09 . 2006-07-19 17:09 -------- d-----w- c:\documents and settings\All Users\Application Data\GTek
    2010-08-12 21:07 . 2006-07-19 17:03 -------- d-----w- c:\program files\Dell
    2010-08-12 21:07 . 2006-07-19 17:07 -------- d-----w- c:\program files\Real
    2010-08-12 20:57 . 2006-07-19 17:03 -------- d-----w- c:\program files\Common Files\Sonic Shared
    2010-08-12 20:56 . 2006-07-19 17:03 -------- d-----w- c:\program files\Common Files\Roxio Shared
    2010-08-12 20:52 . 2007-06-28 18:48 -------- d-----w- c:\program files\Steam
    2010-08-12 20:44 . 2006-07-19 17:07 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL
    2010-08-12 20:44 . 2006-07-19 17:07 -------- d-----w- c:\program files\Common Files\AOL
    2010-08-12 20:43 . 2006-07-19 17:07 -------- d-----w- c:\program files\Common Files\aolshare
    2010-08-10 23:29 . 2007-12-25 20:31 138576 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
    2010-08-10 23:29 . 2007-12-25 20:31 215104 ----a-w- c:\windows\system32\PnkBstrB.exe
    2010-08-10 01:26 . 2010-08-10 01:26 0 ----a-w- c:\documents and settings\All Users\Application Data\ISx22.tmp
    2010-08-10 01:26 . 2010-08-10 01:26 0 ----a-w- c:\documents and settings\All Users\Application Data\ISx21.tmp
    2010-08-10 01:24 . 2010-08-10 01:24 0 ----a-w- c:\documents and settings\All Users\Application Data\ISx20.tmp
    2010-08-10 01:24 . 2010-08-10 01:24 0 ----a-w- c:\documents and settings\All Users\Application Data\ISx1F.tmp
    2010-08-10 01:23 . 2010-08-10 01:23 0 ----a-w- c:\documents and settings\All Users\Application Data\ISx1E.tmp
    2010-08-10 01:19 . 2010-08-10 01:19 0 ----a-w- c:\documents and settings\All Users\Application Data\ISx1D.tmp
    2010-08-10 00:39 . 2010-08-10 00:39 0 ----a-w- c:\documents and settings\All Users\Application Data\ISx5C.tmp
    2010-08-10 00:37 . 2010-08-10 00:37 0 ----a-w- c:\documents and settings\All Users\Application Data\ISx56.tmp
    2010-08-10 00:33 . 2010-08-10 00:33 0 ----a-w- c:\documents and settings\All Users\Application Data\ISx3D.tmp
    2010-08-03 21:15 . 2006-09-04 19:56 -------- d-----w- c:\documents and settings\Daniel\Application Data\Image Zone Express
    2010-08-01 04:13 . 2010-08-01 04:13 -------- d-----w- c:\documents and settings\Daniel\Application Data\MSNInstaller
    2010-07-30 05:29 . 2010-07-30 05:29 21409808 ----a-w- c:\documents and settings\All Users\Application Data\Belkin\Belkin TrayApp\setup_40216717.exe
    2010-07-30 05:29 . 2010-07-30 05:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Belkin
    2010-07-30 03:43 . 2010-07-30 03:43 -------- d-----w- c:\program files\Belkin
    2010-06-30 12:31 . 2004-08-11 22:00 149504 ----a-w- c:\windows\system32\schannel.dll
    2010-06-24 12:22 . 2004-08-11 22:00 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-06-24 04:47 . 2010-06-24 04:47 501936 ----a-w- c:\documents and settings\All Users\Application Data\Google\Google Toolbar\Update\gtb52.tmp.exe
    2010-06-23 13:44 . 2004-08-11 22:00 1851904 ----a-w- c:\windows\system32\win32k.sys
    2010-06-21 15:27 . 2004-08-11 22:00 354304 ----a-w- c:\windows\system32\drivers\srv.sys
    2010-06-17 14:03 . 2004-08-11 22:00 80384 ----a-w- c:\windows\system32\iccvid.dll
    2010-06-15 17:19 . 2010-06-15 17:19 0 ----a-w- c:\documents and settings\All Users\Application Data\ISx15.tmp
    2008-02-18 02:10 . 2006-07-22 22:12 88 --sh--r- c:\windows\system32\2DF8D85242.sys
    2008-02-18 02:10 . 2006-07-22 22:12 3350 --sha-w- c:\windows\system32\KGyGaAvL.sys
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Google Update"="c:\documents and settings\Daniel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-03-18 136176]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "VolPanel"="c:\program files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" [2005-10-14 122880]
    "AudioDrvEmulator"="c:\program files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 49152]
    "ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-03-07 53408]
    "LogitechCameraService(E)"="c:\windows\system32\ElkCtrl.exe" [2004-11-01 262144]
    "CTHelper"="CTHELPER.EXE" [2006-12-12 19456]
    "DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
    "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
    "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]
    "IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2004-06-03 204800]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "SetDefaultMIDI"="MIDIDEF.EXE" [2005-11-08 25600]
    "WUAppSetup"="c:\program files\Common Files\logishrd\WUApp32.exe" [2007-05-11 441120]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ lsdelete

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
    backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
    backup=c:\windows\pss\Digital Line Detect.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech Desktop Messenger.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk
    backup=c:\windows\pss\Logitech Desktop Messenger.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
    backup=c:\windows\pss\Windows Search.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^Daniel^Start Menu^Programs^Startup^YouTube Uploader.lnk]
    path=c:\documents and settings\Daniel\Start Menu\Programs\Startup\YouTube Uploader.lnk
    backup=c:\windows\pss\YouTube Uploader.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
    c:\windows\system32\dumprep 0 -k [X]

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ad-Watch]
    2010-09-09 03:42 864624 ----a-w- c:\program files\Lavasoft\Ad-Aware\AAWTray.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
    2008-07-23 00:42 116040 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTDVDDET]
    2003-06-18 06:00 45056 ------w- c:\program files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2008-07-30 14:47 289064 ----a-w- c:\program files\iTunes\iTunesHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
    2007-04-01 18:04 67128 ----a-w- c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCameraAssistant]
    2005-12-07 14:26 489472 ----a-w- c:\program files\Logitech\Video\CameraAssistant.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideo[inspector]]
    2005-12-07 14:33 73728 ----a-w- c:\program files\Logitech\Video\InstallHelper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSKDetectorExe]
    2005-07-13 00:05 1117184 ----a-w- c:\program files\McAfee\SpamKiller\MSKDetct.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MtdAcq]
    2005-09-14 19:40 229466 ------w- c:\program files\Creative\Shared Files\Media Sniffer\MtdAcq.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-08-10 10:15 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
    2010-05-12 04:08 1238352 ----a-w- c:\program files\Steam\Steam.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
    2010-05-14 16:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2009-03-16 04:07 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
    2000-05-11 06:00 90112 ------w- c:\windows\Updreg.EXE

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vptray]
    2006-03-17 10:34 124656 ----a-w- c:\progra~1\SYMANT~1\VPTray.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "Aim6"=
    "ctfmon.exe"=c:\windows\system32\ctfmon.exe
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "LVCOMSX"=c:\windows\system32\LVCOMSX.EXE
    "type32"="c:\program files\Microsoft IntelliType Pro\type32.exe"
    "HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
    "CTxfiHlp"=CTXFIHLP.EXE
    "CarboniteSetupLite"="c:\program files\Carbonite\CarbonitePreinstaller.exe" /preinstalled /showonfirst /reshowat=900
    "MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\America Online 9.0\\waol.exe"=
    "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
    "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
    "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
    "c:\\Program Files\\Steam\\Steam.exe"=
    "c:\\Program Files\\Steam\\steamapps\\dmw2788\\counter-strike\\hl.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrA.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrB.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
    "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
    "c:\\Program Files\\Firaxis Games\\Sid Meier's Civilization 4\\Civilization4.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
    "c:\\Program Files\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=
    "c:\\Program Files\\Steam\\steamapps\\tubabubba\\team fortress 2\\hl2.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [9/8/2010 10:43 PM 64288]
    R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/29/2010 12:02 AM 102448]
    R3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [8/12/2010 7:15 AM 1355928]
    S2 gupdate1c93c888294d7c2;Google Update Service (gupdate1c93c888294d7c2);c:\program files\Google\Update\GoogleUpdate.exe [11/1/2008 8:15 PM 133104]
    S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [8/12/2010 7:15 AM 15008]
    S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [3/17/2006 5:34 AM 115952]
    .
    Contents of the 'Scheduled Tasks' folder

    2010-09-12 c:\windows\Tasks\Ad-Aware Update (Weekly).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-08-12 03:42]

    2009-09-02 c:\windows\Tasks\Blue Devils - F-Tuning (Ditty Cadence).job
    - c:\documents and settings\Daniel\My Documents\My Music\iTunes\iTunes Music\Unknown Artist\Naruto\11 Track 11 (rap).m4a [2007-10-07 06:11]

    2010-06-16 c:\windows\Tasks\Cancel apartment insurance policy reminder.job
    - c:\documents and settings\Daniel\My Documents\Cancel your apartment insurance.doc [2010-06-16 18:24]

    2010-08-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2008-11-02 01:15]

    2010-09-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2008-11-02 01:15]

    2010-09-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3311269471-1733383960-847243865-1005Core.job
    - c:\documents and settings\Daniel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-07 18:59]

    2010-09-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3311269471-1733383960-847243865-1005UA.job
    - c:\documents and settings\Daniel\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-09-07 18:59]

    2009-01-03 c:\windows\Tasks\Journal reminder.job
    - c:\documents and settings\Daniel\My Documents\Journal\reminder 2.txt [2007-08-24 02:00]

    2010-09-12 c:\windows\Tasks\Microsoft Office Word 2003.job
    - c:\documents and settings\All Users\Start Menu\Programs\Microsoft Office\Microsoft Office Word 2003.lnk [2006-07-22 02:03]

    2010-09-08 c:\windows\Tasks\User_Feed_Synchronization-{1BF8318D-0EC3-416B-BC83-385052EB66C3}.job
    - c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]
    .
    .
    ------- Supplementary Scan -------
    .
    uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
    uInternet Settings,ProxyOverride = *.local
    uSearchAssistant = hxxp://www.google.com/ie
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
    FF - ProfilePath - c:\documents and settings\Daniel\Application Data\Mozilla\Firefox\Profiles\me7gvhrl.default\
    FF - component: c:\program files\Google\Google Gears\Firefox\lib\ff36\gears.dll
    FF - plugin: c:\documents and settings\Daniel\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-09-12 19:06
    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    HKLM\Software\Microsoft\Windows\CurrentVersion\Run
    CTHelper = CTHELPER.EXE?

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-3311269471-1733383960-847243865-1005\Software\SecuROM\License information*]
    "datasecu"=hex:ec,d2,b5,c5,5b,e0,ba,21,79,a9,45,83,db,8a,91,83,3f,3d,41,48,f7,
    01,26,3b,18,b4,d9,d4,20,e8,31,a7,d7,4d,ba,ab,dc,43,ce,bc,a6,9d,f5,eb,71,b7,\
    "rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10i_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(776)
    c:\windows\system32\Ati2evxx.dll
    .
    Completion time: 2010-09-12 19:09:20
    ComboFix-quarantined-files.txt 2010-09-13 00:09
    ComboFix2.txt 2010-09-12 14:51

    Pre-Run: 92,097,712,128 bytes free
    Post-Run: 92,077,613,056 bytes free

    - - End Of File - - 2F2396F79105F38C6F85D4DDC4FCDEA2
    Upload was successful



    You didn't ask for these, but just in case, I've attached another DDS log.

  8. #8
    Junior Member
    Join Date
    Sep 2010
    Posts
    13

    Default Edit

    *By startup processes, I mean Kyubu and Jkirova*

  9. #9
    Security Expert ken545's Avatar
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    By startup processes, I mean Kyubu and Jkirova* <--There gone along with the offending files.

    How are things running now ?

    Lets run a free online virus scanner , it may pick up something we missed.

    Please run this free online virus scanner from ESET
    • Note: You will need to use Internet explorer for this scan
    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the activex control to install
    • Click Start
    • Make sure that the option Remove found threats is ticked, and the option Scan unwanted applications is checked
    • Click Scan
    • Wait for the scan to finish
    • Use notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
    • Copy and paste that log as a reply to this topic
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  10. #10
    Junior Member
    Join Date
    Sep 2010
    Posts
    13

    Default ESET scan completed

    I ran the ESET scan, and it found two instances of the same trojan. I exported the scan results and posted them below, but I couldn't find the log file in the ESET directory folder.

    So, during the scan (and just in general), my Symantec Auto-Protect kept informing me about that same Backdoor.Tidserv.I!inf issue. It seems like it keeps encountering it anew or something. Is there anyway to permanently resolve that risk?

    ESET log:

    C:\Documents and Settings\All Users\Application Data\AOL Downloads\SUD4131\setup.exe probably a variant of Win32/Agent.HZHBURL trojan cleaned by deleting - quarantined
    C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1258\A0108930.exe probably a variant of Win32/Agent.HZHBURL trojan cleaned by deleting - quarantined

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •