Page 1 of 3 123 LastLast
Results 1 to 10 of 30

Thread: savetubevideo redirect

  1. #1
    Junior Member
    Join Date
    Oct 2010
    Posts
    16

    Default savetubevideo redirect

    Hi, I hope you can help with my laptop problem. It is a Toshiba Equium, Intel Pentium Dual CPU T2370 @ 1.73GHz 1.73GHz, 2.0 GB RAM. I'm running Windows Vista Home Premium with SP2, Internet Explorer 8.0.6001.18975, Mozilla Firefox 3.6.11, Avast! Free Antivirus 5.0.677, Spybot Search & Destroy 1.6.2 and Malwarebytes 1.46

    A short while ago I downloaded and installed "Download Youtube Free"

    Shortly after this I noticed that occasionally, when using the Bing search engine on Firefox, if I click on a website link it will initially load the expected website but almost immediately redirects to a Google search box with "landing.savetubevideo" in the address bar (actually it's a full web address, but I'm reluctant to type it out in full on here). The page flickers constantly as if it is trying to close or to move on elsewhere but can't quite manage it. It seems that IE is not affected (yet).

    I have deleted the offending program and have used CCleaner to remove any remaining registry references. (That was before I read the advice on your website). Unfortunately the problem persists. Neither Spybot nor Malwarebytes can find any problem and I don't know what else to try.

    Thanks in advance for any help you can give.


    DDS (Ver_10-10-21.01) - NTFSx86
    Run by Don at 15:07:59.72 on 21/10/2010
    Internet Explorer: 8.0.6001.18975 BrowserJavaVersion: 1.6.0_21
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2038.1153 [GMT 1:00]

    SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\a-squared Free\a2service.exe
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\Windows\system32\fsproflt.exe
    C:\Program Files\Nero\Update\NASvc.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Program Files\TalkTalk\bin\sprtsvc.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe
    C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
    C:\Windows\system32\TODDSrv.exe
    C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
    C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
    C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Windows\ehome\ehtray.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Windows Live\Toolbar\wltuser.exe
    C:\Windows\system32\Macromed\Flash\FlashUtil10k_ActiveX.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Users\Don\Desktop\dds.scr
    C:\Windows\system32\conime.exe
    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uSearch Page = hxxp://www.google.com
    uSearch Bar = hxxp://www.google.com/ie
    mStart Page = hxxp://www.msn.com
    uInternet Settings,ProxyServer = http=
    uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
    BHO: Disabled:{5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No File
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
    TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
    TB: FireShot: {6e6e744e-4d20-4ce3-9a7a-26dfffe22f68} - c:\users\don\appdata\roaming\mozilla\firefox\profiles\dbhpypvr.default\extensions\{0b457caa-602d-484a-8fe7-c1d894a011ba}\library\fsaddin-0.85.dll
    TB: {4974A391-29D6-4419-A63B-49C1C7142489} - No File
    TB: {31C7D459-9CC3-44F2-9DCA-FC11795309B4} - No File
    TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Openwares LiveUpdate] c:\program files\liveupdate\LiveUpdate.exe
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
    dRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
    StartupFolder: c:\users\don\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
    IE: Save Page As PDF ... - file://c:\program files\nitro pdf\pdf download\nitroweb.htm
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    Notify: igfxcui - igfxdev.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - %SystemRoot%\system32\wpdshserviceobj.dll
    SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File

    ================= FIREFOX ===================

    FF - ProfilePath - c:\users\don\appdata\roaming\mozilla\firefox\profiles\dbhpypvr.default\
    FF - prefs.js: browser.startup.homepage - hxxp://uk.msn.com/?ocid=hmlogout
    FF - prefs.js: keyword.URL - hxxp://www.veerboo.com/results.php?q=
    FF - component: c:\users\don\appdata\roaming\mozilla\firefox\profiles\dbhpypvr.default\extensions\{0b457caa-602d-484a-8fe7-c1d894a011ba}\platform\winnt_x86-msvc\components\SSSLauncher.dll
    FF - component: c:\users\don\appdata\roaming\mozilla\firefox\profiles\dbhpypvr.default\extensions\{4974a391-29d6-4419-a63b-49c1c7142489}\components\FFExternalAlert.dll
    FF - component: c:\users\don\appdata\roaming\mozilla\firefox\profiles\dbhpypvr.default\extensions\{4974a391-29d6-4419-a63b-49c1c7142489}\components\RadioWMPCore.dll
    FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
    FF - plugin: c:\program files\tracker software\pdf viewer\npPDFXCviewNPPlugin.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - plugin: c:\users\don\appdata\roaming\mozilla\firefox\profiles\dbhpypvr.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll

    ---- FIREFOX POLICIES ----
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

    ============= SERVICES / DRIVERS ===============

    R0 FSProFilter;FSPro File Filter;c:\windows\system32\drivers\FSPFltd.sys [2010-3-25 43792]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2009-3-13 165584]
    R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\drivers\RtlProt.sys [2007-11-5 25896]
    R2 a2free;a-squared Free Service;c:\program files\a-squared free\a2service.exe [2009-1-31 1872320]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-3-13 17744]
    R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-3-13 50768]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-8 40384]
    R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2007-12-25 40960]
    R2 fsproflt;FSPro Filter Service;c:\windows\system32\fsproflt.exe [2010-3-25 142648]
    R2 NAUpdate;Nero Update;c:\program files\nero\update\NASvc.exe [2010-5-4 503080]
    R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2008-11-6 1153368]
    R2 sprtsvc_TalkTalk;SupportSoft Sprocket Service (TalkTalk);c:\program files\talktalk\bin\sprtsvc.exe [2007-10-12 202016]
    R2 tgsrvc_TalkTalk;SupportSoft Repair Service (TalkTalk);c:\program files\common files\supportsoft\bin\tgsrvc.exe [2007-8-2 148768]
    R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2007-12-3 126976]
    R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-8 40384]
    R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-8 40384]
    R3 CnxtHdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service;c:\windows\system32\drivers\CHDART.sys [2008-2-26 187904]
    R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-2-26 111616]
    R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2008-1-15 48472]
    R3 QIOMem;Generic IO & Memory Access;c:\windows\system32\drivers\QIOMem.sys [2007-4-9 8192]
    R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [2009-6-10 347648]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate1c9b90bc6621174;Google Update Service (gupdate1c9b90bc6621174);"c:\program files\google\update\googleupdate.exe" /svc --> c:\program files\google\update\GoogleUpdate.exe [?]
    S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2010-10-15 84832]
    S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
    S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-8-26 54632]
    S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
    S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-6 34064]
    S3 ultradfg;ultradfg;c:\windows\system32\drivers\ultradfg.sys [2009-10-6 41984]
    S3 WipeFile;WipeFile;c:\windows\system32\drivers\WipeFile.sys [2007-3-3 57472]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

    =============== Created Last 30 ================

    2010-10-20 18:55:03 -------- d-----w- c:\users\don\appdata\roaming\Malwarebytes
    2010-10-20 18:54:48 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-10-20 18:54:47 -------- d-----w- c:\progra~2\Malwarebytes
    2010-10-20 18:54:46 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-10-20 18:54:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-10-19 20:35:13 6146896 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{842615c3-7176-461c-a29d-133ae26d34e2}\mpengine.dll
    2010-10-18 21:46:59 1181696 ----a-w- c:\windows\system32\WsmSvc.dll
    2010-10-17 12:02:58 -------- d-----w- c:\progra~2\STOPzilla!
    2010-10-16 16:25:20 -------- d-----w- c:\users\don\appdata\local\Paint.NET
    2010-10-15 16:13:26 84832 ----a-w- c:\windows\system32\drivers\ASPI32.SYS
    2010-10-15 16:13:26 45056 ----a-w- c:\windows\system32\WNASPI32.DLL
    2010-10-15 16:13:12 -------- d-----w- c:\program files\Free DVD Ripper
    2010-10-15 15:47:41 -------- d-----w- c:\users\don\Copied Films and Discs
    2010-10-14 12:55:59 168960 ----a-w- c:\program files\windows media player\wmplayer.exe
    2010-10-14 12:55:44 8147456 ----a-w- c:\windows\system32\wmploc.DLL
    2010-10-14 12:55:17 125952 ----a-w- c:\windows\system32\srvsvc.dll
    2010-10-14 12:55:16 304128 ----a-w- c:\windows\system32\drivers\srv.sys
    2010-10-14 12:55:16 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
    2010-10-14 12:55:16 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
    2010-10-14 12:55:15 17920 ----a-w- c:\windows\system32\netevent.dll
    2010-10-14 12:55:05 274944 ----a-w- c:\windows\system32\schannel.dll
    2010-10-14 12:55:03 339968 ----a-w- c:\program files\windows nt\accessories\wordpad.exe
    2010-10-14 12:55:03 1316864 ----a-w- c:\windows\system32\ole32.dll
    2010-10-14 12:55:01 157184 ----a-w- c:\windows\system32\t2embed.dll
    2010-10-13 14:27:54 553696 ----a-w- c:\program files\mozilla firefox\uninstall\helper.exe
    2010-10-08 22:51:35 -------- d-----w- c:\users\don\Fireshot captures
    2010-10-08 22:46:44 -------- d-----w- c:\users\don\appdata\roaming\FireShot
    2010-10-08 16:51:17 30016 ----a-w- c:\windows\system32\uxtuneup.dll
    2010-10-08 16:51:17 21312 ----a-w- c:\windows\system32\authuitu.dll
    2010-10-06 21:20:31 -------- d-----w- c:\program files\Tracker Software
    2010-10-06 21:18:20 -------- d-----w- c:\program files\DVDSmith Movie Backup
    2010-10-06 20:49:48 290816 ----a-w- c:\windows\system32\cyviewer.ocx
    2010-10-06 20:49:47 -------- d-----w- c:\program files\Ashampoo
    2010-09-28 18:45:37 2048 ----a-w- c:\windows\system32\tzres.dll
    2010-09-28 18:45:23 13312 ----a-w- c:\program files\internet explorer\iecompat.dll

    ==================== Find3M ====================

    2010-10-21 13:57:57 44544 ----a-w- c:\windows\system32\agremove.exe
    2010-09-30 15:15:06 30528 ----a-w- c:\windows\system32\TURegOpt.exe
    2010-09-08 10:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2010-09-08 10:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2010-09-08 06:01:28 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-09-08 05:57:18 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-09-08 05:57:05 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2010-09-08 05:56:53 71680 ----a-w- c:\windows\system32\iesetup.dll
    2010-09-08 05:56:53 109056 ----a-w- c:\windows\system32\iesysprep.dll
    2010-09-08 05:04:36 385024 ----a-w- c:\windows\system32\html.iec
    2010-09-08 04:26:46 133632 ----a-w- c:\windows\system32\ieUnatt.exe
    2010-09-08 04:25:15 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2010-09-07 15:12:17 38848 ----a-w- c:\windows\avastSS.scr
    2010-08-31 15:46:37 954752 ----a-w- c:\windows\system32\mfc40.dll
    2010-08-31 15:46:37 954288 ----a-w- c:\windows\system32\mfc40u.dll
    2010-08-31 15:44:31 531968 ----a-w- c:\windows\system32\comctl32.dll
    2010-08-31 13:27:38 2038272 ----a-w- c:\windows\system32\win32k.sys
    2010-08-20 16:05:07 867328 ----a-w- c:\windows\system32\wmpmde.dll
    2010-08-17 14:11:37 128000 ----a-w- c:\windows\system32\spoolsv.exe

    ============= FINISH: 15:08:47.80 ===============
    Last edited by tashi; 2010-10-21 at 19:09. Reason: Copy pasted log into topic ;-)

  2. #2
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi,

    Does this issue happen only with Firefox or is IE affected too? Please update MBAM, run a full scan with it and delete found items (if any). Post back report + fresh dds log.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  3. #3
    Junior Member
    Join Date
    Oct 2010
    Posts
    16

    Default

    Hello Blade81, thanks for giving your time to try and help me solve my problem.

    The problem seems to affect only Firefox - I have tried to replicate it on IE but so far it seems ok.

    Here are the logs you asked for:


    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org

    Database version: 4963

    Windows 6.0.6002 Service Pack 2
    Internet Explorer 8.0.6001.18975

    27/10/2010 15:07:45
    mbam-log-2010-10-27 (15-07-45).txt

    Scan type: Full scan (C:\|D:\|)
    Objects scanned: 286167
    Time elapsed: 1 hour(s), 26 minute(s), 35 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)




    DDS (Ver_10-10-21.01) - NTFSx86
    Run by Don at 15:18:35.39 on 27/10/2010
    Internet Explorer: 8.0.6001.18975 BrowserJavaVersion: 1.6.0_22
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2038.1027 [GMT 1:00]

    SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\a-squared Free\a2service.exe
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\Windows\system32\fsproflt.exe
    C:\Program Files\Nero\Update\NASvc.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Program Files\TalkTalk\bin\sprtsvc.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe
    C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
    C:\Windows\system32\TODDSrv.exe
    C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
    C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
    C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Windows\ehome\ehtray.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Users\Don\Desktop\dds.scr
    C:\Windows\system32\conime.exe
    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uSearch Page = hxxp://www.google.com
    uSearch Bar = hxxp://www.google.com/ie
    mStart Page = hxxp://www.msn.com
    uInternet Settings,ProxyServer = http=
    uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
    BHO: Disabled:{5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No File
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: FireShot: {6e6e744e-4d20-4ce3-9a7a-26dfffe22f68} - c:\users\don\appdata\roaming\mozilla\firefox\profiles\dbhpypvr.default\extensions\{0b457caa-602d-484a-8fe7-c1d894a011ba}\library\fsaddin-0.85.dll
    TB: {4974A391-29D6-4419-A63B-49C1C7142489} - No File
    TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    TB: {31C7D459-9CC3-44F2-9DCA-FC11795309B4} - No File
    TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    uRun: [Privacy Suite RiskMonitor]
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Openwares LiveUpdate] c:\program files\liveupdate\LiveUpdate.exe
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    dRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
    StartupFolder: c:\users\don\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
    IE: Save Page As PDF ... - file://c:\program files\nitro pdf\pdf download\nitroweb.htm
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
    Notify: igfxcui - igfxdev.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - %SystemRoot%\system32\wpdshserviceobj.dll
    SEH: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - No File

    ================= FIREFOX ===================

    FF - ProfilePath - c:\users\don\appdata\roaming\mozilla\firefox\profiles\dbhpypvr.default\
    FF - prefs.js: browser.startup.homepage - hxxp://uk.msn.com/?ocid=hmlogout
    FF - prefs.js: keyword.URL - hxxp://www.veerboo.com/results.php?q=
    FF - component: c:\users\don\appdata\roaming\mozilla\firefox\profiles\dbhpypvr.default\extensions\{0b457caa-602d-484a-8fe7-c1d894a011ba}\platform\winnt_x86-msvc\components\SSSLauncher.dll
    FF - component: c:\users\don\appdata\roaming\mozilla\firefox\profiles\dbhpypvr.default\extensions\{4974a391-29d6-4419-a63b-49c1c7142489}\components\FFExternalAlert.dll
    FF - component: c:\users\don\appdata\roaming\mozilla\firefox\profiles\dbhpypvr.default\extensions\{4974a391-29d6-4419-a63b-49c1c7142489}\components\RadioWMPCore.dll
    FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
    FF - plugin: c:\program files\tracker software\pdf viewer\npPDFXCviewNPPlugin.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

    ============= SERVICES / DRIVERS ===============

    R0 FSProFilter;FSPro File Filter;c:\windows\system32\drivers\FSPFltd.sys [2010-3-25 43792]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2009-3-13 165584]
    R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\drivers\RtlProt.sys [2007-11-5 25896]
    R2 a2free;a-squared Free Service;c:\program files\a-squared free\a2service.exe [2009-1-31 1872320]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-3-13 17744]
    R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-3-13 50768]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-8 40384]
    R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2007-12-25 40960]
    R2 fsproflt;FSPro Filter Service;c:\windows\system32\fsproflt.exe [2010-3-25 142648]
    R2 NAUpdate;Nero Update;c:\program files\nero\update\NASvc.exe [2010-5-4 503080]
    R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2008-11-6 1153368]
    R2 sprtsvc_TalkTalk;SupportSoft Sprocket Service (TalkTalk);c:\program files\talktalk\bin\sprtsvc.exe [2007-10-12 202016]
    R2 tgsrvc_TalkTalk;SupportSoft Repair Service (TalkTalk);c:\program files\common files\supportsoft\bin\tgsrvc.exe [2007-8-2 148768]
    R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2007-12-3 126976]
    R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-8 40384]
    R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-8 40384]
    R3 CnxtHdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service;c:\windows\system32\drivers\CHDART.sys [2008-2-26 187904]
    R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-2-26 111616]
    R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2008-1-15 48472]
    R3 QIOMem;Generic IO & Memory Access;c:\windows\system32\drivers\QIOMem.sys [2007-4-9 8192]
    R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [2009-6-10 347648]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate1c9b90bc6621174;Google Update Service (gupdate1c9b90bc6621174);"c:\program files\google\update\googleupdate.exe" /svc --> c:\program files\google\update\GoogleUpdate.exe [?]
    S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2010-10-15 84832]
    S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
    S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-10-22 39272]
    S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
    S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-6 34064]
    S3 ultradfg;ultradfg;c:\windows\system32\drivers\ultradfg.sys [2009-10-6 41984]
    S3 WipeFile;WipeFile;c:\windows\system32\drivers\WipeFile.sys [2007-3-3 57472]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

    =============== Created Last 30 ================

    2010-10-26 17:17:25 1696256 ----a-w- c:\windows\system32\gameux.dll
    2010-10-26 17:17:24 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
    2010-10-26 17:17:23 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
    2010-10-23 11:27:16 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    2010-10-22 05:54:22 -------- d-----w- c:\windows\en
    2010-10-22 05:53:56 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys
    2010-10-22 05:50:05 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
    2010-10-22 05:50:05 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
    2010-10-22 05:50:05 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
    2010-10-22 05:43:21 469256 ----a-w- c:\program files\common files\windows live\.cache\730d7101cb71ac2c\InstallManager_WLE_WLE.exe
    2010-10-22 05:42:54 15712 ----a-w- c:\program files\common files\windows live\.cache\f92d9ef01cb71ab1f\MeshBetaRemover.exe
    2010-10-22 05:42:33 94040 ----a-w- c:\program files\common files\windows live\.cache\ebda8c901cb71ab18\DSETUP.dll
    2010-10-22 05:42:33 525656 ----a-w- c:\program files\common files\windows live\.cache\ebda8c901cb71ab18\DXSETUP.exe
    2010-10-22 05:42:33 1691480 ----a-w- c:\program files\common files\windows live\.cache\ebda8c901cb71ab18\dsetup32.dll
    2010-10-22 05:42:31 94040 ----a-w- c:\program files\common files\windows live\.cache\ea568c701cb71ab17\DSETUP.dll
    2010-10-22 05:42:31 525656 ----a-w- c:\program files\common files\windows live\.cache\ea568c701cb71ab17\DXSETUP.exe
    2010-10-22 05:42:31 1691480 ----a-w- c:\program files\common files\windows live\.cache\ea568c701cb71ab17\dsetup32.dll
    2010-10-22 05:41:19 -------- d-----w- c:\users\don\appdata\local\Windows Live
    2010-10-22 05:40:42 754688 ----a-w- c:\windows\system32\webservices.dll
    2010-10-21 21:38:45 -------- d-----w- c:\users\don\appdata\local\Microsoft Corporation
    2010-10-21 21:37:19 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
    2010-10-20 18:55:03 -------- d-----w- c:\users\don\appdata\roaming\Malwarebytes
    2010-10-20 18:54:48 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-10-20 18:54:47 -------- d-----w- c:\progra~2\Malwarebytes
    2010-10-20 18:54:46 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-10-20 18:54:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-10-19 20:35:13 6146896 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{842615c3-7176-461c-a29d-133ae26d34e2}\mpengine.dll
    2010-10-18 21:46:59 1181696 ----a-w- c:\windows\system32\WsmSvc.dll
    2010-10-17 12:02:58 -------- d-----w- c:\progra~2\STOPzilla!
    2010-10-16 16:25:20 -------- d-----w- c:\users\don\appdata\local\Paint.NET
    2010-10-15 16:13:26 84832 ----a-w- c:\windows\system32\drivers\ASPI32.SYS
    2010-10-15 16:13:26 45056 ----a-w- c:\windows\system32\WNASPI32.DLL
    2010-10-15 16:13:12 -------- d-----w- c:\program files\Free DVD Ripper
    2010-10-15 15:47:41 -------- d-----w- c:\users\don\Copied Films and Discs
    2010-10-14 12:55:59 168960 ----a-w- c:\program files\windows media player\wmplayer.exe
    2010-10-14 12:55:44 8147456 ----a-w- c:\windows\system32\wmploc.DLL
    2010-10-14 12:55:17 125952 ----a-w- c:\windows\system32\srvsvc.dll
    2010-10-14 12:55:16 304128 ----a-w- c:\windows\system32\drivers\srv.sys
    2010-10-14 12:55:16 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
    2010-10-14 12:55:16 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
    2010-10-14 12:55:15 17920 ----a-w- c:\windows\system32\netevent.dll
    2010-10-14 12:55:05 274944 ----a-w- c:\windows\system32\schannel.dll
    2010-10-14 12:55:03 339968 ----a-w- c:\program files\windows nt\accessories\wordpad.exe
    2010-10-14 12:55:03 1316864 ----a-w- c:\windows\system32\ole32.dll
    2010-10-14 12:55:01 157184 ----a-w- c:\windows\system32\t2embed.dll
    2010-10-13 14:27:54 553696 ----a-w- c:\program files\mozilla firefox\uninstall\helper.exe
    2010-10-08 22:51:35 -------- d-----w- c:\users\don\Fireshot captures
    2010-10-08 22:46:44 -------- d-----w- c:\users\don\appdata\roaming\FireShot
    2010-10-08 16:51:17 30016 ----a-w- c:\windows\system32\uxtuneup.dll
    2010-10-08 16:51:17 21312 ----a-w- c:\windows\system32\authuitu.dll
    2010-10-06 21:20:31 -------- d-----w- c:\program files\Tracker Software
    2010-10-06 21:18:20 -------- d-----w- c:\program files\DVDSmith Movie Backup
    2010-10-06 20:49:48 290816 ----a-w- c:\windows\system32\cyviewer.ocx
    2010-10-06 20:49:47 -------- d-----w- c:\program files\Ashampoo
    2010-09-28 18:45:37 2048 ----a-w- c:\windows\system32\tzres.dll
    2010-09-28 18:45:23 13312 ----a-w- c:\program files\internet explorer\iecompat.dll

    ==================== Find3M ====================

    2010-10-27 12:25:13 44544 ----a-w- c:\windows\system32\agremove.exe
    2010-09-30 15:15:06 30528 ----a-w- c:\windows\system32\TURegOpt.exe
    2010-09-22 23:47:28 49016 ----a-w- c:\windows\system32\sirenacm.dll
    2010-09-22 23:32:56 301936 ----a-w- c:\windows\WLXPGSS.SCR
    2010-09-15 03:50:37 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2010-09-08 10:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2010-09-08 10:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2010-09-08 06:01:28 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-09-08 05:57:18 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-09-08 05:57:05 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2010-09-08 05:56:53 71680 ----a-w- c:\windows\system32\iesetup.dll
    2010-09-08 05:56:53 109056 ----a-w- c:\windows\system32\iesysprep.dll
    2010-09-08 05:04:36 385024 ----a-w- c:\windows\system32\html.iec
    2010-09-08 04:26:46 133632 ----a-w- c:\windows\system32\ieUnatt.exe
    2010-09-08 04:25:15 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2010-09-07 15:12:17 38848 ----a-w- c:\windows\avastSS.scr
    2010-08-31 15:46:37 954752 ----a-w- c:\windows\system32\mfc40.dll
    2010-08-31 15:46:37 954288 ----a-w- c:\windows\system32\mfc40u.dll
    2010-08-31 15:44:31 531968 ----a-w- c:\windows\system32\comctl32.dll
    2010-08-31 13:27:38 2038272 ----a-w- c:\windows\system32\win32k.sys
    2010-08-26 16:33:06 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
    2010-08-26 16:33:04 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
    2010-08-26 16:33:04 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
    2010-08-26 16:33:04 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
    2010-08-20 16:05:07 867328 ----a-w- c:\windows\system32\wmpmde.dll
    2010-08-17 14:11:37 128000 ----a-w- c:\windows\system32\spoolsv.exe

    ============= FINISH: 15:19:32.57 ===============

  4. #4
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Thanks for the logs. Let's continue.

    Please visit this webpage for download links, and instructions for running ComboFix tool:

    http://www.bleepingcomputer.com/comb...o-use-combofix

    Please ensure you read this guide carefully first.

    Please continue as follows:

    1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
      Remember to re-enable them afterwards.

    2. Click Yes to allow ComboFix to continue scanning for malware.


    When the tool is finished, it will produce a report for you.

    Please include the following reports for further review, and so we may continue cleansing the system:

    C:\ComboFix.txt
    New dds log.


    A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  5. #5
    Junior Member
    Join Date
    Oct 2010
    Posts
    16

    Default

    Thanks for your continued support. Here are the latest log files:


    ComboFix 10-10-26.04 - Don 27/10/2010 19:24:08.1.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2038.1162 [GMT 1:00]
    Running from: c:\users\Don\Desktop\ComboFix.exe
    SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\users\Don\AppData\Local\cqqwuag.dat
    c:\users\Don\AppData\Local\cqqwuag_nav.dat
    c:\users\Don\AppData\Local\cqqwuag_navps.dat
    D:\install.exe
    D:\resycled

    c:\windows\System32\autochk.exe . . . is infected!!

    .
    ((((((((((((((((((((((((( Files Created from 2010-09-27 to 2010-10-27 )))))))))))))))))))))))))))))))
    .

    2010-10-27 18:44 . 2010-10-27 18:44 -------- d-----w- c:\users\Don\AppData\Local\temp
    2010-10-27 18:19 . 2010-10-27 18:19 17408 ----a-w- c:\windows\system32\rpcnetp.dll
    2010-10-27 18:19 . 2010-10-27 18:19 17408 ----a-w- c:\windows\system32\rpcnetp.exe
    2010-10-26 17:17 . 2010-08-26 16:34 1696256 ----a-w- c:\windows\system32\gameux.dll
    2010-10-26 17:17 . 2010-08-26 16:33 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
    2010-10-26 17:17 . 2010-08-26 14:23 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
    2010-10-22 05:54 . 2010-10-22 05:54 -------- d-----w- c:\windows\en
    2010-10-22 05:53 . 2010-09-22 23:21 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys
    2010-10-22 05:50 . 2009-09-04 16:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
    2010-10-22 05:50 . 2009-09-04 16:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
    2010-10-22 05:50 . 2009-09-04 16:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
    2010-10-22 05:43 . 2010-10-22 05:43 469256 ----a-w- c:\program files\Common Files\Windows Live\.cache\730d7101cb71ac2c\InstallManager_WLE_WLE.exe
    2010-10-22 05:42 . 2010-10-22 05:42 15712 ----a-w- c:\program files\Common Files\Windows Live\.cache\f92d9ef01cb71ab1f\MeshBetaRemover.exe
    2010-10-22 05:42 . 2010-10-22 05:42 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\ebda8c901cb71ab18\DSETUP.dll
    2010-10-22 05:42 . 2010-10-22 05:42 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\ebda8c901cb71ab18\DXSETUP.exe
    2010-10-22 05:42 . 2010-10-22 05:42 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\ebda8c901cb71ab18\dsetup32.dll
    2010-10-22 05:42 . 2010-10-22 05:42 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\ea568c701cb71ab17\DSETUP.dll
    2010-10-22 05:42 . 2010-10-22 05:42 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\ea568c701cb71ab17\DXSETUP.exe
    2010-10-22 05:42 . 2010-10-22 05:42 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\ea568c701cb71ab17\dsetup32.dll
    2010-10-22 05:41 . 2010-10-22 05:41 -------- d-----w- c:\users\Don\AppData\Local\Windows Live
    2010-10-22 05:40 . 2009-08-04 08:02 754688 ----a-w- c:\windows\system32\webservices.dll
    2010-10-21 21:38 . 2010-10-21 21:38 -------- d-----w- c:\users\Don\AppData\Local\Microsoft Corporation
    2010-10-21 21:37 . 2010-10-21 21:37 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
    2010-10-21 21:24 . 2010-10-21 21:24 -------- d-----w- c:\programdata\Microsoft Corporation
    2010-10-21 14:02 . 2010-10-21 14:02 -------- d-----w- c:\program files\ERUNT
    2010-10-20 18:55 . 2010-10-20 18:55 -------- d-----w- c:\users\Don\AppData\Roaming\Malwarebytes
    2010-10-20 18:54 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-10-20 18:54 . 2010-10-20 18:54 -------- d-----w- c:\programdata\Malwarebytes
    2010-10-20 18:54 . 2010-10-20 18:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-10-20 18:54 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-10-19 20:35 . 2010-10-18 08:41 6146896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{842615C3-7176-461C-A29D-133AE26D34E2}\mpengine.dll
    2010-10-18 21:46 . 2009-10-09 21:56 1181696 ----a-w- c:\windows\system32\WsmSvc.dll
    2010-10-17 12:02 . 2010-10-17 15:47 -------- d-----w- c:\programdata\STOPzilla!
    2010-10-16 16:25 . 2010-10-17 12:52 -------- d-----w- c:\users\Don\AppData\Local\Paint.NET
    2010-10-15 16:13 . 2002-07-17 14:23 45056 ----a-w- c:\windows\system32\WNASPI32.DLL
    2010-10-15 16:13 . 2002-07-17 14:20 84832 ----a-w- c:\windows\system32\drivers\ASPI32.SYS
    2010-10-15 16:13 . 2010-10-16 09:17 -------- d-----w- c:\program files\Free DVD Ripper
    2010-10-15 15:48 . 2010-10-15 15:48 -------- d-----w- c:\users\Don\AppData\Roaming\dvdcss
    2010-10-15 15:47 . 2010-10-15 15:48 -------- d-----w- c:\users\Don\Copied Films and Discs
    2010-10-14 12:55 . 2010-09-13 13:56 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
    2010-10-14 12:55 . 2010-09-13 13:56 8147456 ----a-w- c:\windows\system32\wmploc.DLL
    2010-10-14 12:55 . 2010-09-06 16:20 125952 ----a-w- c:\windows\system32\srvsvc.dll
    2010-10-14 12:55 . 2010-09-06 13:45 304128 ----a-w- c:\windows\system32\drivers\srv.sys
    2010-10-14 12:55 . 2010-09-06 13:45 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
    2010-10-14 12:55 . 2010-09-06 13:45 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
    2010-10-14 12:55 . 2010-09-06 16:19 17920 ----a-w- c:\windows\system32\netevent.dll
    2010-10-14 12:55 . 2010-08-10 15:53 274944 ----a-w- c:\windows\system32\schannel.dll
    2010-10-14 12:55 . 2010-06-28 17:00 1316864 ----a-w- c:\windows\system32\ole32.dll
    2010-10-14 12:55 . 2010-06-28 14:54 339968 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe
    2010-10-14 12:55 . 2010-08-26 16:37 157184 ----a-w- c:\windows\system32\t2embed.dll
    2010-10-08 22:51 . 2010-10-08 22:52 -------- d-----w- c:\users\Don\Fireshot captures
    2010-10-08 22:46 . 2010-10-08 22:46 -------- d-----w- c:\users\Don\AppData\Roaming\FireShot
    2010-10-08 16:51 . 2010-09-30 15:09 21312 ----a-w- c:\windows\system32\authuitu.dll
    2010-10-08 16:51 . 2010-09-30 15:09 30016 ----a-w- c:\windows\system32\uxtuneup.dll
    2010-10-06 21:20 . 2010-10-06 21:20 -------- d-----w- c:\program files\Tracker Software
    2010-10-06 21:18 . 2010-10-06 21:18 -------- d-----w- c:\program files\DVDSmith Movie Backup
    2010-10-06 20:49 . 2008-05-07 15:03 290816 ----a-w- c:\windows\system32\cyviewer.ocx
    2010-10-06 20:49 . 2010-10-06 20:49 -------- d-----w- c:\program files\Ashampoo
    2010-09-28 18:45 . 2010-06-22 13:30 2048 ----a-w- c:\windows\system32\tzres.dll
    2010-09-28 18:45 . 2010-08-26 04:23 13312 ----a-w- c:\program files\Internet Explorer\iecompat.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-10-27 17:10 . 2008-11-20 18:42 44544 ----a-w- c:\windows\system32\agremove.exe
    2010-09-30 15:15 . 2010-06-07 14:26 30528 ----a-w- c:\windows\system32\TURegOpt.exe
    2010-09-22 23:47 . 2010-09-22 23:47 49016 ----a-w- c:\windows\system32\sirenacm.dll
    2010-09-22 23:32 . 2010-09-22 23:32 301936 ----a-w- c:\windows\WLXPGSS.SCR
    2010-09-15 03:50 . 2010-04-17 15:14 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2010-09-08 10:17 . 2010-09-08 10:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2010-09-08 10:17 . 2010-09-08 10:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2010-09-07 15:12 . 2010-06-29 15:18 38848 ----a-w- c:\windows\avastSS.scr
    2010-09-07 15:11 . 2009-03-13 15:12 167592 ----a-w- c:\windows\system32\aswBoot.exe
    2010-09-07 14:52 . 2009-03-13 15:12 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2010-09-07 14:52 . 2009-03-13 15:12 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2010-09-07 14:47 . 2009-03-13 15:12 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2010-09-07 14:47 . 2009-03-13 15:12 50768 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2010-09-07 14:47 . 2009-03-13 15:12 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2010-08-26 16:33 . 2010-10-26 17:17 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
    2010-08-26 16:33 . 2010-10-26 17:17 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
    2010-08-26 16:33 . 2010-10-26 17:17 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
    2010-08-26 16:33 . 2010-10-26 17:17 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
    2010-08-17 14:11 . 2010-09-15 13:36 128000 ----a-w- c:\windows\system32\spoolsv.exe
    2010-08-05 17:10 . 2010-08-05 17:10 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-02-26 141848]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2009-02-26 150552]
    "avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-09-07 2838912]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-02-26 173592]
    "Openwares LiveUpdate"="c:\program files\LiveUpdate\LiveUpdate.exe" [2003-12-13 61440]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-20 413696]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-09-22 4240760]

    c:\users\Don\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" -autorun

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3255058789-4097180596-3726220330-1000]
    "EnableNotificationsRef"=dword:00000002

    R0 rpcnetp;rpcnetp; [x]
    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 gupdate1c9b90bc6621174;Google Update Service (gupdate1c9b90bc6621174);c:\program files\Google\Update\GoogleUpdate.exe [x]
    R3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys [2002-07-17 84832]
    R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-06 34064]
    S0 FSProFilter;FSPro File Filter;c:\windows\System32\Drivers\FSPFltd.sys [2008-06-05 43792]
    S1 aswSP;aswSP; [x]
    S2 a2free;a-squared Free Service;c:\program files\a-squared Free\a2service.exe [2010-05-12 1872320]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]
    S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2007-12-25 40960]
    S2 fsproflt;FSPro Filter Service;c:\windows\system32\fsproflt.exe [2010-01-06 142648]
    S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-05-04 503080]
    S3 CnxtHdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service;c:\windows\system32\drivers\CHDART.sys [2008-02-01 187904]
    S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2007-06-06 111616]
    S3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2008-01-15 48472]
    S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys [2007-04-09 8192]


    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp
    .
    Contents of the 'Scheduled Tasks' folder

    2010-10-27 c:\windows\Tasks\GlaryInitialize.job
    - c:\program files\Glary Utilities\initialize.exe [2008-11-06 10:14]

    2010-09-11 c:\windows\Tasks\SmartDefrag.job
    - c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2010-09-11 17:08]

    2010-10-27 c:\windows\Tasks\User_Feed_Synchronization-{C3424DA8-C7DF-4615-AD60-46AA957ED8B3}.job
    - c:\windows\system32\msfeedssync.exe [2010-10-14 04:25]
    .
    .
    ------- Supplementary Scan -------
    .
    mStart Page = hxxp://www.msn.com
    uInternet Settings,ProxyServer = http=
    uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
    IE: Save Page As PDF ... - file://c:\program files\Nitro PDF\PDF Download\nitroweb.htm
    FF - ProfilePath - c:\users\Don\AppData\Roaming\Mozilla\Firefox\Profiles\dbhpypvr.default\
    FF - prefs.js: browser.startup.homepage - hxxp://uk.msn.com/?ocid=hmlogout
    FF - prefs.js: keyword.URL - hxxp://www.veerboo.com/results.php?q=
    FF - component: c:\users\Don\AppData\Roaming\Mozilla\Firefox\Profiles\dbhpypvr.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\platform\WINNT_x86-msvc\components\SSSLauncher.dll
    FF - component: c:\users\Don\AppData\Roaming\Mozilla\Firefox\Profiles\dbhpypvr.default\extensions\{4974a391-29d6-4419-a63b-49c1c7142489}\components\FFExternalAlert.dll
    FF - component: c:\users\Don\AppData\Roaming\Mozilla\Firefox\Profiles\dbhpypvr.default\extensions\{4974a391-29d6-4419-a63b-49c1c7142489}\components\RadioWMPCore.dll
    FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
    FF - plugin: c:\program files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll
    FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    .
    - - - - ORPHANS REMOVED - - - -

    WebBrowser-{4974A391-29D6-4419-A63B-49C1C7142489} - (no file)
    WebBrowser-{31C7D459-9CC3-44F2-9DCA-FC11795309B4} - (no file)
    HKCU-Run-Privacy Suite RiskMonitor - (no file)
    ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-10-27 19:44
    Windows 6.0.6002 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...


    C:\My Lockbox

    scan completed successfully
    hidden files: 1

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (LocalSystem)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1c,d1,ba,c3,57,b6,70,4a,8b,33,4b,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1c,d1,ba,c3,57,b6,70,4a,8b,33,4b,\

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    Completion time: 2010-10-27 19:47:29
    ComboFix-quarantined-files.txt 2010-10-27 18:47

    Pre-Run: 40,349,716,480 bytes free
    Post-Run: 40,130,482,176 bytes free

    Current=1 Default=1 Failed=0 LastKnownGood=11 Sets=1,2,3,4,5,6,7,8,9,11
    - - End Of File - - 168D35DA9C57F9F1B94F52837E007E1B




    DDS (Ver_10-10-21.01) - NTFSx86
    Run by Don at 19:54:13.66 on 27/10/2010
    Internet Explorer: 8.0.6001.18975 BrowserJavaVersion: 1.6.0_22
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2038.988 [GMT 1:00]

    SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\a-squared Free\a2service.exe
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\Windows\system32\fsproflt.exe
    C:\Program Files\Nero\Update\NASvc.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Program Files\TalkTalk\bin\sprtsvc.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe
    C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
    C:\Windows\system32\TODDSrv.exe
    C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
    C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
    C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\system32\conime.exe
    C:\Windows\explorer.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Users\Don\Desktop\dds.scr
    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    mStart Page = hxxp://www.msn.com
    uInternet Settings,ProxyServer = http=
    uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
    BHO: Disabled:{5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No File
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: FireShot: {6e6e744e-4d20-4ce3-9a7a-26dfffe22f68} - c:\users\don\appdata\roaming\mozilla\firefox\profiles\dbhpypvr.default\extensions\{0b457caa-602d-484a-8fe7-c1d894a011ba}\library\fsaddin-0.85.dll
    TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Openwares LiveUpdate] c:\program files\liveupdate\LiveUpdate.exe
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    dRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
    StartupFolder: c:\users\don\appdata\roaming\micros~1\windows\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
    IE: Save Page As PDF ... - file://c:\program files\nitro pdf\pdf download\nitroweb.htm
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
    Notify: igfxcui - igfxdev.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - %SystemRoot%\system32\wpdshserviceobj.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\users\don\appdata\roaming\mozilla\firefox\profiles\dbhpypvr.default\
    FF - prefs.js: browser.startup.homepage - hxxp://uk.msn.com/?ocid=hmlogout
    FF - prefs.js: keyword.URL - hxxp://www.veerboo.com/results.php?q=
    FF - component: c:\users\don\appdata\roaming\mozilla\firefox\profiles\dbhpypvr.default\extensions\{0b457caa-602d-484a-8fe7-c1d894a011ba}\platform\winnt_x86-msvc\components\SSSLauncher.dll
    FF - component: c:\users\don\appdata\roaming\mozilla\firefox\profiles\dbhpypvr.default\extensions\{4974a391-29d6-4419-a63b-49c1c7142489}\components\FFExternalAlert.dll
    FF - component: c:\users\don\appdata\roaming\mozilla\firefox\profiles\dbhpypvr.default\extensions\{4974a391-29d6-4419-a63b-49c1c7142489}\components\RadioWMPCore.dll
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

    ============= SERVICES / DRIVERS ===============

    R0 FSProFilter;FSPro File Filter;c:\windows\system32\drivers\FSPFltd.sys [2010-3-25 43792]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2009-3-13 165584]
    R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\drivers\RtlProt.sys [2007-11-5 25896]
    R2 a2free;a-squared Free Service;c:\program files\a-squared free\a2service.exe [2009-1-31 1872320]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-3-13 17744]
    R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-3-13 50768]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-8 40384]
    R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2007-12-25 40960]
    R2 fsproflt;FSPro Filter Service;c:\windows\system32\fsproflt.exe [2010-3-25 142648]
    R2 NAUpdate;Nero Update;c:\program files\nero\update\NASvc.exe [2010-5-4 503080]
    R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2008-11-6 1153368]
    R2 sprtsvc_TalkTalk;SupportSoft Sprocket Service (TalkTalk);c:\program files\talktalk\bin\sprtsvc.exe [2007-10-12 202016]
    R2 tgsrvc_TalkTalk;SupportSoft Repair Service (TalkTalk);c:\program files\common files\supportsoft\bin\tgsrvc.exe [2007-8-2 148768]
    R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2007-12-3 126976]
    R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-8 40384]
    R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-8 40384]
    R3 CnxtHdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service;c:\windows\system32\drivers\CHDART.sys [2008-2-26 187904]
    R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-2-26 111616]
    R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2008-1-15 48472]
    R3 QIOMem;Generic IO & Memory Access;c:\windows\system32\drivers\QIOMem.sys [2007-4-9 8192]
    R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [2009-6-10 347648]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate1c9b90bc6621174;Google Update Service (gupdate1c9b90bc6621174);"c:\program files\google\update\googleupdate.exe" /svc --> c:\program files\google\update\GoogleUpdate.exe [?]
    S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2010-10-15 84832]
    S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
    S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-10-22 39272]
    S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
    S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-6 34064]
    S3 ultradfg;ultradfg;c:\windows\system32\drivers\ultradfg.sys [2009-10-6 41984]
    S3 WipeFile;WipeFile;c:\windows\system32\drivers\WipeFile.sys [2007-3-3 57472]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    SUnknown rpcnetp;rpcnetp; [x]

    =============== Created Last 30 ================

    2010-10-27 18:47:37 -------- d-sh--w- C:\$RECYCLE.BIN
    2010-10-27 18:47:31 -------- d-----w- c:\users\don\appdata\local\temp
    2010-10-27 18:21:33 98816 ----a-w- c:\windows\sed.exe
    2010-10-27 18:21:33 79872 ----a-w- c:\windows\MBR.exe
    2010-10-27 18:21:33 256512 ----a-w- c:\windows\PEV.exe
    2010-10-27 18:21:33 161792 ----a-w- c:\windows\SWREG.exe
    2010-10-27 18:19:33 17408 ----a-w- c:\windows\system32\rpcnetp.dll
    2010-10-27 18:19:19 17408 ----a-w- c:\windows\system32\rpcnetp.exe
    2010-10-27 18:17:52 -------- d-----w- C:\ComboFix
    2010-10-26 17:17:25 1696256 ----a-w- c:\windows\system32\gameux.dll
    2010-10-26 17:17:24 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
    2010-10-26 17:17:23 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
    2010-10-23 11:27:16 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    2010-10-22 05:54:22 -------- d-----w- c:\windows\en
    2010-10-22 05:53:56 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys
    2010-10-22 05:50:05 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
    2010-10-22 05:50:05 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
    2010-10-22 05:50:05 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
    2010-10-22 05:43:21 469256 ----a-w- c:\program files\common files\windows live\.cache\730d7101cb71ac2c\InstallManager_WLE_WLE.exe
    2010-10-22 05:42:54 15712 ----a-w- c:\program files\common files\windows live\.cache\f92d9ef01cb71ab1f\MeshBetaRemover.exe
    2010-10-22 05:42:33 94040 ----a-w- c:\program files\common files\windows live\.cache\ebda8c901cb71ab18\DSETUP.dll
    2010-10-22 05:42:33 525656 ----a-w- c:\program files\common files\windows live\.cache\ebda8c901cb71ab18\DXSETUP.exe
    2010-10-22 05:42:33 1691480 ----a-w- c:\program files\common files\windows live\.cache\ebda8c901cb71ab18\dsetup32.dll
    2010-10-22 05:42:31 94040 ----a-w- c:\program files\common files\windows live\.cache\ea568c701cb71ab17\DSETUP.dll
    2010-10-22 05:42:31 525656 ----a-w- c:\program files\common files\windows live\.cache\ea568c701cb71ab17\DXSETUP.exe
    2010-10-22 05:42:31 1691480 ----a-w- c:\program files\common files\windows live\.cache\ea568c701cb71ab17\dsetup32.dll
    2010-10-22 05:41:19 -------- d-----w- c:\users\don\appdata\local\Windows Live
    2010-10-22 05:40:42 754688 ----a-w- c:\windows\system32\webservices.dll
    2010-10-21 21:38:45 -------- d-----w- c:\users\don\appdata\local\Microsoft Corporation
    2010-10-21 21:37:19 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
    2010-10-20 18:55:03 -------- d-----w- c:\users\don\appdata\roaming\Malwarebytes
    2010-10-20 18:54:48 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-10-20 18:54:47 -------- d-----w- c:\progra~2\Malwarebytes
    2010-10-20 18:54:46 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-10-20 18:54:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-10-19 20:35:13 6146896 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{842615c3-7176-461c-a29d-133ae26d34e2}\mpengine.dll
    2010-10-18 21:46:59 1181696 ----a-w- c:\windows\system32\WsmSvc.dll
    2010-10-17 12:02:58 -------- d-----w- c:\progra~2\STOPzilla!
    2010-10-16 16:25:20 -------- d-----w- c:\users\don\appdata\local\Paint.NET
    2010-10-15 16:13:26 84832 ----a-w- c:\windows\system32\drivers\ASPI32.SYS
    2010-10-15 16:13:26 45056 ----a-w- c:\windows\system32\WNASPI32.DLL
    2010-10-15 16:13:12 -------- d-----w- c:\program files\Free DVD Ripper
    2010-10-15 15:47:41 -------- d-----w- c:\users\don\Copied Films and Discs
    2010-10-14 12:55:59 168960 ----a-w- c:\program files\windows media player\wmplayer.exe
    2010-10-14 12:55:44 8147456 ----a-w- c:\windows\system32\wmploc.DLL
    2010-10-14 12:55:17 125952 ----a-w- c:\windows\system32\srvsvc.dll
    2010-10-14 12:55:16 304128 ----a-w- c:\windows\system32\drivers\srv.sys
    2010-10-14 12:55:16 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
    2010-10-14 12:55:16 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
    2010-10-14 12:55:15 17920 ----a-w- c:\windows\system32\netevent.dll
    2010-10-14 12:55:05 274944 ----a-w- c:\windows\system32\schannel.dll
    2010-10-14 12:55:03 339968 ----a-w- c:\program files\windows nt\accessories\wordpad.exe
    2010-10-14 12:55:03 1316864 ----a-w- c:\windows\system32\ole32.dll
    2010-10-14 12:55:01 157184 ----a-w- c:\windows\system32\t2embed.dll
    2010-10-13 14:27:54 553696 ----a-w- c:\program files\mozilla firefox\uninstall\helper.exe
    2010-10-08 22:51:35 -------- d-----w- c:\users\don\Fireshot captures
    2010-10-08 22:46:44 -------- d-----w- c:\users\don\appdata\roaming\FireShot
    2010-10-08 16:51:17 30016 ----a-w- c:\windows\system32\uxtuneup.dll
    2010-10-08 16:51:17 21312 ----a-w- c:\windows\system32\authuitu.dll
    2010-10-06 21:20:31 -------- d-----w- c:\program files\Tracker Software
    2010-10-06 21:18:20 -------- d-----w- c:\program files\DVDSmith Movie Backup
    2010-10-06 20:49:48 290816 ----a-w- c:\windows\system32\cyviewer.ocx
    2010-10-06 20:49:47 -------- d-----w- c:\program files\Ashampoo
    2010-09-28 18:45:37 2048 ----a-w- c:\windows\system32\tzres.dll
    2010-09-28 18:45:23 13312 ----a-w- c:\program files\internet explorer\iecompat.dll

    ==================== Find3M ====================

    2010-10-27 17:10:23 44544 ----a-w- c:\windows\system32\agremove.exe
    2010-09-30 15:15:06 30528 ----a-w- c:\windows\system32\TURegOpt.exe
    2010-09-22 23:47:28 49016 ----a-w- c:\windows\system32\sirenacm.dll
    2010-09-22 23:32:56 301936 ----a-w- c:\windows\WLXPGSS.SCR
    2010-09-15 03:50:37 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2010-09-08 10:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2010-09-08 10:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2010-09-08 06:01:28 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-09-08 05:57:18 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-09-08 05:57:05 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2010-09-08 05:56:53 71680 ----a-w- c:\windows\system32\iesetup.dll
    2010-09-08 05:56:53 109056 ----a-w- c:\windows\system32\iesysprep.dll
    2010-09-08 05:04:36 385024 ----a-w- c:\windows\system32\html.iec
    2010-09-08 04:26:46 133632 ----a-w- c:\windows\system32\ieUnatt.exe
    2010-09-08 04:25:15 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2010-09-07 15:12:17 38848 ----a-w- c:\windows\avastSS.scr
    2010-08-31 15:46:37 954752 ----a-w- c:\windows\system32\mfc40.dll
    2010-08-31 15:46:37 954288 ----a-w- c:\windows\system32\mfc40u.dll
    2010-08-31 15:44:31 531968 ----a-w- c:\windows\system32\comctl32.dll
    2010-08-31 13:27:38 2038272 ----a-w- c:\windows\system32\win32k.sys
    2010-08-26 16:33:06 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
    2010-08-26 16:33:04 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
    2010-08-26 16:33:04 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
    2010-08-26 16:33:04 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
    2010-08-20 16:05:07 867328 ----a-w- c:\windows\system32\wmpmde.dll
    2010-08-17 14:11:37 128000 ----a-w- c:\windows\system32\spoolsv.exe

    ============= FINISH: 19:54:52.03 ===============

  6. #6
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi,

    Upload c:\windows\System32\autochk.exe file to http://www.virustotal.com (reanalyze if asked) and post back the results or a link to the results.


    Open notepad and copy/paste the text in the quotebox below into it:

    Code:
    Firefox::
    FF - ProfilePath - c:\users\Don\AppData\Roaming\Mozilla\Firefox\Profiles\dbhpypvr.default\
    FF - prefs.js: keyword.URL - hxxp://www.veerboo.com/results.php?q=
    DDS::
    BHO: Disabled:{5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No File
    TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    TB: {32099AAC-C132-4136-9E9A-4E364A424E17} - No File

    Save this as
    CFScript

    A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.



    Close all browser windows and refering to the picture above, drag CFScript into ComboFix.exe
    Then post the resultant log.

    Uninstall these old Javas:
    Java(TM) 6 Update 2
    Java(TM) 6 Update 3
    Java(TM) 6 Update 7



    Please run an online scan with Kaspersky Online Scanner as instructed in the screenshot here.

    Post back its report, a fresh dds.txt log and above mentioned ComboFix resultant log.
    Last edited by Blade81; 2010-10-28 at 10:12.
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  7. #7
    Junior Member
    Join Date
    Oct 2010
    Posts
    16

    Default

    Sorry for the delay, the Kaspersky scan took a long time!

    The old Javas have been unistalled.

    Reports as follows:


    0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.
    File name: autochk.exe
    Submission date: 2010-10-27 19:39:13 (UTC)
    Current status: queued (#25) queued (#15) analysing finished


    Result: 0/ 40 (0.0%)
    VT Community

    not reviewed
    Safety score: -
    Compact Print results Antivirus Version Last Update Result
    AntiVir 7.10.13.59 2010.10.27 -
    Antiy-AVL 2.0.3.7 2010.10.27 -
    Authentium 5.2.0.5 2010.10.27 -
    Avast 4.8.1351.0 2010.10.27 -
    Avast5 5.0.594.0 2010.10.27 -
    BitDefender 7.2 2010.10.27 -
    CAT-QuickHeal 11.00 2010.10.26 -
    ClamAV 0.96.2.0-git 2010.10.27 -
    Comodo 6530 2010.10.27 -
    Comodo 6530 2010.10.27 -
    Comodo 6530 2010.10.27 -
    DrWeb 5.0.2.03300 2010.10.27 -
    Emsisoft 5.0.0.50 2010.10.27 -
    eTrust-Vet 36.1.7939 2010.10.27 -
    F-Prot 4.6.2.117 2010.10.26 -
    F-Secure 9.0.16160.0 2010.10.27 -
    Fortinet 4.2.249.0 2010.10.27 -
    GData 21 2010.10.27 -
    Ikarus T3.1.1.90.0 2010.10.27 -
    Jiangmin 13.0.900 2010.10.27 -
    K7AntiVirus 9.66.2847 2010.10.27 -
    Kaspersky 7.0.0.125 2010.10.27 -
    McAfee 5.400.0.1158 2010.10.27 -
    McAfee-GW-Edition 2010.1C 2010.10.27 -
    Microsoft 1.6301 2010.10.27 -
    NOD32 5568 2010.10.27 -
    nProtect 2010-10-27.01 2010.10.27 -
    Panda 10.0.2.7 2010.10.27 -
    PCTools 7.0.3.5 2010.10.27 -
    Prevx 3.0 2010.10.27 -
    Rising 22.71.01.04 2010.10.27 -
    Sophos 4.58.0 2010.10.27 -
    SUPERAntiSpyware 4.40.0.1006 2010.10.27 -
    Symantec 20101.2.0.161 2010.10.27 -
    TheHacker 6.7.0.1.069 2010.10.27 -
    TrendMicro 9.120.0.1004 2010.10.27 -
    TrendMicro-HouseCall 9.120.0.1004 2010.10.27 -
    VBA32 3.12.14.1 2010.10.27 -
    ViRobot 2010.10.25.4110 2010.10.27 -
    VirusBuster 12.70.8.0 2010.10.27 -


    Additional information

    MD5 : 4268ea2e81a50d929ec17ef7eb92616a
    SHA1 : 188bbd66cc7907c5e58296961e602d9bfcc1f3f3
    SHA256: ba7ec81d0c0f2e2abdbc60386901ac4b7574ee39345613eebfe3435164009058
    ssdeep: 12288:3ASEAtt25iCeWblH8BYP7JcCAUC6B+KYQmvFNo:3A4/u/VbbPdcC/XBbYFv3
    File size : 643072 bytes
    First seen: 2010-10-27 19:39:13
    Last seen : 2010-10-27 19:39:13
    TrID:
    Unknown!
    sigcheck:
    publisher....: n/a
    copyright....: n/a
    product......: n/a
    description..: n/a
    original name: n/a
    internal name: n/a
    file version.: n/a
    comments.....: n/a
    signers......: -
    signing date.: -
    verified.....: Unsigned


    ComboFix 10-10-26.04 - Don 27/10/2010 21:18:03.2.2 - x86
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2038.1133 [GMT 1:00]
    Running from: c:\users\Don\Desktop\ComboFix.exe
    Command switches used :: c:\users\Don\Desktop\CFScript.txt
    SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
    .

    ((((((((((((((((((((((((( Files Created from 2010-09-27 to 2010-10-27 )))))))))))))))))))))))))))))))
    .

    2010-10-27 20:27 . 2010-10-27 20:31 -------- d-----w- c:\users\Don\AppData\Local\temp
    2010-10-27 20:27 . 2010-10-27 20:27 -------- d-----w- c:\users\Default\AppData\Local\temp
    2010-10-27 18:19 . 2010-10-27 20:29 17408 ----a-w- c:\windows\system32\rpcnetp.dll
    2010-10-27 18:19 . 2010-10-27 20:28 17408 ----a-w- c:\windows\system32\rpcnetp.exe
    2010-10-26 17:17 . 2010-08-26 16:34 1696256 ----a-w- c:\windows\system32\gameux.dll
    2010-10-26 17:17 . 2010-08-26 16:33 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
    2010-10-26 17:17 . 2010-08-26 14:23 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
    2010-10-22 05:54 . 2010-10-22 05:54 -------- d-----w- c:\windows\en
    2010-10-22 05:53 . 2010-09-22 23:21 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys
    2010-10-22 05:50 . 2009-09-04 16:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
    2010-10-22 05:50 . 2009-09-04 16:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
    2010-10-22 05:50 . 2009-09-04 16:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
    2010-10-22 05:43 . 2010-10-22 05:43 469256 ----a-w- c:\program files\Common Files\Windows Live\.cache\730d7101cb71ac2c\InstallManager_WLE_WLE.exe
    2010-10-22 05:42 . 2010-10-22 05:42 15712 ----a-w- c:\program files\Common Files\Windows Live\.cache\f92d9ef01cb71ab1f\MeshBetaRemover.exe
    2010-10-22 05:42 . 2010-10-22 05:42 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\ebda8c901cb71ab18\DSETUP.dll
    2010-10-22 05:42 . 2010-10-22 05:42 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\ebda8c901cb71ab18\DXSETUP.exe
    2010-10-22 05:42 . 2010-10-22 05:42 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\ebda8c901cb71ab18\dsetup32.dll
    2010-10-22 05:42 . 2010-10-22 05:42 94040 ----a-w- c:\program files\Common Files\Windows Live\.cache\ea568c701cb71ab17\DSETUP.dll
    2010-10-22 05:42 . 2010-10-22 05:42 525656 ----a-w- c:\program files\Common Files\Windows Live\.cache\ea568c701cb71ab17\DXSETUP.exe
    2010-10-22 05:42 . 2010-10-22 05:42 1691480 ----a-w- c:\program files\Common Files\Windows Live\.cache\ea568c701cb71ab17\dsetup32.dll
    2010-10-22 05:41 . 2010-10-22 05:41 -------- d-----w- c:\users\Don\AppData\Local\Windows Live
    2010-10-22 05:40 . 2009-08-04 08:02 754688 ----a-w- c:\windows\system32\webservices.dll
    2010-10-21 21:38 . 2010-10-21 21:38 -------- d-----w- c:\users\Don\AppData\Local\Microsoft Corporation
    2010-10-21 21:37 . 2010-10-21 21:37 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
    2010-10-21 21:24 . 2010-10-21 21:24 -------- d-----w- c:\programdata\Microsoft Corporation
    2010-10-20 18:55 . 2010-10-20 18:55 -------- d-----w- c:\users\Don\AppData\Roaming\Malwarebytes
    2010-10-20 18:54 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-10-20 18:54 . 2010-10-20 18:54 -------- d-----w- c:\programdata\Malwarebytes
    2010-10-20 18:54 . 2010-10-20 18:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-10-20 18:54 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-10-19 20:35 . 2010-10-18 08:41 6146896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{842615C3-7176-461C-A29D-133AE26D34E2}\mpengine.dll
    2010-10-18 21:46 . 2009-10-09 21:56 1181696 ----a-w- c:\windows\system32\WsmSvc.dll
    2010-10-17 12:02 . 2010-10-17 15:47 -------- d-----w- c:\programdata\STOPzilla!
    2010-10-16 16:25 . 2010-10-17 12:52 -------- d-----w- c:\users\Don\AppData\Local\Paint.NET
    2010-10-15 16:13 . 2002-07-17 14:23 45056 ----a-w- c:\windows\system32\WNASPI32.DLL
    2010-10-15 16:13 . 2002-07-17 14:20 84832 ----a-w- c:\windows\system32\drivers\ASPI32.SYS
    2010-10-15 16:13 . 2010-10-16 09:17 -------- d-----w- c:\program files\Free DVD Ripper
    2010-10-15 15:48 . 2010-10-15 15:48 -------- d-----w- c:\users\Don\AppData\Roaming\dvdcss
    2010-10-15 15:47 . 2010-10-15 15:48 -------- d-----w- c:\users\Don\Copied Films and Discs
    2010-10-14 12:55 . 2010-09-13 13:56 168960 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
    2010-10-14 12:55 . 2010-09-13 13:56 8147456 ----a-w- c:\windows\system32\wmploc.DLL
    2010-10-14 12:55 . 2010-09-06 16:20 125952 ----a-w- c:\windows\system32\srvsvc.dll
    2010-10-14 12:55 . 2010-09-06 13:45 304128 ----a-w- c:\windows\system32\drivers\srv.sys
    2010-10-14 12:55 . 2010-09-06 13:45 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
    2010-10-14 12:55 . 2010-09-06 13:45 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
    2010-10-14 12:55 . 2010-09-06 16:19 17920 ----a-w- c:\windows\system32\netevent.dll
    2010-10-14 12:55 . 2010-08-10 15:53 274944 ----a-w- c:\windows\system32\schannel.dll
    2010-10-14 12:55 . 2010-06-28 17:00 1316864 ----a-w- c:\windows\system32\ole32.dll
    2010-10-14 12:55 . 2010-06-28 14:54 339968 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe
    2010-10-14 12:55 . 2010-08-26 16:37 157184 ----a-w- c:\windows\system32\t2embed.dll
    2010-10-08 22:51 . 2010-10-08 22:52 -------- d-----w- c:\users\Don\Fireshot captures
    2010-10-08 22:46 . 2010-10-08 22:46 -------- d-----w- c:\users\Don\AppData\Roaming\FireShot
    2010-10-08 16:51 . 2010-09-30 15:09 21312 ----a-w- c:\windows\system32\authuitu.dll
    2010-10-08 16:51 . 2010-09-30 15:09 30016 ----a-w- c:\windows\system32\uxtuneup.dll
    2010-10-06 21:20 . 2010-10-06 21:20 -------- d-----w- c:\program files\Tracker Software
    2010-10-06 21:18 . 2010-10-06 21:18 -------- d-----w- c:\program files\DVDSmith Movie Backup
    2010-10-06 20:49 . 2008-05-07 15:03 290816 ----a-w- c:\windows\system32\cyviewer.ocx
    2010-10-06 20:49 . 2010-10-06 20:49 -------- d-----w- c:\program files\Ashampoo
    2010-09-28 18:45 . 2010-06-22 13:30 2048 ----a-w- c:\windows\system32\tzres.dll
    2010-09-28 18:45 . 2010-08-26 04:23 13312 ----a-w- c:\program files\Internet Explorer\iecompat.dll

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-10-27 17:10 . 2008-11-20 18:42 44544 ----a-w- c:\windows\system32\agremove.exe
    2010-09-30 15:15 . 2010-06-07 14:26 30528 ----a-w- c:\windows\system32\TURegOpt.exe
    2010-09-22 23:47 . 2010-09-22 23:47 49016 ----a-w- c:\windows\system32\sirenacm.dll
    2010-09-22 23:32 . 2010-09-22 23:32 301936 ----a-w- c:\windows\WLXPGSS.SCR
    2010-09-15 03:50 . 2010-04-17 15:14 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2010-09-08 10:17 . 2010-09-08 10:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2010-09-08 10:17 . 2010-09-08 10:17 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2010-09-07 15:12 . 2010-06-29 15:18 38848 ----a-w- c:\windows\avastSS.scr
    2010-09-07 15:11 . 2009-03-13 15:12 167592 ----a-w- c:\windows\system32\aswBoot.exe
    2010-09-07 14:52 . 2009-03-13 15:12 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2010-09-07 14:52 . 2009-03-13 15:12 165584 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2010-09-07 14:47 . 2009-03-13 15:12 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2010-09-07 14:47 . 2009-03-13 15:12 50768 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2010-09-07 14:47 . 2009-03-13 15:12 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2010-08-26 16:33 . 2010-10-26 17:17 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
    2010-08-26 16:33 . 2010-10-26 17:17 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
    2010-08-26 16:33 . 2010-10-26 17:17 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
    2010-08-26 16:33 . 2010-10-26 17:17 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
    2010-08-17 14:11 . 2010-09-15 13:36 128000 ----a-w- c:\windows\system32\spoolsv.exe
    2010-08-05 17:10 . 2010-08-05 17:10 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-12-06 1029416]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-02-26 141848]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2009-02-26 150552]
    "avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-09-07 2838912]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-02-26 173592]
    "Openwares LiveUpdate"="c:\program files\LiveUpdate\LiveUpdate.exe" [2003-12-13 61440]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-20 413696]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-09-22 4240760]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableUIADesktopToggle"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" -autorun

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" -atboottime

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3255058789-4097180596-3726220330-1000]
    "EnableNotificationsRef"=dword:00000002

    R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
    R2 gupdate1c9b90bc6621174;Google Update Service (gupdate1c9b90bc6621174);c:\program files\Google\Update\GoogleUpdate.exe [x]
    R3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\System32\DRIVERS\ASPI32.sys [2002-07-17 84832]
    R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-06 34064]
    S0 FSProFilter;FSPro File Filter;c:\windows\System32\Drivers\FSPFltd.sys [2008-06-05 43792]
    S0 rpcnetp;rpcnetp; [x]
    S1 aswSP;aswSP; [x]
    S2 a2free;a-squared Free Service;c:\program files\a-squared Free\a2service.exe [2010-05-12 1872320]
    S2 aswFsBlk;aswFsBlk; [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 50768]
    S2 ConfigFree Service;ConfigFree Service;c:\program files\TOSHIBA\ConfigFree\CFSvcs.exe [2007-12-25 40960]
    S2 fsproflt;FSPro Filter Service;c:\windows\system32\fsproflt.exe [2010-01-06 142648]
    S2 NAUpdate;Nero Update;c:\program files\Nero\Update\NASvc.exe [2010-05-04 503080]
    S3 CnxtHdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service;c:\windows\system32\drivers\CHDART.sys [2008-02-01 187904]
    S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2007-06-06 111616]
    S3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2008-01-15 48472]
    S3 QIOMem;Generic IO & Memory Access;c:\windows\system32\DRIVERS\QIOMem.sys [2007-04-09 8192]


    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp
    .
    Contents of the 'Scheduled Tasks' folder

    2010-10-27 c:\windows\Tasks\GlaryInitialize.job
    - c:\program files\Glary Utilities\initialize.exe [2008-11-06 10:14]

    2010-10-27 c:\windows\Tasks\User_Feed_Synchronization-{C3424DA8-C7DF-4615-AD60-46AA957ED8B3}.job
    - c:\windows\system32\msfeedssync.exe [2010-10-14 04:25]
    .
    .
    ------- Supplementary Scan -------
    .
    mStart Page = hxxp://www.msn.com
    uInternet Settings,ProxyServer = http=
    uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
    IE: Save Page As PDF ... - file://c:\program files\Nitro PDF\PDF Download\nitroweb.htm
    DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    FF - ProfilePath - c:\users\Don\AppData\Roaming\Mozilla\Firefox\Profiles\dbhpypvr.default\
    FF - prefs.js: browser.startup.homepage - hxxp://uk.msn.com/?ocid=hmlogout
    FF - component: c:\users\Don\AppData\Roaming\Mozilla\Firefox\Profiles\dbhpypvr.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}\platform\WINNT_x86-msvc\components\SSSLauncher.dll
    FF - component: c:\users\Don\AppData\Roaming\Mozilla\Firefox\Profiles\dbhpypvr.default\extensions\{4974a391-29d6-4419-a63b-49c1c7142489}\components\FFExternalAlert.dll
    FF - component: c:\users\Don\AppData\Roaming\Mozilla\Firefox\Profiles\dbhpypvr.default\extensions\{4974a391-29d6-4419-a63b-49c1c7142489}\components\RadioWMPCore.dll

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    .

    **************************************************************************
    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files:

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (LocalSystem)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1c,d1,ba,c3,57,b6,70,4a,8b,33,4b,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,1c,d1,ba,c3,57,b6,70,4a,8b,33,4b,\

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    c:\program files\Alwil Software\Avast5\AvastSvc.exe
    c:\program files\O2Micro Flash Memory Card Driver\o2flash.exe
    c:\windows\System32\rpcnetp.exe
    c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    c:\program files\TalkTalk\bin\sprtsvc.exe
    c:\program files\Common Files\Supportsoft\bin\tgsrvc.exe
    c:\program files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
    c:\windows\system32\TODDSrv.exe
    c:\program files\Toshiba\Power Saver\TosCoSrv.exe
    c:\program files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
    c:\program files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    c:\windows\system32\DRIVERS\xaudio.exe
    c:\program files\Spybot - Search & Destroy\SDWinSec.exe
    c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    c:\windows\system32\igfxsrvc.exe
    c:\windows\system32\conime.exe
    c:\program files\Alwil Software\Avast5\AvastUI.exe
    c:\windows\ehome\ehmsas.exe
    c:\program files\Synaptics\SynTP\SynTPHelper.exe
    c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
    c:\windows\servicing\TrustedInstaller.exe
    .
    **************************************************************************
    .
    Completion time: 2010-10-27 21:35:59 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-10-27 20:35
    ComboFix2.txt 2010-10-27 18:47

    Pre-Run: 40,179,585,024 bytes free
    Post-Run: 40,122,572,800 bytes free

    - - End Of File - - 75037A6F01940A07EDD3A1F9BA29127D


    --------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER 7.0: scan report
    Thursday, October 28, 2010
    Operating system: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 2 (build 6002)
    Kaspersky Online Scanner version: 7.0.26.13
    Last database update: Wednesday, October 27, 2010 14:50:57
    Records in database: 4179029
    --------------------------------------------------------------------------------

    Scan settings:
    scan using the following database: extended
    Scan archives: yes
    Scan e-mail databases: yes

    Scan area - My Computer:
    C:\
    D:\
    E:\

    Scan statistics:
    Objects scanned: 155193
    Threats found: 0
    Infected objects found: 0
    Suspicious objects found: 0
    Scan duration: 03:19:00

    No threats found. Scanned area is clean.

    Selected area has been scanned.




    DDS (Ver_10-10-21.01) - NTFSx86
    Run by Don at 6:41:30.85 on 28/10/2010
    Internet Explorer: 8.0.6001.18975 BrowserJavaVersion: 1.6.0_22
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2038.1237 [GMT 1:00]

    SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\a-squared Free\a2service.exe
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\Windows\system32\fsproflt.exe
    C:\Program Files\Nero\Update\NASvc.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Program Files\O2Micro Flash Memory Card Driver\o2flash.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Program Files\TalkTalk\bin\sprtsvc.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe
    C:\Program Files\Toshiba\TOSHIBA DVD PLAYER\TNaviSrv.exe
    C:\Windows\system32\TODDSrv.exe
    C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
    C:\Program Files\TOSHIBA\SMARTLogService\TosIPCSrv.exe
    C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Windows\System32\igfxpers.exe
    C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    C:\Windows\system32\igfxsrvc.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\DllHost.exe
    C:\Windows\system32\DllHost.exe
    C:\Users\Don\Desktop\dds.scr
    C:\Windows\system32\conime.exe
    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    mStart Page = hxxp://www.msn.com
    uInternet Settings,ProxyServer = http=
    uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
    BHO: Disabled:{5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - No File
    TB: FireShot: {6e6e744e-4d20-4ce3-9a7a-26dfffe22f68} - c:\users\don\appdata\roaming\mozilla\firefox\profiles\dbhpypvr.default\extensions\{0b457caa-602d-484a-8fe7-c1d894a011ba}\library\fsaddin-0.85.dll
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Openwares LiveUpdate] c:\program files\liveupdate\LiveUpdate.exe
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    dRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
    IE: Save Page As PDF ... - file://c:\program files\nitro pdf\pdf download\nitroweb.htm
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
    DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
    Notify: igfxcui - igfxdev.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - %SystemRoot%\system32\wpdshserviceobj.dll

    ================= FIREFOX ===================

    FF - ProfilePath - c:\users\don\appdata\roaming\mozilla\firefox\profiles\dbhpypvr.default\
    FF - prefs.js: browser.startup.homepage - hxxp://uk.msn.com/?ocid=hmlogout
    FF - component: c:\users\don\appdata\roaming\mozilla\firefox\profiles\dbhpypvr.default\extensions\{0b457caa-602d-484a-8fe7-c1d894a011ba}\platform\winnt_x86-msvc\components\SSSLauncher.dll
    FF - component: c:\users\don\appdata\roaming\mozilla\firefox\profiles\dbhpypvr.default\extensions\{4974a391-29d6-4419-a63b-49c1c7142489}\components\FFExternalAlert.dll
    FF - component: c:\users\don\appdata\roaming\mozilla\firefox\profiles\dbhpypvr.default\extensions\{4974a391-29d6-4419-a63b-49c1c7142489}\components\RadioWMPCore.dll
    FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

    ---- FIREFOX POLICIES ----
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
    c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified

    ============= SERVICES / DRIVERS ===============

    R0 FSProFilter;FSPro File Filter;c:\windows\system32\drivers\FSPFltd.sys [2010-3-25 43792]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2009-3-13 165584]
    R1 RtlProt;Realtke RtlProt WLAN Utility Protocol Driver;c:\windows\system32\drivers\RtlProt.sys [2007-11-5 25896]
    R2 a2free;a-squared Free Service;c:\program files\a-squared free\a2service.exe [2009-1-31 1872320]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-3-13 17744]
    R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-3-13 50768]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-8 40384]
    R2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2007-12-25 40960]
    R2 fsproflt;FSPro Filter Service;c:\windows\system32\fsproflt.exe [2010-3-25 142648]
    R2 NAUpdate;Nero Update;c:\program files\nero\update\NASvc.exe [2010-5-4 503080]
    R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2008-11-6 1153368]
    R2 sprtsvc_TalkTalk;SupportSoft Sprocket Service (TalkTalk);c:\program files\talktalk\bin\sprtsvc.exe [2007-10-12 202016]
    R2 tgsrvc_TalkTalk;SupportSoft Repair Service (TalkTalk);c:\program files\common files\supportsoft\bin\tgsrvc.exe [2007-8-2 148768]
    R2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2007-12-3 126976]
    R3 CnxtHdAudAddService;Microsoft UAA Function Driver for High Definition Audio Service;c:\windows\system32\drivers\CHDART.sys [2008-2-26 187904]
    R3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI Service;c:\windows\system32\drivers\IntcHdmi.sys [2008-2-26 111616]
    R3 O2MDRDR;O2MDRDR;c:\windows\system32\drivers\o2media.sys [2008-1-15 48472]
    R3 QIOMem;Generic IO & Memory Access;c:\windows\system32\drivers\QIOMem.sys [2007-4-9 8192]
    R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8187B.sys [2009-6-10 347648]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 gupdate1c9b90bc6621174;Google Update Service (gupdate1c9b90bc6621174);"c:\program files\google\update\googleupdate.exe" /svc --> c:\program files\google\update\GoogleUpdate.exe [?]
    S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2010-10-15 84832]
    S3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-8 40384]
    S3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-5-8 40384]
    S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-21 21504]
    S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2010-10-22 39272]
    S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-9-23 1493352]
    S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-6 34064]
    S3 ultradfg;ultradfg;c:\windows\system32\drivers\ultradfg.sys [2009-10-6 41984]
    S3 WipeFile;WipeFile;c:\windows\system32\drivers\WipeFile.sys [2007-3-3 57472]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

    =============== Created Last 30 ================

    2010-10-27 20:36:01 -------- d-----w- c:\users\don\appdata\local\temp
    2010-10-27 20:30:59 -------- d-sh--w- C:\$RECYCLE.BIN
    2010-10-27 18:21:33 98816 ----a-w- c:\windows\sed.exe
    2010-10-27 18:21:33 79872 ----a-w- c:\windows\MBR.exe
    2010-10-27 18:21:33 256512 ----a-w- c:\windows\PEV.exe
    2010-10-27 18:21:33 161792 ----a-w- c:\windows\SWREG.exe
    2010-10-27 18:19:33 17408 ----a-w- c:\windows\system32\rpcnetp.dll
    2010-10-27 18:19:19 17408 ----a-w- c:\windows\system32\rpcnetp.exe
    2010-10-26 17:17:25 1696256 ----a-w- c:\windows\system32\gameux.dll
    2010-10-26 17:17:24 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
    2010-10-26 17:17:23 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
    2010-10-23 11:27:16 472808 ----a-w- c:\program files\mozilla firefox\plugins\npdeployJava1.dll
    2010-10-22 05:54:22 -------- d-----w- c:\windows\en
    2010-10-22 05:53:56 39272 ----a-w- c:\windows\system32\drivers\fssfltr.sys
    2010-10-22 05:50:05 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
    2010-10-22 05:50:05 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
    2010-10-22 05:50:05 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
    2010-10-22 05:43:21 469256 ----a-w- c:\program files\common files\windows live\.cache\730d7101cb71ac2c\InstallManager_WLE_WLE.exe
    2010-10-22 05:42:54 15712 ----a-w- c:\program files\common files\windows live\.cache\f92d9ef01cb71ab1f\MeshBetaRemover.exe
    2010-10-22 05:42:33 94040 ----a-w- c:\program files\common files\windows live\.cache\ebda8c901cb71ab18\DSETUP.dll
    2010-10-22 05:42:33 525656 ----a-w- c:\program files\common files\windows live\.cache\ebda8c901cb71ab18\DXSETUP.exe
    2010-10-22 05:42:33 1691480 ----a-w- c:\program files\common files\windows live\.cache\ebda8c901cb71ab18\dsetup32.dll
    2010-10-22 05:42:31 94040 ----a-w- c:\program files\common files\windows live\.cache\ea568c701cb71ab17\DSETUP.dll
    2010-10-22 05:42:31 525656 ----a-w- c:\program files\common files\windows live\.cache\ea568c701cb71ab17\DXSETUP.exe
    2010-10-22 05:42:31 1691480 ----a-w- c:\program files\common files\windows live\.cache\ea568c701cb71ab17\dsetup32.dll
    2010-10-22 05:41:19 -------- d-----w- c:\users\don\appdata\local\Windows Live
    2010-10-22 05:40:42 754688 ----a-w- c:\windows\system32\webservices.dll
    2010-10-21 21:38:45 -------- d-----w- c:\users\don\appdata\local\Microsoft Corporation
    2010-10-21 21:37:19 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
    2010-10-20 18:55:03 -------- d-----w- c:\users\don\appdata\roaming\Malwarebytes
    2010-10-20 18:54:48 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-10-20 18:54:47 -------- d-----w- c:\progra~2\Malwarebytes
    2010-10-20 18:54:46 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-10-20 18:54:46 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-10-19 20:35:13 6146896 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{842615c3-7176-461c-a29d-133ae26d34e2}\mpengine.dll
    2010-10-18 21:46:59 1181696 ----a-w- c:\windows\system32\WsmSvc.dll
    2010-10-17 12:02:58 -------- d-----w- c:\progra~2\STOPzilla!
    2010-10-16 16:25:20 -------- d-----w- c:\users\don\appdata\local\Paint.NET
    2010-10-15 16:13:26 84832 ----a-w- c:\windows\system32\drivers\ASPI32.SYS
    2010-10-15 16:13:26 45056 ----a-w- c:\windows\system32\WNASPI32.DLL
    2010-10-15 16:13:12 -------- d-----w- c:\program files\Free DVD Ripper
    2010-10-15 15:47:41 -------- d-----w- c:\users\don\Copied Films and Discs
    2010-10-14 12:55:59 168960 ----a-w- c:\program files\windows media player\wmplayer.exe
    2010-10-14 12:55:44 8147456 ----a-w- c:\windows\system32\wmploc.DLL
    2010-10-14 12:55:17 125952 ----a-w- c:\windows\system32\srvsvc.dll
    2010-10-14 12:55:16 304128 ----a-w- c:\windows\system32\drivers\srv.sys
    2010-10-14 12:55:16 145408 ----a-w- c:\windows\system32\drivers\srv2.sys
    2010-10-14 12:55:16 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
    2010-10-14 12:55:15 17920 ----a-w- c:\windows\system32\netevent.dll
    2010-10-14 12:55:05 274944 ----a-w- c:\windows\system32\schannel.dll
    2010-10-14 12:55:03 339968 ----a-w- c:\program files\windows nt\accessories\wordpad.exe
    2010-10-14 12:55:03 1316864 ----a-w- c:\windows\system32\ole32.dll
    2010-10-14 12:55:01 157184 ----a-w- c:\windows\system32\t2embed.dll
    2010-10-13 14:27:54 553696 ----a-w- c:\program files\mozilla firefox\uninstall\helper.exe
    2010-10-08 22:51:35 -------- d-----w- c:\users\don\Fireshot captures
    2010-10-08 22:46:44 -------- d-----w- c:\users\don\appdata\roaming\FireShot
    2010-10-08 16:51:17 30016 ----a-w- c:\windows\system32\uxtuneup.dll
    2010-10-08 16:51:17 21312 ----a-w- c:\windows\system32\authuitu.dll
    2010-10-06 21:20:31 -------- d-----w- c:\program files\Tracker Software
    2010-10-06 21:18:20 -------- d-----w- c:\program files\DVDSmith Movie Backup
    2010-10-06 20:49:48 290816 ----a-w- c:\windows\system32\cyviewer.ocx
    2010-10-06 20:49:47 -------- d-----w- c:\program files\Ashampoo
    2010-09-28 18:45:37 2048 ----a-w- c:\windows\system32\tzres.dll
    2010-09-28 18:45:23 13312 ----a-w- c:\program files\internet explorer\iecompat.dll

    ==================== Find3M ====================

    2010-10-27 20:58:08 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2010-10-27 17:10:23 44544 ----a-w- c:\windows\system32\agremove.exe
    2010-09-30 15:15:06 30528 ----a-w- c:\windows\system32\TURegOpt.exe
    2010-09-22 23:47:28 49016 ----a-w- c:\windows\system32\sirenacm.dll
    2010-09-22 23:32:56 301936 ----a-w- c:\windows\WLXPGSS.SCR
    2010-09-08 10:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
    2010-09-08 10:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts
    2010-09-08 06:01:28 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-09-08 05:57:18 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2010-09-08 05:57:05 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2010-09-08 05:56:53 71680 ----a-w- c:\windows\system32\iesetup.dll
    2010-09-08 05:56:53 109056 ----a-w- c:\windows\system32\iesysprep.dll
    2010-09-08 05:04:36 385024 ----a-w- c:\windows\system32\html.iec
    2010-09-08 04:26:46 133632 ----a-w- c:\windows\system32\ieUnatt.exe
    2010-09-08 04:25:15 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2010-09-07 15:12:17 38848 ----a-w- c:\windows\avastSS.scr
    2010-08-31 15:46:37 954752 ----a-w- c:\windows\system32\mfc40.dll
    2010-08-31 15:46:37 954288 ----a-w- c:\windows\system32\mfc40u.dll
    2010-08-31 15:44:31 531968 ----a-w- c:\windows\system32\comctl32.dll
    2010-08-31 13:27:38 2038272 ----a-w- c:\windows\system32\win32k.sys
    2010-08-26 16:33:06 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
    2010-08-26 16:33:04 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
    2010-08-26 16:33:04 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
    2010-08-26 16:33:04 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
    2010-08-20 16:05:07 867328 ----a-w- c:\windows\system32\wmpmde.dll
    2010-08-17 14:11:37 128000 ----a-w- c:\windows\system32\spoolsv.exe

    ============= FINISH: 6:42:22.05 ===============

  8. #8
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Good. Does redirecting still occur?
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  9. #9
    Junior Member
    Join Date
    Oct 2010
    Posts
    16

    Default

    Yes, redirecting does still occur sporadically.

  10. #10
    Security Expert: Emeritus Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,288

    Default

    Hi,

    Please download GooredFix from one of the locations below and save it to your Desktop
    Download Mirror #1
    Download Mirror #2
    • Ensure all Firefox windows are closed.
    • To run the tool, double-click it (XP), or right-click and select Run As Administrator (Vista).
    • When prompted to run the scan, click Yes.
    • GooredFix will check for infections, and then a log will appear. Please post the contents of that log in your next reply (it can also be found on your desktop, called GooredFix.txt).
    Microsoft Windows Insider MVP 2016-2020
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •