Can't install Spybot and can't access safer-networking website

M

monkeymiles

New member
Hit a website that looked like it unistalled flash player, clicked to reinstall it, then brain kicked in and tried to abort, couple of funnies since.

Use Zonealarm firewall and anti-virus (active checking is off as my machine goes to slow, but it checks my email). Have run a deep scan with this and it found a couple of backdoor virus's which it claims to have removed, but still have issues.

Unfortunatly spybot was not yet installed on this machine, kicks self, and I can;t install it as can't see your server.

Looks like I still have something buried in my machine.

Many thanks in advance for your help.

I have backed up registery with ERUNT and attached DDS logs as requested.

Best regards

Karl

DDS (Ver_10-03-17.01) - NTFSx86
Run by Karl at 8:10:39.01 on 24/06/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.3326.1823 [GMT 1:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\system32\E_S00RP1.EXE
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Google\Update\1.2.183.29\GoogleCrashHandler.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\altera\81\quartus\bin\jtagserver.exe
C:\WINDOWS\system32\lkcitdl.exe
C:\WINDOWS\system32\lkads.exe
C:\WINDOWS\system32\lktsrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\National Instruments\MAX\nimxs.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
C:\WINDOWS\system32\nisvcloc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Common Files\SafeNet Sentinel\Sentinel Keys Server\sntlkeyssrvr.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\SQLAGENT90.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\stsystra.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe
C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Memeo\AutoBackup\MemeoBackup.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\PrintKey2000\Printkey2000.exe
C:\Windows\system32\cidaemon.exe
C:\Windows\system32\cidaemon.exe
C:\Windows\system32\cidaemon.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\MsFTEFD.exe
C:\WINDOWS\system32\LVComsX.exe
C:\WINDOWS\System32\vssvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\dllhost.exe
C:\Documents and Settings\Karl.GOEPELUK\Desktop\dds.scr

============== Pseudo HJT Report ===============

uDefault_Page_URL = www.google.co.uk/ig/dell?hl=en&client=dell-usuk-rel&channel=uk
uSearch Bar =
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = about:blank
uInternet Settings,ProxyServer = 172.16.1.17:800
uInternet Settings,ProxyOverride = <local>;*.local
uURLSearchHooks: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\tbFre1.dll
BHO: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\tbFre1.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: DriveLetterAccess: {5ca3d70e-1895-11cf-8e15-001234567890} - c:\windows\system32\dla\DLASHX_W.DLL
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: WebEx Productivity Tools: {90e2ba2e-dd1b-4cde-9134-7a8b86d33ca7} - c:\program files\webex\productivity tools\ptonecli.dll
BHO: AVGTOOLBAR: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar5.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.0.1225.9868\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar5.dll
TB: AVGTOOLBAR: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
TB: Foxit Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: WebEx Productivity Tools: {90e2ba2e-dd1b-4cde-9134-7a8b86d33ca7} - c:\program files\webex\productivity tools\ptonecli.dll
TB: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - c:\program files\freecorder\tbFre1.dll
TB: {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Skype] "c:\program files\skype\\phone\Skype.exe" /nosplash /minimized
uRun: [<NO NAME>]
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [CoolSwitch] c:\windows\system32\taskswitch.exe
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [\\SERVER\EPSON Stylus Photo R240 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatiahe.exe /f "c:\docume~1\karl~1.goe\locals~1\temp\E_S124.tmp" /EF "HKLM"
mRun: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
mRun: [nwiz] nwiz.exe /installquiet
mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe"
mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [EPSON Stylus Photo R240 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatiahe.exe /f "c:\windows\temp\E_SD5.tmp" /EF "HKLM"
mRun: [Dell QuickSet] c:\program files\dell\quickset\quickset.exe
mRun: [\\Karlhome\EPSON Stylus Photo R240 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatiahe.exe /f "c:\docume~1\karl~1.goe\locals~1\temp\E_S2C.tmp" /EF "HKLM"
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [MobileConnect] c:\program files\vodafone\vodafone mobile connect\bin\MobileConnect.exe /silent
mRun: [NokiaMServer] c:\program files\common files\nokia\mplatform\NokiaMServer /watchfiles startup
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Memeo Backup] c:\program files\memeo\autobackup\MemeoLauncher2.exe --silent --no_ui
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
dRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\printk~1.lnk - c:\program files\printkey2000\Printkey2000.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\erunta~1.lnk - c:\program files\erunt\AUTOBACK.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\printk~1.lnk - c:\program files\printkey2000\Printkey2000.exe
mPolicies-system: EnableLUA = 0 (0x0)
dPolicies-explorer: EditLevel = 0 (0x0)
dPolicies-explorer: NoCommonGroups = 0 (0x0)
IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
Trusted Zone: xilinx.com\www
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/0/5/7/05796dde-b2ba-4eef-8da4-f99c7e0c9b92/LegitCheckControl.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {485D813E-EE26-4DF8-9FAF-DEDF2885306E} - hxxp://goepel-elec-uk/connectcomputer/nshelp.dll
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.3.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1152191595828
DPF: {78AEEDE8-7345-4FB5-A8FE-4BFF16EF25FC} - hxxp://mvt.mcafee.com/mvt/bin/3,0,1,0/mvt.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {99FE5072-78AA-4FEE-89BA-69A5FA55343F} - hxxp://download.microsoft.com/download/B/3/A/B3A2EA73-793D-4ABE-992D-C81140384044/igdtoolx.cab
DPF: {A4150320-98EC-4DB6-9BFB-EBF4B6FBEB16} - hxxp://172.23.24.62/codebase/DVM_IPCam2.ocx
DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://goepel.webex.com/client/T26L/support/ieatgpc.cab
TCP: NameServer = 93.188.162.59,93.188.161.189
TCP: {52C56726-4FAB-4D6F-B4B6-0F2E423C40EE} = 93.188.162.59,93.188.161.189
TCP: {FB9D61C7-4E3E-4428-B0D7-65A15403444E} = 93.188.162.59,93.188.161.189
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} -
AppInit_DLLs: c:\progra~1\google\go333c~1\GOEC62~1.DLL
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\karl~1.goe\applic~1\mozilla\firefox\profiles\8lhwfa6p.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage -
FF - component: c:\documents and settings\karl.goepeluk\application data\mozilla\firefox\profiles\8lhwfa6p.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\documents and settings\karl.goepeluk\application data\mozilla\firefox\profiles\8lhwfa6p.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}\platform\winnt_x86-msvc\components\WeaveCrypto.dll
FF - component: c:\program files\nokia\nokia ovi suite\connectors\bookmarks connector\firefoxextension\components\FirefoxExtension.dll
FF - plugin: c:\documents and settings\karl.goepeluk\application data\mozilla\firefox\profiles\8lhwfa6p.default\extensions\{e2883e8f-472f-4fb0-9522-ac9bf37916a7}\plugins\np_gp.dll
FF - plugin: c:\documents and settings\karl.goepeluk\application data\mozilla\firefox\profiles\8lhwfa6p.default\extensions\ietab@ip.cn\plugins\npCoralIETab.dll
FF - plugin: c:\documents and settings\karl.goepeluk\application data\mozilla\plugins\npatgpc.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nplv85win32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 kl1;kl1;c:\windows\system32\drivers\kl1.sys [2009-11-20 128016]
R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2009-11-20 317072]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2009-11-20 486280]
R2 aawservice;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\aawservice.exe [2008-5-12 611664]
R2 ASFIPmon;Broadcom ASF IP Monitor;c:\program files\broadcom\asfipmon\AsfIpMon.exe [2005-10-18 61440]
R2 CVB;CVB;c:\windows\system32\drivers\CVB.sys [2008-2-25 6272]
R2 FAD;FAD;c:\program files\broadcom\bacs\FADXP32.sys [2003-1-30 11904]
R2 Iprip;RIP Listener;c:\windows\system32\svchost.exe -k netsvcs [2004-8-11 14336]
R2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\memeo\autobackup\MemeoBackgroundService.exe [2010-4-9 25824]
R2 msftesql$GOLDMINE;SQL Server FullText Search (GOLDMINE);c:\program files\microsoft sql server\mssql.1\mssql\binn\msftesql.exe [2007-6-22 95592]
R2 MSSQL$GOLDMINE;SQL Server (GOLDMINE);c:\program files\microsoft sql server\mssql.1\mssql\binn\sqlservr.exe [2009-5-27 29262680]
R2 SentinelKeysServer;Sentinel Keys Server;c:\program files\common files\safenet sentinel\sentinel keys server\sntlkeyssrvr.exe [2008-7-11 328992]
R2 SQLAgent$GOLDMINE;SQL Server Agent (GOLDMINE);c:\program files\microsoft sql server\mssql.1\mssql\binn\SQLAGENT90.EXE [2008-11-24 346976]
R2 StarWindService;StarWind iSCSI Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindService.exe [2005-4-2 217600]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2010-5-7 92008]
R2 VMCService;Vodafone Mobile Connect Service;c:\program files\vodafone\vodafone mobile connect\bin\VMCService.exe [2008-11-4 14336]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S2 gupdate1c964774fd27f82;Google Update Service (gupdate1c964774fd27f82);c:\program files\google\update\GoogleUpdate.exe [2008-12-22 133104]
S2 sfxpciwd;SFXPCI;c:\windows\system32\drivers\sfxpciwd.sys --> c:\windows\system32\drivers\sfxpciwd.sys [?]
S2 USBDVR2;Cirrus Logic USB-DVR2 Dev Board;c:\windows\system32\drivers\usbdvr2n.sys [2008-8-4 31829]
S3 AlteraUSBBlaster;Altera USB-Blaster Device Driver;c:\windows\system32\drivers\ftd2xx.sys --> c:\windows\system32\drivers\FTD2XX.sys [?]
S3 DlinkUDSMBus;DlinkUDSMBus;c:\windows\system32\drivers\dlinkudsmbus.sys --> c:\windows\system32\drivers\DlinkUDSMBus.sys [?]
S3 elDiag;Diagostics Port Device Driver;c:\windows\system32\drivers\ftd2xx.sys --> c:\windows\system32\drivers\FTD2XX.sys [?]
S3 elUsbCardBus;elu132.sys device driver;c:\windows\system32\drivers\elu132.sys [2006-7-26 95360]
S3 G3GRSC;G3G R Smart Card;c:\windows\system32\drivers\g3grsc.sys [2006-7-6 16256]
S3 G3GRUMDM;G3G R USB Modem;c:\windows\system32\drivers\g3grumdm.sys [2006-7-6 26496]
S3 G3GRUSER;G3G R USB Serial;c:\windows\system32\drivers\g3gruser.sys [2006-7-6 23296]
S3 genmcmnUSB;USB Scroll Mouse Driver;c:\windows\system32\drivers\gflmouhid.sys --> c:\windows\system32\drivers\gflmouhid.sys [?]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2010-6-18 30192]
S3 GUSB_Platform;GUSB_Platform;c:\windows\system32\drivers\GUSB_Platform.sys [2007-8-9 172772]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2010-5-14 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [2010-5-14 8320]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-6 34064]
S3 Sfx1149_USB;Sfx1149_USB;c:\windows\system32\drivers\sfx1149_USB.sys [2006-7-11 29184]
S3 TSClient;Tatara Protocol Driver;c:\windows\system32\drivers\tsclient.sys --> c:\windows\system32\drivers\tsclient.sys [?]
S3 UsbScanBooster;UsbScanBooster;c:\windows\system32\drivers\UsbScanBooster.sys [2006-10-7 29184]
S3 vrmusb;vrmusb;c:\windows\system32\drivers\vrmUSB.sys [2006-12-14 16000]
S3 XilinxFirmwareEmbeddedLoader;XilinxFirmwareEmbeddedLoader;c:\windows\system32\drivers\xusb_xup.sys [2007-8-18 17408]
S3 XilinxFirmwareEmbeddedLpLoader;XilinxFirmwareEmbeddedLpLoader;c:\windows\system32\drivers\xusb_emb.sys [2007-8-18 17408]
S3 XilinxFirmwareLoader;XilinxFirmwareLoader;c:\windows\system32\drivers\xusbdfwu.sys [2007-8-18 17280]
S3 XilinxFirmwareLpLoader;XilinxFirmwareLpLoader;c:\windows\system32\drivers\xusb_xlp.sys [2007-8-18 17280]
S3 XilinxFirmwareXpressLoader;XilinxFirmwareXpressLoader;c:\windows\system32\drivers\xusb_xpr.sys [2007-8-18 16768]
S4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\microsoft visual studio 8\common7\ide\remote debugger\x86\msvsmon.exe [2006-12-2 2805000]

============== File Associations ===============

.txt=TextPad.txt

=============== Created Last 30 ================

2010-06-21 16:17:20 0 d-----w- c:\program files\1-abc
2010-06-15 16:05:24 0 d-----w- c:\docume~1\karl~1.goe\applic~1\PGP Corporation
2010-06-15 16:00:05 0 d-----w- c:\docume~1\alluse~1\applic~1\PGP Corporation
2010-06-15 10:57:24 192022 ----a-w- c:\windows\system32\PGPlspRollback.reg
2010-06-15 10:57:04 0 d-----w- c:\program files\PGP Corporation
2010-06-15 10:57:04 0 d-----w- c:\program files\common files\PGP Corporation
2010-06-10 10:38:33 100032 ----a-w- c:\windows\system32\drivers\sfxpcxwd.sys
2010-06-09 21:33:25 3276 ----a-w- c:\windows\system32\wbem\Outlook_01cb081b64681cb8.mof
2010-06-09 16:22:26 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-09 16:21:00 65536 ------w- c:\windows\system32\dllcache\asycfilt.dll
2010-06-07 16:40:46 0 d-----w- c:\program files\Digiarty
2010-06-03 08:08:46 0 d-----w- c:\docume~1\karl~1.goe\applic~1\OpenOffice.org
2010-06-03 07:57:07 0 d-----w- c:\program files\OpenOffice.org 3
2010-06-02 06:33:22 0 d-----w- c:\program files\common files\wsm
2010-06-02 06:33:21 0 d-----w- c:\program files\Kate's Video Converter
2010-06-01 11:37:39 0 d-----w- c:\docume~1\karl~1.goe\applic~1\Digiarty
2010-06-01 11:02:44 0 d-----w- C:\divx
2010-06-01 08:55:32 0 d-----w- c:\documents and settings\karl.goepeluk\.dvdcss
2010-06-01 08:52:07 0 d-----w- c:\docume~1\karl~1.goe\applic~1\Leawo
2010-06-01 08:40:49 179 ----a-w- c:\windows\DVD To AVI Converter.ini
2010-06-01 08:20:45 180 ----a-w- c:\windows\pro DVD To AVI Converter.ini
2010-06-01 08:19:37 9 ----a-w- c:\windows\system32\DVD To AVI Converter1009.dat
2010-06-01 08:19:22 606208 ----a-w- c:\windows\system32\xvidcore.dll
2010-06-01 08:19:22 139264 ----a-w- c:\windows\system32\xvidvfw.dll
2010-06-01 08:19:22 139264 ----a-w- c:\windows\system32\xvid.ax
2010-06-01 08:19:22 0 d-----w- c:\program files\TOP Software
2010-06-01 08:10:18 1 ----a-w- c:\windows\system32\SysDVDtoAVI.dat
2010-05-31 21:03:53 0 d-----w- c:\docume~1\karl~1.goe\applic~1\AVS4YOU
2010-05-31 21:00:48 0 d-----w- c:\program files\common files\AVSMedia
2010-05-31 21:00:37 974848 ----a-w- c:\windows\system32\mfc70.dll
2010-05-31 21:00:37 24576 ----a-w- c:\windows\system32\msxml3a.dll
2010-05-31 21:00:37 0 d-----w- c:\docume~1\alluse~1\applic~1\AVS4YOU
2010-05-31 20:45:02 0 d-----w- c:\docume~1\alluse~1\applic~1\DivX
2010-05-30 11:43:40 0 d-----w- C:\Server Sync modified files
2010-05-30 11:42:36 0 d-----w- C:\Server Sync deleted files
2010-05-30 11:31:52 0 d-----w- C:\Server Sync

==================== Find3M ====================

2010-06-23 07:51:38 87564 ---ha-w- c:\windows\system32\mlfcache.dat
2010-06-18 07:24:36 586034 ----a-w- c:\windows\system32\nvModes.dat
2010-06-08 15:56:19 3888 ----a-w- c:\windows\system32\drivers\NTHANDLE.SYS
2010-05-21 13:14:28 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-20 11:13:00 72080 ----a-w- c:\documents and settings\karl.goepeluk\g2mdlhlpx.exe
2010-05-14 19:35:04 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01009.Wdf
2010-05-14 19:35:03 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01009_Coinstaller_Critical.Wdf
2010-05-05 13:30:57 173056 ----a-w- c:\windows\system32\dllcache\ie4uinit.exe
2010-05-02 05:22:50 1851264 ------w- c:\windows\system32\win32k.sys
2010-05-02 05:22:50 1851264 ------w- c:\windows\system32\dllcache\win32k.sys
2010-04-30 08:10:02 38756 ----a-w- c:\windows\system32\drivers\pxi5396w.sys
2010-04-26 10:24:59 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-20 05:30:08 285696 ------w- c:\windows\system32\dllcache\atmfd.dll
2010-04-08 12:20:02 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-04-08 12:20:02 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-04-06 03:52:46 2462720 ------w- c:\windows\system32\dllcache\WMVCore.dll
2010-03-31 01:58:04 133616 ------w- c:\windows\system32\pxafs.dll
2010-03-31 01:58:04 125424 ------w- c:\windows\system32\pxinsi64.exe
2010-03-31 01:58:04 123888 ------w- c:\windows\system32\pxcpyi64.exe

============= FINISH: 8:14:08.82 ===============
 
Last edited by a moderator:
Hi,

If you still need help with this post fresh dds.txt contents, please.
 
Found problem

I found the problem, looks like the malware had changed my settings to point to a dodgy DNS server, I changed this back to correct.

Can now install and run spybot, nothing suspicious was found.

Any advice on further checks to ensure I am clean?

Refreshed DDS output attached
 
Hi,

Were the DNS settings set as "obtain automatically"? If so then the router giving those settings should be checked for possible DNS hijack.
 
ISP - DNS server IPs checked

I have looked on my ISPs website and the DNS server IPs that my router and consequently my PC is picking up are as published on their website.

Also when I had the issue only 1 PC was affected, I could install and update spybot on the 4 other PCs on my network. I have run virus checks on all my machines.
 
Ok. I'd still make sure router password is not the default one since some DNS hijacker infections are able to modify router DNS settings if password isn't changed.

Other things I recommend to do is to enable system restore functionality (didn't see any system restore point there so I assume functionality is disabled) and install Secunia Personal Software Inspector to keep software up-to-date.

To enable system restore:
1. On the Desktop, right-click My Computer.
2. Click Properties.
3. Click the System Restore tab.
4. UN-Check *Turn off System Restore*.
5. Click Apply, and then click OK.
 
Router is not on default password, just downloading secunia, system restore is on, I had a clean out and deleted old system restores etc and defragged drive.

In hindsight maybe not the best thing until I was sure I was clean.

Many thanks for help, anything else to check?
 
You must log in or register to reply here.
Back
Top