Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Browser Redirecting, HijackThis Log

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Browser Redirecting, HijackThis Log

Unread postby alwayshopeful » January 11th, 2009, 9:38 pm

Here are the logs you requested....Not sure that it matters, but my husband reviews games for a living so there are always games being installed and uninstalled on the computer. Not sure if that causes any problems or not, but figured it wouldn't hurt to include the information.

Combofix Log

ComboFix 09-01-10.03 - KR 2009-01-11 18:14:30.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.634 [GMT -5:00]
Running from: c:\documents and settings\KR\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\KR\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated)
FW: McAfee Personal Firewall *disabled*
* Created a new restore point

FILE ::
c:\windows\system32\drivers\Start1Driver.SYS
c:\windows\system32\drivers\Start2Driver.SYS
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\KR\Start Menu\Programs\videosoft
c:\documents and settings\KR\Start Menu\Programs\videosoft\Uninstall.lnk
c:\program files\videosoft
c:\program files\videosoft\Uninstall.exe
c:\windows\system32\drivers\Start1Driver.SYS
c:\windows\system32\drivers\Start2Driver.SYS
c:\windows\system32\msrdo20.dll
c:\windows\system32\rdocurs.dll

.
((((((((((((((((((((((((( Files Created from 2008-12-11 to 2009-01-11 )))))))))))))))))))))))))))))))
.

2009-01-08 16:27 . 2009-01-08 16:28 <DIR> d----c--- c:\program files\Be Rich
2009-01-07 11:48 . 2009-01-07 11:48 410,984 --a------ c:\windows\system32\deploytk.dll
2009-01-07 11:48 . 2009-01-07 11:48 73,728 --a------ c:\windows\system32\javacpl.cpl
2009-01-04 20:53 . 2009-01-04 20:53 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-01-04 19:27 . 2009-01-05 13:01 <DIR> d----c--- c:\program files\SUPERAntiSpyware
2009-01-04 19:27 . 2009-01-05 13:01 <DIR> d----c--- c:\documents and settings\KR\Application Data\SUPERAntiSpyware.com
2009-01-03 20:53 . 2009-01-11 13:41 <DIR> d-------- C:\Remote Programs
2009-01-03 20:53 . 2009-01-04 20:53 <DIR> d-------- c:\documents and settings\All Users\Application Data\Free Ride Games
2009-01-03 20:53 . 2008-06-21 16:28 37,033 --------- c:\windows\FRGT.ico
2009-01-03 20:53 . 2009-01-03 20:53 64 --a------ c:\windows\GPlrLanc.dat
2009-01-03 20:52 . 2009-01-04 20:53 <DIR> d----c--- c:\program files\Free Ride Games
2009-01-03 20:52 . 2008-06-17 16:31 53,305 --------- c:\windows\ExentInfo.exe
2009-01-02 12:13 . 2009-01-05 19:03 250 --a------ c:\windows\gmer.ini
2008-12-30 16:58 . 2008-12-30 17:13 <DIR> d----c--- c:\program files\AppRanger
2008-12-30 16:58 . 2008-12-30 17:13 <DIR> d-------- c:\documents and settings\All Users\Application Data\AppRanger
2008-12-28 23:38 . 2009-01-05 09:08 <DIR> d----c--- c:\program files\ThreatFire
2008-12-28 19:57 . 2008-12-28 19:57 <DIR> d----c--- c:\program files\Trend Micro
2008-12-28 19:35 . 2008-12-28 19:51 <DIR> d----c--- c:\program files\SpywareGuard
2008-12-27 23:48 . 2008-12-27 23:54 11,658 --a------ C:\CTMeasureTiming.ini
2008-12-26 13:51 . 2008-12-26 13:51 <DIR> d----c--- c:\program files\Malwarebytes' Anti-Malware
2008-12-26 13:51 . 2008-12-26 13:51 <DIR> d----c--- c:\documents and settings\KR\Application Data\Malwarebytes
2008-12-26 13:51 . 2008-12-26 13:51 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2008-12-26 13:51 . 2008-12-03 19:52 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2008-12-26 13:51 . 2008-12-03 19:52 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2008-12-25 21:32 . 2008-12-25 21:32 <DIR> d----c--- c:\documents and settings\KR\Application Data\World-LooM
2008-12-25 21:31 . 2008-12-25 21:31 <DIR> d----c--- c:\program files\Fix-it-up - Kates Adventure
2008-12-25 20:56 . 2008-12-25 20:57 <DIR> d-------- c:\windows\CF055C57A98842E6BDAFE3D94C6973A8.TMP
2008-12-25 20:56 . 2009-01-05 13:01 <DIR> d----c--- c:\program files\Common Files\Wise Installation Wizard
2008-12-25 20:56 . 2008-12-25 20:57 110 --a------ c:\windows\{CF055C57-A988-42E6-BDAF-E3D94C6973A8}_WiseFW.ini
2008-12-25 20:54 . 2008-12-25 20:54 <DIR> d-------- c:\documents and settings\All Users\Application Data\Leapfrog
2008-12-25 20:53 . 2008-12-25 20:56 <DIR> d----c--- c:\program files\LeapFrog
2008-12-25 19:21 . 2008-12-30 10:55 <DIR> d----c--- c:\documents and settings\KR\Application Data\Creative
2008-12-25 18:57 . 2006-10-05 17:17 53,248 --------- c:\windows\Ctregrun.exe
2008-12-25 18:56 . 2008-12-25 18:56 417,792 --a------ c:\windows\system32\awrdscdc.ax
2008-12-25 18:56 . 2001-08-17 22:43 24,576 --------- c:\windows\system32\msxml3a.dll
2008-12-25 18:55 . 2008-12-25 18:56 <DIR> d----c--- c:\program files\Audible
2008-12-25 18:54 . 2008-12-25 19:03 <DIR> d-------- c:\documents and settings\All Users\Application Data\Creative
2008-12-25 18:53 . 2008-12-25 18:55 <DIR> d--h-c--- c:\program files\Creative Installation Information
2008-12-25 18:53 . 2008-12-25 18:57 <DIR> d----c--- c:\program files\Creative
2008-12-25 18:53 . 2008-12-25 18:53 <DIR> d----c--- c:\program files\Common Files\Creative
2008-12-25 18:53 . 1999-12-12 12:01 44,032 --------- c:\windows\system32\CTSVCCDA.EXE
2008-12-25 18:53 . 1999-11-17 12:00 25,088 --------- c:\windows\system32\CTSVCCTL.EXE
2008-12-25 18:48 . 2008-12-25 20:58 2,392 --a------ C:\autorun.PNF
2008-12-23 19:23 . 2009-01-04 17:33 54,156 --ah----- c:\windows\QTFont.qfn
2008-12-23 19:23 . 2008-12-23 19:23 1,409 --a------ c:\windows\QTFont.for
2008-12-22 15:06 . 2008-12-22 15:06 <DIR> d----c--- c:\program files\LeeGTs Games
2008-12-22 13:02 . 2008-12-22 14:15 <DIR> d----c--- c:\program files\iWin.com
2008-12-22 12:57 . 2008-12-22 12:57 <DIR> d-------- c:\documents and settings\All Users\Application Data\iWin Games
2008-12-19 08:25 . 2008-12-19 08:25 <DIR> d----c--- c:\documents and settings\NetworkService\Application Data\agi
2008-12-18 14:24 . 2008-12-18 14:25 371,710 --a------ C:\AnalysisLog.sr0
2008-12-15 21:08 . 2008-12-21 12:23 <DIR> d----c--- c:\program files\Electronic Arts
2008-12-15 21:00 . 2008-12-15 21:00 <DIR> d----c--- c:\program files\SystemRequirementsLab
2008-12-15 20:18 . 2008-12-15 20:24 <DIR> d-------- c:\windows\$regcmp$
2008-12-15 20:04 . 2008-10-10 04:52 4,379,984 --a------ c:\windows\system32\D3DX9_40.dll
2008-12-15 20:04 . 2008-10-10 04:52 2,036,576 --a------ c:\windows\system32\D3DCompiler_40.dll
2008-12-15 20:04 . 2008-10-27 10:04 514,384 --a------ c:\windows\system32\XAudio2_3.dll
2008-12-15 20:04 . 2008-10-10 04:52 452,440 --a------ c:\windows\system32\d3dx10_40.dll
2008-12-15 20:04 . 2008-10-27 10:04 235,856 --a------ c:\windows\system32\xactengine3_3.dll
2008-12-15 20:04 . 2008-10-27 10:04 70,992 --a------ c:\windows\system32\XAPOFX1_2.dll
2008-12-15 20:04 . 2008-10-27 10:04 23,376 --a------ c:\windows\system32\X3DAudio1_5.dll
2008-12-15 18:55 . 2008-12-15 18:55 <DIR> d-------- c:\documents and settings\All Users\Application Data\SimCity Societies
2008-12-15 18:54 . 2008-12-18 13:44 107,888 --a------ c:\windows\system32\CmdLineExt.dll
2008-12-15 15:54 . 2008-12-15 15:54 <DIR> d----c--- c:\documents and settings\LocalService\Application Data\agi
2008-12-15 15:53 . 2008-12-15 15:53 2,117,632 --a------ c:\windows\system32\python25.dll
2008-12-15 15:53 . 2008-09-16 11:26 1,332,197 --a------ c:\windows\system32\pythondll.zip
2008-12-15 15:53 . 2008-12-15 15:53 339,968 --a------ c:\windows\system32\pythoncom25.dll
2008-12-15 15:53 . 2008-12-15 15:53 114,688 --a------ c:\windows\system32\pywintypes25.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-09 15:02 43,372 -c--a-w c:\documents and settings\KR\Application Data\wklnhst.dat
2009-01-09 03:19 --------- dc--a-w c:\documents and settings\All Users\Application Data\TEMP
2009-01-09 01:36 --------- dc----w c:\documents and settings\KR\Application Data\funkitron
2009-01-08 21:56 --------- dc----w c:\documents and settings\KR\Application Data\PlayFirst
2009-01-08 21:56 --------- dc----w c:\documents and settings\All Users\Application Data\PlayFirst
2009-01-08 21:33 --------- d-----w c:\documents and settings\All Users\Application Data\BigFishGamesCache
2009-01-07 16:47 --------- dc----w c:\program files\Java
2009-01-06 23:01 --------- dc----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-05 14:07 --------- dc----w c:\program files\Oberon Media
2009-01-05 14:06 --------- dc----w c:\program files\RealArcade
2009-01-04 01:52 --------- dc-h--w c:\program files\InstallShield Installation Information
2009-01-01 19:35 --------- dc----w c:\program files\Spybot - Search & Destroy
2008-12-26 02:04 --------- dc----w c:\documents and settings\KR\Application Data\Skype
2008-12-26 00:03 --------- dc----w c:\program files\Dell
2008-12-26 00:02 --------- dc----w c:\documents and settings\KR\Application Data\skypePM
2008-12-22 19:16 --------- dc----w c:\program files\MSN Messenger
2008-12-19 18:34 --------- dc----w c:\documents and settings\KR\Application Data\Move Networks
2008-12-10 08:04 --------- dc----w c:\documents and settings\All Users\Application Data\Microsoft Help
2008-12-06 18:36 --------- d-----w c:\program files\Yahoo!
2008-12-02 02:46 --------- dc----w c:\program files\Microsoft Digital Image 2006
2008-12-01 19:10 --------- d-----w c:\program files\ZD Soft
2008-11-26 02:27 --------- dc----w c:\documents and settings\KR\Application Data\Pogo Games
2008-11-25 21:11 --------- dc----w c:\program files\Free_Traffic_Bar
2008-11-24 01:47 --------- dc----w c:\documents and settings\KR\Application Data\Media Semantics
2008-11-23 23:54 --------- dc----w c:\program files\BellCraft.com
2008-11-23 23:49 --------- dc----w c:\program files\Flipz4Flash
2008-11-18 23:09 --------- dc----w c:\program files\Coupons
2008-11-18 23:05 --------- dc----w c:\program files\Veetle
2008-02-29 20:49 0 -c--a-w c:\program files\temp01
2007-12-17 01:10 247,520 -c--a-w c:\documents and settings\KR\Application Data\GDIPFONTCACHEV1.DAT
2007-10-30 22:04 32,768 -c--a-w c:\documents and settings\KR\WebVpnRegKey4-myselect-selectmedicalcorp-com.dll
2007-08-31 13:35 110 -c--a-w c:\documents and settings\All Users\Application Data\MostFunGameId.bin
2006-09-18 23:45 774,144 -c--a-w c:\program files\RngInterstitial.dll
2007-02-06 21:09 168 -csh--r c:\windows\system32\11B88329DC.sys
2008-03-13 22:13 80 -csh--r c:\windows\system32\DC2983B811.dll
2006-12-29 17:06 56 -csh--r c:\windows\system32\DC2983B811.sys
2007-02-06 21:09 8,354 -csha-w c:\windows\system32\KGyGaAvL.sys
2008-09-07 20:19 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008090720080908\index.dat
.

((((((((((((((((((((((((((((( snapshot@2009-01-05_13.11.39.84 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-01-05 15:59:11 32,768 -c--a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-01-11 20:40:49 32,768 -c--a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-01-05 15:59:11 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-01-11 20:40:49 32,768 -c--a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-01-11 20:40:49 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2008-06-10 05:21:01 135,168 ----a-w c:\windows\system32\java.exe
+ 2009-01-07 16:48:04 144,792 ----a-w c:\windows\system32\java.exe
- 2008-06-10 05:21:04 135,168 ----a-w c:\windows\system32\javaw.exe
+ 2009-01-07 16:48:04 144,792 ----a-w c:\windows\system32\javaw.exe
- 2008-06-10 06:32:34 139,264 ----a-w c:\windows\system32\javaws.exe
+ 2009-01-07 16:48:04 148,888 ----a-w c:\windows\system32\javaws.exe
+ 2009-01-11 23:19:32 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_174.dat
.
((((((((((((((((((((((((((((((((((((((((((((( AWF ))))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
-c--a-w 1,404,928 2004-10-14 19:42:54 c:\program files\Analog Devices\Core\bak\smax4pnp.exe
-c--a-w 1,404,928 2004-10-14 18:42:54 c:\program files\Analog Devices\Core\smax4pnp.exe

-c--a-w 81,920 2005-06-10 15:44:02 c:\program files\Common Files\InstallShield\UpdateService\bak\issch.exe

-c--a-w 249,856 2005-06-10 15:44:02 c:\program files\Common Files\InstallShield\UpdateService\bak\isuspm.exe

-c--a-w 185,896 2007-02-02 21:30:44 c:\program files\Common Files\Real\Update_OB\bak\realsched.exe

-c--a-w 49,152 2005-05-12 04:12:54 c:\program files\HP\HP Software Update\bak\HPWuSchd2.exe

-c--a-w 1,121,792 2005-08-12 20:16:44 c:\program files\McAfee\SpamKiller\bak\MSKDetct.exe

-c--a-w 303,104 2005-09-22 22:29:08 c:\program files\McAfee.com\Agent\bak\mcagent.exe
-c--a-w 582,992 2007-11-01 23:12:38 c:\program files\McAfee.com\Agent\mcagent.exe

-c--a-w 212,992 2006-01-11 16:05:42 c:\program files\McAfee.com\Agent\bak\mcupdate.exe
-c--a-w 419,152 2007-12-06 18:10:26 c:\program files\McAfee.com\Agent\mcupdate.exe

-c--a-w 5,674,352 2007-01-19 16:54:56 c:\program files\MSN Messenger\bak\msnmsgr.exe
-c--a-w 5,674,352 2007-01-19 16:54:56 c:\program files\MSN Messenger\msnmsgr.exe

-c--a-w 282,624 2007-04-27 13:41:54 c:\program files\QuickTime\bak\qttask.exe

-c--a-w 1,773,568 2007-03-07 14:58:20 c:\program files\support.com\bin\bak\tgcmd.exe

-c--a-w 15,360 2004-08-04 10:00:00 c:\windows\system32\bak\ctfmon.exe
----a-w 15,360 2008-04-14 00:12:16 c:\windows\system32\ctfmon.exe

-c--a-w 77,824 2005-09-20 13:32:24 c:\windows\system32\bak\hkcmd.exe
-c--a-w 77,824 2008-02-06 20:45:20 c:\windows\system32\hkcmd.exe

-c--a-w 114,688 2005-09-20 13:36:20 c:\windows\system32\bak\igfxpers.exe
-c--a-w 114,688 2008-02-06 20:45:22 c:\windows\system32\igfxpers.exe

-c--a-w 94,208 2005-09-20 13:35:40 c:\windows\system32\bak\igfxtray.exe
-c--a-w 94,208 2005-09-20 13:35:40 c:\windows\system32\igfxtray.exe

-c--a-w 122,940 2005-09-08 10:20:00 c:\windows\system32\DLA\bak\DLACTRLW.EXE

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0ed0633c-a54d-47f1-94e7-5bded41ae674}]
2008-11-23 23:03 1784856 --a--c--- c:\program files\Free_Traffic_Bar\tbFree.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9b83f9c5-64b6-4afa-88b7-e1d67c25764a}]
2008-07-10 13:04 1600024 --a--c--- c:\program files\RetailMeNot\tbReta.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{9b83f9c5-64b6-4afa-88b7-e1d67c25764a}"= "c:\program files\RetailMeNot\tbReta.dll" [2008-07-10 1600024]
"{0ed0633c-a54d-47f1-94e7-5bded41ae674}"= "c:\program files\Free_Traffic_Bar\tbFree.dll" [2008-11-23 1784856]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{9B83F9C5-64B6-4AFA-88B7-E1D67C25764A}"= "c:\program files\RetailMeNot\tbReta.dll" [2008-07-10 1600024]
"{0ED0633C-A54D-47F1-94E7-5BDED41AE674}"= "c:\program files\Free_Traffic_Bar\tbFree.dll" [2008-11-23 1784856]

[HKEY_CLASSES_ROOT\clsid\{9b83f9c5-64b6-4afa-88b7-e1d67c25764a}]

[HKEY_CLASSES_ROOT\clsid\{0ed0633c-a54d-47f1-94e7-5bded41ae674}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" [2007-01-19 5674352]
"Exetender"="c:\program files\Free Ride Games\GPlayer.exe" [2008-11-10 2057216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2007-11-01 582992]
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" [2008-08-14 2407184]
"CTCheck"="c:\program files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe" [2007-11-06 397312]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-07 136600]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Exetender"="c:\program files\Free Ride Games\GPlayer.exe" [2008-11-10 2057216]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.SP53"= SP5X_32.DLL
"VIDC.SP54"= SP5X_32.DLL
"VIDC.SP55"= SP5X_32.DLL
"VIDC.SP56"= SP5X_32.DLL
"VIDC.SP57"= SP5X_32.DLL
"VIDC.SP58"= SP5X_32.DLL
"VIDC.SP59"= SP5X_32.DLL
"msacm.l3codec"= l3codecp.acm

[HKLM\~\startupfolder\^.recently-used.xbel]
path=\.recently-used.xbel
backup=c:\windows\pss\.recently-used.xbelCommon Startup

[HKLM\~\startupfolder\^nightshipsdesk1024[1].jpg]
path=\nightshipsdesk1024[1].jpg
backup=c:\windows\pss\nightshipsdesk1024[1].jpgCommon Startup

[HKLM\~\startupfolder\^pyerr.log]
path=\pyerr.log
backup=c:\windows\pss\pyerr.logCommon Startup

[HKLM\~\startupfolder\^pyout.log]
path=\pyout.log
backup=c:\windows\pss\pyout.logCommon Startup

[HKLM\~\startupfolder\^s-1-5-21-722900423-538402030-44441542-1006.rrr]
path=\s-1-5-21-722900423-538402030-44441542-1006.rrr
backup=c:\windows\pss\s-1-5-21-722900423-538402030-44441542-1006.rrrCommon Startup

[HKLM\~\startupfolder\^stat.log]
path=\stat.log
backup=c:\windows\pss\stat.logCommon Startup

[HKLM\~\startupfolder\^WebVpnRegKey4-myselect-selectmedicalcorp-com.dll]
path=\WebVpnRegKey4-myselect-selectmedicalcorp-com.dll
backup=c:\windows\pss\WebVpnRegKey4-myselect-selectmedicalcorp-com.dllCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BeachLifeEngSetup.exe]
c:\downlo~1\BEACHL~1.EXE [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
--a--c--- 2008-08-14 16:11 565008 c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LVCOMS]
--a--c--- 2002-12-10 16:54 127022 c:\program files\Common Files\Logitech\QCDriver3\LVComS.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
--a--c--- 2007-01-19 11:54 5674352 c:\program files\MSN Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
--a--c--- 2007-02-02 16:30 214560 c:\program files\Real\RealPlayer\realplay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SinglesMSetup.exe]
c:\downlo~1\SINGLE~1.EXE [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmileboxTray]
c:\documents and settings\KR\Application Data\Smilebox\SmileboxTray.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
--a--c--- 2004-10-14 13:42 1404928 c:\program files\Analog Devices\Core\smax4pnp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
c:\program files\Java\jre1.6.0_07\bin\jusched.exe [N/A]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a--c--- 2006-11-30 21:49 4662776 c:\program files\Yahoo!\Messenger\YahooMessenger.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"I&F Viewer toolbar"="c:\program files\Photo Toolkit\ivbar\phototoolkitmem.exe" -start
"msnmsgr"="c:\program files\MSN Messenger\msnmsgr.exe" /background
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
"igfxhkcmd"=c:\windows\system32\hkcmd.exe
"igfxpers"=c:\windows\system32\igfxpers.exe
"ThreatFire"=c:\program files\ThreatFire\TFTray.exe
"mcagent_exe"=c:\program files\McAfee.com\Agent\mcagent.exe /runkey
"MSConfig"=c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
"LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" /hide
"CTCheck"=c:\program files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
"igfxtray"=c:\windows\system32\igfxtray.exe
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\bak\isuspm.exe" -startup
"MPFExe"=c:\progra~1\McAfee.com\PERSON~1\MpfTray.exe
"VirusScan Online"=c:\program files\McAfee.com\VSO\mcvsshld.exe
"VSOCheckTask"="c:\progra~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" -hide

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"LogitechImageStudioTray"=c:\program files\Logitech\ImageStudio\LogiTray.exe
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" -start
"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"MSKAGENTEXE"=c:\progra~1\McAfee\SPAMKI~1\MskAgent.exe
"MSKDetectorExe"=c:\progra~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
"OASClnt"=c:\program files\McAfee.com\VSO\oasclnt.exe
"DMXLauncher"=c:\program files\Dell\Media Experience\DMXLauncher.exe
"MCAgentExe"=c:\progra~1\mcafee.com\agent\mcagent.exe
"LogitechGalleryRepair"=c:\program files\Logitech\ImageStudio\ISStart.exe
"MPSExe"=c:\progra~1\mcafee.com\mps\mscifapp.exe /embedding
"MCUpdateExe"=c:\progra~1\mcafee.com\agent\mcupdate.exe
"LVCOMS"=c:\program files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
"SoundMAXPnP"=c:\program files\Analog Devices\Core\smax4pnp.exe
"SunJavaUpdateSched"=c:\program files\Java\jre1.5.0_07\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R4 LeapFrog Connect Device Service;LeapFrog Connect Device Service;c:\program files\LeapFrog\LeapFrog Connect\CommandService.exe [2008-11-25 991232]
R4 X4HSX32Ex;X4HSX32Ex;c:\program files\Free Ride Games\X4HSX32Ex.sys [2009-01-03 29856]
S1 Start1Driver;Start1Driver; [x]
S3 DCamUSBSTK017;STK017 Camera;c:\windows\system32\drivers\STK017W2.sys [2003-11-17 99476]
S3 scrcap;scrcap;c:\windows\system32\DRIVERS\scrcap.sys --> c:\windows\system32\DRIVERS\scrcap.sys [?]
S4 Start2Driver;Start2Driver; [x]
.
Contents of the 'Scheduled Tasks' folder

2009-01-09 c:\windows\Tasks\1-Click Maintenance.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe []

2009-01-09 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-01-10 14:42]

2008-12-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 12:32]

2009-01-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2007-12-04 12:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.comcast.net/
mStart Page = hxxp://www.yahoo.com
uInternet Connection Wizard,ShellNext = iexplore

c:\windows\Downloaded Program Files\InstallerControl.dll - O16 -: CabBuilder
hxxp://kiw.imgag.com/imgag/kiw/toolbar/ ... ontrol.cab
c:\windows\Downloaded Program Files\OSDC5.OSD

c:\windows\system32\HotKeyDll.dll - c:\windows\system32\SignOff.wav
c:\windows\system32\return.wav
c:\windows\system32\Interrupt.wav
c:\windows\system32\Error.wav
c:\windows\system32\Tone1.wav
c:\windows\system32\Tone2.wav
c:\windows\system32\Tone3.wav
c:\windows\system32\FnetPlayer.dll
O16 -: {2CDCCD47-FB6A-42A5-8401-F19FD130005B}
hxxps://fn.probitymt.com/ehr-probity/in ... player.cab
c:\windows\Downloaded Program Files\fnetplayer.INF

c:\windows\Downloaded Program Files\sysreqlab_ind.dll - O16 -: {5727FF4C-EF4E-4d96-A96C-03AD91910448}
hxxp://www.srtest.com/srl_bin/sysreqlab_ind.cab
c:\windows\Downloaded Program Files\sysreqlab.osd
FF - ProfilePath - c:\documents and settings\KR\Application Data\Mozilla\Firefox\Profiles\y4idb8i7.default\
FF - prefs.js: browser.search.selectedEngine - Search
FF - prefs.js: browser.startup.homepage - hxxp://www.comcast.net/home.html
FF - plugin: c:\program files\Free Ride Games\npExentCtl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - false // Popupblocker control handled by McAfee Privacy Service
FF - user.js: general.useragent.extra.zencast - Creative ZENcast v2.00.13.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-11 18:20:14
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\CTSVCCDA.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\program files\McAfee\MPF\MpfSrv.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Common Files\LogiShrd\LQCVFX\COCIManager.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Logitech\QuickCam\LU\LULnchr.exe
c:\program files\Logitech\QuickCam\LU\LogitechUpdate.exe
c:\progra~1\McAfee\MSC\mcuimgr.exe
.
**************************************************************************
.
Completion time: 2009-01-11 18:28:30 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-11 23:28:11
ComboFix2.txt 2009-01-05 18:13:44

Pre-Run: 35,170,930,688 bytes free
Post-Run: 35,262,455,808 bytes free

409 --- E O F --- 2008-12-18 08:01:09



Uninstall list

2007 Microsoft Office Suite Service Pack 1 (SP1)
Adobe Flash Player ActiveX
Adobe Photoshop 7.0
Adobe Reader 8.1.3
Adobe Shockwave Player
Advanced WindowsCare 2.55 Personal
Apple Software Update
ArcSoft Software Suite
AudibleManager
Banctec Service Agreement
BCL easyPDF Printer Driver 4.3
Be Rich
Big Fish Games Client
Capitalism II
CCleaner (remove only)
Citrix Presentation Server Client - Web Only
Conexant D850 56K V.9x DFVc Modem
Creative System Information
Creative ZEN
Dell CinePlayer
Dell Digital Jukebox Driver
Dell Driver Reset Tool
Dell Resource CD
Dell Support 3.1
Desktop Doctor
Digital Content Portal
Digital Line Detect
Documentation & Support Launcher
ELIcon
Fix-it-up: Kate`s Adventure
Free Ride Games Player
Free_Traffic_Bar Toolbar
Games, Music, & Photos Launcher
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
HP Document Viewer 5.3
HP Extended Capabilities 5.3
HP Image Zone 5.3
HP Imaging Device Functions 5.3
HP Product Detection
HP PSC & OfficeJet 5.3.B
HP Solution Center & Imaging Support Tools 5.3
HP Update
Intel(R) Extreme Graphics 2 Driver
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet for Wired Connections
Java(TM) 6 Update 11
LeapFrog Connect
LeapFrog Connect
LeapFrog Didj Plugin
Lernout & Hauspie TruVoice American English TTS Engine
LiveUpdate 2.6 (Symantec Corporation)
Logitech Desktop Messenger
Logitech Legacy USB Camera Driver Package
Logitech QuickCam
Logitech QuickCam Driver Package
Malwarebytes' Anti-Malware
McAfee SecurityCenter
MCU
MedRemote WebTop
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Digital Image Standard 2006
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Mike+Mary Speech Pack
Microsoft National Language Support Downlevel APIs
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Web Publishing Wizard 1.52
Microsoft Works
Microsoft Works Suite 2006 Setup Launcher
Microsoft Works Suite Add-in for Microsoft Word
Modem Helper
Mozilla Firefox (3.0.5)
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6.0 Parser (KB933579)
NetWaiting
Paint Shop Pro 7 ESD
Photo Toolkit 1.7
QuickTime
RealArcade
RealPlayer
RetailMeNot Toolbar
Ride Carnival Tycoon
Roxio DLA
Roxio MyDVD LE
Roxio RecordNow Audio
Roxio RecordNow Copy
Roxio RecordNow Data
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 2.0 (KB928365)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Skype™ 3.8
Slingo Quest
Slingo Quest Hawaii
SoundMAX
Spybot - Search & Destroy
System Requirements Lab
Taskbar Calculator
The 80s Game With Martha Quinn
WebCyberCoach 3.2 Dell
Windows Defender Signatures
Windows Imaging Component
Windows Installer Clean Up
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows Media Player 11
Windows Presentation Foundation
Windows XP Service Pack 3
XviD MPEG-4 Video Codec
Yahoo! Messenger
ZD Recorder 3.0.1.0
ZENcast Organizer




Hijack this Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:20:26 PM, on 1/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\logitech\quickcam\lu\lulnchr.exe
c:\program files\logitech\quickcam\lu\LogitechUpdate.exe
c:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Free Traffic Bar Toolbar - {0ed0633c-a54d-47f1-94e7-5bded41ae674} - C:\Program Files\Free_Traffic_Bar\tbFree.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: RetailMeNot Toolbar - {9b83f9c5-64b6-4afa-88b7-e1d67c25764a} - C:\Program Files\RetailMeNot\tbReta.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: RetailMeNot Toolbar - {9b83f9c5-64b6-4afa-88b7-e1d67c25764a} - C:\Program Files\RetailMeNot\tbReta.dll
O3 - Toolbar: Free Traffic Bar Toolbar - {0ed0633c-a54d-47f1-94e7-5bded41ae674} - C:\Program Files\Free_Traffic_Bar\tbFree.dll
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [CTCheck] C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Exetender] "C:\Program Files\Free Ride Games\GPlayer.exe" /runonstartup
O4 - HKUS\S-1-5-18\..\Run: [Exetender] "C:\Program Files\Free Ride Games\GPlayer.exe /runonstartup" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Exetender] "C:\Program Files\Free Ride Games\GPlayer.exe /runonstartup" (User 'Default user')
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MI1933~1\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: CabBuilder - http://kiw.imgag.com/imgag/kiw/toolbar/ ... ontrol.cab
O16 - DPF: {1D082E71-DF20-4AAF-863B-596428C49874} (TPIR Control) - http://www.worldwinner.com/games/v50/tpir/tpir.cab
O16 - DPF: {2CDCCD47-FB6A-42A5-8401-F19FD130005B} (FnetPlayerCtrl Class) - https://fn.probitymt.com/ehr-probity/in ... player.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www2.snapfish.com/SnapfishActivia.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {5727FF4C-EF4E-4d96-A96C-03AD91910448} (System Requirements Lab) - http://www.srtest.com/srl_bin/sysreqlab_ind.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD5/JSCDL/jre/ ... dl.sun.com
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://3dlifeplayer.dl.3dvia.com/player ... taller.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LeapFrog Connect Device Service - Unknown owner - C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

--
End of file - 9148 bytes
alwayshopeful
Active Member
 
Posts: 10
Joined: December 28th, 2008, 9:11 pm
Advertisement
Register to Remove

Re: Browser Redirecting, HijackThis Log

Unread postby Carolyn » January 12th, 2009, 5:08 pm

Hi,

I missed a couple of things in the last go-round. Please run this CFScript:

1. Close any open browsers.

2. Open notepad and copy/paste the text in the quotebox below into it:

Code: Select all
KILLALL::

File::
c:\windows\system32\DC2983B811.dll
c:\windows\system32\DC2983B811.sys
c:\windows\system32\11B88329DC.sys

Driver::
Start1Driver
Start2Driver


Save this as CFScript.txt, in the same location as ComboFix.exe


Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall


Please post the ComboFix log along with a fresh HijackThis log. Let me know if you are having any more problems with your computer.
User avatar
Carolyn
MRU Emeritus
MRU Emeritus
 
Posts: 4701
Joined: April 18th, 2007, 9:36 am
Location: Maine

Re: Browser Redirecting, HijackThis Log

Unread postby NonSuch » January 18th, 2009, 4:43 am

Due to lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27305
Joined: February 23rd, 2005, 7:08 am
Location: California

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 56 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware