Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

google results redirected and anti spyware will not run

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

google results redirected and anti spyware will not run

Unread postby drippykid » January 24th, 2009, 1:25 pm

when i click on the search results in google, i get redirected to random commercial websites.
I tried running search and destroy and malwarebytes, but neither will start. hijack this wouldn't install, untill i tried in safemode. in safemode search and destroy and malwarebytes still do no run (i even reinstalled them in safemode to see if that helped)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:24:39 PM, on 1/24/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\BellCanada\McciTrayApp.exe
C:\Program Files\Portrait Displays\forteManager\DTHtml.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\WINDOWS\system32\tbctray.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\iSproggler\iSproggler.exe
D:\Program Files\Utorrent\utorrent.exe
C:\Program Files\Simplify Media\SimplifyMedia.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\MagicDisc\MagicDisc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\M-Audio MA_CMIDI\MA_CMIDI_Inst.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
D:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\twex.exe,
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0BD44AB1-76A7-4E05-92F4-4B065FE72BD6} - (no file)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {598F4775-6FB6-477B-9842-E0426824E077} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [HP Software Update] "D:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [BellCanada_McciTrayApp] C:\Program Files\BellCanada\McciTrayApp.exe
O4 - HKLM\..\Run: [DT LGE] C:\Program Files\Portrait Displays\forteManager\DTHtml.exe -startup_folder
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [TraySantaCruz] C:\WINDOWS\system32\tbctray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [iSproggler] "C:\Program Files\iSproggler\iSproggler.exe"
O4 - HKCU\..\Run: [uTorrent] "D:\Program Files\Utorrent\utorrent.exe"
O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"
O4 - HKCU\..\Run: [Simplify Media] "C:\Program Files\Simplify Media\SimplifyMedia.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKLM\..\Policies\Explorer\Run: [8jAurRpziD] C:\Documents and Settings\All Users\Application Data\jebeduzs\bmrqbwru.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: M-Audio CMIDI Installer (MA_CMIDI_InstallerService) - Unknown owner - C:\Program Files\M-Audio MA_CMIDI\MA_CMIDI_Inst.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP1\RpcAgentSrv.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe

--
End of file - 9747 bytes



thanks
drippykid
Active Member
 
Posts: 10
Joined: January 24th, 2009, 1:09 pm
Advertisement
Register to Remove

Re: google results redirected and anti spyware will not run

Unread postby Rodav » January 26th, 2009, 6:09 pm

Hello! :hello2: and welcome to the Malware Removal forums.
I would be glad to take a look at your log and help you with solving any malware problems. HijackThis logs can take a while to research so please be patient while I work on your log and I will post back here with any recommendations.

  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
User avatar
Rodav
MRU Master Emeritus
 
Posts: 1480
Joined: April 19th, 2007, 6:44 am
Location: Here, there and yonder.

Re: google results redirected and anti spyware will not run

Unread postby Rodav » January 26th, 2009, 6:12 pm

With reference to Malware Removal's P2P Programs Policy, please uninstall the following programs before we continue:

  1. Click on Start > Control Panel and double click on Add/Remove Programs.
  2. Locate Utorrent and click on the Change/Remove button to uninstall it.
  3. Repeat for Any other P2P program.
  4. Close Add/Remove Programs and Control Panel when done, then restart your computer.


Step 1:
Download at your desktop DDS from one of the links below:

Link1
Link2
Link3
  • Double click the tool to run it.
  • A black Screen will open, just read the contents and do nothing.
  • When the tool finish it will open 2 reports.
  • Copy/paste both reports back here and remove DDS from your desktop.
User avatar
Rodav
MRU Master Emeritus
 
Posts: 1480
Joined: April 19th, 2007, 6:44 am
Location: Here, there and yonder.

Re: google results redirected and anti spyware will not run

Unread postby drippykid » January 26th, 2009, 7:17 pm

utorrent and soulseek have been removed.


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-01-19.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 5/2/2007 2:49:58 PM
System Uptime: 1/26/2009 5:53:01 PM (1 hours ago)

Motherboard: Intel Corporation | | D845PT
Processor: Intel(R) Pentium(R) 4 CPU 2.00GHz | J1E1 | 1993/100mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 37 GiB total, 6.515 GiB free.
D: is FIXED (NTFS) - 234 GiB total, 29.436 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is CDROM ()
H: is CDROM ()
I: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E96F-E325-11CE-BFC1-08002BE10318}
Description: Microsoft PS/2 Mouse
Device ID: ACPI\PNP0F03\4&268D196D&0
Manufacturer: Microsoft
Name: Microsoft PS/2 Mouse
PNP Device ID: ACPI\PNP0F03\4&268D196D&0
Service: i8042prt

Class GUID: {4D36E980-E325-11CE-BFC1-08002BE10318}
Description: Floppy disk drive
Device ID: FDC\GENERIC_FLOPPY_DRIVE\5&1D9DE4D2&0&0
Manufacturer: (Standard floppy disk drives)
Name: Floppy disk drive
PNP Device ID: FDC\GENERIC_FLOPPY_DRIVE\5&1D9DE4D2&0&0
Service: flpydisk

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

1400
1400_Help
1400Trb
Ad-Aware
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.2
Adobe Reader 8.1.2 Security Update 1 (KB403742)
Adobe SVG Viewer 3.0
AiO_Scan
AiOSoftware
Alarm 2.0.2
Any DWG to PDF Converter 2008
Anywhere.FM Uploader
Apple Mobile Device Support
Apple Software Update
ArchiCAD 10 R1 INT
ASIO4ALL
ATI Display Driver (Omega 3.8.442)
Audacity 1.2.6
AutoCAD 2006 - English
AutoCAD 2008 - English
Autodesk DWF Viewer 7
AutoDWG DWG to PDF Converter
AviSynth 2.5
AVS Video Converter 6
AVS4YOU Software Navigator 1.3
Bandwidth Monitor
BitDefender Free Edition v10
Bonjour
Canon Camera Access Library
Canon Camera Support Core Library
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC
Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities MyCamera
Canon Utilities MyCamera DC
Canon Utilities PhotoStitch
Canon Utilities RemoteCapture DC
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
CDisplay 1.8
ClamWin Free Antivirus 0.94.1
Collab
Combined Community Codec Pack 2007-02-22
Compatibility Pack for the 2007 Office system
DivX Content Uploader
DivX Web Player
Enigma
EphPod
Fallout2
Fax
FL Studio 6
forteManager
FoxyTunes for Firefox
getPlus(R)_dll
GForce - Oddity
Google Earth
Google SketchUp 6
Google SketchUp Pro 7
Google Updater
Hammer Demo
HammerHead Rhythm Station
HB_Office_1600_04 Screen Saver
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
HP Image Zone Express
HP Product Assistant
HP PSC & OfficeJet 4.7
HP PSC & OfficeJet 5.3.B
HP Software Update
HP USB Disk Storage Format Tool
InkSaver
Internet Check-Up
iPod 2 iPod
iScrobbler
iTunes
iTunes Art Importer
J2SE Runtime Environment 5.0 Update 6
Java(TM) 6 Update 11
Last.fm 1.5.2.38918
Live 6.0.1
Live 7.0.14
Logitech Desktop Messenger
Logitech Print Service
LucasArts' Monkey 4
MA_CMIDI
Machinehead Software Chain Length Calculator
MagicDisc 2.5.74
MediaMonkey 2.5
Medieval II Total War
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Bootvis
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office Professional Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Mozilla Firefox (3.0.5)
MSN
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6 Service Pack 2 (KB954459)
MultiRes (remove only)
Native Instruments FM8 v1.0.1.002 VSTi DXi RTAS
Native Instruments Guitar Rig 2
Nero 7 Premium
Noiseware Professional Plug-in
Oblivion
Pacemaker Editor
Portraiture Plug-in
ProductContext
QuickTime
Radeon Omega Drivers v3.8.330 Setup Files and Tools
Radeon Omega Drivers v4.8.442 Setup Files and Tools
Readme
Real Alternative 1.60
RealGrain Plug-in
Reason 4.0.1
Reasonable NoClone 2007 Home
Santa Cruz
Scan
ScummVM 0.9.1
SDK
Security Update for CAPICOM (KB931906)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950582)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB960714)
Simplify Media
SiSoftware Sandra Lite 2009.SP1
Software Update for Web Folders
Songbird 0.2.5 (Win32)
Sony Noise Reduction Plug-In 2.0h
Sony Sound Forge 8.0d
Sony Sound Forge 9.0
SpaceMonger 2.1.1
Spybot - Search & Destroy
SpywareBlaster 4.1
Sun xVM VirtualBox
System Requirements Lab
Uniblue SpeedUpMyPC 2009
Update for Windows Media Player 10 (KB926251)
Update for Windows XP (KB925720)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB958752)
VAZ Modular Demo 3.03
VBA (2627.01)
VC 9.0 Runtime
Videora iPod Converter 3.05
Virtual Earth 3D (Beta)
WebCam for MSN Messenger
WIBU-KEY Setup (WIBU-KEY Remove)
Windows Driver Package - Microsoft WPD (12/01/2006 1.2.0.0)
Windows Imaging Component
Windows Live Messenger
Windows Media Format 11 runtime
Windows Presentation Foundation
WinRAR archiver
Wubi
XBCD 1.03
XML Paper Specification Shared Components Pack 1.0
Yahoo! Toolbar
ZoneAlarm
Zune
Zune Desktop Theme

==== Event Viewer Messages From Past Week ========

1/22/2009 10:39:35 PM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service wuauserv with

arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
1/21/2009 4:10:54 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to

load: i8042prt
1/21/2009 4:10:00 PM, error: ati2mtag [45062] - CRT invalid display type
1/23/2009 1:56:48 PM, error: Service Control Manager [7000] - The bdfdll service failed to start due to the following error:

The system cannot find the file specified.
1/23/2009 1:56:50 PM, error: Service Control Manager [7000] - The BDFsDrv service failed to start due to the following

error: The system cannot find the file specified.
1/23/2009 1:56:50 PM, error: Service Control Manager [7000] - The BDRsDrv service failed to start due to the following

error: The system cannot find the file specified.
1/23/2009 5:55:03 PM, error: Service Control Manager [7001] - The Windows Media Connect Service service depends on the

Universal Plug and Play Device Host service which failed to start because of the following error: The service cannot be started,

either because it is disabled or because it has no enabled devices associated with it.
1/24/2009 3:44:47 AM, error: Service Control Manager [7031] - The Windows Presentation Foundation Font Cache 3.0.0.0

service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds:

Restart the service.
1/24/2009 11:26:32 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with

arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
1/24/2009 11:27:18 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to

load: Fips intelppm VBoxDrv VBoxUSBMon
1/24/2009 11:29:21 AM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with

arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
1/24/2009 8:10:06 PM, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MSIServer with

arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}

==== End Of File ===========================



DDS (Ver_09-01-19.01) - NTFSx86
Run by admin at 18:02:12.12 on Mon 01/26/2009
Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.767.208 [GMT -5:00]

AV: Bitdefender Antivirus *On-access scanning enabled* (Updated)
FW: ZoneAlarm Firewall *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\M-Audio MA_CMIDI\MA_CMIDI_Inst.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\BellCanada\McciTrayApp.exe
C:\Program Files\Portrait Displays\forteManager\DTHtml.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\tbctray.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Simplify Media\SimplifyMedia.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Downloads\dds.com
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = about:blank
uSearchMigratedDefaultURL = 687474703a2f2f7777772e676f6f676c652e636f6d2f
mSearchMigratedDefaultURL = 687474703a2f2f7777772e676f6f676c652e636f6d2f
uInternet Settings,ProxyOverride = *.local
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\windows\system32\twex.exe,
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
BHO: NoExplorer - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common

files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: {598F4775-6FB6-477B-9842-E0426824E077} - No File
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\4.1.805.4472\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\progra~1\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\progra~1\yahoo!\companion\installs\cpn\yt.dll
uRun: [MsnMsgr] "c:\program files\msn messenger\MsnMsgr.Exe" /background
uRun: [iSproggler] "c:\program files\isproggler\iSproggler.exe"
uRun: [uTorrent] "d:\program files\utorrent\utorrent.exe"
uRun: [AdobeUpdater] "c:\program files\common files\adobe\updater5\AdobeUpdater.exe"
uRun: [Simplify Media] "c:\program files\simplify media\SimplifyMedia.exe"
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [HP Software Update] "d:\program files\hp\hp software update\HPWuSchd2.exe"
mRun: [AtiPTA] atiptaxx.exe
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [SunJavaUpdateSched] c:\program files\java\jre1.5.0_06\bin\jusched.exe
mRun: [Zune Launcher] "c:\program files\zune\ZuneLauncher.exe"
mRun: [LogitechVideoRepair] c:\program files\logitech\video\ISStart.exe
mRun: [BellCanada_McciTrayApp] c:\program files\bellcanada\McciTrayApp.exe
mRun: [DT LGE] c:\program files\portrait displays\fortemanager\DTHtml.exe -startup_folder
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [ClamWin] "c:\program files\clamwin\bin\ClamTray.exe" --logon
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [BDMCon] c:\progra~1\softwin\bitdef~1\bdmcon.exe
mRun: [BDAgent] "c:\program files\softwin\bitdefender10\bdagent.exe"
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [TraySantaCruz] c:\windows\system32\tbctray.exe
mExplorerRun: [8jAurRpziD] c:\documents and settings\all users\application data\jebeduzs\bmrqbwru.exe
StartupFolder: c:\docume~1\admin\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\autoca~1.lnk - c:\program files\common files\autodesk shared\acstart16.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\desktop

messenger\8876480\program\LDMConf.exe
IE: Copy to Semagic
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Semagic
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search &

destroy\SDHelper.dll
DPF: {0000000A-0000-0010-8000-00AA00389B71} -

hxxp://download.microsoft.com/download/ ... wmavax.CAB
DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-1-24 64160]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [2008-8-20 54896]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [2008-8-20 41616]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2009-1-26 353680]
R3 tbcspud;Santa Cruz Driver;c:\windows\system32\drivers\tbcspud.sys [2007-5-2 142336]
R3 tbcwdm;Santa Cruz WDM Driver;c:\windows\system32\drivers\tbcwdm.sys [2007-5-2 524288]
R4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-1-18 942416]
R4 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\sisoftware\sisoftware sandra lite 2009.sp1\RpcAgentSrv.exe [2008-11-23

98488]
S3 vtdg46xx;vtdg46xx;c:\progra~1\turtle~1\santac~1\contro~1\vtdg46xx.sys [2007-5-2 19232]

============== File Associations ===============

regfile="regedit.exe" "%1"

=============== Created Last 30 ================

2009-01-26 16:58 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Last.fm
2009-01-26 16:57 <DIR> --d----- c:\program files\Last.fm
2009-01-26 16:02 <DIR> --d----- c:\program files\SpywareBlaster
2009-01-26 15:20 4,212 a---h--- c:\windows\system32\zllictbl.dat
2009-01-26 15:20 1,221,008 a------- c:\windows\system32\zpeng25.dll
2009-01-26 15:20 <DIR> --d----- c:\windows\system32\ZoneLabs
2009-01-26 15:20 <DIR> --d----- c:\program files\Zone Labs
2009-01-26 15:20 348,371 a------- c:\windows\system32\vsconfig.xml
2009-01-26 15:15 <DIR> --d----- c:\windows\Internet Logs
2009-01-24 22:59 24,384 a------- c:\windows\system32\AAWService_2009_01_24_22_59_28.dmp
2009-01-24 22:57 15,688 a------- c:\windows\system32\lsdelete.exe
2009-01-24 20:27 64,160 a------- c:\windows\system32\drivers\Lbd.sys
2009-01-24 20:25 <DIR> --d----- c:\program files\Lavasoft
2009-01-24 20:10 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-01-24 11:29 <DIR> --d----- c:\program files\Trend Micro
2009-01-24 11:06 <DIR> --d----- c:\windows\system32\NtmsData
2009-01-23 19:30 <DIR> --d----- c:\program files\Imagenomic
2009-01-23 16:54 <DIR> --d----- c:\docume~1\admin\applic~1\uniblue
2009-01-23 16:54 <DIR> --d----- c:\program files\Uniblue
2009-01-23 16:53 <DIR> -cd-h--- c:\docume~1\alluse~1\applic~1\{D994735B-8DC6-4AEE-B720-704A4EC0402E}
2009-01-23 16:23 <DIR> --d----- C:\#AutoPatcher_Temp#
2009-01-23 15:50 212,240 a------- c:\windows\system32\RICHTX32.OCX
2009-01-23 15:50 40,960 a------- c:\windows\system32\SSUBTMR6.DLL
2009-01-23 15:37 <DIR> --d----- c:\windows\SxsCaPendDel
2009-01-23 15:32 124,688 a------- c:\windows\system32\MSWINSCK.OCX
2009-01-23 15:32 10,752 a------- c:\windows\system32\aamd532.dll
2009-01-23 15:22 <DIR> --d-hr-- C:\AHCache
2009-01-23 14:48 <DIR> --d----- c:\docume~1\admin\applic~1\Bitdefender
2009-01-23 13:59 81,984 a------- c:\windows\system32\bdod.bin
2009-01-23 13:55 <DIR> --d----- c:\program files\Softwin
2009-01-23 13:55 <DIR> --d----- c:\docume~1\alluse~1\applic~1\BitDefender
2009-01-23 13:54 <DIR> --d----- c:\program files\common files\Softwin
2009-01-21 13:21 102,664 a------- c:\windows\system32\drivers\tmcomm.sys
2009-01-21 13:20 <DIR> --d----- c:\documents and settings\admin\.housecall6.6
2009-01-21 10:59 <DIR> --d----- c:\program files\Simplify Media
2009-01-11 12:44 <DIR> --d----- c:\program files\Bonjour
2009-01-11 12:43 <DIR> --d----- c:\program files\iPod
2009-01-11 12:42 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-01-04 02:35 <DIR> --d----- c:\docume~1\admin\applic~1\Thinstall
2009-01-03 17:08 86,016 a------- c:\windows\unvise32.exe
2009-01-03 13:09 73,728 a------- c:\windows\system32\ISUSPM.cpl
2009-01-03 13:09 <DIR> --d----- c:\program files\M-Audio
2009-01-02 12:35 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Ableton
2009-01-02 12:35 <DIR> --d----- c:\docume~1\admin\applic~1\Ableton
2009-01-02 12:27 85,504 a------- c:\windows\system32\ma_cmidn.dll
2009-01-02 12:27 21,888 a------- c:\windows\system32\drivers\ma_cmidi.sys
2009-01-02 12:27 17,920 a------- c:\windows\system32\MA_CMIDI.DLL
2009-01-02 12:27 14,176 a------- c:\windows\system32\MA_CMIDI.DRV
2009-01-02 12:27 7,282 a------- c:\windows\system32\MA_CMIDI.VXD
2009-01-02 12:27 <DIR> --d----- c:\windows\system32\INF
2009-01-02 12:26 <DIR> --d----- c:\program files\M-Audio MA_CMIDI

==================== Find3M ====================

2008-12-17 16:14 233,472 a------- c:\windows\system32\REX Shared Library.dll
2008-12-12 11:18 87,336 a------- c:\windows\system32\dns-sd.exe
2008-12-12 11:11 61,440 a------- c:\windows\system32\dnssd.dll
2008-12-11 05:24 333,184 a------- c:\windows\system32\drivers\srv.sys
2008-12-04 11:57 410,984 a------- c:\windows\system32\deploytk.dll
2008-11-30 02:00 52,736 a------- c:\windows\ipuninst.exe
2008-11-24 16:37 6,820 a------- c:\windows\system32\d3d9caps.dat
2008-11-24 16:25 472,576 a------- c:\windows\Radeon Omega Drivers v4.8.442 Uninstall.exe

============= FINISH: 18:04:26.43 ===============
drippykid
Active Member
 
Posts: 10
Joined: January 24th, 2009, 1:09 pm

Re: google results redirected and anti spyware will not run

Unread postby Rodav » January 26th, 2009, 10:18 pm

I'm afraid I have unpleasant news for you. You have a Very Dangerous infection on this machine.
The infection is delivered by twex.exe
It allows outsiders COMPLETE access to every keystroke, account, and password you use while on this machine, and complete access to any other data present...
IF this computer has been used for any kind of important data, my best recommendation is to Disconnect from Internet, Re-Format the entire drive and re-install your Operating system and Applications.

We can likely clean the infected files off the computer, and if you wish we will attempt to do so, but we cannot be sure that the infection didn't do something to your system to reduce the system security. In that instance, even after removal of the infection, you could be subject to another attack or takeover as soon as you re-connect to the Internet.

The Decision Whether to ReFormat or Not should be based on:
  • The use of the computer - this is the primary factor in the decision whether to re-format and re-install, or just disinfect.
  • The variety of malware - this influences the decision on whether to re-format and re-install, or just disinfect. IN THIS CASE we have a ZBot, the worst kind.
If the Computer has been used for any important data, you are strongly advised to do the following, immediately:
  • Disconnect the infected computer from the internet and from any networked computers until the computer can be cleaned.
  • Back up all important data on the machine. Do not back up any Applications (programs). Those should be re-installed from the original source CDs or websites.
  • If you have ever used this computer for shopping, banking, or any transactions relating to your financial well being:
    Call all of your banks, credit card companies, and financial institutions, informing them that you may be a victim of identity theft, and to put a watch on your accounts or change all your account numbers.
  • From a clean computer, change ALL your online passwords -- for ISP login, email, banks, financial accounts, PayPal, eBay, online companies, and any online forums or groups you belong to.
  • DO NOT change passwords or do any transactions while using the infected computer because the attacker will get the new password and transaction information.
  • Take any other steps you think appropriate for an attempted identity theft.
  • Please read this for more information: How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
While you are deciding whether to ReFormat and Re-Install, a useful link is here: http://www.dslreports.com/faq/10063
Please let me know what you decide.
User avatar
Rodav
MRU Master Emeritus
 
Posts: 1480
Joined: April 19th, 2007, 6:44 am
Location: Here, there and yonder.

Re: google results redirected and anti spyware will not run

Unread postby drippykid » January 28th, 2009, 2:51 pm

thanks for the heads up, I changed all of my passwords and spoke to the bank.

I might just try to disinfect for now then if things don't get better i'll re install windows when I have more time.

another thing, there is a laptop that shares the same network frequently, can this infection spread itself from computer to computer through a network.

thanks
drippykid
Active Member
 
Posts: 10
Joined: January 24th, 2009, 1:09 pm

Re: google results redirected and anti spyware will not run

Unread postby Rodav » January 28th, 2009, 7:16 pm

It's possible the laptop is also infected, you can start a new topic in the forum after we finish up here if you want it looked at.

You have 2 antivirus programs BitDefender Free Edition v10 and ClamWin Free Antivirus 0.94.1 installed, neither of which offer realtime protection. If you do not have an antivirus with realtime protection installed I suggest you uninstall both of those and download one of the following:

1) Antivir PersonalEditionClassic
-Free anti-virus software for Windows.
-Detects and removes more than 50,000 viruses. Free support.
2) avast! 4 Home Edition
-Anti-virus program for Windows.
-The home edition is freeware for noncommercial user.

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts.


Step 1:
We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix


* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review, along with a new HijackThis log.
User avatar
Rodav
MRU Master Emeritus
 
Posts: 1480
Joined: April 19th, 2007, 6:44 am
Location: Here, there and yonder.

Re: google results redirected and anti spyware will not run

Unread postby drippykid » January 29th, 2009, 12:33 am

I installed Avast. and tried to run combofix, but it won't start (i get the hour glass for a second or two and then nothing happens). same problem that i'm having with malwarebytes and spybot's scanner.

i ran a boot scan with avast which deleted a few trojens.

here is the newest hijackthis log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:26:51 PM, on 1/28/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\M-Audio MA_CMIDI\MA_CMIDI_Inst.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Portrait Displays\forteManager\DTHtml.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\tbctray.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Simplify Media\SimplifyMedia.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
D:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,userinit.exe
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {598F4775-6FB6-477B-9842-E0426824E077} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [HP Software Update] "D:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [DT LGE] C:\Program Files\Portrait Displays\forteManager\DTHtml.exe -startup_folder
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TraySantaCruz] C:\WINDOWS\system32\tbctray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [iSproggler] "C:\Program Files\iSproggler\iSproggler.exe"
O4 - HKCU\..\Run: [uTorrent] "D:\Program Files\Utorrent\utorrent.exe"
O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"
O4 - HKCU\..\Run: [Simplify Media] "C:\Program Files\Simplify Media\SimplifyMedia.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKLM\..\Policies\Explorer\Run: [8jAurRpziD] C:\Documents and Settings\All Users\Application Data\jebeduzs\bmrqbwru.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: M-Audio CMIDI Installer (MA_CMIDI_InstallerService) - Unknown owner - C:\Program Files\M-Audio MA_CMIDI\MA_CMIDI_Inst.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP1\RpcAgentSrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 9389 bytes
drippykid
Active Member
 
Posts: 10
Joined: January 24th, 2009, 1:09 pm

Re: google results redirected and anti spyware will not run

Unread postby Rodav » January 29th, 2009, 2:03 pm

Please delete your copy of combofix.exe, something must be blocking it. Then proceed with the following:

Step 1:
Disable Spybot's TeaTimer. This is a two step process.

Spybot S&D's tea timer normally provides real-time protection from spyware, however it may interfere with what we need to do. We will disable it until the machine is clean when it can be re-enabled.

First step:
  • Right-click the Spybot Icon in the System Tray (looks like a blue/white calendar with a padlock symbol)
  • If you have the new version 1.5, Click once on Resident Protection, then Right click the Spybot icon again and make sure Resident Protection is now Unchecked. The Spybot icon in the System tray should now be now colorless.
  • If you have Version 1.4, Click on Exit Spybot S&D Resident
Second step, For Either Version :
  • Open Spybot S&D
  • Click Mode, choose Advanced Mode
  • Go To the bottom of the Vertical Panel on the Left, Click Tools
  • then, also in left panel, click Resident shows a red/white shield.
  • If your firewall raises a question, say OK
  • In the Resident protection status frame, Uncheck the box labeled Resident "Tea-Timer"(Protection of over-all system settings) active
  • OK any prompts.
  • Use File, Exit to terminate Spybot
  • Reboot your machine for the changes to take effect.
Don't forget to re-enable it, when your computer is clean.

You must also disable AdWatch in Adaware.


Step 2:
Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2
Link 3

Image


Image
--------------------------------------------------------------------

Double click on Combo-Fix.exe & follow the prompts.
    When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a HijackThis log so we can continue cleaning the system.


Step 3:
  • Download GMER by GMER from one of the links below:
    Link1
    Link2
  • Unzip it to a folder on your desktop
  • Rename gmer.exe to hiding.exe then double click hiding.exe to launch GMER
  • If asked, allow the gmer.sys driver load
  • If it warns you about rootkit activity and asks if you want to run scan, click OK
  • If you don't get a warning then
    • Click the rootkit tab
    • Click Scan
  • Once the scan has finished, click copy
  • Paste the log into notepad using Ctrl+V
  • Save it to your desktop as gmerrk.txt
  • Click on the >>> tab
  • This will open up the rest of the tabs for you
  • Click on the Autostart tab
  • Click on Scan
  • Once the scan has finished, click copy
  • Paste the log into notepad using Ctrl+V
  • Save it to your desktop as gmerautos.txt
  • Copy and paste the contents of gmerautos.txt and gmerrk.txt as a reply to this topic, you can use multiple replies for all the logs if needed.
User avatar
Rodav
MRU Master Emeritus
 
Posts: 1480
Joined: April 19th, 2007, 6:44 am
Location: Here, there and yonder.

Re: google results redirected and anti spyware will not run

Unread postby drippykid » January 30th, 2009, 4:56 pm

here's the combo fix log, after the computer restarted, combofix said that avast was running and to turn it off. i tried but it said access denied when i tried, even though this is the admin account.

ComboFix 09-01-21.04 - admin 2009-01-30 14:50:05.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.767.403 [GMT -5:00]
Running from: c:\documents and settings\admin\My Documents\My Pictures\Combo-Fix.exe
AV: avast! antivirus 4.8.1296 [VPS 090130-0] *On-access scanning enabled* (Updated)
FW: ZoneAlarm Firewall *enabled*
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\UACxdoydlvv.sys
c:\windows\system32\dumphive.exe
c:\windows\system32\IEDFix.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg
c:\windows\system32\UACdnevgkpl.dll
c:\windows\system32\UACfbkkcbay.dat
c:\windows\system32\UACicrrnooj.dll
c:\windows\system32\UACiprtjita.dll
c:\windows\system32\UACnjyksoql.dll
c:\windows\system32\UACompyddfy.log
c:\windows\system32\UACxjunanrd.log
c:\windows\system32\UACxswtwaxf.log
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_UACd.sys


((((((((((((((((((((((((( Files Created from 2008-12-28 to 2009-01-30 )))))))))))))))))))))))))))))))
.

2009-01-28 22:34 . 2009-01-28 22:34 <DIR> d-------- c:\documents and settings\Administrator
2009-01-28 19:47 . 2009-01-28 19:47 <DIR> d-------- c:\program files\Alwil Software
2009-01-28 14:15 . 2009-01-28 14:15 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-28 14:15 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-28 14:15 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-28 13:36 . 2009-01-28 13:36 5,566 --a------ c:\windows\system32\uacinit.dll
2009-01-26 16:58 . 2009-01-26 16:58 <DIR> d-------- c:\documents and settings\All Users\Application Data\Last.fm
2009-01-26 16:57 . 2009-01-26 16:58 <DIR> d-------- c:\program files\Last.fm
2009-01-26 16:02 . 2009-01-26 16:04 <DIR> d-------- c:\program files\SpywareBlaster
2009-01-26 15:20 . 2009-01-26 15:20 <DIR> d-------- c:\windows\system32\ZoneLabs
2009-01-26 15:20 . 2009-01-26 15:20 <DIR> d-------- c:\program files\Zone Labs
2009-01-26 15:20 . 2008-11-13 15:18 1,221,008 --a------ c:\windows\system32\zpeng25.dll
2009-01-26 15:20 . 2009-01-30 14:46 348,371 --a------ c:\windows\system32\vsconfig.xml
2009-01-26 15:20 . 2009-01-26 15:20 4,212 --ah----- c:\windows\system32\zllictbl.dat
2009-01-26 15:15 . 2009-01-30 14:51 <DIR> d-------- c:\windows\Internet Logs
2009-01-24 22:59 . 2009-01-24 22:59 24,384 --a------ c:\windows\system32\AAWService_2009_01_24_22_59_28.dmp
2009-01-24 22:57 . 2009-01-24 20:27 15,688 --a------ c:\windows\system32\lsdelete.exe
2009-01-24 20:27 . 2009-01-24 20:27 64,160 --a------ c:\windows\system32\drivers\Lbd.sys
2009-01-24 20:25 . 2009-01-24 20:25 <DIR> d-------- c:\program files\Lavasoft
2009-01-24 20:25 . 2009-01-24 20:27 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2009-01-24 20:10 . 2009-01-24 20:26 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-01-24 11:29 . 2009-01-24 11:29 <DIR> d-------- c:\program files\Trend Micro
2009-01-24 11:06 . 2009-01-24 11:06 <DIR> d-------- c:\windows\system32\NtmsData
2009-01-23 19:39 . 2009-01-24 21:03 <DIR> d-------- c:\documents and settings\admin\Application Data\Imagenomic
2009-01-23 19:30 . 2009-01-23 19:31 <DIR> d-------- c:\program files\Imagenomic
2009-01-23 16:54 . 2009-01-23 16:54 <DIR> d-------- c:\program files\Uniblue
2009-01-23 16:54 . 2009-01-23 16:54 <DIR> d-------- c:\documents and settings\admin\Application Data\uniblue
2009-01-23 16:53 . 2009-01-23 16:54 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{D994735B-8DC6-4AEE-B720-704A4EC0402E}
2009-01-23 16:23 . 2009-01-23 16:32 <DIR> d-------- C:\#AutoPatcher_Temp#
2009-01-23 15:50 . 2007-07-10 14:27 212,240 --a------ c:\windows\system32\RICHTX32.OCX
2009-01-23 15:50 . 2007-07-10 14:27 40,960 --a------ c:\windows\system32\SSUBTMR6.DLL
2009-01-23 15:37 . 2009-01-23 15:59 <DIR> d-------- c:\windows\SxsCaPendDel
2009-01-23 15:32 . 2004-09-03 00:00 124,688 --a------ c:\windows\system32\MSWINSCK.OCX
2009-01-23 15:32 . 2007-10-07 11:27 10,752 --a------ c:\windows\system32\aamd532.dll
2009-01-23 15:22 . 2009-01-23 15:22 <DIR> dr-h----- C:\AHCache
2009-01-23 13:59 . 2009-01-28 19:45 81,984 --a------ c:\windows\system32\bdod.bin
2009-01-23 13:55 . 2009-01-28 19:45 <DIR> d-------- c:\documents and settings\All Users\Application Data\BitDefender
2009-01-23 13:54 . 2009-01-23 13:56 <DIR> d-------- c:\program files\Common Files\Softwin
2009-01-23 11:20 . 2009-01-28 17:47 <DIR> d--hs---- c:\windows\system32\twain32
2009-01-21 13:21 . 2009-01-21 13:20 102,664 --a------ c:\windows\system32\drivers\tmcomm.sys
2009-01-21 13:20 . 2009-01-21 15:11 <DIR> d-------- c:\documents and settings\admin\.housecall6.6
2009-01-21 10:59 . 2009-01-21 10:59 <DIR> d-------- c:\program files\Simplify Media
2009-01-11 12:44 . 2009-01-11 12:44 <DIR> d-------- c:\program files\Bonjour
2009-01-11 12:43 . 2009-01-11 12:43 <DIR> d-------- c:\program files\iPod
2009-01-11 12:42 . 2009-01-11 12:43 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-01-04 02:35 . 2009-01-04 02:35 <DIR> d-------- c:\documents and settings\admin\Application Data\Thinstall
2009-01-03 17:08 . 1999-12-17 10:13 86,016 --a------ c:\windows\unvise32.exe
2009-01-03 13:09 . 2009-01-03 13:09 <DIR> d-------- c:\program files\M-Audio
2009-01-03 13:09 . 2009-01-03 13:09 <DIR> d-------- c:\documents and settings\All Users\Application Data\InstallShield
2009-01-03 13:09 . 2005-08-11 15:29 73,728 --a------ c:\windows\system32\ISUSPM.cpl
2009-01-02 12:35 . 2009-01-02 12:35 <DIR> d-------- c:\documents and settings\All Users\Application Data\Ableton
2009-01-02 12:35 . 2009-01-02 13:34 <DIR> d-------- c:\documents and settings\admin\Application Data\Ableton
2009-01-02 12:27 . 2009-01-02 12:27 <DIR> d-------- c:\windows\system32\INF
2009-01-02 12:27 . 2005-06-14 13:44 85,504 --a------ c:\windows\system32\ma_cmidn.dll
2009-01-02 12:27 . 2005-06-14 13:44 21,888 --a------ c:\windows\system32\drivers\ma_cmidi.sys
2009-01-02 12:27 . 2005-06-14 13:44 17,920 --a------ c:\windows\system32\MA_CMIDI.DLL
2009-01-02 12:27 . 2005-06-14 13:44 14,176 --a------ c:\windows\system32\MA_CMIDI.DRV
2009-01-02 12:27 . 2005-06-14 13:44 7,282 --a------ c:\windows\system32\MA_CMIDI.VXD
2009-01-02 12:26 . 2009-01-02 12:27 <DIR> d-------- c:\program files\M-Audio MA_CMIDI
2008-12-18 17:19 . 2003-11-04 15:10 69,632 --a------ c:\windows\system32\lfgif13n.dll
2008-12-18 17:19 . 2004-05-14 16:53 57,344 --a------ c:\windows\system32\lfbmp13n.dll
2008-12-18 17:19 . 2003-05-22 16:31 55,808 --a------ c:\windows\system32\lfpsd13n.dll
2008-12-12 23:46 . 2008-12-13 09:28 <DIR> d-------- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2008-12-12 23:46 . 2008-12-12 23:46 <DIR> d-------- c:\documents and settings\admin\Application Data\Yahoo!
2008-12-12 23:43 . 2009-01-11 13:23 <DIR> d-------- c:\program files\Yahoo!
2008-12-12 23:43 . 2009-01-11 13:22 <DIR> d-------- c:\documents and settings\All Users\Application Data\Yahoo!
2008-12-12 11:18 . 2008-12-12 11:18 87,336 --a------ c:\windows\system32\dns-sd.exe
2008-12-12 11:11 . 2008-12-12 11:11 61,440 --a------ c:\windows\system32\dnssd.dll
2008-12-06 18:42 . 2008-12-06 18:43 <DIR> d-------- c:\program files\Virtual Earth 3D
2008-12-04 18:32 . 2008-12-04 18:32 <DIR> d-------- c:\documents and settings\All Users\Application Data\AVS4YOU
2008-12-04 18:32 . 2008-12-04 18:32 <DIR> d-------- c:\documents and settings\admin\Application Data\AVS4YOU
2008-12-04 18:29 . 2008-12-04 18:30 <DIR> d-------- c:\program files\Common Files\AVSMedia
2008-12-04 18:29 . 2008-12-04 18:30 <DIR> d-------- c:\program files\AVS4YOU
2008-12-04 18:29 . 2007-02-27 18:36 1,700,352 --a------ c:\windows\system32\GdiPlus.dll
2008-12-04 18:29 . 2007-02-27 18:36 24,576 --a------ c:\windows\system32\msxml3a.dll
2008-12-04 11:58 . 2008-12-04 11:57 410,984 --a------ c:\windows\system32\deploytk.dll
2008-12-04 11:58 . 2008-12-04 11:57 73,728 --a------ c:\windows\system32\javacpl.cpl

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-30 06:16 1,352,704 ----a-w c:\windows\Internet Logs\xDB1.tmp
2009-01-29 01:21 --------- d-----w c:\program files\BellCanada
2009-01-26 22:50 --------- d-----w c:\program files\Soulseek
2009-01-26 21:50 --------- d-----w c:\program files\iTunes
2009-01-26 21:50 --------- d-----w c:\program files\iSproggler
2009-01-26 20:57 --------- d-----w c:\documents and settings\admin\Application Data\uTorrent
2009-01-26 20:56 --------- d-----w c:\documents and settings\admin\Application Data\iSproggler
2009-01-25 00:07 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-24 19:49 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-01-24 05:56 --------- d-----w c:\program files\Semagic
2009-01-24 05:55 --------- d-----w c:\program files\LochJournal
2009-01-24 05:55 --------- d-----w c:\program files\LJ.NET
2009-01-11 18:34 --------- d-----w c:\program files\QuickTime
2009-01-11 18:27 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-11 18:24 --------- d-----w c:\program files\Electronic Arts
2009-01-11 17:37 --------- d-----w c:\program files\Common Files\Apple
2009-01-04 07:31 --------- d-----w c:\program files\ASIO4ALL v2
2009-01-03 22:07 --------- d-----w c:\program files\VSTplugins
2009-01-03 18:09 --------- d-----w c:\program files\Common Files\InstallShield
2008-12-30 02:44 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2008-12-22 01:40 --------- d-----w c:\documents and settings\admin\Application Data\Image Zone Express
2008-12-17 21:14 233,472 ----a-w c:\windows\system32\REX Shared Library.dll
2008-12-11 10:24 333,184 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-04 16:57 --------- d-----w c:\program files\Java
2008-11-30 07:00 52,736 ----a-w c:\windows\ipuninst.exe
2008-11-24 21:25 472,576 ----a-w c:\windows\Radeon Omega Drivers v4.8.442 Uninstall.exe
2008-10-27 15:04 70,992 ----a-w c:\windows\system32\XAPOFX1_2.dll
2008-10-27 15:04 514,384 ----a-w c:\windows\system32\XAudio2_3.dll
2008-10-27 15:04 235,856 ----a-w c:\windows\system32\xactengine3_3.dll
2008-10-27 15:04 23,376 ----a-w c:\windows\system32\X3DAudio1_5.dll
2008-10-23 12:51 284,160 ----a-w c:\windows\system32\gdi32.dll
2008-10-17 19:47 107,888 ----a-w c:\windows\system32\CmdLineExt.dll
2008-10-16 19:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 19:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 19:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 19:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 19:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 19:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 19:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 19:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 19:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 19:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-16 10:20 667,648 ----a-w c:\windows\system32\wininet.dll
2008-10-10 09:52 452,440 ----a-w c:\windows\system32\d3dx10_40.dll
2008-10-10 09:52 4,379,984 ----a-w c:\windows\system32\D3DX9_40.dll
2008-10-10 09:52 2,036,576 ----a-w c:\windows\system32\D3DCompiler_40.dll
2008-10-03 10:15 247,326 ----a-w c:\windows\system32\strmdll.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2008-11-08 2356088]
"Simplify Media"="c:\program files\Simplify Media\SimplifyMedia.exe" [2009-01-08 8079880]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="d:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 49152]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"SunJavaUpdateSched"="c:\program files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2007-03-14 24104]
"DT LGE"="c:\program files\Portrait Displays\forteManager\DTHtml.exe" [2007-02-01 285696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-01-24 507224]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-11-13 981904]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"TraySantaCruz"="c:\windows\system32\tbctray.exe" [2001-08-29 307200]
"AtiPTA"="atiptaxx.exe" [2006-02-21 c:\windows\system32\atiptaxx.exe]

c:\documents and settings\admin\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2007-05-10 534016]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
AutoCAD Startup Accelerator.lnk - c:\program files\Common Files\Autodesk Shared\acstart16.exe [2005-03-05 10872]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-06-01 169472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
"vidc.wmv3"= c:\progra~1\COMBIN~1\Filters\wmv9vcm.dll
"midi1"= ma_cmidn.dll
"midi2"= ma_cmidn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"d:\\Program Files\\Graphisoft\\ArchiCAD 10\\ArchiCAD.exe"=
"d:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2009.SP1\\RpcAgentSrv.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2009.SP1\\WNt500x86\\RpcSandraSrv.exe"=
"d:\\torrent downloads\\Left.4.Dead.Full-Rip.Skullptura\\Left.4.Dead.Full-Rip.Skullptura\\Left 4 Dead\\left4dead.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Simplify Media\\SimplifyMedia.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-01-24 64160]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-01-28 111184]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [2008-08-20 54896]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [2008-08-20 41616]
R3 tbcspud;Santa Cruz Driver;c:\windows\system32\drivers\tbcspud.sys [2007-05-02 142336]
R3 tbcwdm;Santa Cruz WDM Driver;c:\windows\system32\drivers\tbcwdm.sys [2007-05-02 524288]
R4 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-01-28 20560]
R4 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 942416]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2009.SP1\RpcAgentSrv.exe [2008-11-23 98488]
S3 vtdg46xx;vtdg46xx;c:\progra~1\TURTLE~1\SANTAC~1\CONTRO~1\vtdg46xx.sys [2007-05-02 19232]
.
Contents of the 'Scheduled Tasks' folder

2009-01-27 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-24 20:27]

2009-01-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
- - - - ORPHANS REMOVED - - - -

BHO-{598F4775-6FB6-477B-9842-E0426824E077} - (no file)
HKCU-Run-iSproggler - c:\program files\iSproggler\iSproggler.exe
HKCU-Run-uTorrent - d:\program files\Utorrent\utorrent.exe
HKLM-Run-LogitechVideoRepair - c:\program files\Logitech\Video\ISStart.exe
HKLM-Explorer_Run-8jAurRpziD - c:\documents and settings\All Users\Application Data\jebeduzs\bmrqbwru.exe
Notify-WgaLogon - (no file)


.
------- Supplementary Scan -------
.
uStart Page = about:blank
uSearchMigratedDefaultURL = 687474703a2f2f7777772e676f6f676c652e636f6d2f
mSearchMigratedDefaultURL = 687474703a2f2f7777772e676f6f676c652e636f6d2f
uInternet Settings,ProxyOverride = *.local
IE: Copy to Semagic
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Semagic
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-30 14:56:19
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(636)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-01-30 15:01:16
ComboFix-quarantined-files.txt 2009-01-30 19:59:57

Pre-Run: 6,964,039,680 bytes free
Post-Run: 10,650,202,112 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

274 --- E O F --- 2008-11-13 08:08:35


heres the latest hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:20:12 PM, on 1/30/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\M-Audio MA_CMIDI\MA_CMIDI_Inst.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Portrait Displays\forteManager\DTHtml.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\tbctray.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Simplify Media\SimplifyMedia.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (file missing)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {598F4775-6FB6-477B-9842-E0426824E077} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [HP Software Update] "D:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [DT LGE] C:\Program Files\Portrait Displays\forteManager\DTHtml.exe -startup_folder
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TraySantaCruz] C:\WINDOWS\system32\tbctray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"
O4 - HKCU\..\Run: [Simplify Media] "C:\Program Files\Simplify Media\SimplifyMedia.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: M-Audio CMIDI Installer (MA_CMIDI_InstallerService) - Unknown owner - C:\Program Files\M-Audio MA_CMIDI\MA_CMIDI_Inst.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP1\RpcAgentSrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 9337 bytes


i'm going to download and run gmer now.
drippykid
Active Member
 
Posts: 10
Joined: January 24th, 2009, 1:09 pm

Re: google results redirected and anti spyware will not run

Unread postby drippykid » January 30th, 2009, 4:57 pm

gmerrk.txt

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2009-01-30 15:51:08
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.14 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xAA354576]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwConnectPort [0xAA54D8D0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateFile [0xAA54A6E0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xAA354432]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreatePort [0xAA54DE90]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateWaitablePort [0xAA54DF80]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteFile [0xAA54AC70]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteKey [0xAA557D10]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xAA354910]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xAA35400A]
SSDT sptd.sys ZwEnumerateKey [0xF7643C7E]
SSDT sptd.sys ZwEnumerateValueKey [0xF7643FF6]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwLoadKey [0xAA558230]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0xAA5582B0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenFile [0xAA54AAD0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xAA35450C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xAA353F4A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xAA353FAE]
SSDT sptd.sys ZwQueryKey [0xF76440C0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xAA35462C]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRenameKey [0xAA558970]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwReplaceKey [0xAA5583D0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRequestWaitReplyPort [0xAA54D4F0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xAA3545EC]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0xAA54AEA0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xAA35476C]

INT 0x01 \SystemRoot\system32\DRIVERS\ati2mtag.sys (ATI Radeon WindowsNT Miniport Driver/ATI Technologies Inc.) F69E44F6
INT 0x03 \SystemRoot\system32\DRIVERS\ati2mtag.sys (ATI Radeon WindowsNT Miniport Driver/ATI Technologies Inc.) F69E459C

---- Kernel code sections - GMER 1.0.14 ----

? C:\WINDOWS\system32\drivers\sptd.sys The process cannot access the file because it is being used by another process.
? C:\WINDOWS\System32\Drivers\SPTD4813.SYS The process cannot access the file because it is being used by another process.
? srescan.sys The system cannot find the file specified. !
.text dtscsi.sys!A0DB34FC6FE35D429A28ADDE5467D4D7 F67484D0 16 Bytes [ 1C, 0A, 8F, 40, DE, A4, 65, ... ]
.text dtscsi.sys!A0DB34FC6FE35D429A28ADDE5467D4D7 + 11 F67484E1 31 Bytes JMP 08B4BBAE
? C:\WINDOWS\System32\Drivers\dtscsi.sys The process cannot access the file because it is being used by another process.

---- User code sections - GMER 1.0.14 ----

.text C:\Program Files\MSN Messenger\MsnMsgr.Exe[3456] kernel32.dll!SetUnhandledExceptionFilter 7C84480D 5 Bytes JMP 004DE392 C:\Program Files\MSN Messenger\MsnMsgr.Exe (Messenger/Microsoft Corporation)

---- Kernel IAT/EAT - GMER 1.0.14 ----

IAT pci.sys[ntoskrnl.exe!IoDetachDevice] [F764CDB2] sptd.sys
IAT pci.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F766271E] sptd.sys
IAT ftdisk.sys[ntoskrnl.exe!IoGetAttachedDeviceReference] [F764D3B2] sptd.sys
IAT ftdisk.sys[ntoskrnl.exe!IoGetDeviceObjectPointer] [F764D2B6] sptd.sys
IAT ftdisk.sys[ntoskrnl.exe!IofCallDriver] [F764D482] sptd.sys
IAT dmio.sys[ntoskrnl.exe!IofCallDriver] [F764D482] sptd.sys
IAT dmio.sys[ntoskrnl.exe!IoGetAttachedDeviceReference] [F764D3B2] sptd.sys
IAT dmio.sys[ntoskrnl.exe!IoGetDeviceObjectPointer] [F764D2B6] sptd.sys
IAT PartMgr.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F7662032] sptd.sys
IAT PartMgr.sys[ntoskrnl.exe!IoDetachDevice] [F764CF6E] sptd.sys
IAT atapi.sys[ntoskrnl.exe!IofCompleteRequest] [F7661C76] sptd.sys
IAT atapi.sys[ntoskrnl.exe!IoConnectInterrupt] [F764CE06] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [F763FA32] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [F763FB6E] sptd.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [F763FAF6] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [F76406CC] sptd.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [F76405A2] sptd.sys
IAT disk.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F7662864] sptd.sys
IAT \WINDOWS\system32\DRIVERS\CLASSPNP.SYS[ntoskrnl.exe!IoDetachDevice] [F7651F78] sptd.sys
IAT \SystemRoot\system32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!IofCompleteRequest] [F7661C76] sptd.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F7661C82] sptd.sys
IAT \SystemRoot\system32\DRIVERS\cdrom.sys[ntoskrnl.exe!IoAttachDeviceToDeviceStack] [F7662864] sptd.sys
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [AA552410] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [AA552220] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [AA552B50] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [AA550780] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [AA550780] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [AA552410] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [AA552220] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [AA552B50] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [AA552410] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [AA552B50] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [AA552220] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [AA550780] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [AA552B50] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [AA552220] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [AA552410] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\System32\drivers\afd.sys[ntoskrnl.exe!IoCreateFile] [AA55A870] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\rdbss.sys[ntoskrnl.exe!IofCallDriver] [F763F020] sptd.sys
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[ntoskrnl.exe!IofCallDriver] [F763F020] sptd.sys
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [AA550780] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [AA552410] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [AA552220] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [AA552B50] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!NtOpenFile] [AA54B3D0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!NtSetInformationFile] [AA54B320] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!IoCreateFile] [AA54B4D0] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!NtCreateFile] [AA54B040] \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

---- User IAT/EAT - GMER 1.0.14 ----

IAT C:\WINDOWS\system32\services.exe[680] @ C:\WINDOWS\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 00380002
IAT C:\WINDOWS\system32\services.exe[680] @ C:\WINDOWS\system32\services.exe [KERNEL32.dll!CreateProcessW] 00380000

---- Devices - GMER 1.0.14 ----

Device \FileSystem\Ntfs \Ntfs 83B8C0E8

AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)

Device \FileSystem\Udfs \UdfsCdRom 83548930
Device \FileSystem\Udfs \UdfsDisk 83548930
Device \Driver\Tcpip \Device\Ip vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\dmio \Device\DmControl\DmIoDaemon 83BD79C0
Device \Driver\dmio \Device\DmControl\DmConfig 83BD79C0
Device \Driver\dmio \Device\DmControl\DmPnP 83BD79C0
Device \Driver\dmio \Device\DmControl\DmInfo 83BD79C0
Device \Driver\Tcpip \Device\Tcp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\Ftdisk \Device\HarddiskVolume1 83BD7C78
Device \Driver\Ftdisk \Device\HarddiskVolume2 83BD7C78
Device \Driver\NetBT \Device\NetBT_Tcpip_{570EC3CF-3368-4683-9926-B8B546DBDA7D} 8355D6E8
Device \Driver\Cdrom \Device\CdRom0 8366E9A0
Device \FileSystem\Rdbss \Device\FsWrap 834B6340
Device \Driver\Cdrom \Device\CdRom1 8366E9A0
Device \Driver\Cdrom \Device\CdRom2 8366E9A0
Device \Driver\Cdrom \Device\CdRom3 8366E9A0
Device \Driver\Cdrom \Device\CdRom4 8366E9A0
Device \Driver\NetBT \Device\NetBt_Wins_Export 8355D6E8
Device \Driver\00000075 \Device\0000004a sptd.sys
Device \Driver\NetBT \Device\NetbiosSmb 8355D6E8
Device \Driver\Tcpip \Device\Udp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\Disk \Device\Harddisk0\DR0 83BD7450
Device \Driver\Tcpip \Device\RawIp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device \Driver\Disk \Device\Harddisk1\DR1 83BD7450
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 839C4670
Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \FileSystem\MRxSmb \Device\LanmanRedirector 839C4670
Device \FileSystem\Npfs \Device\NamedPipe 834890E8
Device \Driver\Ftdisk \Device\FtControl 83BD7C78
Device \FileSystem\Msfs \Device\Mailslot 83519470
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target1Lun0 837395C8
Device \Driver\dtscsi \Device\Scsi\dtscsi1 837395C8
Device \Driver\dtscsi \Device\Scsi\dtscsi1Port3Path0Target0Lun0 837395C8
Device \FileSystem\Cdfs \Cdfs 83499708

---- Registry - GMER 1.0.14 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s0 1443918442
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 135154393
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 928073419
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 D:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x16 0xF8 0x4F 0x74 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x38 0x0C 0x0F 0xE0 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x16 0xBF 0x33 0x1E ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x44 0x64 0x15 0x21 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 D:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x16 0xF8 0x4F 0x74 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001@khjeh 0x38 0x0C 0x0F 0xE0 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40@khjeh 0x16 0xBF 0x33 0x1E ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf41@khjeh 0x44 0x64 0x15 0x21 ...

---- EOF - GMER 1.0.14 ----
drippykid
Active Member
 
Posts: 10
Joined: January 24th, 2009, 1:09 pm

Re: google results redirected and anti spyware will not run

Unread postby drippykid » January 30th, 2009, 4:58 pm

gmerautos.txt

GMER 1.0.14.14536 - http://www.gmer.net
Autostart scan 2009-01-30 15:56:01
Windows 5.1.2600 Service Pack 2


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = C:\WINDOWS\system32\userinit.exe,

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent@DLLName = Ati2evxx.dll

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
Apple Mobile Device@ = "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"
aswUpdSv@ = "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"
Ati HotKey Poller@ = %SystemRoot%\system32\Ati2evxx.exe
ATI Smart@ = C:\WINDOWS\system32\ati2sgag.exe
avast! Antivirus@ = "C:\Program Files\Alwil Software\Avast4\ashServ.exe"
Bonjour Service@ = "C:\Program Files\Bonjour\mDNSResponder.exe"
DTSRVC@ = C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
JavaQuickStarterService@ = "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"
Lavasoft Ad-Aware Service@ = "C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe"
MA_CMIDI_InstallerService@ = C:\Program Files\M-Audio MA_CMIDI\MA_CMIDI_Inst.exe
Pml Driver HPZ12@ = C:\WINDOWS\system32\HPZipm12.exe
vsmon@ = C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@HP Software Update"D:\Program Files\HP\HP Software Update\HPWuSchd2.exe" = "D:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
@AtiPTAatiptaxx.exe = atiptaxx.exe
@NeroFilterCheckC:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe = C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
@SunJavaUpdateSchedC:\Program Files\Java\jre1.5.0_06\bin\jusched.exe = C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
@Zune Launcher"C:\Program Files\Zune\ZuneLauncher.exe" = "C:\Program Files\Zune\ZuneLauncher.exe"
@DT LGEC:\Program Files\Portrait Displays\forteManager\DTHtml.exe -startup_folder /*file not found*/ = C:\Program Files\Portrait Displays\forteManager\DTHtml.exe -startup_folder /*file not found*/
@Adobe Reader Speed Launcher"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" = "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
@iTunesHelper"C:\Program Files\iTunes\iTunesHelper.exe" = "C:\Program Files\iTunes\iTunesHelper.exe"
@QuickTime Task"C:\Program Files\QuickTime\QTTask.exe" -atboottime = "C:\Program Files\QuickTime\QTTask.exe" -atboottime
@Ad-WatchC:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe = C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
@ZoneAlarm Client"C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" = "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
@avast!C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe = C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
@TraySantaCruzC:\WINDOWS\system32\tbctray.exe = C:\WINDOWS\system32\tbctray.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@MsnMsgr"C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background = "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
@AdobeUpdater"C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" = "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"
@Simplify Media"C:\Program Files\Simplify Media\SimplifyMedia.exe" = "C:\Program Files\Simplify Media\SimplifyMedia.exe"
@SpybotSD TeaTimerC:\Program Files\Spybot - Search & Destroy\TeaTimer.exe = C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad@WPDShServiceObj = C:\WINDOWS\system32\WPDShServiceObj.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Display Panning CPL Extension*/deskpan.dll /*file not found*/ = deskpan.dll /*file not found*/
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Previous Versions Property Page*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Previous Versions*/%SystemRoot%\system32\twext.dll = %SystemRoot%\system32\twext.dll
@{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) =
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/%SystemRoot%\system32\extmgr.dll = %SystemRoot%\system32\extmgr.dll
@{BDEADF00-C265-11D0-BCED-00A0C90AB50F} /*Web Folders*/C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
@{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} /*Messenger Sharing Folders*/C:\Program Files\MSN Messenger\fsshext.8.1.0178.00.dll = C:\Program Files\MSN Messenger\fsshext.8.1.0178.00.dll
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Program Files\WinRAR\rarext.dll = C:\Program Files\WinRAR\rarext.dll
@{6DEA92E9-8682-4b6a-97DE-354772FE5727} /*Autodesk DWF Preview*/C:\Program Files\Common Files\Autodesk Shared\Thumbnail\AcDwfThmbPrxy16.dll = C:\Program Files\Common Files\Autodesk Shared\Thumbnail\AcDwfThmbPrxy16.dll
@{36A21736-36C2-4C11-8ACB-D4136F2B57BD} /*AutoCAD Digital Signatures Icon Overlay Handler*/C:\WINDOWS\system32\AcSignIcon.dll = C:\WINDOWS\system32\AcSignIcon.dll
@{AC1DB655-4F9A-4c39-8AD2-A65324A4C446} /*Autodesk Drawing Preview*/C:\Program Files\Common Files\Autodesk Shared\Thumbnail\AcThumbnail16.dll = C:\Program Files\Common Files\Autodesk Shared\Thumbnail\AcThumbnail16.dll
@{00020D75-0000-0000-C000-000000000046} /*Microsoft Office Outlook Desktop Icon Handler*/C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL = C:\PROGRA~1\MICROS~2\OFFICE11\MLSHEXT.DLL
@{0006F045-0000-0000-C000-000000000046} /*Microsoft Office Outlook Custom Icon Handler*/C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL = C:\PROGRA~1\MICROS~2\OFFICE11\OLKFSTUB.DLL
@{42042206-2D85-11D3-8CFF-005004838597} /*Microsoft Office HTML Icon Handler*/C:\Program Files\Microsoft Office\OFFICE11\msohev.dll = C:\Program Files\Microsoft Office\OFFICE11\msohev.dll
@{00020000-0000-1011-8004-0000C06B5161} /*WIBU-SYSTEMS Shell Extension*/C:\Program Files\WIBU-SYSTEMS\System\WibuShellExt.dll = C:\Program Files\WIBU-SYSTEMS\System\WibuShellExt.dll
@{35786D3C-B075-49b9-88DD-029876E11C01} /*Portable Devices*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8} /*Portable Devices Menu*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{e82a2d71-5b2f-43a0-97b8-81be15854de8} /*ShellLink for Application References*/C:\WINDOWS\system32\dfshim.dll = C:\WINDOWS\system32\dfshim.dll
@{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} /*Shell Icon Handler for Application References*/C:\WINDOWS\system32\dfshim.dll = C:\WINDOWS\system32\dfshim.dll
@{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} /*PowerISO*/(null) =
@{45670FA8-ED97-4F44-BC93-305082590BFB} /*Microsoft.XPS.Shell.Metadata.1*/%SystemRoot%\System32\XPSSHHDR.DLL = %SystemRoot%\System32\XPSSHHDR.DLL
@{44121072-A222-48f2-A58A-6D9AD51EBBE9} /*Microsoft.XPS.Shell.Thumbnail.1*/%SystemRoot%\System32\XPSSHHDR.DLL = %SystemRoot%\System32\XPSSHHDR.DLL
@{654D0431-C930-43C4-B8DA-9AA01BA5B486} /*PDI GUI Engine COM Obj*/C:\Program Files\Common Files\Portrait Displays\Shared\HtmlEngine.dll = C:\Program Files\Common Files\Portrait Displays\Shared\HtmlEngine.dll
@{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} /*Microsoft Office Metadata Handler*/C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
@{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} /*Microsoft Office Thumbnail Handler*/C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll = C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
@{5800AD5B-72C1-477B-9A08-CA112DF06D97} /*AutoCAD DWG InfoTip Handler*/C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll = C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll
@{8A0BC933-7552-42E2-A228-3BE055777227} /*AutoCAD DWG Column Handler*/C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll = C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll
@{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} /*iTunes*/C:\Program Files\iTunes\iTunesMiniPlayer.dll = C:\Program Files\iTunes\iTunesMiniPlayer.dll
@{472083B0-C522-11CF-8763-00608CC02F24} /*avast*/C:\Program Files\Alwil Software\Avast4\ashShell.dll = C:\Program Files\Alwil Software\Avast4\ashShell.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\ >>>
AcShellExtension.AcContextMenuHandler@{2E7A2C6C-B938-40a4-BA1C-C7EC982DC202} = C:\Program Files\Common Files\Autodesk Shared\AcShellEx\AcShellExtension.dll
Autodesk.DWF.ContextMenu@{6C18531F-CA85-45F7-8278-FF33CF0A5964} = C:\Program Files\Common Files\Autodesk Shared\dwf Common\DWFShellExtension.dll /*file not found*/
avast@{472083B0-C522-11CF-8763-00608CC02F24} = C:\Program Files\Alwil Software\Avast4\ashShell.dll
LavasoftShellExt@{DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} = C:\Program Files\Lavasoft\Ad-Aware\ShellExt.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers@{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} = C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\ >>>
PowerISO@{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} =
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
avast@{472083B0-C522-11CF-8763-00608CC02F24} = C:\Program Files\Alwil Software\Avast4\ashShell.dll
LavasoftShellExt@{DCE027F7-16A4-4BEE-9BE7-74F80EE3738F} = C:\Program Files\Lavasoft\Ad-Aware\ShellExt.dll
MBAMShlExt@{57CE581A-0CB6-4266-9CA0-19364C90A0B3} = C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll
PowerISO@{967B2D40-8B7D-4127-9049-61EA0C2C6DCE} =
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers@{EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} = C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{02478D38-C3F9-4efb-9B51-7695ECA05670}C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll = C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll = C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
@{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}C:\Program Files\AVG\AVG8\avgssie.dll /*file not found*/ = C:\Program Files\AVG\AVG8\avgssie.dll /*file not found*/
@{53707962-6F74-2D53-2644-206D7942484F}C:\Program Files\Spybot - Search & Destroy\SDHelper.dll = C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
@{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}C:\Program Files\Java\jre6\bin\ssv.dll = C:\Program Files\Java\jre6\bin\ssv.dll
@{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll = C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
@{DBC80044-A445-435b-BC74-9C25C1C588A9}C:\Program Files\Java\jre6\bin\jp2ssv.dll = C:\Program Files\Java\jre6\bin\jp2ssv.dll
@{E7E6F031-17CE-4C07-BC86-EABFE594F69C}C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll = C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
@{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll = C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://go.microsoft.com/fwlink/?LinkId=69157 = http://go.microsoft.com/fwlink/?LinkId=69157
@Start Pagehttp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
@Local Page%SystemRoot%\system32\blank.htm = %SystemRoot%\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pageabout:blank = about:blank
@Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Filter\text/xml@CLSID = C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
its@CLSID = C:\WINDOWS\system32\itss.dll
livecall@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll
ms-its@CLSID = C:\WINDOWS\system32\itss.dll
msnim@CLSID = C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
mso-offdap@CLSID = C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL
mso-offdap11@CLSID = C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll
wia@CLSID = C:\WINDOWS\system32\wiascr.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004@LibraryPath = C:\Program Files\Bonjour\mdnsNSP.dll

C:\Documents and Settings\admin\Start Menu\Programs\Startup = MagicDisc.lnk

C:\Documents and Settings\All Users\Start Menu\Programs\Startup >>>
AutoCAD Startup Accelerator.lnk = AutoCAD Startup Accelerator.lnk
Logitech Desktop Messenger.lnk = Logitech Desktop Messenger.lnk

---- EOF - GMER 1.0.14 ----
drippykid
Active Member
 
Posts: 10
Joined: January 24th, 2009, 1:09 pm

Re: google results redirected and anti spyware will not run

Unread postby Rodav » January 30th, 2009, 8:14 pm

It doesn't seem to have affected combofix having your protection programs programs enabled although try to disable them along with teatimer and adwatch for the next step with combofix.
You should also uninstall J2SE Runtime Environment 5.0 Update 6 via add/remove programs as there are security holes in it tat could be exploited.

Step 1:
1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Folder::
c:\windows\SxsCaPendDel
c:\documents and settings\admin\Application Data\uTorrent
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000000
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"d:\\torrent downloads\\Left.4.Dead.Full-Rip.Skullptura\\Left.4.Dead.Full-Rip.Skullptura\\Left 4 Dead\\left4dead.exe"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
[-HKEY_CLASSES_ROOT\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{598F4775-6FB6-477B-9842-E0426824E077}]
[-HKEY_CLASSES_ROOT\CLSID\{598F4775-6FB6-477B-9842-E0426824E077}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]
[-HKEY_CLASSES_ROOT\CLSID\{7E853D72-626A-48EC-A868-BA8D5E23E045}]


Save this as "CFScript.txt", and as Type: All Files (*.*) in the same location as ComboFix.exe


Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.


Step 2:
Run Eset NOD32 Online AntiVirus
http://www.eset.eu/online-scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Disable your current Antivirus software. You can usually do this with its Notfication Tray icon near the clock.
  • Click Start
  • Make sure that the option "Remove found threats" is Un-checked, and the option "Scan unwanted applications" is checked
  • Click Scan
  • Wait for the scan to finish
  • Re-enable your Anvirisus software.
  • A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post along with the combofix report and a new HijackThis log. Also let me know how your computer is running.


Just to let you know I won't be near a computer for the next couple of days but post the logs that I asked for and/or any questions you have and I'll check back as soon as possible. We should only have a bit to do left.
User avatar
Rodav
MRU Master Emeritus
 
Posts: 1480
Joined: April 19th, 2007, 6:44 am
Location: Here, there and yonder.

Re: google results redirected and anti spyware will not run

Unread postby drippykid » February 2nd, 2009, 4:08 am

combo fix

ComboFix 09-02-01.01 - admin 2009-02-01 23:27:18.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.767.341 [GMT -5:00]
Running from: d:\downloads\ComboFix.exe
Command switches used :: d:\downloads\CFScript.txt
AV: avast! antivirus 4.8.1296 [VPS 090201-0] *On-access scanning disabled* (Updated)
FW: ZoneAlarm Firewall *disabled*
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\documents and settings\admin\Application Data\uTorrent
c:\documents and settings\admin\Application Data\uTorrent\[a4e]Steamboy[h.264].torrent
c:\documents and settings\admin\Application Data\uTorrent\[PC GAMES] GTA-Grand Theft Auto- Vice City- Full Version.zip.torrent
c:\documents and settings\admin\Application Data\uTorrent\[PC Games] GTA 3 - Grand Theft Auto III PC RIP (work PERFECLY).zip.torrent
c:\documents and settings\admin\Application Data\uTorrent\11.09.06.Medieval.2.Total.War-RELOADED.torrent
c:\documents and settings\admin\Application Data\uTorrent\30 Rock S02E09 HDTV XviD-LOL_[www.MusicFilmsDownloads.Net].torrent
c:\documents and settings\admin\Application Data\uTorrent\30 Rock Season 2.torrent
c:\documents and settings\admin\Application Data\uTorrent\30 Rock.torrent
c:\documents and settings\admin\Application Data\uTorrent\30.Rock.S01E16.HDTV.XViD-NoTV.avi.torrent
c:\documents and settings\admin\Application Data\uTorrent\30.Rock.S01E18.HDTV.XviD-LOL.torrent
c:\documents and settings\admin\Application Data\uTorrent\30.rock.s01e19.hdtv.xvid-xor.torrent
c:\documents and settings\admin\Application Data\uTorrent\30.Rock.S01E20.HDTV.XviD-XOR.torrent
c:\documents and settings\admin\Application Data\uTorrent\30.Rock.S01E21.HDTV.XviD-LOL.avi.torrent
c:\documents and settings\admin\Application Data\uTorrent\30.Rock.S02E01.HDTV.XviD-XOR.avi.torrent
c:\documents and settings\admin\Application Data\uTorrent\30.Rock.S02E02.HDTV.XviD-XOR.avi.torrent
c:\documents and settings\admin\Application Data\uTorrent\30.Rock.S02E03.HDTV.XviD-XOR.avi.torrent
c:\documents and settings\admin\Application Data\uTorrent\30.Rock.S02E04.HDTV.XviD-XOR.avi.torrent
c:\documents and settings\admin\Application Data\uTorrent\30.Rock.S02E05.HDTV.XviD-XOR.avi.torrent
c:\documents and settings\admin\Application Data\uTorrent\30.Rock.S02E06.HDTV.XviD-XOR.avi.torrent
c:\documents and settings\admin\Application Data\uTorrent\30.Rock.S02E07.HDTV.XviD-LOL.avi.torrent
c:\documents and settings\admin\Application Data\uTorrent\30.Rock.S02E08.HDTV.XviD-XOR.avi.torrent
c:\documents and settings\admin\Application Data\uTorrent\30.Rock.S02E09.HDTV.XviD-LOL.avi.torrent
c:\documents and settings\admin\Application Data\uTorrent\30.Rock.S02E09.HDTV.XviD-LOL.torrent
c:\documents and settings\admin\Application Data\uTorrent\30.Rock.S02E10.HDTV.XviD-LOL.avi.torrent
c:\documents and settings\admin\Application Data\uTorrent\30.Rock.S03E01.HDTV.XviD-LOL.avi.torrent
c:\documents and settings\admin\Application Data\uTorrent\798 US and Euro only ENGLISH SNES Roms.torrent
c:\documents and settings\admin\Application Data\uTorrent\A.Day.Without.a.Mexican.LiMiTED.DVDRip.XViD-ALLiANCE.torrent
c:\documents and settings\admin\Application Data\uTorrent\Adobe Illustrator CS3.torrent
c:\documents and settings\admin\Application Data\uTorrent\An Inconvenient Truth (2006) DVD-rip.divx.avi.torrent
c:\documents and settings\admin\Application Data\uTorrent\Aqua.Teen.Hunger.Force.Colon.Movie.Film.For.Theaters.2007.DVDSCR.XviD-FLAiTE.torrent
c:\documents and settings\admin\Application Data\uTorrent\AutoCad 2007.1.torrent
c:\documents and settings\admin\Application Data\uTorrent\AutoCAD 2008(x86-x64)+Crack.torrent
c:\documents and settings\admin\Application Data\uTorrent\Autocad 2009.torrent
c:\documents and settings\admin\Application Data\uTorrent\Autocad.2007.Crack-included.torrent
c:\documents and settings\admin\Application Data\uTorrent\Autodesk AutoCAD 2008 Full Version Incl Keygen.torrent
c:\documents and settings\admin\Application Data\uTorrent\AVG Professional 7.5 Incl Keygen.rar.torrent
c:\documents and settings\admin\Application Data\uTorrent\aXXo.torrent
c:\documents and settings\admin\Application Data\uTorrent\Brothers Of The Head 2006 SAPHiRE LIMITED DVDRiP KvCD Jamgood(TUS Release).torrent
c:\documents and settings\admin\Application Data\uTorrent\Cannibal holocaust.torrent
c:\documents and settings\admin\Application Data\uTorrent\Casino.torrent
c:\documents and settings\admin\Application Data\uTorrent\Children.Of.Men[2006]DvDrip[Eng]-aXXo.1.torrent
c:\documents and settings\admin\Application Data\uTorrent\Children.Of.Men[2006]DvDrip[Eng]-aXXo.torrent
c:\documents and settings\admin\Application Data\uTorrent\Chloe_des_Lysses.rar.torrent
c:\documents and settings\admin\Application Data\uTorrent\Company.of.Heroes.torrent
c:\documents and settings\admin\Application Data\uTorrent\Cool Edit Pro 2.1 with Crack.zip.torrent
c:\documents and settings\admin\Application Data\uTorrent\Crazy Dave Tape 2 [Videomixtape].avi.torrent
c:\documents and settings\admin\Application Data\uTorrent\Crysis.Warhead.MULTi10.CLONEDVD-iMMXpC.torrent
c:\documents and settings\admin\Application Data\uTorrent\Crystal Castles.torrent
c:\documents and settings\admin\Application Data\uTorrent\Daft Punk - Alive 2007.torrent
c:\documents and settings\admin\Application Data\uTorrent\Dead Presidents (1995) [ENG] [DVDrip].torrent
c:\documents and settings\admin\Application Data\uTorrent\dht.dat
c:\documents and settings\admin\Application Data\uTorrent\dht.dat.old
c:\documents and settings\admin\Application Data\uTorrent\Diskeeper 2008 Pro Premier.torrent
c:\documents and settings\admin\Application Data\uTorrent\Diskeeper PRO PREMIER 2008 12.0.770(NEW-with licence!!!).torrent
c:\documents and settings\admin\Application Data\uTorrent\DVB&B.MR_BiG.avi.torrent
c:\documents and settings\admin\Application Data\uTorrent\Eccentric Soul.torrent
c:\documents and settings\admin\Application Data\uTorrent\Electrelane - No Shouts No Calls [2007].torrent
c:\documents and settings\admin\Application Data\uTorrent\Extras - Series 1.torrent
c:\documents and settings\admin\Application Data\uTorrent\Fallout 2.torrent
c:\documents and settings\admin\Application Data\uTorrent\Fallout.3-RELOADED.torrent
c:\documents and settings\admin\Application Data\uTorrent\Faster Pussycat! Kill! Kill!- 1965 - Russ Meyer.avi.torrent
c:\documents and settings\admin\Application Data\uTorrent\Fog of War - Eleven Lessons from the Life of Robert S McNamara (XviDVD).avi.torrent
c:\documents and settings\admin\Application Data\uTorrent\Frisky Dingo Season 1.torrent
c:\documents and settings\admin\Application Data\uTorrent\Frisky.Dingo.S02E01.DSRip.XviD-aAF.torrent
c:\documents and settings\admin\Application Data\uTorrent\Frisky.Dingo.S02E02.DSRip.XviD-aAF.avi.torrent
c:\documents and settings\admin\Application Data\uTorrent\Frisky.Dingo.S02E03.DSRip.XviD-aAF.avi.torrent
c:\documents and settings\admin\Application Data\uTorrent\Frisky.Dingo.S02E04.DSR.XviD-OMiCRON.avi.torrent
c:\documents and settings\admin\Application Data\uTorrent\Frisky.Dingo.S02E05.DSR.XviD-OMiCRON.avi.torrent
c:\documents and settings\admin\Application Data\uTorrent\Frisky.Dingo.S02E06.DSR.XViD-SYS.avi.torrent
c:\documents and settings\admin\Application Data\uTorrent\Frisky.Dingo.S02E07.DSR.XViD-SYS.avi.torrent
c:\documents and settings\admin\Application Data\uTorrent\Frisky.Dingo.S02E08.DSR.XViD-aAF.avi.torrent
c:\documents and settings\admin\Application Data\uTorrent\Frisky.Dingo.S02E09.DSRip.XViD-aAF.avi.torrent
c:\documents and settings\admin\Application Data\uTorrent\Fruity Loops Studio 6.0 Producer Edition 2005 + KEY.torrent
c:\documents and settings\admin\Application Data\uTorrent\Fruity Loops Studio 8.0 Full Producers Edition.torrent
c:\documents and settings\admin\Application Data\uTorrent\Fruity Loops.rar.torrent
c:\documents and settings\admin\Application Data\uTorrent\GBA Roms 2301-2500.torrent
c:\documents and settings\admin\Application Data\uTorrent\GForce.The.Oddity.VSTi.RTAS.v1.15.incl.Keygen-AiR.rar.torrent
c:\documents and settings\admin\Application Data\uTorrent\gmod_9_0_4.exe.torrent
c:\documents and settings\admin\Application Data\uTorrent\Gone with the wind.torrent
c:\documents and settings\admin\Application Data\uTorrent\Grand Theft Auto III.torrent
c:\documents and settings\admin\Application Data\uTorrent\Grindhouse 2007 TS XviD-Chr0mE.avi.torrent
c:\documents and settings\admin\Application Data\uTorrent\Grindhouse.PROPER.TS.XViD-mVs.[www.torrentfive.com].torrent
c:\documents and settings\admin\Application Data\uTorrent\GTA Vice City.torrent
c:\documents and settings\admin\Application Data\uTorrent\Guitar Pro 5.torrent
c:\documents and settings\admin\Application Data\uTorrent\Half.Life.2.Episode.Two-Unleashed.torrent
c:\documents and settings\admin\Application Data\uTorrent\Harvey Birdman, Seasons 1, 2, 3, and 4.torrent
c:\documents and settings\admin\Application Data\uTorrent\Helvetica.mp4.torrent
c:\documents and settings\admin\Application Data\uTorrent\HL2GarrysMod.torrent
c:\documents and settings\admin\Application Data\uTorrent\Hope Floats -BO.avi.torrent
c:\documents and settings\admin\Application Data\uTorrent\Huff - Season 1 - Complete & Episode Guide.torrent
c:\documents and settings\admin\Application Data\uTorrent\I'm Not There.2007.English.TS.DivX.JN.torrent
c:\documents and settings\admin\Application Data\uTorrent\Imagenomic.torrent
c:\documents and settings\admin\Application Data\uTorrent\Kavinsky.torrent
c:\documents and settings\admin\Application Data\uTorrent\Ladies.And.Gentlemen.The.Fabulous.Stains.1981.DVDRip.XviD-FRAGMENT.torrent
c:\documents and settings\admin\Application Data\uTorrent\Ladytron-Velocifero (2008) [Mp3][www.zonatorrent.com].torrent
c:\documents and settings\admin\Application Data\uTorrent\Left.4.Dead.Full-Rip.Skullptura.torrent
c:\documents and settings\admin\Application Data\uTorrent\Leningrad-Cowboys-Go-America-kaurismaki-divx-multisub-.torrent
c:\documents and settings\admin\Application Data\uTorrent\Lucas Arts Adventures - Mega Pack!.1.torrent
c:\documents and settings\admin\Application Data\uTorrent\Lucas Arts Adventures - Mega Pack!.2.torrent
c:\documents and settings\admin\Application Data\uTorrent\Lucas Arts Adventures - Mega Pack!.torrent
c:\documents and settings\admin\Application Data\uTorrent\Maakies (1st TPB - 1994-2000).cbz.torrent
c:\documents and settings\admin\Application Data\uTorrent\MF DOOM.torrent
c:\documents and settings\admin\Application Data\uTorrent\Native.Instruments.FM8.v1.0.1.002.VSTi.DXi.RTAS-AMPLiFY.torrent
c:\documents and settings\admin\Application Data\uTorrent\Night.At.The.Museum[2006]DvDrip[Eng]-aXXo.torrent
c:\documents and settings\admin\Application Data\uTorrent\P.G. Wodehouse - Aunts Aren't Gentlemen.torrent
c:\documents and settings\admin\Application Data\uTorrent\P.G. Wodehouse - Carry On, Jeeves (Jonathan Cecil).torrent
c:\documents and settings\admin\Application Data\uTorrent\P.G. Wodehouse - How Right You Are, Jeeves (aka 'Jeeves in the Offing').torrent
c:\documents and settings\admin\Application Data\uTorrent\P.G. Wodehouse - Jeeves and the Feudal Spirit.torrent
c:\documents and settings\admin\Application Data\uTorrent\P.G. Wodehouse - Much Obliged, Jeeves.torrent
c:\documents and settings\admin\Application Data\uTorrent\P.G. Wodehouse - My Man Jeeves.torrent
c:\documents and settings\admin\Application Data\uTorrent\P.G. Wodehouse - The Clicking of Cuthbert.torrent
c:\documents and settings\admin\Application Data\uTorrent\P.G. Wodehouse - The Code of the Woosters, Jeeves to the Rescue.torrent
c:\documents and settings\admin\Application Data\uTorrent\P.G. Wodehouse - Very Good, Jeeves.torrent
c:\documents and settings\admin\Application Data\uTorrent\Palestine.torrent
c:\documents and settings\admin\Application Data\uTorrent\Pan's.Labyrinth[2006]DvDrip[Eng.Sub]-aXXo.torrent
c:\documents and settings\admin\Application Data\uTorrent\Partition Magic v8.0.torrent
c:\documents and settings\admin\Application Data\uTorrent\Password Recovery Tools and Guide.torrent
c:\documents and settings\admin\Application Data\uTorrent\Persepolis_DVD_rip_ENG_SUBS.torrent
c:\documents and settings\admin\Application Data\uTorrent\Pink Flamingos (1972)vost_fr.mov.torrent
c:\documents and settings\admin\Application Data\uTorrent\Pitchfork Presents the 100 Best Tracks of 2008.torrent
c:\documents and settings\admin\Application Data\uTorrent\Pitchfork top 100 of the 70's pack 1.torrent
c:\documents and settings\admin\Application Data\uTorrent\Portal-Unleashed.torrent
c:\documents and settings\admin\Application Data\uTorrent\PowerISO.3.8.torrent
c:\documents and settings\admin\Application Data\uTorrent\PowerISO_3_8.torrent
c:\documents and settings\admin\Application Data\uTorrent\Pride And Prejudice [UK].torrent
c:\documents and settings\admin\Application Data\uTorrent\Propellerhead - Reason Refill - Bass Legends Vol1.rfl.torrent
c:\documents and settings\admin\Application Data\uTorrent\PropellerHeadReason4.0.torrent
c:\documents and settings\admin\Application Data\uTorrent\Propellerheads.Abbey.Road.Keyboards.Refill.DVDR.D1-AiRISO.torrent
c:\documents and settings\admin\Application Data\uTorrent\RE4.torrent
c:\documents and settings\admin\Application Data\uTorrent\Reason 3.0 + Serial.torrent
c:\documents and settings\admin\Application Data\uTorrent\Reason 4.01 Upgrade.exe.torrent
c:\documents and settings\admin\Application Data\uTorrent\reason drum kits 2.0.rar.torrent
c:\documents and settings\admin\Application Data\uTorrent\reason electric bass-part-2.torrent
c:\documents and settings\admin\Application Data\uTorrent\Reason Electric Bass Samples 1 -16.rfl.torrent
c:\documents and settings\admin\Application Data\uTorrent\refills.torrent
c:\documents and settings\admin\Application Data\uTorrent\resume.dat
c:\documents and settings\admin\Application Data\uTorrent\resume.dat.old
c:\documents and settings\admin\Application Data\uTorrent\Retard-O-Tron.Video.Mixtape.Part.II.2008.DVDRip.Xvid-ViDEOCULT.torrent
c:\documents and settings\admin\Application Data\uTorrent\Retard.O.Tron.VideoMixTape.2006.XVID.DVDrip.PiMPRiPPaZ.avi.torrent
c:\documents and settings\admin\Application Data\uTorrent\rld-fou3.7z.torrent
c:\documents and settings\admin\Application Data\uTorrent\rss.dat
c:\documents and settings\admin\Application Data\uTorrent\rss.dat.old
c:\documents and settings\admin\Application Data\uTorrent\S.torrent
c:\documents and settings\admin\Application Data\uTorrent\season.02.torrent
c:\documents and settings\admin\Application Data\uTorrent\settings.dat
c:\documents and settings\admin\Application Data\uTorrent\settings.dat.old
c:\documents and settings\admin\Application Data\uTorrent\slax-killbill-5.1.8.1.iso.torrent
c:\documents and settings\admin\Application Data\uTorrent\slax-popcorn-5.1.8.iso.torrent
c:\documents and settings\admin\Application Data\uTorrent\Sony - Sound Forge v8.0d incl keygen.torrent
c:\documents and settings\admin\Application Data\uTorrent\Sony Sound Forge 9.0e Build 441.torrent
c:\documents and settings\admin\Application Data\uTorrent\Spaced.Series.1&2.Complete.DVDRip.KvCD-aNaRcHi.torrent
c:\documents and settings\admin\Application Data\uTorrent\SpeedUpMyPC 2009 4.0.torrent
c:\documents and settings\admin\Application Data\uTorrent\STAR WARS EPISODE 1 THE PHANTOM EDIT.torrent
c:\documents and settings\admin\Application Data\uTorrent\Star Wars V The Empire Strikes Back Original Version.torrent
c:\documents and settings\admin\Application Data\uTorrent\Steam GarryMod (new Version).torrent
c:\documents and settings\admin\Application Data\uTorrent\Steinberg.Cubase.SX.v3.1.1.944-H2O.rar.torrent
c:\documents and settings\admin\Application Data\uTorrent\Stranger.Than.Fiction[2006]DvDrip[Eng]-aXXo.torrent
c:\documents and settings\admin\Application Data\uTorrent\Subway.dvdrip.french.by Darck.xvid.torrent
c:\documents and settings\admin\Application Data\uTorrent\SXSW_2007_Showcasing_Artists-Release_1.torrent
c:\documents and settings\admin\Application Data\uTorrent\Terminator.1.sniffer (1984, Xvid).avi.torrent
c:\documents and settings\admin\Application Data\uTorrent\The 100 Greatest Comics.torrent
c:\documents and settings\admin\Application Data\uTorrent\The Big Lebowski (Ipod).mp4.torrent
c:\documents and settings\admin\Application Data\uTorrent\The Pitchfork 500.torrent
c:\documents and settings\admin\Application Data\uTorrent\The Venture Brothers-S03E01-Shadowman9 In The Cradle Of_ITAL.avi.torrent
c:\documents and settings\admin\Application Data\uTorrent\The Walking Dead 050 (2008) ( both covers) (Minutemen-ReZone) .cbr.torrent
c:\documents and settings\admin\Application Data\uTorrent\The Walking Dead 052 (2008) (Minutemen-ReZone).cbr.torrent
c:\documents and settings\admin\Application Data\uTorrent\The Walking Dead 1 - 49.torrent
c:\documents and settings\admin\Application Data\uTorrent\The Walking Dead 37 (2007) (Minutemen-The Saint).cbr.torrent
c:\documents and settings\admin\Application Data\uTorrent\The Walking Dead.rar.torrent
c:\documents and settings\admin\Application Data\uTorrent\The Walking Dead.torrent
c:\documents and settings\admin\Application Data\uTorrent\The.Diving.Bell.and.the.Butterfly.2007.DVDRip.Xvid.torrent
c:\documents and settings\admin\Application Data\uTorrent\The.IT.Crowd.S01E02.avi.torrent
c:\documents and settings\admin\Application Data\uTorrent\The.IT.Crowd.S01E03.avi.torrent
c:\documents and settings\admin\Application Data\uTorrent\The.IT.Crowd.S01E04.avi.torrent
c:\documents and settings\admin\Application Data\uTorrent\The.Last.King.of.Scotland.DVDRiP[2007]-TRiCKY.torrent
c:\documents and settings\admin\Application Data\uTorrent\The.Tin.Drum-1979-Volker.Schlöndorff-ENG.SUBS.torrent
c:\documents and settings\admin\Application Data\uTorrent\The.Venture.Brothers.S03E07.WS.DSRip.XviD-aAF.avi.torrent
c:\documents and settings\admin\Application Data\uTorrent\The.Venture.Brothers.S03E08.WS.DSRip.XviD-aAF.avi.torrent
c:\documents and settings\admin\Application Data\uTorrent\The.Venture.Brothers.s03e09.XviD.torrent
c:\documents and settings\admin\Application Data\uTorrent\The.Venture.Brothers.S03E10.WS.DSRip.XviD-aAF.avi.torrent
c:\documents and settings\admin\Application Data\uTorrent\The.Venture.Brothers.S03E11.WS.PDTV.XviD-aAF.avi.torrent
c:\documents and settings\admin\Application Data\uTorrent\The.Venture.Brothers.S03E12.WS.PDTV.XviD-aAF.avi.torrent
c:\documents and settings\admin\Application Data\uTorrent\The.Venture.Brothers.S03E13.WS.PDTV.XviD-aAF.avi.torrent
c:\documents and settings\admin\Application Data\uTorrent\There Will Be Blood.avi.torrent
c:\documents and settings\admin\Application Data\uTorrent\This_Film_Not_Yet_Rated.avi.torrent
c:\documents and settings\admin\Application Data\uTorrent\Time.Trumpet.S01E06.WS.PDTV.XviD-RiVER.torrent
c:\documents and settings\admin\Application Data\uTorrent\Top 100 albums 70-79 Pitchfork pack 3 of 3 [MP3 Variable].torrent
c:\documents and settings\admin\Application Data\uTorrent\Top 100 albums 70-79 Pitchforkmedia.torrent
c:\documents and settings\admin\Application Data\uTorrent\Top 100 albums 80-89 Pitchforkmedia pack 1.torrent
c:\documents and settings\admin\Application Data\uTorrent\Top 100 albums 80-89 Pitchforkmedia pack 2.torrent
c:\documents and settings\admin\Application Data\uTorrent\Top 100 albums 80-89 Pitchforkmedia pack 3.torrent
c:\documents and settings\admin\Application Data\uTorrent\Top 100 albums 80 Pitchforkmedia.torrent
c:\documents and settings\admin\Application Data\uTorrent\Top 100 albums 90 Pitchforkmedia.torrent
c:\documents and settings\admin\Application Data\uTorrent\Top Ranking.torrent
c:\documents and settings\admin\Application Data\uTorrent\utorrent.lng
c:\documents and settings\admin\Application Data\uTorrent\VAZ Modular 2.0 Polyphonic Synthesizer Portable.exe.torrent
c:\documents and settings\admin\Application Data\uTorrent\Venture Brothers Season 3.torrent
c:\documents and settings\admin\Application Data\uTorrent\VideoDrome.divx.torrent
c:\documents and settings\admin\Application Data\uTorrent\Videodrome.torrent
c:\documents and settings\admin\Application Data\uTorrent\Walking Dead 053 (2008) (The Racers-DCP).cbr.1.torrent
c:\documents and settings\admin\Application Data\uTorrent\Walking Dead 053 (2008) (The Racers-DCP).cbr.torrent
c:\documents and settings\admin\Application Data\uTorrent\Who.Killed.The.Electric.Car.LiMiTED.DVDRip.XviD-LMG[www.moviex.info].torrent
c:\documents and settings\admin\Application Data\uTorrent\Wonder.Showzen.XviD.torrent
c:\documents and settings\admin\Application Data\uTorrent\www.torrent.to...Butcher Boy - Der Schlächterbursche.German.DVDRIP.XviD.torrent
c:\windows\SxsCaPendDel

.
((((((((((((((((((((((((( Files Created from 2009-01-02 to 2009-02-02 )))))))))))))))))))))))))))))))
.

2009-01-30 15:28 . 2009-01-30 15:29 <DIR> d-------- C:\hiding
2009-01-30 15:27 . 2009-01-30 15:27 747,873 --a------ C:\hiding.zip
2009-01-28 22:34 . 2009-01-28 22:34 <DIR> d-------- c:\documents and settings\Administrator
2009-01-28 19:47 . 2009-01-28 19:47 <DIR> d-------- c:\program files\Alwil Software
2009-01-28 14:15 . 2009-01-28 14:15 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-28 14:15 . 2009-01-14 16:11 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-28 14:15 . 2009-01-14 16:11 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-28 13:36 . 2009-01-28 13:36 5,566 --a------ c:\windows\system32\uacinit.dll
2009-01-26 16:58 . 2009-01-26 16:58 <DIR> d-------- c:\documents and settings\All Users\Application Data\Last.fm
2009-01-26 16:57 . 2009-01-26 16:58 <DIR> d-------- c:\program files\Last.fm
2009-01-26 16:02 . 2009-01-26 16:04 <DIR> d-------- c:\program files\SpywareBlaster
2009-01-26 15:20 . 2009-01-26 15:20 <DIR> d-------- c:\windows\system32\ZoneLabs
2009-01-26 15:20 . 2009-01-26 15:20 <DIR> d-------- c:\program files\Zone Labs
2009-01-26 15:20 . 2008-11-13 15:18 1,221,008 --a------ c:\windows\system32\zpeng25.dll
2009-01-26 15:20 . 2009-02-01 23:09 348,371 --a------ c:\windows\system32\vsconfig.xml
2009-01-26 15:20 . 2009-01-26 15:20 4,212 --ah----- c:\windows\system32\zllictbl.dat
2009-01-26 15:15 . 2009-02-01 23:23 <DIR> d-------- c:\windows\Internet Logs
2009-01-24 22:59 . 2009-01-24 22:59 24,384 --a------ c:\windows\system32\AAWService_2009_01_24_22_59_28.dmp
2009-01-24 22:57 . 2009-01-24 20:27 15,688 --a------ c:\windows\system32\lsdelete.exe
2009-01-24 20:27 . 2009-01-24 20:27 64,160 --a------ c:\windows\system32\drivers\Lbd.sys
2009-01-24 20:25 . 2009-01-24 20:25 <DIR> d-------- c:\program files\Lavasoft
2009-01-24 20:25 . 2009-01-24 20:27 <DIR> d-------- c:\documents and settings\All Users\Application Data\Lavasoft
2009-01-24 20:10 . 2009-01-24 20:26 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-01-24 11:29 . 2009-01-24 11:29 <DIR> d-------- c:\program files\Trend Micro
2009-01-24 11:06 . 2009-01-24 11:06 <DIR> d-------- c:\windows\system32\NtmsData
2009-01-23 19:39 . 2009-01-24 21:03 <DIR> d-------- c:\documents and settings\admin\Application Data\Imagenomic
2009-01-23 19:30 . 2009-01-23 19:31 <DIR> d-------- c:\program files\Imagenomic
2009-01-23 16:54 . 2009-01-23 16:54 <DIR> d-------- c:\program files\Uniblue
2009-01-23 16:54 . 2009-01-23 16:54 <DIR> d-------- c:\documents and settings\admin\Application Data\uniblue
2009-01-23 16:53 . 2009-01-23 16:54 <DIR> d--h-c--- c:\documents and settings\All Users\Application Data\{D994735B-8DC6-4AEE-B720-704A4EC0402E}
2009-01-23 16:23 . 2009-01-23 16:32 <DIR> d-------- C:\#AutoPatcher_Temp#
2009-01-23 15:50 . 2007-07-10 14:27 212,240 --a------ c:\windows\system32\RICHTX32.OCX
2009-01-23 15:50 . 2007-07-10 14:27 40,960 --a------ c:\windows\system32\SSUBTMR6.DLL
2009-01-23 15:32 . 2004-09-03 00:00 124,688 --a------ c:\windows\system32\MSWINSCK.OCX
2009-01-23 15:32 . 2007-10-07 11:27 10,752 --a------ c:\windows\system32\aamd532.dll
2009-01-23 15:22 . 2009-01-23 15:22 <DIR> dr-h----- C:\AHCache
2009-01-23 13:59 . 2009-01-28 19:45 81,984 --a------ c:\windows\system32\bdod.bin
2009-01-23 13:55 . 2009-01-28 19:45 <DIR> d-------- c:\documents and settings\All Users\Application Data\BitDefender
2009-01-23 13:54 . 2009-01-23 13:56 <DIR> d-------- c:\program files\Common Files\Softwin
2009-01-23 11:20 . 2009-01-28 17:47 <DIR> d--hs---- c:\windows\system32\twain32
2009-01-21 13:21 . 2009-01-21 13:20 102,664 --a------ c:\windows\system32\drivers\tmcomm.sys
2009-01-21 13:20 . 2009-01-21 15:11 <DIR> d-------- c:\documents and settings\admin\.housecall6.6
2009-01-21 10:59 . 2009-01-21 10:59 <DIR> d-------- c:\program files\Simplify Media
2009-01-11 12:44 . 2009-01-11 12:44 <DIR> d-------- c:\program files\Bonjour
2009-01-11 12:43 . 2009-01-11 12:43 <DIR> d-------- c:\program files\iPod
2009-01-11 12:42 . 2009-01-11 12:43 <DIR> d-------- c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-01-04 02:35 . 2009-01-04 02:35 <DIR> d-------- c:\documents and settings\admin\Application Data\Thinstall
2009-01-03 17:08 . 1999-12-17 10:13 86,016 --a------ c:\windows\unvise32.exe
2009-01-03 13:09 . 2009-01-03 13:09 <DIR> d-------- c:\program files\M-Audio
2009-01-03 13:09 . 2009-01-03 13:09 <DIR> d-------- c:\documents and settings\All Users\Application Data\InstallShield
2009-01-03 13:09 . 2005-08-11 15:29 73,728 --a------ c:\windows\system32\ISUSPM.cpl
2009-01-02 12:35 . 2009-01-02 12:35 <DIR> d-------- c:\documents and settings\All Users\Application Data\Ableton
2009-01-02 12:35 . 2009-01-02 13:34 <DIR> d-------- c:\documents and settings\admin\Application Data\Ableton
2009-01-02 12:27 . 2009-01-02 12:27 <DIR> d-------- c:\windows\system32\INF
2009-01-02 12:27 . 2005-06-14 13:44 85,504 --a------ c:\windows\system32\ma_cmidn.dll
2009-01-02 12:27 . 2005-06-14 13:44 21,888 --a------ c:\windows\system32\drivers\ma_cmidi.sys
2009-01-02 12:27 . 2005-06-14 13:44 17,920 --a------ c:\windows\system32\MA_CMIDI.DLL
2009-01-02 12:27 . 2005-06-14 13:44 14,176 --a------ c:\windows\system32\MA_CMIDI.DRV
2009-01-02 12:27 . 2005-06-14 13:44 7,282 --a------ c:\windows\system32\MA_CMIDI.VXD
2009-01-02 12:26 . 2009-01-02 12:27 <DIR> d-------- c:\program files\M-Audio MA_CMIDI

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-02 03:52 --------- d-----w c:\program files\Java
2009-01-30 06:16 1,352,704 ----a-w c:\windows\Internet Logs\xDB1.tmp
2009-01-29 01:21 --------- d-----w c:\program files\BellCanada
2009-01-26 22:50 --------- d-----w c:\program files\Soulseek
2009-01-26 21:50 --------- d-----w c:\program files\iTunes
2009-01-26 21:50 --------- d-----w c:\program files\iSproggler
2009-01-26 20:56 --------- d-----w c:\documents and settings\admin\Application Data\iSproggler
2009-01-25 00:07 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-01-24 19:49 --------- d-----w c:\program files\Spybot - Search & Destroy
2009-01-24 05:56 --------- d-----w c:\program files\Semagic
2009-01-24 05:55 --------- d-----w c:\program files\LochJournal
2009-01-24 05:55 --------- d-----w c:\program files\LJ.NET
2009-01-11 18:34 --------- d-----w c:\program files\QuickTime
2009-01-11 18:27 --------- d--h--w c:\program files\InstallShield Installation Information
2009-01-11 18:24 --------- d-----w c:\program files\Electronic Arts
2009-01-11 18:23 --------- d-----w c:\program files\Yahoo!
2009-01-11 18:22 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo!
2009-01-11 17:37 --------- d-----w c:\program files\Common Files\Apple
2009-01-04 07:31 --------- d-----w c:\program files\ASIO4ALL v2
2009-01-03 22:07 --------- d-----w c:\program files\VSTplugins
2009-01-03 18:09 --------- d-----w c:\program files\Common Files\InstallShield
2008-12-30 02:44 --------- d-----w c:\documents and settings\All Users\Application Data\avg8
2008-12-22 01:40 --------- d-----w c:\documents and settings\admin\Application Data\Image Zone Express
2008-12-17 21:14 233,472 ----a-w c:\windows\system32\REX Shared Library.dll
2008-12-13 14:28 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo! Companion
2008-12-13 04:46 --------- d-----w c:\documents and settings\admin\Application Data\Yahoo!
2008-12-12 16:18 87,336 ----a-w c:\windows\system32\dns-sd.exe
2008-12-12 16:11 61,440 ----a-w c:\windows\system32\dnssd.dll
2008-12-11 10:24 333,184 ----a-w c:\windows\system32\drivers\srv.sys
2008-12-06 23:43 --------- d-----w c:\program files\Virtual Earth 3D
2008-12-04 23:32 --------- d-----w c:\documents and settings\All Users\Application Data\AVS4YOU
2008-12-04 23:32 --------- d-----w c:\documents and settings\admin\Application Data\AVS4YOU
2008-12-04 23:30 --------- d-----w c:\program files\Common Files\AVSMedia
2008-12-04 23:30 --------- d-----w c:\program files\AVS4YOU
2008-12-04 16:57 410,984 ----a-w c:\windows\system32\deploytk.dll
2008-11-30 07:00 52,736 ----a-w c:\windows\ipuninst.exe
2008-11-24 21:25 472,576 ----a-w c:\windows\Radeon Omega Drivers v4.8.442 Uninstall.exe
.

((((((((((((((((((((((((((((( snapshot@2009-01-30_14.57.52.76 )))))))))))))))))))))))))))))))))))))))))
.
- 2005-10-21 01:02:28 163,328 ----a-w c:\windows\ERDNT\Hiv-backup\ERDNT.EXE
+ 2005-10-20 12:02:28 163,328 ----a-w c:\windows\ERDNT\Hiv-backup\ERDNT.EXE
+ 2009-01-30 20:29:31 884,736 ----a-w c:\windows\gmer.dll
+ 2008-04-18 02:13:02 811,008 ----a-w c:\windows\gmer.exe
- 2000-08-31 13:00:00 161,792 ----a-w c:\windows\SWREG.exe
+ 2000-08-31 13:00:00 286,720 ----a-w c:\windows\SWREG.exe
- 2009-01-29 01:09:59 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-01-30 21:01:57 32,768 ----a-w c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-01-29 01:09:59 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-01-30 21:01:57 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-01-29 01:09:59 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-01-30 21:01:57 32,768 ----a-w c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-01-30 20:29:31 85,969 ----a-w c:\windows\system32\drivers\gmer.sys
- 2009-01-30 19:50:39 71,904 ----a-w c:\windows\system32\perfc009.dat
+ 2009-01-30 20:14:48 71,904 ----a-w c:\windows\system32\perfc009.dat
- 2009-01-30 19:50:39 444,028 ----a-w c:\windows\system32\perfh009.dat
+ 2009-01-30 20:14:49 444,028 ----a-w c:\windows\system32\perfh009.dat
+ 2009-02-02 04:09:19 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_2f8.dat
+ 2009-02-02 04:09:10 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_69c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 5674352]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2008-11-08 2356088]
"Simplify Media"="c:\program files\Simplify Media\SimplifyMedia.exe" [2009-01-08 8079880]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="d:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 49152]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2007-03-14 24104]
"DT LGE"="c:\program files\Portrait Displays\forteManager\DTHtml.exe" [2007-02-01 285696]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-01-30 509784]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-11-13 981904]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2008-11-26 81000]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2008-12-04 136600]
"TraySantaCruz"="c:\windows\system32\tbctray.exe" [2001-08-29 307200]
"AtiPTA"="atiptaxx.exe" [2006-02-21 c:\windows\system32\atiptaxx.exe]

c:\documents and settings\admin\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2007-05-10 534016]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
AutoCAD Startup Accelerator.lnk - c:\program files\Common Files\Autodesk Shared\acstart16.exe [2005-03-05 10872]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2007-06-01 169472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon]
[BU]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.ffds"= c:\progra~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll
"vidc.wmv3"= c:\progra~1\COMBIN~1\Filters\wmv9vcm.dll
"midi1"= ma_cmidn.dll
"midi2"= ma_cmidn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"d:\\Program Files\\Graphisoft\\ArchiCAD 10\\ArchiCAD.exe"=
"d:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2009.SP1\\RpcAgentSrv.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite 2009.SP1\\WNt500x86\\RpcSandraSrv.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Simplify Media\\SimplifyMedia.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-01-24 64160]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-01-28 111184]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [2008-08-20 54896]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [2008-08-20 41616]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-01-28 20560]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 950096]
R3 tbcspud;Santa Cruz Driver;c:\windows\system32\drivers\tbcspud.sys [2007-05-02 142336]
R3 tbcwdm;Santa Cruz WDM Driver;c:\windows\system32\drivers\tbcwdm.sys [2007-05-02 524288]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\SiSoftware\SiSoftware Sandra Lite 2009.SP1\RpcAgentSrv.exe [2008-11-23 98488]
S3 vtdg46xx;vtdg46xx;c:\progra~1\TURTLE~1\SANTAC~1\CONTRO~1\vtdg46xx.sys [2007-05-02 19232]
.
Contents of the 'Scheduled Tasks' folder

2009-02-01 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-30 16:02]

2009-01-31 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uSearchMigratedDefaultURL = 687474703a2f2f7777772e676f6f676c652e636f6d2f
mSearchMigratedDefaultURL = 687474703a2f2f7777772e676f6f676c652e636f6d2f
uInternet Settings,ProxyOverride = *.local
IE: Copy to Semagic
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Semagic
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-01 23:31:50
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(632)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-02-01 23:37:07
ComboFix-quarantined-files.txt 2009-02-02 04:35:49
ComboFix2.txt 2009-01-30 20:01:20

Pre-Run: 10,549,075,968 bytes free
Post-Run: 10,529,124,352 bytes free

453 --- E O F --- 2008-11-13 08:08:35


eset log

# version=4
# OnlineScanner.ocx=1.0.0.56
# OnlineScannerDLLA.dll=1, 0, 0, 51
# OnlineScannerDLLW.dll=1, 0, 0, 51
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=3817 (20090202)
# vers_arch_module=1.064 (20080214)
# vers_adv_heur_module=1.066 (20070917)
# EOSSerial=1a50158fc425ff40a90c0fc2cd3fc40a
# end=finished
# remove_checked=false
# unwanted_checked=true
# utc_time=2009-02-02 07:52:12
# local_time=2009-02-02 02:52:12 (-0500, Eastern Standard Time)
# country="United States"
# osver=5.1.2600 NT Service Pack 2
# scanned=732243
# found=0
# scan_time=10438


new hijackthis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:57:33 AM, on 2/2/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\M-Audio MA_CMIDI\MA_CMIDI_Inst.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Zune\ZuneLauncher.exe
C:\Program Files\Portrait Displays\forteManager\DTHtml.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\tbctray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Common Files\Portrait Displays\Shared\HookManager.exe
C:\Program Files\Simplify Media\SimplifyMedia.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {598F4775-6FB6-477B-9842-E0426824E077} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\4.1.805.4472\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [HP Software Update] "D:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Zune Launcher] "C:\Program Files\Zune\ZuneLauncher.exe"
O4 - HKLM\..\Run: [DT LGE] C:\Program Files\Portrait Displays\forteManager\DTHtml.exe -startup_folder
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe
O4 - HKLM\..\Run: [TraySantaCruz] C:\WINDOWS\system32\tbctray.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AdobeUpdater] "C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe"
O4 - HKCU\..\Run: [Simplify Media] "C:\Program Files\Simplify Media\SimplifyMedia.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: MagicDisc.lnk = C:\Program Files\MagicDisc\MagicDisc.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w3/resources/MSNPUpld.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/OnlineScanner.cab
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} (Java Plug-in 1.5.0_06) -
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: M-Audio CMIDI Installer (MA_CMIDI_InstallerService) - Unknown owner - C:\Program Files\M-Audio MA_CMIDI\MA_CMIDI_Inst.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2009.SP1\RpcAgentSrv.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 9354 bytes


My computer is running much better now. The anti virus programs start up and run perfectly now, and I was able to play games like left4dead and half-life 2, which weren't starting up the other day.
drippykid
Active Member
 
Posts: 10
Joined: January 24th, 2009, 1:09 pm

Re: google results redirected and anti spyware will not run

Unread postby Rodav » February 2nd, 2009, 2:15 pm

We're nearly done, do you know what the file C:\hiding.zip and the folder C:\hiding are?
User avatar
Rodav
MRU Master Emeritus
 
Posts: 1480
Joined: April 19th, 2007, 6:44 am
Location: Here, there and yonder.
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 63 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware