Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Redirected Google web searches + Random Pop Ups

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Redirected Google web searches + Random Pop Ups

Unread postby tenmeg » July 28th, 2009, 6:13 pm

Hi - One tough worm - There are several aspects to this problem. Initially it was blocking Spybot & HJT (1) When using Google search it will redirect you to a numerous web-sites related to my google search. (2) There are also random pop-ups advertising computer malware fix-it programs. (3) Although HJT would not load earlier I was able to get it to load under GemJack HJT & run a scan (see below). I'm running Explorer 7 and Windows XP Home Edition with SP 2. Thanks in advance for you assitance - George

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:55:46 PM, on 7/28/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Cricket\QuickLink Mobile\QuickLink Mobile.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Visicom Media\AceFTP 3 Freeware\Aceftp3free.exe
C:\Program Files\Adobe\Photoshop 5.0\Photoshp.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Microsoft Works\wkswp.exe
C:\Program Files\Microsoft Works\WkDStore.exe
C:\Program Files\Microsoft Works\wkgdcach.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Trend Micro\HijackThis\GemJack.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hp-laptop.aol.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http: //ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http: //ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.personalfirewall.comodo.com/ ... CF6FF3F27F
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [PerfectOptimizer] C:\Program Files\Perfect Optimizer\PerfectOptimizer.exe
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\TENMEG\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-986089347-3572095111-2355310880-1007\..\Run: [cdloader] "C:\Documents and Settings\TENMEG\Application Data\mjusbsp\cdloader2.exe" MAGICJACK (User '?')
O4 - HKUS\S-1-5-21-986089347-3572095111-2355310880-1007\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [ColdWare] C:\WINDOWS\TEMP\tempo-181110359.tmp.exe (User '?')
O4 - HKUS\.DEFAULT\..\Run: [ColdWare] C:\WINDOWS\TEMP\tempo-181110359.tmp.exe (User 'Default user')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=pavilion&pf=laptop
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} -
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/house ... hcImpl.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se1140.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 9970259671
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 9971399281
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/s ... DEXAXO.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0F55B391-5110-47BB-ABB5-2DE39E770ED4}: NameServer = 85.255.112.62,85.255.112.231
O17 - HKLM\System\CCS\Services\Tcpip\..\{3A87A24C-6F1D-46F8-A1DF-997C7B5DBA4B}: NameServer = 172.28.221.53 172.28.221.54
O17 - HKLM\System\CCS\Services\Tcpip\..\{94E50C4A-5BE9-4042-AC78-034E9E4C205A}: NameServer = 85.255.112.62,85.255.112.231
O17 - HKLM\System\CS4\Services\Tcpip\Parameters: NameServer = 85.255.112.62,85.255.112.231
O17 - HKLM\System\CS5\Services\Tcpip\Parameters: NameServer = 85.255.112.62,85.255.112.231
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.62,85.255.112.231
O20 - AppInit_DLLs: karna.dat
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

--
End of file - 9353 bytes
tenmeg
Regular Member
 
Posts: 63
Joined: July 27th, 2009, 7:49 pm
Advertisement
Register to Remove

Re: Redirected Google web searches + Random Pop Ups

Unread postby MWR 3 day Mod » August 1st, 2009, 2:30 am

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: Redirected Google web searches + Random Pop Ups

Unread postby Bio-Hazard » August 1st, 2009, 1:44 pm

Hello and Welcome to forums!

My name is Bio-Hazard and I will be helping you to remove any infection(s) that you may have.

Please observe these rules while we work:

  • I will be working on your Malware issues this may or may not solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • I f you don't know or understand something please don't hesitate to ask.
  • Please DO NOT run any other tools or scans whilst I am helping you.
  • It is important that you reply to this thread. Do not start a new topic.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • Absence of symptoms does not mean that everything is clear.

No Reply Within 3 Days Will Result In Your Topic Being Closed!!
User avatar
Bio-Hazard
MRU Master Emeritus
 
Posts: 4078
Joined: May 10th, 2007, 8:28 am
Location: Cornwall, UK

Re: Redirected Google web searches + Random Pop Ups

Unread postby Bio-Hazard » August 1st, 2009, 1:51 pm

STEP 1

Download DDS

Please download DDS by sUBs from one of the links below and save it to your desktop:

Image
Download DDS and save it to your desktop from:

Link 1
Link 2

Please disable any anti-malware program that will block scripts from running before running DDS.

  • Double-Click on dds.scr and a command window will appear. This is normal.
  • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply


STEP 2


Gmer

Please download Gmer by Gmer and save it to your desktop.

  • Right click on gmer.zip and select Extract All....
  • Click Next on seeing the Welcome to the Compressed (zipped) Folders Extraction Wizard.
  • Click on the Browse button. Click on Desktop. Then click OK.
  • Click Next. It will start extracting.
  • Once done, check (tick) the Show extracted files box and click Finish.
  • Double click on gmer.exe to run it.
  • Select the Rootkit tab.
  • On the right hand side, check all the items to be scanned, but leave Show All box unchecked.
  • Select all drives that are connected to your system to be scanned.
  • Click on the Scan button.
  • When the scan is finished, click Copy to save the scan log to the Windows clipboard.
  • Open Notepad or a similar text editor.
  • Paste the clipboard contents into the text editor.
  • Save the Gmer scan log and post it in your next reply.
  • Close Gmer.

Note: Do not run any programs while Gmer is running.



Next Reply

Please reply with:
  • DDS.txt
  • Attach.txt
  • Gmer log
User avatar
Bio-Hazard
MRU Master Emeritus
 
Posts: 4078
Joined: May 10th, 2007, 8:28 am
Location: Cornwall, UK

Re: Redirected Google web searches + Random Pop Ups

Unread postby tenmeg » August 2nd, 2009, 8:25 am

Hi - Log txt files for DDS, ATTACH and GMER as requested - G


--------------------------------------------------------------------------------------------

DDS (Ver_09-07-30.01) - NTFSx86
Run by TENMEG at 20:31:28.31 on Sat 08/01/2009
Internet Explorer: 7.0.5730.13
FW: COMODO Firewall Pro *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}

============== Running Processes ===============


============== Pseudo HJT Report ===============

uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... &pf=laptop
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://hp-laptop.aol.com/
uWindow Title = Microsoft Internet Explorer
mDefault_Page_URL =
mWindow Title = Microsoft Internet Explorer
uInternet Connection Wizard,ShellNext = hxxp://www.personalfirewall.comodo.com/ ... CF6FF3F27F
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp: //ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
mCustomizeSearch = hxxp: //ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: EWPBrowseObject Class: {68f9551e-0411-48e4-9aaf-4bc42a6a46be} - c:\program files\canon\easy-webprint\EWPBrowseLoader.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_06\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar3.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\2.1.615.5858\swg.dll
TB: Easy-WebPrint: {327c2873-e90d-4c37-aa9d-10ac9baba46c} - c:\program files\canon\easy-webprint\Toolband.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar3.dll
uRun: [cdloader] "c:\documents and settings\tenmeg\application data\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [PerfectOptimizer] c:\program files\perfect optimizer\PerfectOptimizer.exe
mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
dRun: [ColdWare] c:\windows\temp\tempo-181110359.tmp.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683}
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_06\bin\ssv.dll
Trusted Zone: turbotax.com
DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A}
DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} - hxxp://housecall65.trendmicro.com/house ... hcImpl.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resour ... se1140.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windows ... 9970259671
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftup ... 9971399281
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/s ... DEXAXO.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/s ... wflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 85.255.112.62,85.255.112.231
TCP: {94E50C4A-5BE9-4042-AC78-034E9E4C205A} = 85.255.112.62,85.255.112.231
Notify: AtiExtEvent - Ati2evxx.dll
AppInit_DLLs: karna.dat
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
LSA: Notification Packages = scecli

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2009-07-27 18:51 <DIR> -cd----- C:\HiJack2009
2009-07-27 17:44 268,435,456 a--sh--- c:\windows\system32\temppf.sys
2009-07-27 14:48 <DIR> -cd----- C:\SpreadSheet
2009-07-27 14:44 <DIR> -cd----- c:\docume~1\tenmeg\applic~1\licenses
2009-07-27 14:44 <DIR> -cd----- c:\docume~1\tenmeg\applic~1\PCMM2009
2009-07-27 14:44 <DIR> -cd----- c:\program files\PC MightyMax 2009
2009-07-26 18:20 <DIR> -cd----- c:\program files\Microsoft Windows OneCare Live
2009-07-26 13:00 0 a------- c:\windows\muveeapp.INI
2009-07-26 12:40 16,409,960 ac------ c:\program files\ypsybotsd162.exe
2009-07-26 11:42 6,291,731 ac------ c:\program files\setupxv.exe
2009-07-26 11:30 1,460,840 ac------ c:\program files\HousecallLauncher.exe
2009-07-26 11:21 <DIR> -cd----- c:\documents and settings\tenmeg\.housecall6.6
2009-07-25 11:55 <DIR> -cd----- c:\program files\Downloaded Installers
2009-07-24 21:01 <DIR> -cd----- C:\MediaPlayer
2009-07-24 17:25 25,740,144 ac------ C:\wmp11-windowsxp-x86-enu.exe
2009-07-17 15:52 <DIR> -cd----- C:\Trailers Silver
2009-07-15 08:28 <DIR> -cd----- C:\DirectTV
2009-07-12 12:12 <DIR> -cd----- C:\MootorHomes
2009-07-12 11:49 <DIR> -cd----- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-07-12 11:49 <DIR> -cd----- c:\program files\TeaTimer (Spybot - Search & Destroy)
2009-07-12 11:49 <DIR> -cd----- c:\program files\SDHelper (Spybot - Search & Destroy)
2009-07-12 11:49 <DIR> -cd----- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-07-09 08:05 <DIR> -cd----- C:\Home Projects

==================== Find3M ====================

2009-07-26 13:38 8,530 a------- c:\windows\pchealth\helpctr\config\cache\Personal_32_1033.dat
2009-07-12 12:13 2,438 ac------ c:\docume~1\tenmeg\applic~1\wklnhst.dat
2008-09-04 21:35 785,920 ac------ c:\program files\HP Product Detection.msi
2008-09-04 21:35 3,584 ac------ c:\program files\1033.MST
2008-08-19 17:28 461 ac------ c:\program files\Shortcut to iTunes.lnk
2008-06-26 15:22 812,344 ac------ c:\program files\HJTInstall.exe
2006-03-09 14:32 3,752 ac------ c:\program files\SP32338.CVA
2006-02-21 01:12 11,085 ac------ c:\program files\cpl309bk.cat
2006-02-06 14:02 32,572 ac------ c:\program files\cpl309bk.inf
2006-01-26 00:53 472 ac------ c:\program files\cpl309bk.ini
2005-08-22 15:07 1,035,008 ac------ c:\program files\HSF_DPV.sys
2005-08-22 14:06 231,424 ac------ c:\program files\HSFHWATI.sys
2005-08-22 14:06 718,464 ac------ c:\program files\HSF_CNXT.sys
2005-08-18 10:13 133,528 ac------ c:\program files\HSFProf.cty
2005-08-12 13:01 577,536 ac------ c:\program files\HXFSetup.exe
2005-06-20 07:57 110,592 ac------ c:\program files\uci32100.dll
2004-03-17 09:04 13,059 ac------ c:\program files\MDMXSDK.sys
2004-03-17 09:00 86,016 ac------ c:\program files\MdmXSdk.dll
2002-02-04 13:39 23 ac------ c:\program files\disk1
1998-10-15 11:04 222,976 ac------ c:\documents and settings\tenmeg\mssce.exe
1998-10-15 11:04 37,136 ac------ c:\documents and settings\tenmeg\regsvr32.exe
1998-07-16 14:15 1,215,720 ac------ c:\documents and settings\tenmeg\immc.exe
2005-07-14 12:31 27,648 a--sh--- c:\windows\system32\AVSredirect.dll

============= FINISH: 20:32:02.34 ===============


-------------------------------------------------------------------------------------------------------

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-07-30.01)


==== Disk Partitions =========================


==== Disabled Device Manager Items =============

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

Adobe Flash Player 10 ActiveX
Adobe Reader 8.1.2
Apple Mobile Device Support
Apple Software Update
ArcSoft PhotoImpression 6
ArcSoft Print Creations
Athlon 64 Processor Driver
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
Broadcom 802.11 Wireless LAN Adapter
Brother MFL-Pro Suite MFC-490CW
C-Media USB WDM Audio Driver
Canon MP Navigator 2.2
Canon MP530
Canon MP530 User Registration
Canon Utilities Easy-PhotoPrint
CardRd81
CCScore
Conexant AC-Link Audio
CR2
Design & Print, Business Edition
Digital Camera Driver
Easy-WebPrint
EPSON CX8400 User's Guide
EPSON Printer Software
EPSON Scan
EPSON Stylus CX8400 Series Scanner Driver Update
ESSBrwr
ESSCDBK
ESScore
ESSCT
ESSgui
ESShelp
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
ESSTUTOR
ESSvpaht
ESSvpot
Face-OP 2.0
getPlus(R)_ocx
Google Toolbar for Internet Explorer
GSpot Codec Information Appliance
High Definition Audio Driver Package - KB835221
HijackThis 2.0.2
HLPIndex
HLPPDOCK
HLPRFO
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB896256)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
HP Help and Support
HP Update
HP User Guides 0008
HP Wireless Assistant
HpSdpAppCoreApp
InterVideo WinDVD
iTunes
Java(TM) 6 Update 6
K-Lite Codec Pack 3.2.5 Full
Kodak EasyShare software
KSU
LG USB Modem driver
LGUsbDriver
LightScribe 1.4.136.1
Logitech SetPoint
Magellan RoadMate Tools
Magic RM RAM to MP3 Converter 2.61
magicJack Outlook Add-In 1.0.3.521
Malwarebytes' Anti-Malware
MapSource - City Select North America v7
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2005
Microsoft National Language Support Downlevel APIs
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Works
MP3 Player Utilities
Mp3 Workshop 1.1
MSN
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
muvee autoProducer 4.0 - SE
NetWaiting
Notifier
OTtBP
OTtBPSDK
Palm Desktop for Garmin iQue 3600
Panda ActiveScan
Panda ActiveScan 2.0
PC MightyMax 2009
PC SpeedScan Pro
Perfect Optimizer 3.4
Picasa 3
Presto! PageManager
Quicken 2002 Basic
QuickLink Mobile
QuickTime
Real Alternative 1.31
REALTEK Gigabit and Fast Ethernet NIC Driver
RegCure 1.5.0.1
Replay Converter 2.50
Replay Music 2.51
Replay Radio and Replay A/V 7
Rhapsody Player Engine
RM-to-MP3-Converter 2.0
ScanSoft OmniPage SE 4.0
Security Task Manager 1.7f
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
SFR
SHASTA
SKIN0001
SKINXSDK
Soft Data Fax Modem with SmartCP
Sonic Audio Module
Sonic Copy Module
Sonic Data Module
Sonic Express Labeler
Sonic MyDVD Plus
Sonic Update Manager
Symantec Technical Support Web Controls
Synaptics Pointing Device Driver
Texas Instruments PCIxx21/x515 drivers.
The Sprinkler Designer
TIxx21
TurboTax 2005
TurboTax Deluxe 2007
TurboTax ItsDeductible 2005
TurboTax ItsDeductible 2006
TurboTax Premier Investments 2006
Ulead Drop Spot 1.0
Ulead Photo Explorer 8.0 SE Basic
Ulead PhotoImpact 6
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
USB Audio
UTStarcom USB Modem Software
Virtual Earth 3D (Beta)
VPRINTOL
VZAccess Manager for Sierra Wireless
WebFldrs XP
WinAce Archiver
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live OneCare safety scanner
Windows Media Format 11 runtime
Windows Media Player 11
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB883667
Windows XP Hotfix - KB884575
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885464
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885855
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888239
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB888402
Windows XP Hotfix - KB889673
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB892559
WIRELESS

==== End Of File ===========================


--------------------------------------------------------------------

GMER 1.0.15.15011 [gmer.exe] - http://www.gmer.net
Rootkit scan 2009-08-02 05:09:56
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.15 ----

Code 832FF710 ZwEnumerateKey
Code 832FF4B8 ZwFlushInstructionCache
Code 83302BFE IofCallDriver
Code 8324D136 IofCompleteRequest
Code 8330411D ZwSaveKey
Code 82FCE165 ZwSaveKeyEx

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!IofCallDriver 804EE0F6 5 Bytes JMP 83302C03
.text ntkrnlpa.exe!IofCompleteRequest 804EE186 5 Bytes JMP 8324D13B
.text ntkrnlpa.exe!ZwSaveKey 804FE5BC 5 Bytes JMP 83304122
.text ntkrnlpa.exe!ZwSaveKeyEx 804FE5D0 5 Bytes JMP 82FCE16A
PAGE ntkrnlpa.exe!ZwFlushInstructionCache 805AAEDE 5 Bytes JMP 832FF4BC
PAGE ntkrnlpa.exe!ZwEnumerateKey 80619A6E 5 Bytes JMP 832FF714

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1340] USER32.dll!DialogBoxParamW 7E42555F 5 Bytes JMP 42F0F301 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1340] USER32.dll!DialogBoxIndirectParamW 7E432032 5 Bytes JMP 430A1667 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1340] USER32.dll!MessageBoxIndirectA 7E43A04A 5 Bytes JMP 430A15E8 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1340] USER32.dll!DialogBoxParamA 7E43B10C 5 Bytes JMP 430A162C C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1340] USER32.dll!MessageBoxExW 7E4505D8 5 Bytes JMP 430A1574 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1340] USER32.dll!MessageBoxExA 7E4505FC 5 Bytes JMP 430A15AE C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1340] USER32.dll!DialogBoxIndirectParamA 7E456B50 5 Bytes JMP 430A16A2 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\IEXPLORE.EXE[1340] USER32.dll!MessageBoxIndirectW 7E4662AB 5 Bytes JMP 42F316B6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\system32\drivers\ESQULkkysfygvmlfayvelctkmxjdtjccrksvx.sys (*** hidden *** ) [SYSTEM] ESQULserv.sys <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\ESQULserv.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\ESQULserv.sys@start 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\ESQULserv.sys@type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\ESQULserv.sys@imagepath \systemroot\system32\drivers\ESQULkkysfygvmlfayvelctkmxjdtjccrksvx.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\ESQULserv.sys@group file system
Reg HKLM\SYSTEM\CurrentControlSet\Services\ESQULserv.sys\modules
Reg HKLM\SYSTEM\CurrentControlSet\Services\ESQULserv.sys\modules@ESQULserv \\?\globalroot\systemroot\system32\drivers\ESQULkkysfygvmlfayvelctkmxjdtjccrksvx.sys
Reg HKLM\SYSTEM\CurrentControlSet\Services\ESQULserv.sys\modules@ESQULl \\?\globalroot\systemroot\system32\ESQULyebwyargopllfvejbfdxvruuviecjcja.dll
Reg HKLM\SYSTEM\CurrentControlSet\Services\ESQULserv.sys\modules@ESQULclk \\?\globalroot\systemroot\system32\ESQULljlotwqmvykutiabuxndykestwyhnmgh.dll
Reg HKLM\SYSTEM\ControlSet005\Services\ESQULserv.sys (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\ESQULserv.sys@start 1
Reg HKLM\SYSTEM\ControlSet005\Services\ESQULserv.sys@type 1
Reg HKLM\SYSTEM\ControlSet005\Services\ESQULserv.sys@imagepath \systemroot\system32\drivers\ESQULkkysfygvmlfayvelctkmxjdtjccrksvx.sys
Reg HKLM\SYSTEM\ControlSet005\Services\ESQULserv.sys@group file system
Reg HKLM\SYSTEM\ControlSet005\Services\ESQULserv.sys\modules (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\ESQULserv.sys\modules@ESQULserv \\?\globalroot\systemroot\system32\drivers\ESQULkkysfygvmlfayvelctkmxjdtjccrksvx.sys
Reg HKLM\SYSTEM\ControlSet005\Services\ESQULserv.sys\modules@ESQULl \\?\globalroot\systemroot\system32\ESQULyebwyargopllfvejbfdxvruuviecjcja.dll
Reg HKLM\SYSTEM\ControlSet005\Services\ESQULserv.sys\modules@ESQULclk \\?\globalroot\systemroot\system32\ESQULljlotwqmvykutiabuxndykestwyhnmgh.dll
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9BF370D9-6452-42F3-7346-90DC10C441BA}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9BF370D9-6452-42F3-7346-90DC10C441BA}@iaogpmbcgnehhamfko 0x6B 0x61 0x6B 0x6C ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9BF370D9-6452-42F3-7346-90DC10C441BA}@haigjkomffndeefd 0x6B 0x61 0x6B 0x6C ...

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\drivers\ESQULkkysfygvmlfayvelctkmxjdtjccrksvx.sys 82944 bytes <-- ROOTKIT !!!
File C:\WINDOWS\system32\ESQULljlotwqmvykutiabuxndykestwyhnmgh.dll 57344 bytes executable
File C:\WINDOWS\system32\ESQULyebwyargopllfvejbfdxvruuviecjcja.dll 23552 bytes executable
File C:\WINDOWS\system32\ESQULzcounter 4 bytes

---- EOF - GMER 1.0.15 ----
tenmeg
Regular Member
 
Posts: 63
Joined: July 27th, 2009, 7:49 pm

Re: Redirected Google web searches + Random Pop Ups

Unread postby Bio-Hazard » August 2nd, 2009, 9:07 am

Remove programs

  • Click Start
  • Go to Control Panel
  • Go to Add/Remove Programs
  • Find and click Remove for the following (if present):

    PC MightyMax 2009
    PC SpeedScan Pro

NOTE: Take care when answering any questions posed by an uninstaller. Some questions may be worded to deceive you into keeping the program.




Download and Run ComboFix

  • ComboFix SHOULD NOT be used unless requested by a forum helper.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. A guide to do this can be found HERE
  • Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

    Link 1
    Link 2

    Image


    Image

  • Double click on Combo-Fix.exe and follow the prompts.
  • When finished, it will produce a report for you (C:\ComboFix.txt )
  • Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  • Combofix should never take more that 20 minutes including the reboot if malware is detected.

    IMPORTANT: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix on your own.This tool is not a toy and not for everyday use.



    Malwarebytes' Anti-Malware

    I see that you have Malwarebytes' Anti-Malware installed on your computer could you please do a scan using these settings:

    • Open Malwarebytes' Anti-Malware
    • Select the Update tab
    • Click Check for Updates
    • After the update have been completed, Select the Scanner tab.
    • Select Perform full scan, then click on Scan
    • Leave the default options as it is and click on Start Scan
    • When done, you will be prompted. Click OK, then click on Show Results
    • Checked (ticked) all items and click on Remove Selected
    • After it has removed the items, Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest


    Antivirus

    Looking over your log it seems you don't have any evidence of an anti-virus software.

    Anti-virus software are programs that detect cleans and erase harmful virus files on a computer Web server or network. Unchecked virus files can unintentionally be forwarded to others including trading partners and thereby spreading infection. Because new viruses regularly emerge anti-virus software should be updated frequently. Anti-virus software can scan the computer memory and disk drives for malicious code. They can alert the user if a virus is present and will clean delete (or quarantine) infected files or directories. Please download a free anti-virus software from one these excellent vendors NOW:


    It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer then only one of them should be active in memory at a time.


    Logs/Information to Post in Next Reply

    Please post the following logs/Information in your reply:
    • ComboFix log (found at C:\Combofix.txt)
    • Malwarebytes Antimalware log
    • A fresh HijackThis Log ( after all the above has been done)
    • A description of how your computer is behaving
User avatar
Bio-Hazard
MRU Master Emeritus
 
Posts: 4078
Joined: May 10th, 2007, 8:28 am
Location: Cornwall, UK

Re: Redirected Google web searches + Random Pop Ups

Unread postby tenmeg » August 2nd, 2009, 3:57 pm

Hi - attached is a Combo Fix, Malwarebytes' Anti-Malware & a fresh HJT Log files as requested.
Never suspected the program PerfectOptimizer was a Rogue.PerfectOptimzier. Although nothing should be a surprise in today's computer virus/malware world!
System Restore always gave a error message that it was not active but when you tried to activate it it was already checked as working? Combo Fix successfully reinstalled it. That's a PLUS.
Attempted to install AVG but it FAILED due to a missing file error message. Your AVG link is a dead link.
Before scans and deleting suspicious files I could not run SpyBot or Malwarewbyte as if they were being blocked.

Computer operation is faster, System Restore has been restored and now I can run Malwarebyte. .

======================================================================================================================


ComboFix 09-08-01.09 - TENMEG 08/02/2009 10:49.1.1 - NTFSx86
Running from: c:\malware2009\Combo-Fix.exe
FW: COMODO Firewall Pro *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
* Created a new restore point
.

Overlay aborted ... Please run ComboFix once more
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\S-1-5-21-1708537768-308236825-839522115-1003
c:\recycler\S-1-5-21-3554313866-1504290983-2056860485-1003
c:\windows\system32\drivers\ESQULkkysfygvmlfayvelctkmxjdtjccrksvx.sys
c:\windows\system32\ESQULljlotwqmvykutiabuxndykestwyhnmgh.dll
c:\windows\system32\ESQULyebwyargopllfvejbfdxvruuviecjcja.dll
c:\windows\system32\SrchSTS.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_ESQULserv.sys


((((((((((((((((((((((((( Files Created from 2009-07-02 to 2009-08-02 )))))))))))))))))))))))))))))))
.

2009-08-02 03:34 . 2009-08-02 17:25 -------- dc----w- C:\malware2009
2009-07-28 01:51 . 2009-07-30 21:18 -------- dc----w- C:\HiJack2009
2009-07-28 00:44 . 2009-08-02 17:57 268435456 --sha-w- c:\windows\system32\temppf.sys
2009-07-27 21:48 . 2009-07-27 23:40 -------- dc----w- C:\SpreadSheet
2009-07-27 21:44 . 2009-07-27 21:44 -------- dc----w- c:\documents and settings\TENMEG\Application Data\licenses
2009-07-27 21:44 . 2009-07-27 21:46 -------- dc----w- c:\documents and settings\TENMEG\Application Data\PCMM2009
2009-07-27 05:12 . 2009-04-10 13:58 6327408 -c-ha-w- c:\documents and settings\TENMEG\Application Data\mjusbsp\in00000\setup.exe
2009-07-27 05:12 . 2009-04-10 13:55 725296 -c-ha-w- c:\documents and settings\TENMEG\Application Data\mjusbsp\ar00000\install.exe
2009-07-27 05:12 . 2008-02-29 12:42 386496 -c--a-w- c:\documents and settings\TENMEG\Application Data\mjusbsp\ar00000\magicJackSplash.exe
2009-07-27 01:20 . 2009-07-27 01:22 -------- dc----w- c:\program files\Microsoft Windows OneCare Live
2009-07-26 20:55 . 2009-07-27 01:27 -------- dc----w- c:\program files\Windows Live Safety Center
2009-07-26 19:56 . 2009-07-26 19:56 78112 -c--a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-26 19:56 . 2009-07-26 19:56 -------- dc----w- c:\documents and settings\Administrator\Application Data\muvee Technologies
2009-07-26 19:40 . 2009-07-26 19:40 16409960 -c--a-w- c:\program files\ypsybotsd162.exe
2009-07-26 18:42 . 2009-07-26 18:42 6291731 -c--a-w- c:\program files\setupxv.exe
2009-07-26 18:30 . 2009-07-26 18:30 1460840 -c--a-w- c:\program files\HousecallLauncher.exe
2009-07-26 18:21 . 2009-07-26 18:21 -------- dc----w- c:\documents and settings\TENMEG\.housecall6.6
2009-07-25 18:55 . 2009-07-25 18:55 -------- dc----w- c:\program files\Downloaded Installers
2009-07-25 04:01 . 2009-07-25 04:21 -------- dc----w- C:\MediaPlayer
2009-07-25 00:25 . 2009-07-25 00:25 25740144 -c--a-w- C:\wmp11-windowsxp-x86-enu.exe
2009-07-17 22:52 . 2009-07-17 22:53 -------- dc----w- C:\Trailers Silver
2009-07-15 15:28 . 2009-07-17 17:46 -------- dc----w- C:\DirectTV
2009-07-12 19:12 . 2009-07-12 19:13 -------- dc----w- C:\MootorHomes
2009-07-12 18:49 . 2009-07-12 18:49 -------- dc----w- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-07-12 18:49 . 2009-07-12 18:49 -------- dc----w- c:\program files\SDHelper (Spybot - Search & Destroy)
2009-07-12 18:49 . 2009-07-12 18:49 -------- dc----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-07-12 18:49 . 2009-07-12 18:49 -------- dc----w- c:\program files\TeaTimer (Spybot - Search & Destroy)
2009-07-09 15:05 . 2009-07-09 15:06 -------- dc----w- C:\Home Projects

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-02 17:21 . 2006-01-21 02:44 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-02 04:14 . 2006-10-24 18:32 -------- d-----w- c:\program files\WinAce
2009-08-01 14:10 . 2008-11-29 19:54 -------- d-----w- c:\program files\Perfect Optimizer
2009-07-30 21:10 . 2009-04-08 16:50 -------- dc----w- c:\docume~1\ALLUSE~1\APPLIC~1\NOS
2009-07-30 21:10 . 2009-04-08 16:50 -------- dc----w- c:\program files\NOS
2009-07-30 21:09 . 2006-12-29 16:06 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-28 01:09 . 2006-12-29 16:06 -------- dc----w- c:\docume~1\ALLUSE~1\APPLIC~1\Spybot - Search & Destroy
2009-07-27 05:13 . 2008-08-11 05:28 -------- dc----w- c:\documents and settings\TENMEG\Application Data\mjusbsp
2009-07-27 00:56 . 2008-11-12 20:40 -------- dc----w- c:\docume~1\ALLUSE~1\APPLIC~1\qnahadqf
2009-07-27 00:56 . 2008-11-12 20:40 -------- dc----w- c:\docume~1\ALLUSE~1\APPLIC~1\mjizavcl
2009-07-26 20:42 . 2008-08-09 19:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-26 20:40 . 2008-08-27 04:59 -------- dc----w- c:\docume~1\ALLUSE~1\APPLIC~1\Downloaded Installations
2009-07-26 20:38 . 2009-07-30 23:43 8530 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Personal_32_1033.dat
2009-07-24 19:59 . 2008-09-26 03:56 -------- dc----w- c:\documents and settings\TENMEG\Application Data\Sites
2009-07-21 20:46 . 2008-09-26 03:56 -------- dc----w- c:\documents and settings\TENMEG\Application Data\SiteClasses
2009-07-12 19:13 . 2008-08-17 16:30 2438 -c--a-w- c:\documents and settings\TENMEG\Application Data\wklnhst.dat
2009-06-26 03:56 . 2008-08-17 16:25 -------- dc----w- c:\documents and settings\TENMEG\Application Data\Intuit
2009-06-24 17:12 . 2008-12-04 22:09 65823 -c--a-w- c:\documents and settings\TENMEG\Application Data\magicJackOutlookAddIn\magicJackOutlookAddInUninst.exe
2008-09-05 04:35 . 2008-09-05 04:36 785920 -c--a-w- c:\program files\HP Product Detection.msi
2008-09-05 04:35 . 2008-09-05 04:36 3584 -c--a-w- c:\program files\1033.MST
2008-08-20 00:28 . 2008-08-20 00:28 461 -c--a-w- c:\program files\Shortcut to iTunes.lnk
2008-06-26 22:22 . 2008-06-26 22:22 812344 -c--a-w- c:\program files\HJTInstall.exe
2006-03-09 21:32 . 2006-03-09 21:32 3752 -c--a-w- c:\program files\SP32338.CVA
2006-02-21 08:12 . 2006-02-21 08:12 11085 -c--a-w- c:\program files\cpl309bk.cat
2006-02-06 21:02 . 2006-02-06 21:02 32572 -c--a-w- c:\program files\cpl309bk.inf
2006-01-26 07:53 . 2006-01-26 07:53 472 -c--a-w- c:\program files\cpl309bk.ini
2005-08-22 22:07 . 2005-08-22 22:07 1035008 -c--a-w- c:\program files\HSF_DPV.sys
2005-08-22 21:06 . 2005-08-22 21:06 231424 -c--a-w- c:\program files\HSFHWATI.sys
2005-08-22 21:06 . 2005-08-22 21:06 718464 -c--a-w- c:\program files\HSF_CNXT.sys
2005-08-18 17:13 . 2005-08-18 17:13 133528 -c--a-w- c:\program files\HSFProf.cty
2005-08-12 20:01 . 2005-08-12 20:01 577536 -c--a-w- c:\program files\HXFSetup.exe
2005-06-20 14:57 . 2005-06-20 14:57 110592 -c--a-w- c:\program files\uci32100.dll
2004-03-17 16:04 . 2004-03-17 16:04 13059 -c--a-w- c:\program files\MDMXSDK.sys
2004-03-17 16:00 . 2004-03-17 16:00 86016 -c--a-w- c:\program files\MdmXSdk.dll
2002-02-04 20:39 . 2002-02-04 20:39 23 -c--a-w- c:\program files\disk1
2005-07-14 19:31 . 2006-05-24 17:37 27648 --sha-w- c:\windows\system32\AVSredirect.dll
.

------- Sigcheck -------

[-] 2004-08-04 08:00 14336 8F078AE4ED187AAABC0A305146DE6716 c:\windows\system32\svchost.exe

[-] 2005-03-02 18:19 577024 1800F293BCCC8EDE8A70E12B88D80036 c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[-] 2007-03-08 15:48 578048 7AA4F6C00405DFC4B70ED4214E7D687B c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 2004-08-04 08:00 577024 C72661F8552ACE7C5C85E16A3CF505C4 c:\windows\$NtUninstallKB890859$\user32.dll
[-] 2005-03-02 18:09 577024 DE2DB164BBB35DB061AF0997E4499054 c:\windows\$NtUninstallKB925902$\user32.dll
[-] 2007-03-08 15:36 577536 B409909F6E2E8A7067076ED748ABF1E7 c:\windows\system32\user32.dll
[-] 2008-12-08 20:16 577536 B409909F6E2E8A7067076ED748ABF1E7 c:\windows\system32\dllcache\user32.dll

[-] 2004-08-04 08:00 82944 2ED0B7F12A60F90092081C50FA0EC2B2 c:\windows\system32\ws2_32.dll

[-] 2005-05-02 20:57 658944 E1E18136F9DD3DF1AD9C82193A5898A6 c:\windows\$hf_mig$\KB883939\SP2QFE\wininet.dll
[-] 2006-03-04 03:58 663552 C0845ECBF4F9164E618EE381B79C9032 c:\windows\$hf_mig$\KB912812\SP2QFE\wininet.dll
[-] 2006-05-10 05:25 663552 D94CFFDB53E7AC867438E2DFD50E7CBC c:\windows\$hf_mig$\KB916281\SP2QFE\wininet.dll
[-] 2006-06-23 11:25 664576 64CE26DB72810B30F7855EA51E1DF836 c:\windows\$hf_mig$\KB918899\SP2QFE\wininet.dll
[-] 2006-09-14 08:31 664576 D207370287CF769AEBEBF03837784963 c:\windows\$hf_mig$\KB922760\SP2QFE\wininet.dll
[-] 2007-03-07 17:40 823296 B8F4DB39CA7353752F245379D285C80E c:\windows\$hf_mig$\KB931768-IE7\SP2QFE\wininet.dll
[-] 2007-04-25 09:08 823808 431DEFBB4A3D7B0DC062C1B064623A2F c:\windows\$hf_mig$\KB933566-IE7\SP2QFE\wininet.dll
[-] 2007-06-27 14:40 824320 D6ED5E042C5207553E7F5E842918137F c:\windows\$hf_mig$\KB937143-IE7\SP2QFE\wininet.dll
[-] 2007-08-20 10:02 825344 357D54BF94FE9D6D8505A96B5C2A3BCA c:\windows\$hf_mig$\KB939653-IE7\SP2QFE\wininet.dll
[-] 2007-10-10 23:47 825344 0E5D918F87EFA7D2424D66B499C7EB04 c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll
[-] 2007-12-07 02:01 825344 B5B411BB229AE6EAD7652A32ED47BFB9 c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll
[-] 2008-03-01 13:03 827392 6316C2F0C61271C8ABDFF7429174879E c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll
[-] 2008-04-23 03:35 827392 41546B396A526918DA7995A02EA04E51 c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll
[-] 2004-08-04 08:00 656384 C0823FC5469663BA63E7DB88F9919D70 c:\windows\$NtUninstallKB883939$\wininet.dll
[-] 2005-05-02 20:52 657920 1A078AF3F85D10BA56444C23B3A18E74 c:\windows\$NtUninstallKB912812$\wininet.dll
[-] 2006-03-04 03:33 658432 1C0979C7A489BEE573CD0BF4AD94BB06 c:\windows\$NtUninstallKB916281$\wininet.dll
[-] 2006-05-10 05:23 658432 38AB7A56F566D9AAAD31812494944824 c:\windows\$NtUninstallKB918899$\wininet.dll
[-] 2006-06-23 11:02 658944 2B4DB890936430C71419037039502752 c:\windows\$NtUninstallKB922760$\wininet.dll
[-] 2006-09-14 08:39 658944 621AF3F6174A3F60677F5230E28BCC07 c:\windows\ie7\wininet.dll
[-] 2006-11-08 05:03 818688 92995334F993E6E49C25C6D02EC04401 c:\windows\ie7updates\KB928090-IE7\wininet.dll
[-] 2007-01-12 17:27 822784 BE43D00D802C92F01C8CC952C6F483F8 c:\windows\ie7updates\KB931768-IE7\wininet.dll
[-] 2007-03-07 17:45 822784 5B35DAE6E4886F64D1DA58C4E3E01EB9 c:\windows\ie7updates\KB933566-IE7\wininet.dll
[-] 2007-04-25 08:41 822784 0586A7F0B2FDB94D624F399D4728E7C8 c:\windows\ie7updates\KB937143-IE7\wininet.dll
[-] 2007-06-27 14:34 823808 8068CBB58FE60CC95AEB2CFF70178208 c:\windows\ie7updates\KB939653-IE7\wininet.dll
[-] 2007-08-20 10:04 824832 774435E499D8E9643EC961A6103C361F c:\windows\ie7updates\KB942615-IE7\wininet.dll
[-] 2007-10-10 23:56 824832 30C1E0F34AD2972C72A01DB5C74AB065 c:\windows\ie7updates\KB944533-IE7\wininet.dll
[-] 2007-12-07 02:21 824832 806D274C9A6C3AAEA5EAE8E4AF841E04 c:\windows\ie7updates\KB947864-IE7\wininet.dll
[-] 2008-03-01 13:06 826368 AD21461AEF8244EDEC2EF18E55E1DCF3 c:\windows\ie7updates\KB950759-IE7\wininet.dll
[-] 2008-04-23 04:16 826368 F6589BE784647CFDBC22EA51CCB1A57A c:\windows\system32\wininet.dll

[-] 2005-05-25 19:07 359936 63FDFEA54EB53DE2D863EE454937CE1E c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
[-] 2006-01-13 17:07 360448 5562CC0A47B2AEF06D3417B733F3C195 c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[-] 2006-04-20 12:18 360576 B2220C618B42A2212A59D91EBD6FC4B4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2007-10-30 16:53 360832 64798ECFA43D78C7178375FCDD16D8C8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[-] 2008-06-20 10:44 360960 744E57C99232201AE98C49168B918F48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[-] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[-] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2004-08-04 08:00 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\$NtUninstallKB893066$\tcpip.sys
[-] 2005-05-25 19:04 359808 88763A98A4C26C409741B4AA162720C9 c:\windows\$NtUninstallKB913446$\tcpip.sys
[-] 2006-01-13 02:28 359808 583E063FDC888CA30D05C2724B0D7EF4 c:\windows\$NtUninstallKB917953$\tcpip.sys
[-] 2006-04-20 11:51 359808 1DBF125862891817F374F407626967F4 c:\windows\$NtUninstallKB941644$\tcpip.sys
[-] 2007-10-30 17:20 360064 90CAFF4B094573449A0872A0F919B178 c:\windows\$NtUninstallKB951748$\tcpip.sys
[-] 2008-06-20 10:45 360320 2A5554FC5B1E04E131230E3CE035C3F9 c:\windows\system32\drivers\tcpip.sys

[-] 2004-08-04 08:00 502272 01C3346C241652F43AED8E2149881BFE c:\windows\system32\winlogon.exe

[-] 2004-08-04 08:00 182912 558635D3AF1C7546D26067D5D9B6959E c:\windows\system32\drivers\ndis.sys

[-] 2004-08-04 08:00 29056 4448006B6BC60E6C027932CFC38D6855 c:\windows\system32\drivers\ip6fw.sys

[-] 2005-03-02 00:36 2056832 D8ABA3EAB509627E707A3B14F00FBB6B c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
[-] 2004-08-04 08:00 2056832 947FB1D86D14AFCFFDB54BF837EC25D0 c:\windows\$NtUninstallKB890859$\ntkrnlpa.exe
[-] 2005-03-02 00:34 2056832 81013F36B21C7F72CF784CC6731E0002 c:\windows\$NtUninstallKB929338$\ntkrnlpa.exe
[-] 2006-12-19 16:12 2059392 BA4B97C00A437C1CC3DA365D93EE1E9D c:\windows\$NtUninstallKB931784$\ntkrnlpa.exe
[-] 2007-02-28 09:15 2059392 4D3DBDCCBF97F5BA1E74F322B155C3BA c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2007-02-28 09:15 2059392 4D3DBDCCBF97F5BA1E74F322B155C3BA c:\windows\system32\ntkrnlpa.exe

[-] 2005-03-02 01:04 2179456 28187802B7C368C0D3AEF7D4C382AABB c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
[-] 2004-08-04 08:00 2180992 CE218BC7088681FAA06633E218596CA7 c:\windows\$NtUninstallKB890859$\ntoskrnl.exe
[-] 2005-03-02 00:59 2179328 4D4CF2C14550A4B7718E94A6E581856E c:\windows\$NtUninstallKB929338$\ntoskrnl.exe
[-] 2006-12-19 16:51 2182016 CEF243F6DEFD20BE4ADDE26C7ECACB54 c:\windows\$NtUninstallKB931784$\ntoskrnl.exe
[-] 2007-02-28 09:55 2182144 5A5C8DB4AA962C714C8371FBDF189FC9 c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2007-02-28 09:55 2182144 5A5C8DB4AA962C714C8371FBDF189FC9 c:\windows\system32\ntoskrnl.exe

[-] 2007-06-13 10:23 1033216 97BD6515465659FF8F3B7BE375B2EA87 c:\windows\explorer.exe
[-] 2007-06-13 11:26 1033216 7712DF0CDDE3A5AC89843E61CD5B3658 c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2004-08-04 08:00 1032192 A0732187050030AE399B241436565E64 c:\windows\$NtUninstallKB938828$\explorer.exe

[-] 2004-08-04 08:00 108032 C6CE6EEC82F187615D1002BB3BB50ED4 c:\windows\system32\services.exe

[-] 2004-08-04 08:00 13312 84885F9B82F4D55C6146EBF6065D75D2 c:\windows\system32\lsass.exe

[-] 2004-08-04 08:00 15360 24232996A38C0B0CF151C2140AE29FC8 c:\windows\system32\ctfmon.exe

[-] 2005-06-11 00:17 57856 AD3D9D191AEA7B5445FE1D82FFBB4788 c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2004-08-04 08:00 57856 7435B108B935E42EA92CA94F59C8E717 c:\windows\$NtUninstallKB896423$\spoolsv.exe
[-] 2005-06-10 23:53 57856 DA81EC57ACD4CDC3D4C51CF3D409AF9F c:\windows\system32\spoolsv.exe

[-] 2004-08-04 08:00 24576 39B1FFB03C2296323832ACBAE50D2AFF c:\windows\system32\userinit.exe

[-] 2004-08-04 08:00 295424 B60C877D16D9C880B952FDA04ADF16E6 c:\windows\system32\termsrv.dll

[-] 2006-07-05 10:57 985088 0FDD84928A5DDE2510761B7EC76CCEC9 c:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll
[-] 2007-04-16 16:07 986112 09F7CB3687F86EDAA4CA081F7AB66C03 c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll
[-] 2004-08-04 08:00 983552 888190E31455FAD793312F8D087146EB c:\windows\$NtUninstallKB917422$\kernel32.dll
[-] 2006-07-05 10:55 984064 D8DB5397DE07577C1CB50BA6D23B3AD4 c:\windows\$NtUninstallKB935839$\kernel32.dll
[-] 2007-04-16 15:52 984576 A01F9CA902A88F7CED06884174D6419D c:\windows\system32\kernel32.dll

[-] 2004-08-04 08:00 17408 1B5F6923ABB450692E9FE0672C897AED c:\windows\system32\powrprof.dll

[-] 2004-08-04 08:00 110080 87CA7CE6469577F059297B9D6556D66D c:\windows\system32\imm32.dll


[-] 2005-05-02 20:57 3014144 DCC5C79B99F02EEF8C826B074DBFC222 c:\windows\$hf_mig$\KB883939\SP2QFE\mshtml.dll
[-] 2006-03-23 20:31 3055616 ABCD123F888E4E97C8751378CCCC4F26 c:\windows\$hf_mig$\KB912812\SP2QFE\mshtml.dll
[-] 2006-05-19 15:06 3055104 8687E029BE63C77D4919485068C54D77 c:\windows\$hf_mig$\KB916281\SP2QFE\mshtml.dll
[-] 2006-07-28 11:30 3058176 D251679BD9EF0250201FB899EC40FD32 c:\windows\$hf_mig$\KB918899\SP2QFE\mshtml.dll
[-] 2006-09-14 08:31 3058688 CEFEA1C301139A817931BE132F0359FE c:\windows\$hf_mig$\KB922760\SP2QFE\mshtml.dll
[-] 2007-03-07 18:40 3582976 DA297A862E5F093A07D37C05F608C686 c:\windows\$hf_mig$\KB931768-IE7\SP2QFE\mshtml.dll
[-] 2007-05-08 09:25 3584000 1D4E3B86C601A2497C99790CC4D7DF26 c:\windows\$hf_mig$\KB933566-IE7\SP2QFE\mshtml.dll
[-] 2007-07-18 21:09 3584000 7CE243CFD47AD0DC431586CB8C542A11 c:\windows\$hf_mig$\KB937143-IE7\SP2QFE\mshtml.dll
[-] 2007-08-20 10:02 3592192 AA8A4BD78D24FCDB96DDAEE3756AA372 c:\windows\$hf_mig$\KB939653-IE7\SP2QFE\mshtml.dll
[-] 2007-10-30 23:48 3593216 54D8B404F17AA74C666F7F3AEF2AE459 c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\mshtml.dll
[-] 2007-12-07 02:01 3593216 976C46ED4A75FC66D9C596778898CE1E c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\mshtml.dll
[-] 2008-03-01 13:03 3593216 4EE273E2B09317C1217EF0DB91F93534 c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\mshtml.dll
[-] 2008-04-23 03:35 3593728 4D612FF5D3B7EEF200595AE6F95D5E68 c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\mshtml.dll
[-] 2004-08-04 08:00 3003392 376E0843B2356CA91CEC8D9837A56FF7 c:\windows\$NtUninstallKB883939$\mshtml.dll
[-] 2005-05-02 21:52 3012608 DCFAC5470EE0A159EC4222BC28AE3EE6 c:\windows\$NtUninstallKB912812$\mshtml.dll
[-] 2006-03-23 20:32 3053568 DEAA438EA31095E14A196FF647E38D13 c:\windows\$NtUninstallKB916281$\mshtml.dll
[-] 2006-05-19 15:08 3052544 284CE76B71DD5260B42A3CCF0135AF67 c:\windows\$NtUninstallKB918899$\mshtml.dll
[-] 2006-07-28 11:28 3054080 C7074DA3D8F8C0F6C03874BA0B05069C c:\windows\$NtUninstallKB922760$\mshtml.dll
[-] 2006-09-14 08:39 3054592 BE45460D1453B7342E01EAE79BFBC681 c:\windows\ie7\mshtml.dll
[-] 2006-11-08 05:03 3577856 CBF04597F9CF7739E572276A2698FDD3 c:\windows\ie7updates\KB928090-IE7\mshtml.dll
[-] 2007-01-12 17:27 3580416 5D45318804A30CE9D6EA83066E84B4A7 c:\windows\ie7updates\KB931768-IE7\mshtml.dll
[-] 2007-03-07 17:45 3581952 190E1AE9B973049B12A67BAD478C770C c:\windows\ie7updates\KB933566-IE7\mshtml.dll
[-] 2007-05-08 09:24 3583488 5D90A7200F72DACE663EE78DE234FCC7 c:\windows\ie7updates\KB937143-IE7\mshtml.dll
[-] 2007-07-19 06:59 3583488 BD609A26B683332A0E0E1445C5724851 c:\windows\ie7updates\KB939653-IE7\mshtml.dll
[-] 2007-08-20 10:04 3584512 E267EE248CDA7667C19001C069DE867B c:\windows\ie7updates\KB942615-IE7\mshtml.dll
[-] 2007-10-30 23:42 3590656 8AB7ECF59D6EBBE986277B65ED4A40A1 c:\windows\ie7updates\KB944533-IE7\mshtml.dll
[-] 2007-12-08 05:21 3592192 A097C36412455F0C7E42377FAF8809B7 c:\windows\ie7updates\KB947864-IE7\mshtml.dll
[-] 2008-03-02 01:36 3591680 AB2C88167D78D71D93558ACECB24CC7A c:\windows\ie7updates\KB950759-IE7\mshtml.dll
[-] 2008-04-24 05:16 3591680 8976CAB317105F7431B08EA32AB73C65 c:\windows\system32\mshtml.dll

[-] 2004-08-04 05:58 24576 EBDEE8A2EE5393890A1ACEE971C4C246 c:\windows\system32\drivers\kbdclass.sys
[-] 2004-08-04 05:58 24576 EBDEE8A2EE5393890A1ACEE971C4C246 c:\windows\system32\ReinstallBackups\0008\DriverFiles\i386\kbdclass.sys

[-] 2004-08-04 08:00 792064 6728270CB7DBB776ED086F5AC4C82310 c:\windows\system32\comres.dll

[-] 2004-08-04 08:00 22016 74D66B3DE265E8789153414E75175F26 c:\windows\system32\lpk.dll


[-] 2004-08-04 08:00 2944 73C1E1F395918BC2C6DD67AF7591A3AD c:\windows\system32\drivers\null.sys

[-] 2006-02-15 00:30 142464 1EE7B434BA961EF845DE136224C30FEC c:\windows\$hf_mig$\KB900485\SP2QFE\aec.sys
[-] 2004-08-04 06:39 142464 841F385C6CFAF66B58FBD898722BB4F0 c:\windows\$NtUninstallKB900485$\aec.sys
[-] 2006-02-15 00:22 142464 1EE7B434BA961EF845DE136224C30FEC c:\windows\Driver Cache\i386\aec.sys
[-] 2006-02-15 00:22 142464 1EE7B434BA961EF845DE136224C30FEC c:\windows\system32\drivers\aec.sys

[-] 2004-08-04 08:00 924432 DDF8D47ACF8FC3FE5F7F2B95C4D4D136 c:\windows\$NtUninstallKB924667$\mfc40u.dll
[-] 2006-11-01 19:17 927504 925F8B61ED301A317BA850EBEECBDAA0 c:\windows\system32\mfc40u.dll

[-] 2005-01-14 05:07 395776 94456045BEB4545B5EBE1DCC85951AFA c:\windows\$hf_mig$\KB873333\SP2QFE\rpcss.dll
[-] 2005-04-28 19:35 396288 DA383FB39A6F1C445F3AFC94B3EB1248 c:\windows\$hf_mig$\KB894391\SP2QFE\rpcss.dll
[-] 2005-07-26 04:20 398336 C369DF215D352B6F3A0B8C3469AA34F8 c:\windows\$hf_mig$\KB902400\SP2QFE\rpcss.dll
[-] 2004-08-04 08:00 395776 5C83A4408604F737717AB96371201680 c:\windows\$NtUninstallKB873333$\rpcss.dll
[-] 2005-01-14 08:55 395776 419899803CA479B73B02390318C787C0 c:\windows\$NtUninstallKB894391$\rpcss.dll
[-] 2005-04-28 19:31 395776 C8061F289E000703E7672916B7FE1571 c:\windows\$NtUninstallKB902400$\rpcss.dll
[-] 2005-07-26 04:39 397824 CE94A2BD25E3E9F4D46A7373FF455C6D c:\windows\system32\rpcss.dll

[-] 2004-08-04 08:00 33792 95FD808E4AC22ABA025A7B3EAC0375D2 c:\windows\system32\msgsvc.dll

[-] 2004-08-04 08:00 611328 A77DFB85FAEE49D66C74DA6024EBC69B c:\windows\$NtUninstallKB923191$\comctl32.dll
[-] 2006-08-25 15:45 617472 B0124CB21D28B1C9F678B566B6B57D92 c:\windows\system32\comctl32.dll
[-] 2004-08-04 08:00 921088 AEF3D788DBF40C7C4D204EA45EB0C505 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[-] 2004-08-04 08:00 1050624 5AF68A5E44734A082442668E9C787743 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
[-] 2006-08-25 15:45 1054208 C4E80875C1CF1222FC5EFD0314AE5C01 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

[-] 2004-08-04 08:00 11648 9859C0F6936E723E4892D7141B1327D5 c:\windows\system32\drivers\acpiec.sys

[-] 2004-08-04 08:00 5120 E8A12A12EA9088B4327D49EDCA3ADD3E c:\windows\system32\sfc.dll

[-] 2004-08-04 08:00 407040 96353FCECBA774BB8DA74A1C6507015A c:\windows\system32\netlogon.dll

[-] 2004-08-04 08:00 382464 2C69EC7E5A311334D10DD95F338FCCEA c:\windows\system32\qmgr.dll

[-] 2004-08-04 08:00 14336 02000ABF34AF4C218C35D257024807D6 c:\windows\system32\drivers\asyncmac.sys

[-] 2006-02-15 00:30 142464 1EE7B434BA961EF845DE136224C30FEC c:\windows\$hf_mig$\KB900485\SP2QFE\aec.sys
[-] 2004-08-04 06:39 142464 841F385C6CFAF66B58FBD898722BB4F0 c:\windows\$NtUninstallKB900485$\aec.sys
[-] 2006-02-15 00:22 142464 1EE7B434BA961EF845DE136224C30FEC c:\windows\Driver Cache\i386\aec.sys
[-] 2006-02-15 00:22 142464 1EE7B434BA961EF845DE136224C30FEC c:\windows\system32\drivers\aec.sys

[-] 2007-02-09 11:23 574976 05AB81909514BFD69CBB1F2C147CF6B9 c:\windows\$hf_mig$\KB930916\SP2QFE\ntfs.sys
[-] 2004-08-04 08:00 574592 B78BE402C3F63DD55521F73876951CDD c:\windows\$NtUninstallKB930916$\ntfs.sys
[-] 2007-02-09 11:10 574464 19A811EF5F1ED5C926A028CE107FF1AF c:\windows\system32\drivers\ntfs.sys

[-] 2004-08-04 08:00 170496 92BDF74F12D6CBEC43C94D4B7F804838 c:\windows\$NtUninstallKB888402$\srsvc.dll
[-] 2004-11-17 23:25 171008 902CF9595F640E53F33C0F1637F464F9 c:\windows\system32\srsvc.dll

[-] 2004-08-04 08:00 13824 49911DD39E023BB6C45E4E436CFBD297 c:\windows\system32\wscntfy.exe

[-] 2004-08-04 08:00 435200 B62F29C00AC55A761B2E45877D85EA0F c:\windows\system32\ntmssvc.dll

[-] 2004-08-04 08:00 89088 44DB7A9BDD2FB58747D123FBF1D35ADB c:\windows\system32\rasauto.dll

[-] 2004-08-04 08:00 1580544 30A609E00BD1D4FFC49D6B5A432BE7F2 c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cdloader"="c:\documents and settings\TENMEG\Application Data\mjusbsp\cdloader2.exe" [2009-04-10 50520]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-09-28 344064]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-19 729178]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-08-01 233534]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-12-11 286720]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-12-11 267048]
"PerfectOptimizer"="c:\program files\Perfect Optimizer\PerfectOptimizer.exe" [2008-10-02 2586112]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2008-04-11 1085440]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-12-04 185896]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
VZAccess Manager.lnk - c:\program files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe [2008-3-30 1738032]

c:\documents and settings\user\Start Menu\Programs\Startup\
HotSync Manager.lnk - c:\program files\Palm\HOTSYNC.EXE [2002-8-9 299008]
VZAccess Manager.lnk - c:\program files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe [2008-3-30 1738032]

c:\documents and settings\User.2WIRE200\Start Menu\Programs\Startup\
VZAccess Manager.lnk - c:\program files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe [2008-3-30 1738032]

c:\docume~1\ALLUSE~1\STARTM~1\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2006-8-5 450560]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /p \??\c:\0sdearlydelete\0autocheck autochk *
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPod Service"=3 (0x3)
"IDriverT"=2 (0x2)
"CryptSvc"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Adobe\\Photoshop 5.0\\Photoshp.exe"=
"c:\\Program Files\\Visicom Media\\AceFTP 3 Freeware\\aceftp3free.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\TENMEG\\Application Data\\mjusbsp\\magicJack.exe"=

R3 cmuda2;C-Media USB Audio Interface;c:\windows\system32\drivers\cmuda2.sys [2004-01-05 705536]
R3 lgatbus;LG USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\lgatbus.sys [2005-06-14 43024]
R3 lgatmdm;LG CDMA USB Modem Drivers;c:\windows\system32\DRIVERS\lgatmdm.sys [2005-06-14 77104]
R3 lgatserd;LG CDMA USB Modem Diagnostic Serial Port Drivers (WDM);c:\windows\system32\DRIVERS\lgatserd.sys [2005-06-14 60816]
R3 RTCore32;RTCore32;c:\program files\RightMark Memory Analyzer\RTCore32.sys [x]
R3 uts_bus;UTStarcom USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\uts_bus.sys [2007-12-05 84352]
R3 uts_mdfl;UTStarcom USB Modem Filter;c:\windows\system32\DRIVERS\uts_mdfl.sys [2007-12-05 14976]
R3 uts_mdm;UTStarcom USB Modem Drivers;c:\windows\system32\DRIVERS\uts_mdm.sys [2007-12-05 110848]
R3 uts_serd;UTStarcom USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\uts_serd.sys [2007-12-05 90880]
S3 HSFHWATI;HSFHWATI;c:\windows\system32\DRIVERS\HSFHWATI.sys [2005-08-22 231424]

.
- - - - ORPHANS REMOVED - - - -

ShellIconOverlayIdentifiers-{8D84414D-41D3-412E-3046-A1CFAE460B03} - (no file)


.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://hp-laptop.aol.com/
mWindow Title = Microsoft Internet Explorer
uInternet Connection Wizard,ShellNext = hxxp://www.personalfirewall.comodo.com/ ... CF6FF3F27F
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
Trusted Zone: turbotax.com
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-02 10:58
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe???????????????|?????? ???B?????????????hLC? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ESQULserv.sys]
"imagepath"="\systemroot\system32\drivers\ESQULdedwxnorqgkaeylawpyndmeyyaunvear.sys"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-986089347-3572095111-2355310880-1007\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9BF370D9-6452-42F3-7346-90DC10C441BA}*]
"iaogpmbcgnehhamfko"=hex:6b,61,6b,6c,63,65,6c,70,70,68,6e,67,65,65,65,6c,6f,70,
64,67,67,69,00,00
"haigjkomffndeefd"=hex:6b,61,6b,6c,63,65,6c,70,70,68,6e,67,65,65,65,6c,6f,70,
64,67,67,69,00,00

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ESQULserv.sys]
@DACL=(02 0000)
"start"=dword:00000001
"type"=dword:00000001
"group"="file system"
"imagepath"=expand:"\\systemroot\\system32\\drivers\\ESQULdedwxnorqgkaeylawpyndmeyyaunvear.sys"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(668)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(288)
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\scardsvr.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\locator.exe
c:\program files\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files\Brother\Brmfcmon\BrMfcMon.exe
c:\program files\Common Files\Logitech\KHAL\KHALMNPR.EXE
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-08-02 11:03 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-02 18:03

Pre-Run: 9,094,701,056 bytes free
Post-Run: 9,177,022,464 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[Boot Loader]
Timeout=2
Default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[Operating Systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

375 --- E O F --- 2008-08-05 00:51



=====================================================================================================================

Malwarebytes' Anti-Malware 1.39
Database version: 2421
Windows 5.1.2600 Service Pack 2

8/2/2009 11:53:48 AM
mbam-log-2009-08-02 (11-53-48).txt

Scan type: Full Scan (C:\|)
Objects scanned: 206061
Time elapsed: 39 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 16
Files Infected: 79

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\perfect optimizer (Rogue.Installer) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{0b55e43a-4448-42f7-be03-9faa74b91eef} (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d5b6c6a9-b59f-4990-b976-38c7d6bdfb4d} (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Miracle (Rogue.PerfectOptimizer) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\PerfectOptimizer.exe (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\perfectoptimizer (Rogue.PerfectOptimizer) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Documents and Settings\TENMEG\Start Menu\Programs\Perfect Optimizer (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Perfect Optimizer (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Backup (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Backup\Application (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Backup\Registry (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Backup\Registry\FirstBackup (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Backup\Registry\FullBackup (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Backup\Service (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Data (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Data\Service (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Res (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Temp (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Temp\Data (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Temp\Data\Service (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Update (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
C:\Program Files\Registry Mighty (Rogue.RegistryMighty) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\Perfect Optimizer\PerfectOptimizer.exe (Rogue.PerfectOptimizer) -> Quarantined and deleted successfully.
c:\spreadsheet\setupxv.exe (Rogue.Installer) -> Quarantined and deleted successfully.
c:\program files\setupxv.exe (Rogue.Installer) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\PerfectOptimizerShell.exe (Rogue.PerfectOptimizer) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\SEClean.DLL (Rogue.Multiple) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\uninst.exe (Rogue.Installer) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Update.exe (Rogue.PerfectOptimizer) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Backup\application\PerfectOptimizer.exe (Rogue.PerfectOptimizer) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Backup\application\PerfectOptimizerShell.exe (Rogue.PerfectOptimizer) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Backup\application\SEClean.DLL (Rogue.Multiple) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Backup\application\uninst.exe (Rogue.Installer) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Backup\application\Update.exe (Rogue.PerfectOptimizer) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Temp\PerfectOptimizer.exe (Rogue.Multiple) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Temp\SEClean.DLL (Rogue.Multiple) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Temp\SERes.DLL (Rogue.Multiple) -> Quarantined and deleted successfully.
c:\documents and settings\TENMEG\start menu\Programs\perfect optimizer\Perfect Optimizer.lnk (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
c:\documents and settings\TENMEG\start menu\Programs\perfect optimizer\Uninstall.lnk (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
c:\documents and settings\TENMEG\start menu\Programs\perfect optimizer\Website.lnk (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\License.ini (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\MFC42D.DLL (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\MFCO42D.DLL (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\MSVCRTD.DLL (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Perfect Optimizer.url (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\PerfectOptimizerOCX.dll (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\SEActiveX.dll (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\SECleaner.dll (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\SERes.dll (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\SEStyle.dll (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\SESystem.dll (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Backup\application\License.ini (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Backup\application\MFC42D.DLL (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Backup\application\MFCO42D.DLL (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Backup\application\MSVCRTD.DLL (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Backup\application\Perfect Optimizer.url (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Backup\application\PerfectOptimizerOCX.dll (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Backup\application\SEActiveX.dll (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Backup\application\SECleaner.dll (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Backup\application\SERes.dll (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Backup\application\SEStyle.dll (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Backup\application\SESystem.dll (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Backup\Registry\firstbackup\20081129125448.Reg (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Backup\Registry\fullbackup\20081215100233.Reg (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Backup\Service\backup_service.bat (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Backup\Service\Default.bat (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Data\Service\campus_model.bat (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Data\Service\default_model.bat (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Data\Service\home_model.bat (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Data\Service\interner_model.bat (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Data\Service\notebook_model.bat (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Data\Service\office_model.bat (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Res\ActiveX.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Res\Bad.jpg (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Res\Check.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Res\CleanEvidence.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Res\CleanHardDisk.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Res\Disk.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Res\DotLine.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Res\Error.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Res\Frame.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Res\Good.jpg (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Res\Progrss.bmp (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Res\RegistryClean.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Res\SEM_RSO_BG.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Res\StartupOptimize.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Res\SystemOptimize.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Res\Time.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Res\Top.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Res\Uncheck.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Res\Warning.jpg (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Res\Win.png (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Temp\Data\Service\campus_model.bat (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Temp\Data\Service\default_model.bat (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Temp\Data\Service\home_model.bat (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Temp\Data\Service\interner_model.bat (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Temp\Data\Service\notebook_model.bat (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Temp\Data\Service\office_model.bat (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
c:\program files\perfect optimizer\Update\Update.zip (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.
c:\program files\registry mighty\RegistryMighty.exe (Rogue.RegistryMighty) -> Quarantined and deleted successfully.
c:\documents and settings\TENMEG\Desktop\Perfect Optimizer.lnk (Rogue.PerfectOptimzier) -> Quarantined and deleted successfully.

=================================================================================================================

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:35:01 PM, on 8/2/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hp-laptop.aol.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.personalfirewall.comodo.com/ ... CF6FF3F27F
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\TENMEG\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-986089347-3572095111-2355310880-1007\..\Run: [cdloader] "C:\Documents and Settings\TENMEG\Application Data\mjusbsp\cdloader2.exe" MAGICJACK (User '?')
O4 - HKUS\S-1-5-21-986089347-3572095111-2355310880-1007\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=pavilion&pf=laptop
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} -
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/house ... hcImpl.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se1140.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 9970259671
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 9971399281
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/s ... DEXAXO.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

--
End of file - 7770 bytes
tenmeg
Regular Member
 
Posts: 63
Joined: July 27th, 2009, 7:49 pm

Re: Redirected Google web searches + Random Pop Ups

Unread postby Bio-Hazard » August 3rd, 2009, 5:48 pm

Download and Run ComboFix

We need to run Combofix again. You need to disable Comodo before running Combofix. Delete the copy of Combofix you have in this folder c:\malware2009. You need to download and save the Combofix on to the DESKTOP.

Download ComboFix from one of these locations:

Link 1
Link 2

Here you can find a tutorial about Combofix: HOW TO USE COMBOFIX

You must download it to and run it from your Desktop

Attempted to install AVG but it FAILED due to a missing file error message. Your AVG link is a dead link.


Thank you for letting me know. You still need to install Antivirus program. If AVG doesnt install the you can try Avira or Avast.



Next Reply

Please reply with:
  • ComboFix log (found at C:\Combofix.txt)
  • New HijackThis log
User avatar
Bio-Hazard
MRU Master Emeritus
 
Posts: 4078
Joined: May 10th, 2007, 8:28 am
Location: Cornwall, UK

Re: Redirected Google web searches + Random Pop Ups

Unread postby tenmeg » August 4th, 2009, 1:46 am

Hi - ComboFix & HJT log files attached as requested. I have tried loading all 3 Virus programs. They are downloaded and appear to be loading but they don't finish. Same problem I had earlier with running Malwarebyte and Spybot. They act as if they are being blocked.


====================================================================

ComboFix 09-08-03.04 - TENMEG 08/03/2009 22:01.2.1 - NTFSx86
Running from: c:\documents and settings\TENMEG\Desktop\ComboFix.exe
FW: COMODO Firewall Pro *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\Drivers\hpzekoda.sys
c:\windows\system32\ESQULzcounter

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_ESQULserv.sys
-------\Service_ubuqijth


((((((((((((((((((((((((( Files Created from 2009-07-04 to 2009-08-04 )))))))))))))))))))))))))))))))
.

2009-08-02 19:05 . 2009-08-02 19:05 -------- dc----w- c:\documents and settings\TENMEG\Application Data\AVG8
2009-08-02 19:04 . 2009-08-02 19:04 848656 -c--a-w- C:\avg_avwt_stb_all_8_32.exe
2009-08-02 03:34 . 2009-08-04 04:50 -------- dc----w- C:\malware2009
2009-07-28 01:51 . 2009-07-30 21:18 -------- dc----w- C:\HiJack2009
2009-07-28 00:44 . 2009-08-04 05:11 268435456 --sha-w- c:\windows\system32\temppf.sys
2009-07-27 21:48 . 2009-08-02 18:53 -------- dc----w- C:\SpreadSheet
2009-07-27 21:44 . 2009-07-27 21:44 -------- dc----w- c:\documents and settings\TENMEG\Application Data\licenses
2009-07-27 21:44 . 2009-07-27 21:46 -------- dc----w- c:\documents and settings\TENMEG\Application Data\PCMM2009
2009-07-27 05:12 . 2009-04-10 13:58 6327408 -c-ha-w- c:\documents and settings\TENMEG\Application Data\mjusbsp\in00000\setup.exe
2009-07-27 05:12 . 2009-04-10 13:55 725296 -c-ha-w- c:\documents and settings\TENMEG\Application Data\mjusbsp\ar00000\install.exe
2009-07-27 05:12 . 2008-02-29 12:42 386496 -c--a-w- c:\documents and settings\TENMEG\Application Data\mjusbsp\ar00000\magicJackSplash.exe
2009-07-27 01:20 . 2009-07-27 01:22 -------- dc----w- c:\program files\Microsoft Windows OneCare Live
2009-07-26 20:55 . 2009-07-27 01:27 -------- dc----w- c:\program files\Windows Live Safety Center
2009-07-26 19:56 . 2009-07-26 19:56 78112 -c--a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-26 19:56 . 2009-07-26 19:56 -------- dc----w- c:\documents and settings\Administrator\Application Data\muvee Technologies
2009-07-26 19:40 . 2009-07-26 19:40 16409960 -c--a-w- c:\program files\ypsybotsd162.exe
2009-07-26 18:30 . 2009-07-26 18:30 1460840 -c--a-w- c:\program files\HousecallLauncher.exe
2009-07-26 18:21 . 2009-07-26 18:21 -------- dc----w- c:\documents and settings\TENMEG\.housecall6.6
2009-07-25 18:55 . 2009-07-25 18:55 -------- dc----w- c:\program files\Downloaded Installers
2009-07-25 04:01 . 2009-07-25 04:21 -------- dc----w- C:\MediaPlayer
2009-07-25 00:25 . 2009-07-25 00:25 25740144 -c--a-w- C:\wmp11-windowsxp-x86-enu.exe
2009-07-17 22:52 . 2009-07-17 22:53 -------- dc----w- C:\Trailers Silver
2009-07-15 15:28 . 2009-07-17 17:46 -------- dc----w- C:\DirectTV
2009-07-12 19:12 . 2009-07-12 19:13 -------- dc----w- C:\MootorHomes
2009-07-12 18:49 . 2009-07-12 18:49 -------- dc----w- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-07-12 18:49 . 2009-07-12 18:49 -------- dc----w- c:\program files\SDHelper (Spybot - Search & Destroy)
2009-07-12 18:49 . 2009-07-12 18:49 -------- dc----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-07-12 18:49 . 2009-07-12 18:49 -------- dc----w- c:\program files\TeaTimer (Spybot - Search & Destroy)
2009-07-09 15:05 . 2009-07-09 15:06 -------- dc----w- C:\Home Projects

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-02 20:13 . 2008-09-26 03:56 -------- dc----w- c:\documents and settings\TENMEG\Application Data\SiteClasses
2009-08-02 20:13 . 2008-09-26 03:56 -------- dc----w- c:\documents and settings\TENMEG\Application Data\Sites
2009-08-02 18:10 . 2008-08-09 19:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-02 18:10 . 2008-11-15 19:24 3775175 -c--a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-08-02 17:21 . 2006-01-21 02:44 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-02 04:14 . 2006-10-24 18:32 -------- d-----w- c:\program files\WinAce
2009-07-30 21:10 . 2009-04-08 16:50 -------- dc----w- c:\documents and settings\All Users\Application Data\NOS
2009-07-30 21:10 . 2009-04-08 16:50 -------- dc----w- c:\program files\NOS
2009-07-30 21:09 . 2006-12-29 16:06 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-07-28 01:09 . 2006-12-29 16:06 -------- dc----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-07-27 05:13 . 2008-08-11 05:28 -------- dc----w- c:\documents and settings\TENMEG\Application Data\mjusbsp
2009-07-27 00:56 . 2008-11-12 20:40 -------- dc----w- c:\documents and settings\All Users\Application Data\qnahadqf
2009-07-27 00:56 . 2008-11-12 20:40 -------- dc----w- c:\documents and settings\All Users\Application Data\mjizavcl
2009-07-26 20:40 . 2008-08-27 04:59 -------- dc----w- c:\documents and settings\All Users\Application Data\Downloaded Installations
2009-07-26 20:38 . 2009-07-30 23:43 8530 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Personal_32_1033.dat
2009-07-13 20:36 . 2008-08-09 19:08 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 20:36 . 2008-08-09 19:08 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-12 19:13 . 2008-08-17 16:30 2438 -c--a-w- c:\documents and settings\TENMEG\Application Data\wklnhst.dat
2009-06-26 03:56 . 2008-08-17 16:25 -------- dc----w- c:\documents and settings\TENMEG\Application Data\Intuit
2009-06-24 17:12 . 2008-12-04 22:09 65823 -c--a-w- c:\documents and settings\TENMEG\Application Data\magicJackOutlookAddIn\magicJackOutlookAddInUninst.exe
2008-09-05 04:35 . 2008-09-05 04:36 785920 -c--a-w- c:\program files\HP Product Detection.msi
2008-09-05 04:35 . 2008-09-05 04:36 3584 -c--a-w- c:\program files\1033.MST
2008-08-20 00:28 . 2008-08-20 00:28 461 -c--a-w- c:\program files\Shortcut to iTunes.lnk
2008-06-26 22:22 . 2008-06-26 22:22 812344 -c--a-w- c:\program files\HJTInstall.exe
2006-03-09 21:32 . 2006-03-09 21:32 3752 -c--a-w- c:\program files\SP32338.CVA
2006-02-21 08:12 . 2006-02-21 08:12 11085 -c--a-w- c:\program files\cpl309bk.cat
2006-02-06 21:02 . 2006-02-06 21:02 32572 -c--a-w- c:\program files\cpl309bk.inf
2006-01-26 07:53 . 2006-01-26 07:53 472 -c--a-w- c:\program files\cpl309bk.ini
2005-08-22 22:07 . 2005-08-22 22:07 1035008 -c--a-w- c:\program files\HSF_DPV.sys
2005-08-22 21:06 . 2005-08-22 21:06 231424 -c--a-w- c:\program files\HSFHWATI.sys
2005-08-22 21:06 . 2005-08-22 21:06 718464 -c--a-w- c:\program files\HSF_CNXT.sys
2005-08-18 17:13 . 2005-08-18 17:13 133528 -c--a-w- c:\program files\HSFProf.cty
2005-08-12 20:01 . 2005-08-12 20:01 577536 -c--a-w- c:\program files\HXFSetup.exe
2005-06-20 14:57 . 2005-06-20 14:57 110592 -c--a-w- c:\program files\uci32100.dll
2004-03-17 16:04 . 2004-03-17 16:04 13059 -c--a-w- c:\program files\MDMXSDK.sys
2004-03-17 16:00 . 2004-03-17 16:00 86016 -c--a-w- c:\program files\MdmXSdk.dll
2002-02-04 20:39 . 2002-02-04 20:39 23 -c--a-w- c:\program files\disk1
2005-07-14 19:31 . 2006-05-24 17:37 27648 --sha-w- c:\windows\system32\AVSredirect.dll
.

------- Sigcheck -------

[-] 2004-08-04 08:00 14336 8F078AE4ED187AAABC0A305146DE6716 c:\windows\system32\svchost.exe

[-] 2005-03-02 18:19 577024 1800F293BCCC8EDE8A70E12B88D80036 c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[-] 2007-03-08 15:48 578048 7AA4F6C00405DFC4B70ED4214E7D687B c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 2004-08-04 08:00 577024 C72661F8552ACE7C5C85E16A3CF505C4 c:\windows\$NtUninstallKB890859$\user32.dll
[-] 2005-03-02 18:09 577024 DE2DB164BBB35DB061AF0997E4499054 c:\windows\$NtUninstallKB925902$\user32.dll
[-] 2007-03-08 15:36 577536 B409909F6E2E8A7067076ED748ABF1E7 c:\windows\system32\user32.dll
[-] 2008-12-08 20:16 577536 B409909F6E2E8A7067076ED748ABF1E7 c:\windows\system32\dllcache\user32.dll

[-] 2004-08-04 08:00 82944 2ED0B7F12A60F90092081C50FA0EC2B2 c:\windows\system32\ws2_32.dll

[-] 2005-05-02 20:57 658944 E1E18136F9DD3DF1AD9C82193A5898A6 c:\windows\$hf_mig$\KB883939\SP2QFE\wininet.dll
[-] 2006-03-04 03:58 663552 C0845ECBF4F9164E618EE381B79C9032 c:\windows\$hf_mig$\KB912812\SP2QFE\wininet.dll
[-] 2006-05-10 05:25 663552 D94CFFDB53E7AC867438E2DFD50E7CBC c:\windows\$hf_mig$\KB916281\SP2QFE\wininet.dll
[-] 2006-06-23 11:25 664576 64CE26DB72810B30F7855EA51E1DF836 c:\windows\$hf_mig$\KB918899\SP2QFE\wininet.dll
[-] 2006-09-14 08:31 664576 D207370287CF769AEBEBF03837784963 c:\windows\$hf_mig$\KB922760\SP2QFE\wininet.dll
[-] 2007-03-07 17:40 823296 B8F4DB39CA7353752F245379D285C80E c:\windows\$hf_mig$\KB931768-IE7\SP2QFE\wininet.dll
[-] 2007-04-25 09:08 823808 431DEFBB4A3D7B0DC062C1B064623A2F c:\windows\$hf_mig$\KB933566-IE7\SP2QFE\wininet.dll
[-] 2007-06-27 14:40 824320 D6ED5E042C5207553E7F5E842918137F c:\windows\$hf_mig$\KB937143-IE7\SP2QFE\wininet.dll
[-] 2007-08-20 10:02 825344 357D54BF94FE9D6D8505A96B5C2A3BCA c:\windows\$hf_mig$\KB939653-IE7\SP2QFE\wininet.dll
[-] 2007-10-10 23:47 825344 0E5D918F87EFA7D2424D66B499C7EB04 c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll
[-] 2007-12-07 02:01 825344 B5B411BB229AE6EAD7652A32ED47BFB9 c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll
[-] 2008-03-01 13:03 827392 6316C2F0C61271C8ABDFF7429174879E c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll
[-] 2008-04-23 03:35 827392 41546B396A526918DA7995A02EA04E51 c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll
[-] 2004-08-04 08:00 656384 C0823FC5469663BA63E7DB88F9919D70 c:\windows\$NtUninstallKB883939$\wininet.dll
[-] 2005-05-02 20:52 657920 1A078AF3F85D10BA56444C23B3A18E74 c:\windows\$NtUninstallKB912812$\wininet.dll
[-] 2006-03-04 03:33 658432 1C0979C7A489BEE573CD0BF4AD94BB06 c:\windows\$NtUninstallKB916281$\wininet.dll
[-] 2006-05-10 05:23 658432 38AB7A56F566D9AAAD31812494944824 c:\windows\$NtUninstallKB918899$\wininet.dll
[-] 2006-06-23 11:02 658944 2B4DB890936430C71419037039502752 c:\windows\$NtUninstallKB922760$\wininet.dll
[-] 2006-09-14 08:39 658944 621AF3F6174A3F60677F5230E28BCC07 c:\windows\ie7\wininet.dll
[-] 2006-11-08 05:03 818688 92995334F993E6E49C25C6D02EC04401 c:\windows\ie7updates\KB928090-IE7\wininet.dll
[-] 2007-01-12 17:27 822784 BE43D00D802C92F01C8CC952C6F483F8 c:\windows\ie7updates\KB931768-IE7\wininet.dll
[-] 2007-03-07 17:45 822784 5B35DAE6E4886F64D1DA58C4E3E01EB9 c:\windows\ie7updates\KB933566-IE7\wininet.dll
[-] 2007-04-25 08:41 822784 0586A7F0B2FDB94D624F399D4728E7C8 c:\windows\ie7updates\KB937143-IE7\wininet.dll
[-] 2007-06-27 14:34 823808 8068CBB58FE60CC95AEB2CFF70178208 c:\windows\ie7updates\KB939653-IE7\wininet.dll
[-] 2007-08-20 10:04 824832 774435E499D8E9643EC961A6103C361F c:\windows\ie7updates\KB942615-IE7\wininet.dll
[-] 2007-10-10 23:56 824832 30C1E0F34AD2972C72A01DB5C74AB065 c:\windows\ie7updates\KB944533-IE7\wininet.dll
[-] 2007-12-07 02:21 824832 806D274C9A6C3AAEA5EAE8E4AF841E04 c:\windows\ie7updates\KB947864-IE7\wininet.dll
[-] 2008-03-01 13:06 826368 AD21461AEF8244EDEC2EF18E55E1DCF3 c:\windows\ie7updates\KB950759-IE7\wininet.dll
[-] 2008-04-23 04:16 826368 F6589BE784647CFDBC22EA51CCB1A57A c:\windows\system32\wininet.dll

[-] 2005-05-25 19:07 359936 63FDFEA54EB53DE2D863EE454937CE1E c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
[-] 2006-01-13 17:07 360448 5562CC0A47B2AEF06D3417B733F3C195 c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[-] 2006-04-20 12:18 360576 B2220C618B42A2212A59D91EBD6FC4B4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2007-10-30 16:53 360832 64798ECFA43D78C7178375FCDD16D8C8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[-] 2008-06-20 10:44 360960 744E57C99232201AE98C49168B918F48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[-] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[-] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2004-08-04 08:00 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\$NtUninstallKB893066$\tcpip.sys
[-] 2005-05-25 19:04 359808 88763A98A4C26C409741B4AA162720C9 c:\windows\$NtUninstallKB913446$\tcpip.sys
[-] 2006-01-13 02:28 359808 583E063FDC888CA30D05C2724B0D7EF4 c:\windows\$NtUninstallKB917953$\tcpip.sys
[-] 2006-04-20 11:51 359808 1DBF125862891817F374F407626967F4 c:\windows\$NtUninstallKB941644$\tcpip.sys
[-] 2007-10-30 17:20 360064 90CAFF4B094573449A0872A0F919B178 c:\windows\$NtUninstallKB951748$\tcpip.sys
[-] 2008-06-20 10:45 360320 2A5554FC5B1E04E131230E3CE035C3F9 c:\windows\system32\drivers\tcpip.sys

[-] 2004-08-04 08:00 502272 01C3346C241652F43AED8E2149881BFE c:\windows\system32\winlogon.exe

[-] 2004-08-04 08:00 182912 558635D3AF1C7546D26067D5D9B6959E c:\windows\system32\drivers\ndis.sys

[-] 2004-08-04 08:00 29056 4448006B6BC60E6C027932CFC38D6855 c:\windows\system32\drivers\ip6fw.sys

[-] 2005-03-02 00:36 2056832 D8ABA3EAB509627E707A3B14F00FBB6B c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
[-] 2004-08-04 08:00 2056832 947FB1D86D14AFCFFDB54BF837EC25D0 c:\windows\$NtUninstallKB890859$\ntkrnlpa.exe
[-] 2005-03-02 00:34 2056832 81013F36B21C7F72CF784CC6731E0002 c:\windows\$NtUninstallKB929338$\ntkrnlpa.exe
[-] 2006-12-19 16:12 2059392 BA4B97C00A437C1CC3DA365D93EE1E9D c:\windows\$NtUninstallKB931784$\ntkrnlpa.exe
[-] 2007-02-28 09:15 2059392 4D3DBDCCBF97F5BA1E74F322B155C3BA c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2007-02-28 09:15 2059392 4D3DBDCCBF97F5BA1E74F322B155C3BA c:\windows\system32\ntkrnlpa.exe

[-] 2005-03-02 01:04 2179456 28187802B7C368C0D3AEF7D4C382AABB c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
[-] 2004-08-04 08:00 2180992 CE218BC7088681FAA06633E218596CA7 c:\windows\$NtUninstallKB890859$\ntoskrnl.exe
[-] 2005-03-02 00:59 2179328 4D4CF2C14550A4B7718E94A6E581856E c:\windows\$NtUninstallKB929338$\ntoskrnl.exe
[-] 2006-12-19 16:51 2182016 CEF243F6DEFD20BE4ADDE26C7ECACB54 c:\windows\$NtUninstallKB931784$\ntoskrnl.exe
[-] 2007-02-28 09:55 2182144 5A5C8DB4AA962C714C8371FBDF189FC9 c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2007-02-28 09:55 2182144 5A5C8DB4AA962C714C8371FBDF189FC9 c:\windows\system32\ntoskrnl.exe

[-] 2007-06-13 10:23 1033216 97BD6515465659FF8F3B7BE375B2EA87 c:\windows\explorer.exe
[-] 2007-06-13 11:26 1033216 7712DF0CDDE3A5AC89843E61CD5B3658 c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2004-08-04 08:00 1032192 A0732187050030AE399B241436565E64 c:\windows\$NtUninstallKB938828$\explorer.exe

[-] 2004-08-04 08:00 108032 C6CE6EEC82F187615D1002BB3BB50ED4 c:\windows\system32\services.exe

[-] 2004-08-04 08:00 13312 84885F9B82F4D55C6146EBF6065D75D2 c:\windows\system32\lsass.exe

[-] 2004-08-04 08:00 15360 24232996A38C0B0CF151C2140AE29FC8 c:\windows\system32\ctfmon.exe

[-] 2005-06-11 00:17 57856 AD3D9D191AEA7B5445FE1D82FFBB4788 c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2004-08-04 08:00 57856 7435B108B935E42EA92CA94F59C8E717 c:\windows\$NtUninstallKB896423$\spoolsv.exe
[-] 2005-06-10 23:53 57856 DA81EC57ACD4CDC3D4C51CF3D409AF9F c:\windows\system32\spoolsv.exe

[-] 2004-08-04 08:00 24576 39B1FFB03C2296323832ACBAE50D2AFF c:\windows\system32\userinit.exe

[-] 2004-08-04 08:00 295424 B60C877D16D9C880B952FDA04ADF16E6 c:\windows\system32\termsrv.dll

[-] 2006-07-05 10:57 985088 0FDD84928A5DDE2510761B7EC76CCEC9 c:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll
[-] 2007-04-16 16:07 986112 09F7CB3687F86EDAA4CA081F7AB66C03 c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll
[-] 2004-08-04 08:00 983552 888190E31455FAD793312F8D087146EB c:\windows\$NtUninstallKB917422$\kernel32.dll
[-] 2006-07-05 10:55 984064 D8DB5397DE07577C1CB50BA6D23B3AD4 c:\windows\$NtUninstallKB935839$\kernel32.dll
[-] 2007-04-16 15:52 984576 A01F9CA902A88F7CED06884174D6419D c:\windows\system32\kernel32.dll

[-] 2004-08-04 08:00 17408 1B5F6923ABB450692E9FE0672C897AED c:\windows\system32\powrprof.dll

[-] 2004-08-04 08:00 110080 87CA7CE6469577F059297B9D6556D66D c:\windows\system32\imm32.dll


[-] 2005-05-02 20:57 3014144 DCC5C79B99F02EEF8C826B074DBFC222 c:\windows\$hf_mig$\KB883939\SP2QFE\mshtml.dll
[-] 2006-03-23 20:31 3055616 ABCD123F888E4E97C8751378CCCC4F26 c:\windows\$hf_mig$\KB912812\SP2QFE\mshtml.dll
[-] 2006-05-19 15:06 3055104 8687E029BE63C77D4919485068C54D77 c:\windows\$hf_mig$\KB916281\SP2QFE\mshtml.dll
[-] 2006-07-28 11:30 3058176 D251679BD9EF0250201FB899EC40FD32 c:\windows\$hf_mig$\KB918899\SP2QFE\mshtml.dll
[-] 2006-09-14 08:31 3058688 CEFEA1C301139A817931BE132F0359FE c:\windows\$hf_mig$\KB922760\SP2QFE\mshtml.dll
[-] 2007-03-07 18:40 3582976 DA297A862E5F093A07D37C05F608C686 c:\windows\$hf_mig$\KB931768-IE7\SP2QFE\mshtml.dll
[-] 2007-05-08 09:25 3584000 1D4E3B86C601A2497C99790CC4D7DF26 c:\windows\$hf_mig$\KB933566-IE7\SP2QFE\mshtml.dll
[-] 2007-07-18 21:09 3584000 7CE243CFD47AD0DC431586CB8C542A11 c:\windows\$hf_mig$\KB937143-IE7\SP2QFE\mshtml.dll
[-] 2007-08-20 10:02 3592192 AA8A4BD78D24FCDB96DDAEE3756AA372 c:\windows\$hf_mig$\KB939653-IE7\SP2QFE\mshtml.dll
[-] 2007-10-30 23:48 3593216 54D8B404F17AA74C666F7F3AEF2AE459 c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\mshtml.dll
[-] 2007-12-07 02:01 3593216 976C46ED4A75FC66D9C596778898CE1E c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\mshtml.dll
[-] 2008-03-01 13:03 3593216 4EE273E2B09317C1217EF0DB91F93534 c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\mshtml.dll
[-] 2008-04-23 03:35 3593728 4D612FF5D3B7EEF200595AE6F95D5E68 c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\mshtml.dll
[-] 2004-08-04 08:00 3003392 376E0843B2356CA91CEC8D9837A56FF7 c:\windows\$NtUninstallKB883939$\mshtml.dll
[-] 2005-05-02 21:52 3012608 DCFAC5470EE0A159EC4222BC28AE3EE6 c:\windows\$NtUninstallKB912812$\mshtml.dll
[-] 2006-03-23 20:32 3053568 DEAA438EA31095E14A196FF647E38D13 c:\windows\$NtUninstallKB916281$\mshtml.dll
[-] 2006-05-19 15:08 3052544 284CE76B71DD5260B42A3CCF0135AF67 c:\windows\$NtUninstallKB918899$\mshtml.dll
[-] 2006-07-28 11:28 3054080 C7074DA3D8F8C0F6C03874BA0B05069C c:\windows\$NtUninstallKB922760$\mshtml.dll
[-] 2006-09-14 08:39 3054592 BE45460D1453B7342E01EAE79BFBC681 c:\windows\ie7\mshtml.dll
[-] 2006-11-08 05:03 3577856 CBF04597F9CF7739E572276A2698FDD3 c:\windows\ie7updates\KB928090-IE7\mshtml.dll
[-] 2007-01-12 17:27 3580416 5D45318804A30CE9D6EA83066E84B4A7 c:\windows\ie7updates\KB931768-IE7\mshtml.dll
[-] 2007-03-07 17:45 3581952 190E1AE9B973049B12A67BAD478C770C c:\windows\ie7updates\KB933566-IE7\mshtml.dll
[-] 2007-05-08 09:24 3583488 5D90A7200F72DACE663EE78DE234FCC7 c:\windows\ie7updates\KB937143-IE7\mshtml.dll
[-] 2007-07-19 06:59 3583488 BD609A26B683332A0E0E1445C5724851 c:\windows\ie7updates\KB939653-IE7\mshtml.dll
[-] 2007-08-20 10:04 3584512 E267EE248CDA7667C19001C069DE867B c:\windows\ie7updates\KB942615-IE7\mshtml.dll
[-] 2007-10-30 23:42 3590656 8AB7ECF59D6EBBE986277B65ED4A40A1 c:\windows\ie7updates\KB944533-IE7\mshtml.dll
[-] 2007-12-08 05:21 3592192 A097C36412455F0C7E42377FAF8809B7 c:\windows\ie7updates\KB947864-IE7\mshtml.dll
[-] 2008-03-02 01:36 3591680 AB2C88167D78D71D93558ACECB24CC7A c:\windows\ie7updates\KB950759-IE7\mshtml.dll
[-] 2008-04-24 05:16 3591680 8976CAB317105F7431B08EA32AB73C65 c:\windows\system32\mshtml.dll

[-] 2004-08-04 05:58 24576 EBDEE8A2EE5393890A1ACEE971C4C246 c:\windows\system32\drivers\kbdclass.sys
[-] 2004-08-04 05:58 24576 EBDEE8A2EE5393890A1ACEE971C4C246 c:\windows\system32\ReinstallBackups\0008\DriverFiles\i386\kbdclass.sys

[-] 2004-08-04 08:00 792064 6728270CB7DBB776ED086F5AC4C82310 c:\windows\system32\comres.dll

[-] 2004-08-04 08:00 22016 74D66B3DE265E8789153414E75175F26 c:\windows\system32\lpk.dll


[-] 2004-08-04 08:00 2944 73C1E1F395918BC2C6DD67AF7591A3AD c:\windows\system32\drivers\null.sys

[-] 2006-02-15 00:30 142464 1EE7B434BA961EF845DE136224C30FEC c:\windows\$hf_mig$\KB900485\SP2QFE\aec.sys
[-] 2004-08-04 06:39 142464 841F385C6CFAF66B58FBD898722BB4F0 c:\windows\$NtUninstallKB900485$\aec.sys
[-] 2006-02-15 00:22 142464 1EE7B434BA961EF845DE136224C30FEC c:\windows\Driver Cache\i386\aec.sys
[-] 2006-02-15 00:22 142464 1EE7B434BA961EF845DE136224C30FEC c:\windows\system32\drivers\aec.sys

[-] 2004-08-04 08:00 924432 DDF8D47ACF8FC3FE5F7F2B95C4D4D136 c:\windows\$NtUninstallKB924667$\mfc40u.dll
[-] 2006-11-01 19:17 927504 925F8B61ED301A317BA850EBEECBDAA0 c:\windows\system32\mfc40u.dll

[-] 2005-01-14 05:07 395776 94456045BEB4545B5EBE1DCC85951AFA c:\windows\$hf_mig$\KB873333\SP2QFE\rpcss.dll
[-] 2005-04-28 19:35 396288 DA383FB39A6F1C445F3AFC94B3EB1248 c:\windows\$hf_mig$\KB894391\SP2QFE\rpcss.dll
[-] 2005-07-26 04:20 398336 C369DF215D352B6F3A0B8C3469AA34F8 c:\windows\$hf_mig$\KB902400\SP2QFE\rpcss.dll
[-] 2004-08-04 08:00 395776 5C83A4408604F737717AB96371201680 c:\windows\$NtUninstallKB873333$\rpcss.dll
[-] 2005-01-14 08:55 395776 419899803CA479B73B02390318C787C0 c:\windows\$NtUninstallKB894391$\rpcss.dll
[-] 2005-04-28 19:31 395776 C8061F289E000703E7672916B7FE1571 c:\windows\$NtUninstallKB902400$\rpcss.dll
[-] 2005-07-26 04:39 397824 CE94A2BD25E3E9F4D46A7373FF455C6D c:\windows\system32\rpcss.dll

[-] 2004-08-04 08:00 33792 95FD808E4AC22ABA025A7B3EAC0375D2 c:\windows\system32\msgsvc.dll

[-] 2004-08-04 08:00 611328 A77DFB85FAEE49D66C74DA6024EBC69B c:\windows\$NtUninstallKB923191$\comctl32.dll
[-] 2006-08-25 15:45 617472 B0124CB21D28B1C9F678B566B6B57D92 c:\windows\system32\comctl32.dll
[-] 2004-08-04 08:00 921088 AEF3D788DBF40C7C4D204EA45EB0C505 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[-] 2004-08-04 08:00 1050624 5AF68A5E44734A082442668E9C787743 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
[-] 2006-08-25 15:45 1054208 C4E80875C1CF1222FC5EFD0314AE5C01 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

[-] 2004-08-04 08:00 11648 9859C0F6936E723E4892D7141B1327D5 c:\windows\system32\drivers\acpiec.sys

[-] 2004-08-04 08:00 5120 E8A12A12EA9088B4327D49EDCA3ADD3E c:\windows\system32\sfc.dll

[-] 2004-08-04 08:00 407040 96353FCECBA774BB8DA74A1C6507015A c:\windows\system32\netlogon.dll

[-] 2004-08-04 08:00 382464 2C69EC7E5A311334D10DD95F338FCCEA c:\windows\system32\qmgr.dll

[-] 2004-08-04 08:00 14336 02000ABF34AF4C218C35D257024807D6 c:\windows\system32\drivers\asyncmac.sys

[-] 2007-02-09 11:23 574976 05AB81909514BFD69CBB1F2C147CF6B9 c:\windows\$hf_mig$\KB930916\SP2QFE\ntfs.sys
[-] 2004-08-04 08:00 574592 B78BE402C3F63DD55521F73876951CDD c:\windows\$NtUninstallKB930916$\ntfs.sys
[-] 2007-02-09 11:10 574464 19A811EF5F1ED5C926A028CE107FF1AF c:\windows\system32\drivers\ntfs.sys

[-] 2004-08-04 08:00 170496 92BDF74F12D6CBEC43C94D4B7F804838 c:\windows\$NtUninstallKB888402$\srsvc.dll
[-] 2004-11-17 23:25 171008 902CF9595F640E53F33C0F1637F464F9 c:\windows\system32\srsvc.dll

[-] 2004-08-04 08:00 13824 49911DD39E023BB6C45E4E436CFBD297 c:\windows\system32\wscntfy.exe

[-] 2004-08-04 08:00 435200 B62F29C00AC55A761B2E45877D85EA0F c:\windows\system32\ntmssvc.dll

[-] 2004-08-04 08:00 89088 44DB7A9BDD2FB58747D123FBF1D35ADB c:\windows\system32\rasauto.dll

[-] 2004-08-04 08:00 1580544 30A609E00BD1D4FFC49D6B5A432BE7F2 c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cdloader"="c:\documents and settings\TENMEG\Application Data\mjusbsp\cdloader2.exe" [2009-04-10 50520]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-09-28 344064]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-19 729178]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-08-01 233534]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-12-11 286720]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-12-11 267048]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2008-04-11 1085440]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-12-04 185896]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
VZAccess Manager.lnk - c:\program files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe [2008-3-30 1738032]

c:\documents and settings\user\Start Menu\Programs\Startup\
HotSync Manager.lnk - c:\program files\Palm\HOTSYNC.EXE [2002-8-9 299008]
VZAccess Manager.lnk - c:\program files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe [2008-3-30 1738032]

c:\documents and settings\User.2WIRE200\Start Menu\Programs\Startup\
VZAccess Manager.lnk - c:\program files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe [2008-3-30 1738032]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2006-8-5 450560]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /p \??\c:\0sdearlydelete\0autocheck autochk *

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPod Service"=3 (0x3)
"IDriverT"=2 (0x2)
"CryptSvc"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Adobe\\Photoshop 5.0\\Photoshp.exe"=
"c:\\Program Files\\Visicom Media\\AceFTP 3 Freeware\\aceftp3free.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\TENMEG\\Application Data\\mjusbsp\\magicJack.exe"=

R3 cmuda2;C-Media USB Audio Interface;c:\windows\system32\drivers\cmuda2.sys [2004-01-05 705536]
R3 lgatbus;LG USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\lgatbus.sys [2005-06-14 43024]
R3 lgatmdm;LG CDMA USB Modem Drivers;c:\windows\system32\DRIVERS\lgatmdm.sys [2005-06-14 77104]
R3 lgatserd;LG CDMA USB Modem Diagnostic Serial Port Drivers (WDM);c:\windows\system32\DRIVERS\lgatserd.sys [2005-06-14 60816]
R3 RTCore32;RTCore32;c:\program files\RightMark Memory Analyzer\RTCore32.sys [x]
R3 uts_bus;UTStarcom USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\uts_bus.sys [2007-12-05 84352]
R3 uts_mdfl;UTStarcom USB Modem Filter;c:\windows\system32\DRIVERS\uts_mdfl.sys [2007-12-05 14976]
R3 uts_mdm;UTStarcom USB Modem Drivers;c:\windows\system32\DRIVERS\uts_mdm.sys [2007-12-05 110848]
R3 uts_serd;UTStarcom USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\uts_serd.sys [2007-12-05 90880]
S3 HSFHWATI;HSFHWATI;c:\windows\system32\DRIVERS\HSFHWATI.sys [2005-08-22 231424]

.
Contents of the 'Scheduled Tasks' folder

2008-07-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 22:57]

2008-08-05 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2008-04-21 21:21]

2008-07-24 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2008-04-21 21:21]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://hp-laptop.aol.com/
mWindow Title = Microsoft Internet Explorer
uInternet Connection Wizard,ShellNext = hxxp://www.personalfirewall.comodo.com/ ... CF6FF3F27F
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
Trusted Zone: turbotax.com
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-03 22:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe???????????????|?P???? ???B?????????????hLC? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-986089347-3572095111-2355310880-1007\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9BF370D9-6452-42F3-7346-90DC10C441BA}*]
"iaogpmbcgnehhamfko"=hex:6b,61,6b,6c,63,65,6c,70,70,68,6e,67,65,65,65,6c,6f,70,
64,67,67,69,00,00
"haigjkomffndeefd"=hex:6b,61,6b,6c,63,65,6c,70,70,68,6e,67,65,65,65,6c,6f,70,
64,67,67,69,00,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(668)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(1236)
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\scardsvr.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\locator.exe
c:\program files\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files\Brother\Brmfcmon\BrMfcMon.exe
c:\program files\Common Files\Logitech\KHAL\KHALMNPR.EXE
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-08-04 22:18 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-04 05:18
ComboFix2.txt 2009-08-02 18:03

Pre-Run: 8,927,240,192 bytes free
Post-Run: 8,982,437,888 bytes free

360 --- E O F --- 2008-08-05 00:51

=================================================================================

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:25:25 PM, on 8/3/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hp-laptop.aol.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.personalfirewall.comodo.com/ ... CF6FF3F27F
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\TENMEG\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-986089347-3572095111-2355310880-1007\..\Run: [cdloader] "C:\Documents and Settings\TENMEG\Application Data\mjusbsp\cdloader2.exe" MAGICJACK (User '?')
O4 - HKUS\S-1-5-21-986089347-3572095111-2355310880-1007\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=pavilion&pf=laptop
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} -
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/house ... hcImpl.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se1140.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 9970259671
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 9971399281
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/s ... DEXAXO.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

--
End of file - 7402 bytes
tenmeg
Regular Member
 
Posts: 63
Joined: July 27th, 2009, 7:49 pm

Re: Redirected Google web searches + Random Pop Ups

Unread postby Bio-Hazard » August 5th, 2009, 7:51 am

Hello!

Do you have Comodo still installed? Did you have Spybot isntalled aswell ar some point?

I need you to delete the copy of Combofix and re-download it to your desktop. Please run it again and post the log for me to see.
User avatar
Bio-Hazard
MRU Master Emeritus
 
Posts: 4078
Joined: May 10th, 2007, 8:28 am
Location: Cornwall, UK

Re: Redirected Google web searches + Random Pop Ups

Unread postby tenmeg » August 5th, 2009, 3:58 pm

Hi - When I first downloaded ComboFix and saved it to my DeskTop it would not run? I downloaded it to a C: drive file and was able to run it from that entry. I have since deleted that version and reloaded a new copy of ComboFix to my DeskTop. The current log file below was ran from my DeskTop.

I'm not aware or remember ever downloading COMODO. I see that in the header of ComboFix it is enabled. I ran a C: drive file search for COMODO and could not find it listed. I looked in Control Panel's Add/Remove and it's not listed there either. I ran a RegEdit search and found several entries for COMODO there. The heading "Legacy" could not be found under a general C: Drive search. I found COMODO listed in the Registry under the following but unsure how to handle these entries:

HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\ACMru\5603
HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\ACMru\5604
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_CMDAGENT\0000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_CMDGUARD\0000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_CMDHLP\0000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_CMDMON\0000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Enum\Root\LEGACY_INSPECT\0000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_CMDAGENT\0000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_CMDGUARD\0000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_CMDHLP\0000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_CMDMON\0000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Enum\Root\LEGACY_INSPECT\0000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet005\Enum\Root\LEGACY_CMDAGENT\0000

===========================================================================================

ComboFix 09-08-03.04 - TENMEG 08/05/2009 10:25.3.1 - NTFSx86
Running from: c:\documents and settings\TENMEG\Desktop\ComboFix.exe
FW: COMODO Firewall Pro *enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.

((((((((((((((((((((((((( Files Created from 2009-07-05 to 2009-08-05 )))))))))))))))))))))))))))))))
.

2009-08-02 19:05 . 2009-08-02 19:05 -------- dc----w- c:\documents and settings\TENMEG\Application Data\AVG8
2009-08-02 19:04 . 2009-08-02 19:04 848656 -c--a-w- C:\avg_avwt_stb_all_8_32.exe
2009-08-02 03:34 . 2009-08-04 23:46 -------- dc----w- C:\malware2009
2009-07-28 01:51 . 2009-07-30 21:18 -------- dc----w- C:\HiJack2009
2009-07-28 00:44 . 2009-08-04 23:37 268435456 --sha-w- c:\windows\system32\temppf.sys
2009-07-27 21:48 . 2009-08-02 18:53 -------- dc----w- C:\SpreadSheet
2009-07-27 21:44 . 2009-07-27 21:44 -------- dc----w- c:\documents and settings\TENMEG\Application Data\licenses
2009-07-27 21:44 . 2009-07-27 21:46 -------- dc----w- c:\documents and settings\TENMEG\Application Data\PCMM2009
2009-07-27 05:12 . 2009-04-10 13:58 6327408 -c-ha-w- c:\documents and settings\TENMEG\Application Data\mjusbsp\in00000\setup.exe
2009-07-27 05:12 . 2009-04-10 13:55 725296 -c-ha-w- c:\documents and settings\TENMEG\Application Data\mjusbsp\ar00000\install.exe
2009-07-27 05:12 . 2008-02-29 12:42 386496 -c--a-w- c:\documents and settings\TENMEG\Application Data\mjusbsp\ar00000\magicJackSplash.exe
2009-07-27 01:20 . 2009-07-27 01:22 -------- dc----w- c:\program files\Microsoft Windows OneCare Live
2009-07-26 20:55 . 2009-07-27 01:27 -------- dc----w- c:\program files\Windows Live Safety Center
2009-07-26 19:56 . 2009-07-26 19:56 78112 -c--a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-07-26 19:56 . 2009-07-26 19:56 -------- dc----w- c:\documents and settings\Administrator\Application Data\muvee Technologies
2009-07-26 19:40 . 2009-07-26 19:40 16409960 -c--a-w- c:\program files\ypsybotsd162.exe
2009-07-26 18:30 . 2009-07-26 18:30 1460840 -c--a-w- c:\program files\HousecallLauncher.exe
2009-07-26 18:21 . 2009-07-26 18:21 -------- dc----w- c:\documents and settings\TENMEG\.housecall6.6
2009-07-25 18:55 . 2009-07-25 18:55 -------- dc----w- c:\program files\Downloaded Installers
2009-07-25 04:01 . 2009-07-25 04:21 -------- dc----w- C:\MediaPlayer
2009-07-25 00:25 . 2009-07-25 00:25 25740144 -c--a-w- C:\wmp11-windowsxp-x86-enu.exe
2009-07-17 22:52 . 2009-07-17 22:53 -------- dc----w- C:\Trailers Silver
2009-07-15 15:28 . 2009-07-17 17:46 -------- dc----w- C:\DirectTV
2009-07-12 19:12 . 2009-07-12 19:13 -------- dc----w- C:\MootorHomes
2009-07-09 15:05 . 2009-07-09 15:06 -------- dc----w- C:\Home Projects

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-02 20:13 . 2008-09-26 03:56 -------- dc----w- c:\documents and settings\TENMEG\Application Data\SiteClasses
2009-08-02 20:13 . 2008-09-26 03:56 -------- dc----w- c:\documents and settings\TENMEG\Application Data\Sites
2009-08-02 18:10 . 2008-08-09 19:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-02 18:10 . 2008-11-15 19:24 3775175 -c--a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-08-02 17:21 . 2006-01-21 02:44 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-02 04:14 . 2006-10-24 18:32 -------- d-----w- c:\program files\WinAce
2009-07-30 21:10 . 2009-04-08 16:50 -------- dc----w- c:\documents and settings\All Users\Application Data\NOS
2009-07-30 21:10 . 2009-04-08 16:50 -------- dc----w- c:\program files\NOS
2009-07-27 05:13 . 2008-08-11 05:28 -------- dc----w- c:\documents and settings\TENMEG\Application Data\mjusbsp
2009-07-27 00:56 . 2008-11-12 20:40 -------- dc----w- c:\documents and settings\All Users\Application Data\qnahadqf
2009-07-27 00:56 . 2008-11-12 20:40 -------- dc----w- c:\documents and settings\All Users\Application Data\mjizavcl
2009-07-26 20:40 . 2008-08-27 04:59 -------- dc----w- c:\documents and settings\All Users\Application Data\Downloaded Installations
2009-07-26 20:38 . 2009-07-30 23:43 8530 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Personal_32_1033.dat
2009-07-13 20:36 . 2008-08-09 19:08 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 20:36 . 2008-08-09 19:08 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-07-12 19:13 . 2008-08-17 16:30 2438 -c--a-w- c:\documents and settings\TENMEG\Application Data\wklnhst.dat
2009-06-26 03:56 . 2008-08-17 16:25 -------- dc----w- c:\documents and settings\TENMEG\Application Data\Intuit
2009-06-24 17:12 . 2008-12-04 22:09 65823 -c--a-w- c:\documents and settings\TENMEG\Application Data\magicJackOutlookAddIn\magicJackOutlookAddInUninst.exe
2008-09-05 04:35 . 2008-09-05 04:36 785920 -c--a-w- c:\program files\HP Product Detection.msi
2008-09-05 04:35 . 2008-09-05 04:36 3584 -c--a-w- c:\program files\1033.MST
2008-08-20 00:28 . 2008-08-20 00:28 461 -c--a-w- c:\program files\Shortcut to iTunes.lnk
2008-06-26 22:22 . 2008-06-26 22:22 812344 -c--a-w- c:\program files\HJTInstall.exe
2006-03-09 21:32 . 2006-03-09 21:32 3752 -c--a-w- c:\program files\SP32338.CVA
2006-02-21 08:12 . 2006-02-21 08:12 11085 -c--a-w- c:\program files\cpl309bk.cat
2006-02-06 21:02 . 2006-02-06 21:02 32572 -c--a-w- c:\program files\cpl309bk.inf
2006-01-26 07:53 . 2006-01-26 07:53 472 -c--a-w- c:\program files\cpl309bk.ini
2005-08-22 22:07 . 2005-08-22 22:07 1035008 -c--a-w- c:\program files\HSF_DPV.sys
2005-08-22 21:06 . 2005-08-22 21:06 231424 -c--a-w- c:\program files\HSFHWATI.sys
2005-08-22 21:06 . 2005-08-22 21:06 718464 -c--a-w- c:\program files\HSF_CNXT.sys
2005-08-18 17:13 . 2005-08-18 17:13 133528 -c--a-w- c:\program files\HSFProf.cty
2005-08-12 20:01 . 2005-08-12 20:01 577536 -c--a-w- c:\program files\HXFSetup.exe
2005-06-20 14:57 . 2005-06-20 14:57 110592 -c--a-w- c:\program files\uci32100.dll
2004-03-17 16:04 . 2004-03-17 16:04 13059 -c--a-w- c:\program files\MDMXSDK.sys
2004-03-17 16:00 . 2004-03-17 16:00 86016 -c--a-w- c:\program files\MdmXSdk.dll
2002-02-04 20:39 . 2002-02-04 20:39 23 -c--a-w- c:\program files\disk1
2005-07-14 19:31 . 2006-05-24 17:37 27648 --sha-w- c:\windows\system32\AVSredirect.dll
.

------- Sigcheck -------

[-] 2004-08-04 08:00 14336 8F078AE4ED187AAABC0A305146DE6716 c:\windows\system32\svchost.exe

[-] 2005-03-02 18:19 577024 1800F293BCCC8EDE8A70E12B88D80036 c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[-] 2007-03-08 15:48 578048 7AA4F6C00405DFC4B70ED4214E7D687B c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 2004-08-04 08:00 577024 C72661F8552ACE7C5C85E16A3CF505C4 c:\windows\$NtUninstallKB890859$\user32.dll
[-] 2005-03-02 18:09 577024 DE2DB164BBB35DB061AF0997E4499054 c:\windows\$NtUninstallKB925902$\user32.dll
[-] 2007-03-08 15:36 577536 B409909F6E2E8A7067076ED748ABF1E7 c:\windows\system32\user32.dll
[-] 2008-12-08 20:16 577536 B409909F6E2E8A7067076ED748ABF1E7 c:\windows\system32\dllcache\user32.dll

[-] 2004-08-04 08:00 82944 2ED0B7F12A60F90092081C50FA0EC2B2 c:\windows\system32\ws2_32.dll

[-] 2005-05-02 20:57 658944 E1E18136F9DD3DF1AD9C82193A5898A6 c:\windows\$hf_mig$\KB883939\SP2QFE\wininet.dll
[-] 2006-03-04 03:58 663552 C0845ECBF4F9164E618EE381B79C9032 c:\windows\$hf_mig$\KB912812\SP2QFE\wininet.dll
[-] 2006-05-10 05:25 663552 D94CFFDB53E7AC867438E2DFD50E7CBC c:\windows\$hf_mig$\KB916281\SP2QFE\wininet.dll
[-] 2006-06-23 11:25 664576 64CE26DB72810B30F7855EA51E1DF836 c:\windows\$hf_mig$\KB918899\SP2QFE\wininet.dll
[-] 2006-09-14 08:31 664576 D207370287CF769AEBEBF03837784963 c:\windows\$hf_mig$\KB922760\SP2QFE\wininet.dll
[-] 2007-03-07 17:40 823296 B8F4DB39CA7353752F245379D285C80E c:\windows\$hf_mig$\KB931768-IE7\SP2QFE\wininet.dll
[-] 2007-04-25 09:08 823808 431DEFBB4A3D7B0DC062C1B064623A2F c:\windows\$hf_mig$\KB933566-IE7\SP2QFE\wininet.dll
[-] 2007-06-27 14:40 824320 D6ED5E042C5207553E7F5E842918137F c:\windows\$hf_mig$\KB937143-IE7\SP2QFE\wininet.dll
[-] 2007-08-20 10:02 825344 357D54BF94FE9D6D8505A96B5C2A3BCA c:\windows\$hf_mig$\KB939653-IE7\SP2QFE\wininet.dll
[-] 2007-10-10 23:47 825344 0E5D918F87EFA7D2424D66B499C7EB04 c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\wininet.dll
[-] 2007-12-07 02:01 825344 B5B411BB229AE6EAD7652A32ED47BFB9 c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\wininet.dll
[-] 2008-03-01 13:03 827392 6316C2F0C61271C8ABDFF7429174879E c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\wininet.dll
[-] 2008-04-23 03:35 827392 41546B396A526918DA7995A02EA04E51 c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\wininet.dll
[-] 2004-08-04 08:00 656384 C0823FC5469663BA63E7DB88F9919D70 c:\windows\$NtUninstallKB883939$\wininet.dll
[-] 2005-05-02 20:52 657920 1A078AF3F85D10BA56444C23B3A18E74 c:\windows\$NtUninstallKB912812$\wininet.dll
[-] 2006-03-04 03:33 658432 1C0979C7A489BEE573CD0BF4AD94BB06 c:\windows\$NtUninstallKB916281$\wininet.dll
[-] 2006-05-10 05:23 658432 38AB7A56F566D9AAAD31812494944824 c:\windows\$NtUninstallKB918899$\wininet.dll
[-] 2006-06-23 11:02 658944 2B4DB890936430C71419037039502752 c:\windows\$NtUninstallKB922760$\wininet.dll
[-] 2006-09-14 08:39 658944 621AF3F6174A3F60677F5230E28BCC07 c:\windows\ie7\wininet.dll
[-] 2006-11-08 05:03 818688 92995334F993E6E49C25C6D02EC04401 c:\windows\ie7updates\KB928090-IE7\wininet.dll
[-] 2007-01-12 17:27 822784 BE43D00D802C92F01C8CC952C6F483F8 c:\windows\ie7updates\KB931768-IE7\wininet.dll
[-] 2007-03-07 17:45 822784 5B35DAE6E4886F64D1DA58C4E3E01EB9 c:\windows\ie7updates\KB933566-IE7\wininet.dll
[-] 2007-04-25 08:41 822784 0586A7F0B2FDB94D624F399D4728E7C8 c:\windows\ie7updates\KB937143-IE7\wininet.dll
[-] 2007-06-27 14:34 823808 8068CBB58FE60CC95AEB2CFF70178208 c:\windows\ie7updates\KB939653-IE7\wininet.dll
[-] 2007-08-20 10:04 824832 774435E499D8E9643EC961A6103C361F c:\windows\ie7updates\KB942615-IE7\wininet.dll
[-] 2007-10-10 23:56 824832 30C1E0F34AD2972C72A01DB5C74AB065 c:\windows\ie7updates\KB944533-IE7\wininet.dll
[-] 2007-12-07 02:21 824832 806D274C9A6C3AAEA5EAE8E4AF841E04 c:\windows\ie7updates\KB947864-IE7\wininet.dll
[-] 2008-03-01 13:06 826368 AD21461AEF8244EDEC2EF18E55E1DCF3 c:\windows\ie7updates\KB950759-IE7\wininet.dll
[-] 2008-04-23 04:16 826368 F6589BE784647CFDBC22EA51CCB1A57A c:\windows\system32\wininet.dll

[-] 2005-05-25 19:07 359936 63FDFEA54EB53DE2D863EE454937CE1E c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
[-] 2006-01-13 17:07 360448 5562CC0A47B2AEF06D3417B733F3C195 c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[-] 2006-04-20 12:18 360576 B2220C618B42A2212A59D91EBD6FC4B4 c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2007-10-30 16:53 360832 64798ECFA43D78C7178375FCDD16D8C8 c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[-] 2008-06-20 10:44 360960 744E57C99232201AE98C49168B918F48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[-] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[-] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[-] 2004-08-04 08:00 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\$NtUninstallKB893066$\tcpip.sys
[-] 2005-05-25 19:04 359808 88763A98A4C26C409741B4AA162720C9 c:\windows\$NtUninstallKB913446$\tcpip.sys
[-] 2006-01-13 02:28 359808 583E063FDC888CA30D05C2724B0D7EF4 c:\windows\$NtUninstallKB917953$\tcpip.sys
[-] 2006-04-20 11:51 359808 1DBF125862891817F374F407626967F4 c:\windows\$NtUninstallKB941644$\tcpip.sys
[-] 2007-10-30 17:20 360064 90CAFF4B094573449A0872A0F919B178 c:\windows\$NtUninstallKB951748$\tcpip.sys
[-] 2008-06-20 10:45 360320 2A5554FC5B1E04E131230E3CE035C3F9 c:\windows\system32\drivers\tcpip.sys

[-] 2004-08-04 08:00 502272 01C3346C241652F43AED8E2149881BFE c:\windows\system32\winlogon.exe

[-] 2004-08-04 08:00 182912 558635D3AF1C7546D26067D5D9B6959E c:\windows\system32\drivers\ndis.sys

[-] 2004-08-04 08:00 29056 4448006B6BC60E6C027932CFC38D6855 c:\windows\system32\drivers\ip6fw.sys

[-] 2005-03-02 00:36 2056832 D8ABA3EAB509627E707A3B14F00FBB6B c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
[-] 2004-08-04 08:00 2056832 947FB1D86D14AFCFFDB54BF837EC25D0 c:\windows\$NtUninstallKB890859$\ntkrnlpa.exe
[-] 2005-03-02 00:34 2056832 81013F36B21C7F72CF784CC6731E0002 c:\windows\$NtUninstallKB929338$\ntkrnlpa.exe
[-] 2006-12-19 16:12 2059392 BA4B97C00A437C1CC3DA365D93EE1E9D c:\windows\$NtUninstallKB931784$\ntkrnlpa.exe
[-] 2007-02-28 09:15 2059392 4D3DBDCCBF97F5BA1E74F322B155C3BA c:\windows\Driver Cache\i386\ntkrnlpa.exe
[-] 2007-02-28 09:15 2059392 4D3DBDCCBF97F5BA1E74F322B155C3BA c:\windows\system32\ntkrnlpa.exe

[-] 2005-03-02 01:04 2179456 28187802B7C368C0D3AEF7D4C382AABB c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
[-] 2004-08-04 08:00 2180992 CE218BC7088681FAA06633E218596CA7 c:\windows\$NtUninstallKB890859$\ntoskrnl.exe
[-] 2005-03-02 00:59 2179328 4D4CF2C14550A4B7718E94A6E581856E c:\windows\$NtUninstallKB929338$\ntoskrnl.exe
[-] 2006-12-19 16:51 2182016 CEF243F6DEFD20BE4ADDE26C7ECACB54 c:\windows\$NtUninstallKB931784$\ntoskrnl.exe
[-] 2007-02-28 09:55 2182144 5A5C8DB4AA962C714C8371FBDF189FC9 c:\windows\Driver Cache\i386\ntoskrnl.exe
[-] 2007-02-28 09:55 2182144 5A5C8DB4AA962C714C8371FBDF189FC9 c:\windows\system32\ntoskrnl.exe

[-] 2007-06-13 10:23 1033216 97BD6515465659FF8F3B7BE375B2EA87 c:\windows\explorer.exe
[-] 2007-06-13 11:26 1033216 7712DF0CDDE3A5AC89843E61CD5B3658 c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] 2004-08-04 08:00 1032192 A0732187050030AE399B241436565E64 c:\windows\$NtUninstallKB938828$\explorer.exe

[-] 2004-08-04 08:00 108032 C6CE6EEC82F187615D1002BB3BB50ED4 c:\windows\system32\services.exe

[-] 2004-08-04 08:00 13312 84885F9B82F4D55C6146EBF6065D75D2 c:\windows\system32\lsass.exe

[-] 2004-08-04 08:00 15360 24232996A38C0B0CF151C2140AE29FC8 c:\windows\system32\ctfmon.exe

[-] 2005-06-11 00:17 57856 AD3D9D191AEA7B5445FE1D82FFBB4788 c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] 2004-08-04 08:00 57856 7435B108B935E42EA92CA94F59C8E717 c:\windows\$NtUninstallKB896423$\spoolsv.exe
[-] 2005-06-10 23:53 57856 DA81EC57ACD4CDC3D4C51CF3D409AF9F c:\windows\system32\spoolsv.exe

[-] 2004-08-04 08:00 24576 39B1FFB03C2296323832ACBAE50D2AFF c:\windows\system32\userinit.exe

[-] 2004-08-04 08:00 295424 B60C877D16D9C880B952FDA04ADF16E6 c:\windows\system32\termsrv.dll

[-] 2006-07-05 10:57 985088 0FDD84928A5DDE2510761B7EC76CCEC9 c:\windows\$hf_mig$\KB917422\SP2QFE\kernel32.dll
[-] 2007-04-16 16:07 986112 09F7CB3687F86EDAA4CA081F7AB66C03 c:\windows\$hf_mig$\KB935839\SP2QFE\kernel32.dll
[-] 2004-08-04 08:00 983552 888190E31455FAD793312F8D087146EB c:\windows\$NtUninstallKB917422$\kernel32.dll
[-] 2006-07-05 10:55 984064 D8DB5397DE07577C1CB50BA6D23B3AD4 c:\windows\$NtUninstallKB935839$\kernel32.dll
[-] 2007-04-16 15:52 984576 A01F9CA902A88F7CED06884174D6419D c:\windows\system32\kernel32.dll

[-] 2004-08-04 08:00 17408 1B5F6923ABB450692E9FE0672C897AED c:\windows\system32\powrprof.dll

[-] 2004-08-04 08:00 110080 87CA7CE6469577F059297B9D6556D66D c:\windows\system32\imm32.dll


[-] 2005-05-02 20:57 3014144 DCC5C79B99F02EEF8C826B074DBFC222 c:\windows\$hf_mig$\KB883939\SP2QFE\mshtml.dll
[-] 2006-03-23 20:31 3055616 ABCD123F888E4E97C8751378CCCC4F26 c:\windows\$hf_mig$\KB912812\SP2QFE\mshtml.dll
[-] 2006-05-19 15:06 3055104 8687E029BE63C77D4919485068C54D77 c:\windows\$hf_mig$\KB916281\SP2QFE\mshtml.dll
[-] 2006-07-28 11:30 3058176 D251679BD9EF0250201FB899EC40FD32 c:\windows\$hf_mig$\KB918899\SP2QFE\mshtml.dll
[-] 2006-09-14 08:31 3058688 CEFEA1C301139A817931BE132F0359FE c:\windows\$hf_mig$\KB922760\SP2QFE\mshtml.dll
[-] 2007-03-07 18:40 3582976 DA297A862E5F093A07D37C05F608C686 c:\windows\$hf_mig$\KB931768-IE7\SP2QFE\mshtml.dll
[-] 2007-05-08 09:25 3584000 1D4E3B86C601A2497C99790CC4D7DF26 c:\windows\$hf_mig$\KB933566-IE7\SP2QFE\mshtml.dll
[-] 2007-07-18 21:09 3584000 7CE243CFD47AD0DC431586CB8C542A11 c:\windows\$hf_mig$\KB937143-IE7\SP2QFE\mshtml.dll
[-] 2007-08-20 10:02 3592192 AA8A4BD78D24FCDB96DDAEE3756AA372 c:\windows\$hf_mig$\KB939653-IE7\SP2QFE\mshtml.dll
[-] 2007-10-30 23:48 3593216 54D8B404F17AA74C666F7F3AEF2AE459 c:\windows\$hf_mig$\KB942615-IE7\SP2QFE\mshtml.dll
[-] 2007-12-07 02:01 3593216 976C46ED4A75FC66D9C596778898CE1E c:\windows\$hf_mig$\KB944533-IE7\SP2QFE\mshtml.dll
[-] 2008-03-01 13:03 3593216 4EE273E2B09317C1217EF0DB91F93534 c:\windows\$hf_mig$\KB947864-IE7\SP2QFE\mshtml.dll
[-] 2008-04-23 03:35 3593728 4D612FF5D3B7EEF200595AE6F95D5E68 c:\windows\$hf_mig$\KB950759-IE7\SP2QFE\mshtml.dll
[-] 2004-08-04 08:00 3003392 376E0843B2356CA91CEC8D9837A56FF7 c:\windows\$NtUninstallKB883939$\mshtml.dll
[-] 2005-05-02 21:52 3012608 DCFAC5470EE0A159EC4222BC28AE3EE6 c:\windows\$NtUninstallKB912812$\mshtml.dll
[-] 2006-03-23 20:32 3053568 DEAA438EA31095E14A196FF647E38D13 c:\windows\$NtUninstallKB916281$\mshtml.dll
[-] 2006-05-19 15:08 3052544 284CE76B71DD5260B42A3CCF0135AF67 c:\windows\$NtUninstallKB918899$\mshtml.dll
[-] 2006-07-28 11:28 3054080 C7074DA3D8F8C0F6C03874BA0B05069C c:\windows\$NtUninstallKB922760$\mshtml.dll
[-] 2006-09-14 08:39 3054592 BE45460D1453B7342E01EAE79BFBC681 c:\windows\ie7\mshtml.dll
[-] 2006-11-08 05:03 3577856 CBF04597F9CF7739E572276A2698FDD3 c:\windows\ie7updates\KB928090-IE7\mshtml.dll
[-] 2007-01-12 17:27 3580416 5D45318804A30CE9D6EA83066E84B4A7 c:\windows\ie7updates\KB931768-IE7\mshtml.dll
[-] 2007-03-07 17:45 3581952 190E1AE9B973049B12A67BAD478C770C c:\windows\ie7updates\KB933566-IE7\mshtml.dll
[-] 2007-05-08 09:24 3583488 5D90A7200F72DACE663EE78DE234FCC7 c:\windows\ie7updates\KB937143-IE7\mshtml.dll
[-] 2007-07-19 06:59 3583488 BD609A26B683332A0E0E1445C5724851 c:\windows\ie7updates\KB939653-IE7\mshtml.dll
[-] 2007-08-20 10:04 3584512 E267EE248CDA7667C19001C069DE867B c:\windows\ie7updates\KB942615-IE7\mshtml.dll
[-] 2007-10-30 23:42 3590656 8AB7ECF59D6EBBE986277B65ED4A40A1 c:\windows\ie7updates\KB944533-IE7\mshtml.dll
[-] 2007-12-08 05:21 3592192 A097C36412455F0C7E42377FAF8809B7 c:\windows\ie7updates\KB947864-IE7\mshtml.dll
[-] 2008-03-02 01:36 3591680 AB2C88167D78D71D93558ACECB24CC7A c:\windows\ie7updates\KB950759-IE7\mshtml.dll
[-] 2008-04-24 05:16 3591680 8976CAB317105F7431B08EA32AB73C65 c:\windows\system32\mshtml.dll

[-] 2004-08-04 05:58 24576 EBDEE8A2EE5393890A1ACEE971C4C246 c:\windows\system32\drivers\kbdclass.sys
[-] 2004-08-04 05:58 24576 EBDEE8A2EE5393890A1ACEE971C4C246 c:\windows\system32\ReinstallBackups\0008\DriverFiles\i386\kbdclass.sys

[-] 2004-08-04 08:00 792064 6728270CB7DBB776ED086F5AC4C82310 c:\windows\system32\comres.dll

[-] 2004-08-04 08:00 22016 74D66B3DE265E8789153414E75175F26 c:\windows\system32\lpk.dll


[-] 2004-08-04 08:00 2944 73C1E1F395918BC2C6DD67AF7591A3AD c:\windows\system32\drivers\null.sys

[-] 2006-02-15 00:30 142464 1EE7B434BA961EF845DE136224C30FEC c:\windows\$hf_mig$\KB900485\SP2QFE\aec.sys
[-] 2004-08-04 06:39 142464 841F385C6CFAF66B58FBD898722BB4F0 c:\windows\$NtUninstallKB900485$\aec.sys
[-] 2006-02-15 00:22 142464 1EE7B434BA961EF845DE136224C30FEC c:\windows\Driver Cache\i386\aec.sys
[-] 2006-02-15 00:22 142464 1EE7B434BA961EF845DE136224C30FEC c:\windows\system32\drivers\aec.sys

[-] 2004-08-04 08:00 924432 DDF8D47ACF8FC3FE5F7F2B95C4D4D136 c:\windows\$NtUninstallKB924667$\mfc40u.dll
[-] 2006-11-01 19:17 927504 925F8B61ED301A317BA850EBEECBDAA0 c:\windows\system32\mfc40u.dll

[-] 2005-01-14 05:07 395776 94456045BEB4545B5EBE1DCC85951AFA c:\windows\$hf_mig$\KB873333\SP2QFE\rpcss.dll
[-] 2005-04-28 19:35 396288 DA383FB39A6F1C445F3AFC94B3EB1248 c:\windows\$hf_mig$\KB894391\SP2QFE\rpcss.dll
[-] 2005-07-26 04:20 398336 C369DF215D352B6F3A0B8C3469AA34F8 c:\windows\$hf_mig$\KB902400\SP2QFE\rpcss.dll
[-] 2004-08-04 08:00 395776 5C83A4408604F737717AB96371201680 c:\windows\$NtUninstallKB873333$\rpcss.dll
[-] 2005-01-14 08:55 395776 419899803CA479B73B02390318C787C0 c:\windows\$NtUninstallKB894391$\rpcss.dll
[-] 2005-04-28 19:31 395776 C8061F289E000703E7672916B7FE1571 c:\windows\$NtUninstallKB902400$\rpcss.dll
[-] 2005-07-26 04:39 397824 CE94A2BD25E3E9F4D46A7373FF455C6D c:\windows\system32\rpcss.dll

[-] 2004-08-04 08:00 33792 95FD808E4AC22ABA025A7B3EAC0375D2 c:\windows\system32\msgsvc.dll

[-] 2004-08-04 08:00 611328 A77DFB85FAEE49D66C74DA6024EBC69B c:\windows\$NtUninstallKB923191$\comctl32.dll
[-] 2006-08-25 15:45 617472 B0124CB21D28B1C9F678B566B6B57D92 c:\windows\system32\comctl32.dll
[-] 2004-08-04 08:00 921088 AEF3D788DBF40C7C4D204EA45EB0C505 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll
[-] 2004-08-04 08:00 1050624 5AF68A5E44734A082442668E9C787743 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
[-] 2006-08-25 15:45 1054208 C4E80875C1CF1222FC5EFD0314AE5C01 c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

[-] 2004-08-04 08:00 11648 9859C0F6936E723E4892D7141B1327D5 c:\windows\system32\drivers\acpiec.sys

[-] 2004-08-04 08:00 5120 E8A12A12EA9088B4327D49EDCA3ADD3E c:\windows\system32\sfc.dll

[-] 2004-08-04 08:00 407040 96353FCECBA774BB8DA74A1C6507015A c:\windows\system32\netlogon.dll

[-] 2004-08-04 08:00 382464 2C69EC7E5A311334D10DD95F338FCCEA c:\windows\system32\qmgr.dll

[-] 2004-08-04 08:00 14336 02000ABF34AF4C218C35D257024807D6 c:\windows\system32\drivers\asyncmac.sys

[-] 2007-02-09 11:23 574976 05AB81909514BFD69CBB1F2C147CF6B9 c:\windows\$hf_mig$\KB930916\SP2QFE\ntfs.sys
[-] 2004-08-04 08:00 574592 B78BE402C3F63DD55521F73876951CDD c:\windows\$NtUninstallKB930916$\ntfs.sys
[-] 2007-02-09 11:10 574464 19A811EF5F1ED5C926A028CE107FF1AF c:\windows\system32\drivers\ntfs.sys

[-] 2004-08-04 08:00 170496 92BDF74F12D6CBEC43C94D4B7F804838 c:\windows\$NtUninstallKB888402$\srsvc.dll
[-] 2004-11-17 23:25 171008 902CF9595F640E53F33C0F1637F464F9 c:\windows\system32\srsvc.dll

[-] 2004-08-04 08:00 13824 49911DD39E023BB6C45E4E436CFBD297 c:\windows\system32\wscntfy.exe

[-] 2004-08-04 08:00 435200 B62F29C00AC55A761B2E45877D85EA0F c:\windows\system32\ntmssvc.dll

[-] 2004-08-04 08:00 89088 44DB7A9BDD2FB58747D123FBF1D35ADB c:\windows\system32\rasauto.dll

[-] 2004-08-04 08:00 1580544 30A609E00BD1D4FFC49D6B5A432BE7F2 c:\windows\system32\sfcfiles.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"cdloader"="c:\documents and settings\TENMEG\Application Data\mjusbsp\cdloader2.exe" [2009-04-10 50520]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-09-28 344064]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-06-19 729178]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-08-01 233534]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-12-11 286720]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-12-11 267048]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2008-04-11 1085440]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-12-04 185896]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
VZAccess Manager.lnk - c:\program files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe [2008-3-30 1738032]

c:\documents and settings\user\Start Menu\Programs\Startup\
HotSync Manager.lnk - c:\program files\Palm\HOTSYNC.EXE [2002-8-9 299008]
VZAccess Manager.lnk - c:\program files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe [2008-3-30 1738032]

c:\documents and settings\User.2WIRE200\Start Menu\Programs\Startup\
VZAccess Manager.lnk - c:\program files\Verizon Wireless\VZAccess Manager\VZAccess Manager.exe [2008-3-30 1738032]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2006-8-5 450560]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /p \??\c:\0sdearlydelete\0autocheck autochk *

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPod Service"=3 (0x3)
"IDriverT"=2 (0x2)
"CryptSvc"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Adobe\\Photoshop 5.0\\Photoshp.exe"=
"c:\\Program Files\\Visicom Media\\AceFTP 3 Freeware\\aceftp3free.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\TENMEG\\Application Data\\mjusbsp\\magicJack.exe"=

R3 cmuda2;C-Media USB Audio Interface;c:\windows\system32\drivers\cmuda2.sys [2004-01-05 705536]
R3 lgatbus;LG USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\lgatbus.sys [2005-06-14 43024]
R3 lgatmdm;LG CDMA USB Modem Drivers;c:\windows\system32\DRIVERS\lgatmdm.sys [2005-06-14 77104]
R3 lgatserd;LG CDMA USB Modem Diagnostic Serial Port Drivers (WDM);c:\windows\system32\DRIVERS\lgatserd.sys [2005-06-14 60816]
R3 RTCore32;RTCore32;c:\program files\RightMark Memory Analyzer\RTCore32.sys [x]
R3 uts_bus;UTStarcom USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\uts_bus.sys [2007-12-05 84352]
R3 uts_mdfl;UTStarcom USB Modem Filter;c:\windows\system32\DRIVERS\uts_mdfl.sys [2007-12-05 14976]
R3 uts_mdm;UTStarcom USB Modem Drivers;c:\windows\system32\DRIVERS\uts_mdm.sys [2007-12-05 110848]
R3 uts_serd;UTStarcom USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\uts_serd.sys [2007-12-05 90880]
S3 HSFHWATI;HSFHWATI;c:\windows\system32\DRIVERS\HSFHWATI.sys [2005-08-22 231424]

.
Contents of the 'Scheduled Tasks' folder

2008-07-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 22:57]

2008-08-05 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2008-04-21 21:21]

2008-07-24 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2008-04-21 21:21]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://hp-laptop.aol.com/
mWindow Title = Microsoft Internet Explorer
uInternet Connection Wizard,ShellNext = hxxp://www.personalfirewall.comodo.com/ ... CF6FF3F27F
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
Trusted Zone: turbotax.com
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-05 10:32
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????9?5?1?1??????? ???B?????????????hLC? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-986089347-3572095111-2355310880-1007\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{9BF370D9-6452-42F3-7346-90DC10C441BA}*]
"iaogpmbcgnehhamfko"=hex:6b,61,6b,6c,63,65,6c,70,70,68,6e,67,65,65,65,6c,6f,70,
64,67,67,69,00,00
"haigjkomffndeefd"=hex:6b,61,6b,6c,63,65,6c,70,70,68,6e,67,65,65,65,6c,6f,70,
64,67,67,69,00,00
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(664)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3380)
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-08-05 10:35
ComboFix-quarantined-files.txt 2009-08-05 17:35
ComboFix2.txt 2009-08-04 05:18
ComboFix3.txt 2009-08-02 18:03

Pre-Run: 8,946,388,992 bytes free
Post-Run: 9,004,871,680 bytes free

333 --- E O F --- 2008-08-05 00:51
tenmeg
Regular Member
 
Posts: 63
Joined: July 27th, 2009, 7:49 pm

Re: Redirected Google web searches + Random Pop Ups

Unread postby Bio-Hazard » August 7th, 2009, 9:25 am

Hello!

Have you tried installing antivirus again?


Remove HijackThis entries

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} -

  • Close all open windows and browsers/email etc...
  • Click on the Fix Checked button
  • When completed close the application.



Download and run OTM

Download OTM by Old Timer and save it to your Desktop.
  • Double-click OTM.exe to run it.
  • Paste the following code under the Image area. Do not include the word Code.
Code: Select all
:Files
c:\documents and settings\All Users\Application Data\qnahadqf
c:\documents and settings\All Users\Application Data\mjizavcl
:Commands
[emptytemp]
[Reboot]

  • Return to OTM, right click in the Paste List of Files/Folders to Move window (under the yellow bar) and choose Paste.
  • Push the large Image button.
  • OTM may ask to reboot the machine. Please do so if asked.
  • Copy everything in the Results window (under the green bar), and paste it in your next reply.

NOTE: If you are unable to copy/paste from this window (as will be the case if the machine was rebooted), open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTM\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.


Kaspersky Online Scan

You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • Please go to Kaspersky website and perform an online antivirus scan.
  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
    • Archives
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply along with a fresh HijackThis log.



Logs/Information to Post in Next Reply

Please post the following logs/Information in your reply:
  • Answer to My question
  • OTM log
  • Kaspersky Log
  • A fresh HijackThis Log ( after all the above has been done)
  • A description of how your computer is behaving
User avatar
Bio-Hazard
MRU Master Emeritus
 
Posts: 4078
Joined: May 10th, 2007, 8:28 am
Location: Cornwall, UK

Re: Redirected Google web searches + Random Pop Ups

Unread postby tenmeg » August 8th, 2009, 4:43 pm

========================================================================================
Hi -
1) I was able to install the anti-virus AVAST. Could not load AVIRA as noted earlier.
2) OTM log attached
3) I could not run Kapersky. Kapersky would not run & said I needed JAVA. I checked Control Panel, clicked on the JAVA icon, clicked UPDATE and got the message that I had the latest version?? Went to JAVA web site & tried to download the latest version and got the error message that my Windows Installer Service was not working when I tried to install JAVA?? Can't load Kapersky without JAVA, tried downloading JAVA and can't download it because Windows Installer Service is not working??
4) HJT log attached
5) COMPUTER - There is obviously some corrupted files like Windows Installer Service, Java, etc. I don't get the redirection to unwanted web sites on Google searches anymore which the main problem and it seems to run faster. HJT says I have SP-2 but can't find it using Control Panel, Add/Remove?? I thought if I could delete SP-2 and then redownload SP-2 for a new version of Windows Installer Service. I checked Windows Services running on my computer and could not find the Windows Installer Services listed.
========================================================================================
OTM log
========================================================================================
All processes killed
========== FILES ==========
c:\documents and settings\All Users\Application Data\qnahadqf moved successfully.
c:\documents and settings\All Users\Application Data\mjizavcl moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 78991 bytes

User: All Users

User: Default User
->Temporary Internet Files folder emptied: 32902 bytes

User: LocalService
->Temp folder emptied: 65984 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: TENMEG
->Temp folder emptied: 408888 bytes
->Temporary Internet Files folder emptied: 50221644 bytes
->Java cache emptied: 1060340 bytes

User: user
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 78991 bytes
->Java cache emptied: 21725117 bytes

User: User.2WIRE200
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 78991 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 255 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 70.37 mb


OTM by OldTimer - Version 3.0.0.6 log created on 08082009_093525

Files moved on Reboot...

Registry entries deleted on Reboot...
=======================================================================================
HJT Log
========================================================================================
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:19:03 PM, on 8/8/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://hp-laptop.aol.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.personalfirewall.comodo.com/ ... CF6FF3F27F
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Canon Easy Web Print Helper - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [cdloader] "C:\Documents and Settings\TENMEG\Application Data\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-986089347-3572095111-2355310880-1007\..\Run: [cdloader] "C:\Documents and Settings\TENMEG\Application Data\mjusbsp\cdloader2.exe" MAGICJACK (User '?')
O4 - HKUS\S-1-5-21-986089347-3572095111-2355310880-1007\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll
O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=pavilion&pf=laptop
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} -
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/house ... hcImpl.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se1140.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windows ... 9970259671
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 9971399281
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/s ... DEXAXO.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

--
End of file - 7828 bytes
tenmeg
Regular Member
 
Posts: 63
Joined: July 27th, 2009, 7:49 pm

Re: Redirected Google web searches + Random Pop Ups

Unread postby Bio-Hazard » August 8th, 2009, 5:06 pm

Hello!

Did you use any programs to clean infections before you asked help here? If you did could you please tell the names of those programs.

We need to check some entries in the registry.

STEP 1

  • Click Start > Run type Notepad click OK.
  • This will open an empty Notepad file.
  • Copy/Paste the contents of the box below into Notepad.
Code: Select all
'Script written by Mosaic1
'To diagnose a possible problem with CryptoGraphic Services.
'This script makes no changes to your operating system
'It merely reports
'Problem has so far only been seen in Windows XP SP3!
'Be careful not to fix anything unless you have the correct Registry Files for that operating System version.

Set fso = Wscript.CreateObject("Scripting.FileSystemObject")
Dim Z
set ts = fso.CreateTextFile("CReport.txt","true")
Ts.write Now & vbcrlf & vbcrlf
Set wshshell = Wscript.CreateObject("Wscript.Shell")

strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
    & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set colListOfServices = objWMIService.ExecQuery _
    ("Select * from Win32_Service Where Name = 'Cryptsvc'")
For Each objService in colListofServices

If objService.State = "Stopped" then
ts.writeline "Cryptographic services not running!"
ts.writeline  "It's  Start mode is set to: " & objService.StartMode

Wshshell.run "regedit /a  Crypt.txt HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cryptsvc" ,, true
Wshshell.run "regedit /a  spooler.txt HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\spooler" ,,true
Wshshell.run "regedit /a  Seclogon.txt HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Seclogon" ,,true
If not  fso.Fileexists("Crypt.txt") then ts.writeline " Warning! No export of the Cryptsvc key exists."
If fso.Fileexists("Crypt.txt") then
set cs = fso.opentextfile("Crypt.txt",1)
Do while not cs.AtEndOfStream
C = cs.readall
loop
cs.close

ts.write C & vbcrlf
fso.DeleteFile("Crypt.txt")
End IF
If not  fso.Fileexists("spooler.txt") then ts.writeline " Warning! No export of the spooler key exists."
If fso.Fileexists("spooler.txt") then
set cs = fso.opentextfile("spooler.txt",1)
Do while not cs.AtEndOfStream
spool = cs.readall
loop
cs.close
Set cs = nothing

ts.write spool & vbcrlf
fso.DeleteFile("spooler.txt")
End IF
If not  fso.Fileexists("Seclogon.txt") then ts.writeline " Warning! No export of the Seclogon key exists."
If fso.Fileexists("Seclogon.txt") then
set cs = fso.opentextfile("seclogon.txt",1)
Do while not cs.AtEndOfStream
seclogon = cs.readall
loop
cs.close
Set cs = nothing
ts.write seclogon & vbcrlf
fso.DeleteFile("seclogon.txt")
End IF

ts.write vbcrlf & " CryptoGraphic Services Failures Events:" & vbcrlf

Else If objService.State = "Running" then
ts.Writeline "Cryptographic Services is running."
Wshshell.run """CReport.txt"""
wscript.quit
End IF
End IF

Next
strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
    & "{impersonationLevel=impersonate}!\\" & strComputer & "\root\cimv2")
Set colLoggedEvents = objWMIService.ExecQuery _
    ("Select * from Win32_NTLogEvent Where Logfile = 'System' and " _
            & "EventCode = '7000'")
For Each objEvent in colLoggedEvents
If instr(1,ObjEvent.Message,"cryptsvc",1) <> 0 then
 Z = Z + 1
    ts.writeline "Event Code: " & objEvent.EventCode
    ts.writeline "Event date: " & WMIDateStringToDate(objEvent.TimeGenerated)
    ts.writeline "Description: " & objEvent.Message

End IF

   
Next

If Z = 0 then ts.writeline "No  failure events found for Cryptographic Services."

ts.close

Wshshell.run """CReport.txt"""

Function WMIDateStringToDate(A)
 WMIDateStringToDate = CDate(Mid(A, 5, 2) & "/" & _
 Mid(A, 7, 2) & "/" & Left(A, 4) _
 & " " & Mid (A, 9, 2) & ":" & _
 Mid(A, 11, 2) & ":" & Mid(A, _
 13, 2))
End Function

  • Click Format and ensure Wordwrap is unchecked.
  • Save as Export.vbs
  • Save as file type All Files or it won't work.
  • Now double click on Export.vbs to run it.
  • A file CReport.txt will open on your Desktop, please post the contents in your next reply.

=============================================================================

STEP 2

  • Click Start > Run type cmd click OK.
  • command prompt window will open.
  • Copy/Paste the contents of the box below into Notepad.

    Regedit /a C:\Seccenter.txt HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc && start notepad C:\Seccenter.txt
  • It will open a file C:\Seccenter.txt
  • Please post the contents of that file here.

=============================================================================

Logs/Information to Post in Next Reply

Please post the following logs/Information in your reply:
  • Answer to my question
  • CReport.txt
  • C:\Seccenter.txt
  • A description of how your computer is behaving
User avatar
Bio-Hazard
MRU Master Emeritus
 
Posts: 4078
Joined: May 10th, 2007, 8:28 am
Location: Cornwall, UK

Re: Redirected Google web searches + Random Pop Ups

Unread postby tenmeg » August 8th, 2009, 11:50 pm

Hi -

1) Answer to ? - When the redirection of Google searches started I just put up with it for a several weeks. I knew it was more serious when I tried to run SpyBot and Malwarebytes. Would not load & acteed as if they were being blocked from running. I didn't try anything else.
2) CReport - Export.vbs would not run and received the following error message:
==============================================================
Script : C:\Documents and Settings\TENMEG\Deskktop\Export.vbs
Line: 19
Char: 1
Error: Class doesn't support Automation
Code: 800A01AE
Source: Microsoft VBScript runtime error
================================================================
3) C:\Seccenter.txt - See attched report
================================================================
REGEDIT4

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc]
"Type"=dword:00000020
"Start"=dword:00000002
"ErrorControl"=dword:00000001
"ImagePath"=hex(2):25,53,79,73,74,65,6d,52,6f,6f,74,25,5c,53,79,73,74,65,6d,33,\
32,5c,73,76,63,68,6f,73,74,2e,65,78,65,20,2d,6b,20,6e,65,74,73,76,63,73,00
"DisplayName"="Security Center"
"DependOnService"=hex(7):52,70,63,53,73,00,77,69,6e,6d,67,6d,74,00,00
"ObjectName"="LocalSystem"
"Description"="Monitors system security settings and configurations."

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Parameters]
"ServiceDll"=hex(2):25,53,59,53,54,45,4d,52,4f,4f,54,25,5c,73,79,73,74,65,6d,\
33,32,5c,77,73,63,73,76,63,2e,64,6c,6c,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,\
00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
00,00,02,00,60,00,04,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
20,02,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,\
00,18,00,fd,01,02,00,01,02,00,00,00,00,00,05,20,00,00,00,23,02,00,00,01,01,\
00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Enum]
"0"="Root\\LEGACY_WSCSVC\\0000"
"Count"=dword:00000001
"NextInstance"=dword:00000001
=========================================================================================
4) Computer - Outside of the problems described last reply nothing has changed. Not being redirectd to unwanted web sites and speed has remained good.
tenmeg
Regular Member
 
Posts: 63
Joined: July 27th, 2009, 7:49 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 46 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware