Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

New Window Opens with Random Ads

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

New Window Opens with Random Ads

Unread postby OhioLion » August 2nd, 2009, 11:50 pm

Hi,

Hoping to get some help with an issue I am having with my lap top. While using Mozilla, new windows will open randomly displaying various adds. I have included my Hi Jack this log below. Thanks in advance for your time and help!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:47:04 PM, on 8/2/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Shutterfly\Studio\BIN\SFlyStudio.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\WINDOWS\system32\RAMASST.exe
C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\WINDOWS\system32\wscntfy.exe
C:\DOCUME~1\Home\LOCALS~1\Temp\bwgo0002b339.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Monitor] "C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ShutterflyStudio] C:\Program Files\Shutterfly\Studio\BIN\SFlyStudio.exe /trayonly
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LeapFrog Connect Device Service - Unknown owner - C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

--
End of file - 10632 bytes
OhioLion
Active Member
 
Posts: 8
Joined: August 2nd, 2009, 11:41 pm
Advertisement
Register to Remove

Re: New Window Opens with Random Ads

Unread postby Shaba » August 5th, 2009, 9:53 am

Hi OhioLion

Download gmer.zip and save to your desktop.
alternate download site
  • Unzip/extract the file to its own folder. (Click here for information on how to do this if not sure. Win 2000 users click here.
  • When you have done this, disconnect from the Internet and close all running programs.
    There is a small chance this application may crash your computer so save any work you have open.
  • Double-click on Gmer.exe to start the program.
  • Allow the gmer.sys driver to load if asked.
  • If it gives you a warning at program start about rootkit activity and asks if you want to run a scan...click NO.
  • Click on the Rootkit tab.
  • Look at the right hand side (under Files) and uncheck all drives with the exception of your C drive.
  • Make sure all other boxes on the right of the screen are checked, EXCEPT for "Show All".
  • Click on the "Scan" and wait for the scan to finish.
    Note: Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan.
  • When completed, click on the Copy button and right-click on your Desktop, choose "New" > Text document. Once the file is created, open it and right-click again and choose Paste or Ctrl+V. Save the file as gmer.txt and copy the information in your next reply.
  • Note: If you have any problems, try running GMER in SAFE MODE"
Important! Please do not select the "Show all" checkbox during the scan..
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: New Window Opens with Random Ads

Unread postby OhioLion » August 7th, 2009, 7:08 pm

Below are the results from the GMER scan...

GMER 1.0.15.15011 [gmer.exe] - http://www.gmer.net
Rootkit scan 2009-08-07 19:04:39
Windows 5.1.2600 Service Pack 2


---- Devices - GMER 1.0.15 ----

Device \FileSystem\Udfs \UdfsCdRom DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\meiudf \MeiUDF_Disk DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\meiudf \MeiUDF_CdRom DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Udfs \UdfsDisk DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device ACPI.sys (ACPI Driver for NT/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Sonic Solutions)

---- EOF - GMER 1.0.15 ----
OhioLion
Active Member
 
Posts: 8
Joined: August 2nd, 2009, 11:41 pm

Re: New Window Opens with Random Ads

Unread postby Shaba » August 8th, 2009, 4:57 am

Please download GooredFix...by jpshortstuff.
Save it to your desktop. Alternate site.
  1. Ensure all Firefox windows are closed.
  2. Double-click GooredFix.exe to run it.
  3. When prompted to run the scan, click Yes.
    GooredFix will check for infections, and then a log file will open... named "GooredFix.txt".
  4. Please copy and paste the contents of the GooredFix.txt file in your next reply.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: New Window Opens with Random Ads

Unread postby OhioLion » August 8th, 2009, 4:35 pm

Results of the GooredFix scan are below...

Thanks for the continued help!


GooredFix by jpshortstuff (12.07.09)
Log created at 16:32 on 08/08/2009 (Home)
Firefox version 3.0.13 (en-US)

========== GooredScan ==========

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd} [22:32 09/04/2006]
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} [03:21 19/12/2008]
{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} [03:51 09/05/2009]

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{3f963a5b-e555-4543-90e2-c3908898db71}"="C:\Program Files\AVG\AVG8\Firefox" [18:09 15/02/2009]
"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" [03:21 19/12/2008]
"{2224E955-00E9-4613-A844-CE69FCCAAE91}"="C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF" [01:09 26/07/2009]
"{0BA0192D-94A5-45e3-B2B8-3EC5A1A0B5EC}"="C:\Program Files\Media Access Startup\1.5.0.850\FF" []

-=E.O.F=-
OhioLion
Active Member
 
Posts: 8
Joined: August 2nd, 2009, 11:41 pm

Re: New Window Opens with Random Ads

Unread postby Shaba » August 9th, 2009, 5:14 am

We will continue with ComboFix. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

  1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix, link
    Remember to re-enable them afterwards.

  2. Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the following reports for further review, and so we may continue cleansing the system:

C:\ComboFix.txt
New HijackThis log.


A word of warning: Please do not run ComboFix on your own. This tool is not a toy and not for everyday use.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: New Window Opens with Random Ads

Unread postby OhioLion » August 9th, 2009, 1:01 pm

Report from the Combofix run...

ComboFix 09-08-08.04 - Home 08/09/2009 12:44.2.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1470.800 [GMT -4:00]
Running from: c:\documents and settings\Home\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((( Files Created from 2009-07-09 to 2009-08-09 )))))))))))))))))))))))))))))))
.

2009-08-09 16:40 . 2009-08-09 16:40 -------- d-----w- c:\windows\LastGood
2009-08-01 04:48 . 2009-08-01 04:48 552 ----a-w- c:\windows\system32\d3d8caps.dat
2009-08-01 04:23 . 2009-08-01 04:23 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer
2009-08-01 04:23 . 2009-08-01 04:23 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Media Access Startup
2009-08-01 04:23 . 2009-08-01 04:23 117760 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-08-01 04:22 . 2009-08-01 04:22 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2009-08-01 04:13 . 2009-08-01 04:31 117760 ----a-w- c:\documents and settings\Home\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-08-01 04:13 . 2009-08-01 04:13 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-08-01 04:13 . 2009-08-01 04:13 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-08-01 04:13 . 2009-08-01 04:13 -------- d-----w- c:\documents and settings\Home\Application Data\SUPERAntiSpyware.com
2009-07-31 03:46 . 2009-07-31 03:46 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-07-26 02:19 . 2009-07-26 02:19 -------- d-----w- c:\documents and settings\Home\Local Settings\Application Data\Internet Saving Optimizer
2009-07-12 19:20 . 2009-07-12 19:19 3403032 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgui.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-02 16:59 . 2006-04-10 04:36 -------- d-----w- c:\documents and settings\Home\Application Data\OpenOffice.org2
2009-08-01 04:12 . 2008-12-25 17:35 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-29 04:10 . 2006-04-16 19:30 -------- d-----w- c:\program files\LimeWire
2009-07-12 19:19 . 2009-02-15 18:10 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-04 14:42 . 2009-07-04 14:42 -------- d-----w- c:\documents and settings\All Users\Application Data\PopCap
2009-07-01 22:43 . 2005-11-05 04:03 -------- d-----w- c:\program files\InterVideo
2009-06-23 01:40 . 2009-02-15 18:10 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-06-23 01:40 . 2009-02-15 18:10 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-08-09_16.23.52 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-09 16:37 . 2009-08-09 16:37 16384 c:\windows\Temp\Perflib_Perfdata_740.dat
+ 2009-04-04 04:56 . 2008-07-09 07:38 17272 c:\windows\system32\spmsg.dll
+ 2007-07-15 01:19 . 2009-02-03 23:21 21244864 c:\windows\system32\MRT.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-18 68856]
"ShutterflyStudio"="c:\program files\Shutterfly\Studio\BIN\SFlyStudio.exe" [2007-03-06 2496512]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\HOMERunner.exe" [2008-05-06 202088]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-14 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-14 688218]
"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2005-11-25 352256]
"Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2005-11-10 73728]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-08-01 122940]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-27 122880]
"Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2007-06-06 936960]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-06-09 185896]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-03-06 177472]
"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2008-11-25 356352]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-23 1948440]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-13 342312]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2005-11-10 15473664]
"NDSTray.exe"="NDSTray.exe" [BU]
"TFncKy"="TFncKy.exe" [BU]
"TPSMain"="TPSMain.exe" - c:\windows\system32\TPSMain.exe [2005-06-01 282624]

c:\documents and settings\Home\Start Menu\Programs\Startup\
Picture Motion Browser Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2008-6-15 368640]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2005-7-22 151552]
Kodak software updater.lnk - c:\program files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-2-13 16423]
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2005-11-4 155648]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"AGRSMMSG"=AGRSMMSG.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2/15/2009 2:10 PM 335752]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2/15/2009 2:10 PM 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/28/2009 10:53 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/28/2009 10:53 AM 72944]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [7/12/2009 3:19 PM 907032]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [6/22/2009 9:40 PM 298776]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [12/25/2008 1:37 PM 18560]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [7/28/2009 10:53 AM 7408]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2009-04-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2008-07-27 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\program files\Microsoft IntelliPoint\ipoint.exe [2007-08-31 19:01]
.
.
------- Supplementary Scan -------
.
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.yahoo.com/
uSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost;*.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Home\Application Data\Mozilla\Firefox\Profiles\kudntcqt.default\
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnG=Google+Search&q=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPUploader.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-09 12:52
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
ShutterflyStudio = c:\program files\Shutterfly\Studio\BIN\SFlyStudio.exe /trayonly?mmand:?10?????????????????????????????es\Shutterfly\Studio\BIN\mmpartner_langres.dll?1\T??????????udio Event - ?\L?C????UNIQUE_GEN_LISTENER_LOCK_NAME?AM??????????????????=C??????????re????tt??fly\

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(556)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(1172)
c:\windows\system32\shdoclc.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\TPwrCfg.DLL
c:\windows\system32\TPwrReg.dll
c:\windows\system32\TPSTrace.DLL
.
Completion time: 2009-08-09 12:56
ComboFix-quarantined-files.txt 2009-08-09 16:55
ComboFix2.txt 2009-08-09 16:27

Pre-Run: 12,655,132,672 bytes free
Post-Run: 12,601,417,728 bytes free

185 --- E O F --- 2009-08-09 16:44

Hi Jack This Log file post Combofix run

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:57:12 PM, on 8/9/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\acs.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\system32\svchost.exe
c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\Program Files\Toshiba\Tvs\TvsTray.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\WINDOWS\system32\TPSBattM.exe
C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\RAMASST.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;*.local
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [THotkey] C:\Program Files\Toshiba\Toshiba Applet\thotkey.exe
O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
O4 - HKLM\..\Run: [Tvs] C:\Program Files\Toshiba\Tvs\TvsTray.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
O4 - HKLM\..\Run: [Verizon_McciTrayApp] C:\Program Files\Verizon\McciTrayApp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [Monitor] "C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ShutterflyStudio] C:\Program Files\Shutterfly\Studio\BIN\SFlyStudio.exe /trayonly
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Picture Motion Browser Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.toshibadirect.com/dpdstart
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O18 - Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LeapFrog Connect Device Service - Unknown owner - C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
O23 - Service: Swupdtmr - Unknown owner - c:\TOSHIBA\IVP\swupdate\swupdtmr.exe
O23 - Service: TOSHIBA Application Service (TAPPSRV) - TOSHIBA Corp. - C:\Program Files\TOSHIBA\TOSHIBA Applet\TAPPSRV.exe

--
End of file - 9686 bytes

thank you for all your continued support
OhioLion
Active Member
 
Posts: 8
Joined: August 2nd, 2009, 11:41 pm

Re: New Window Opens with Random Ads

Unread postby Shaba » August 9th, 2009, 1:54 pm

To access the Uninstall Manager you would do the following:

1. Start HijackThis
2. Click on the Config button
3. Click on the Misc Tools button
4. Click on the Open Uninstall Manager button.

You will now be presented with a screen similar to the one below:

Image

5. Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Simply copy and paste the contents of that notepad here on your next reply.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: New Window Opens with Random Ads

Unread postby OhioLion » August 11th, 2009, 8:35 pm

contents of the uninstall list.

Add or Remove Adobe Creative Suite 3 Master Collection
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe BridgeTalk Plugin CS3
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Flash Player 9 ActiveX
Adobe Flash Player 9 ActiveX
Adobe Flash Player 9 Plugin
Adobe Flash Player Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe InDesign CS3 Icon Handler
Adobe Linguistics CS3
Adobe MotionPicture Color Files
Adobe PDF Library Files
Adobe Reader 7.0
Adobe Setup
Adobe SING CS3
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe Video Profiles
Adobe WAS CS3
Adobe WinSoft Linguistics Plugin
Adobe XMP DVA Panels CS3
Adobe XMP Panels CS3
AHV content for Acrobat and Flash
Apple Mobile Device Support
Apple Software Update
ArcSoft Software Suite
Atheros Client Utility
Atheros Wireless LAN MiniPCI card Driver
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
AVG Free 8.5
Baseball Mogul 2007
BearShare
Bonjour
CardRd81
CCScore
CD/DVD Drive Acoustic Silencer
CR2
Critical Update for Windows Media Player 11 (KB959772)
DivX
DVD-RAM Driver
Easy DVD Creator 1.6.0
Easy MPEG/AVI/DIVX/WMV/RM to DVD 1.7.0
ELMO Knows Your Name
ESSBrwr
ESSCDBK
ESScore
ESSCT
ESSgui
ESShelp
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
ESSTUTOR
ESSvpaht
ESSvpot
Free CD to MP3 Converter
GIMP 2.4.4
Google SketchUp 6
Google SketchUp 6
Google SketchUp 7
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
HLPIndex
HLPPDOCK
HLPRFO
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB893357)
Hotfix for Windows XP (KB894871)
Hotfix for Windows XP (KB895200)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB935448)
Hotfix for Windows XP (KB952287)
HP Customer Participation Program 7.0
HP Imaging Device Functions 7.0
HP Officejet Pro All-In-One Series
HP Photosmart Essential
HP Software Update
HP Solution Center 7.0
Image Resizer Powertoy for Windows XP
InterVideo WinDVD for TOSHIBA
iTunes
J2SE Runtime Environment 5.0 Update 4
Java(TM) 6 Update 13
Kodak EasyShare software
KSU
LeapFrog Connect
LeapFrog Connect
LeapFrog Tag Plugin
LG USB Modem Drivers
LimeWire 4.10.9
Macromedia Flash Player 8
Magic 3D Coloring Book
Malwarebytes' Anti-Malware
Metamail (Toshiba Registration Utility)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office Standard Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
MobileMe Control Panel
MotionDV STUDIO 5.6E LE for DV
Mozilla Firefox (3.0.13)
MPM
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6 Service Pack 2 (KB954459)
neroxml
NFL Head Coach
Notifier
OCR Software by I.R.I.S 7.0
Office 2003 Trial Assistant
OpenOffice.org 2.0
OTtBP
OTtBPSDK
Panasonic DVC USB Driver
PDF Settings
PokerStars
Quick Movie Magic 1.0E
Quicken 2005
QuickTime
RealPlayer
REALTEK Gigabit and Fast Ethernet NIC Driver
Realtek High Definition Audio Driver
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB973346)
SFR
SHASTA
Shutterfly Plugin
Shutterfly Studio
SKIN0001
SKINXSDK
Sonic DLA
Sonic RecordNow!
Sony Image Data Suite
Sony Picture Utility
Spybot - Search & Destroy
Spybot - Search & Destroy 1.4
SUPERAntiSpyware Free Edition
Synaptics Pointing Device Driver
TomTom HOME
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Controls
TOSHIBA Hotkey Utility
TOSHIBA PC Diagnostic Tool
TOSHIBA Software Modem
TOSHIBA Software Upgrades
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA TouchPad ON/Off Utility
TOSHIBA Utilities
TOSHIBA Virtual Sound
TOSHIBA Zooming Utility
Touch and Launch
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
VC_MergeModuleToMSI
Verizon Broadband Toolbar
Verizon Online Help and Support
Viewpoint Media Player
VLC media player 0.9.9
VPRINTOL
VTech® Photo Editor
Windows Driver Package - LeapFrog (FlyUsb) USB (06/15/2007 1.0.0.6)
Windows Installer 3.1 (KB893803)
Windows Installer Clean Up
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB884018
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885855
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB889673
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893056
WinRAR archiver
WIRELESS
OhioLion
Active Member
 
Posts: 8
Joined: August 2nd, 2009, 11:41 pm

Re: New Window Opens with Random Ads

Unread postby Shaba » August 11th, 2009, 11:54 pm

IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

LimeWire 4.10.9


I'd like you to read the this thread.

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).

Please run a new uninstall list scan when finished and post the log back here.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: New Window Opens with Random Ads

Unread postby OhioLion » August 12th, 2009, 9:50 pm

Limewire has been removed, new Hi Jack uninstall log posted below.

Add or Remove Adobe Creative Suite 3 Master Collection
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe BridgeTalk Plugin CS3
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color - Photoshop Specific
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe ExtendScript Toolkit 2
Adobe Extension Manager CS3
Adobe Flash Player 10 Plugin
Adobe Flash Player 9 ActiveX
Adobe Flash Player 9 ActiveX
Adobe Fonts All
Adobe Help Viewer CS3
Adobe InDesign CS3 Icon Handler
Adobe Linguistics CS3
Adobe MotionPicture Color Files
Adobe PDF Library Files
Adobe Reader 7.0
Adobe Setup
Adobe SING CS3
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe Video Profiles
Adobe WAS CS3
Adobe WinSoft Linguistics Plugin
Adobe XMP DVA Panels CS3
Adobe XMP Panels CS3
AHV content for Acrobat and Flash
Apple Mobile Device Support
Apple Software Update
ArcSoft Software Suite
Atheros Client Utility
Atheros Wireless LAN MiniPCI card Driver
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
AVG Free 8.5
Baseball Mogul 2007
Bonjour
CardRd81
CCScore
CD/DVD Drive Acoustic Silencer
CR2
Critical Update for Windows Media Player 11 (KB959772)
DivX
DVD-RAM Driver
Easy DVD Creator 1.6.0
Easy MPEG/AVI/DIVX/WMV/RM to DVD 1.7.0
ELMO Knows Your Name
ESSBrwr
ESSCDBK
ESScore
ESSCT
ESSgui
ESShelp
ESSini
ESSPCD
ESSPDock
ESSSONIC
ESSTOOLS
ESSTUTOR
ESSvpaht
ESSvpot
Free CD to MP3 Converter
GIMP 2.4.4
Google SketchUp 7
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
HLPIndex
HLPPDOCK
HLPRFO
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB893357)
Hotfix for Windows XP (KB894871)
Hotfix for Windows XP (KB895200)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB935448)
Hotfix for Windows XP (KB952287)
HP Customer Participation Program 7.0
HP Imaging Device Functions 7.0
HP Officejet Pro All-In-One Series
HP Photosmart Essential
HP Software Update
HP Solution Center 7.0
Image Resizer Powertoy for Windows XP
InterVideo WinDVD for TOSHIBA
iTunes
J2SE Runtime Environment 5.0 Update 4
Java(TM) 6 Update 13
Kodak EasyShare software
KSU
LeapFrog Connect
LeapFrog Connect
LeapFrog Tag Plugin
LG USB Modem Drivers
Macromedia Flash Player 8
Magic 3D Coloring Book
Malwarebytes' Anti-Malware
Metamail (Toshiba Registration Utility)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Office Standard Edition 2003
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Works
MobileMe Control Panel
MotionDV STUDIO 5.6E LE for DV
Mozilla Firefox (3.0.13)
MPM
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 6 Service Pack 2 (KB954459)
neroxml
NFL Head Coach
Notifier
OCR Software by I.R.I.S 7.0
Office 2003 Trial Assistant
OpenOffice.org 2.0
OTtBP
OTtBPSDK
Panasonic DVC USB Driver
PDF Settings
PokerStars
Quick Movie Magic 1.0E
Quicken 2005
QuickTime
RealPlayer
REALTEK Gigabit and Fast Ethernet NIC Driver
Realtek High Definition Audio Driver
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899589)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925454)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928090)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB929969)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931768)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933566)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937143)
Security Update for Windows XP (KB938127)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB939653)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB942615)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944338)
Security Update for Windows XP (KB944533)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB947864)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950759)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956390)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958215)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960714)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB972260)
Security Update for Windows XP (KB973346)
SFR
SHASTA
Shutterfly Plugin
Shutterfly Studio
SKIN0001
SKINXSDK
Sonic DLA
Sonic RecordNow!
Sony Image Data Suite
Sony Picture Utility
Spybot - Search & Destroy
Spybot - Search & Destroy 1.4
SUPERAntiSpyware Free Edition
Synaptics Pointing Device Driver
TomTom HOME
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Controls
TOSHIBA Hotkey Utility
TOSHIBA PC Diagnostic Tool
TOSHIBA Software Modem
TOSHIBA Software Upgrades
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA TouchPad ON/Off Utility
TOSHIBA Utilities
TOSHIBA Virtual Sound
TOSHIBA Zooming Utility
Touch and Launch
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB942840)
Update for Windows XP (KB946627)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
VC_MergeModuleToMSI
Verizon Broadband Toolbar
Viewpoint Media Player
VLC media player 0.9.9
VPRINTOL
VTech® Photo Editor
Windows Driver Package - LeapFrog (FlyUsb) USB (06/15/2007 1.0.0.6)
Windows Installer 3.1 (KB893803)
Windows Installer Clean Up
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB884018
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885855
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB889673
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893056
WinRAR archiver
WIRELESS
OhioLion
Active Member
 
Posts: 8
Joined: August 2nd, 2009, 11:41 pm

Re: New Window Opens with Random Ads

Unread postby Shaba » August 13th, 2009, 12:06 am

  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    Code: Select all
    Folder::
    c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer
    c:\documents and settings\Home\Local Settings\Application Data\Internet Saving Optimizer
    c:\program files\LimeWire
    
    Registry::
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "c:\\Program Files\\LimeWire\\LimeWire.exe"=-
    

  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

    Image
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.
CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: New Window Opens with Random Ads

Unread postby OhioLion » August 13th, 2009, 10:21 pm

thanks for the continued support, Combofix log below

ComboFix 09-08-10.06 - Home 08/13/2009 21:59.3.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1470.770 [GMT -4:00]
Running from: c:\documents and settings\Home\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Home\Desktop\cfscript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer
c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\config.md
c:\documents and settings\Administrator\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090801-002349.906.log
c:\documents and settings\Home\Local Settings\Application Data\Internet Saving Optimizer
c:\documents and settings\Home\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\config.md
c:\documents and settings\Home\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\ipdata.md
c:\documents and settings\Home\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090725-221927.187.log
c:\documents and settings\Home\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090725-222441.250.log
c:\documents and settings\Home\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090725-222447.015.log
c:\documents and settings\Home\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090726-010946.281.log
c:\documents and settings\Home\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090726-091938.437.log
c:\documents and settings\Home\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090726-105601.687.log
c:\documents and settings\Home\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090726-151658.218.log
c:\documents and settings\Home\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090726-152055.312.log
c:\documents and settings\Home\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090726-194944.078.log
c:\documents and settings\Home\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090726-212739.562.log
c:\documents and settings\Home\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090727-093218.609.log
c:\documents and settings\Home\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090727-230224.390.log
c:\documents and settings\Home\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090729-000912.453.log
c:\documents and settings\Home\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090729-212558.093.log
c:\documents and settings\Home\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090729-234732.671.log
c:\documents and settings\Home\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090729-234944.140.log
c:\documents and settings\Home\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090730-000028.234.log
c:\documents and settings\Home\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090730-213548.343.log
c:\documents and settings\Home\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090730-224525.046.log
c:\documents and settings\Home\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090730-233346.406.log
c:\documents and settings\Home\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090730-233526.375.log
c:\documents and settings\Home\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090731-003148.968.log
c:\documents and settings\Home\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090731-005253.703.log
c:\documents and settings\Home\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090731-183957.296.log
c:\documents and settings\Home\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090731-215234.687.log
c:\documents and settings\Home\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090731-234443.421.log
c:\documents and settings\Home\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090801-003007.765.log
c:\documents and settings\Home\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090801-012321.562.log
c:\documents and settings\Home\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090801-012327.859.log
c:\documents and settings\Home\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090801-093758.593.log
c:\documents and settings\Home\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090801-173338.328.log
c:\documents and settings\Home\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090801-225911.593.log
c:\documents and settings\Home\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090802-111439.468.log
c:\documents and settings\Home\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090802-134929.562.log
c:\documents and settings\Home\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090802-135029.750.log
c:\documents and settings\Home\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090802-210913.921.log
c:\documents and settings\Home\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090802-220705.061.log
c:\documents and settings\Home\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090802-230029.223.log
c:\documents and settings\Home\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090802-230437.551.log
c:\documents and settings\Home\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090803-075848.078.log
c:\documents and settings\Home\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090803-195536.812.log
c:\documents and settings\Home\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090803-212010.359.log
c:\documents and settings\Home\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090803-220416.203.log
c:\documents and settings\Home\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090804-213733.593.log
c:\documents and settings\Home\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090805-004220.359.log
c:\documents and settings\Home\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090805-214628.265.log
c:\documents and settings\Home\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090805-223732.390.log
c:\documents and settings\Home\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090806-211434.468.log
c:\documents and settings\Home\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090807-190202.796.log
c:\documents and settings\Home\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090807-224834.281.log
c:\documents and settings\Home\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090808-162632.093.log
c:\documents and settings\Home\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090808-163307.343.log
c:\documents and settings\Home\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090808-211726.140.log
c:\documents and settings\Home\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090809-112702.984.log
c:\documents and settings\Home\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\NP_20090809-120959.140.log
c:\documents and settings\Home\Local Settings\Application Data\Internet Saving Optimizer\3.4.0.4340\rstatus.md
c:\program files\LimeWire
c:\program files\LimeWire\dl\1212.wmv
c:\program files\LimeWire\dl\158sam.wmv
c:\program files\LimeWire\dl\2.WMV
c:\program files\LimeWire\root\magnet10\Thumbs.db
c:\program files\LimeWire\root\Thumbs.db


.
((((((((((((((((((((((((( Files Created from 2009-07-14 to 2009-08-14 )))))))))))))))))))))))))))))))
.

2009-08-14 01:43 . 2009-08-14 01:43 -------- d-----w- c:\windows\LastGood
2009-08-09 17:08 . 2009-03-06 14:00 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2009-08-09 17:08 . 2009-02-09 10:01 473088 -c----w- c:\windows\system32\dllcache\fastprox.dll
2009-08-09 17:08 . 2009-02-09 10:01 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2009-08-09 17:08 . 2009-02-06 10:22 110592 -c----w- c:\windows\system32\dllcache\services.exe
2009-08-09 17:08 . 2009-02-06 09:54 35328 -c----w- c:\windows\system32\dllcache\sc.exe
2009-08-09 17:08 . 2009-02-06 09:41 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2009-08-09 17:08 . 2005-07-26 04:20 60416 -c----w- c:\windows\system32\dllcache\colbact.dll
2009-08-09 17:08 . 2009-02-09 10:01 617984 -c----w- c:\windows\system32\dllcache\advapi32.dll
2009-08-09 17:08 . 2009-02-09 10:01 715264 -c----w- c:\windows\system32\dllcache\ntdll.dll
2009-08-09 16:43 . 2008-04-21 10:02 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2009-08-01 04:48 . 2009-08-01 04:48 552 ----a-w- c:\windows\system32\d3d8caps.dat
2009-08-01 04:23 . 2009-08-01 04:23 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Media Access Startup
2009-08-01 04:23 . 2009-08-01 04:23 117760 ----a-w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-08-01 04:22 . 2009-08-01 04:22 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2009-08-01 04:13 . 2009-08-01 04:31 117760 ----a-w- c:\documents and settings\Home\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-08-01 04:13 . 2009-08-01 04:13 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-08-01 04:13 . 2009-08-01 04:13 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-08-01 04:13 . 2009-08-01 04:13 -------- d-----w- c:\documents and settings\Home\Application Data\SUPERAntiSpyware.com
2009-07-31 03:46 . 2009-07-31 03:46 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-13 01:47 . 2007-10-05 01:31 -------- d-----w- c:\program files\Verizon
2009-08-13 01:45 . 2005-11-05 02:56 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-11 00:33 . 2009-08-11 00:33 2568 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2009-08-02 16:59 . 2006-04-10 04:36 -------- d-----w- c:\documents and settings\Home\Application Data\OpenOffice.org2
2009-08-01 04:12 . 2008-12-25 17:35 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-07-12 19:19 . 2009-02-15 18:10 335752 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-07-04 14:42 . 2009-07-04 14:42 -------- d-----w- c:\documents and settings\All Users\Application Data\PopCap
2009-07-01 22:43 . 2005-11-05 04:03 -------- d-----w- c:\program files\InterVideo
2009-06-26 15:59 . 2005-11-05 00:53 668160 ----a-w- c:\windows\system32\wininet.dll
2009-06-26 15:59 . 2005-11-05 00:52 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-06-23 01:40 . 2009-02-15 18:10 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-06-23 01:40 . 2009-02-15 18:10 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-06-03 19:27 . 2005-11-05 00:53 1290752 ----a-w- c:\windows\system32\quartz.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-08-09_16.23.52 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-11 21:23 . 2009-08-11 21:23 16384 c:\windows\Temp\Perflib_Perfdata_130.dat
+ 2005-11-05 03:10 . 2007-07-27 13:41 26488 c:\windows\system32\spupdsvc.exe
+ 2009-04-04 04:56 . 2008-07-09 07:38 17272 c:\windows\system32\spmsg.dll
+ 2005-11-05 00:53 . 2009-02-03 20:08 55808 c:\windows\system32\secur32.dll
- 2005-11-05 00:53 . 2004-08-04 12:00 55808 c:\windows\system32\secur32.dll
+ 2005-11-05 00:53 . 2009-02-06 09:54 35328 c:\windows\system32\sc.exe
- 2005-11-05 00:53 . 2008-10-16 10:20 39424 c:\windows\system32\pngfilt.dll
+ 2005-11-05 00:53 . 2009-06-26 15:59 39424 c:\windows\system32\pngfilt.dll
+ 2005-11-05 02:26 . 2008-06-12 13:47 91648 c:\windows\system32\mtxoci.dll
+ 2005-11-05 00:53 . 2008-06-12 13:47 66560 c:\windows\system32\mtxclu.dll
- 2005-11-05 00:53 . 2006-03-01 19:34 66560 c:\windows\system32\mtxclu.dll
+ 2005-11-05 02:26 . 2008-06-12 13:47 58880 c:\windows\system32\msdtclog.dll
- 2005-11-05 02:26 . 2004-08-04 12:00 58880 c:\windows\system32\msdtclog.dll
+ 2007-11-26 02:15 . 2009-08-12 00:46 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2005-11-05 00:52 . 2009-06-26 15:59 16384 c:\windows\system32\jsproxy.dll
- 2005-11-05 00:52 . 2008-10-16 10:20 16384 c:\windows\system32\jsproxy.dll
- 2005-11-05 00:52 . 2008-10-16 10:20 96256 c:\windows\system32\inseng.dll
+ 2005-11-05 00:52 . 2009-06-26 15:59 96256 c:\windows\system32\inseng.dll
+ 2005-11-05 00:52 . 2009-06-26 15:59 55808 c:\windows\system32\extmgr.dll
- 2005-11-05 00:52 . 2008-10-16 10:20 55808 c:\windows\system32\extmgr.dll
+ 2009-02-03 20:08 . 2009-02-03 20:08 55808 c:\windows\system32\dllcache\secur32.dll
+ 2006-05-10 05:25 . 2009-06-26 15:59 39424 c:\windows\system32\dllcache\pngfilt.dll
- 2006-05-10 05:25 . 2008-10-16 10:20 39424 c:\windows\system32\dllcache\pngfilt.dll
+ 2008-06-12 13:47 . 2008-06-12 13:47 91648 c:\windows\system32\dllcache\mtxoci.dll
+ 2008-06-12 13:47 . 2008-06-12 13:47 66560 c:\windows\system32\dllcache\mtxclu.dll
+ 2008-06-12 13:47 . 2008-06-12 13:47 58880 c:\windows\system32\dllcache\msdtclog.dll
- 2006-05-10 05:25 . 2008-10-16 10:20 16384 c:\windows\system32\dllcache\jsproxy.dll
+ 2006-05-10 05:25 . 2009-06-26 15:59 16384 c:\windows\system32\dllcache\jsproxy.dll
+ 2006-05-10 05:25 . 2009-06-26 15:59 96256 c:\windows\system32\dllcache\inseng.dll
- 2006-05-10 05:25 . 2008-10-16 10:20 96256 c:\windows\system32\dllcache\inseng.dll
+ 2009-06-26 15:59 . 2009-06-26 15:59 81920 c:\windows\system32\dllcache\ieencode.dll
+ 2006-05-09 11:41 . 2009-06-22 11:40 18432 c:\windows\system32\dllcache\iedw.exe
- 2006-05-09 11:41 . 2008-10-15 14:18 18432 c:\windows\system32\dllcache\iedw.exe
+ 2006-05-10 05:25 . 2009-06-26 15:59 55808 c:\windows\system32\dllcache\extmgr.dll
- 2006-05-10 05:25 . 2008-10-16 10:20 55808 c:\windows\system32\dllcache\extmgr.dll
+ 2005-11-05 02:47 . 2009-06-22 11:26 352768 c:\windows\system32\xpsp3res.dll
+ 2006-10-19 01:47 . 2008-06-24 22:12 295936 c:\windows\system32\wmpeffects.dll
- 2006-10-19 01:47 . 2006-10-19 01:47 295936 c:\windows\system32\wmpeffects.dll
- 2005-11-05 00:53 . 2004-08-04 12:00 351232 c:\windows\system32\winhttp.dll
+ 2005-11-05 00:53 . 2008-12-16 12:47 351232 c:\windows\system32\winhttp.dll
+ 2005-11-05 02:26 . 2009-02-06 09:41 227840 c:\windows\system32\wbem\wmiprvse.exe
+ 2005-11-05 02:26 . 2009-02-10 22:31 453120 c:\windows\system32\wbem\wmiprvsd.dll
+ 2005-11-05 02:26 . 2009-02-09 10:01 473088 c:\windows\system32\wbem\fastprox.dll
+ 2005-11-05 00:53 . 2009-06-26 15:59 620032 c:\windows\system32\urlmon.dll
+ 2005-11-05 00:53 . 2009-06-26 15:59 474112 c:\windows\system32\shlwapi.dll
- 2005-11-05 00:53 . 2008-10-16 10:20 474112 c:\windows\system32\shlwapi.dll
+ 2005-11-05 00:53 . 2009-02-06 10:22 110592 c:\windows\system32\services.exe
- 2005-11-05 00:53 . 2007-04-25 14:21 144896 c:\windows\system32\schannel.dll
+ 2005-11-05 00:53 . 2008-12-05 07:12 144896 c:\windows\system32\schannel.dll
+ 2005-11-05 00:53 . 2009-02-09 10:01 401408 c:\windows\system32\rpcss.dll
- 2005-11-05 00:53 . 2007-07-09 13:09 584192 c:\windows\system32\rpcrt4.dll
+ 2005-11-05 00:53 . 2009-04-15 15:11 584192 c:\windows\system32\rpcrt4.dll
+ 2005-11-05 00:53 . 2009-03-06 14:00 284160 c:\windows\system32\pdh.dll
+ 2005-11-05 00:53 . 2009-02-09 10:01 715264 c:\windows\system32\ntdll.dll
- 2005-11-05 00:52 . 2008-10-16 10:20 532480 c:\windows\system32\mstime.dll
+ 2005-11-05 00:52 . 2009-06-26 15:59 532480 c:\windows\system32\mstime.dll
- 2005-11-05 00:52 . 2008-10-16 10:20 146432 c:\windows\system32\msrating.dll
+ 2005-11-05 00:52 . 2009-06-26 15:59 146432 c:\windows\system32\msrating.dll
- 2005-11-05 00:52 . 2008-10-16 10:20 449024 c:\windows\system32\mshtmled.dll
+ 2005-11-05 00:52 . 2009-06-26 15:59 449024 c:\windows\system32\mshtmled.dll
+ 2005-11-05 02:26 . 2008-06-12 13:47 161792 c:\windows\system32\msdtcuiu.dll
+ 2005-11-05 02:26 . 2008-06-12 13:47 956928 c:\windows\system32\msdtctm.dll
+ 2005-11-05 02:26 . 2008-06-12 13:47 428032 c:\windows\system32\msdtcprx.dll
+ 2009-07-18 03:21 . 2009-07-18 03:21 257440 c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2005-11-05 00:52 . 2009-02-09 10:01 728576 c:\windows\system32\lsasrv.dll
+ 2005-11-05 00:52 . 2009-05-07 15:44 344064 c:\windows\system32\localspl.dll
+ 2005-11-05 00:52 . 2009-03-21 14:18 986112 c:\windows\system32\kernel32.dll
+ 2005-11-05 00:52 . 2009-06-26 15:59 251904 c:\windows\system32\iepeers.dll
- 2005-11-05 00:52 . 2008-10-16 10:20 251904 c:\windows\system32\iepeers.dll
+ 2005-11-05 00:52 . 2009-06-26 15:59 205312 c:\windows\system32\dxtrans.dll
- 2005-11-05 00:52 . 2008-10-16 10:20 205312 c:\windows\system32\dxtrans.dll
- 2005-11-05 00:52 . 2008-10-16 10:20 357888 c:\windows\system32\dxtmsft.dll
+ 2005-11-05 00:52 . 2009-06-26 15:59 357888 c:\windows\system32\dxtmsft.dll
+ 2009-02-10 22:31 . 2009-02-10 22:31 453120 c:\windows\system32\dllcache\wmiprvsd.dll
+ 2006-05-10 05:25 . 2009-06-26 15:59 668160 c:\windows\system32\dllcache\wininet.dll
+ 2008-12-16 12:47 . 2008-12-16 12:47 351232 c:\windows\system32\dllcache\winhttp.dll
+ 2006-05-10 05:25 . 2009-06-26 15:59 620032 c:\windows\system32\dllcache\urlmon.dll
+ 2005-11-05 00:54 . 2007-06-27 02:10 317440 c:\windows\system32\dllcache\unregmp2.exe
- 2006-05-10 05:25 . 2008-10-16 10:20 474112 c:\windows\system32\dllcache\shlwapi.dll
+ 2006-05-10 05:25 . 2009-06-26 15:59 474112 c:\windows\system32\dllcache\shlwapi.dll
- 2007-04-25 14:21 . 2007-04-25 14:21 144896 c:\windows\system32\dllcache\schannel.dll
+ 2007-04-25 14:21 . 2008-12-05 07:12 144896 c:\windows\system32\dllcache\schannel.dll
- 2007-10-10 01:14 . 2007-07-09 13:09 584192 c:\windows\system32\dllcache\rpcrt4.dll
+ 2007-10-10 01:14 . 2009-04-15 15:11 584192 c:\windows\system32\dllcache\rpcrt4.dll
- 2006-05-10 05:25 . 2008-10-16 10:20 532480 c:\windows\system32\dllcache\mstime.dll
+ 2006-05-10 05:25 . 2009-06-26 15:59 532480 c:\windows\system32\dllcache\mstime.dll
- 2006-05-10 05:25 . 2008-10-16 10:20 146432 c:\windows\system32\dllcache\msrating.dll
+ 2006-05-10 05:25 . 2009-06-26 15:59 146432 c:\windows\system32\dllcache\msrating.dll
+ 2006-05-10 05:25 . 2009-06-26 15:59 449024 c:\windows\system32\dllcache\mshtmled.dll
- 2006-05-10 05:25 . 2008-10-16 10:20 449024 c:\windows\system32\dllcache\mshtmled.dll
+ 2008-06-12 13:47 . 2008-06-12 13:47 161792 c:\windows\system32\dllcache\msdtcuiu.dll
+ 2008-06-12 13:47 . 2008-06-12 13:47 956928 c:\windows\system32\dllcache\msdtctm.dll
+ 2008-06-12 13:47 . 2008-06-12 13:47 428032 c:\windows\system32\dllcache\msdtcprx.dll
+ 2006-08-17 12:28 . 2009-02-09 10:01 728576 c:\windows\system32\dllcache\lsasrv.dll
+ 2009-05-07 15:44 . 2009-05-07 15:44 344064 c:\windows\system32\dllcache\localspl.dll
+ 2006-07-05 10:55 . 2009-03-21 14:18 986112 c:\windows\system32\dllcache\kernel32.dll
+ 2006-05-10 05:25 . 2009-06-26 15:59 251904 c:\windows\system32\dllcache\iepeers.dll
- 2006-05-10 05:25 . 2008-10-16 10:20 251904 c:\windows\system32\dllcache\iepeers.dll
- 2006-05-10 05:25 . 2008-10-16 10:20 205312 c:\windows\system32\dllcache\dxtrans.dll
+ 2006-05-10 05:25 . 2009-06-26 15:59 205312 c:\windows\system32\dllcache\dxtrans.dll
+ 2006-05-10 05:25 . 2009-06-26 15:59 357888 c:\windows\system32\dllcache\dxtmsft.dll
- 2006-05-10 05:25 . 2008-10-16 10:20 357888 c:\windows\system32\dllcache\dxtmsft.dll
- 2006-05-10 05:25 . 2008-10-16 10:20 151040 c:\windows\system32\dllcache\cdfview.dll
+ 2006-05-10 05:25 . 2009-06-26 15:59 151040 c:\windows\system32\dllcache\cdfview.dll
+ 2005-11-05 00:52 . 2009-06-26 15:59 151040 c:\windows\system32\cdfview.dll
- 2005-11-05 00:52 . 2008-10-16 10:20 151040 c:\windows\system32\cdfview.dll
+ 2005-11-05 00:52 . 2009-02-09 10:01 617984 c:\windows\system32\advapi32.dll
+ 2005-11-05 00:54 . 2007-06-27 02:10 317440 c:\windows\inf\unregmp2.exe
+ 2005-11-05 00:53 . 2009-04-17 09:58 1846656 c:\windows\system32\win32k.sys
+ 2005-11-05 00:53 . 2008-07-03 13:03 8460800 c:\windows\system32\shell32.dll
+ 2005-11-05 00:53 . 2009-07-18 16:00 1509888 c:\windows\system32\shdocvw.dll
+ 2005-11-05 00:53 . 2009-02-06 10:32 2186112 c:\windows\system32\ntoskrnl.exe
+ 2004-08-03 22:59 . 2009-02-06 09:49 2062976 c:\windows\system32\ntkrnlpa.exe
+ 2005-11-05 00:52 . 2009-07-18 16:00 3069440 c:\windows\system32\mshtml.dll
+ 2009-07-18 03:21 . 2009-07-18 03:21 3883424 c:\windows\system32\Macromed\Flash\NPSWF32.dll
- 2009-04-04 04:42 . 2009-04-04 04:42 1478632 c:\windows\system32\FNTCACHE.DAT
+ 2009-04-04 04:42 . 2009-08-11 21:23 1478632 c:\windows\system32\FNTCACHE.DAT
+ 2007-03-08 13:47 . 2009-04-17 09:58 1846656 c:\windows\system32\dllcache\win32k.sys
+ 2005-11-05 00:53 . 2008-07-03 13:03 8460800 c:\windows\system32\dllcache\shell32.dll
+ 2006-05-29 15:32 . 2009-07-18 16:00 1509888 c:\windows\system32\dllcache\shdocvw.dll
+ 2007-10-29 22:43 . 2009-06-03 19:27 1290752 c:\windows\system32\dllcache\quartz.dll
+ 2006-12-19 14:17 . 2009-02-06 10:32 2186112 c:\windows\system32\dllcache\ntoskrnl.exe
+ 2006-12-19 12:55 . 2009-02-06 09:49 2020864 c:\windows\system32\dllcache\ntkrpamp.exe
+ 2006-12-19 12:55 . 2009-02-06 09:49 2062976 c:\windows\system32\dllcache\ntkrnlpa.exe
+ 2006-12-19 14:15 . 2009-02-06 10:29 2142720 c:\windows\system32\dllcache\ntkrnlmp.exe
+ 2006-05-19 15:06 . 2009-07-18 16:00 3069440 c:\windows\system32\dllcache\mshtml.dll
- 2006-05-10 05:25 . 2008-10-16 10:20 1054208 c:\windows\system32\dllcache\danim.dll
+ 2006-05-10 05:25 . 2009-06-26 15:59 1054208 c:\windows\system32\dllcache\danim.dll
+ 2006-05-10 05:25 . 2009-06-26 15:59 1024000 c:\windows\system32\dllcache\browseui.dll
- 2006-05-10 05:25 . 2008-10-16 10:20 1024000 c:\windows\system32\dllcache\browseui.dll
+ 2005-11-05 00:52 . 2009-06-26 15:59 1054208 c:\windows\system32\danim.dll
- 2005-11-05 00:52 . 2008-10-16 10:20 1054208 c:\windows\system32\danim.dll
+ 2005-11-05 00:52 . 2009-06-26 15:59 1024000 c:\windows\system32\browseui.dll
- 2005-11-05 00:52 . 2008-10-16 10:20 1024000 c:\windows\system32\browseui.dll
+ 2005-11-05 02:48 . 2009-02-06 10:32 2186112 c:\windows\Driver Cache\i386\ntoskrnl.exe
+ 2005-11-05 02:48 . 2009-02-06 09:49 2020864 c:\windows\Driver Cache\i386\ntkrpamp.exe
+ 2005-11-05 02:48 . 2009-02-06 09:49 2062976 c:\windows\Driver Cache\i386\ntkrnlpa.exe
+ 2005-11-05 02:48 . 2009-02-06 10:29 2142720 c:\windows\Driver Cache\i386\ntkrnlmp.exe
+ 2005-11-05 00:54 . 2008-11-11 22:34 10838016 c:\windows\system32\wmp.dll
+ 2007-07-15 01:19 . 2009-07-07 12:10 24539592 c:\windows\system32\MRT.exe
+ 2005-11-05 00:54 . 2008-11-11 22:34 10838016 c:\windows\system32\dllcache\wmp.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2004-12-30 65536]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-18 68856]
"ShutterflyStudio"="c:\program files\Shutterfly\Studio\BIN\SFlyStudio.exe" [2007-03-06 2496512]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-06 344064]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-14 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-14 688218]
"THotkey"="c:\program files\Toshiba\Toshiba Applet\thotkey.exe" [2005-11-25 352256]
"Tvs"="c:\program files\Toshiba\Tvs\TvsTray.exe" [2005-11-10 73728]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-08-01 122940]
"SmoothView"="c:\program files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe" [2005-04-27 122880]
"Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2007-06-06 936960]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-03-06 177472]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-06-23 1948440]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"MSConfig"="c:\windows\pchealth\helpctr\Binaries\MSCONFIG.EXE" [2004-08-04 158208]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2007-06-09 185896]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2005-11-10 15473664]
"NDSTray.exe"="NDSTray.exe" [BU]
"TFncKy"="TFncKy.exe" [BU]
"TPSMain"="TPSMain.exe" - c:\windows\system32\TPSMain.exe [2005-06-01 282624]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
RAMASST.lnk - c:\windows\system32\RAMASST.exe [2005-11-4 155648]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-06-23 01:40 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak software updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak software updater.lnk
backup=c:\windows\pss\Kodak software updater.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Home^Start Menu^Programs^Startup^Picture Motion Browser Media Check Tool.lnk]
path=c:\documents and settings\Home\Start Menu\Programs\Startup\Picture Motion Browser Media Check Tool.lnk
backup=c:\windows\pss\Picture Motion Browser Media Check Tool.lnkStartup

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"SpybotSD TeaTimer"=c:\program files\Spybot - Search & Destroy\TeaTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"AGRSMMSG"=AGRSMMSG.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\TOSHIBA\\ivp\\NetInt\\Netint.exe"=
"c:\\TOSHIBA\\Ivp\\ISM\\pinger.exe"= c:\\TOSHIBA\\IVP\\ISM\\pinger.exe
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2/15/2009 2:10 PM 335752]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2/15/2009 2:10 PM 108552]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/28/2009 10:53 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/28/2009 10:53 AM 72944]
R2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [7/12/2009 3:19 PM 907032]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [6/22/2009 9:40 PM 298776]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [12/25/2008 1:37 PM 18560]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [7/28/2009 10:53 AM 7408]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2009-04-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

2008-07-27 c:\windows\Tasks\Microsoft_Hardware_Launch_IPoint_exe.job
- c:\program files\Microsoft IntelliPoint\ipoint.exe [2007-08-31 19:01]
.
.
------- Supplementary Scan -------
.
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.yahoo.com/
uSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost;*.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Home\Application Data\Mozilla\Firefox\Profiles\kudntcqt.default\
FF - prefs.js: browser.startup.homepage - www.yahoo.com
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?btnG=Google+Search&q=
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPUploader.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-13 22:08
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
ShutterflyStudio = c:\program files\Shutterfly\Studio\BIN\SFlyStudio.exe /trayonly?mmand:?10?????????????????????????????es\Shutterfly\Studio\BIN\mmpartner_langres.dll?1\T??????????udio Event - ?\L?C????UNIQUE_GEN_LISTENER_LOCK_NAME?AM??????????????????=C??????????re????tt??fly\

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(556)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-08-14 22:11
ComboFix-quarantined-files.txt 2009-08-14 02:11
ComboFix2.txt 2009-08-09 16:56
ComboFix3.txt 2009-08-09 16:27

Pre-Run: 12,118,929,408 bytes free
Post-Run: 12,060,143,616 bytes free

581 --- E O F --- 2009-08-11 21:05
OhioLion
Active Member
 
Posts: 8
Joined: August 2nd, 2009, 11:41 pm

Re: New Window Opens with Random Ads

Unread postby Shaba » August 13th, 2009, 11:46 pm

Please go to ESET Online Scanner - © ESET All Rights Reserved... to run an online scan.
Note: You - will - need to use Internet Explorer for this scan!
  1. Check the box next to "YES, I accept the Terms of Use."
  2. Click "Start"
  3. Click Yes... at the run ActiveX prompt. Click Install... at the install ActiveX prompt.
    Once installed, the scanner will be initialized.
  4. Click "Start". Make sure that the options:
    • Remove found threats is UNCHECKED
    • Scan unwanted applications is CHECKED
  5. Click "Scan"
  6. Wait for the scan to finish... it may take a while... please be patient. When the scan is finished...
  7. Use Notepad to open the log file located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste the contents of log.txt in your next reply.
User avatar
Shaba
Admin/Teacher Emeritus
 
Posts: 26974
Joined: March 24th, 2006, 4:42 am
Location: Finland

Re: New Window Opens with Random Ads

Unread postby OhioLion » August 14th, 2009, 11:08 pm

ESET scan results below.

C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\productinfo.dll Win32/Adware.DoubleD application
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\Setup.exe Win32/Adware.DoubleD application
C:\Documents and Settings\Home\Local Settings\Temporary Internet Files\{5617ECA9-488D-4BA2-8562-9710B9AB78D2}\stbup.exe Win32/Adware.DoubleD application
OhioLion
Active Member
 
Posts: 8
Joined: August 2nd, 2009, 11:41 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 27 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware