Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Slow Computer and Google redirects

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Slow Computer and Google redirects

Unread postby jmw3 » February 13th, 2010, 7:34 pm

Hi

Fix HiJackThis Entries
  • Open HiJackThis
  • Click on Do a system scan only
  • Place a checkmark next to these lines(if still present):
O24 - Desktop Component AutorunsDisabled: (no name) - (no file)

  • Close all windows except Hijackthis and click Fix Checked
  • Click Yes when prompted
  • Close HijackThis.
Reboot.

Ensure that what ever is usually plugged in to your F Drive is plugged in.

CFScript
Close any open browsers.
Open notepad and copy/paste the text in the code box below into it:

Code: Select all
File::
c:\documents and settings\All Users\Application Data\Webroot\lobam3430605.exe
C:\Documents and Settings\lobam\Desktop\New WinRAR ZIP archive.zip
C:\Documents and Settings\lobam\Desktop\recovered_New WinRAR ZIP archive.zip
F:\Programs\HostsFileUpdater.exe
F:\Music\Downloads\mIRC v6.35 WinAll Cracked-DEViLiSiON\m_irc-1635.rar
Folder::
c:\program files\Webroot
c:\documents and settings\All Users\Application Data\Webroot
Driver::
.1257375363SsTR

Save this as CFScript.txt, in the same location as ComboFix.exe

Image

Refering to the picture above, drag CFScript into ComboFix.exe
If prompted by ComboFix to update, please do so
When finished, it shall produce a log for you at "C:\ComboFix.txt"
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall
A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


Download the Webroot SpySweeper Removal Tool from Here & save the zipe file to your desktop.
  • Once downloaded open the folder SSECleanup.zip then double-click SSECleanup.exe
  • A Window will pop up. Once this happens wait until the window closes itself. SpySweeper & all of it's components should now be removed

To post in next reply:
ComboFix log
New HijackThis log
Let me know if SpySweeper is still running
Update on how the computer is running
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia
Advertisement
Register to Remove

Re: Slow Computer and Google redirects

Unread postby lobam » February 14th, 2010, 1:59 am

Logs double posted
Last edited by lobam on February 14th, 2010, 4:23 am, edited 1 time in total.
lobam
Regular Member
 
Posts: 16
Joined: February 3rd, 2010, 5:59 am

Re: Slow Computer and Google redirects

Unread postby lobam » February 14th, 2010, 4:21 am

Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 11:54:19 PM, on 2/13/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\PixArt\PAC207\Monitor.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\PROGRAM FILES\DAEMON TOOLS LITE\DTLite.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\MediaMonkey\MediaMonkey.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe
C:\Program Files\FoxyTunes\FoxyTunesEngine\1.0.0.7271_{8879AF23-CB58-40C2-82CD-5359348C98C7}\FoxyTunesEngine.exe
C:\WINDOWS\system32\taskmgr.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IgfxTray] "C:\WINDOWS\system32\igfxtray.exe"
O4 - HKLM\..\Run: [HotKeysCmds] "C:\WINDOWS\system32\hkcmd.exe"
O4 - HKLM\..\Run: [Monitor] "C:\WINDOWS\PixArt\PAC207\Monitor.exe"
O4 - HKLM\..\Run: [SoundMan] "SOUNDMAN.EXE"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [WinPatrol PLUS] "C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" -expressboot
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\lobam\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\PROGRAM FILES\DAEMON TOOLS LITE\DTLite.exe" -autorun
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} (diskhealth Class) - http://utilities.pcpitstop.com/DiskMD3/DiskMD3Ctrl.dll
O16 - DPF: {A27C56D2-3F58-4ABB-AA31-1168EDA6636F} (PCMaticVer Class) - http://utilities.pcpitstop.com/Nirvana/ ... cmatic.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O24 - Desktop Component AutorunsDisabled: (no name) - (no file)

--
End of file - 4673 bytes


ComboFix 10-02-12.01 - lobam 02/13/2010 18:34:35.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.759.514 [GMT -6:00]
Running from: c:\documents and settings\lobam\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\lobam\Desktop\CFScript.txt

FILE ::
"c:\documents and settings\All Users\Application Data\Webroot\lobam3430605.exe"
"c:\documents and settings\lobam\Desktop\New WinRAR ZIP archive.zip"
"c:\documents and settings\lobam\Desktop\recovered_New WinRAR ZIP archive.zip"
"f:\music\Downloads\mIRC v6.35 WinAll Cracked-DEViLiSiON\m_irc-1635.rar"
"f:\programs\HostsFileUpdater.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\Webroot
c:\documents and settings\All Users\Application Data\Webroot\lobam3430605.exe
c:\documents and settings\lobam\Desktop\New WinRAR ZIP archive.zip
c:\documents and settings\lobam\Desktop\recovered_New WinRAR ZIP archive.zip
c:\program files\Webroot
f:\music\Downloads\mIRC v6.35 WinAll Cracked-DEViLiSiON\m_irc-1635.rar
f:\programs\HostsFileUpdater.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_.1257375363SsTR


((((((((((((((((((((((((( Files Created from 2010-01-14 to 2010-02-14 )))))))))))))))))))))))))))))))
.

2010-02-13 19:27 . 2010-02-13 19:27 -------- d-----w- c:\program files\Bluetack
2010-02-10 22:28 . 2010-02-10 22:28 -------- d-----w- c:\documents and settings\lobam\Application Data\FoxyTunes
2010-02-10 22:28 . 2010-02-10 22:28 -------- d-----w- c:\program files\FoxyTunes
2010-02-10 03:59 . 2010-01-14 17:12 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-02-10 03:42 . 2010-02-10 03:42 -------- d-----w- c:\program files\Windows Defender
2010-02-10 02:39 . 2010-02-10 02:39 161296 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-02-10 02:18 . 2010-02-10 02:29 -------- d-----w- c:\documents and settings\All Users\Application Data\PCPitstop
2010-02-10 02:05 . 2010-02-10 02:48 -------- d-----w- c:\program files\PCPitstop
2010-02-09 22:34 . 2010-02-12 00:39 -------- d-----w- c:\documents and settings\lobam\Local Settings\Application Data\Temp
2010-02-09 22:34 . 2010-02-09 22:37 -------- d-----w- c:\documents and settings\lobam\Local Settings\Application Data\Google
2010-02-08 21:32 . 2003-03-01 00:26 139536 ----a-w- c:\windows\system32\javaee.dll
2010-02-08 20:33 . 2010-02-08 20:36 -------- d-----w- c:\program files\Java
2010-02-08 20:32 . 2010-02-08 20:32 -------- d-----w- c:\program files\Common Files\Java
2010-02-08 05:29 . 2010-02-08 05:43 -------- d-----w- C:\ie-spyad_zo
2010-02-07 22:30 . 2010-02-07 22:30 -------- d-----w- c:\documents and settings\lobam\Application Data\HD Tune Pro
2010-02-07 22:26 . 2010-02-07 22:26 -------- d-----w- c:\program files\HD Tune Pro
2010-02-07 22:26 . 2010-02-07 22:26 -------- d-----w- c:\program files\SpeeDefrag
2010-02-07 22:26 . 2008-05-01 00:40 208994 ----a-w- c:\windows\system32\xpsf.exe
2010-02-07 22:26 . 2008-05-01 00:40 151648 ----a-w- c:\windows\system32\xpsf2.exe
2010-02-07 22:26 . 2007-03-27 21:52 20480 ----a-w- c:\windows\system32\psf.exe
2010-02-07 22:26 . 2007-03-27 21:51 24576 ----a-w- c:\windows\system32\mvistasf.exe
2010-02-07 22:26 . 2004-04-12 23:26 151634 ----a-w- c:\windows\system32\sson.exe
2010-02-07 22:26 . 2010-02-07 22:26 -------- d-----w- c:\program files\Defraggler
2010-02-07 13:43 . 2010-02-07 13:43 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-02-07 13:38 . 2010-02-07 13:38 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Yahoo
2010-02-07 08:21 . 2010-02-07 08:21 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-02-07 07:05 . 2010-02-07 19:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2010-02-07 06:10 . 2010-02-07 06:10 -------- d-sh--w- c:\documents and settings\lobam\IECompatCache
2010-02-07 05:49 . 2010-01-25 20:32 114360 ----a-w- c:\documents and settings\lobam\Application Data\Mozilla\Firefox\Profiles\zjp96wl0.myb\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}\components\XpcomOpusConnector.dll
2010-02-07 03:47 . 2008-04-14 00:12 53760 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2010-02-07 03:47 . 2008-04-14 00:12 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
2010-02-07 03:43 . 2006-11-03 16:59 48128 ----a-w- c:\windows\system32\Remove.exe
2010-02-07 03:43 . 2010-02-07 03:43 -------- d-----w- c:\windows\PixArt
2010-02-07 03:43 . 2010-02-07 03:43 -------- d-----w- c:\program files\Common Files\PAC207
2010-02-07 03:43 . 2010-02-07 03:43 -------- d-----w- c:\program files\Basic Webcam
2010-02-07 03:42 . 2010-02-13 19:26 -------- d-----w- c:\windows\Downloaded Installations
2010-02-07 03:42 . 2010-02-07 03:42 -------- d-----w- c:\program files\BestOn
2010-02-06 03:58 . 2010-02-06 03:58 -------- d-----w- c:\program files\FileHippo.com
2010-02-05 14:38 . 2010-02-05 14:38 -------- d-----w- c:\documents and settings\Administrator\Application Data\SiteHound
2010-02-05 14:38 . 2010-02-05 14:38 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2010-02-05 14:37 . 2010-02-05 14:37 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-02-05 14:29 . 2003-06-25 22:05 266360 ----a-w- c:\windows\system32\TweakUI.exe
2010-02-05 13:36 . 2010-02-07 06:55 -------- d-----w- c:\documents and settings\lobam\Application Data\AVG7
2010-02-05 13:36 . 2010-02-05 13:36 -------- d-----w- c:\documents and settings\LocalService\Application Data\AVG7
2010-02-05 13:36 . 2010-02-05 13:36 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-02-05 13:35 . 2010-02-07 06:59 -------- d-----w- c:\documents and settings\All Users\Application Data\avg7
2010-02-05 12:40 . 2010-02-05 12:41 -------- d-----w- c:\documents and settings\lobam\Application Data\SiteHound
2010-02-05 12:40 . 2010-02-05 12:40 -------- d-----w- c:\program files\FireTrust
2010-02-04 20:08 . 2008-04-14 00:12 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-02-04 18:17 . 2010-02-04 18:17 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-02-04 17:47 . 2010-02-04 18:07 -------- d-----w- c:\documents and settings\lobam\Application Data\TrueSwitch
2010-02-04 17:47 . 2010-02-04 18:07 -------- d-----w- c:\program files\TrueSwitchEsaya
2010-02-04 16:49 . 2009-12-11 08:38 69120 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-02-04 16:47 . 2009-12-21 19:14 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-02-04 16:47 . 2009-12-21 19:14 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-02-04 16:47 . 2009-12-21 19:14 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-02-04 16:47 . 2009-12-21 19:14 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-02-04 16:47 . 2009-12-21 19:14 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-02-04 16:47 . 2009-12-21 19:14 11070464 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-02-04 16:44 . 2010-02-04 16:47 -------- dc-h--w- c:\windows\ie8
2010-02-03 17:45 . 2010-02-03 17:48 -------- d-----w- c:\program files\BSCCleanitol
2010-02-03 17:41 . 2010-02-03 17:41 535 ----a-w- c:\windows\eReg.dat
2010-02-03 17:41 . 2010-02-03 17:41 -------- d-----w- c:\program files\Maxis
2010-02-03 17:28 . 2010-02-06 23:40 25992 ----a-w- c:\windows\system32\pgdfgsvc.exe
2010-02-03 17:26 . 2010-02-03 17:26 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-02-03 17:26 . 2010-02-03 17:26 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-02-03 17:25 . 2010-02-03 17:38 -------- d-----w- c:\documents and settings\lobam\Application Data\DAEMON Tools Lite
2010-02-03 17:25 . 2010-02-03 17:26 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2010-02-03 15:12 . 2010-02-03 15:12 -------- d-----w- c:\documents and settings\lobam\Application Data\WinPatrol
2010-02-03 15:12 . 2009-11-04 22:53 0 ----a-w- c:\documents and settings\lobam\Application Data\WinPatrol\Config.sys
2010-02-03 15:12 . 2009-11-04 22:53 0 ----a-w- c:\documents and settings\lobam\Application Data\WinPatrol\Autoexec.bat
2010-02-03 15:11 . 2010-02-03 15:11 -------- d-----w- c:\program files\BillP Studios
2010-02-03 14:35 . 2010-02-08 06:27 -------- d-----w- c:\program files\SpywareBlaster
2010-02-03 14:13 . 2010-02-03 14:17 -------- d-----w- c:\documents and settings\lobam\Application Data\QuickScan
2010-02-03 14:12 . 2010-01-11 23:33 789320 ----a-w- c:\documents and settings\lobam\Application Data\Mozilla\Firefox\Profiles\zjp96wl0.myb\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
2010-02-03 14:12 . 2010-01-11 23:32 698184 ----a-w- c:\documents and settings\lobam\Application Data\Mozilla\Firefox\Profiles\zjp96wl0.myb\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\bdqscan.dll
2010-02-03 14:01 . 2010-02-03 14:01 -------- d-----w- c:\windows\Sun
2010-02-03 14:00 . 2010-02-03 14:00 348160 ----a-w- c:\documents and settings\lobam\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7090a508-n\msvcr71.dll
2010-02-03 14:00 . 2010-02-03 14:00 503808 ----a-w- c:\documents and settings\lobam\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7090a508-n\msvcp71.dll
2010-02-03 14:00 . 2010-02-03 14:00 499712 ----a-w- c:\documents and settings\lobam\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-7090a508-n\jmc.dll
2010-02-03 14:00 . 2010-02-03 14:00 61440 ----a-w- c:\documents and settings\lobam\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-335a04df-n\decora-sse.dll
2010-02-03 14:00 . 2010-02-03 14:00 12800 ----a-w- c:\documents and settings\lobam\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-335a04df-n\decora-d3d.dll
2010-02-03 14:00 . 2010-02-08 20:33 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-03 09:17 . 2010-02-03 09:17 -------- d-----w- c:\documents and settings\All Users\Application Data\abelhadigital.com
2010-02-03 09:17 . 2010-02-03 09:17 -------- d-----w- c:\documents and settings\lobam\Application Data\abelhadigital.com
2010-02-03 07:20 . 2010-02-12 03:47 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-02-03 07:20 . 2010-02-12 03:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-02-03 07:05 . 2010-02-03 07:05 388096 ----a-r- c:\documents and settings\lobam\Application Data\Microsoft\Installer\{0761C9A8-8F3A-4216-B4A7-B7AFBF24A24A}\HiJackThis.exe
2010-02-03 07:05 . 2010-02-03 07:05 -------- d-----w- c:\program files\TrendMicro
2010-01-22 03:06 . 2010-02-14 00:16 -------- d-----w- c:\documents and settings\lobam\Local Settings\Application Data\MediaMonkey
2010-01-22 03:06 . 2010-02-11 06:44 -------- d-----w- c:\program files\MediaMonkey
2010-01-22 00:52 . 2010-01-22 00:52 -------- d-----w- c:\program files\CCleaner

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-14 00:21 . 2009-11-15 13:00 13560 ----a-w- c:\documents and settings\lobam\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-13 00:58 . 2009-11-13 09:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-12 12:45 . 2009-11-15 05:04 -------- d-----w- c:\program files\Morpheus Photo Morpher
2010-02-09 02:03 . 2009-11-18 10:49 -------- d-----w- c:\program files\Common Files\CUIDriver
2010-02-08 22:44 . 2009-11-16 14:56 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-02-08 22:23 . 2009-11-07 21:33 -------- d-----w- c:\program files\iMacros
2010-02-08 22:22 . 2009-11-16 15:07 -------- d-----w- c:\program files\Hide Your IP Address
2010-02-08 21:32 . 2010-02-08 21:32 2678 ----a-w- c:\windows\java\Packages\Data\A2PVF7TB.DAT
2010-02-08 21:32 . 2010-02-08 21:32 2678 ----a-w- c:\windows\java\Packages\Data\YL79BNT3.DAT
2010-02-08 21:32 . 2010-02-08 21:32 2678 ----a-w- c:\windows\java\Packages\Data\SCM73HJ5.DAT
2010-02-08 21:32 . 2010-02-08 21:32 2678 ----a-w- c:\windows\java\Packages\Data\1JHRN7J9.DAT
2010-02-08 21:32 . 2010-02-08 21:32 2678 ----a-w- c:\windows\java\Packages\Data\N97TVTFJ.DAT
2010-02-08 20:55 . 2010-02-08 20:55 2232 ----a-w- c:\windows\java\Packages\Data\BHRVB73X.DAT
2010-02-08 20:55 . 2010-02-08 20:55 155995 ----a-w- c:\windows\java\Packages\QKQ5ZBLR.ZIP
2010-02-08 06:05 . 2009-11-06 08:20 -------- d-----w- c:\documents and settings\lobam\Application Data\mIRC
2010-02-08 04:35 . 2009-11-06 08:20 -------- d-----w- c:\program files\mIRC
2010-02-07 06:48 . 2009-11-13 07:36 -------- d-----w- c:\documents and settings\lobam\Application Data\SUPERAntiSpyware.com
2010-02-07 06:48 . 2009-11-13 07:36 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-02-07 03:42 . 2009-11-05 10:17 -------- d-----w- c:\program files\Common Files\InstallShield
2010-02-07 03:42 . 2009-11-05 10:17 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-01-22 01:01 . 2009-11-16 14:35 -------- d-----w- c:\program files\Software Informer
2010-01-22 00:56 . 2009-11-15 13:04 -------- d-----w- c:\documents and settings\All Users\Application Data\DriverScanner
2010-01-22 00:56 . 2009-11-15 13:03 -------- d-----w- c:\documents and settings\lobam\Application Data\Uniblue
2010-01-22 00:55 . 2009-11-15 13:00 -------- d-----w- c:\program files\Uniblue
2010-01-22 00:53 . 2009-11-05 03:57 -------- d-----w- c:\program files\Yahoo!
2010-01-22 00:53 . 2009-11-05 03:59 -------- d--h--r- c:\documents and settings\lobam\Application Data\yahoo!
2010-01-22 00:48 . 2009-11-08 21:40 -------- d-----w- c:\program files\MYB Money Maker
2010-01-11 07:24 . 2009-11-14 22:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2010-01-11 07:22 . 2010-01-11 06:57 -------- d-----w- c:\documents and settings\All Users\Application Data\NexonUS
2010-01-11 07:22 . 2010-01-11 07:22 -------- d-----w- c:\documents and settings\All Users\Application Data\Nexon
2010-01-11 06:57 . 2010-01-11 06:57 90112 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
2010-01-11 06:57 . 2010-01-11 06:57 561152 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGMDll.dll
2010-01-11 06:57 . 2010-01-11 06:57 393216 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGMResource.dll
2010-01-11 06:57 . 2010-01-11 06:57 258352 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\unicows.dll
2010-01-11 06:57 . 2010-01-11 06:57 118784 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\nxgameus.dll
2010-01-11 06:57 . 2010-01-11 06:57 167936 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGM.exe
2010-01-11 04:15 . 2010-01-11 04:15 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2010-01-07 17:42 . 2010-01-07 17:42 374072 ----a-w- c:\documents and settings\All Users\Application Data\Yahoo!\Messenger\Plugin\d0883bf5-42c9-43db-75bc-b12f61028e6f.yplugin\components\FoxyTunesForYMSGRInstallHelper.dll
2010-01-07 17:42 . 2010-01-07 17:42 267576 ----a-w- c:\documents and settings\All Users\Application Data\Yahoo!\Messenger\Plugin\d0883bf5-42c9-43db-75bc-b12f61028e6f.yplugin\components\FoxyTunesUIServices.dll
2010-01-07 17:42 . 2010-01-07 17:42 144696 ----a-w- c:\documents and settings\All Users\Application Data\Yahoo!\Messenger\Plugin\d0883bf5-42c9-43db-75bc-b12f61028e6f.yplugin\components\FTVistaSupport.dll
2009-12-31 16:50 . 2006-02-28 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:14 . 2006-02-28 12:00 916480 ------w- c:\windows\system32\wininet.dll
2009-12-16 18:43 . 2009-11-04 22:47 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08 . 2006-02-28 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-08 19:27 . 2006-02-28 12:00 2189184 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-08 18:43 . 2004-08-03 22:59 2066048 ------w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 18:22 . 2006-02-28 12:00 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-27 17:11 . 2006-02-28 12:00 1291776 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 17:11 . 2004-08-04 00:56 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 16:07 . 2006-02-28 12:00 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:07 . 2001-08-17 22:36 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:07 . 2006-02-28 12:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:07 . 2006-02-28 12:00 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-27 16:07 . 2004-08-04 00:56 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-26 23:12 . 2009-11-26 23:12 13836 ---ha-w- c:\windows\system32\mlfcache.dat
2009-11-21 15:51 . 2006-02-28 12:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-21 12:49 . 2009-11-21 12:49 164 ----a-w- c:\windows\install.dat
2009-11-18 06:55 . 2009-11-04 22:49 22704 ----a-w- c:\windows\system32\emptyregdb.dat
2009-11-16 14:46 . 2009-11-16 14:46 2079 ----a-w- c:\windows\system32\M1achardks.dll
2009-11-16 07:23 . 2009-11-05 11:28 664 ----a-w- c:\windows\system32\d3d9caps.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\lobam\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-02-09 135664]
"DAEMON Tools Lite"="c:\program files\DAEMON TOOLS LITE\DTLite.exe" [2009-10-30 369200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-06-21 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-06-21 126976]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"SoundMan"="SOUNDMAN.EXE" [2007-04-16 577536]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-01-11 246504]
"WinPatrol PLUS"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2009-10-10 320832]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2009-09-10 420176]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\mIRC\\mirc.exe"=
"c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=

R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [2/3/2010 11:26 AM 691696]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [11/13/2009 3:13 AM 269648]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [11/13/2009 3:13 AM 19160]
R3 PAC207;Basic Webcam;c:\windows\system32\drivers\PFC027.SYS [11/20/2006 8:48 AM 506112]
S4 SABKUTIL;SABKUTIL;\??\c:\program files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys --> c:\program files\SuperAdBlocker.com\Super Ad Blocker\SABKUTIL.sys [?]
S4 SASKUTIL;SASKUTIL;\??\c:\program files\SUPERAntiSpyware\SASKUTIL.sys --> c:\program files\SUPERAntiSpyware\SASKUTIL.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2010-02-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-682003330-1844237615-725345543-1004Core.job
- c:\documents and settings\lobam\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-09 22:34]

2010-02-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-682003330-1844237615-725345543-1004UA.job
- c:\documents and settings\lobam\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-09 22:34]

2010-02-14 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 01:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} - hxxp://utilities.pcpitstop.com/DiskMD3/DiskMD3Ctrl.dll
DPF: {A27C56D2-3F58-4ABB-AA31-1168EDA6636F} - hxxp://utilities.pcpitstop.com/Nirvana/ ... cmatic.cab
FF - ProfilePath - c:\documents and settings\lobam\Application Data\Mozilla\Firefox\Profiles\zjp96wl0.myb\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\documents and settings\lobam\Application Data\Mozilla\Firefox\Profiles\zjp96wl0.myb\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}\components\XpcomOpusConnector.dll
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\documents and settings\lobam\Local Settings\Application Data\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-02-13 18:43
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys spkr.sys >>UNKNOWN [0x83B90938]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf76b4f28
\Driver\ACPI -> ACPI.sys @ 0xf751ccb8
\Driver\atapi -> atapi.sys @ 0xf74d7b40
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0598
ParseProcedure -> ntoskrnl.exe @ 0x8056ea15
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a0598
ParseProcedure -> ntoskrnl.exe @ 0x8056ea15
NDIS: Realtek RTL8139/810x Family Fast Ethernet NIC -> SendCompleteHandler -> NDIS.sys @ 0xf73e0bb0
PacketIndicateHandler -> NDIS.sys @ 0xf73eda21
SendHandler -> NDIS.sys @ 0xf73cb87b
user & kernel MBR OK

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(1352)
c:\windows\system32\WININET.dll
c:\program files\BillP Studios\WinPatrol\PATROLPRO.DLL
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wscntfy.exe
c:\windows\SOUNDMAN.EXE
.
**************************************************************************
.
Completion time: 2010-02-13 18:50:07 - machine was rebooted
ComboFix-quarantined-files.txt 2010-02-14 00:50
ComboFix2.txt 2010-02-13 03:40
ComboFix3.txt 2010-02-12 20:22

Pre-Run: 28,696,666,112 bytes free
Post-Run: 28,761,509,888 bytes free

Current=4 Default=4 Failed=2 LastKnownGood=5 Sets=1,2,4,5
- - End Of File - - 346865FA0FE1CF363035383DC77CA50D


spysweeper didnt run this reboot asking about my host file :)

internet doesn't show signs of internet links redirecting though java still acting funny

Quick question that i just remembered..i had tried to install avg 9.0 awhile back but my registry key is locked and i have no read access as computer admin could it have been due 2 the massive amount of malware?
lobam
Regular Member
 
Posts: 16
Joined: February 3rd, 2010, 5:59 am

Re: Slow Computer and Google redirects

Unread postby jmw3 » February 14th, 2010, 10:32 am

Hi

though java still acting funny
???

Quick question that i just remembered..i had tried to install avg 9.0 awhile back but my registry key is locked and i have no read access as computer admin could it have been due 2 the massive amount of malware?
Your DDs logs were showing both of these installed:
AV: Webroot AntiVirus with AntiSpyware *On-access scanning disabled* (Updated) {77E10C7F-2CCA-4187-9394-BDBC267AD597}
AV: Enterprise Suite *On-access scanning enabled* (Updated) {468788B4-0B3A-477F-ADC9-7ECFF4F3EAEA}

Webroot should now be totally uninstalled & Enterprise Suite is a Rogue application that should have been dealt with as I don't see any evidence it's still on your system. What registry key is locked?
Have you tried installing AVG 9 now?
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia

Re: Slow Computer and Google redirects

Unread postby lobam » February 15th, 2010, 11:01 pm

jmw3 wrote:Hi

Quick question that i just remembered..i had tried to install avg 9.0 awhile back but my registry key is locked and i have no read access as computer admin could it have been due 2 the massive amount of malware?
Your DDs logs were showing both of these installed:
AV: Webroot AntiVirus with AntiSpyware *On-access scanning disabled* (Updated) {77E10C7F-2CCA-4187-9394-BDBC267AD597}
AV: Enterprise Suite *On-access scanning enabled* (Updated) {468788B4-0B3A-477F-ADC9-7ECFF4F3EAEA}

Webroot should now be totally uninstalled & Enterprise Suite is a Rogue application that should have been dealt with as I don't see any evidence it's still on your system. What registry key is locked?
Have you tried installing AVG 9 now?



Yes AVG installed this time :) and Webroot doesn't start up asking about my host file anymore.

This was the message though Error: Action failed for registry key HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows: creating registry key....
Error 0x80070005

Do i have any traces of malware left on my computer?
lobam
Regular Member
 
Posts: 16
Joined: February 3rd, 2010, 5:59 am

Re: Slow Computer and Google redirects

Unread postby jmw3 » February 16th, 2010, 12:26 am

Hi

The last logs you provide looked clear, but to put your mind at rest, post a new set of DDS logs & a new Gmer log :)
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia

Re: Slow Computer and Google redirects

Unread postby lobam » February 17th, 2010, 12:13 am

DDS (Ver_09-12-01.01) - NTFSx86
Run by lobam at 20:25:44.13 on Tue 02/16/2010
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.759.235 [GMT -6:00]

AV: AVG Internet Security *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\PixArt\PAC207\Monitor.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\PROGRAM FILES\DAEMON TOOLS LITE\DTLite.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgfws9.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\lobam\Desktop\Malware cleaners\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyOverride = local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/def ... .yahoo.com
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [Google Update] "c:\documents and settings\lobam\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [IgfxTray] "c:\windows\system32\igfxtray.exe"
mRun: [HotKeysCmds] "c:\windows\system32\hkcmd.exe"
mRun: [Monitor] "c:\windows\pixart\pac207\Monitor.exe"
mRun: [SoundMan] "SOUNDMAN.EXE"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [WinPatrol PLUS] "c:\program files\billp studios\winpatrol\winpatrol.exe" -expressboot
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {94E5218F-9737-4FC2-8457-567B1FF23DC0} - hxxp://utilities.pcpitstop.com/DiskMD3/DiskMD3Ctrl.dll
DPF: {A27C56D2-3F58-4ABB-AA31-1168EDA6636F} - hxxp://utilities.pcpitstop.com/Nirvana/ ... cmatic.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxsrvc.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\lobam\applic~1\mozilla\firefox\profiles\zjp96wl0.myb\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - component: c:\documents and settings\lobam\application data\mozilla\firefox\profiles\zjp96wl0.myb\extensions\{81bf1d23-5f17-408d-ac6b-bd6df7caf670}\components\XpcomOpusConnector.dll
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - plugin: c:\documents and settings\all users\application data\nexonus\ngm\npNxGameUS.dll
FF - plugin: c:\documents and settings\lobam\local settings\application data\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [2010-2-14 25608]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2010-2-14 161800]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-2-14 333192]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-2-14 28424]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-2-14 360584]
R2 avg9emc;AVG E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-2-14 906520]
R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-2-14 285392]
R2 avgfws9;AVG Firewall;c:\program files\avg\avg9\avgfws9.exe [2010-2-14 2304192]
R2 AVGIDSAgent;AVG9IDSAgent;c:\program files\avg\avg9\identity protection\agent\bin\AVGIDSAgent.exe [2010-2-14 5832712]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-11-13 269648]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2010-2-14 30104]
R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSDriver.sys [2010-2-14 122376]
R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSFilter.sys [2010-2-14 30216]
R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSShim.sys [2010-2-14 25736]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-11-13 19160]
R3 PAC207;Basic Webcam;c:\windows\system32\drivers\PFC027.SYS [2006-11-20 506112]
S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2010-2-14 30104]
S4 SABKUTIL;SABKUTIL;\??\c:\program files\superadblocker.com\super ad blocker\sabkutil.sys --> c:\program files\superadblocker.com\super ad blocker\SABKUTIL.sys [?]
S4 SASKUTIL;SASKUTIL;\??\c:\program files\superantispyware\saskutil.sys --> c:\program files\superantispyware\SASKUTIL.sys [?]

=============== Created Last 30 ================

2010-02-14 21:38:34 0 d--h--w- C:\$AVG
2010-02-14 21:37:41 25608 ----a-w- c:\windows\system32\drivers\AVGIDSxx.sys
2010-02-14 21:37:40 161800 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-02-14 21:36:26 30104 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
2010-02-14 21:36:25 50968 ----a-w- c:\windows\system32\avgfwdx.dll
2010-02-14 21:36:09 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9
2010-02-14 16:11:55 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-02-14 16:11:53 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-02-14 16:11:43 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-02-14 16:11:29 0 d-----w- c:\windows\system32\drivers\Avg
2010-02-14 16:10:56 0 d-----w- c:\program files\AVG
2010-02-13 19:30:55 251 ----a-w- c:\windows\BissHM.ini
2010-02-13 19:27:01 0 d-----w- c:\program files\Bluetack
2010-02-12 20:03:55 0 d-sha-r- C:\cmdcons
2010-02-10 22:28:45 0 d-----w- c:\docume~1\lobam\applic~1\FoxyTunes
2010-02-10 22:28:35 0 d-----w- c:\program files\FoxyTunes
2010-02-10 03:59:51 181120 ------w- c:\windows\system32\MpSigStub.exe
2010-02-10 03:42:09 1355 ----a-w- c:\windows\imsins.BAK
2010-02-10 02:39:34 161296 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2010-02-10 02:18:57 0 d-----w- c:\docume~1\alluse~1\applic~1\PCPitstop
2010-02-10 02:05:33 0 d-----w- c:\program files\PCPitstop
2010-02-08 21:32:30 139536 ----a-w- c:\windows\system32\javaee.dll
2010-02-08 20:33:41 73728 ----a-w- c:\windows\system32\javacpl.cpl
2010-02-08 05:29:21 0 d-----w- C:\ie-spyad_zo
2010-02-07 22:30:27 0 d-----w- c:\docume~1\lobam\applic~1\HD Tune Pro
2010-02-07 22:26:43 0 d-----w- c:\program files\HD Tune Pro
2010-02-07 22:26:31 24576 ----a-w- c:\windows\system32\mvistasf.exe
2010-02-07 22:26:31 208994 ----a-w- c:\windows\system32\xpsf.exe
2010-02-07 22:26:31 20480 ----a-w- c:\windows\system32\psf.exe
2010-02-07 22:26:31 151648 ----a-w- c:\windows\system32\xpsf2.exe
2010-02-07 22:26:31 151634 ----a-w- c:\windows\system32\sson.exe
2010-02-07 22:26:31 0 d-----w- c:\program files\SpeeDefrag
2010-02-07 22:26:19 0 d-----w- c:\program files\Defraggler
2010-02-07 07:05:47 0 d-----w- c:\docume~1\alluse~1\applic~1\Kaspersky Lab
2010-02-07 06:10:57 0 d-sh--w- c:\documents and settings\lobam\IECompatCache
2010-02-07 03:47:54 91136 -c--a-w- c:\windows\system32\dllcache\kswdmcap.ax
2010-02-07 03:47:54 91136 ----a-w- c:\windows\system32\kswdmcap.ax
2010-02-07 03:47:54 53760 -c--a-w- c:\windows\system32\dllcache\vfwwdm32.dll
2010-02-07 03:47:54 53760 ----a-w- c:\windows\system32\vfwwdm32.dll
2010-02-07 03:47:54 43008 -c--a-w- c:\windows\system32\dllcache\ksxbar.ax
2010-02-07 03:47:54 43008 ----a-w- c:\windows\system32\ksxbar.ax
2010-02-07 03:47:53 61952 -c--a-w- c:\windows\system32\dllcache\kstvtune.ax
2010-02-07 03:47:53 61952 ----a-w- c:\windows\system32\kstvtune.ax
2010-02-07 03:43:26 48128 ----a-w- c:\windows\system32\Remove.exe
2010-02-07 03:43:26 316 ----a-w- c:\windows\system32\Remover.ini
2010-02-07 03:43:17 0 d-----w- c:\windows\PixArt
2010-02-07 03:43:16 0 d-----w- c:\program files\common files\PAC207
2010-02-07 03:43:15 0 d-----w- c:\program files\Basic Webcam
2010-02-07 03:42:49 0 d-----w- c:\windows\Downloaded Installations
2010-02-07 03:42:16 0 d-----w- c:\program files\BestOn
2010-02-06 03:58:56 0 d-----w- c:\program files\FileHippo.com
2010-02-06 03:58:01 3435402 ----a-w- c:\windows\system32\KDDL
2010-02-05 14:29:55 266360 ----a-w- c:\windows\system32\TweakUI.exe
2010-02-05 14:29:55 160217 ----a-w- c:\windows\system32\PowerToysLicense.rtf
2010-02-05 13:36:17 499712 ----a-w- c:\windows\system32\msvcp71.dll
2010-02-05 12:40:36 0 d-----w- c:\docume~1\lobam\applic~1\SiteHound
2010-02-05 12:40:31 0 d-----w- c:\program files\FireTrust
2010-02-04 20:08:22 221184 ----a-w- c:\windows\system32\wmpns.dll
2010-02-04 17:47:54 0 d-----w- c:\docume~1\lobam\applic~1\TrueSwitch
2010-02-04 17:47:39 0 d-----w- c:\program files\TrueSwitchEsaya
2010-02-04 16:49:38 69120 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-02-04 16:47:49 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-02-04 16:47:45 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-02-04 16:47:45 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-02-04 16:47:45 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-02-04 16:47:45 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-02-04 16:47:45 11070464 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-02-04 16:44:01 0 dc-h--w- c:\windows\ie8
2010-02-03 17:45:24 0 d-----w- c:\program files\BSCCleanitol
2010-02-03 17:41:08 535 ----a-w- c:\windows\eReg.dat
2010-02-03 17:41:04 0 d-----w- c:\program files\Maxis
2010-02-03 17:28:44 25992 ----a-w- c:\windows\system32\pgdfgsvc.exe
2010-02-03 17:26:18 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-02-03 17:26:04 0 d-----w- c:\program files\DAEMON Tools Lite
2010-02-03 17:25:58 0 d-----w- c:\docume~1\lobam\applic~1\DAEMON Tools Lite
2010-02-03 17:25:56 0 d-----w- c:\docume~1\alluse~1\applic~1\DAEMON Tools Lite
2010-02-03 15:12:05 0 d-----w- c:\docume~1\lobam\applic~1\WinPatrol
2010-02-03 15:11:58 0 d-----w- c:\program files\BillP Studios
2010-02-03 14:35:02 0 d-----w- c:\program files\SpywareBlaster
2010-02-03 14:13:03 0 d-----w- c:\docume~1\lobam\applic~1\QuickScan
2010-02-03 14:00:06 411368 ----a-w- c:\windows\system32\deploytk.dll
2010-02-03 09:17:55 0 d-----w- c:\docume~1\alluse~1\applic~1\abelhadigital.com
2010-02-03 09:17:07 0 d-----w- c:\docume~1\lobam\applic~1\abelhadigital.com
2010-02-03 07:20:26 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-02-03 07:20:26 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-02-03 07:14:07 754 ----a-w- c:\windows\WORDPAD.INI
2010-02-03 07:05:04 0 d-----w- c:\program files\TrendMicro
2010-01-22 03:06:45 0 d-----w- c:\program files\MediaMonkey
2010-01-22 00:52:19 0 d-----w- c:\program files\CCleaner

==================== Find3M ====================

2009-12-31 16:50:03 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:14:05 916480 ------w- c:\windows\system32\wininet.dll
2009-12-16 18:43:27 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08:23 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-10 04:54:07 261632 ----a-w- c:\windows\PEV.exe
2009-12-08 19:27:51 2189184 ------w- c:\windows\system32\ntoskrnl.exe
2009-12-08 18:43:50 2066048 ------w- c:\windows\system32\ntkrnlpa.exe
2009-11-27 17:11:44 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 17:11:44 1291776 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 16:07:35 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:07:35 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:07:34 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:07:34 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-27 16:07:34 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-11-26 23:12:13 13836 ---ha-w- c:\windows\system32\mlfcache.dat

============= FINISH: 20:28:34.46 ===============




UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 11/18/2009 1:05:40 AM
System Uptime: 2/14/2010 4:25:20 PM (52 hours ago)

Motherboard: MICRO-STAR INTERNATIONAL CO., LTD | | Gamila/Giovani/Neon series
Processor: Intel(R) Celeron(R) CPU 2.70GHz | Socket 478 | 2700/100mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 37 GiB total, 26.569 GiB free.
D: is CDROM (CDFS)
G: is CDROM ()

==== Disabled Device Manager Items =============

Class GUID: {4D36E96D-E325-11CE-BFC1-08002BE10318}
Description: Lucent Win Modem
Device ID: PCI\VEN_11C1&DEV_044C&SUBSYS_044C11C1&REV_02\4&1A671D0C&0&58F0
Manufacturer: Lucent
Name: Lucent Win Modem
PNP Device ID: PCI\VEN_11C1&DEV_044C&SUBSYS_044C11C1&REV_02\4&1A671D0C&0&58F0
Service: Modem

==== System Restore Points ===================

RP51: 1/22/2010 3:00:20 AM - Software Distribution Service 3.0
RP52: 1/28/2010 1:00:27 PM - System Checkpoint
RP53: 2/2/2010 9:12:01 AM - System Checkpoint
RP54: 2/3/2010 1:05:02 AM - Installed HiJackThis
RP55: 2/3/2010 3:24:53 AM - Installed SUPERAntiSpyware Free Edition
RP56: 2/3/2010 7:58:28 AM - Installed Java(TM) 6 Update 18
RP57: 2/3/2010 11:26:18 AM - SPTD setup V1.62
RP58: 2/4/2010 10:36:36 AM - Software Distribution Service 3.0
RP59: 2/4/2010 12:40:57 PM - Software Distribution Service 3.0
RP60: 2/4/2010 2:20:46 PM - Software Distribution Service 3.0
RP61: 2/5/2010 7:11:22 AM - Installed AVG 9.0
RP62: 2/5/2010 7:29:47 AM - Installed AVG Free 9.0
RP63: 2/5/2010 7:35:55 AM - Installed AVG 7.5
RP64: 2/5/2010 7:54:55 AM - Installed AVG Free 8.5
RP65: 2/5/2010 8:10:48 AM - Installed AVG Free 8.5
RP66: 2/6/2010 9:04:12 AM - System Checkpoint
RP67: 2/6/2010 9:42:16 PM - Installed WebCam Suite 2.0
RP68: 2/6/2010 9:43:08 PM - Installed Basic Webcam
RP69: 2/7/2010 12:55:07 AM - Removed AVG 7.5
RP70: 2/7/2010 12:56:15 AM - Installed AVG 7.5
RP71: 2/7/2010 1:01:56 AM - Installed AVG Free 8.5
RP72: 2/7/2010 1:04:52 AM - Installed Kaspersky Anti-Virus 2010.
RP73: 2/7/2010 2:02:21 PM - Removed Kaspersky Anti-Virus 2010.
RP74: 2/7/2010 4:08:05 PM - Removed Java(TM) 6 Update 18
RP75: 2/7/2010 4:09:43 PM - Installed Java(TM) 6 Update 18
RP76: 2/8/2010 2:30:50 PM - Removed Java(TM) 6 Update 18
RP77: 2/8/2010 2:32:58 PM - Installed Java(TM) 6 Update 18
RP78: 2/9/2010 3:11:52 PM - System Checkpoint
RP79: 2/9/2010 9:41:13 PM - Software Distribution Service 3.0
RP80: 2/9/2010 9:59:04 PM - Software Distribution Service 3.0
RP81: 2/11/2010 1:05:36 AM - System Checkpoint
RP82: 2/12/2010 1:27:22 AM - Software Distribution Service 3.0
RP83: 2/13/2010 1:33:35 AM - System Checkpoint
RP84: 2/13/2010 1:26:58 PM - Installed B.I.S.S. Hosts Manager
RP85: 2/13/2010 1:36:00 PM - Removed B.I.S.S. Hosts Manager
RP86: 2/14/2010 10:10:54 AM - Installed AVG Free 8.5
RP87: 2/14/2010 10:24:26 AM - Avg8 Update
RP88: 2/14/2010 1:00:25 PM - Avg8 Update
RP89: 2/14/2010 1:03:28 PM - Avg8 Update
RP90: 2/14/2010 3:35:40 PM - Installed AVG 9.0
RP91: 2/14/2010 4:05:56 PM - Avg8 Update
RP92: 2/16/2010 6:17:43 AM - System Checkpoint

==== Installed Programs ======================

Adobe Flash Player 10 ActiveX
Adobe® Flash® Player 10 Plugin
AVG 9.0
Basic Webcam
BSC Cleanitol TM
Card Games for Windows
CCleaner
Defraggler
FileHippo.com Update Checker
Google Chrome
HD Tune Pro 4.01
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976098-v2)
Intel(R) Extreme Graphics Driver
Java Auto Updater
Java(TM) 6 Update 18
Malwarebytes' Anti-Malware
MediaMonkey 3.2
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft Visual C++ 2005 Redistributable
mIRC
Mozilla Firefox (3.5.7)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 and SOAP Toolkit 3.0
MSXML 6 Service Pack 2 (KB973686)
Realtek AC'97 Audio
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Media Player (KB973540)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953155)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974455)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978706)
SimCity 4 Deluxe
SpeeDefrag 5.2.1
SpywareBlaster 4.2
TeamViewer 4
Tweak UI
Unlocker 1.8.8
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB978506)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Update for Windows XP (KB976749)
Update for Windows XP (KB978207)
WebCam Suite 2.0
WebFldrs XP
Windows Defender
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows XP Service Pack 3
WinPatrol 2009
WinZip 14.0
Yahoo! Messenger
YTK Pro v1.5 [Build 499d]

==== Event Viewer Messages From Past Week ========

2/9/2010 9:56:32 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.
2/9/2010 9:56:32 PM, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/12/2010 6:56:49 PM, error: Service Control Manager [7034] - The MBAMService service terminated unexpectedly. It has done this 1 time(s).
2/12/2010 6:52:35 AM, error: PlugPlayManager [11] - The device Root\LEGACY_SSIDRV\0000 disappeared from the system without first being prepared for removal.
2/12/2010 6:52:35 AM, error: PlugPlayManager [11] - The device Root\LEGACY_SSHRMD\0000 disappeared from the system without first being prepared for removal.
2/12/2010 6:52:35 AM, error: PlugPlayManager [11] - The device Root\LEGACY_SSFS0BBC\0000 disappeared from the system without first being prepared for removal.
2/12/2010 6:52:28 AM, error: Service Control Manager [7034] - The Webroot Client Service service terminated unexpectedly. It has done this 1 time(s).
2/12/2010 6:52:23 AM, error: Service Control Manager [7034] - The Webroot Spy Sweeper Engine service terminated unexpectedly. It has done this 1 time(s).
2/12/2010 2:10:25 PM, error: PlugPlayManager [11] - The device Root\LEGACY_UNLOCKERDRIVER5\0000 disappeared from the system without first being prepared for removal.
2/10/2010 8:34:03 PM, error: SSIDRV [26] -
2/10/2010 2:56:15 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the 1257375363SsTR service to connect.
2/10/2010 2:56:15 PM, error: Service Control Manager [7000] - The 1257375363SsTR service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

==== End Of File ===========================



GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-02-16 22:11:41
Windows 5.1.2600 Service Pack 3
Running: ny5ljc3t.exe; Driver: C:\DOCUME~1\lobam\LOCALS~1\Temp\ffpoypod.sys


---- System - GMER 1.0.15 ----

SSDT spyv.sys ZwCreateKey [0xF75430E0]
SSDT spyv.sys ZwEnumerateKey [0xF755BDA4]
SSDT spyv.sys ZwEnumerateValueKey [0xF755C132]
SSDT spyv.sys ZwOpenKey [0xF75430C0]
SSDT \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies ) ZwOpenProcess [0xF793F470]
SSDT spyv.sys ZwQueryKey [0xF755C20A]
SSDT spyv.sys ZwQueryValueKey [0xF755C08A]
SSDT spyv.sys ZwSetValueKey [0xF755C29C]
SSDT \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies ) ZwTerminateProcess [0xF793F520]
SSDT \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies ) ZwTerminateThread [0xF793F5C0]
SSDT \??\C:\Program Files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_XP\AVGIDSShim.sys (IDS Application Activity Monitor Loader Driver./AVG Technologies ) ZwWriteVirtualMemory [0xF793F660]

INT 0x62 ? 83B6FBF8
INT 0x63 ? 83A14BF8
INT 0x82 ? 83B6FBF8
INT 0xA4 ? 83A14BF8
INT 0xB4 ? 83A14BF8

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 83B6E1F8

AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.sys (IDS Application Activity Monitor Filter Driver./AVG Technologies )

Device \FileSystem\Fastfat \FatCdrom 8313C1F8

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\sptd \Device\2574761788 spyv.sys
Device \Driver\usbuhci \Device\USBPDO-0 8378A1F8
Device \Driver\usbuhci \Device\USBPDO-1 8378A1F8
Device \Driver\usbuhci \Device\USBPDO-2 8378A1F8
Device \Driver\usbehci \Device\USBPDO-3 83A051F8

AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\Ftdisk \Device\HarddiskVolume1 83BDE1F8
Device \Driver\Cdrom \Device\CdRom0 839FB1F8
Device \Driver\Cdrom \Device\CdRom1 839FB1F8
Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 [F74BDB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort0 [F74BDB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdePort1 [F74BDB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-e [F74BDB40] atapi.sys[unknown section] {MOV EDX, [ESP+0x8]; LEA ECX, [ESP+0x4]; PUSH EAX; MOV EAX, ESP; PUSH EAX}
Device \Driver\NetBT \Device\NetBt_Wins_Export 8387D1F8
Device \Driver\PCI_PNP8038 \Device\0000004a spyv.sys
Device \Driver\NetBT \Device\NetbiosSmb 8387D1F8
Device \Driver\NetBT \Device\NetBT_Tcpip_{54F4948C-CF46-4ED4-9A31-B84185809DFB} 8387D1F8

AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\usbuhci \Device\USBFDO-0 8378A1F8
Device \Driver\usbuhci \Device\USBFDO-1 8378A1F8
Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver 83844500
Device \Driver\usbuhci \Device\USBFDO-2 8378A1F8
Device \FileSystem\MRxSmb \Device\LanmanRedirector 83844500
Device \Driver\usbehci \Device\USBFDO-3 83A051F8
Device \Driver\Ftdisk \Device\FtControl 83BDE1F8
Device \Driver\adn4afqe \Device\Scsi\adn4afqe1Port2Path0Target0Lun0 837681F8
Device \Driver\adn4afqe \Device\Scsi\adn4afqe1 837681F8
Device \FileSystem\Fastfat \Fat 8313C1F8

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \FileSystem\Fastfat \Fat AVGIDSFilter.sys (IDS Application Activity Monitor Filter Driver./AVG Technologies )

Device \FileSystem\Cdfs \Cdfs 838AF500

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x7E 0x67 0xD1 0x25 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xB5 0x0F 0x3D 0x09 ...
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x11 0x71 0x57 0x61 ...
Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 2
Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 7
Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 35
Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E969-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 4
Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E969-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 4
Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E97B-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 4
Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E97B-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E980-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 7
Reg HKLM\SYSTEM\controlset002\control\Class\{4D36E980-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\controlset002\Services\MRxDAV\EncryptedDirectories@
Reg HKLM\SYSTEM\controlset002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\controlset002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\controlset002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\controlset002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\controlset002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x7B 0x30 0x62 0x1D ...
Reg HKLM\SYSTEM\controlset002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\controlset002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\controlset002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xB5 0x0F 0x3D 0x09 ...
Reg HKLM\SYSTEM\controlset002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\controlset002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x11 0x71 0x57 0x61 ...
Reg HKLM\SYSTEM\CurrentControlSet\control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 2
Reg HKLM\SYSTEM\CurrentControlSet\control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\CurrentControlSet\control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 7
Reg HKLM\SYSTEM\CurrentControlSet\control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\CurrentControlSet\control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 35
Reg HKLM\SYSTEM\CurrentControlSet\control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\CurrentControlSet\control\Class\{4D36E969-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 4
Reg HKLM\SYSTEM\CurrentControlSet\control\Class\{4D36E969-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\CurrentControlSet\control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 4
Reg HKLM\SYSTEM\CurrentControlSet\control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\CurrentControlSet\control\Class\{4D36E97B-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 4
Reg HKLM\SYSTEM\CurrentControlSet\control\Class\{4D36E97B-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\CurrentControlSet\control\Class\{4D36E980-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 7
Reg HKLM\SYSTEM\CurrentControlSet\control\Class\{4D36E980-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xD6 0xDF 0x7B 0xC8 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xB5 0x0F 0x3D 0x09 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x11 0x71 0x57 0x61 ...
Reg HKLM\SYSTEM\ControlSet005\control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 2
Reg HKLM\SYSTEM\ControlSet005\control\Class\{4D36E965-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\ControlSet005\control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 7
Reg HKLM\SYSTEM\ControlSet005\control\Class\{4D36E967-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\ControlSet005\control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 35
Reg HKLM\SYSTEM\ControlSet005\control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\ControlSet005\control\Class\{4D36E969-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 4
Reg HKLM\SYSTEM\ControlSet005\control\Class\{4D36E969-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\ControlSet005\control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 4
Reg HKLM\SYSTEM\ControlSet005\control\Class\{4D36E96A-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\ControlSet005\control\Class\{4D36E97B-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 4
Reg HKLM\SYSTEM\ControlSet005\control\Class\{4D36E97B-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\ControlSet005\control\Class\{4D36E980-E325-11CE-BFC1-08002BE10318}\Properties@DeviceType 7
Reg HKLM\SYSTEM\ControlSet005\control\Class\{4D36E980-E325-11CE-BFC1-08002BE10318}\Properties@DeviceCharacteristics 256
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xD6 0xDF 0x7B 0xC8 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xB5 0x0F 0x3D 0x09 ...
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x11 0x71 0x57 0x61 ...

---- EOF - GMER 1.0.15 ----
lobam
Regular Member
 
Posts: 16
Joined: February 3rd, 2010, 5:59 am

Re: Slow Computer and Google redirects

Unread postby jmw3 » February 17th, 2010, 3:53 am

Hi
Logs look good. I think we can wrap this up.

Clean Up
Now we need to clear out the programs we've been using to clean up your computer, they are not suitable for general malware removal and could cause damage if used inappropriately.
Remove ComboFix
The following will implement some cleanup procedures as well as reset System Restore points:
Click Start > Run then copy/paste the following bolded text into the Run box and click OK:
ComboFix /Uninstall
OTC
Download OTC by Old Timer here & save it to your desktop.
Double click on OTC.exe. Click on CleanUp!.
You will receive a prompt that it needs to restart the computer to remove the files. Click Yes.
It will restart your computer automatically. If it doesn't, please restart your computer manually.
You can delete the following from your desktop:
DDS.scr
The Gmer.exe file (it will be randomly named .exe file)
Any logs that may have been saved to your desktop

You should also remove HijackThis. You can do this by going to C:\Program Files\Trend Micro\HijackThis
  • Double click HijackThis.exe
  • From the Main menu click Open the Misc Tools section
  • Using the scroll bar, scroll down to Uninstall HijackThis
  • Click Uninstall HijackThis & exit then click Yes at the prompt
You can re-enable re-install Spybot & re-enable either SpySweeper or Malwarebytes' now if you like. You should not have both of those running with real time protection at the same time, due to conflicts. I would recommend re-enabling Malwarbytes's as it is by far the better of the two.

All Clean
Congratulations, good work, your system is now clean. Now that your system is safe we would like you to keep it that way.
Take the time to follow these recommendations & it will greatly reduce the risk of further infections and greatly diminish the chances of you having to visit here again.

Create a Clean System Restore Point
Create a new, clean System Restore point which you can use in case of future system problems:
Press Start->All Programs->Accessories->System Tools->System Restore
Select Create a restore point, then Next, type a name like All Clean then press the Create button and once it's done press Close
Now remove old, infected System Restore points:
Next click Start->Run and type cleanmgr in the box and click OK
Ensure the boxes for Temporary Files & Temporary Internet Files are checked. You can choose to check other boxes if you wish but they are not required.
Select the More Options tab, under System Restore click Clean up... and click Yes to the prompt
Click OK and Yes to confirm.

Set Correct Settings For Files That Should Be Hidden In Windows XP
  • Click Start > My Computer > Tools menu (at top of page) > Folder Options > View tab
  • Under Hidden files and folders if necessary select Do not show hidden files and folders
  • If unchecked, checkHide protected operating system files (Recommended)
  • If necessary check Display content of system folders
  • If necessary Uncheck Hide file extensions for known file types
  • Click OK

Microsoft Windows Update
Microsoft releases patches for Windows and Office products regularly to patch up Windows and Office products loopholes and fix any bugs found. Install the updates immediately if they are found.
To update Windows
Go to Start > All Programs > Windows Update
To update Office
Open up any Office program.
Go to Help > Check for Updates

Malwarebytes' Anti-Malware
Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is totally free but for real-time protection you will have to pay a small one-time fee.
You can find a tutorial here. Keep it updated & run it regularly.

Download and Install a HOSTS File
A HOSTS file is a big list of bad web sites. The list has a specific format, a specific name, (name is just HOSTS with no file extension), and a specific location. Your machine always looks at that file in that location before connecting to a web site to verify the address. So the HOSTS listing can be used to "short circuit" a request to a bad website by giving it the address of your own machine.

Download BlueTack's HOSTS Manager here, using Internet Explorer (Firefox won't work) & save hosts20setup.exe to your desktop:
  • Double click Hosts20setup.exe on your desktop and let it Install the Hosts Manager
  • After the installation is complete, click on the Hosts Manager icon on your desktop. (You can delete the other Hosts Switch icon from your desktop)
  • When the Hosts Manager comes up, click the small down arrows on the right side of the bar labeled Options and Tools,
  • Click Disable DNS Service. This is important
  • In the Left Pane, click Download
  • It will load 80,000 lines or more. When it finishes, also in the left pane, click Replace, and then click Save
You can use this manager to handle your HOSTS file download, edits, and most any other HOSTS issue.
If you have a separate party firewall or Winpatrol, you may have to give permissions at various times to Unlock the present default HOSTS file and install the new one.

Web of Trust
WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
  • Green to go
  • Yellow for caution
  • Red to stop
WOT has an addon available for both Firefox and Internet Explorer.

Read some information here on how to prevent Malware.

Hopefully these steps will help keep your computer clean.

Stand Up and Be Counted ---> Malware Complaints <--- where you can make difference!
The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.

If there are any other questions then feel free to ask or in future do not hesitate to contact us here at The Malware Removal Forums
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia

Re: Slow Computer and Google redirects

Unread postby lobam » February 17th, 2010, 11:30 pm

uhm Avg 9.0 how do i disable that so i can run combofix uninstaller ?i dont see a disable function on the interface are the exit option in the taskbar icon next to the clockk
lobam
Regular Member
 
Posts: 16
Joined: February 3rd, 2010, 5:59 am

Re: Slow Computer and Google redirects

Unread postby jmw3 » February 18th, 2010, 1:24 am

User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia

Re: Slow Computer and Google redirects

Unread postby NonSuch » February 21st, 2010, 2:43 am

Due to a lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27300
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove

Previous

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 54 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware