Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

GOOGLE REDIRECTING

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

GOOGLE REDIRECTING

Unread postby darrian » May 18th, 2010, 5:45 pm

Dear Experts

My computer was slowing down majorly OVER THE LAST 2-3 WEEKS

It improved A BIT after running spybot/avg/malwarebyte/adaware [after sWitching of system retore]

However the main problem is very persistant:

Google searches redirect to all sorts of unwanted websites on Mozilla

What to do ???

Regards

Darrian



Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:32:56 PM, on 5/18/2010
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\TalkTalk\bin\sprtsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\LocalService\Application Data\sdra64.exe
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files\SpeedFan\speedfan.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Radio Downloader\Radio Downloader.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\SoundTells\Cycle Calculator for Women\CycleCalc.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\HiJackThis\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.mail.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Documents and Settings\LocalService\Application Data\sdra64.exe,
O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
O2 - BHO: PREAT IE LightFrame - {43D29D14-460E-4F3A-9037-E60F11EF12F0} - C:\WINDOWS\system32\LightFrame3IECOM.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
O2 - BHO: IEHandler Class - {F4A27D22-E603-4B1B-B8D0-1CF7D57E56F2} - C:\Program Files\NetLeech\IEExt.dll
O3 - Toolbar: StumbleUpon Toolbar - {5093EB4C-3E93-40AB-9266-B607BA87BDC8} - C:\Program Files\StumbleUpon\StumbleUponIEBar.dll
O3 - Toolbar: FlashGet - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\Program Files\FlashGet\fgiebar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [speedfan] C:\Program Files\SpeedFan\speedfan.exe
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [Radio Downloader] "C:\Program Files\Radio Downloader\Radio Downloader.exe" /hidemainwindow
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [Google Quick Search Box] "C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Bastiaan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [{7F5144C9-6AF1-668D-A48D-F65AC7DB4841}] "C:\Documents and Settings\Bastiaan\Application Data\Qoeqyk\ocryg.exe"
O4 - HKCU\..\RunServices: [iTunes] C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe -p
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Windows Search.lnk.disabled
O4 - Global Startup: Yahoo! Autosync.lnk.disabled
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O8 - Extra context menu item: StumbleUpon PhotoBlog It! - res://StumbleUponIEBar.dll/blogimage
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O15 - Trusted Zone: *.stumbleupon.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/microsoftup ... 1600666250
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 1600652500
O20 - Winlogon Notify: avgrsstarter - avgrsstx.dll (file missing)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CachemanXP (CachemanXPService) - OuterTechnologies - C:\PROGRA~1\CACHEM~1\CachemanXP.exe
O23 - Service: DHCP Client DhcpHTTPFilter (DhcpHTTPFilter) - Unknown owner - C:\WINDOWS\system32\admparseq.exe (file missing)
O23 - Service: Google Update Service (gupdate1c8c1bc51a95b48) (gupdate1c8c1bc51a95b48) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Nero Registry InCD Service (NeroRegInCDSrv) - Unknown owner - C:\Program Files\Nero\Nero 7\InCD\NBHRegInCDSrv.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: O&O Defrag - Unknown owner - C:\WINDOWS\system32\oodag.exe (file missing)
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Remote Procedure Call (RPC) RpcSsThemes (RpcSsThemes) - Unknown owner - C:\WINDOWS\system32\1031z.exe (file missing)
O23 - Service: Smart Card SCardSvrSSDPSRV (SCardSvrSSDPSRV) - Unknown owner - C:\WINDOWS\system32\adsntu.exe (file missing)
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: SupportSoft Sprocket Service (TalkTalk) (sprtsvc_TalkTalk) - SupportSoft, Inc. - C:\Program Files\TalkTalk\bin\sprtsvc.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\ssrc.exe
O23 - Service: Performance Logs and Alerts SysmonLogidsvc (SysmonLogidsvc) - Unknown owner - C:\WINDOWS\system32\4004At.exe
O23 - Service: SupportSoft Repair Service (TalkTalk) (tgsrvc_TalkTalk) - SupportSoft, Inc. - C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
O23 - Service: Portable Media Serial Number Service WmdmPmSNSCardSvr (WmdmPmSNSCardSvr) - Unknown owner - C:\WINDOWS\system32\adsntw.exe (file missing)
O23 - Service: Security Center wscsvctgsrvc_TalkTalk (wscsvctgsrvc_TalkTalk) - Unknown owner - C:\WINDOWS\system32\acleditc.exe (file missing)
O23 - Service: Windows Search WSearchDhcp (WSearchDhcp) - Unknown owner - C:\WINDOWS\system32\adsndst.exe (file missing)

--
End of file - 13313 bytes


3DMark05
AAC Parser (remove only)
AC-3 ACM Codec
AC3+DTS XForm (remove only)
AC3Filter (remove only)
ACDSee 5.0 Standard Trial
Ad-Aware
Ad-Aware
Ad-Aware Email Scanner for Outlook
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop 6.0
Adobe Photoshop CS3
Adobe Reader 7.0.8
Adobe Setup
Adobe Shockwave Player
Adobe SVG Viewer
Apple Mobile Device Support
Apple Software Update
Aspi Installer
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
Atomic Clock Sync
Audacity 1.2.6
Audacity 1.3.7 (Unicode)
Audible Download Manager
AVG Free 9.0
AVI Codec Pack
AVI Joiner
Battle of Britain II
Battlecraft 1942
Battlefield 1942
Battlefield 1942: Secret Weapons of WWII
Battlefield 1942: The Road To Rome
BBC iPlayer Download Manager
Bonjour
BookDB2
Bulk Image Downloader v2.2.0.0
CachemanXP 1.12
Canon MP Navigator EX 1.0
Canon MP610 series
Canon MP610 series User Registration
Canon My Printer
Canon Utilities Easy-PhotoPrint EX
Canon Utilities Solution Menu
CCE Basic Trial Version
CD Audio Reader Filter (remove only)
CD Bremse 1.47
CD-LabelPrint
CDXA Image Reader Filter (SVCD/XCD) (remove only)
ClipMagic 3.2.2
C-Media WDM Audio Driver
Compatibility Pack for the 2007 Office system
CompuApps SwissKnife V3
ConnectGoV5UpdateVer2
Core AAC Decoder (remove only)
CoreFLAC Audio Decoder+Source Filter (remove only)
CoreVorbis Audio Decoder (remove only)
Creative Removable Disk Manager
Critical Update for Windows Media Player 11 (KB959772)
Cycle Calculator for Women
DeadDiskDoctor
Defcon v1.4
Dekart Private Disk Light 1.22
Digital Video Repair 1.0
DirectVobSub (remove only)
DirectX Happy Uninstall v4.1
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Web Player
doPDF 6.0 printer
DVD Decrypter (Remove Only)
DVD Ripper Burner 7.0.0.0
DVDFab (remove only)
DVDFab 6.2.1.8 (31/12/2009)
DVDFab Decrypter 3.0.8.6
ExtractNow
FAT32 Format
ffdshow [rev 610] [2006-12-01]
FlashGet 1.9.0.1012
FlashGet(Jetcar) 1.80
Flickr Uploadr 2.5.0.15
FLVPlayer4Free Free FLV Player 2.2.0.0
Free DWG Viewer 6.0
FreshDiagnose
GetASFStream
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Update Helper
HiJackThis
HijackThis 2.0.2
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Iconix™ eMail ID
Illiminable FLAC (remove only)
Indeo® software
Internet Organizer Pro 2.1
iTunes
Jarte 3.2
JDownloader
JGoodies JDiskReport 1.2.4
Lexmark Supplies Monitor
Lexmark Z25-Z35
LightFrame 3
Logitech SetPoint
LogMeIn
Malwarebytes' Anti-Malware
Matroska (remove only)
MediaCoder 0.6.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0
Microsoft .NET Framework 3.0
Microsoft Calculator Plus
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Disc 2
Microsoft Office 2000 Premium
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.7
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Mini-Cam USB Camera (SC-120)
Monkey Audio Source Filter (remove only)
MotionDV STUDIO 5.6E LE for DV
Mozilla Firefox (3.6)
Mozilla Thunderbird (2.0.0.12)
MSVC80_x86
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
Nero 7 Ultra Edition
neroxml
NetLeech
Nokia Connectivity Cable Driver
Nokia PC Suite
Nokia PC Suite
Nokia Software Updater
NVIDIA Drivers
NvMixer
O&O Defrag Professional Edition
OpenSource OGG Splitter (remove only)
Panasonic DVC USB Driver
PC Connectivity Solution
PDF Password Remover v3.0
PhotoScape
PowerDVD
PowerQuest PartitionMagic 8.0
programma Biblio
QuickTime
Radio Downloader
RadLight MPC DirectShow Filter (remove only)
RadLight OptimFROG DirectShow Filter (remove only)
Rapport
Rapport
RealMedia (remove only)
RealPlayer
Realtek AC'97 Audio
Rename4u
Saitek SST Programming Software
ScanSoft OmniPage SE 4
screensaver_100
screenSaverVariation2008
SDP Downloader
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913433)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971032)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980232)
Segoe UI
Serif PhotoPlus 5.5
SHOUTcast Source (remove only)
Skype 2.5
SMPlayer 0.5.62
Soft-Central SC-DiskInfo
Soltek Hardware Monitor
SpeedFan (remove only)
SPSS 16.0 for Windows
Spybot - Search & Destroy
Spybot - Search & Destroy 1.4
Spyware Doctor 5.5
SpywareBlaster 4.3
STOIK Capturer
StumbleUpon IE Toolbar
SUPERAntiSpyware Free Edition
SweetMovieLife 1.0E
System Requirements Lab
TalkTalk Assist & Go
Teach2000 8.19
TomTom HOME 2.7.3.1894
TomTom HOME Visual Studio Merge Modules
TrueCrypt
UKPDS Risk Engine v2.0
Uninstall Startup Inspector
Unlocker 1.8.5
Update for Windows Internet Explorer 8 (KB968220)
Update for Windows XP (KB894391)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB920872)
Update for Windows XP (KB925720)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
USB Storage Driver
VC 9.0 Runtime
VC 9.0 Runtime
VC80CRTRedist - 8.0.50727.762
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 1.0.2
WD Diagnostics
Winamp
Windows Communication Foundation
Windows Defender
Windows Driver Package - Nokia Modem (05/22/2008 3.8)
Windows Driver Package - Nokia Modem (05/22/2008 7.00.0.1)
Windows Driver Package - Nokia Modem (06/01/2009 4.1)
Windows Driver Package - Nokia Modem (06/01/2009 7.01.0.3)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows Presentation Foundation
Windows Search 4.0
Windows Workflow Foundation
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
WinPcap 4.0
WinRAR archiver
WinZip
WM Downloader 2.9.1.100 2007.03.24
WM Recorder 12.1
xplorer² lite
Yahoo! Autosync
YPOPs! 0.9.7.3
Zappit!
Zilla Data Nuker 2.0.0.0
ZoneAlarm
Zoom Player (remove only)
darrian
Active Member
 
Posts: 14
Joined: May 18th, 2010, 5:29 pm
Advertisement
Register to Remove

Re: GOOGLE REDIRECTING

Unread postby km2357 » May 20th, 2010, 2:56 pm

Hello and welcome to Malware Removal.

My name is km2357 and I will be helping you to remove any infection(s) that you may have.

I will be giving you a series of instructions that need to be followed in the order in which I give them to you.

If for any reason you do not understand an instruction or are just unsure then please do not guess, simply post back with your questions/concerns and we will go through it again.

Please do not start another thread or topic, I will assist you at this thread until we solve your problems.

Lastly the fix may take several attempts and my replies may take some time but I will stick with it if you do the same.


Step # 1 Download and run DDS

Download DDS and save it to your desktop from here or here.
Disable any script blocker, and then double click dds.scr to run the tool.
  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt
  • Save both reports to your desktop. Post them back to your topic.


Step # 2: Download and Run Gmer

Please download gmer.zip from Gmer and save it to your desktop.

***Please close any open programs ***

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOTKIT" entries unless advised by a trained Security Analyst


If possible rootkit activity is found, you will be asked if you would like to perform a full scan. Click No.

If you do not receive notice about possible rootkit activity remain on the Rootkit/Malware tab & make sure that the 'Sections' button is ticked and the 'Show All' button is unticked.
  • Click the Scan button and let the program do its work. GMER will produce a log.
  • Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the Save button, and save the log as gmer.txt somewhere you can easily find it, such as your desktop.

DO NOT touch the PC at ALL for Whatever reason/s until it has 100% completed its scan, or attempted scan in case of some error etc !

Please post the results from the GMER scan in your reply.


In your next post/reply, I need to see the following:

1. The two DDS Logs (DDS and Attach.txt)
2. The GMER Log

Use multiple posts if you can't fit everything into one post.
User avatar
km2357
MRU Master
MRU Master
 
Posts: 3007
Joined: January 30th, 2007, 2:48 pm
Location: California

Re: GOOGLE REDIRECTING

Unread postby darrian » May 20th, 2010, 7:47 pm

DDS (Ver_10-03-17.01) - NTFSx86
Run by Bastiaan at 22:25:00.68 on Thu 05/20/2010
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.153 [GMT 1:00]

AV: ThreatFire *On-access scanning enabled* (Updated) {67B2B9A1-25C8-4057-962D-807958FFC9E3}
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
c:\windows\system32\svchost -k dcomlaunch
svchost.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
c:\windows\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
c:\windows\system32\svchost.exe -k wudfservicegroup
C:\Program Files\AVG\AVG9\avgcsrvx.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Program Files\TalkTalk\bin\sprtsvc.exe
c:\windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Supportsoft\bin\tgsrvc.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\SpeedFan\speedfan.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Radio Downloader\Radio Downloader.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Bastiaan\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.mail.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uWindow Title = Microsoft Internet Explorer
mWindow Title = Microsoft Internet Explorer
uInternet Settings,ProxyOverride = *.local
BHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - c:\program files\flashget\jccatch.dll
BHO: LF_BHO Class: {43d29d14-460e-4f3a-9037-e60f11ef12f0} - c:\windows\system32\LightFrame3IECOM.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
BHO: FlashGet GetFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - c:\program files\flashget\getflash.dll
BHO: IEHandler Class: {f4a27d22-e603-4b1b-b8d0-1cf7d57e56f2} - c:\program files\netleech\IEExt.dll
TB: StumbleUpon Toolbar: {5093eb4c-3e93-40ab-9266-b607ba87bdc8} - c:\program files\stumbleupon\StumbleUponIEBar.dll
TB: FlashGet: {e0e899ab-f487-11d5-8d29-0050ba6940e3} - c:\program files\flashget\fgiebar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
EB: Ask PopSwatter: {72fe8681-0bfa-471b-9b2a-b37ed68dd09e} - c:\windows\system32\shdocvw.dll
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\bastiaan\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [{7F5144C9-6AF1-668D-A48D-F65AC7DB4841}] "c:\documents and settings\bastiaan\application data\qoeqyk\ocryg.exe"
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\NPSWF32_FlashUtil.exe -p
uRunServices: [iTunes] c:\documents and settings\all users\start menu\programs\iTunes
mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe"
mRun: [speedfan] c:\program files\speedfan\speedfan.exe
mRun: [NVMixerTray] "c:\program files\nvidia corporation\nvmixer\NVMixerTray.exe"
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [Radio Downloader] "c:\program files\radio downloader\Radio Downloader.exe" /hidemainwindow
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [Google Quick Search Box] "c:\program files\google\quick search box\GoogleQuickSearchBox.exe" /autorun
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
dRun: [mscdexnt.exe] c:\windows\temp\mscdexnt.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\Windows Search.lnk.disabled
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\Yahoo! Autosync.lnk.disabled
mPolicies-system: DisableTaskMgr = 1 (0x1)
dPolicies-system: DisableTaskMgr = 1 (0x1)
IE: &Download All with FlashGet - c:\program files\flashget\jc_all.htm
IE: &Download with FlashGet - c:\program files\flashget\jc_link.htm
IE: Download With NetLeech
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: StumbleUpon PhotoBlog It! - StumbleUponIEBar.dll/blogimage
IE: StumbleUpon: &Blog This
IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\program files\flashget\FlashGet.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: stumbleupon.com
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/ ... ontrol.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftup ... 1600666250
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftup ... 1600652500
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/fl ... rashim.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/sh ... wflash.cab
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: LMIinit - LMIinit.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
Hosts: 127.0.0.1 http://www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\bastiaan\applic~1\mozilla\firefox\profiles\zwjo3skh.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - component: c:\documents and settings\bastiaan\application data\mozilla\firefox\profiles\zwjo3skh.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\documents and settings\bastiaan\local settings\application data\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npagent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npBBCPlugin.dll

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-5-15 64288]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-12-9 216200]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-12-9 29512]
R1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2010-3-15 116328]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2008-2-29 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-2-29 51440]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2010-2-5 486280]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2009-12-9 308064]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-2-4 1291544]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-8-11 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-10-19 47640]
R2 PDRJNDL;PDRJNDL;c:\program files\dekart\private disk light\pdrjndl.sys [2004-11-5 16512]
R2 PRVDISK;PRVDISK;c:\program files\dekart\private disk light\prvdisk.sys [2004-11-5 14976]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2010-3-15 779496]
R2 sprtsvc_TalkTalk;SupportSoft Sprocket Service (TalkTalk);c:\program files\talktalk\bin\sprtsvc.exe [2007-10-12 202016]
R2 tgsrvc_TalkTalk;SupportSoft Repair Service (TalkTalk);c:\program files\common files\supportsoft\bin\tgsrvc.exe [2007-8-2 148768]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2009-11-13 92008]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
S2 DhcpHTTPFilter;DHCP Client DhcpHTTPFilter;c:\windows\system32\admparseq.exe srv --> c:\windows\system32\admparseq.exe srv [?]
S2 gupdate1c8c1bc51a95b48;Google Update Service (gupdate1c8c1bc51a95b48);c:\program files\google\update\GoogleUpdate.exe [2010-2-25 135664]
S2 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\nero\nero 7\incd\nbhregincdsrv.exe --> c:\program files\nero\nero 7\incd\NBHRegInCDSrv.exe [?]
S2 RpcSsThemes;Remote Procedure Call (RPC) RpcSsThemes;c:\windows\system32\1031z.exe srv --> c:\windows\system32\1031z.exe srv [?]
S2 SCardSvrSSDPSRV;Smart Card SCardSvrSSDPSRV;c:\windows\system32\adsntu.exe srv --> c:\windows\system32\adsntu.exe srv [?]
S2 SysmonLogidsvc;Performance Logs and Alerts SysmonLogidsvc;c:\windows\system32\4004at.exe srv --> c:\windows\system32\4004At.exe srv [?]
S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S2 WmdmPmSNSCardSvr;Portable Media Serial Number Service WmdmPmSNSCardSvr;c:\windows\system32\adsntw.exe srv --> c:\windows\system32\adsntw.exe srv [?]
S2 wscsvctgsrvc_TalkTalk;Security Center wscsvctgsrvc_TalkTalk;c:\windows\system32\acleditc.exe srv --> c:\windows\system32\acleditc.exe srv [?]
S2 WSearchDhcp;Windows Search WSearchDhcp;c:\windows\system32\adsndst.exe srv --> c:\windows\system32\adsndst.exe srv [?]
S3 CachemanXPService;CachemanXP;c:\progra~1\cachem~1\CachemanXP.exe [2007-3-10 208384]
S3 IKFileSec;File Security Driver;c:\windows\system32\drivers\ikfilesec.sys [2008-5-25 42376]
S3 IKSysFlt;System Filter Driver;c:\windows\system32\drivers\iksysflt.sys [2008-5-25 66952]
S3 IKSysSec;System Security Driver;c:\windows\system32\drivers\iksyssec.sys [2008-5-25 81288]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-1-25 42000]
S3 SaiH0460;SaiH0460;c:\windows\system32\drivers\SaiH0460.sys [2005-11-3 176640]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2006-2-16 4096]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2008-5-25 337800]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2008-5-25 1017224]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]

=============== Created Last 30 ================

2010-05-20 19:10:48 31 ----a-w- C:\troj000.exe
2010-05-20 19:10:48 31 ----a-w- C:\spam003.exe
2010-05-20 19:10:48 31 ----a-w- C:\spam001.exe
2010-05-20 19:10:48 1455 ----a-w- C:\pornotube.com.lnk
2010-05-20 19:10:48 1451 ----a-w- C:\nudetube.com.lnk
2010-05-20 19:10:48 1447 ----a-w- C:\youporn.com.lnk
2010-05-15 16:09:54 8832 ----a-w- c:\windows\system32\drivers\lhyrxbua.sys
2010-05-15 15:11:09 0 d-----w- c:\windows\system32\MpEngineStore
2010-05-15 14:58:55 173 ----a-w- c:\windows\system32\MRT.INI
2010-05-15 13:40:05 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-05-15 09:40:13 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-05-15 09:40:04 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-05-15 09:34:58 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-05-13 19:19:47 0 d-----w- c:\docume~1\bastiaan\applic~1\Malwarebytes
2010-05-13 19:19:15 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-13 19:19:12 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-05-13 19:18:33 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-13 19:18:33 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-05 03:29:46 0 d-----w- c:\docume~1\bastiaan\applic~1\uTorrent
2010-04-29 19:51:21 18809498 --sha-w- c:\windows\system32\1028v.sys
2010-04-27 18:59:15 0 ----a-w- c:\windows\system32\Adobea.sys

==================== Find3M ====================

2010-04-13 18:44:07 37287265 --sha-w- c:\windows\system32\a3df.sys
2010-03-24 22:31:00 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-24 22:29:23 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-24 23:36:40 87608 ----a-w- c:\docume~1\bastiaan\applic~1\inst.exe
2010-02-24 23:36:40 47360 ----a-w- c:\docume~1\bastiaan\applic~1\pcouffin.sys
2007-04-27 21:34:21 0 ----a-w- c:\program files\common files\dht342126
1998-12-09 02:53:54 99840 ----a-w- c:\program files\common files\IRAABOUT.DLL
1998-12-09 02:53:54 70144 ----a-w- c:\program files\common files\IRAMDMTR.DLL
1998-12-09 02:53:54 48640 ----a-w- c:\program files\common files\IRALPTTR.DLL
1998-12-09 02:53:54 31744 ----a-w- c:\program files\common files\IRAWEBTR.DLL
1998-12-09 02:53:54 186368 ----a-w- c:\program files\common files\IRAREG.DLL
1998-12-09 02:53:54 17920 ----a-w- c:\program files\common files\IRASRIAL.DLL

============= FINISH: 22:30:56.12 ===============


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-05-21 00:43:31
Windows 5.1.2600 Service Pack 2
Running: gmer.exe; Driver: C:\DOCUME~1\Bastiaan\LOCALS~1\Temp\uwtyapod.sys


---- System - GMER 1.0.15 ----

Code 8693B358 ZwEnumerateKey
Code 8693A0D0 ZwFlushInstructionCache
Code 8693C68E IofCallDriver
Code 8693E226 IofCompleteRequest

---- Devices - GMER 1.0.15 ----

Device \Driver\Tcpip \Device\Ip vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\Tcp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)

Device \Driver\Tcpip \Device\Udp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device \Driver\Tcpip \Device\RawIp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

---- Services - GMER 1.0.15 ----

Service C:\WINDOWS\PRAGMAeerchqfwhw\PRAGMAd.sys (*** hidden *** ) [SYSTEM] PRAGMAeerchqfwhw <-- ROOTKIT !!!

---- EOF - GMER 1.0.15 ----
You do not have the required permissions to view the files attached to this post.
darrian
Active Member
 
Posts: 14
Joined: May 18th, 2010, 5:29 pm

Re: GOOGLE REDIRECTING

Unread postby km2357 » May 20th, 2010, 8:28 pm

I went ahead and posted the contents of your Attach Log below. From now on, please do not attach the logs I ask for, just post them normally.

Your next step will be below the Attach Log.

Thanks. :)


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 5/8/2008 1:33:50 PM
System Uptime: 5/20/2010 9:35:30 PM (1 hours ago)

Motherboard: | | nVidia-nForce2
Processor: AMD Athlon(tm) XP 2200+ | Socket A | 1670/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 298 GiB total, 118.208 GiB free.
D: is FIXED (NTFS) - 466 GiB total, 396.1 GiB free.
E: is CDROM ()
G: is Removable
H: is FIXED (NTFS) - 932 GiB total, 798.091 GiB free.

==== Disabled Device Manager Items =============

Class GUID: {4D36E969-E325-11CE-BFC1-08002BE10318}
Description: Standard floppy disk controller
Device ID: ACPI\PNP0700\3&13C0B0C5&0
Manufacturer: (Standard floppy disk controllers)
Name: Standard floppy disk controller
PNP Device ID: ACPI\PNP0700\3&13C0B0C5&0
Service: fdc

Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia E71
Device ID: ROOT\WPD\0000
Manufacturer: Nokia
Name: Nokia E71
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

3DMark05
AAC Decoder
AAC Parser (remove only)
AC-3 ACM Codec
AC3+DTS XForm (remove only)
AC3Filter (remove only)
ACDSee 5.0 Standard Trial
Ad-Aware
Ad-Aware Email Scanner for Outlook
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop 6.0
Adobe Photoshop CS3
Adobe Reader 7.0.8
Adobe Setup
Adobe Shockwave Player
Adobe SVG Viewer
Apple Mobile Device Support
Apple Software Update
Aspi Installer
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
Atomic Clock Sync
Audacity 1.2.6
Audacity 1.3.7 (Unicode)
Audible Download Manager
AutoUpdate
AVG Free 9.0
AVI Codec Pack
AVI Joiner
Battle of Britain II
Battlecraft 1942
Battlefield 1942
Battlefield 1942: Secret Weapons of WWII
Battlefield 1942: The Road To Rome
BBC iPlayer Download Manager
Bonjour
BookDB2
Bulk Image Downloader v2.2.0.0
C-Media WDM Audio Driver
CachemanXP 1.12
Canon MP Navigator EX 1.0
Canon MP610 series
Canon MP610 series User Registration
Canon My Printer
Canon Utilities Easy-PhotoPrint EX
Canon Utilities Solution Menu
CCE Basic Trial Version
CD-LabelPrint
CD Audio Reader Filter (remove only)
CD Bremse 1.47
CDXA Image Reader Filter (SVCD/XCD) (remove only)
ClipMagic 3.2.2
Compatibility Pack for the 2007 Office system
CompuApps SwissKnife V3
ConnectGoV5UpdateVer2
Core AAC Decoder (remove only)
CoreFLAC Audio Decoder+Source Filter (remove only)
CoreVorbis Audio Decoder (remove only)
Creative Removable Disk Manager
Critical Update for Windows Media Player 11 (KB959772)
Cycle Calculator for Women
DeadDiskDoctor
Defcon v1.4
Dekart Private Disk Light 1.22
Digital Video Repair 1.0
DirectVobSub (remove only)
DirectX Happy Uninstall v4.1
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
doPDF 6.0 printer
DVD Decrypter (Remove Only)
DVD Ripper Burner 7.0.0.0
DVDFab (remove only)
DVDFab 6.2.1.8 (31/12/2009)
DVDFab Decrypter 3.0.8.6
ExtractNow
FAT32 Format
ffdshow [rev 610] [2006-12-01]
FlashGet 1.9.0.1012
FlashGet(Jetcar) 1.80
Flickr Uploadr 2.5.0.15
FLVPlayer4Free Free FLV Player 2.2.0.0
Free DWG Viewer 6.0
FreshDiagnose
GetASFStream
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
H.264 Decoder
HiJackThis
HijackThis 2.0.2
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Iconix™ eMail ID
Illiminable FLAC (remove only)
Indeo® software
Internet Organizer Pro 2.1
iTunes
Jarte 3.2
JDownloader
JGoodies JDiskReport 1.2.4
Lexmark Supplies Monitor
Lexmark Z25-Z35
LightFrame 3
Logitech SetPoint
LogMeIn
Malwarebytes' Anti-Malware
Matroska (remove only)
MediaCoder 0.6.1
MediaJoin
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0
Microsoft Application Error Reporting
Microsoft Calculator Plus
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Disc 2
Microsoft Office 2000 Premium
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.7
Microsoft Visual C Runtime
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Mini-Cam USB Camera (SC-120)
MKV Splitter
Monkey Audio Source Filter (remove only)
MotionDV STUDIO 5.6E LE for DV
Mozilla Firefox (3.6)
Mozilla Thunderbird (2.0.0.12)
MSVC80_x86
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
Nero 7 Ultra Edition
neroxml
NetLeech
Nokia Connectivity Cable Driver
Nokia PC Suite
Nokia Software Updater
NVIDIA Drivers
NvMixer
O&O Defrag Professional Edition
OpenSource OGG Splitter (remove only)
Panasonic DVC USB Driver
PartitionMagic
PC Connectivity Solution
PDF Password Remover v3.0
PhotoScape
PowerDVD
PowerQuest PartitionMagic 8.0
programma Biblio
QuickTime
Radio Downloader
RadLight MPC DirectShow Filter (remove only)
RadLight OptimFROG DirectShow Filter (remove only)
RapidShare Manager
Rapport
RealMedia (remove only)
RealPlayer
Realtek AC'97 Audio
Rename4u
Saitek SST Programming Software
ScanSoft OmniPage SE 4
screensaver_100
screenSaverVariation2008
SDP Downloader
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913433)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971032)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980232)
Segoe UI
Serif PhotoPlus 5.5
SHOUTcast Source (remove only)
Skype 2.5
SMPlayer 0.5.62
Soft-Central SC-DiskInfo
Soltek Hardware Monitor
SpeedFan (remove only)
SPSS 16.0 for Windows
Spybot - Search & Destroy
Spybot - Search & Destroy 1.4
Spyware Doctor 5.5
SpywareBlaster 4.3
STOIK Capturer
StumbleUpon IE Toolbar
SUPERAntiSpyware Free Edition
SweetMovieLife 1.0E
System Requirements Lab
TalkTalk Assist & Go
Teach2000 8.19
TomTom HOME 2.7.3.1894
TomTom HOME Visual Studio Merge Modules
TrueCrypt
UKPDS Risk Engine v2.0
Uninstall Startup Inspector
Unlocker 1.8.5
Update for Windows Internet Explorer 8 (KB968220)
Update for Windows XP (KB894391)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB920872)
Update for Windows XP (KB925720)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
USB Storage Driver
VC 9.0 Runtime
VC80CRTRedist - 8.0.50727.762
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 1.0.2
WD Diagnostics
WebFldrs XP
Winamp
Windows Communication Foundation
Windows Defender
Windows Driver Package - Nokia Modem (05/22/2008 3.8)
Windows Driver Package - Nokia Modem (05/22/2008 7.00.0.1)
Windows Driver Package - Nokia Modem (06/01/2009 4.1)
Windows Driver Package - Nokia Modem (06/01/2009 7.01.0.3)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows Presentation Foundation
Windows Search 4.0
Windows Workflow Foundation
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
WinPcap 4.0
WinRAR archiver
WinZip
WM Downloader 2.9.1.100 2007.03.24
WM Recorder 12.1
XML Paper Specification Shared Components Pack 1.0
xplorer² lite
Yahoo! Autosync
YPOPs! 0.9.7.3
Zappit!
Zilla Data Nuker 2.0.0.0
ZoneAlarm
Zoom Player (remove only)

==== Event Viewer Messages From Past Week ========

5/18/2010 7:15:09 PM, error: ati2mtag [45062] - CRT invalid display type
5/18/2010 7:09:50 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the TrueVector Internet Monitor service to connect.
5/18/2010 7:09:50 PM, error: Service Control Manager [7000] - The TrueVector Internet Monitor service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/18/2010 7:09:50 PM, error: Service Control Manager [7000] - The O&O Defrag service failed to start due to the following error: The system cannot find the file specified.
5/18/2010 7:09:50 PM, error: Service Control Manager [7000] - The Nero Registry InCD Service service failed to start due to the following error: The system cannot find the file specified.
5/18/2010 7:09:39 PM, error: Print [23] - Printer PDF4U Adobe PDF Creator failed to initialize because a suitable PDF4U Adobe PDF Creator driver could not be found.
5/18/2010 7:08:38 PM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
5/18/2010 7:08:38 PM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
5/16/2010 5:50:02 AM, error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
5/15/2010 5:14:07 PM, error: Dhcp [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 000000601922 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
5/14/2010 7:49:35 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the LogMeIn service to connect.
5/14/2010 12:39:10 PM, error: Dhcp [1002] - The IP address lease 192.168.1.5 for the Network Card with network address 000000601922 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
5/14/2010 12:34:12 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: atapi PCIIde

==== End Of File ===========================

====================================

I noticed that System Restore is off. Please turn it back on ASAP, if you can.


Step # 1: Disable Teatimer

Spybot S&D's tea timer normally provides real-time protection from spyware, however it may interfere with what we need to do. We will disable it until the machine is clean when it can be re-enabled.

This is a two step process.
First step:
  • Right-click the Spybot Icon in the System Tray (looks like a blue/white calendar with a padlock symbol)
  • If you have the version 1.5 or 1.6, Click once on Resident Protection, then Right click the Spybot icon again and make sure Resident Protection is now Unchecked. The Spybot icon in the System tray should now be now colorless.
  • If you have Version 1.4, Click on Exit Spybot S&D Resident


Second step, For Either Version :
  • Open Spybot S&D
  • Click Mode, choose Advanced Mode
  • Go To the bottom of the Vertical Panel on the Left, Click Tools
  • then, also in left panel, click Resident shows a red/white shield.
  • If your firewall raises a question, say OK
  • In the Resident protection status frame, Uncheck the box labeled Resident "Tea-Timer"(Protection of over-all system settings) active
  • OK any prompts.
  • Use File, Exit to terminate Spybot
  • Reboot your machine for the changes to take effect.


Step # 2: Disable Windows Defender

Windows Defender normally provides real-time protection from spyware, however it may interfere with what we need to do. We will disable it until the machine is clean when it can be re-enabled.

- Open Windows Defender
- Select Tools and then General Settings
- Under Real Time Protection Options uncheck Turn on real-time protection
- Select Save


Step # 3: Download and Run ComboFix

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

*Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

When finished, it shall produce a log for you. Please include C:\ComboFix.txt in your next reply.
User avatar
km2357
MRU Master
MRU Master
 
Posts: 3007
Joined: January 30th, 2007, 2:48 pm
Location: California

Re: GOOGLE REDIRECTING

Unread postby darrian » May 21st, 2010, 2:44 am

Hi,

Thanks for your reply

do not have teatimer icon in system tray

D.
darrian
Active Member
 
Posts: 14
Joined: May 18th, 2010, 5:29 pm

Re: GOOGLE REDIRECTING

Unread postby km2357 » May 21st, 2010, 3:14 pm

Ok.

You have an old version of Spybot installed. Go to Add/Remove programs and uninstall
Spybot - Search & Destroy 1.4
. Also, while there go ahead and uninstall Spybot - Search & Destroy. You can reinstall Spybot later. :)

Reboot your computer after uninstalling those programs.

Once your computer boots back up, go ahead and do Steps 2 and 3 from my previous post.
User avatar
km2357
MRU Master
MRU Master
 
Posts: 3007
Joined: January 30th, 2007, 2:48 pm
Location: California

Re: GOOGLE REDIRECTING

Unread postby darrian » May 22nd, 2010, 12:41 pm

ComboFix 10-05-21.06 - Bastiaan 05/22/2010 15:06:24.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.435 [GMT 1:00]
Running from: c:\documents and settings\Bastiaan\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: ThreatFire *On-access scanning enabled* (Updated) {67B2B9A1-25C8-4057-962D-807958FFC9E3}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\pragmamfeklnmal.dll
c:\documents and settings\All Users\Favorites\_favdata.dat
c:\documents and settings\Bastiaan\Application Data\inst.exe
c:\program files\Internet Explorer\IEXPLORER.EXE
c:\windows\PRAGMAeerchqfwhw
c:\windows\PRAGMAeerchqfwhw\pragmabbr.dll
c:\windows\PRAGMAeerchqfwhw\PRAGMAc.dll
c:\windows\PRAGMAeerchqfwhw\PRAGMAcfg.ini
c:\windows\PRAGMAeerchqfwhw\PRAGMAd.sys
c:\windows\PRAGMAeerchqfwhw\pragmaserf.dll
c:\windows\PRAGMAeerchqfwhw\PRAGMAsrcr.dat
c:\windows\system32\1524738870.dat
c:\windows\system32\dumphive.exe
c:\windows\system32\PRAGMAerrors.log
c:\windows\system32\pragmasrcr.dat
c:\windows\system32\Process.exe
c:\windows\system32\SrchSTS.exe
c:\windows\system32\sstray.exe
c:\windows\system32\tmp.reg
c:\windows\system32\VCCLSID.exe
c:\windows\system32\WS2Fix.exe

Infected copy of c:\windows\system32\drivers\rasacd.sys was found and disinfected
Restored copy from - Kitty had a snack :p
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_PRAGMAeerchqfwhw
-------\Legacy_PRAGMAeerchqfwhw
-------\Legacy_DHCPHTTPFILTER
-------\Legacy_SCARDSVRSSDPSRV
-------\Legacy_SYSMONLOGIDSVC
-------\Legacy_WMDMPMSNSCARDSVR
-------\Legacy_WSCSVCTGSRVC_TALKTALK
-------\Legacy_WSEARCHDHCP
-------\Service_DhcpHTTPFilter
-------\Service_SCardSvrSSDPSRV
-------\Service_SysmonLogidsvc
-------\Service_WmdmPmSNSCardSvr
-------\Service_wscsvctgsrvc_TalkTalk
-------\Service_WSearchDhcp


((((((((((((((((((((((((( Files Created from 2010-04-22 to 2010-05-22 )))))))))))))))))))))))))))))))
.

2010-05-20 19:10 . 2010-05-20 19:10 31 ----a-w- C:\troj000.exe
2010-05-20 19:10 . 2010-05-20 19:10 31 ----a-w- C:\spam003.exe
2010-05-20 19:10 . 2010-05-20 19:10 31 ----a-w- C:\spam001.exe
2010-05-15 16:09 . 2010-05-15 16:09 8832 ----a-w- c:\windows\system32\drivers\lhyrxbua.sys
2010-05-15 15:11 . 2010-05-16 23:10 -------- d-----w- c:\windows\system32\MpEngineStore
2010-05-15 13:40 . 2010-05-15 09:39 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-05-15 09:40 . 2010-02-04 15:53 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-05-15 09:40 . 2010-05-15 09:39 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-05-15 09:34 . 2010-05-15 09:35 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-05-13 19:19 . 2010-05-13 19:19 -------- d-----w- c:\documents and settings\Bastiaan\Application Data\Malwarebytes
2010-05-13 19:19 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-13 19:19 . 2010-05-13 19:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-05-13 19:18 . 2010-05-13 19:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-13 19:18 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-13 12:55 . 2010-05-13 12:55 -------- d-----w- c:\documents and settings\NetworkService\Application Data\AdobeUM
2010-05-13 12:33 . 2010-05-13 12:55 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-05-05 03:29 . 2010-05-05 20:33 -------- d-----w- c:\documents and settings\Bastiaan\Application Data\uTorrent
2010-04-29 19:51 . 2010-05-06 08:32 18809498 --sha-w- c:\windows\system32\1028v.sys
2010-04-27 18:59 . 2010-05-03 08:34 0 ----a-w- c:\windows\system32\Adobea.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-22 16:05 . 2007-01-02 13:15 -------- d-----w- c:\program files\SpeedFan
2010-05-22 14:02 . 2010-02-07 11:36 1787551 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
2010-05-22 09:15 . 2008-06-02 15:56 -------- d-----w- c:\documents and settings\Bastiaan\Application Data\Jarte
2010-05-21 23:05 . 2009-10-19 21:09 -------- d-----w- c:\program files\LogMeIn
2010-05-20 23:56 . 2008-03-12 14:16 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-05-20 23:56 . 2008-03-12 14:16 -------- d-----w- c:\program files\SpywareBlaster
2010-05-17 12:59 . 2010-05-17 12:59 4 ----a-w- c:\windows\system32\config\systemprofile\Application Data\ofubwi.dat
2010-05-15 14:53 . 2010-05-15 15:15 3112448 ----a-w- c:\windows\Internet Logs\xDB11.tmp
2010-05-15 13:39 . 2007-04-27 21:33 -------- d-----w- c:\program files\DeadDiskDoctor
2010-05-15 09:35 . 2007-08-21 13:21 -------- d-----w- c:\program files\Lavasoft
2010-05-15 09:34 . 2007-08-21 13:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-05-14 22:11 . 2010-02-05 16:14 -------- dc-h--w- c:\documents and settings\All Users\Application Data\~0
2010-05-14 20:38 . 2008-07-02 02:02 -------- d-----w- c:\documents and settings\Bastiaan\Application Data\Xaapg
2010-05-14 06:48 . 2009-12-09 12:43 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-05-13 19:22 . 2006-12-15 01:20 -------- d-----w- c:\program files\Java
2010-05-06 17:51 . 2007-01-01 23:07 -------- d-----w- c:\program files\FlashGet
2010-04-13 18:44 . 2010-04-10 13:01 37287265 --sha-w- c:\windows\system32\a3df.sys
2010-04-12 22:03 . 2010-04-10 19:15 0 ----a-w- c:\windows\system32\Ac3audioa.sys
2010-04-11 23:32 . 2010-04-12 22:02 1746432 ----a-w- c:\windows\Internet Logs\xDB1.tmp
2010-04-10 13:48 . 2010-04-10 13:39 -------- d-----w- c:\program files\JDownloader
2010-03-24 22:31 . 2009-12-09 13:05 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-24 22:31 . 2009-12-09 13:05 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-24 22:29 . 2009-12-09 13:05 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-10 06:15 . 2002-08-29 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-24 23:36 . 2010-02-24 23:36 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-02-24 23:36 . 2010-02-24 23:36 47360 ----a-w- c:\documents and settings\Bastiaan\Application Data\pcouffin.sys
2010-02-24 12:31 . 2002-08-29 12:00 454016 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2007-04-27 21:34 . 2007-04-27 21:34 0 ----a-w- c:\program files\Common Files\dht342126
1998-12-09 02:53 . 1998-12-09 02:53 99840 ----a-w- c:\program files\Common Files\IRAABOUT.DLL
1998-12-09 02:53 . 1998-12-09 02:53 70144 ----a-w- c:\program files\Common Files\IRAMDMTR.DLL
1998-12-09 02:53 . 1998-12-09 02:53 48640 ----a-w- c:\program files\Common Files\IRALPTTR.DLL
1998-12-09 02:53 . 1998-12-09 02:53 31744 ----a-w- c:\program files\Common Files\IRAWEBTR.DLL
1998-12-09 02:53 . 1998-12-09 02:53 186368 ----a-w- c:\program files\Common Files\IRAREG.DLL
1998-12-09 02:53 . 1998-12-09 02:53 17920 ----a-w- c:\program files\Common Files\IRASRIAL.DLL
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

------- Sigcheck -------

[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\wscntfy.exe
[-] 2008-04-14 . F92E1076C42FCD6DB3D72D8CFE9816D5 . 13824 . . [5.1.2600.5512] . . c:\windows\system32\wscntfy.exe
[7] 2004-08-04 . 49911DD39E023BB6C45E4E436CFBD297 . 13824 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\wscntfy.exe

[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\xmlprov.dll
[-] 2008-04-14 . 295D21F14C335B53CB8154E5B1F892B9 . 129024 . . [5.1.2600.5512] . . c:\windows\system32\xmlprov.dll
[7] 2004-08-04 . EEF46DAB68229A14DA3D8E73C99E2959 . 129536 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\xmlprov.dll

[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\ip6fw.sys
[-] 2008-04-13 . 3BB22519A194418D5FEC05D800A19AD0 . 36608 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ip6fw.sys
[7] 2004-08-04 . 4448006B6BC60E6C027932CFC38D6855 . 29056 . . [5.1.2600.2180] . . c:\windows\ServicePackFiles\i386\ip6fw.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-12-05 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 90112]
"speedfan"="c:\program files\SpeedFan\speedfan.exe" [2006-10-12 2619392]
"NVMixerTray"="c:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-12-20 131072]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-08-11 63048]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-11-22 1037192]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-11-25 113664]
Windows Search.lnk.disabled [2009-1-10 1787]
Yahoo! Autosync.lnk.disabled [2008-11-26 796]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2009-09-28 18:34 87352 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS\0lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=c:\windows\pss\Logitech SetPoint.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG9_TRAY]
2010-05-13 19:29 2064736 ----a-w- c:\progra~1\AVG\AVG9\avgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"avg9wd"=2 (0x2)
"TomTomHOMEService"=2 (0x2)
"sdCoreService"=3 (0x3)
"sdAuxService"=3 (0x3)
"CachemanXPService"=3 (0x3)
"NBService"=3 (0x3)
"InCDsrv"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"threadfire"="c:\program files\ThreatFire\TFGui.exe"
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" -s
"{7F5144C9-6AF1-668D-A48D-F65AC7DB4841}"="c:\documents and settings\Bastiaan\Application Data\Qoeqyk\ocryg.exe"
"Google Update"="c:\documents and settings\Bastiaan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"avgnt"="c:\program files\AntiVir PersonalEdition Premium\avgnt.exe" /min
"IconixOEAddOn"="c:\program files\Iconix\OEAddOn\OEdmn_3.exe"
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
"Logitech Hardware Abstraction Layer"=KHALMNPR.EXE
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"Radio Downloader"="c:\program files\Radio Downloader\Radio Downloader.exe" /hidemainwindow
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" -hide

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Kontiki\\KService.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
"c:\\Program Files\\TalkTalk\\agent\\bin\\bcont.exe"=
"c:\\Program Files\\Common Files\\SupportSoft\\bin\\tgsrvc.exe"=
"c:\\Program Files\\TalkTalk\\agent\\bin\\bcont_nm.exe"=
"c:\\Program Files\\TalkTalk\\bin\\sprtcmd.exe"=
"c:\\Program Files\\SPSSInc\\SPSS16\\spss.com"=
"c:\\Program Files\\SPSSInc\\SPSS16\\spss.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [5/15/2010 10:40 AM 64288]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [12/9/2009 2:05 PM 216200]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [3/15/2010 2:47 PM 116328]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/29/2008 5:03 PM 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/29/2008 5:03 PM 51440]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2/4/2010 4:52 PM 1314704]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [8/11/2008 12:41 PM 12856]
R2 PDRJNDL;PDRJNDL;c:\program files\Dekart\Private Disk Light\pdrjndl.sys [11/5/2004 4:35 PM 16512]
R2 PRVDISK;PRVDISK;c:\program files\Dekart\Private Disk Light\prvdisk.sys [11/5/2004 4:35 PM 14976]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [3/15/2010 2:47 PM 779496]
R2 sprtsvc_TalkTalk;SupportSoft Sprocket Service (TalkTalk);c:\program files\TalkTalk\bin\sprtsvc.exe [10/12/2007 8:33 AM 202016]
R2 tgsrvc_TalkTalk;SupportSoft Repair Service (TalkTalk);c:\program files\Common Files\SupportSoft\bin\tgsrvc.exe [8/2/2007 1:42 PM 148768]
S2 gupdate1c8c1bc51a95b48;Google Update Service (gupdate1c8c1bc51a95b48);c:\program files\Google\Update\GoogleUpdate.exe [2/25/2010 9:48 PM 135664]
S2 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\Nero\Nero 7\InCD\NBHRegInCDSrv.exe --> c:\program files\Nero\Nero 7\InCD\NBHRegInCDSrv.exe [?]
S2 RpcSsThemes;Remote Procedure Call (RPC) RpcSsThemes;c:\windows\system32\1031z.exe srv --> c:\windows\system32\1031z.exe srv [?]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [1/25/2007 6:31 PM 42000]
S3 SaiH0460;SaiH0460;c:\windows\system32\drivers\SaiH0460.sys [11/3/2005 11:52 AM 176640]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/16/2006 5:51 PM 4096]
S4 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [12/9/2009 1:43 PM 308064]
S4 CachemanXPService;CachemanXP;c:\progra~1\CACHEM~1\CachemanXP.exe [3/10/2007 4:50 PM 208384]
S4 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [5/25/2008 1:10 PM 337800]
S4 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [11/13/2009 12:31 PM 92008]
.
Contents of the 'Scheduled Tasks' folder

2010-05-22 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 23:56]

2010-05-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:57]

2010-05-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-25 20:46]

2010-05-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-25 20:46]

2010-05-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-842925246-1035525444-725345543-1003Core.job
- c:\documents and settings\Bastiaan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-20 13:33]

2010-05-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-842925246-1035525444-725345543-1003UA.job
- c:\documents and settings\Bastiaan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-20 13:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.mail.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mWindow Title = Microsoft Internet Explorer
uInternet Settings,ProxyOverride = *.local
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
IE: Download With NetLeech
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: StumbleUpon PhotoBlog It! - StumbleUponIEBar.dll/blogimage
IE: StumbleUpon: &Blog This
Trusted Zone: stumbleupon.com
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\Bastiaan\Application Data\Mozilla\Firefox\Profiles\zwjo3skh.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - component: c:\documents and settings\Bastiaan\Application Data\Mozilla\Firefox\Profiles\zwjo3skh.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\documents and settings\Bastiaan\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npagent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npBBCPlugin.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
MSConfigStartUp-TkBellExe - c:\program files\Common Files\Real\Update_OB\realsched.exe
AddRemove-AVI Codec Pack - c:\program files\AVI Codec Pack\uninstall.exe
AddRemove-RealJukebox 1.0 - c:\program files\Common Files\Real\Update_OB\r1puninst.exe
AddRemove-RealPlayer 6.0 - c:\program files\Common Files\Real\Update_OB\r1puninst.exe
AddRemove-Soft-Central SC-DiskInfo - c:\program files\SC-DiskInfo\Uninstall



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-22 17:04
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86351EE4]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf74ebfc3
\Driver\ACPI -> ACPI.sys @ 0xf743ecb8
\Driver\atapi -> atapi.sys @ 0xf73d07b4
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a18f6
ParseProcedure -> ntoskrnl.exe @ 0x8056f26d
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a18f6
ParseProcedure -> ntoskrnl.exe @ 0x8056f26d
user & kernel MBR OK

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="309A178F34D54D781CEF5FA4644DC95FA6ECF48CBA8E8D991E08D6AF4AE028BFD086236BE7A76701D7984677D4C1329BB803806E48812CDE4DDA30D4C52AFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933BA7FD869164D67949DB7CE019D40AA5CA6171C11EC38DE3DFE4E3900A8582C1F6DEADF89C6AF6C037083389ACA6F6D49B6A448A06982DF8210CEC6C7AD1AB35C900009334CBBE99A0E453C4844E1B932646776884EA50465111C8DFD1C8499F9984FCA33EC25D0FAC1F760BDEA41E48A1E813B5D5B0C30C2603E999E2031AC2E06F17F9D09E64CC151646B49740B18F78E8B69443CD0AA6B2F40EA4AF97FEF8FB103722C1641BB71595617DCAA003085B7A34A892F596D92052FF3C2FC93199CC6A1E5BA9DB7346D4A1F128D6D26BC216EE9969A894825CD391E9E71125492B4C1F10FCBBB137B80E692FB16ADC4049EDB867D0CB08B339B7B2447E236ECFB1CF69C168324608E57C68A6D53F1E97BB1FA21239321CE2DD8CCDC3C45794C27F90D4A982999ED1B8457E1EFC8D46752F69E671E8CE904DD4A83E442ED00261A5DFEAEA72CF5D1067B567B001A0452696C6A8C7AF52EE34117C860925401708F351A7AC69CA663E718D83B9193C20352735745B47125658AC91A75D613CA66775603E5F1AE2E3D0995468889A16697585431CAC1C899C89DD2C9CE316CBB88F279B02D133C2042EB17D9D1C2D6D9F077371BDB88646B8F9405FD9A34C2499959396C108D41A694439FA4060BE79B33DEAC08B8E2538E80BC18308C699E7B9F339754D1B460FE9D759B099B23303C4874A542A8A14908A498282E5BCB2B6D67C2785E39D2DB7A889FD6BF89432D645D5079E474861DF54ADCB298C0CA39D17FF6A5CD14A41E7E461082D44D1301CCE33F61E0E9C94A8684721C67FB4BBB6A3AF7C8C0AFDAB4030A4BB427673271449041FC7C5994EDFB29F82D62CE264B11AE20F423E11ACE174D88666ADC33E72DDC0BCDCE9B07CB2E51BF8FA801A5A3B139FD1C3901FCC2DACAB2F428B69AF1FD0505BA468635CB09DC4DD2AA5C8BA5CB78541998680F0984836922B900E2C23F0CCC0E227BA3788B6C5BEAAF300AD275CF19A62EF8D13FDC3C819250CAF9AF12B531F5F7584FFE4867D6AE504E4AD455E5F6E5B616BA24C0FB81D06E2BC232A68BB885AF06A73467F6615A7B8E69F72826CB5BC526B11FA18F244AED3A926944591933876C8D8EA489D10DF14B742BBEBF2CEE421694B70586DACEF8933315C4B2C2D70F795929CD52AFC94AE2F102FB25DC6DE655B41B0535C7951059639D956B52B3AB1F56C046C539F7EDB7D9B5D90F590741D6D61ACDB3C23607AFD48B3B9C9EE71653433B071E606399B0162163F7CFCF371433A921DED730853E"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(820)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\LMIinit.dll

- - - - - - - > 'explorer.exe'(7016)
c:\program files\Trusteer\Rapport\bin\rooksbas.dll
c:\windows\system32\ieframe.dll
c:\program files\Common Files\Ahead\Lib\NeroDigitalExt.dll
c:\program files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\LMIRfsClientNP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\LEXBCES.EXE
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\windows\system32\IoctlSvc.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.EXE
c:\program files\LogMeIn\x86\LMIGuardian.exe
.
**************************************************************************
.
Thank you,

this is it:

Completion time: 2010-05-22 17:22:03 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-22 16:21

Pre-Run: 127,030,804,480 bytes free
Post-Run: 127,051,853,824 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn

- - End Of File - - 32C8682D9F2993DE6150B88C9590955E
darrian
Active Member
 
Posts: 14
Joined: May 18th, 2010, 5:29 pm

Re: GOOGLE REDIRECTING

Unread postby km2357 » May 22nd, 2010, 1:54 pm

I noticed in your ComboFix Log that you have two Anti-Viruses listed:

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: ThreatFire *On-access scanning enabled* (Updated) {67B2B9A1-25C8-4057-962D-807958FFC9E3}


Do you have ThreatFire installed? If you do, please uninstall it via Add/Remove Programs. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.


Step # 1: Download and Run PragmaFix by Noahdfear

Download Pragmafix by Noahdfear from here and save it in a place you can remember such as, your desktop.
  • Click on Pragmafix.exe to run it
  • It shall produce PragmaFix.log in the C:\ folder.
  • Please post the results here.


Step # 2: Run CFScript

  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    Code: Select all
    KILLALL::
    
    RootKit::
    
    c:\windows\system32\drivers\lhyrxbua.sys
    
    File::
    
    C:\troj000.exe
    C:\spam003.exe
    C:\spam001.exe
    c:\windows\system32\1028v.sys
    c:\windows\system32\Adobea.sys
    c:\windows\Internet Logs\xDB11.tmp
    c:\windows\Internet Logs\xDB1.tmp
    c:\windows\system32\1031z.exe
    
    Folder::
    
    c:\documents and settings\Bastiaan\Application Data\uTorrent
    
    DirLook::
    
    c:\documents and settings\All Users\Application Data\~0
    c:\documents and settings\Bastiaan\Application Data\Xaapg
    
    FCopy::
    
    c:\windows\ServicePackFiles\i386\wscntfy.exe | c:\windows\system32\wscntfy.exe
    c:\windows\ServicePackFiles\i386\xmlprov.dll | c:\windows\system32\xmlprov.dll
    c:\windows\ServicePackFiles\i386\ip6fw.sys | c:\windows\system32\drivers\ip6fw.sys
    
    Driver::
    
    RpcSsThemes



  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.




    Image


    Note: This CFScript is for use on darrian's computer only! Do not use it on your computer.


  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.


CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


Step # 3: Download and Run TDSSKiller


Extract TDSSKiller.exe to your Desktop.

Run TDSSKiller.exe. You may be prompted to restart your machine. Type Y at the prompt

Once complete, a log will be produced at root. It will be named

UtilityName.Version_Date_Time_log.txt.

for example, C:\TDSSKiller.2.2.0_27.1.2010_15.31.43_log.txt.

If TDSSKiller does not reboot your computer, please reboot it.

Once it has booted back up, do the following:

Run Batchfile

Please copy (Ctrl+C) and paste (Ctrl+V) the following text in the codebox to Notepad. Save it as "All Files" and name it mbrlog.bat Please save it on your desktop.

Code: Select all
@echo off
mbr.exe -t
start mbr.log
del %0


Double click mbrlog.bat. A window will open and close. This is normal.


In your next post/reply, I need to see the following:

1. The PragmaFix Log
2. The ComboFix Log that appears after Step 2 has been completed.
3. The TDSS Killer Log
4. The mbrlog.bat Log/Results

Use multiple posts if you can't fit everything into one post.
User avatar
km2357
MRU Master
MRU Master
 
Posts: 3007
Joined: January 30th, 2007, 2:48 pm
Location: California

Re: GOOGLE REDIRECTING

Unread postby darrian » May 22nd, 2010, 8:36 pm

i disabled avg and removed threatfire
darrian
Active Member
 
Posts: 14
Joined: May 18th, 2010, 5:29 pm

Re: GOOGLE REDIRECTING

Unread postby km2357 » May 23rd, 2010, 12:59 pm

Ok, go ahead and do steps 1 through 3 (if you haven't already) from my previous post. :)
User avatar
km2357
MRU Master
MRU Master
 
Posts: 3007
Joined: January 30th, 2007, 2:48 pm
Location: California

Re: GOOGLE REDIRECTING

Unread postby darrian » May 23rd, 2010, 5:03 pm

here they are !!!

unfortunately adaware found a worm myddom that must have sneeked in whilst all my protection was switched off


Sun 05/23/2010 14:38:00.46

No embedded null keys found


ComboFix 10-05-22.03 - Bastiaan 05/23/2010 13:26:43.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.526 [GMT 1:00]
Running from: c:\documents and settings\Bastiaan\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Bastiaan\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: ThreatFire *On-access scanning enabled* (Updated) {67B2B9A1-25C8-4057-962D-807958FFC9E3}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

FILE ::
"C:\spam001.exe"
"C:\spam003.exe"
"C:\troj000.exe"
"c:\windows\Internet Logs\xDB1.tmp"
"c:\windows\Internet Logs\xDB11.tmp"
"c:\windows\system32\1028v.sys"
"c:\windows\system32\1031z.exe"
"c:\windows\system32\Adobea.sys"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Bastiaan\Application Data\Microsoft\HTML Help\hh.dat
c:\documents and settings\Bastiaan\Application Data\uTorrent
c:\documents and settings\Bastiaan\Application Data\uTorrent\dht.dat
c:\documents and settings\Bastiaan\Application Data\uTorrent\dht.dat.old
c:\documents and settings\Bastiaan\Application Data\uTorrent\resume.dat
c:\documents and settings\Bastiaan\Application Data\uTorrent\resume.dat.old
c:\documents and settings\Bastiaan\Application Data\uTorrent\rss.dat
c:\documents and settings\Bastiaan\Application Data\uTorrent\rss.dat.old
c:\documents and settings\Bastiaan\Application Data\uTorrent\settings.dat
c:\documents and settings\Bastiaan\Application Data\uTorrent\settings.dat.old
c:\documents and settings\Bastiaan\Application Data\uTorrent\Urga.torrent
c:\documents and settings\LocalService\Application Data\Microsoft\HTML Help\hh.dat
C:\spam001.exe
C:\spam003.exe
C:\troj000.exe
c:\windows\Internet Logs\xDB1.tmp
c:\windows\Internet Logs\xDB11.tmp
c:\windows\system32\1028v.sys
c:\windows\system32\Adobea.sys

Infected copy of c:\windows\system32\drivers\RasAcd.sys was found and disinfected
Restored copy from - Kitty had a snack :p
.
--------------- FCopy ---------------

c:\windows\ServicePackFiles\i386\wscntfy.exe --> c:\windows\system32\wscntfy.exe
c:\windows\ServicePackFiles\i386\xmlprov.dll --> c:\windows\system32\xmlprov.dll
c:\windows\ServicePackFiles\i386\ip6fw.sys --> c:\windows\system32\drivers\ip6fw.sys
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_RPCSSTHEMES
-------\Service_RpcSsThemes


((((((((((((((((((((((((( Files Created from 2010-04-23 to 2010-05-23 )))))))))))))))))))))))))))))))
.

2010-05-15 15:11 . 2010-05-16 23:10 -------- d-----w- c:\windows\system32\MpEngineStore
2010-05-15 13:40 . 2010-05-15 09:39 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-05-15 09:40 . 2010-02-04 15:53 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-05-15 09:40 . 2010-05-15 09:39 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-05-15 09:34 . 2010-05-15 09:35 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-05-13 19:19 . 2010-05-13 19:19 -------- d-----w- c:\documents and settings\Bastiaan\Application Data\Malwarebytes
2010-05-13 19:19 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-13 19:19 . 2010-05-13 19:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-05-13 19:18 . 2010-05-13 19:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-13 19:18 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-13 12:55 . 2010-05-13 12:55 -------- d-----w- c:\documents and settings\NetworkService\Application Data\AdobeUM
2010-05-13 12:33 . 2010-05-13 12:55 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-23 13:12 . 2007-01-02 13:15 -------- d-----w- c:\program files\SpeedFan
2010-05-23 10:31 . 2008-06-02 15:56 -------- d-----w- c:\documents and settings\Bastiaan\Application Data\Jarte
2010-05-23 05:33 . 2009-10-19 21:09 -------- d-----w- c:\program files\LogMeIn
2010-05-23 04:50 . 2008-01-16 20:39 -------- d-----w- c:\documents and settings\Bastiaan\Application Data\Reys
2010-05-20 23:56 . 2008-03-12 14:16 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-05-20 23:56 . 2008-03-12 14:16 -------- d-----w- c:\program files\SpywareBlaster
2010-05-17 12:59 . 2010-05-17 12:59 4 ----a-w- c:\windows\system32\config\systemprofile\Application Data\ofubwi.dat
2010-05-15 13:39 . 2007-04-27 21:33 -------- d-----w- c:\program files\DeadDiskDoctor
2010-05-15 09:35 . 2007-08-21 13:21 -------- d-----w- c:\program files\Lavasoft
2010-05-15 09:34 . 2007-08-21 13:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-05-14 22:11 . 2010-02-05 16:14 -------- dc-h--w- c:\documents and settings\All Users\Application Data\~0
2010-05-14 20:38 . 2008-07-02 02:02 -------- d-----w- c:\documents and settings\Bastiaan\Application Data\Xaapg
2010-05-14 06:48 . 2009-12-09 12:43 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-05-13 19:22 . 2006-12-15 01:20 -------- d-----w- c:\program files\Java
2010-05-06 17:51 . 2007-01-01 23:07 -------- d-----w- c:\program files\FlashGet
2010-04-13 18:44 . 2010-04-10 13:01 37287265 --sha-w- c:\windows\system32\a3df.sys
2010-04-12 22:03 . 2010-04-10 19:15 0 ----a-w- c:\windows\system32\Ac3audioa.sys
2010-04-10 13:48 . 2010-04-10 13:39 -------- d-----w- c:\program files\JDownloader
2010-03-24 22:31 . 2009-12-09 13:05 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-24 22:31 . 2009-12-09 13:05 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-24 22:29 . 2009-12-09 13:05 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-10 06:15 . 2002-08-29 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-24 23:36 . 2010-02-24 23:36 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-02-24 23:36 . 2010-02-24 23:36 47360 ----a-w- c:\documents and settings\Bastiaan\Application Data\pcouffin.sys
2010-02-24 12:31 . 2002-08-29 12:00 454016 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2007-04-27 21:34 . 2007-04-27 21:34 0 ----a-w- c:\program files\Common Files\dht342126
1998-12-09 02:53 . 1998-12-09 02:53 99840 ----a-w- c:\program files\Common Files\IRAABOUT.DLL
1998-12-09 02:53 . 1998-12-09 02:53 70144 ----a-w- c:\program files\Common Files\IRAMDMTR.DLL
1998-12-09 02:53 . 1998-12-09 02:53 48640 ----a-w- c:\program files\Common Files\IRALPTTR.DLL
1998-12-09 02:53 . 1998-12-09 02:53 31744 ----a-w- c:\program files\Common Files\IRAWEBTR.DLL
1998-12-09 02:53 . 1998-12-09 02:53 186368 ----a-w- c:\program files\Common Files\IRAREG.DLL
1998-12-09 02:53 . 1998-12-09 02:53 17920 ----a-w- c:\program files\Common Files\IRASRIAL.DLL
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\documents and settings\All Users\Application Data\~0 ----


---- Directory of c:\documents and settings\Bastiaan\Application Data\Xaapg ----



((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-12-05 39408]
"{0235B0CF-C077-35A0-3B8D-77F07A037B8A}"="c:\documents and settings\Bastiaan\Application Data\Ylkiox\byyx.exe" [2009-08-17 124447]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-09-25 90112]
"speedfan"="c:\program files\SpeedFan\speedfan.exe" [2006-10-12 2619392]
"NVMixerTray"="c:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2004-12-20 131072]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-08-11 63048]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-11-22 1037192]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
udty.exe [2010-5-23 123965]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-11-25 113664]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\KEM.exe [2007-2-17 581632]
Windows Search.lnk.disabled [2009-1-10 1787]
Yahoo! Autosync.lnk.disabled [2008-11-26 796]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2009-09-28 18:34 87352 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS\0lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"sdCoreService"=3 (0x3)
"sdAuxService"=3 (0x3)
"avg9wd"=2 (0x2)
"CachemanXPService"=3 (0x3)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"threadfire"="c:\program files\ThreatFire\TFGui.exe"
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" -s
"{7F5144C9-6AF1-668D-A48D-F65AC7DB4841}"="c:\documents and settings\Bastiaan\Application Data\Qoeqyk\ocryg.exe"
"Google Update"="c:\documents and settings\Bastiaan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"avgnt"="c:\program files\AntiVir PersonalEdition Premium\avgnt.exe" /min
"IconixOEAddOn"="c:\program files\Iconix\OEAddOn\OEdmn_3.exe"
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
"Logitech Hardware Abstraction Layer"=KHALMNPR.EXE
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"Radio Downloader"="c:\program files\Radio Downloader\Radio Downloader.exe" /hidemainwindow
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" -hide

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Kontiki\\KService.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
"c:\\Program Files\\TalkTalk\\agent\\bin\\bcont.exe"=
"c:\\Program Files\\Common Files\\SupportSoft\\bin\\tgsrvc.exe"=
"c:\\Program Files\\TalkTalk\\agent\\bin\\bcont_nm.exe"=
"c:\\Program Files\\TalkTalk\\bin\\sprtcmd.exe"=
"c:\\Program Files\\SPSSInc\\SPSS16\\spss.com"=
"c:\\Program Files\\SPSSInc\\SPSS16\\spss.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [5/15/2010 10:40 AM 64288]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [12/9/2009 2:05 PM 216200]
R1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [3/15/2010 2:47 PM 116328]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/29/2008 5:03 PM 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/29/2008 5:03 PM 51440]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2/4/2010 4:52 PM 1314704]
R2 PDRJNDL;PDRJNDL;c:\program files\Dekart\Private Disk Light\pdrjndl.sys [11/5/2004 4:35 PM 16512]
R2 PRVDISK;PRVDISK;c:\program files\Dekart\Private Disk Light\prvdisk.sys [11/5/2004 4:35 PM 14976]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [3/15/2010 2:47 PM 779496]
R2 sprtsvc_TalkTalk;SupportSoft Sprocket Service (TalkTalk);c:\program files\TalkTalk\bin\sprtsvc.exe [10/12/2007 8:33 AM 202016]
R2 tgsrvc_TalkTalk;SupportSoft Repair Service (TalkTalk);c:\program files\Common Files\SupportSoft\bin\tgsrvc.exe [8/2/2007 1:42 PM 148768]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [11/13/2009 12:31 PM 92008]
S2 gupdate1c8c1bc51a95b48;Google Update Service (gupdate1c8c1bc51a95b48);c:\program files\Google\Update\GoogleUpdate.exe [2/25/2010 9:48 PM 135664]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [8/11/2008 12:41 PM 12856]
S2 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\Nero\Nero 7\InCD\NBHRegInCDSrv.exe --> c:\program files\Nero\Nero 7\InCD\NBHRegInCDSrv.exe [?]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [1/25/2007 6:31 PM 42000]
S3 SaiH0460;SaiH0460;c:\windows\system32\drivers\SaiH0460.sys [11/3/2005 11:52 AM 176640]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/16/2006 5:51 PM 4096]
S4 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [12/9/2009 1:43 PM 308064]
S4 CachemanXPService;CachemanXP;c:\progra~1\CACHEM~1\CachemanXP.exe [3/10/2007 4:50 PM 208384]
S4 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [5/25/2008 1:10 PM 337800]
.
Contents of the 'Scheduled Tasks' folder

2010-05-23 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 23:56]

2010-05-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:57]

2010-05-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-25 20:46]

2010-05-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-25 20:46]

2010-05-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-842925246-1035525444-725345543-1003Core.job
- c:\documents and settings\Bastiaan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-20 13:33]

2010-05-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-842925246-1035525444-725345543-1003UA.job
- c:\documents and settings\Bastiaan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-20 13:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.mail.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mWindow Title = Microsoft Internet Explorer
uInternet Settings,ProxyOverride = *.local
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
IE: Download With NetLeech
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: StumbleUpon PhotoBlog It! - StumbleUponIEBar.dll/blogimage
IE: StumbleUpon: &Blog This
Trusted Zone: stumbleupon.com
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\Bastiaan\Application Data\Mozilla\Firefox\Profiles\zwjo3skh.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - component: c:\documents and settings\Bastiaan\Application Data\Mozilla\Firefox\Profiles\zwjo3skh.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\documents and settings\Bastiaan\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npagent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npBBCPlugin.dll

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-23 14:10
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="309A178F34D54D781CEF5FA4644DC95FA6ECF48CBA8E8D991E08D6AF4AE028BFD086236BE7A76701D7984677D4C1329BB803806E48812CDE4DDA30D4C52AFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933BA7FD869164D67949DB7CE019D40AA5CA6171C11EC38DE3DFE4E3900A8582C1F6DEADF89C6AF6C037083389ACA6F6D49B6A448A06982DF8210CEC6C7AD1AB35C900009334CBBE99A0E453C4844E1B932646776884EA50465111C8DFD1C8499F9984FCA33EC25D0FAC1F760BDEA41E48A1E813B5D5B0C30C2603E999E2031AC2E06F17F9D09E64CC151646B49740B18F78E8B69443CD0AA6B2F40EA4AF97FEF8FB103722C1641BB71595617DCAA003085B7A34A892F596D92052FF3C2FC93199CC6A1E5BA9DB7346D4A1F128D6D26BC216EE9969A894825CD391E9E71125492B4C1F10FCBBB137B80E692FB16ADC4049EDB867D0CB08B339B7B2447E236ECFB1CF69C168324608E57C68A6D53F1E97BB1FA21239321CE2DD8CCDC3C45794C27F90D4A982999ED1B8457E1EFC8D46752F69E671E8CE904DD4A83E442ED00261A5DFEAEA72CF5D1067B567B001A0452696C6A8C7AF52EE34117C860925401708F351A7AC69CA663E718D83B9193C20352735745B47125658AC91A75D613CA66775603E5F1AE2E3D0995468889A16697585431CAC1C899C89DD2C9CE316CBB88F279B02D133C2042EB17D9D1C2D6D9F077371BDB88646B8F9405FD9A34C2499959396C108D41A694439FA4060BE79B33DEAC08B8E2538E80BC18308C699E7B9F339754D1B460FE9D759B099B23303C4874A542A8A14908A498282E5BCB2B6D67C2785E39D2DB7A889FD6BF89432D645D5079E474861DF54ADCB298C0CA39D17FF6A5CD14A41E7E461082D44D1301CCE33F61E0E9C94A8684721C67FB4BBB6A3AF7C8C0AFDAB4030A4BB427673271449041FC7C5994EDFB29F82D62CE264B11AE20F423E11ACE174D88666ADC33E72DDC0BCDCE9B07CB2E51BF8FA801A5A3B139FD1C3901FCC2DACAB2F428B69AF1FD0505BA468635CB09DC4DD2AA5C8BA5CB78541998680F0984836922B900E2C23F0CCC0E227BA3788B6C5BEAAF300AD275CF19A62EF8D13FDC3C819250CAF9AF12B531F5F7584FFE4867D6AE504E4AD455E5F6E5B616BA24C0FB81D06E2BC232A68BB885AF06A73467F6615A7B8E69F72826CB5BC526B11FA18F244AED3A926944591933876C8D8EA489D10DF14B742BBEBF2CEE421694B70586DACEF8933315C4B2C2D70F795929CD52AFC94AE2F102FB25DC6DE655B41B0535C7951059639D956B52B3AB1F56C046C539F7EDB7D9B5D90F590741D6D61ACDB3C23607AFD48B3B9C9EE71653433B071E606399B0162163F7CFCF371433A921DED730853E"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(816)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\LMIinit.dll

- - - - - - - > 'explorer.exe'(5308)
c:\program files\Trusteer\Rapport\bin\rooksbas.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\LMIRfsClientNP.dll
c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll
c:\windows\system32\browselc.dll
c:\windows\system32\LightFrame3IECOM.dll
c:\program files\Audible\Bin\AudibleExt.dll
c:\program files\Common Files\Ahead\Lib\NeroDigitalExt.dll
c:\program files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
c:\program files\Unlocker\UnlockerCOM.dll
c:\program files\Nero\Nero 7\Nero BackItUp\NBShell.dll
c:\program files\Nero\Nero 7\Nero BackItUp\MFC71U.DLL
c:\program files\SUPERAntiSpyware\SASCTXMN.DLL
c:\program files\Zilla Data Nuker\CtxMenu.dll
c:\progra~1\WinZip\WZSHLSTB.DLL
c:\progra~1\WinZip\WZSHLEX1.dll
c:\progra~1\WinZip\WZCAB3.DLL
c:\program files\WinRAR\rarext.dll
c:\program files\Lavasoft\Ad-Aware\ShellExt.dll
c:\program files\Nero\Nero 7\InCD\InCDshx.dll
c:\windows\system32\wpdshext.dll
c:\windows\system32\Audiodev.dll
c:\windows\system32\WMVCore.DLL
c:\windows\system32\WMASF.DLL
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\LEXBCES.EXE
c:\program files\Nero\Nero 7\InCD\InCDsrv.exe
c:\windows\system32\IoctlSvc.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.EXE
c:\windows\system32\taskmgr.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
.
**************************************************************************
.
Completion time: 2010-05-23 14:28:41 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-23 13:28
ComboFix2.txt 2010-05-22 16:22

Pre-Run: 126,819,135,488 bytes free
Post-Run: 126,743,670,784 bytes free

- - End Of File - - D07053A90DF93C2A07C4E3A1A26CBEB1


14:34:25:453 7356 TDSS rootkit removing tool 2.3.0.0 May 12 2010 18:11:17
14:34:25:453 7356 ================================================================================
14:34:25:453 7356 SystemInfo:

14:34:25:453 7356 OS Version: 5.1.2600 ServicePack: 2.0
14:34:25:453 7356 Product type: Workstation
14:34:25:453 7356 ComputerName: FLYING-DUTCHMAN
14:34:25:453 7356 UserName: Bastiaan
14:34:25:453 7356 Windows directory: C:\WINDOWS
14:34:25:453 7356 Processor architecture: Intel x86
14:34:25:453 7356 Number of processors: 1
14:34:25:453 7356 Page size: 0x1000
14:34:25:453 7356 Boot type: Normal boot
14:34:25:453 7356 ================================================================================
14:34:25:468 7356 UnloadDriverW: NtUnloadDriver error 2
14:34:25:468 7356 ForceUnloadDriverW: UnloadDriverW(klmd23) error 2
14:34:25:484 7356 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system
14:34:25:484 7356 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
14:34:25:484 7356 wfopen_ex: Trying to KLMD file open
14:34:25:484 7356 wfopen_ex: File opened ok (Flags 2)
14:34:25:484 7356 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software
14:34:25:484 7356 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
14:34:25:484 7356 wfopen_ex: Trying to KLMD file open
14:34:25:484 7356 wfopen_ex: File opened ok (Flags 2)
14:34:25:484 7356 KLAVA engine initialized
14:34:25:671 7356 Initialize success
14:34:25:671 7356
14:34:25:671 7356 Scanning Services ...
14:34:25:734 7356 Raw services enum returned 418 services
14:34:25:750 7356
14:34:25:750 7356 Scanning Drivers ...
14:34:25:906 7356 61883 (86d7b1e70661d754685b9ac6d749aae5) C:\WINDOWS\system32\DRIVERS\61883.sys
14:34:26:046 7356 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
14:34:26:093 7356 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
14:34:26:171 7356 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
14:34:26:328 7356 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
14:34:26:546 7356 ALCXWDM (02d94d2d336d3de8c5e8fe04a62d552d) C:\WINDOWS\system32\drivers\ALCXWDM.SYS
14:34:26:828 7356 AmdK7 (680ad1c1bb16239e28d8f33a54a7a3c7) C:\WINDOWS\system32\DRIVERS\amdk7.sys
14:34:26:921 7356 AmdPPM (033448d435e65c4bd72e70521fd05c76) C:\WINDOWS\system32\DRIVERS\AmdPPM.sys
14:34:26:984 7356 Arp1394 (f0d692b0bffb46e30eb3cea168bbc49f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
14:34:27:078 7356 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14:34:27:125 7356 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
14:34:27:296 7356 ati2mtag (0c2ca1c294938139829b1983a0c38b31) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
14:34:27:562 7356 ATIAVAIW (e2096bd905d903b60df984e9a8ec658f) C:\WINDOWS\system32\DRIVERS\atinavt2.sys
14:34:27:703 7356 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
14:34:27:906 7356 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
14:34:27:953 7356 Avc (87c223adb8f7596b31caae3c67b16ddd) C:\WINDOWS\system32\DRIVERS\avc.sys
14:34:28:031 7356 AvgLdx86 (9c0a7e6d3cb9a8a7ad4e4575d9a42e94) C:\WINDOWS\System32\Drivers\avgldx86.sys
14:34:28:078 7356 AvgMfx86 (f9caeec3ff1545991f490264429724c5) C:\WINDOWS\System32\Drivers\avgmfx86.sys
14:34:28:140 7356 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
14:34:28:203 7356 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
14:34:28:296 7356 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
14:34:28:406 7356 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
14:34:28:453 7356 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
14:34:28:546 7356 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
14:34:28:843 7356 cmuda (53f4cc55f3c255439c5973e31f0adce7) C:\WINDOWS\system32\drivers\cmuda.sys
14:34:28:968 7356 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
14:34:29:046 7356 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
14:34:29:125 7356 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\DRIVERS\dmio.sys
14:34:29:203 7356 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
14:34:29:265 7356 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
14:34:29:343 7356 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
14:34:29:390 7356 ENTECH (fd9fc82f134b1c91004ffc76a5ae494b) C:\WINDOWS\system32\DRIVERS\ENTECH.sys
14:34:29:437 7356 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
14:34:29:484 7356 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
14:34:29:640 7356 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
14:34:29:765 7356 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
14:34:29:843 7356 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
14:34:29:953 7356 FreshIO (caac750e6d27866c28494e0de9fa802a) C:\Program Files\FreshDevices\FreshDiagnose\FreshIO.sys
14:34:30:000 7356 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
14:34:30:093 7356 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
14:34:30:156 7356 GEARAspiWDM (5dc17164f66380cbfefd895c18467773) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
14:34:30:203 7356 giveio (77ebf3e9386daa51551af429052d88d0) C:\WINDOWS\system32\giveio.sys
14:34:30:265 7356 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
14:34:30:343 7356 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
14:34:30:406 7356 HTTP (f6aacf5bce2893e0c1754afeb672e5c9) C:\WINDOWS\system32\Drivers\HTTP.sys
14:34:30:734 7356 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
14:34:30:796 7356 IKFileSec (3d8a88bd1e6a640807691198a8342e8c) C:\WINDOWS\system32\drivers\ikfilesec.sys
14:34:30:828 7356 IKSysFlt (7583e2211097d273fca4e3fce04f639f) C:\WINDOWS\system32\drivers\iksysflt.sys
14:34:30:859 7356 IKSysSec (2402f65f1eca5159c8f0f16066f4bded) C:\WINDOWS\system32\drivers\iksyssec.sys
14:34:30:890 7356 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
14:34:30:921 7356 InCDfs (bc49161697ac99586de35b7839518487) C:\WINDOWS\system32\drivers\InCDFs.sys
14:34:30:953 7356 InCDPass (1be060598b70d8f9b19968e3f45f2a64) C:\WINDOWS\system32\drivers\InCDPass.sys
14:34:31:000 7356 InCDrec (4c5ae0f52a47e09b29b7312c55d44840) C:\WINDOWS\system32\drivers\InCDRec.sys
14:34:31:062 7356 incdrm (baa8d6cb8850dc654cd952ca5fd61e33) C:\WINDOWS\system32\drivers\InCDRm.sys
14:34:31:250 7356 ip6fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\drivers\ip6fw.sys
14:34:31:281 7356 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
14:34:31:312 7356 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
14:34:31:375 7356 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
14:34:31:500 7356 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
14:34:31:531 7356 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
14:34:31:562 7356 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
14:34:31:609 7356 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
14:34:31:640 7356 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
14:34:31:718 7356 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
14:34:31:765 7356 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
14:34:31:828 7356 L8042mou (efcc6d56fe8ba50bb7ecf300b60a66a3) C:\WINDOWS\system32\DRIVERS\L8042mou.Sys
14:34:31:890 7356 Lbd (713cd5267abfb86fe90a72e384e82a38) C:\WINDOWS\system32\DRIVERS\Lbd.sys
14:34:31:953 7356 LHidKe (452ecfc32a4b5d9a761e113f149e1b9e) C:\WINDOWS\system32\DRIVERS\LHidKE.Sys
14:34:32:015 7356 LHidUsbK (9c92312dd1ab42e627710fb89bbbcd1e) C:\WINDOWS\system32\Drivers\LHidUsbK.Sys
14:34:32:156 7356 LMIInfo (4f69faaabb7db0d43e327c0b6aab40fc) C:\Program Files\LogMeIn\x86\RaInfo.sys
14:34:32:218 7356 lmimirr (4477689e2d8ae6b78ba34c9af4cc1ed1) C:\WINDOWS\system32\DRIVERS\lmimirr.sys
14:34:32:265 7356 LMIRfsDriver (3faa563ddf853320f90259d455a01d79) C:\WINDOWS\system32\drivers\LMIRfsDriver.sys
14:34:32:281 7356 LMouKE (95871e8c4aecfed95f884d2d10b8bcfb) C:\WINDOWS\system32\DRIVERS\LMouKE.Sys
14:34:32:343 7356 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
14:34:32:406 7356 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
14:34:32:453 7356 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
14:34:32:593 7356 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
14:34:32:640 7356 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
14:34:32:671 7356 MPE (55a9a7e6bb297bf0f5b144029dcb79cc) C:\WINDOWS\system32\DRIVERS\MPE.sys
14:34:32:750 7356 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
14:34:32:875 7356 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
14:34:32:921 7356 MSDV (6dd721dfd2648f3f6d5808b5ba6cb095) C:\WINDOWS\system32\DRIVERS\msdv.sys
14:34:32:984 7356 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
14:34:33:015 7356 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
14:34:33:109 7356 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
14:34:33:140 7356 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
14:34:33:218 7356 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
14:34:33:265 7356 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
14:34:33:281 7356 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
14:34:33:328 7356 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
14:34:33:390 7356 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
14:34:33:484 7356 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
14:34:33:562 7356 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
14:34:33:671 7356 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14:34:33:718 7356 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
14:34:33:765 7356 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
14:34:33:875 7356 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
14:34:34:062 7356 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
14:34:34:140 7356 NIC1394 (5c5c53db4fef16cf87b9911c7e8c6fbc) C:\WINDOWS\system32\DRIVERS\nic1394.sys
14:34:34:203 7356 nm (60cf8c7192b3614f240838ddbaa4a245) C:\WINDOWS\system32\DRIVERS\NMnt.sys
14:34:34:234 7356 nmwcd (4a8a2aa0706b659175169decf198e9d7) C:\WINDOWS\system32\drivers\ccdcmb.sys
14:34:34:296 7356 nmwcdc (fd3e61831095ac62e6840d986b5a2016) C:\WINDOWS\system32\drivers\ccdcmbo.sys
14:34:34:343 7356 NPF (b15e0180c43d8b5219196d76878cc2dd) C:\WINDOWS\system32\drivers\npf.sys
14:34:34:390 7356 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
14:34:34:468 7356 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
14:34:34:546 7356 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
14:34:34:734 7356 nv (ba1b732c1a70cfea0c1b64f2850bf44f) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
14:34:34:906 7356 nvatabus (46deed4c6c5fa765f9a2c723be60348d) C:\WINDOWS\system32\DRIVERS\nvatabus.sys
14:34:34:984 7356 nvax (fb8595ef3ceb81f0da3f6f211b2df932) C:\WINDOWS\system32\drivers\nvax.sys
14:34:35:093 7356 NVENET (1cf77b30dee5c75dea1eee697281802c) C:\WINDOWS\system32\DRIVERS\NVENET.sys
14:34:35:140 7356 nvnforce (d2315cd3053fc3b4250dc2dbd0ac49e4) C:\WINDOWS\system32\drivers\nvapu.sys
14:34:35:203 7356 nv_agp (3194e2f6c9000c39dcf9d0580754f714) C:\WINDOWS\system32\DRIVERS\nv_agp.sys
14:34:35:265 7356 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
14:34:35:296 7356 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
14:34:35:375 7356 ohci1394 (0951db8e5823ea366b0e408d71e1ba2a) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
14:34:35:437 7356 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
14:34:35:484 7356 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
14:34:35:578 7356 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
14:34:35:656 7356 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
14:34:35:812 7356 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
14:34:35:906 7356 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys
14:34:35:968 7356 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
14:34:36:031 7356 pcouffin (5b6c11de7e839c05248ced8825470fef) C:\WINDOWS\system32\Drivers\pcouffin.sys
14:34:36:234 7356 PDRJNDL (ce9f92ddd0a5f362929f86fdfafaae03) C:\Program Files\Dekart\Private Disk Light\PDRJNDL.SYS
14:34:36:328 7356 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
14:34:36:390 7356 PQNTDrv (4228630829c0e521c43d882a00533374) C:\WINDOWS\system32\drivers\PQNTDrv.sys
14:34:36:453 7356 Processor (0d97d88720a4087ec93af7dbb303b30a) C:\WINDOWS\system32\DRIVERS\processr.sys
14:34:36:500 7356 PRVDISK (2ed75a13c142a468910569013c2df7ea) C:\Program Files\Dekart\Private Disk Light\PRVDISK.SYS
14:34:36:531 7356 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
14:34:36:562 7356 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
14:34:36:625 7356 PxHelp20 (d86b4a68565e444d76457f14172c875a) C:\WINDOWS\system32\Drivers\PxHelp20.sys
14:34:36:796 7356 RapportPG (92d289c130204ad11d8508df94886a84) C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys
14:34:36:828 7356 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
14:34:36:875 7356 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
14:34:36:890 7356 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
14:34:36:921 7356 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
14:34:37:000 7356 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
14:34:37:031 7356 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
14:34:37:078 7356 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
14:34:37:125 7356 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
14:34:37:265 7356 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
14:34:37:296 7356 SaiH0460 (99c7c809b34d2dbc383de491860eb4a3) C:\WINDOWS\system32\DRIVERS\SaiH0460.sys
14:34:37:343 7356 SaiMini (92b13996a122024374107605e34c6b59) C:\WINDOWS\system32\DRIVERS\SaiMini.sys
14:34:37:359 7356 SaiNtBus (60bd55d3a37e94e7952af68c7f74d6b9) C:\WINDOWS\system32\drivers\SaiBus.sys
14:34:37:468 7356 SASDIFSV (c5d996556c9df4716a09e7f8c3ddd2cf) C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
14:34:37:500 7356 SASENUM (7f1085895e499907f68df7731924122b) C:\Program Files\SUPERAntiSpyware\SASENUM.SYS
14:34:37:531 7356 SASKUTIL (1380ab4ac393b5d3e21521fced3cd834) C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys
14:34:37:640 7356 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
14:34:37:734 7356 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
14:34:37:796 7356 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
14:34:37:875 7356 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
14:34:37:937 7356 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
14:34:37:968 7356 SoC PC-Camera Service (105531f39b6f85bb0a025182d8d8c37b) C:\WINDOWS\system32\DRIVERS\pfc027.sys
14:34:38:031 7356 speedfan (5d6401db90ec81b71f8e2c5c8f0fef23) C:\WINDOWS\system32\speedfan.sys
14:34:38:093 7356 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
14:34:38:156 7356 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
14:34:38:281 7356 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
14:34:38:343 7356 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
14:34:38:375 7356 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
14:34:38:437 7356 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
14:34:38:843 7356 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
14:34:38:953 7356 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
14:34:39:046 7356 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
14:34:39:093 7356 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
14:34:39:125 7356 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
14:34:39:218 7356 truecrypt (db0815523ac07445a2f09dcd2acea8c3) C:\WINDOWS\system32\drivers\truecrypt.sys
14:34:39:281 7356 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
14:34:39:359 7356 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
14:34:39:390 7356 upperdev (587e643a4e2ffd9a00f114b057ceb773) C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
14:34:39:437 7356 USBAAPL (f340199e8cb097e1acd58a967c665919) C:\WINDOWS\system32\Drivers\usbaapl.sys
14:34:39:468 7356 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
14:34:39:609 7356 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
14:34:39:625 7356 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
14:34:39:671 7356 usbohci (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys
14:34:39:734 7356 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
14:34:39:765 7356 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
14:34:39:812 7356 usbser (49106ee29074e6a3d3ac9e24c6d791d8) C:\WINDOWS\system32\drivers\usbser.sys
14:34:39:843 7356 UsbserFilt (fca6a196d47cb972a0e4adc0db9cd17c) C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
14:34:39:859 7356 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
14:34:39:921 7356 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
14:34:40:015 7356 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
14:34:40:171 7356 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
14:34:40:250 7356 vsdatant (765d208d688075d2b01d5a2e9eaa6ddc) C:\WINDOWS\system32\vsdatant.sys
14:34:40:312 7356 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
14:34:40:390 7356 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\DRIVERS\Wdf01000.sys
14:34:40:468 7356 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
14:34:40:531 7356 WpdUsb (cf4def1bf66f06964dc0d91844239104) C:\WINDOWS\system32\Drivers\wpdusb.sys
14:34:40:640 7356 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
14:34:40:687 7356 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
14:34:40:796 7356 WudfPf (6ff66513d372d479ef1810223c8d20ce) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
14:34:40:859 7356 WudfRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
14:34:40:859 7356
14:34:40:859 7356 Completed
14:34:40:859 7356
14:34:40:859 7356 Results:
14:34:40:859 7356 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
14:34:40:859 7356 File objects infected / cured / cured on reboot: 0 / 0 / 0
14:34:40:859 7356
14:34:40:859 7356 fclose_ex: Trying to close file C:\WINDOWS\system32\config\system
14:34:40:859 7356 fclose_ex: Trying to close file C:\WINDOWS\system32\config\software
14:34:40:875 7356 KLMD(ARK) unloaded successfully

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll nvatabus.sys
kernel: MBR read successfully
user & kernel MBR OK
darrian
Active Member
 
Posts: 14
Joined: May 18th, 2010, 5:29 pm

Re: GOOGLE REDIRECTING

Unread postby km2357 » May 23rd, 2010, 8:28 pm

Delete CFScript.txt from your Desktop, you will be creating and running a new one.


Step # 1: Run CFScript

  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    Code: Select all
    KILLALL::
    
    DeQuarantine::
    
    C:\QooBox\Quarantine\c\documents and settings\Bastiaan\Application Data\Microsoft\HTML Help\hh.dat.vir
    C:\QooBox\Quarantine\c\documents and settings\LocalService\Application Data\Microsoft\HTML Help\hh.dat.vir
    
    File::
    
    c:\documents and settings\Administrator\Start Menu\Programs\Startup\
    udty.exe
    
    Folder::
    
    c:\documents and settings\All Users\Application Data\~0
    c:\documents and settings\Bastiaan\Application Data\Xaapg
    c:\documents and settings\Bastiaan\Application Data\Ylkiox
    
    Registry::
    
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "{0235B0CF-C077-35A0-3B8D-77F07A037B8A}"=-



  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.




    Image


    Note: This CFScript is for use on darrian's computer only! Do not use it on your computer.


  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.


CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

In your next post/reply, I need to see the following:

1. The ComboFix Log that appears after Step 1 has been completed.
2. A fresh DDS Log taken after Step 1 has been completed.
User avatar
km2357
MRU Master
MRU Master
 
Posts: 3007
Joined: January 30th, 2007, 2:48 pm
Location: California

Re: GOOGLE REDIRECTING

Unread postby darrian » May 24th, 2010, 5:10 pm

here is everything

Thanks so far

D.

ComboFix 10-05-22.03 - Bastiaan 05/24/2010 20:21:10.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.439 [GMT 1:00]
Running from: c:\documents and settings\Bastiaan\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Bastiaan\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: ThreatFire *On-access scanning enabled* (Updated) {67B2B9A1-25C8-4057-962D-807958FFC9E3}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

FILE ::
"c:\documents and settings\Administrator\Start Menu\Programs\Startup\"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\~0
c:\documents and settings\Bastiaan\Application Data\Microsoft\HTML Help\hh.dat
c:\documents and settings\LocalService\Application Data\Microsoft\HTML Help\hh.dat

.
((((((((((((((((((((((((( Files Created from 2010-04-24 to 2010-05-24 )))))))))))))))))))))))))))))))
.

2010-05-23 13:37 . 2006-11-01 13:06 162616 ----a-w- c:\windows\RegDelNull.exe
2010-05-15 15:11 . 2010-05-16 23:10 -------- d-----w- c:\windows\system32\MpEngineStore
2010-05-15 13:40 . 2010-05-15 09:39 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-05-15 09:40 . 2010-02-04 15:53 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-05-15 09:40 . 2010-05-15 09:39 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-05-15 09:34 . 2010-05-15 09:35 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-05-13 19:19 . 2010-05-13 19:19 -------- d-----w- c:\documents and settings\Bastiaan\Application Data\Malwarebytes
2010-05-13 19:19 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-13 19:19 . 2010-05-13 19:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-05-13 19:18 . 2010-05-13 19:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-13 19:18 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-13 12:55 . 2010-05-13 12:55 -------- d-----w- c:\documents and settings\NetworkService\Application Data\AdobeUM
2010-05-13 12:33 . 2010-05-13 12:55 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-24 20:30 . 2007-01-02 13:15 -------- d-----w- c:\program files\SpeedFan
2010-05-24 19:59 . 2010-02-07 11:36 6286514 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
2010-05-24 06:14 . 2009-10-19 21:09 -------- d-----w- c:\program files\LogMeIn
2010-05-23 21:47 . 2009-10-10 08:38 36864 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{F983B4FE-547B-4C44-BAF7-4F4DBA93D548}\Installer\CommonCustomActions\Sleep.exe
2010-05-23 21:47 . 2008-09-26 12:11 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{A8C3710A-0BCA-4F10-9EC3-A302A1F1FA82}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2010-05-23 21:47 . 2008-09-26 12:11 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{A8C3710A-0BCA-4F10-9EC3-A302A1F1FA82}\Installer\CommonCustomActions\UninstPCS.exe
2010-05-23 21:47 . 2009-10-09 10:01 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCSFEMsi.exe
2010-05-23 21:47 . 2009-10-09 10:01 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\UninstPCS.exe
2010-05-23 21:47 . 2009-10-09 10:01 95232 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{3D39E775-DDDA-4327-B747-0BDC5F191331}\Installer\CommonCustomActions\pcswpcsi.exe
2010-05-23 20:49 . 2008-01-16 20:39 -------- d-----w- c:\documents and settings\Bastiaan\Application Data\Reys
2010-05-23 10:31 . 2008-06-02 15:56 -------- d-----w- c:\documents and settings\Bastiaan\Application Data\Jarte
2010-05-20 23:56 . 2008-03-12 14:16 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-05-20 23:56 . 2008-03-12 14:16 -------- d-----w- c:\program files\SpywareBlaster
2010-05-18 21:23 . 2010-05-18 21:23 388096 ----a-r- c:\documents and settings\Bastiaan\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-05-17 12:59 . 2010-05-17 12:59 4 ----a-w- c:\windows\system32\config\systemprofile\Application Data\ofubwi.dat
2010-05-15 13:39 . 2007-04-27 21:33 -------- d-----w- c:\program files\DeadDiskDoctor
2010-05-15 09:35 . 2007-08-21 13:21 -------- d-----w- c:\program files\Lavasoft
2010-05-15 09:34 . 2007-08-21 13:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-05-14 06:48 . 2009-12-09 12:43 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-05-13 19:33 . 2010-05-13 19:33 4093280 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgui.exe
2010-05-13 19:32 . 2010-05-13 19:32 2064224 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtray.exe
2010-05-13 19:32 . 2010-05-13 19:32 1276768 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgfrw.exe
2010-05-13 19:31 . 2010-05-13 19:31 1245464 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgabout.dll
2010-05-13 19:31 . 2010-05-13 19:31 4258144 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
2010-05-13 19:24 . 2010-05-13 19:24 1689952 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
2010-05-13 19:22 . 2006-12-15 01:20 -------- d-----w- c:\program files\Java
2010-05-06 17:51 . 2007-01-01 23:07 -------- d-----w- c:\program files\FlashGet
2010-04-13 18:44 . 2010-04-10 13:01 37287265 --sha-w- c:\windows\system32\a3df.sys
2010-04-12 22:03 . 2010-04-10 19:15 0 ----a-w- c:\windows\system32\Ac3audioa.sys
2010-04-10 13:48 . 2010-04-10 13:39 -------- d-----w- c:\program files\JDownloader
2010-03-26 09:33 . 2010-04-28 18:04 1496064 ----a-w- c:\documents and settings\Bastiaan\Application Data\Mozilla\Firefox\Profiles\zwjo3skh.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2010-03-26 09:33 . 2010-04-28 18:04 43008 ----a-w- c:\documents and settings\Bastiaan\Application Data\Mozilla\Firefox\Profiles\zwjo3skh.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2010-03-26 09:33 . 2010-04-28 18:04 339456 ----a-w- c:\documents and settings\Bastiaan\Application Data\Mozilla\Firefox\Profiles\zwjo3skh.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2010-03-26 09:32 . 2010-04-28 18:04 346112 ----a-w- c:\documents and settings\Bastiaan\Application Data\Mozilla\Firefox\Profiles\zwjo3skh.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2010-03-24 22:31 . 2009-12-09 13:05 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-24 22:31 . 2009-12-09 13:05 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-24 22:29 . 2009-12-09 13:05 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-10 06:15 . 2002-08-29 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-24 23:36 . 2010-02-24 23:36 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-02-24 23:36 . 2010-02-24 23:36 47360 ----a-w- c:\documents and settings\Bastiaan\Application Data\pcouffin.sys
2010-02-24 23:36 . 2010-02-24 23:36 47360 ----a-w- c:\documents and settings\Bastiaan\Application Data\pcouffin.sys
2010-02-24 12:31 . 2002-08-29 12:00 454016 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2007-04-27 21:34 . 2007-04-27 21:34 0 ----a-w- c:\program files\Common Files\dht342126
1998-12-09 02:53 . 1998-12-09 02:53 99840 ----a-w- c:\program files\Common Files\IRAABOUT.DLL
1998-12-09 02:53 . 1998-12-09 02:53 70144 ----a-w- c:\program files\Common Files\IRAMDMTR.DLL
1998-12-09 02:53 . 1998-12-09 02:53 48640 ----a-w- c:\program files\Common Files\IRALPTTR.DLL
1998-12-09 02:53 . 1998-12-09 02:53 31744 ----a-w- c:\program files\Common Files\IRAWEBTR.DLL
1998-12-09 02:53 . 1998-12-09 02:53 186368 ----a-w- c:\program files\Common Files\IRAREG.DLL
1998-12-09 02:53 . 1998-12-09 02:53 17920 ----a-w- c:\program files\Common Files\IRASRIAL.DLL
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-12-05 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2010-05-23 90112]
"speedfan"="c:\program files\SpeedFan\speedfan.exe" [2009-11-25 4009592]
"NVMixerTray"="c:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2010-05-23 131072]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-08-11 63048]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-11-22 1037192]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
udty.exe [2010-5-23 123904]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-11-25 113664]
Logitech SetPoint.lnk.disabled [2007-2-25 1646]
Windows Search.lnk.disabled [2009-1-10 1787]
Yahoo! Autosync.lnk.disabled [2008-11-26 796]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2009-09-28 18:34 87352 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS\0lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"sdCoreService"=3 (0x3)
"sdAuxService"=3 (0x3)
"CachemanXPService"=3 (0x3)
"WMPNetworkSvc"=3 (0x3)
"tgsrvc_TalkTalk"=2 (0x2)
"sprtsvc_TalkTalk"=2 (0x2)
"rpcapd"=3 (0x3)
"O&O Defrag"=2 (0x2)
"NeroRegInCDSrv"=2 (0x2)
"gusvc"=3 (0x3)
"gupdate1c8c1bc51a95b48"=2 (0x2)
"Bonjour Service"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
"TomTomHOMEService"=2 (0x2)
"NBService"=3 (0x3)
"InCDsrv"=2 (0x2)
"LexBceS"=2 (0x2)
"avg9wd"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"threadfire"="c:\program files\ThreatFire\TFGui.exe"
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" -s
"Google Update"="c:\documents and settings\Bastiaan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"IconixOEAddOn"="c:\program files\Iconix\OEAddOn\OEdmn_3.exe"
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
"Logitech Hardware Abstraction Layer"=KHALMNPR.EXE
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"Radio Downloader"="c:\program files\Radio Downloader\Radio Downloader.exe" /hidemainwindow
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" -hide
"avgnt"="c:\program files\AVG\AVG9\avgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Kontiki\\KService.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
"c:\\Program Files\\TalkTalk\\agent\\bin\\bcont.exe"=
"c:\\Program Files\\Common Files\\SupportSoft\\bin\\tgsrvc.exe"=
"c:\\Program Files\\TalkTalk\\agent\\bin\\bcont_nm.exe"=
"c:\\Program Files\\TalkTalk\\bin\\sprtcmd.exe"=
"c:\\Program Files\\SPSSInc\\SPSS16\\spss.com"=
"c:\\Program Files\\SPSSInc\\SPSS16\\spss.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [5/15/2010 10:40 AM 64288]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [12/9/2009 2:05 PM 216200]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/29/2008 5:03 PM 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/29/2008 5:03 PM 51440]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2/4/2010 4:52 PM 1314704]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [8/11/2008 12:41 PM 12856]
R2 PDRJNDL;PDRJNDL;c:\program files\Dekart\Private Disk Light\pdrjndl.sys [11/5/2004 4:35 PM 16512]
R2 PRVDISK;PRVDISK;c:\program files\Dekart\Private Disk Light\prvdisk.sys [11/5/2004 4:35 PM 14976]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [3/15/2010 2:47 PM 779496]
S1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [3/15/2010 2:47 PM 0]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [1/25/2007 6:31 PM 42000]
S3 SaiH0460;SaiH0460;c:\windows\system32\drivers\SaiH0460.sys [11/3/2005 11:52 AM 176640]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/16/2006 5:51 PM 4096]
S4 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [12/9/2009 1:43 PM 308064]
S4 CachemanXPService;CachemanXP;c:\progra~1\CACHEM~1\CachemanXP.exe [3/10/2007 4:50 PM 208384]
S4 gupdate1c8c1bc51a95b48;Google Update Service (gupdate1c8c1bc51a95b48);c:\program files\Google\Update\GoogleUpdate.exe [2/25/2010 9:48 PM 135664]
S4 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\Nero\Nero 7\InCD\NBHRegInCDSrv.exe --> c:\program files\Nero\Nero 7\InCD\NBHRegInCDSrv.exe [?]
S4 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [5/25/2008 1:10 PM 337800]
S4 sprtsvc_TalkTalk;SupportSoft Sprocket Service (TalkTalk);c:\program files\TalkTalk\bin\sprtsvc.exe [10/12/2007 8:33 AM 202016]
S4 tgsrvc_TalkTalk;SupportSoft Repair Service (TalkTalk);c:\program files\Common Files\SupportSoft\bin\tgsrvc.exe [8/2/2007 1:42 PM 148768]
S4 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [11/13/2009 12:31 PM 92008]
.
Contents of the 'Scheduled Tasks' folder

2010-05-24 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 23:56]

2010-05-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:57]

2010-05-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-25 20:46]

2010-05-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-25 20:46]

2010-05-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-842925246-1035525444-725345543-1003Core.job
- c:\documents and settings\Bastiaan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-20 13:33]

2010-05-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-842925246-1035525444-725345543-1003UA.job
- c:\documents and settings\Bastiaan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-20 13:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.mail.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mWindow Title = Microsoft Internet Explorer
uInternet Settings,ProxyOverride = *.local
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
IE: Download With NetLeech
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: StumbleUpon PhotoBlog It! - StumbleUponIEBar.dll/blogimage
IE: StumbleUpon: &Blog This
Trusted Zone: stumbleupon.com
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\Bastiaan\Application Data\Mozilla\Firefox\Profiles\zwjo3skh.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - component: c:\documents and settings\Bastiaan\Application Data\Mozilla\Firefox\Profiles\zwjo3skh.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\documents and settings\Bastiaan\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npagent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npBBCPlugin.dll

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-24 21:27
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="309A178F34D54D781CEF5FA4644DC95FA6ECF48CBA8E8D991E08D6AF4AE028BFD086236BE7A76701D7984677D4C1329BB803806E48812CDE4DDA30D4C52AFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933BA7FD869164D67949DB7CE019D40AA5CA6171C11EC38DE3DFE4E3900A8582C1F6DEADF89C6AF6C037083389ACA6F6D49B6A448A06982DF8210CEC6C7AD1AB35C900009334CBBE99A0E453C4844E1B932646776884EA50465111C8DFD1C8499F9984FCA33EC25D0FAC1F760BDEA41E48A1E813B5D5B0C30C2603E999E2031AC2E06F17F9D09E64CC151646B49740B18F78E8B69443CD0AA6B2F40EA4AF97FEF8FB103722C1641BB71595617DCAA003085B7A34A892F596D92052FF3C2FC93199CC6A1E5BA9DB7346D4A1F128D6D26BC216EE9969A894825CD391E9E71125492B4C1F10FCBBB137B80E692FB16ADC4049EDB867D0CB08B339B7B2447E236ECFB1CF69C168324608E57C68A6D53F1E97BB1FA21239321CE2DD8CCDC3C45794C27F90D4A982999ED1B8457E1EFC8D46752F69E671E8CE904DD4A83E442ED00261A5DFEAEA72CF5D1067B567B001A0452696C6A8C7AF52EE34117C860925401708F351A7AC69CA663E718D83B9193C20352735745B47125658AC91A75D613CA66775603E5F1AE2E3D0995468889A16697585431CAC1C899C89DD2C9CE316CBB88F279B02D133C2042EB17D9D1C2D6D9F077371BDB88646B8F9405FD9A34C2499959396C108D41A694439FA4060BE79B33DEAC08B8E2538E80BC18308C699E7B9F339754D1B460FE9D759B099B23303C4874A542A8A14908A498282E5BCB2B6D67C2785E39D2DB7A889FD6BF89432D645D5079E474861DF54ADCB298C0CA39D17FF6A5CD14A41E7E461082D44D1301CCE33F61E0E9C94A8684721C67FB4BBB6A3AF7C8C0AFDAB4030A4BB427673271449041FC7C5994EDFB29F82D62CE264B11AE20F423E11ACE174D88666ADC33E72DDC0BCDCE9B07CB2E51BF8FA801A5A3B139FD1C3901FCC2DACAB2F428B69AF1FD0505BA468635CB09DC4DD2AA5C8BA5CB78541998680F0984836922B900E2C23F0CCC0E227BA3788B6C5BEAAF300AD275CF19A62EF8D13FDC3C819250CAF9AF12B531F5F7584FFE4867D6AE504E4AD455E5F6E5B616BA24C0FB81D06E2BC232A68BB885AF06A73467F6615A7B8E69F72826CB5BC526B11FA18F244AED3A926944591933876C8D8EA489D10DF14B742BBEBF2CEE421694B70586DACEF8933315C4B2C2D70F795929CD52AFC94AE2F102FB25DC6DE655B41B0535C7951059639D956B52B3AB1F56C046C539F7EDB7D9B5D90F590741D6D61ACDB3C23607AFD48B3B9C9EE71653433B071E606399B0162163F7CFCF371433A921DED730853E"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(820)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\LMIinit.dll

- - - - - - - > 'explorer.exe'(368)
c:\program files\Trusteer\Rapport\bin\rooksbas.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\LMIRfsClientNP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\windows\system32\IoctlSvc.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\Trusteer\Rapport\bin\RapportService.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.EXE
c:\program files\LogMeIn\x86\LMIGuardian.exe
.
**************************************************************************
.
Completion time: 2010-05-24 21:40:03 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-24 20:39
ComboFix2.txt 2010-05-23 13:28
ComboFix3.txt 2010-05-22 16:22
C:\DeQuarantine.txt

Pre-Run: 124,783,542,272 bytes free
Post-Run: 124,736,147,456 bytes free

- - End Of File - - BBCB98E7A78844E384391734DE112496

DeQuarantine.txt :

C:\QooBox\Quarantine\c\documents and settings\Bastiaan\Application Data\Microsoft\HTML Help\hh.dat.vir -> c:\documents and settings\Bastiaan\Application Data\Microsoft\HTML Help\hh.dat ( 10452 bytes )
C:\QooBox\Quarantine\c\documents and settings\LocalService\Application Data\Microsoft\HTML Help\hh.dat.vir -> c:\documents and settings\LocalService\Application Data\Microsoft\HTML Help\hh.dat ( 8590 bytes )



DDS (Ver_10-03-17.01) - NTFSx86
Run by Bastiaan at 22:04:29.84 on Mon 05/24/2010
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.249 [GMT 1:00]

AV: ThreatFire *On-access scanning enabled* (Updated) {67B2B9A1-25C8-4057-962D-807958FFC9E3}
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files\SpeedFan\speedfan.exe
C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\LogMeIn\x86\LMIGuardian.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Bastiaan\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.mail.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mWindow Title = Microsoft Internet Explorer
uInternet Settings,ProxyOverride = *.local
BHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - c:\program files\flashget\jccatch.dll
BHO: LF_BHO Class: {43d29d14-460e-4f3a-9037-e60f11ef12f0} - c:\windows\system32\LightFrame3IECOM.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.5.4723.1820\swg.dll
BHO: FlashGet GetFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - c:\program files\flashget\getflash.dll
BHO: IEHandler Class: {f4a27d22-e603-4b1b-b8d0-1cf7d57e56f2} - c:\program files\netleech\IEExt.dll
TB: StumbleUpon Toolbar: {5093eb4c-3e93-40ab-9266-b607ba87bdc8} - c:\program files\stumbleupon\StumbleUponIEBar.dll
TB: FlashGet: {e0e899ab-f487-11d5-8d29-0050ba6940e3} - c:\program files\flashget\fgiebar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
EB: Ask PopSwatter: {72fe8681-0bfa-471b-9b2a-b37ed68dd09e} - c:\windows\system32\shdocvw.dll
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\CLIStart.exe"
mRun: [speedfan] c:\program files\speedfan\speedfan.exe
mRun: [NVMixerTray] "c:\program files\nvidia corporation\nvmixer\NVMixerTray.exe"
mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\Logitech SetPoint.lnk.disabled
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\Windows Search.lnk.disabled
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\Yahoo! Autosync.lnk.disabled
IE: &Download All with FlashGet - c:\program files\flashget\jc_all.htm
IE: &Download with FlashGet - c:\program files\flashget\jc_link.htm
IE: Download With NetLeech
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: StumbleUpon PhotoBlog It! - StumbleUponIEBar.dll/blogimage
IE: StumbleUpon: &Blog This
IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\program files\flashget\FlashGet.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}
Trusted Zone: stumbleupon.com
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/ ... ontrol.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/microsoftup ... 1600666250
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftup ... 1600652500
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/fl ... rashim.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/sh ... wflash.cab
Notify: AtiExtEvent - Ati2evxx.dll
Notify: LMIinit - LMIinit.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\wifd1f~1\MpShHook.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\bastiaan\applic~1\mozilla\firefox\profiles\zwjo3skh.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - component: c:\documents and settings\bastiaan\application data\mozilla\firefox\profiles\zwjo3skh.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\documents and settings\bastiaan\local settings\application data\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npagent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npBBCPlugin.dll

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-5-15 64288]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-12-9 216200]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-12-9 29512]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2008-2-29 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-2-29 51440]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2010-2-5 486280]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-2-4 1314704]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2008-8-11 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2009-10-19 47640]
R2 PDRJNDL;PDRJNDL;c:\program files\dekart\private disk light\pdrjndl.sys [2004-11-5 16512]
R2 PRVDISK;PRVDISK;c:\program files\dekart\private disk light\prvdisk.sys [2004-11-5 14976]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2010-3-15 779496]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
S1 RapportPG;RapportPG;c:\program files\trusteer\rapport\bin\RapportPG.sys [2010-3-15 0]
S2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592]
S3 IKFileSec;File Security Driver;c:\windows\system32\drivers\ikfilesec.sys [2008-5-25 42376]
S3 IKSysFlt;System Filter Driver;c:\windows\system32\drivers\iksysflt.sys [2008-5-25 66952]
S3 IKSysSec;System Security Driver;c:\windows\system32\drivers\iksyssec.sys [2008-5-25 81288]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-1-25 42000]
S3 SaiH0460;SaiH0460;c:\windows\system32\drivers\SaiH0460.sys [2005-11-3 176640]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2006-2-16 4096]
S4 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2009-12-9 308064]
S4 CachemanXPService;CachemanXP;c:\progra~1\cachem~1\CachemanXP.exe [2007-3-10 208384]
S4 gupdate1c8c1bc51a95b48;Google Update Service (gupdate1c8c1bc51a95b48);c:\program files\google\update\GoogleUpdate.exe [2010-2-25 135664]
S4 LMIRfsClientNP;LMIRfsClientNP; [x]
S4 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\nero\nero 7\incd\nbhregincdsrv.exe --> c:\program files\nero\nero 7\incd\NBHRegInCDSrv.exe [?]
S4 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2008-5-25 337800]
S4 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2008-5-25 1017224]
S4 sprtsvc_TalkTalk;SupportSoft Sprocket Service (TalkTalk);c:\program files\talktalk\bin\sprtsvc.exe [2007-10-12 202016]
S4 tgsrvc_TalkTalk;SupportSoft Repair Service (TalkTalk);c:\program files\common files\supportsoft\bin\tgsrvc.exe [2007-8-2 148768]
S4 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2009-11-13 92008]

=============== Created Last 30 ================

2010-05-23 20:54:26 0 ---ha-w- C:\KUKU300a
2010-05-23 13:37:54 162616 ----a-w- c:\windows\RegDelNull.exe
2010-05-22 13:48:30 0 d-sha-r- C:\cmdcons
2010-05-22 13:43:56 77312 ----a-w- c:\windows\MBR.exe
2010-05-22 13:43:55 98816 ----a-w- c:\windows\sed.exe
2010-05-22 13:43:55 256512 ----a-w- c:\windows\PEV.exe
2010-05-22 13:43:55 161792 ----a-w- c:\windows\SWREG.exe
2010-05-15 15:11:09 0 d-----w- c:\windows\system32\MpEngineStore
2010-05-15 14:58:55 173 ----a-w- c:\windows\system32\MRT.INI
2010-05-15 13:40:05 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-05-15 09:40:13 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-05-15 09:40:04 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-05-15 09:34:58 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-05-13 19:19:47 0 d-----w- c:\docume~1\bastiaan\applic~1\Malwarebytes
2010-05-13 19:19:15 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-13 19:19:12 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-05-13 19:18:33 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-13 19:18:33 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

==================== Find3M ====================

2010-04-13 18:44:07 37287265 --sha-w- c:\windows\system32\a3df.sys
2010-03-24 22:31:00 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-10 06:15:52 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-24 23:36:40 47360 ----a-w- c:\docume~1\bastiaan\applic~1\pcouffin.sys
2007-04-27 21:34:21 0 ----a-w- c:\program files\common files\dht342126
1998-12-09 02:53:54 99840 ----a-w- c:\program files\common files\IRAABOUT.DLL
1998-12-09 02:53:54 70144 ----a-w- c:\program files\common files\IRAMDMTR.DLL
1998-12-09 02:53:54 48640 ----a-w- c:\program files\common files\IRALPTTR.DLL
1998-12-09 02:53:54 31744 ----a-w- c:\program files\common files\IRAWEBTR.DLL
1998-12-09 02:53:54 186368 ----a-w- c:\program files\common files\IRAREG.DLL
1998-12-09 02:53:54 17920 ----a-w- c:\program files\common files\IRASRIAL.DLL

============= FINISH: 22:08:16.62 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 5/8/2008 1:33:50 PM
System Uptime: 5/24/2010 8:59:00 PM (2 hours ago)

Motherboard: | | nVidia-nForce2
Processor: AMD Athlon(tm) XP 2200+ | Socket A | 1670/133mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 298 GiB total, 116.147 GiB free.
D: is FIXED (NTFS) - 466 GiB total, 396.1 GiB free.
E: is CDROM ()
F: is CDROM ()
G: is Removable
H: is FIXED (NTFS) - 932 GiB total, 798.091 GiB free.

==== Disabled Device Manager Items =============

Class GUID: {4D36E969-E325-11CE-BFC1-08002BE10318}
Description: Standard floppy disk controller
Device ID: ACPI\PNP0700\3&13C0B0C5&0
Manufacturer: (Standard floppy disk controllers)
Name: Standard floppy disk controller
PNP Device ID: ACPI\PNP0700\3&13C0B0C5&0
Service: fdc

Class GUID: {EEC5AD98-8080-425F-922A-DABF3DE3F69A}
Description: Nokia E71
Device ID: ROOT\WPD\0000
Manufacturer: Nokia
Name: Nokia E71
PNP Device ID: ROOT\WPD\0000
Service: WUDFRd

==== System Restore Points ===================

RP1: 5/22/2010 3:04:55 PM - ComboFix created restore point
RP2: 5/24/2010 3:03:44 AM - System Checkpoint

==== Installed Programs ======================

3DMark05
AAC Decoder
AAC Parser (remove only)
AC-3 ACM Codec
AC3+DTS XForm (remove only)
AC3Filter (remove only)
ACDSee 5.0 Standard Trial
Ad-Aware
Ad-Aware Email Scanner for Outlook
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop 6.0
Adobe Photoshop CS3
Adobe Reader 7.0.8
Adobe Setup
Adobe Shockwave Player
Adobe SVG Viewer
Apple Mobile Device Support
Apple Software Update
Aspi Installer
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
Atomic Clock Sync
Audacity 1.2.6
Audacity 1.3.7 (Unicode)
Audible Download Manager
AutoUpdate
AVG Free 9.0
AVI Joiner
Battle of Britain II
Battlecraft 1942
Battlefield 1942
Battlefield 1942: Secret Weapons of WWII
Battlefield 1942: The Road To Rome
BBC iPlayer Download Manager
Bonjour
BookDB2
Bulk Image Downloader v2.2.0.0
C-Media WDM Audio Driver
CachemanXP 1.12
Canon MP Navigator EX 1.0
Canon MP610 series
Canon MP610 series User Registration
Canon My Printer
Canon Utilities Easy-PhotoPrint EX
Canon Utilities Solution Menu
CCE Basic Trial Version
CD-LabelPrint
CD Audio Reader Filter (remove only)
CD Bremse 1.47
CDXA Image Reader Filter (SVCD/XCD) (remove only)
ClipMagic 3.2.2
Compatibility Pack for the 2007 Office system
CompuApps SwissKnife V3
ConnectGoV5UpdateVer2
Core AAC Decoder (remove only)
CoreFLAC Audio Decoder+Source Filter (remove only)
CoreVorbis Audio Decoder (remove only)
Creative Removable Disk Manager
Critical Update for Windows Media Player 11 (KB959772)
Cycle Calculator for Women
DeadDiskDoctor
Defcon v1.4
Dekart Private Disk Light 1.22
Digital Video Repair 1.0
DirectVobSub (remove only)
DirectX Happy Uninstall v4.1
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
doPDF 6.0 printer
DVD Decrypter (Remove Only)
DVD Ripper Burner 7.0.0.0
DVDFab (remove only)
DVDFab 6.2.1.8 (31/12/2009)
DVDFab Decrypter 3.0.8.6
ExtractNow
FAT32 Format
ffdshow [rev 610] [2006-12-01]
FlashGet 1.9.0.1012
FlashGet(Jetcar) 1.80
Flickr Uploadr 2.5.0.15
FLVPlayer4Free Free FLV Player 2.2.0.0
Free DWG Viewer 6.0
FreshDiagnose
GetASFStream
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
H.264 Decoder
HiJackThis
HijackThis 2.0.2
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Iconix™ eMail ID
Illiminable FLAC (remove only)
Indeo® software
Internet Organizer Pro 2.1
iTunes
Jarte 3.2
JDownloader
JGoodies JDiskReport 1.2.4
Lexmark Supplies Monitor
Lexmark Z25-Z35
LightFrame 3
Logitech SetPoint
LogMeIn
Malwarebytes' Anti-Malware
Matroska (remove only)
MediaCoder 0.6.1
MediaJoin
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0
Microsoft Application Error Reporting
Microsoft Calculator Plus
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Disc 2
Microsoft Office 2000 Premium
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.7
Microsoft Visual C Runtime
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Mini-Cam USB Camera (SC-120)
MKV Splitter
Monkey Audio Source Filter (remove only)
MotionDV STUDIO 5.6E LE for DV
Mozilla Firefox (3.6)
Mozilla Thunderbird (2.0.0.12)
MSVC80_x86
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
Nero 7 Ultra Edition
neroxml
NetLeech
Nokia Connectivity Cable Driver
Nokia PC Suite
Nokia Software Updater
NVIDIA Drivers
NvMixer
O&O Defrag Professional Edition
OpenSource OGG Splitter (remove only)
Panasonic DVC USB Driver
PartitionMagic
PC Connectivity Solution
PDF Password Remover v3.0
PhotoScape
PowerDVD
PowerQuest PartitionMagic 8.0
programma Biblio
QuickTime
Radio Downloader
RadLight MPC DirectShow Filter (remove only)
RadLight OptimFROG DirectShow Filter (remove only)
RapidShare Manager
Rapport
RealMedia (remove only)
Realtek AC'97 Audio
Rename4u
Saitek SST Programming Software
ScanSoft OmniPage SE 4
screensaver_100
screenSaverVariation2008
SDP Downloader
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 10 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB913433)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB937894)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958470)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971032)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980232)
Segoe UI
Serif PhotoPlus 5.5
SHOUTcast Source (remove only)
Skype 2.5
SMPlayer 0.5.62
Soltek Hardware Monitor
SpeedFan (remove only)
SPSS 16.0 for Windows
Spybot - Search & Destroy
Spybot - Search & Destroy 1.4
Spyware Doctor 5.5
SpywareBlaster 4.3
STOIK Capturer
StumbleUpon IE Toolbar
SUPERAntiSpyware Free Edition
SweetMovieLife 1.0E
System Requirements Lab
TalkTalk Assist & Go
Teach2000 8.19
TomTom HOME 2.7.3.1894
TomTom HOME Visual Studio Merge Modules
TrueCrypt
UKPDS Risk Engine v2.0
Uninstall Startup Inspector
Unlocker 1.8.5
Update for Windows Internet Explorer 8 (KB968220)
Update for Windows XP (KB894391)
Update for Windows XP (KB900485)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB920872)
Update for Windows XP (KB925720)
Update for Windows XP (KB927891)
Update for Windows XP (KB930916)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
USB Storage Driver
VC 9.0 Runtime
VC80CRTRedist - 8.0.50727.762
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 1.0.2
WD Diagnostics
WebFldrs XP
Winamp
Windows Communication Foundation
Windows Defender
Windows Driver Package - Nokia Modem (05/22/2008 3.8)
Windows Driver Package - Nokia Modem (05/22/2008 7.00.0.1)
Windows Driver Package - Nokia Modem (06/01/2009 4.1)
Windows Driver Package - Nokia Modem (06/01/2009 7.01.0.3)
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows Presentation Foundation
Windows Search 4.0
Windows Workflow Foundation
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Service Pack 2
WinPcap 4.0
WinRAR archiver
WinZip
WM Downloader 2.9.1.100 2007.03.24
WM Recorder 12.1
XML Paper Specification Shared Components Pack 1.0
xplorer² lite
Yahoo! Autosync
YPOPs! 0.9.7.3
Zappit!
Zilla Data Nuker 2.0.0.0
ZoneAlarm
Zoom Player (remove only)

==== Event Viewer Messages From Past Week ========

5/24/2010 7:26:10 PM, error: Service Control Manager [7000] - The Rapport Management Service service failed to start due to the following error: The system cannot find the file specified.
5/23/2010 10:55:51 AM, error: Service Control Manager [7024] - The InCD Helper service terminated with service-specific error 1 (0x1).
5/23/2010 1:25:15 PM, error: Service Control Manager [7034] - The InCD Helper service terminated unexpectedly. It has done this 1 time(s).
5/23/2010 1:25:14 PM, error: Service Control Manager [7034] - The SupportSoft Sprocket Service (TalkTalk) service terminated unexpectedly. It has done this 1 time(s).
5/23/2010 1:25:14 PM, error: Service Control Manager [7034] - The SupportSoft Repair Service (TalkTalk) service terminated unexpectedly. It has done this 1 time(s).
5/23/2010 1:25:14 PM, error: Service Control Manager [7034] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s).
5/23/2010 1:25:14 PM, error: Service Control Manager [7034] - The LogMeIn service terminated unexpectedly. It has done this 1 time(s).
5/23/2010 1:25:14 PM, error: Service Control Manager [7034] - The LogMeIn Maintenance Service service terminated unexpectedly. It has done this 1 time(s).
5/23/2010 1:25:14 PM, error: Service Control Manager [7034] - The Application Layer Gateway Service service terminated unexpectedly. It has done this 1 time(s).
5/23/2010 1:25:14 PM, error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
5/23/2010 1:25:13 PM, error: Service Control Manager [7034] - The TomTomHOMEService service terminated unexpectedly. It has done this 1 time(s).
5/23/2010 1:25:13 PM, error: Service Control Manager [7034] - The PLFlash DeviceIoControl Service service terminated unexpectedly. It has done this 1 time(s).
5/23/2010 1:25:13 PM, error: Service Control Manager [7034] - The LexBce Server service terminated unexpectedly. It has done this 1 time(s).
5/23/2010 1:25:13 PM, error: Service Control Manager [7034] - The Ati HotKey Poller service terminated unexpectedly. It has done this 1 time(s).
5/23/2010 1:25:13 PM, error: Service Control Manager [7031] - The Lavasoft Ad-Aware Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
5/23/2010 1:25:13 PM, error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
5/22/2010 2:32:06 PM, error: Service Control Manager [7023] - The System Restore Service service terminated with the following error: The system cannot find the file specified.
5/22/2010 2:31:41 PM, error: SRService [104] - The System Restore initialization process failed.
5/22/2010 1:59:15 PM, error: Service Control Manager [7034] - The AVG Free WatchDog service terminated unexpectedly. It has done this 2 time(s).
5/22/2010 1:58:45 PM, error: Service Control Manager [7031] - The AVG Free WatchDog service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
5/18/2010 7:15:09 PM, error: ati2mtag [45062] - CRT invalid display type
5/18/2010 7:09:50 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the TrueVector Internet Monitor service to connect.
5/18/2010 7:09:50 PM, error: Service Control Manager [7000] - The TrueVector Internet Monitor service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
5/18/2010 7:09:50 PM, error: Service Control Manager [7000] - The O&O Defrag service failed to start due to the following error: The system cannot find the file specified.
5/18/2010 7:09:50 PM, error: Service Control Manager [7000] - The Nero Registry InCD Service service failed to start due to the following error: The system cannot find the file specified.
5/18/2010 7:09:39 PM, error: Print [23] - Printer PDF4U Adobe PDF Creator failed to initialize because a suitable PDF4U Adobe PDF Creator driver could not be found.
5/18/2010 7:08:38 PM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
5/18/2010 7:08:38 PM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.

==== End Of File ===========================
darrian
Active Member
 
Posts: 14
Joined: May 18th, 2010, 5:29 pm

Re: GOOGLE REDIRECTING

Unread postby km2357 » May 24th, 2010, 8:11 pm

You're using an old version of ComboFix, we need to update it to the latest version.

First, delete ComboFix.exe off of your computer, then download the latest version from one of the links below:

Link 1
Link 2

Be sure to save ComboFix.exe to your Desktop.


Delete CFScript.txt from your Desktop, you will be creating and running a new one.


Step # 1: Run CFScript

  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    Code: Select all
    KILLALL::
    
    DeQuarantine::
    
    C:\QooBox\Quarantine\c\documents and settings\Bastiaan\Application Data\Microsoft\HTML Help\hh.dat.vir
    C:\QooBox\Quarantine\c\documents and settings\LocalService\Application Data\Microsoft\HTML Help\hh.dat.vir
    
    File::
    
    c:\documents and settings\Administrator\Start Menu\Programs\Startup\udty.exe
    
    DDS::
    
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File



  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.




    Image


    Note: This CFScript is for use on darrian's computer only! Do not use it on your computer.


  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.


CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


In your next post/reply, I need to see the following:

1. The ComboFix Log that appears after Step 1 has been completed.
User avatar
km2357
MRU Master
MRU Master
 
Posts: 3007
Joined: January 30th, 2007, 2:48 pm
Location: California

Re: GOOGLE REDIRECTING

Unread postby darrian » May 25th, 2010, 3:19 pm

ComboFix 10-05-24.07 - Bastiaan 05/25/2010 19:16:06.4.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1023.355 [GMT 1:00]
Running from: c:\documents and settings\Bastiaan\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Bastiaan\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: ThreatFire *On-access scanning enabled* (Updated) {67B2B9A1-25C8-4057-962D-807958FFC9E3}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

FILE ::
"c:\documents and settings\Administrator\Start Menu\Programs\Startup\udty.exe"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator\Start Menu\Programs\Startup\udty.exe

.
((((((((((((((((((((((((( Files Created from 2010-04-25 to 2010-05-25 )))))))))))))))))))))))))))))))
.

2010-05-23 13:37 . 2006-11-01 13:06 162616 ----a-w- c:\windows\RegDelNull.exe
2010-05-15 15:11 . 2010-05-16 23:10 -------- d-----w- c:\windows\system32\MpEngineStore
2010-05-15 13:40 . 2010-05-15 09:39 15880 ----a-w- c:\windows\system32\lsdelete.exe
2010-05-15 09:40 . 2010-02-04 15:53 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-05-15 09:40 . 2010-05-15 09:39 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-05-15 09:34 . 2010-05-15 09:35 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-05-13 19:19 . 2010-05-13 19:19 -------- d-----w- c:\documents and settings\Bastiaan\Application Data\Malwarebytes
2010-05-13 19:19 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-13 19:19 . 2010-05-13 19:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-05-13 19:18 . 2010-05-13 19:19 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-13 19:18 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-13 12:55 . 2010-05-13 12:55 -------- d-----w- c:\documents and settings\NetworkService\Application Data\AdobeUM
2010-05-13 12:33 . 2010-05-13 12:55 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-25 18:57 . 2007-01-02 13:15 -------- d-----w- c:\program files\SpeedFan
2010-05-24 23:35 . 2009-10-19 21:09 -------- d-----w- c:\program files\LogMeIn
2010-05-23 20:49 . 2008-01-16 20:39 -------- d-----w- c:\documents and settings\Bastiaan\Application Data\Reys
2010-05-23 10:31 . 2008-06-02 15:56 -------- d-----w- c:\documents and settings\Bastiaan\Application Data\Jarte
2010-05-20 23:56 . 2008-03-12 14:16 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-05-20 23:56 . 2008-03-12 14:16 -------- d-----w- c:\program files\SpywareBlaster
2010-05-17 12:59 . 2010-05-17 12:59 4 ----a-w- c:\windows\system32\config\systemprofile\Application Data\ofubwi.dat
2010-05-15 13:39 . 2007-04-27 21:33 -------- d-----w- c:\program files\DeadDiskDoctor
2010-05-15 09:35 . 2007-08-21 13:21 -------- d-----w- c:\program files\Lavasoft
2010-05-15 09:34 . 2007-08-21 13:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-05-14 06:48 . 2009-12-09 12:43 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-05-13 19:22 . 2006-12-15 01:20 -------- d-----w- c:\program files\Java
2010-05-06 17:51 . 2007-01-01 23:07 -------- d-----w- c:\program files\FlashGet
2010-04-13 18:44 . 2010-04-10 13:01 37287265 --sha-w- c:\windows\system32\a3df.sys
2010-04-12 22:03 . 2010-04-10 19:15 0 ----a-w- c:\windows\system32\Ac3audioa.sys
2010-04-10 13:48 . 2010-04-10 13:39 -------- d-----w- c:\program files\JDownloader
2010-03-24 22:31 . 2009-12-09 13:05 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-24 22:31 . 2009-12-09 13:05 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-24 22:29 . 2009-12-09 13:05 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-10 06:15 . 2002-08-29 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-02-24 23:36 . 2010-02-24 23:36 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys
2010-02-24 23:36 . 2010-02-24 23:36 47360 ----a-w- c:\documents and settings\Bastiaan\Application Data\pcouffin.sys
2007-04-27 21:34 . 2007-04-27 21:34 0 ----a-w- c:\program files\Common Files\dht342126
1998-12-09 02:53 . 1998-12-09 02:53 99840 ----a-w- c:\program files\Common Files\IRAABOUT.DLL
1998-12-09 02:53 . 1998-12-09 02:53 70144 ----a-w- c:\program files\Common Files\IRAMDMTR.DLL
1998-12-09 02:53 . 1998-12-09 02:53 48640 ----a-w- c:\program files\Common Files\IRALPTTR.DLL
1998-12-09 02:53 . 1998-12-09 02:53 31744 ----a-w- c:\program files\Common Files\IRAWEBTR.DLL
1998-12-09 02:53 . 1998-12-09 02:53 186368 ----a-w- c:\program files\Common Files\IRAREG.DLL
1998-12-09 02:53 . 1998-12-09 02:53 17920 ----a-w- c:\program files\Common Files\IRASRIAL.DLL
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-12-05 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\CLIStart.exe" [2010-05-23 90112]
"speedfan"="c:\program files\SpeedFan\speedfan.exe" [2009-11-25 4009592]
"NVMixerTray"="c:\program files\NVIDIA Corporation\NvMixer\NVMixerTray.exe" [2010-05-23 131072]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-08-11 63048]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-11-22 1037192]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-11-25 113664]
Logitech SetPoint.lnk.disabled [2007-2-25 1646]
Windows Search.lnk.disabled [2009-1-10 1787]
Yahoo! Autosync.lnk.disabled [2008-11-26 796]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
2009-09-28 18:34 87352 ----a-w- c:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS\0lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"sdCoreService"=3 (0x3)
"sdAuxService"=3 (0x3)
"CachemanXPService"=3 (0x3)
"WMPNetworkSvc"=3 (0x3)
"tgsrvc_TalkTalk"=2 (0x2)
"sprtsvc_TalkTalk"=2 (0x2)
"rpcapd"=3 (0x3)
"O&O Defrag"=2 (0x2)
"NeroRegInCDSrv"=2 (0x2)
"gusvc"=3 (0x3)
"gupdate1c8c1bc51a95b48"=2 (0x2)
"Bonjour Service"=3 (0x3)
"Apple Mobile Device"=2 (0x2)
"TomTomHOMEService"=2 (0x2)
"NBService"=3 (0x3)
"InCDsrv"=2 (0x2)
"LexBceS"=2 (0x2)
"avg9wd"=2 (0x2)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"threadfire"="c:\program files\ThreatFire\TFGui.exe"
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" -s
"Google Update"="c:\documents and settings\Bastiaan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"IconixOEAddOn"="c:\program files\Iconix\OEAddOn\OEdmn_3.exe"
"Google Quick Search Box"="c:\program files\Google\Quick Search Box\GoogleQuickSearchBox.exe" /autorun
"Logitech Hardware Abstraction Layer"=KHALMNPR.EXE
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"Radio Downloader"="c:\program files\Radio Downloader\Radio Downloader.exe" /hidemainwindow
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" -hide
"avgnt"="c:\program files\AVG\AVG9\avgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Kontiki\\KService.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\FlashGet\\flashget.exe"=
"c:\\Program Files\\TalkTalk\\agent\\bin\\bcont.exe"=
"c:\\Program Files\\Common Files\\SupportSoft\\bin\\tgsrvc.exe"=
"c:\\Program Files\\TalkTalk\\agent\\bin\\bcont_nm.exe"=
"c:\\Program Files\\TalkTalk\\bin\\sprtcmd.exe"=
"c:\\Program Files\\SPSSInc\\SPSS16\\spss.com"=
"c:\\Program Files\\SPSSInc\\SPSS16\\spss.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [5/15/2010 10:40 AM 64288]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [12/9/2009 2:05 PM 216200]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/29/2008 5:03 PM 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/29/2008 5:03 PM 51440]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2/4/2010 4:52 PM 1314704]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\rainfo.sys [8/11/2008 12:41 PM 12856]
R2 PDRJNDL;PDRJNDL;c:\program files\Dekart\Private Disk Light\pdrjndl.sys [11/5/2004 4:35 PM 16512]
R2 PRVDISK;PRVDISK;c:\program files\Dekart\Private Disk Light\prvdisk.sys [11/5/2004 4:35 PM 14976]
R2 RapportMgmtService;Rapport Management Service;c:\program files\Trusteer\Rapport\bin\RapportMgmtService.exe [3/15/2010 2:47 PM 779496]
S1 RapportPG;RapportPG;c:\program files\Trusteer\Rapport\bin\RapportPG.sys [3/15/2010 2:47 PM 0]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [1/25/2007 6:31 PM 42000]
S3 SaiH0460;SaiH0460;c:\windows\system32\drivers\SaiH0460.sys [11/3/2005 11:52 AM 176640]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/16/2006 5:51 PM 4096]
S4 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [12/9/2009 1:43 PM 308064]
S4 CachemanXPService;CachemanXP;c:\progra~1\CACHEM~1\CachemanXP.exe [3/10/2007 4:50 PM 208384]
S4 gupdate1c8c1bc51a95b48;Google Update Service (gupdate1c8c1bc51a95b48);c:\program files\Google\Update\GoogleUpdate.exe [2/25/2010 9:48 PM 135664]
S4 NeroRegInCDSrv;Nero Registry InCD Service;c:\program files\Nero\Nero 7\InCD\NBHRegInCDSrv.exe --> c:\program files\Nero\Nero 7\InCD\NBHRegInCDSrv.exe [?]
S4 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [5/25/2008 1:10 PM 337800]
S4 sprtsvc_TalkTalk;SupportSoft Sprocket Service (TalkTalk);c:\program files\TalkTalk\bin\sprtsvc.exe [10/12/2007 8:33 AM 202016]
S4 tgsrvc_TalkTalk;SupportSoft Repair Service (TalkTalk);c:\program files\Common Files\SupportSoft\bin\tgsrvc.exe [8/2/2007 1:42 PM 148768]
S4 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [11/13/2009 12:31 PM 92008]
.
Contents of the 'Scheduled Tasks' folder

2010-05-25 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 23:56]

2010-05-22 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 16:57]

2010-05-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-25 20:46]

2010-05-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-25 20:46]

2010-05-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-842925246-1035525444-725345543-1003Core.job
- c:\documents and settings\Bastiaan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-20 13:33]

2010-05-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-842925246-1035525444-725345543-1003UA.job
- c:\documents and settings\Bastiaan\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-02-20 13:33]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.mail.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mWindow Title = Microsoft Internet Explorer
uInternet Settings,ProxyOverride = *.local
IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm
IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm
IE: Download With NetLeech
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: StumbleUpon PhotoBlog It! - StumbleUponIEBar.dll/blogimage
IE: StumbleUpon: &Blog This
Trusted Zone: stumbleupon.com
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
FF - ProfilePath - c:\documents and settings\Bastiaan\Application Data\Mozilla\Firefox\Profiles\zwjo3skh.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - component: c:\documents and settings\Bastiaan\Application Data\Mozilla\Firefox\Profiles\zwjo3skh.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - plugin: c:\documents and settings\Bastiaan\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npagent.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npBBCPlugin.dll

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-25 19:55
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="309A178F34D54D781CEF5FA4644DC95FA6ECF48CBA8E8D991E08D6AF4AE028BFD086236BE7A76701D7984677D4C1329BB803806E48812CDE4DDA30D4C52AFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933BA7FD869164D67949DB7CE019D40AA5CA6171C11EC38DE3DFE4E3900A8582C1F6DEADF89C6AF6C037083389ACA6F6D49B6A448A06982DF8210CEC6C7AD1AB35C900009334CBBE99A0E453C4844E1B932646776884EA50465111C8DFD1C8499F9984FCA33EC25D0FAC1F760BDEA41E48A1E813B5D5B0C30C2603E999E2031AC2E06F17F9D09E64CC151646B49740B18F78E8B69443CD0AA6B2F40EA4AF97FEF8FB103722C1641BB71595617DCAA003085B7A34A892F596D92052FF3C2FC93199CC6A1E5BA9DB7346D4A1F128D6D26BC216EE9969A894825CD391E9E71125492B4C1F10FCBBB137B80E692FB16ADC4049EDB867D0CB08B339B7B2447E236ECFB1CF69C168324608E57C68A6D53F1E97BB1FA21239321CE2DD8CCDC3C45794C27F90D4A982999ED1B8457E1EFC8D46752F69E671E8CE904DD4A83E442ED00261A5DFEAEA72CF5D1067B567B001A0452696C6A8C7AF52EE34117C860925401708F351A7AC69CA663E718D83B9193C20352735745B47125658AC91A75D613CA66775603E5F1AE2E3D0995468889A16697585431CAC1C899C89DD2C9CE316CBB88F279B02D133C2042EB17D9D1C2D6D9F077371BDB88646B8F9405FD9A34C2499959396C108D41A694439FA4060BE79B33DEAC08B8E2538E80BC18308C699E7B9F339754D1B460FE9D759B099B23303C4874A542A8A14908A498282E5BCB2B6D67C2785E39D2DB7A889FD6BF89432D645D5079E474861DF54ADCB298C0CA39D17FF6A5CD14A41E7E461082D44D1301CCE33F61E0E9C94A8684721C67FB4BBB6A3AF7C8C0AFDAB4030A4BB427673271449041FC7C5994EDFB29F82D62CE264B11AE20F423E11ACE174D88666ADC33E72DDC0BCDCE9B07CB2E51BF8FA801A5A3B139FD1C3901FCC2DACAB2F428B69AF1FD0505BA468635CB09DC4DD2AA5C8BA5CB78541998680F0984836922B900E2C23F0CCC0E227BA3788B6C5BEAAF300AD275CF19A62EF8D13FDC3C819250CAF9AF12B531F5F7584FFE4867D6AE504E4AD455E5F6E5B616BA24C0FB81D06E2BC232A68BB885AF06A73467F6615A7B8E69F72826CB5BC526B11FA18F244AED3A926944591933876C8D8EA489D10DF14B742BBEBF2CEE421694B70586DACEF8933315C4B2C2D70F795929CD52AFC94AE2F102FB25DC6DE655B41B0535C7951059639D956B52B3AB1F56C046C539F7EDB7D9B5D90F590741D6D61ACDB3C23607AFD48B3B9C9EE71653433B071E606399B0162163F7CFCF371433A921DED730853E"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(812)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\LMIinit.dll

- - - - - - - > 'explorer.exe'(2580)
c:\program files\Trusteer\Rapport\bin\rooksbas.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_eng.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\LMIRfsClientNP.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\windows\system32\IoctlSvc.exe
c:\windows\system32\SearchIndexer.exe
c:\windows\System32\wbem\unsecapp.exe
c:\program files\Trusteer\Rapport\bin\RapportService.exe
c:\program files\Lavasoft\Ad-Aware\AAWTray.exe
c:\program files\ATI Technologies\ATI.ACE\CLI.EXE
c:\program files\LogMeIn\x86\LMIGuardian.exe
c:\program files\ATI Technologies\ATI.ACE\cli.exe
c:\program files\ATI Technologies\ATI.ACE\cli.exe
.
**************************************************************************
.
Completion time: 2010-05-25 20:14:05 - machine was rebooted
ComboFix-quarantined-files.txt 2010-05-25 19:14
ComboFix2.txt 2010-05-24 20:40
ComboFix3.txt 2010-05-23 13:28
ComboFix4.txt 2010-05-22 16:22
C:\DeQuarantine.txt

Pre-Run: 124,357,554,176 bytes free
Post-Run: 124,917,219,328 bytes free

- - End Of File - - AE8825031A296E7B6645510FE38581EA
darrian
Active Member
 
Posts: 14
Joined: May 18th, 2010, 5:29 pm
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 29 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware