Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

IE Malware

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

IE Malware

Unread postby 664 » July 20th, 2010, 5:22 am

I'm having a Google redirect problem and nothing seems to fix it. Also, a new IE window will pop up occasionally which goes to some kind of ad or spam page, sometimes with malicious adware and whatnots.

edit: Also I'm having a problem installing "Microsoft SQL Server 2005 Express Edition Service Pack 3 (KB955706)" in Automatic Updates. The installer simply will pop a window up saying the update was not installed after a few minutes of being idle. Not sure if you have any suggestions or can figure out a fix from these logs, but I figured it was worth mentioning. I did try using the Windows Install Clean Up utility, but it did not help.

HiJack This log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:13:18 AM, on 7/20/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgfws9.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\PDF Complete\pdfsvc.exe
C:\WINDOWS\SMINST\Scheduler.exe
C:\Program Files\D-Link\Wireless G WUA-1340\AirGCFG.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Common Files\AOL\1241055163\ee\AOLSoftware.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\wuauclt.exe
F:\Program Files\HiJack This\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... ll&pf=cmdt
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe
O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\Sminst\Recguard.exe
O4 - HKLM\..\Run: [Reminder] C:\WINDOWS\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Scheduler] C:\WINDOWS\SMINST\Scheduler.exe
O4 - HKLM\..\Run: [D-Link Wireless G WUA-1340] C:\Program Files\D-Link\Wireless G WUA-1340\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1241055163\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "H:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] F:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [DAEMON Tools Lite] "H:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.mcafee.com
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
O16 - DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} (HP Download Manager) - https://h20436.www2.hp.com/ediags/dex/s ... DEXAXO.cab
O16 - DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} (P3DActiveX Control) - http://panda-plugin.disney.go.com/plugi ... ctivex.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: ANIWZCSd Service (ANIWZCSdService) - Wireless Service - C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - AOL LLC - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AVG E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: AVG Firewall (avgfws9) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgfws9.exe
O23 - Service: AVG9IDSAgent (AVGIDSAgent) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

--
End of file - 11758 bytes



Uninstall List:

Acrobat.com
Adobe AIR
Adobe AIR
Adobe Community Help
Adobe Community Help
Adobe Flash Player 10 ActiveX
Adobe Media Player
Adobe Media Player
Adobe Photoshop CS5
Adobe Reader 9.1.3
AIM 7
Altiris Software Virtualization Agent
AMD Processor Driver
ANIO Service
ANIWZCS2 Service
AOL Uninstaller (Choose which Products to Remove)
AVG 9.0
Business Contact Manager for Outlook 2007 SP2
Business Contact Manager for Outlook 2007 SP2
Counter-Strike: Condition Zero
Counter-Strike: Source
Day of Defeat: Source
DivX Setup
Download Updater (AOL LLC)
Dual-Core Optimizer
Half-Life 2: Lost Coast
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952117-v2)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Backup and Recovery Manager
HP Customer Participation Program 7.0
HP Document Viewer 7.0
HP Help and Support
HP Imaging Device Functions 7.0
HP Photosmart Premier Software 6.5
HP Photosmart, Officejet and Deskjet 7.0.A
HP Software Update
HP Solution Center 7.0
ieSpell
Java(TM) 6 Update 7
Mabinogi
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft ActiveSync
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Accounting 2009
Microsoft Office Accounting 2009
Microsoft Office Accounting 2009 Equifax Addin
Microsoft Office Accounting 2009 Fixed Asset Manager
Microsoft Office Accounting 2009 PayPal Addin
Microsoft Office Accounting 2009 Tax Integration Add-in
Microsoft Office Accounting ADP Payroll Addin
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote 2007
Microsoft Office OneNote 2007 Trial
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Word MUI (English) 2007
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyAttorney Home & Business
NVIDIA Drivers
OCR Software by I.R.I.S 7.0
OGA Notifier 2.0.0048.0
Pando Media Booster
PDF Complete
PDF Settings CS5
Play Designer Series 2009
Play Designer Series 2010
PunkBuster Services
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.0
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB982135)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB982381)
Setup
Spybot - Search & Destroy
Steam
StepMania 3.9a (remove only)
Uninstall AOL Emergency Connect Utility 1.0
Update for 2007 Microsoft Office System (KB967642)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB982632)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Usenet.nl
VC80CRTRedist - 8.0.50727.4053
Viewpoint Media Player
WillCreator Deluxe
Winamp
Windows Imaging Component
Windows Installer Clean Up
Windows Internet Explorer 8
Windows Media Format Runtime
Windows Mobile® Device Handbook
Windows Search 4.0
Windows XP Service Pack 3
Wireless G WUA-1340
Yahoo! Messenger


Thank you in advance! =]
664
Active Member
 
Posts: 5
Joined: July 20th, 2010, 5:19 am
Advertisement
Register to Remove

Re: IE Malware

Unread postby jmw3 » July 23rd, 2010, 5:32 am

Hello & Welcome to Malware Removal

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this ensure Notify me when a reply is posted is ticked on the POST A REPLY page.

In the meantime please note the following:
  • Please take time to read the Malware Removal Forum Guidelines and Rules where the conditions for receiving help at this forum are explained.
  • Any recommendations made are for your computer problems only and should NOT be used on any other computer.
  • Please DO NOT run any scans/tools or other fixes unless I ask you to. This is very important for several reasons. Here are just two of them:
    1. The tools that we use are very powerful and can cause >>irreparable damage<< to your computer if not used correctly.
    2. Commercial scanners, for the most part can not completely remove some of the more "resistant" infections. This makes it much more difficult to get rid of completely.
  • If you get stuck or are unsure of something please ask for a further explanation, do not guess.
  • It will require more than one round to properly clean your system. Continue to respond to this thread until I give you the All Clean! even if symptoms seemingly abate.
Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.
If for any reason you cannot complete instructions within that time, that's fine, just put a post here so that I know you're still here. We get a lot of people who simply leave & if there is no contact for that amount of time I will have to assume you have abandoned your topic.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Thanks

DDS
Download DDS.scr by sUBs from one of the following links & save it to your desktop.
Link 1
Link 2
  • Double-Click on dds.scr and a command window will appear. This is normal
  • Shortly after two logs will appear, DDS.txt & Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply
Gmer
Download GMER Rootkit Scanner from here & save it to your desktop.
  • Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO

    Image
    Click the image to enlarge it
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
  • Save it where you can easily find it, such as your desktop, and post it in reply
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Do not run any programs while Gmer is running.

NOTE: If you cannot run GMER as indicated above, save a scan from the initial startup scan.
  • Before scanning, make sure all other running programs are closed & no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan
  • Double click the gmer.exe file
  • The program will begin to run & perform an initial scan. If possible rootkit activity is found, you will be asked if you would like to perform a full scan. Click No
  • After the "initial scan" is complete, click on the Save button, save the log file to your desktop & post it in your reply
To post in next reply:
Contents of DDS log
Contents of Attach.txt
Contents of Gmer log
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia

Re: IE Malware

Unread postby 664 » July 24th, 2010, 6:44 am

First off, thank you in advance for taking the time to work with me and help to find and fix the problem =]
I'm posting the log files, as requested.

DDS.txt:

DDS (Ver_10-03-17.01) - NTFSx86
Run by Administrator at 5:52:19.80 on Sat 07/24/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2942.1869 [GMT -4:00]

AV: AVG Internet Security *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *enabled* {8decf618-9569-4340-b34a-d78d28969b66}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgfws9.exe
C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\PDF Complete\pdfsvc.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
svchost.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\SMINST\Scheduler.exe
C:\Program Files\D-Link\Wireless G WUA-1340\AirGCFG.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Common Files\AOL\1241055163\ee\AOLSoftware.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Pando Networks\Media Booster\PMB.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Documents and Settings\Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... ll&pf=cmdt
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [DAEMON Tools Lite] "h:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [DAEMON Tools Pro Agent] "f:\program files\daemon tools pro\DTAgent.exe" -autorun
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe
mRun: [PDF Complete] c:\program files\pdf complete\pdfsty.exe
mRun: [SetRefresh] c:\program files\compaq\setrefresh\SetRefresh.exe
mRun: [Recguard] c:\windows\sminst\Recguard.exe
mRun: [Reminder] c:\windows\creator\Remind_XP.exe
mRun: [Scheduler] c:\windows\sminst\Scheduler.exe
mRun: [D-Link Wireless G WUA-1340] c:\program files\d-link\wireless g wua-1340\AirGCFG.exe
mRun: [ANIWZCS2Service] c:\program files\ani\aniwzcs2 service\WZCSLDR2.exe
mRun: [HostManager] c:\program files\common files\aol\1241055163\ee\AOLSoftware.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Malwarebytes Anti-Malware (reboot)] "h:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "c:\program files\common files\adobe\cs5servicemanager\CS5ServiceManager.exe" -launchedbylogin
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\admini~1\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpphot~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe
IE: &ieSpell Options - c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Lookup on Merriam Webster - file://c:\program files\iespell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\iespell\wikipedia.HTM
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://c:\program files\iespell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://c:\program files\iespell\iespell.dll/SPELLOPTION.HTM
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/s ... DEXAXO.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} - hxxp://panda-plugin.disney.go.com/plugi ... ctivex.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shoc ... wflash.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll
Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============

R0 AVGIDSErHrxpx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSxx.sys [2010-7-7 25168]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2010-7-7 52872]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-7-7 216400]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-7-7 29584]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-7-7 243024]
R1 FSLX;FSLX;c:\windows\system32\drivers\fslx.sys [2008-7-11 191872]
R2 avg9emc;AVG E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-7-7 921952]
R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-7 308136]
R2 avgfws9;AVG Firewall;c:\program files\avg\avg9\avgfws9.exe [2010-7-7 2331032]
R2 AVGIDSAgent;AVG9IDSAgent;c:\program files\avg\avg9\identity protection\agent\bin\AVGIDSAgent.exe [2010-7-7 5897808]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\pdf complete\pdfsvc.exe [2009-4-27 576024]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2010-7-7 30104]
R3 AVGIDSDriverxpx;AVG9IDSDriver;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSDriver.sys [2010-7-7 122448]
R3 AVGIDSFilterxpx;AVG9IDSFilter;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSFilter.sys [2010-7-7 30288]
R3 AVGIDSShimxpx;AVG9IDSShim;c:\program files\avg\avg9\identity protection\agent\driver\platform_xp\AVGIDSShim.sys [2010-7-7 26192]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2010-7-7 30104]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]

=============== Created Last 30 ================

2010-07-24 06:28:38 531 ----a-w- c:\windows\eReg.dat
2010-07-24 06:28:31 0 d-----w- c:\program files\Maxis
2010-07-24 05:04:39 0 d-----w- c:\docume~1\alluse~1\applic~1\DAEMON Tools Pro
2010-07-24 05:04:23 0 d-----w- c:\docume~1\admini~1\applic~1\DAEMON Tools Pro
2010-07-24 02:37:32 0 d-----w- c:\windows\lhsp
2010-07-24 02:37:23 0 d-----w- c:\windows\speech
2010-07-24 02:37:21 0 d-----w- c:\program files\CFS-Technologies
2010-07-23 09:50:12 21840 ----a-w- c:\windows\system32\SIntfNT.dll
2010-07-23 09:50:12 17212 ----a-w- c:\windows\system32\SIntf32.dll
2010-07-23 09:50:12 12067 ----a-w- c:\windows\system32\SIntf16.dll
2010-07-23 09:49:24 0 d-----w- c:\program files\directx
2010-07-23 09:47:30 515 ----a-w- c:\windows\SIERRA.INI
2010-07-23 09:47:30 0 d-----w- C:\Sierra
2010-07-23 05:14:10 0 d-----w- c:\program files\common files\Solveig Multimedia
2010-07-21 21:53:24 0 d-----w- c:\program files\Graboid
2010-07-20 08:38:01 0 d-----w- c:\program files\Windows Installer Clean Up
2010-07-20 08:37:30 0 d-----w- c:\program files\MSECACHE
2010-07-20 06:40:22 0 d-----w- c:\program files\common files\Blizzard Entertainment
2010-07-20 03:12:25 0 d-----w- c:\docume~1\admini~1\applic~1\BitZipper
2010-07-16 19:14:02 0 d-----w- c:\docume~1\alluse~1\applic~1\NexonUS
2010-07-16 09:10:26 0 d-----w- C:\Nexon
2010-07-16 05:56:02 0 d-----w- c:\docume~1\alluse~1\applic~1\PMB Files
2010-07-16 05:54:54 0 d-----w- c:\program files\Pando Networks
2010-07-15 05:12:57 0 d-----w- c:\program files\Steam
2010-07-14 20:46:40 0 d-----w- c:\docume~1\alluse~1\applic~1\regid.1986-12.com.adobe
2010-07-14 09:46:16 697328 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-07-14 09:45:08 0 d-----w- c:\docume~1\admini~1\applic~1\DAEMON Tools Lite
2010-07-14 09:45:04 0 d-----w- c:\docume~1\alluse~1\applic~1\DAEMON Tools Lite
2010-07-14 08:18:13 9058 ----a-w- c:\windows\system32\jsc
2010-07-14 08:18:13 71680 ----a-w- c:\windows\system32\klgd.bmp
2010-07-14 08:04:22 0 d-----w- c:\docume~1\admini~1\applic~1\Usenet.nl
2010-07-14 04:59:48 0 d-----w- c:\docume~1\admini~1\applic~1\Malwarebytes
2010-07-14 04:59:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-14 04:59:33 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-07-14 04:59:29 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-13 22:52:55 126448 ------w- c:\windows\system32\pxinsi64.exe
2010-07-13 22:52:55 123888 ------w- c:\windows\system32\pxcpyi64.exe
2010-07-13 19:48:20 3284 ----a-w- c:\windows\system32\ANIWZCS{B1BC62CA-6E76-44F8-BCC9-A0F60D2ACC92}
2010-07-13 19:48:06 0 d--h--w- C:\$AVG
2010-07-12 23:33:07 0 d-----w- c:\windows\RegisteredPackages
2010-07-12 23:26:34 133616 ------w- c:\windows\system32\pxafs.dll
2010-07-12 05:51:06 0 d-----w- c:\docume~1\alluse~1\applic~1\AIM
2010-07-12 05:50:59 0 d-----w- c:\program files\AIM
2010-07-12 05:50:58 0 d-----w- c:\program files\common files\Software Update Utility
2010-07-12 02:14:41 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-07-12 02:14:41 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-07-12 02:04:05 0 d-----w- c:\docume~1\admini~1\applic~1\REAPER
2010-07-12 00:01:01 0 d-----w- c:\docume~1\admini~1\applic~1\C38DA9566B8BEBE2BC990BF38E224A6B
2010-07-10 06:43:43 0 d-----w- c:\docume~1\admini~1\applic~1\AVG9
2010-07-09 06:40:19 0 d-----w- c:\program files\common files\xing shared
2010-07-09 06:39:48 0 d-----w- c:\program files\common files\Real
2010-07-09 06:32:16 0 d-----w- c:\program files\common files\DivX Shared
2010-07-09 06:30:45 0 d-----w- c:\program files\DivX
2010-07-09 06:30:23 0 d-----w- c:\docume~1\alluse~1\applic~1\DivX
2010-07-08 23:30:34 0 ----a-w- c:\documents and settings\administrator\jagex__preferences3.dat
2010-07-08 23:30:33 99 ----a-w- c:\documents and settings\administrator\jagex_runescape_preferences2.dat
2010-07-08 23:29:04 46 ----a-w- c:\documents and settings\administrator\jagex_runescape_preferences.dat
2010-07-08 23:28:46 0 d-----w- c:\windows\.jagex_cache_32
2010-07-07 22:01:36 0 d-sh--w- c:\documents and settings\administrator\IECompatCache
2010-07-07 22:00:29 0 d-sh--w- c:\documents and settings\administrator\PrivacIE
2010-07-07 21:54:27 0 d-sh--w- c:\documents and settings\administrator\IETldCache
2010-07-07 21:50:33 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-07-07 21:50:33 599040 ------w- c:\windows\system32\dllcache\msfeeds.dll
2010-07-07 21:50:33 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-07-07 21:50:33 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-07-07 21:50:33 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
2010-07-07 21:50:33 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-07-07 21:50:33 11076096 ------w- c:\windows\system32\dllcache\ieframe.dll
2010-07-07 21:50:28 0 d-----w- c:\windows\ie8updates
2010-07-07 21:50:25 41984 ------w- c:\windows\system32\dllcache\iecompat.dll
2010-07-07 21:48:37 0 dc-h--w- c:\windows\ie8
2010-07-07 21:37:54 0 d-----w- c:\program files\MSXML 4.0
2010-07-07 21:35:37 12536 ----a-w- c:\windows\system32\avgrsstx.dll
2010-07-07 21:35:36 216400 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-07-07 21:35:29 0 d-----w- c:\windows\system32\drivers\Avg
2010-07-07 21:34:18 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-07-07 21:34:18 25168 ----a-w- c:\windows\system32\drivers\AVGIDSxx.sys
2010-07-07 21:34:16 243024 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-07-07 21:33:40 50968 ----a-w- c:\windows\system32\avgfwdx.dll
2010-07-07 21:33:40 30104 ----a-w- c:\windows\system32\drivers\avgfwdx.sys
2010-07-07 21:32:36 0 d-----w- c:\program files\AVG
2010-07-07 21:32:13 0 d-----w- c:\docume~1\alluse~1\applic~1\avg9
2010-07-07 20:53:02 726528 ----a-w- c:\windows\system32\dllcache\jscript.dll
2010-07-07 20:27:49 33792 ------w- c:\windows\system32\dllcache\custsat.dll
2010-07-07 20:26:22 701440 ------w- c:\windows\system32\drivers\ati2mtag.sys
2010-07-07 20:25:35 19569 ----a-w- c:\windows\002900_.tmp
2010-07-07 20:18:24 0 d-----w- C:\b8ece5809c0fd30991
2010-07-07 19:38:57 0 d-----w- c:\docume~1\admini~1\applic~1\uTorrent
2010-07-07 17:35:36 117118 ------w- c:\windows\hpoins11.dat.temp
2010-07-07 17:35:36 11634 ------w- c:\windows\hpomdl11.dat.temp
2010-07-07 17:28:01 0 d-----w- C:\fbe043aec01c41f84736fda6
2010-07-07 17:23:17 0 d-----w- C:\d5af5285977b278886bd2d3c568d
2010-07-07 17:19:33 0 d-----w- C:\af2de2dc8273431b392f6cc2b9e7dee5
2010-07-07 17:15:45 0 d-----w- C:\a2c5c1d75b38396f7d1eb1
2010-07-07 17:11:41 0 d-----w- C:\f48d9db6b340e536f17c919d27
2010-07-07 05:52:16 0 d-----w- C:\7d9099d5a2f49dc54117327f7c50
2010-07-07 03:58:57 0 d-----w- c:\program files\common files\Sonic Shared
2010-07-07 03:57:39 0 d-----w- c:\program files\common files\HP
2010-07-07 03:55:51 0 d-----w- c:\program files\common files\Hewlett-Packard
2010-07-07 03:54:20 94208 ----a-w- c:\windows\system32\HPZipt12.dll
2010-07-07 03:54:20 69632 ----a-w- c:\windows\system32\HPZipm12.exe
2010-07-07 03:54:20 65536 ----a-w- c:\windows\system32\HPZinw12.exe
2010-07-07 03:54:20 57344 ----a-w- c:\windows\system32\HPZisn12.dll
2010-07-07 03:54:20 282680 ----a-w- c:\windows\system32\HPZidr12.dll
2010-07-07 03:54:20 204800 ----a-w- c:\windows\system32\HPZipr12.dll
2010-07-07 03:54:17 306688 ----a-w- c:\windows\IsUninst.exe
2010-07-07 03:52:47 116488 ----a-w- c:\windows\hpoins11.dat
2010-07-07 03:51:10 11634 ------w- c:\windows\hpomdl11.dat
2010-07-07 03:43:23 0 d-----w- c:\windows\system32\appmgmt
2010-07-07 02:31:31 3558912 ------w- c:\windows\system32\dllcache\moviemk.exe
2010-07-07 02:09:37 0 d-----w- c:\docume~1\admini~1\applic~1\McAfee

==================== Find3M ====================

2010-06-09 23:01:10 45648 ------w- c:\windows\system32\drivers\pxhelp20.sys
2010-05-06 10:41:53 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-06 10:41:53 916480 ------w- c:\windows\system32\dllcache\wininet.dll
2010-05-06 10:41:52 611840 ------w- c:\windows\system32\dllcache\mstime.dll
2010-05-06 10:41:52 5950976 ------w- c:\windows\system32\dllcache\mshtml.dll
2010-05-06 10:41:52 206848 ------w- c:\windows\system32\dllcache\occache.dll
2010-05-06 10:41:52 1209344 ------w- c:\windows\system32\dllcache\urlmon.dll
2010-05-06 10:41:51 25600 ------w- c:\windows\system32\dllcache\jsproxy.dll
2010-05-06 10:41:50 184320 ------w- c:\windows\system32\dllcache\iepeers.dll
2010-05-06 10:41:48 387584 ------w- c:\windows\system32\dllcache\iedkcs32.dll
2010-05-05 13:30:57 173056 ------w- c:\windows\system32\dllcache\ie4uinit.exe
2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-05-02 05:22:50 1851264 ------w- c:\windows\system32\dllcache\win32k.sys

============= FINISH: 5:54:09.13 ===============


Attach.txt:


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 4/27/2009 3:16:42 PM
System Uptime: 7/24/2010 2:15:29 AM (3 hours ago)

Motherboard: PEGATRON CORPORATION | | 2A72h
Processor: AMD Athlon(tm) Dual Core Processor 4450B | Socket AM2 | 2310/200mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 221 GiB total, 167.682 GiB free.
D: is FIXED (NTFS) - 12 GiB total, 4.178 GiB free.
E: is CDROM ()
G: is Removable
H: is FIXED (NTFS) - 233 GiB total, 189.155 GiB free.
I: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP884: 7/20/2010 5:53:36 PM - Avg Update
RP885: 7/21/2010 6:24:43 PM - System Checkpoint
RP886: 7/23/2010 5:47:29 AM - Installed Empire Earth
RP887: 7/23/2010 9:55:15 AM - Installed Empire Earth - The Art of Conquest
RP888: 7/23/2010 12:16:01 PM - Installed SPORE™ Creature Creator Trial Edition
RP889: 7/24/2010 1:12:09 AM - SPTD setup V1.69

==== Installed Programs ======================

Acrobat.com
Adobe AIR
Adobe Community Help
Adobe Flash Player 10 ActiveX
Adobe Media Player
Adobe Photoshop CS5
Adobe Reader 9.1.3
AIM 7
AiO_Scan_CDA
AiOSoftwareNPI
Altiris Software Virtualization Agent
AMD Processor Driver
ANIO Service
ANIWZCS2 Service
AOL Uninstaller (Choose which Products to Remove)
AVG 9.0
BufferChm
Business Contact Manager for Outlook 2007 SP2
C6100
c6100_Help
Counter-Strike: Condition Zero
Counter-Strike: Source
CP_CalendarTemplates1
cp_OnlineProjectsConfig
CP_Package_Basic1
CP_Panorama1Config
cp_PosterPrintConfig
CueTour
CustomerResearchQFolder
Day of Defeat: Source
Destinations
DeviceManagementQFolder
DivX Setup
DocProc
DocProcQFolder
DocumentViewer
DocumentViewerQFolder
Download Updater (AOL LLC)
Dual-Core Optimizer
Empire Earth
Empire Earth - The Art of Conquest
eSupportQFolder
Fax_CDA
FullDPAppQFolder
Half-Life 2: Lost Coast
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952117-v2)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
HP Backup and Recovery Manager
HP Customer Participation Program 7.0
HP Document Viewer 7.0
HP Help and Support
HP Imaging Device Functions 7.0
HP Photosmart Premier Software 6.5
HP Photosmart, Officejet and Deskjet 7.0.A
HP Software Update
HP Solution Center 7.0
HPPhotoSmartExpress
HPProductAssistant
ieSpell
InstantShareDevices
InstantShareDevicesMFC
Java(TM) 6 Update 7
Lernout & Hauspie TruVoice American English TTS Engine
Mabinogi
Malwarebytes' Anti-Malware
MarketResearch
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft ActiveSync
Microsoft Application Error Reporting
Microsoft Office 2003 Web Components
Microsoft Office 2007 Primary Interop Assemblies
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Accounting 2009
Microsoft Office Accounting 2009 Equifax Addin
Microsoft Office Accounting 2009 Fixed Asset Manager
Microsoft Office Accounting 2009 PayPal Addin
Microsoft Office Accounting 2009 Tax Integration Add-in
Microsoft Office Accounting ADP Payroll Addin
Microsoft Office Excel MUI (English) 2007
Microsoft Office Home and Student 2007
Microsoft Office OneNote 2007
Microsoft Office OneNote 2007 Trial
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Small Business Connectivity Components
Microsoft Office Word MUI (English) 2007
Microsoft Software Update for Web Folders (English) 12
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ)
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyAttorney Home & Business
NewCopy_CDA
NVIDIA Drivers
OCR Software by I.R.I.S 7.0
OGA Notifier 2.0.0048.0
Pando Media Booster
PanoStandAlone
PDF Complete
PDF Settings CS5
PhotoGallery
Play Designer Series 2009
Play Designer Series 2010
ProductContextNPI
PunkBuster Services
RandMap
Readme
RealPlayer
Realtek High Definition Audio Driver
RealUpgrade 1.0
Scan
ScannerCopy
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB976321)
Security Update for 2007 Microsoft Office System (KB982312)
Security Update for 2007 Microsoft Office System (KB982331)
Security Update for Microsoft Office Excel 2007 (KB982308)
Security Update for Microsoft Office InfoPath 2007 (KB979441)
Security Update for Microsoft Office PowerPoint 2007 (KB982158)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Security Update for Microsoft Office Word 2007 (KB982135)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371-v2)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB963027)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB976325)
Security Update for Windows XP (KB977165-v2)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB982381)
Setup
SimCity 4 Deluxe
SkinsHP1
SlideShow
SolutionCenter
SolveigMM AVI Trimmer
Sonic_PrimoSDK
Speakonia
SPORE™ Creature Creator Trial Edition
Spybot - Search & Destroy
Status
Steam
StepMania 3.9a (remove only)
Toolbox
TrayApp
Uninstall AOL Emergency Connect Utility 1.0
Unload
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office OneNote 2007 (KB980729)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB982632)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Usenet.nl
VC80CRTRedist - 8.0.50727.4053
Viewpoint Media Player
WebFldrs XP
WebReg
WillCreator Deluxe
Winamp
Windows Imaging Component
Windows Installer Clean Up
Windows Internet Explorer 8
Windows Media Format Runtime
Windows Mobile® Device Handbook
Windows Search 4.0
Windows XP Service Pack 3
Wireless G WUA-1340
Yahoo! Messenger

==== Event Viewer Messages From Past Week ========

7/21/2010 5:20:52 AM, error: Service Control Manager [7000] - The Application Layer Gateway Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
7/21/2010 5:20:51 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Application Layer Gateway Service service to connect.
7/21/2010 4:27:53 AM, error: DCOM [10005] - DCOM got error "%1058" attempting to start the service helpsvc with arguments "" in order to run the server: {833E4010-AFF7-4AC3-AAC2-9F24C1457BCE}
7/19/2010 12:41:43 AM, error: Service Control Manager [7034] - The ANIWZCSd Service service terminated unexpectedly. It has done this 1 time(s).
7/19/2010 12:36:52 AM, error: Service Control Manager [7023] - The Network Security service terminated with the following error: The specified module could not be found.
7/19/2010 12:36:20 AM, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
7/19/2010 12:36:20 AM, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
7/18/2010 4:08:21 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Microsoft SQL Server 2005 Express Edition Service Pack 3 (KB955706).

==== End Of File ===========================



I ran the GMER scan and it worked fine for a while, but eventually caused my system to have a stop error (blue screen). I'm going to post the intial scan results from the program startup:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-07-24 06:39:17
Windows 5.1.2600 Service Pack 3
Running: wgeoj81c.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\aftyrpob.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\WINDOWS\system32\drivers\fslx.sys (FSL System Driver/Altiris, Inc.) ZwEnumerateKey [0xB567AF2A]
SSDT \??\C:\WINDOWS\system32\drivers\fslx.sys (FSL System Driver/Altiris, Inc.) ZwEnumerateValueKey [0xB567B2E6]

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 8AB731F8

AttachedDevice \FileSystem\Ntfs \Ntfs fslx.sys (FSL System Driver/Altiris, Inc.)
AttachedDevice \FileSystem\Ntfs \Ntfs AVGIDSFilter.sys (IDS Application Activity Monitor Filter Driver./AVG Technologies CZ, s.r.o. )
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device -> \Driver\atapi \Device\Harddisk0\DR0 893EEEC5

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----
664
Active Member
 
Posts: 5
Joined: July 20th, 2010, 5:19 am

Re: IE Malware

Unread postby jmw3 » July 24th, 2010, 8:26 am

No problem at all :)

TFC (Temp File Cleaner)
Download TFC (Temp File Cleaner) by Old Timer Here & save it to your desktop.
  • Save any unsaved work. TFC Cleaner will close all open application windows
  • Double-click TFC.exe to run the program, your desktop will temporarily disappear
  • If prompted, click Yes to reboot
Note: Save your work.. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take any longer than a couple of minutes & may only take a few seconds. Only if needed will you be prompted to reboot.

ComboFix
Download ComboFix from one of these locations (DO NOT download ComboFix from anywhere else but one of the provided links):
Link 1
Link 2

**IMPORTANT !!! Save ComboFix.exe to your Desktop**

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
    A guide to do this can be found here
  • Double click on ComboFix.exe & follow the prompts
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console
Image
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Image

  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply
A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


To post in next reply:
ComboFix log
Update on how the computer is running
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia

Re: IE Malware

Unread postby 664 » July 25th, 2010, 8:11 pm

Success! Google search results no longer redirect, and so far no IE popups. Microsoft Update is also working now. Internet Explorer is running faster and starting up with no lag time.

Here's the ComboFix log:

ComboFix 10-07-24.04 - Administrator 07/25/2010 19:49:04.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2942.2558 [GMT -4:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\_000003_.tmp.dll
c:\windows\system32\_000005_.tmp.dll
c:\windows\system32\fsc.txt
c:\windows\system32\ide.txt
c:\windows\system32\klgd.bmp
c:\windows\system32\lpe.txt
c:\windows\system32\lrg.txt
c:\windows\system32\qks.txt
c:\windows\system32\xef.txt
D:\Autorun.inf
H:\Autorun.inf

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_6TO4
-------\Service_6to4


((((((((((((((((((((((((( Files Created from 2010-06-25 to 2010-07-25 )))))))))))))))))))))))))))))))
.

2010-07-24 22:14 . 2010-07-24 22:14 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Turbine
2010-07-24 21:52 . 2010-07-24 21:52 -------- d-----w- c:\program files\Turbine
2010-07-24 06:28 . 2010-07-24 06:28 531 ----a-w- c:\windows\eReg.dat
2010-07-24 06:28 . 2010-07-24 06:28 -------- d-----w- c:\program files\Maxis
2010-07-24 05:04 . 2010-07-24 05:04 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Pro
2010-07-24 05:04 . 2010-07-24 06:24 -------- d-----w- c:\documents and settings\Administrator\Application Data\DAEMON Tools Pro
2010-07-24 02:37 . 2010-07-24 02:37 -------- d-----w- c:\windows\lhsp
2010-07-24 02:37 . 2010-07-24 02:37 -------- d-----w- c:\windows\speech
2010-07-24 02:37 . 2010-07-24 02:37 -------- d-----w- c:\program files\CFS-Technologies
2010-07-23 16:16 . 2010-07-23 16:16 -------- d-----w- c:\documents and settings\Administrator\Application Data\SPORE Creature Creator
2010-07-23 16:16 . 2010-07-23 16:16 -------- d-----w- c:\program files\Electronic Arts
2010-07-23 09:50 . 2010-07-23 09:50 21840 ----a-w- c:\windows\system32\SIntfNT.dll
2010-07-23 09:50 . 2010-07-23 09:50 17212 ----a-w- c:\windows\system32\SIntf32.dll
2010-07-23 09:50 . 2010-07-23 09:50 12067 ----a-w- c:\windows\system32\SIntf16.dll
2010-07-23 09:49 . 2010-07-23 09:49 -------- d-----w- c:\program files\directx
2010-07-23 09:47 . 2010-07-23 13:55 -------- d-----w- C:\Sierra
2010-07-23 05:14 . 2010-07-23 05:14 -------- d-----w- c:\program files\Common Files\Solveig Multimedia
2010-07-21 21:53 . 2010-07-21 21:53 -------- d-----w- c:\program files\Graboid
2010-07-21 09:18 . 2010-07-21 09:18 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\AOL
2010-07-20 08:38 . 2010-07-20 08:38 3584 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2010-07-20 08:38 . 2010-07-20 08:38 -------- d-----w- c:\program files\Windows Installer Clean Up
2010-07-20 08:37 . 2010-07-20 08:37 -------- d-----w- c:\program files\MSECACHE
2010-07-20 06:40 . 2010-07-20 06:40 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-07-20 03:12 . 2010-07-20 07:22 -------- d-----w- c:\documents and settings\Administrator\Application Data\BitZipper
2010-07-19 08:53 . 2010-07-19 08:53 370070 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{EB2F05F5-3084-4E69-BC82-8C9A4FD82544}\_398F9337C093E54DC41F68.exe
2010-07-17 14:41 . 2010-07-17 14:41 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-07-16 19:14 . 2010-07-16 19:14 98304 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
2010-07-16 19:14 . 2010-07-16 19:14 765952 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGMDll.dll
2010-07-16 19:14 . 2010-07-16 19:14 401408 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGMResource.dll
2010-07-16 19:14 . 2010-07-16 19:14 258352 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\unicows.dll
2010-07-16 19:14 . 2010-07-16 19:14 172032 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGM.exe
2010-07-16 19:14 . 2010-07-16 19:14 126976 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\nxgameus.dll
2010-07-16 19:14 . 2010-07-16 19:14 -------- d-----w- c:\documents and settings\All Users\Application Data\NexonUS
2010-07-16 10:10 . 2010-07-16 20:00 -------- d-----w- c:\documents and settings\Administrator\Application Data\Orbit
2010-07-16 09:10 . 2010-07-16 09:10 -------- d-----w- C:\Nexon
2010-07-16 05:56 . 2010-07-25 00:01 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\PMB Files
2010-07-16 05:56 . 2010-07-24 11:01 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files
2010-07-16 05:54 . 2010-07-16 05:56 -------- d-----w- c:\program files\Pando Networks
2010-07-15 05:12 . 2010-07-21 07:31 -------- d-----w- c:\program files\Steam
2010-07-14 20:46 . 2010-07-20 07:45 -------- d-----w- c:\documents and settings\All Users\Application Data\regid.1986-12.com.adobe
2010-07-14 20:38 . 2010-07-14 20:38 -------- d-----w- c:\program files\Adobe Media Player
2010-07-14 09:46 . 2010-07-24 05:12 697328 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-07-14 09:45 . 2010-07-14 19:22 -------- d-----w- c:\documents and settings\Administrator\Application Data\DAEMON Tools Lite
2010-07-14 09:45 . 2010-07-14 09:45 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2010-07-14 08:04 . 2010-07-21 21:54 -------- d-----w- c:\documents and settings\Administrator\Application Data\Usenet.nl
2010-07-14 04:59 . 2010-07-14 04:59 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-07-14 04:59 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-14 04:59 . 2010-07-14 04:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-14 04:59 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-13 22:53 . 2010-07-13 22:53 56765 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-07-13 22:53 . 2010-07-13 22:53 57715 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe
2010-07-13 22:52 . 2010-07-13 22:52 84054 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TransferWizard\Uninstaller.exe
2010-07-13 22:52 . 2010-06-09 23:01 126448 ------w- c:\windows\system32\pxinsi64.exe
2010-07-13 22:52 . 2010-06-09 23:01 123888 ------w- c:\windows\system32\pxcpyi64.exe
2010-07-13 22:52 . 2010-07-13 22:52 54644 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TranscodeEngine\Uninstaller.exe
2010-07-13 22:52 . 2010-07-13 22:52 54153 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe
2010-07-13 22:52 . 2010-07-13 22:52 54101 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MPEG2Plugin\Uninstaller.exe
2010-07-12 23:26 . 2010-06-09 23:01 133616 ------w- c:\windows\system32\pxafs.dll
2010-07-12 23:25 . 2010-07-13 22:15 -------- d-----w- c:\documents and settings\Administrator\Application Data\Winamp
2010-07-12 17:38 . 2010-07-12 17:38 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-07-12 17:35 . 2010-07-12 17:35 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\AOL
2010-07-12 05:51 . 2010-07-12 05:52 -------- d-----w- c:\documents and settings\Administrator\Application Data\acccore
2010-07-12 05:51 . 2010-07-12 08:18 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\AIM
2010-07-12 05:51 . 2010-07-12 05:51 -------- d-----w- c:\documents and settings\All Users\Application Data\AIM
2010-07-12 05:50 . 2010-07-12 05:51 -------- d-----w- c:\program files\AIM
2010-07-12 05:50 . 2010-07-12 05:50 -------- d-----w- c:\program files\Common Files\Software Update Utility
2010-07-12 02:14 . 2010-07-12 02:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-07-12 02:14 . 2010-07-12 02:16 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-07-12 02:04 . 2010-07-12 02:04 -------- d-----w- c:\documents and settings\Administrator\Application Data\REAPER
2010-07-12 00:01 . 2010-07-12 00:01 0 ----a-w- c:\documents and settings\Administrator\Application Data\C38DA9566B8BEBE2BC990BF38E224A6B\070700Setup.exe
2010-07-12 00:01 . 2010-07-12 00:01 -------- d-----w- c:\documents and settings\Administrator\Application Data\C38DA9566B8BEBE2BC990BF38E224A6B
2010-07-09 06:39 . 2010-07-09 06:40 -------- d-----w- c:\program files\Real
2010-07-09 06:39 . 2010-07-09 06:40 -------- d-----w- c:\program files\Common Files\Real
2010-07-09 06:33 . 2010-07-13 22:55 -------- d-----w- c:\documents and settings\Administrator\Application Data\DivX
2010-07-09 06:30 . 2010-07-13 22:53 -------- d-----w- c:\program files\DivX
2010-07-09 06:30 . 2010-07-13 22:53 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-07-08 23:30 . 2010-07-08 23:30 0 ----a-w- c:\documents and settings\Administrator\jagex__preferences3.dat
2010-07-08 23:30 . 2010-07-16 05:37 99 ----a-w- c:\documents and settings\Administrator\jagex_runescape_preferences2.dat
2010-07-08 23:29 . 2010-07-16 03:16 46 ----a-w- c:\documents and settings\Administrator\jagex_runescape_preferences.dat
2010-07-08 23:28 . 2010-07-08 23:29 -------- d-----w- c:\windows\.jagex_cache_32
2010-07-08 20:49 . 2010-07-08 22:36 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Panda3D
2010-07-08 18:49 . 2010-07-08 18:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2010-07-07 22:01 . 2010-07-07 22:01 -------- d-sh--w- c:\documents and settings\Administrator\IECompatCache
2010-07-07 22:00 . 2010-07-07 22:00 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-07-07 21:54 . 2010-07-07 21:54 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-07-07 21:54 . 2010-07-07 21:54 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-07-07 21:50 . 2010-05-06 10:41 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-07-07 21:50 . 2010-05-06 10:41 599040 ------w- c:\windows\system32\dllcache\msfeeds.dll
2010-07-07 21:50 . 2010-05-06 10:41 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-07-07 21:50 . 2010-05-06 10:41 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-07-07 21:50 . 2010-05-06 10:41 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
2010-07-07 21:50 . 2010-05-06 10:41 11076096 ------w- c:\windows\system32\dllcache\ieframe.dll
2010-07-07 21:50 . 2010-05-06 10:41 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-07-07 21:50 . 2010-07-09 08:55 -------- d-----w- c:\windows\ie8updates
2010-07-07 21:50 . 2010-04-16 11:43 41984 ------w- c:\windows\system32\dllcache\iecompat.dll
2010-07-07 21:48 . 2010-07-14 05:24 -------- dc-h--w- c:\windows\ie8
2010-07-07 21:37 . 2010-07-07 21:37 -------- d-----w- c:\program files\MSXML 4.0
2010-07-07 21:35 . 2010-07-25 23:38 0 ----a-w- c:\windows\system32\drivers\AvgLdx86.sys
2010-07-07 21:32 . 2010-07-07 21:32 -------- d-----w- c:\program files\AVG
2010-07-07 21:32 . 2010-07-25 23:38 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-07-07 20:53 . 2009-12-09 05:53 726528 ----a-w- c:\windows\system32\dllcache\jscript.dll
2010-07-07 20:45 . 2010-07-07 20:45 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2010-07-07 20:27 . 2008-04-14 09:41 33792 ------w- c:\windows\system32\dllcache\custsat.dll
2010-07-07 20:18 . 2010-07-07 20:18 -------- d-----w- C:\b8ece5809c0fd30991
2010-07-07 20:17 . 2010-07-15 07:36 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2010-07-07 19:38 . 2010-07-24 06:13 -------- d-----w- c:\documents and settings\Administrator\Application Data\uTorrent
2010-07-07 19:35 . 2010-07-07 19:38 -------- d-----w- c:\documents and settings\Administrator\Application Data\vlc
2010-07-07 17:28 . 2010-07-07 17:28 -------- d-----w- C:\fbe043aec01c41f84736fda6
2010-07-07 17:23 . 2010-07-07 17:23 -------- d-----w- C:\d5af5285977b278886bd2d3c568d
2010-07-07 17:19 . 2010-07-07 17:19 -------- d-----w- C:\af2de2dc8273431b392f6cc2b9e7dee5
2010-07-07 17:15 . 2010-07-07 17:15 -------- d-----w- C:\a2c5c1d75b38396f7d1eb1
2010-07-07 17:11 . 2010-07-07 17:11 -------- d-----w- C:\f48d9db6b340e536f17c919d27
2010-07-07 05:52 . 2010-07-07 05:52 -------- d-----w- C:\7d9099d5a2f49dc54117327f7c50
2010-07-07 05:41 . 2010-07-07 05:41 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\IsolatedStorage
2010-07-07 05:41 . 2010-07-07 05:41 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\HP
2010-07-07 04:01 . 2010-07-07 04:01 -------- d-----w- c:\documents and settings\Administrator\Application Data\HP
2010-07-07 04:00 . 2010-07-07 04:00 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2010-07-07 03:58 . 2010-07-07 03:58 -------- d-----w- c:\program files\Common Files\Sonic Shared
2010-07-07 03:58 . 2010-07-07 03:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Sonic
2010-07-07 03:57 . 2010-07-07 03:58 -------- d-----w- c:\program files\Common Files\HP
2010-07-07 03:55 . 2010-07-07 03:55 -------- d-----w- c:\program files\Common Files\Hewlett-Packard
2010-07-07 03:54 . 2006-03-04 01:03 282680 ----a-w- c:\windows\system32\HPZidr12.dll
2010-07-07 03:54 . 2006-03-04 01:03 65536 ----a-w- c:\windows\system32\HPZinw12.exe
2010-07-07 03:54 . 2006-03-04 01:03 69632 ----a-w- c:\windows\system32\HPZipm12.exe
2010-07-07 03:54 . 2006-03-04 01:02 204800 ----a-w- c:\windows\system32\HPZipr12.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-23 16:16 . 2009-04-27 22:03 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-15 18:39 . 2009-04-27 21:35 74800 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-15 08:59 . 2009-05-01 19:21 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-14 20:36 . 2009-05-01 19:22 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-07-13 22:49 . 2010-07-09 06:32 1062184 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-07-13 22:49 . 2010-07-09 06:32 895256 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-07-12 05:51 . 2009-04-30 01:32 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL
2010-07-09 06:40 . 2010-07-09 06:40 49152 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
2010-07-09 06:40 . 2010-07-09 06:40 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
2010-07-09 06:40 . 2010-07-09 06:40 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
2010-07-09 06:40 . 2010-07-09 06:40 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
2010-07-09 06:40 . 2010-07-09 06:40 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
2010-07-09 06:40 . 2010-07-09 06:40 40960 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
2010-07-09 06:40 . 2010-07-09 06:40 341600 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
2010-07-09 06:40 . 2010-07-09 06:40 308808 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
2010-07-09 06:40 . 2010-07-09 06:40 14848 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
2010-07-09 06:40 . 2010-07-09 06:40 -------- d-----w- c:\program files\Common Files\xing shared
2010-07-09 06:32 . 2010-07-09 06:32 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-07-09 06:32 . 2010-07-09 06:32 57054 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSDesktopComponents\Uninstaller.exe
2010-07-09 06:32 . 2010-07-09 06:32 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
2010-07-09 06:32 . 2010-07-09 06:32 54166 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAVCDecoder\Uninstaller.exe
2010-07-09 06:32 . 2010-07-09 06:32 57532 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSASPDecoder\Uninstaller.exe
2010-07-09 06:32 . 2010-07-09 06:32 56458 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXDecoderShortcut\Uninstaller.exe
2010-07-09 06:32 . 2010-07-09 06:32 54174 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAACDecoder\Uninstaller.exe
2010-07-09 06:32 . 2010-07-09 06:32 57409 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe
2010-07-09 06:32 . 2010-07-09 06:32 52963 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-07-09 06:32 . 2010-07-09 06:32 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-07-09 06:32 . 2010-07-09 06:32 54073 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe
2010-07-09 06:32 . 2010-07-09 06:32 56969 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ASPEncoder\Uninstaller.exe
2010-07-07 22:43 . 2009-04-29 12:13 -------- d-----w- c:\program files\Microsoft SQL Server
2010-07-07 21:01 . 2009-04-29 11:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-07-07 20:48 . 2009-04-29 11:56 -------- d-----w- c:\program files\Microsoft Works
2010-07-07 20:30 . 2006-04-26 00:31 88207 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-07-07 04:59 . 2009-04-29 14:36 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-07-07 04:59 . 2009-04-29 14:44 -------- d-----w- c:\program files\McAfee
2010-07-07 04:00 . 2009-10-22 02:23 -------- d-----w- c:\program files\HP
2010-07-07 03:56 . 2009-04-27 22:02 -------- d-----w- c:\program files\Hewlett-Packard
2010-06-09 23:01 . 2005-08-19 07:00 45648 ----a-w- c:\windows\system32\drivers\pxhelp20.sys
2010-05-06 10:41 . 2004-08-04 07:56 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2004-08-04 06:17 1851264 ----a-w- c:\windows\system32\win32k.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-04 8466432]
"nwiz"="nwiz.exe" [2007-09-04 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-04 81920]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2007-07-23 77824]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2008-04-07 318488]
"SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 525824]
"Recguard"="c:\windows\Sminst\Recguard.exe" [2006-05-12 1138688]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2006-03-31 761856]
"Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-07-10 872448]
"D-Link Wireless G WUA-1340"="c:\program files\D-Link\Wireless G WUA-1340\AirGCFG.exe" [2007-08-27 1662976]
"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 49152]
"HostManager"="c:\program files\Common Files\AOL\1241055163\ee\AOLSoftware.exe" [2008-06-24 41824]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-07-09 202256]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-7-14 113664]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\SMINST\\Scheduler.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Common Files\\aol\\acs\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\aol\\acs\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\aol\\1241055163\\ee\\aolsoftware.exe"=
"c:\\Program Files\\AOL 9.1\\waol.exe"=
"c:\\Program Files\\Common Files\\aol\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\aol\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\aol\\System Information\\sinf.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"57465:TCP"= 57465:TCP:Pando Media Booster
"57465:UDP"= 57465:UDP:Pando Media Booster

R1 FSLX;FSLX;c:\windows\system32\drivers\fslx.sys [7/11/2008 5:44 PM 191872]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [4/27/2009 6:06 PM 576024]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 1:37 PM 517096]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [7/14/2010 5:46 AM 697328]
.
Contents of the 'Scheduled Tasks' folder

2010-07-25 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3669343903-3223389521-3351695587-500.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 07:02]

2010-07-23 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3669343903-3223389521-3351695587-500.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 07:02]
.
.
------- Supplementary Scan -------
.
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} - hxxp://panda-plugin.disney.go.com/plugi ... ctivex.cab
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-DAEMON Tools Lite - h:\program files\DAEMON Tools Lite\DTLite.exe
HKCU-Run-DAEMON Tools Pro Agent - f:\program files\DAEMON Tools Pro\DTAgent.exe
HKLM-Run-Malwarebytes Anti-Malware (reboot) - h:\program files\Malwarebytes' Anti-Malware\mbam.exe
SafeBoot-mcmscsvc
SafeBoot-MCODS
AddRemove-HijackThis - c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\G45E57RH\HijackThis.exe
AddRemove-Mabinogi - c:\program files\Nexon\Mabinogi\Mabinogi.exe
AddRemove-Malwarebytes' Anti-Malware_is1 - f:\program files\Malwarebytes' Anti-Malware\unins000.exe
AddRemove-SolveigMM AVI Trimmer - f:\program files\Solveig Multimedia\SolveigMM AVI Trimmer\Uninstall.exe
AddRemove-StepMania - h:\program files\StepMania\uninstall.exe
AddRemove-Usenet.nl_is1 - h:\program files\Usenet.nl\unins000.exe
AddRemove-Winamp - h:\program files\Winamp\UninstWA.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-25 19:56
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3669343903-3223389521-3351695587-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,15,38,be,84,9d,b6,a8,49,8d,24,32,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,15,38,be,84,9d,b6,a8,49,8d,24,32,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,15,38,be,84,9d,b6,a8,49,8d,24,32,\

[HKEY_USERS\S-1-5-21-3669343903-3223389521-3351695587-500\Software\SecuROM\License information*]
"datasecu"=hex:1e,84,04,31,01,e6,be,b1,aa,5e,65,45,13,60,86,e8,74,ba,09,b4,11,
b2,eb,70,a7,a7,7a,24,83,cc,af,4a,3c,80,78,65,81,2d,bf,e8,c3,dd,27,e7,90,94,\
"rkeysecu"=hex:c1,f5,d3,b7,c2,eb,41,b9,16,23,40,0b,76,3e,7b,fa
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3236)
c:\windows\system32\WININET.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\en-us\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\en-us\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
c:\program files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Microsoft ActiveSync\wcescomm.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\program files\HP\Digital Imaging\bin\hpqimzone.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
.
**************************************************************************
.
Completion time: 2010-07-25 20:01:42 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-26 00:01

Pre-Run: 174,993,674,240 bytes free
Post-Run: 174,866,190,336 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer

- - End Of File - - 0E943E8DC65A48129675F8CCE8BF09F8


Thanks again for taking the time to help fix my machine. Hopefully I won't need to come back, but if I do need help again this is where I'm going to come to get it. =]

EDIT: Windows Update is still unable to install Microsoft SQL Server 2005 Express Edition Service Pack 3 (KB955706), however this may be unimportant because I never use SQL.
664
Active Member
 
Posts: 5
Joined: July 20th, 2010, 5:19 am

Re: IE Malware

Unread postby jmw3 » July 25th, 2010, 9:03 pm

Hi

No problem..... Though not quite done yet. Give me a little time to go through this log. There is a couple of other things we need to do.
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia

Re: IE Malware

Unread postby jmw3 » July 25th, 2010, 9:15 pm

CFScript
Close any open browsers.
Open notepad and copy/paste the text in the code box below into it:

Code: Select all
DirLook::
C:\b8ece5809c0fd30991
C:\fbe043aec01c41f84736fda6
C:\d5af5285977b278886bd2d3c568d
C:\af2de2dc8273431b392f6cc2b9e7dee5
C:\a2c5c1d75b38396f7d1eb1
C:\f48d9db6b340e536f17c919d27
C:\7d9099d5a2f49dc54117327f7c50
Folder::
c:\documents and settings\Administrator\Application Data\uTorrent
DDS::
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
Trusted Zone: internet
Trusted Zone: mcafee.com
RegLock::
[HKEY_USERS\S-1-5-21-3669343903-3223389521-3351695587-500\Software\Microsoft\Internet Explorer\User Preferences]

Save this as CFScript.txt, in the same location as ComboFix.exe

Image

Refering to the picture above, drag CFScript into ComboFix.exe
If prompted by ComboFix to update, please do so
When finished, it shall produce a log for you at "C:\ComboFix.txt"
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall
A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


Update Java Runtime
You are using an old version of Java. Sun's Java is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version. For this reason, it's extremely important that you keep the program up to date, & also remove the older more vulnerable versions from your system. The most current version of Sun Java is: Java Runtime Environment Version 6 Update 21.
  • Download the latest version of Java Runtime Environment (JRE) 6 Here
  • Scroll down to where it says "JDK 6 Update 21 (JDK or JRE)"
  • Click the orange Download JRE button to the right
  • Select the Windows platform from the dropdown menu
  • Read the License Agreement and then check the box that says: "I agree to the Java SE Runtime Environment 6 with JavaFX License Agreement". Click on Continue.The page will refresh
  • Click on the link to download Windows Offline Installation & save the file to your desktop
  • Close any programs you may have running - especially your web browser
  • Go to Start > Settings > Control Panel, double-click on Add/Remove Programs & remove all older versions of Java
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java(TM) 6) in the name
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions
  • Reboot your computer once all Java components are removed
  • Then from your desktop double-click on jre-6u21-windows-i586.exe to install the newest version
  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
        Applications and Applets
        Trace and Log Files
    • Click OK on Delete Temporary Files Window
      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE
    • Click OK to leave the Temporary Files Window
    • Click OK to leave the Java Control Panel
Kaspersky Online Scan
Do an online scan with >Kaspersky Online Scanner<
  • Read through the requirements and privacy statement and click on Accept button
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run
  • When the downloads have finished, click on Settings
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan
  • Once the scan is complete, it will display the results. Click on View Scan Report
  • You will see a list of infected items there. Click on Save Report As...
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button
  • Please post this log in your next reply
Pictured tutorial if required.
This scan will take quite some time to update & scan, so be patient with it.

To post in next reply:
ComboFix log
Kaspersky Online scan log
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia

Re: IE Malware

Unread postby 664 » July 26th, 2010, 3:14 am

Ran scans as requested. Kaspersky took a long time to download and scan, almost 6 hours, but turned up with nothing.
Here are the logs:

ComboFix 10-07-24.04 - Administrator 07/25/2010 21:35:53.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2942.2366 [GMT -4:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Administrator\Application Data\uTorrent
c:\documents and settings\Administrator\Application Data\uTorrent\Aqua Teen Hunger Force - Seasons 1-5 + Extras.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\Aqua.Teen.Hunger.Force.Colon.Movie.Film.For.Theaters.DVDRip.XviD-DiAMOND.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\dht.dat
c:\documents and settings\Administrator\Application Data\uTorrent\dht.dat.old
c:\documents and settings\Administrator\Application Data\uTorrent\Ren & Stimpy Complete Episodes and Extras.torrent
c:\documents and settings\Administrator\Application Data\uTorrent\resume.dat
c:\documents and settings\Administrator\Application Data\uTorrent\resume.dat.old
c:\documents and settings\Administrator\Application Data\uTorrent\rss.dat
c:\documents and settings\Administrator\Application Data\uTorrent\rss.dat.old
c:\documents and settings\Administrator\Application Data\uTorrent\settings.dat
c:\documents and settings\Administrator\Application Data\uTorrent\settings.dat.old

.
((((((((((((((((((((((((( Files Created from 2010-06-26 to 2010-07-26 )))))))))))))))))))))))))))))))
.

2010-07-26 01:29 . 2010-07-26 01:29 -------- d-----w- c:\windows\system32\winrm
2010-07-26 01:29 . 2010-07-26 01:29 -------- dc-h--w- c:\windows\$968930Uinstall_KB968930$
2010-07-26 01:28 . 2010-07-26 01:28 -------- d-----w- c:\documents and settings\Administrator\Tracing
2010-07-26 01:28 . 2010-07-26 01:28 -------- d-----w- c:\program files\Microsoft Silverlight
2010-07-26 01:28 . 2010-04-28 11:44 54760 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys
2010-07-26 01:27 . 2010-07-26 01:27 -------- d-----w- c:\program files\Microsoft Sync Framework
2010-07-26 01:26 . 2010-07-26 01:26 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2010-07-26 01:23 . 2010-07-26 01:28 -------- d-----w- c:\program files\Microsoft
2010-07-26 01:23 . 2010-07-26 01:23 -------- d-----w- c:\program files\Windows Live SkyDrive
2010-07-26 01:22 . 2010-07-26 01:27 -------- d-----w- c:\program files\Windows Live
2010-07-26 01:04 . 2008-04-14 09:42 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2010-07-26 01:03 . 2010-07-26 01:03 -------- d-----w- c:\program files\Common Files\Windows Live
2010-07-26 00:56 . 2010-07-26 00:56 -------- d-----w- c:\program files\Windows Media Connect 2
2010-07-26 00:55 . 2010-07-26 00:56 -------- d-----w- c:\windows\system32\drivers\UMDF
2010-07-26 00:12 . 2010-06-14 14:31 744448 ------w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-26 00:10 . 2010-07-26 01:29 -------- d-----w- c:\windows\LastGood
2010-07-24 22:14 . 2010-07-24 22:14 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Turbine
2010-07-24 21:52 . 2010-07-24 21:52 -------- d-----w- c:\program files\Turbine
2010-07-24 06:28 . 2010-07-24 06:28 531 ----a-w- c:\windows\eReg.dat
2010-07-24 06:28 . 2010-07-24 06:28 -------- d-----w- c:\program files\Maxis
2010-07-24 05:04 . 2010-07-24 05:04 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Pro
2010-07-24 05:04 . 2010-07-24 06:24 -------- d-----w- c:\documents and settings\Administrator\Application Data\DAEMON Tools Pro
2010-07-24 02:37 . 2010-07-24 02:37 -------- d-----w- c:\windows\lhsp
2010-07-24 02:37 . 2010-07-24 02:37 -------- d-----w- c:\windows\speech
2010-07-24 02:37 . 2010-07-24 02:37 -------- d-----w- c:\program files\CFS-Technologies
2010-07-23 16:16 . 2010-07-23 16:16 -------- d-----w- c:\documents and settings\Administrator\Application Data\SPORE Creature Creator
2010-07-23 16:16 . 2010-07-23 16:16 -------- d-----w- c:\program files\Electronic Arts
2010-07-23 09:50 . 2010-07-23 09:50 21840 ----a-w- c:\windows\system32\SIntfNT.dll
2010-07-23 09:50 . 2010-07-23 09:50 17212 ----a-w- c:\windows\system32\SIntf32.dll
2010-07-23 09:50 . 2010-07-23 09:50 12067 ----a-w- c:\windows\system32\SIntf16.dll
2010-07-23 09:49 . 2010-07-23 09:49 -------- d-----w- c:\program files\directx
2010-07-23 09:47 . 2010-07-23 13:55 -------- d-----w- C:\Sierra
2010-07-23 05:14 . 2010-07-23 05:14 -------- d-----w- c:\program files\Common Files\Solveig Multimedia
2010-07-21 21:53 . 2010-07-21 21:53 -------- d-----w- c:\program files\Graboid
2010-07-21 09:18 . 2010-07-21 09:18 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\AOL
2010-07-20 08:38 . 2010-07-20 08:38 3584 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}\Icon386ED4E3.exe
2010-07-20 08:38 . 2010-07-20 08:38 -------- d-----w- c:\program files\Windows Installer Clean Up
2010-07-20 08:37 . 2010-07-20 08:37 -------- d-----w- c:\program files\MSECACHE
2010-07-20 06:40 . 2010-07-20 06:40 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-07-20 03:12 . 2010-07-20 07:22 -------- d-----w- c:\documents and settings\Administrator\Application Data\BitZipper
2010-07-19 08:53 . 2010-07-19 08:53 370070 ----a-r- c:\documents and settings\Administrator\Application Data\Microsoft\Installer\{EB2F05F5-3084-4E69-BC82-8C9A4FD82544}\_398F9337C093E54DC41F68.exe
2010-07-17 14:41 . 2010-07-17 14:41 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-07-16 19:14 . 2010-07-16 19:14 98304 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
2010-07-16 19:14 . 2010-07-16 19:14 765952 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGMDll.dll
2010-07-16 19:14 . 2010-07-16 19:14 401408 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGMResource.dll
2010-07-16 19:14 . 2010-07-16 19:14 258352 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\unicows.dll
2010-07-16 19:14 . 2010-07-16 19:14 172032 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\NGM.exe
2010-07-16 19:14 . 2010-07-16 19:14 126976 ----a-w- c:\documents and settings\All Users\Application Data\NexonUS\NGM\nxgameus.dll
2010-07-16 19:14 . 2010-07-16 19:14 -------- d-----w- c:\documents and settings\All Users\Application Data\NexonUS
2010-07-16 10:10 . 2010-07-16 20:00 -------- d-----w- c:\documents and settings\Administrator\Application Data\Orbit
2010-07-16 09:10 . 2010-07-16 09:10 -------- d-----w- C:\Nexon
2010-07-16 05:56 . 2010-07-25 00:01 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\PMB Files
2010-07-16 05:56 . 2010-07-24 11:01 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files
2010-07-16 05:54 . 2010-07-16 05:56 -------- d-----w- c:\program files\Pando Networks
2010-07-15 05:12 . 2010-07-21 07:31 -------- d-----w- c:\program files\Steam
2010-07-14 20:46 . 2010-07-20 07:45 -------- d-----w- c:\documents and settings\All Users\Application Data\regid.1986-12.com.adobe
2010-07-14 20:38 . 2010-07-14 20:38 -------- d-----w- c:\program files\Adobe Media Player
2010-07-14 09:46 . 2010-07-24 05:12 697328 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-07-14 09:45 . 2010-07-14 19:22 -------- d-----w- c:\documents and settings\Administrator\Application Data\DAEMON Tools Lite
2010-07-14 09:45 . 2010-07-14 09:45 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2010-07-14 08:04 . 2010-07-21 21:54 -------- d-----w- c:\documents and settings\Administrator\Application Data\Usenet.nl
2010-07-14 04:59 . 2010-07-14 04:59 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-07-14 04:59 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-07-14 04:59 . 2010-07-14 04:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-07-14 04:59 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-07-13 22:53 . 2010-07-13 22:53 56765 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe
2010-07-13 22:53 . 2010-07-13 22:53 57715 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe
2010-07-13 22:52 . 2010-07-13 22:52 84054 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TransferWizard\Uninstaller.exe
2010-07-13 22:52 . 2010-06-09 23:01 126448 ------w- c:\windows\system32\pxinsi64.exe
2010-07-13 22:52 . 2010-06-09 23:01 123888 ------w- c:\windows\system32\pxcpyi64.exe
2010-07-13 22:52 . 2010-07-13 22:52 54644 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TranscodeEngine\Uninstaller.exe
2010-07-13 22:52 . 2010-07-13 22:52 54153 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe
2010-07-13 22:52 . 2010-07-13 22:52 54101 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MPEG2Plugin\Uninstaller.exe
2010-07-12 23:26 . 2010-06-09 23:01 133616 ------w- c:\windows\system32\pxafs.dll
2010-07-12 23:25 . 2010-07-13 22:15 -------- d-----w- c:\documents and settings\Administrator\Application Data\Winamp
2010-07-12 17:38 . 2010-07-12 17:38 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-07-12 17:35 . 2010-07-12 17:35 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\AOL
2010-07-12 05:51 . 2010-07-12 05:52 -------- d-----w- c:\documents and settings\Administrator\Application Data\acccore
2010-07-12 05:51 . 2010-07-12 08:18 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\AIM
2010-07-12 05:51 . 2010-07-12 05:51 -------- d-----w- c:\documents and settings\All Users\Application Data\AIM
2010-07-12 05:50 . 2010-07-12 05:51 -------- d-----w- c:\program files\AIM
2010-07-12 05:50 . 2010-07-12 05:50 -------- d-----w- c:\program files\Common Files\Software Update Utility
2010-07-12 02:14 . 2010-07-12 02:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-07-12 02:14 . 2010-07-12 02:16 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-07-12 02:04 . 2010-07-12 02:04 -------- d-----w- c:\documents and settings\Administrator\Application Data\REAPER
2010-07-12 00:01 . 2010-07-12 00:01 0 ----a-w- c:\documents and settings\Administrator\Application Data\C38DA9566B8BEBE2BC990BF38E224A6B\070700Setup.exe
2010-07-12 00:01 . 2010-07-12 00:01 -------- d-----w- c:\documents and settings\Administrator\Application Data\C38DA9566B8BEBE2BC990BF38E224A6B
2010-07-09 06:39 . 2010-07-09 06:40 -------- d-----w- c:\program files\Real
2010-07-09 06:39 . 2010-07-09 06:40 -------- d-----w- c:\program files\Common Files\Real
2010-07-09 06:33 . 2010-07-13 22:55 -------- d-----w- c:\documents and settings\Administrator\Application Data\DivX
2010-07-09 06:30 . 2010-07-13 22:53 -------- d-----w- c:\program files\DivX
2010-07-09 06:30 . 2010-07-13 22:53 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX
2010-07-08 23:30 . 2010-07-08 23:30 0 ----a-w- c:\documents and settings\Administrator\jagex__preferences3.dat
2010-07-08 23:30 . 2010-07-16 05:37 99 ----a-w- c:\documents and settings\Administrator\jagex_runescape_preferences2.dat
2010-07-08 23:29 . 2010-07-16 03:16 46 ----a-w- c:\documents and settings\Administrator\jagex_runescape_preferences.dat
2010-07-08 23:28 . 2010-07-08 23:29 -------- d-----w- c:\windows\.jagex_cache_32
2010-07-08 20:49 . 2010-07-08 22:36 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Panda3D
2010-07-08 18:49 . 2010-07-08 18:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Office Genuine Advantage
2010-07-07 22:01 . 2010-07-07 22:01 -------- d-sh--w- c:\documents and settings\Administrator\IECompatCache
2010-07-07 22:00 . 2010-07-07 22:00 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE
2010-07-07 21:54 . 2010-07-07 21:54 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2010-07-07 21:54 . 2010-07-07 21:54 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache
2010-07-07 21:50 . 2010-05-06 10:41 12800 ------w- c:\windows\system32\dllcache\xpshims.dll
2010-07-07 21:50 . 2010-05-06 10:41 599040 ------w- c:\windows\system32\dllcache\msfeeds.dll
2010-07-07 21:50 . 2010-05-06 10:41 55296 ------w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-07-07 21:50 . 2010-05-06 10:41 247808 ------w- c:\windows\system32\dllcache\ieproxy.dll
2010-07-07 21:50 . 2010-05-06 10:41 1985536 ------w- c:\windows\system32\dllcache\iertutil.dll
2010-07-07 21:50 . 2010-05-06 10:41 11076096 ------w- c:\windows\system32\dllcache\ieframe.dll
2010-07-07 21:50 . 2010-05-06 10:41 743424 ------w- c:\windows\system32\dllcache\iedvtool.dll
2010-07-07 21:50 . 2010-07-09 08:55 -------- d-----w- c:\windows\ie8updates
2010-07-07 21:50 . 2010-04-16 11:43 41984 ------w- c:\windows\system32\dllcache\iecompat.dll
2010-07-07 21:48 . 2010-07-14 05:24 -------- dc-h--w- c:\windows\ie8
2010-07-07 21:37 . 2010-07-07 21:37 -------- d-----w- c:\program files\MSXML 4.0
2010-07-07 21:35 . 2010-07-25 23:38 0 ----a-w- c:\windows\system32\drivers\AvgLdx86.sys
2010-07-07 21:32 . 2010-07-07 21:32 -------- d-----w- c:\program files\AVG
2010-07-07 21:32 . 2010-07-26 00:32 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-07-07 20:53 . 2009-12-09 05:53 726528 ----a-w- c:\windows\system32\dllcache\jscript.dll
2010-07-07 20:45 . 2010-07-07 20:45 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2010-07-07 20:27 . 2008-04-14 09:41 33792 ------w- c:\windows\system32\dllcache\custsat.dll
2010-07-07 20:18 . 2010-07-07 20:18 -------- d-----w- C:\b8ece5809c0fd30991
2010-07-07 20:17 . 2010-07-15 07:36 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2010-07-07 19:35 . 2010-07-07 19:38 -------- d-----w- c:\documents and settings\Administrator\Application Data\vlc
2010-07-07 17:28 . 2010-07-07 17:28 -------- d-----w- C:\fbe043aec01c41f84736fda6
2010-07-07 17:23 . 2010-07-07 17:23 -------- d-----w- C:\d5af5285977b278886bd2d3c568d
2010-07-07 17:19 . 2010-07-07 17:19 -------- d-----w- C:\af2de2dc8273431b392f6cc2b9e7dee5

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-26 01:30 . 2009-04-29 11:56 -------- d-----w- c:\program files\Microsoft.NET
2010-07-26 00:58 . 2009-04-29 11:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-07-26 00:17 . 2009-04-29 12:13 -------- d-----w- c:\program files\Microsoft SQL Server
2010-07-23 16:16 . 2009-04-27 22:03 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-15 18:39 . 2009-04-27 21:35 74800 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-07-15 08:59 . 2009-05-01 19:21 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-14 20:36 . 2009-05-01 19:22 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-07-13 22:49 . 2010-07-09 06:32 1062184 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll
2010-07-13 22:49 . 2010-07-09 06:32 895256 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe
2010-07-12 05:51 . 2009-04-30 01:32 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL
2010-07-09 06:40 . 2010-07-09 06:40 49152 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll
2010-07-09 06:40 . 2010-07-09 06:40 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll
2010-07-09 06:40 . 2010-07-09 06:40 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll
2010-07-09 06:40 . 2010-07-09 06:40 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll
2010-07-09 06:40 . 2010-07-09 06:40 45056 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll
2010-07-09 06:40 . 2010-07-09 06:40 40960 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll
2010-07-09 06:40 . 2010-07-09 06:40 341600 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
2010-07-09 06:40 . 2010-07-09 06:40 308808 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll
2010-07-09 06:40 . 2010-07-09 06:40 14848 ----a-w- c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
2010-07-09 06:40 . 2010-07-09 06:40 -------- d-----w- c:\program files\Common Files\xing shared
2010-07-09 06:32 . 2010-07-09 06:32 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll
2010-07-09 06:32 . 2010-07-09 06:32 57054 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSDesktopComponents\Uninstaller.exe
2010-07-09 06:32 . 2010-07-09 06:32 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe
2010-07-09 06:32 . 2010-07-09 06:32 54166 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAVCDecoder\Uninstaller.exe
2010-07-09 06:32 . 2010-07-09 06:32 57532 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSASPDecoder\Uninstaller.exe
2010-07-09 06:32 . 2010-07-09 06:32 56458 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXDecoderShortcut\Uninstaller.exe
2010-07-09 06:32 . 2010-07-09 06:32 54174 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAACDecoder\Uninstaller.exe
2010-07-09 06:32 . 2010-07-09 06:32 57409 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe
2010-07-09 06:32 . 2010-07-09 06:32 52963 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe
2010-07-09 06:32 . 2010-07-09 06:32 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-07-09 06:32 . 2010-07-09 06:32 54073 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe
2010-07-09 06:32 . 2010-07-09 06:32 56969 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ASPEncoder\Uninstaller.exe
2010-07-07 20:48 . 2009-04-29 11:56 -------- d-----w- c:\program files\Microsoft Works
2010-07-07 20:30 . 2006-04-26 00:31 88207 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-07-07 04:59 . 2009-04-29 14:36 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-07-07 04:59 . 2009-04-29 14:44 -------- d-----w- c:\program files\McAfee
2010-07-07 04:00 . 2009-10-22 02:23 -------- d-----w- c:\program files\HP
2010-07-07 03:56 . 2009-04-27 22:02 -------- d-----w- c:\program files\Hewlett-Packard
2010-06-14 14:31 . 2004-08-04 07:56 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-09 23:01 . 2005-08-19 07:00 45648 ----a-w- c:\windows\system32\drivers\pxhelp20.sys
2010-05-06 10:41 . 2004-08-04 07:56 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2004-08-04 06:17 1851264 ----a-w- c:\windows\system32\win32k.sys
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of C:\7d9099d5a2f49dc54117327f7c50 ----

2010-07-07 05:52 . 2010-07-07 05:52 788 ---ha-w- c:\7d9099d5a2f49dc54117327f7c50\$shtdwn$.req
2008-11-26 20:40 . 2008-11-26 20:40 57393504 ----a-w- c:\7d9099d5a2f49dc54117327f7c50\hotfixexpress\files\sqlexpr.exe
2008-11-26 02:12 . 2008-11-26 02:12 2076 ----a-w- c:\7d9099d5a2f49dc54117327f7c50\hotfixexpress.inf
2008-11-26 02:12 . 2008-11-26 02:12 534 ----a-w- c:\7d9099d5a2f49dc54117327f7c50\master.inf
2008-11-25 03:26 . 2008-11-25 03:26 51552 ----a-w- c:\7d9099d5a2f49dc54117327f7c50\osql.exe
2008-11-25 03:25 . 2008-11-25 03:25 2539872 ----a-w- c:\7d9099d5a2f49dc54117327f7c50\hotfix.exe
2008-11-25 03:25 . 2008-11-25 03:25 53600 ----a-w- c:\7d9099d5a2f49dc54117327f7c50\1033\hotfix.rll
2008-11-25 03:25 . 2008-11-25 03:25 61280 ----a-w- c:\7d9099d5a2f49dc54117327f7c50\1033\sqlse.rll
2008-11-25 03:14 . 2008-11-25 03:14 125280 ----a-w- c:\7d9099d5a2f49dc54117327f7c50\batchparser90.dll
2008-11-25 02:31 . 2008-11-25 02:31 227680 ----a-w- c:\7d9099d5a2f49dc54117327f7c50\sqlsetupvista.dll
2008-11-25 02:31 . 2008-11-25 02:31 141664 ----a-w- c:\7d9099d5a2f49dc54117327f7c50\sqlcmd.exe
2008-11-25 02:31 . 2008-11-25 02:31 530784 ----a-w- c:\7d9099d5a2f49dc54117327f7c50\sqldiscoveryapi.dll
2008-11-25 02:14 . 2008-11-25 02:14 24928 ----a-w- c:\7d9099d5a2f49dc54117327f7c50\sqlcmd.rll
2008-11-21 22:37 . 2008-11-21 22:37 2432 ----a-w- c:\7d9099d5a2f49dc54117327f7c50\1033\eula.txt
2008-11-21 22:37 . 2008-11-21 22:37 844 ----a-w- c:\7d9099d5a2f49dc54117327f7c50\1033\finalsql2005information.rtf
2008-11-21 22:37 . 2008-11-21 22:37 116106 ----a-w- c:\7d9099d5a2f49dc54117327f7c50\1033\sqlhotfix.chm
2005-10-14 06:44 . 2005-10-14 06:44 15064 ----a-w- c:\7d9099d5a2f49dc54117327f7c50\osql.rll
2005-10-14 03:26 . 2005-10-14 03:26 548864 ----a-w- c:\7d9099d5a2f49dc54117327f7c50\msvcp80.dll
2005-10-14 03:26 . 2005-10-14 03:26 626688 ----a-w- c:\7d9099d5a2f49dc54117327f7c50\msvcr80.dll

---- Directory of C:\a2c5c1d75b38396f7d1eb1 ----

2010-07-07 17:15 . 2010-07-07 17:15 788 ---ha-w- c:\a2c5c1d75b38396f7d1eb1\$shtdwn$.req
2008-11-26 20:40 . 2008-11-26 20:40 57393504 ----a-w- c:\a2c5c1d75b38396f7d1eb1\hotfixexpress\files\sqlexpr.exe
2008-11-26 02:12 . 2008-11-26 02:12 2076 ----a-w- c:\a2c5c1d75b38396f7d1eb1\hotfixexpress.inf
2008-11-26 02:12 . 2008-11-26 02:12 534 ----a-w- c:\a2c5c1d75b38396f7d1eb1\master.inf
2008-11-25 03:26 . 2008-11-25 03:26 51552 ----a-w- c:\a2c5c1d75b38396f7d1eb1\osql.exe
2008-11-25 03:25 . 2008-11-25 03:25 2539872 ----a-w- c:\a2c5c1d75b38396f7d1eb1\hotfix.exe
2008-11-25 03:25 . 2008-11-25 03:25 53600 ----a-w- c:\a2c5c1d75b38396f7d1eb1\1033\hotfix.rll
2008-11-25 03:25 . 2008-11-25 03:25 61280 ----a-w- c:\a2c5c1d75b38396f7d1eb1\1033\sqlse.rll
2008-11-25 03:14 . 2008-11-25 03:14 125280 ----a-w- c:\a2c5c1d75b38396f7d1eb1\batchparser90.dll
2008-11-25 02:31 . 2008-11-25 02:31 227680 ----a-w- c:\a2c5c1d75b38396f7d1eb1\sqlsetupvista.dll
2008-11-25 02:31 . 2008-11-25 02:31 141664 ----a-w- c:\a2c5c1d75b38396f7d1eb1\sqlcmd.exe
2008-11-25 02:31 . 2008-11-25 02:31 530784 ----a-w- c:\a2c5c1d75b38396f7d1eb1\sqldiscoveryapi.dll
2008-11-25 02:14 . 2008-11-25 02:14 24928 ----a-w- c:\a2c5c1d75b38396f7d1eb1\sqlcmd.rll
2008-11-21 22:37 . 2008-11-21 22:37 2432 ----a-w- c:\a2c5c1d75b38396f7d1eb1\1033\eula.txt
2008-11-21 22:37 . 2008-11-21 22:37 844 ----a-w- c:\a2c5c1d75b38396f7d1eb1\1033\finalsql2005information.rtf
2008-11-21 22:37 . 2008-11-21 22:37 116106 ----a-w- c:\a2c5c1d75b38396f7d1eb1\1033\sqlhotfix.chm
2005-10-14 06:44 . 2005-10-14 06:44 15064 ----a-w- c:\a2c5c1d75b38396f7d1eb1\osql.rll
2005-10-14 03:26 . 2005-10-14 03:26 548864 ----a-w- c:\a2c5c1d75b38396f7d1eb1\msvcp80.dll
2005-10-14 03:26 . 2005-10-14 03:26 626688 ----a-w- c:\a2c5c1d75b38396f7d1eb1\msvcr80.dll

---- Directory of C:\af2de2dc8273431b392f6cc2b9e7dee5 ----

2010-07-07 17:19 . 2010-07-07 17:19 788 ---ha-w- c:\af2de2dc8273431b392f6cc2b9e7dee5\$shtdwn$.req
2008-11-26 20:40 . 2008-11-26 20:40 57393504 ----a-w- c:\af2de2dc8273431b392f6cc2b9e7dee5\hotfixexpress\files\sqlexpr.exe
2008-11-26 02:12 . 2008-11-26 02:12 2076 ----a-w- c:\af2de2dc8273431b392f6cc2b9e7dee5\hotfixexpress.inf
2008-11-26 02:12 . 2008-11-26 02:12 534 ----a-w- c:\af2de2dc8273431b392f6cc2b9e7dee5\master.inf
2008-11-25 03:26 . 2008-11-25 03:26 51552 ----a-w- c:\af2de2dc8273431b392f6cc2b9e7dee5\osql.exe
2008-11-25 03:25 . 2008-11-25 03:25 2539872 ----a-w- c:\af2de2dc8273431b392f6cc2b9e7dee5\hotfix.exe
2008-11-25 03:25 . 2008-11-25 03:25 53600 ----a-w- c:\af2de2dc8273431b392f6cc2b9e7dee5\1033\hotfix.rll
2008-11-25 03:25 . 2008-11-25 03:25 61280 ----a-w- c:\af2de2dc8273431b392f6cc2b9e7dee5\1033\sqlse.rll
2008-11-25 03:14 . 2008-11-25 03:14 125280 ----a-w- c:\af2de2dc8273431b392f6cc2b9e7dee5\batchparser90.dll
2008-11-25 02:31 . 2008-11-25 02:31 227680 ----a-w- c:\af2de2dc8273431b392f6cc2b9e7dee5\sqlsetupvista.dll
2008-11-25 02:31 . 2008-11-25 02:31 141664 ----a-w- c:\af2de2dc8273431b392f6cc2b9e7dee5\sqlcmd.exe
2008-11-25 02:31 . 2008-11-25 02:31 530784 ----a-w- c:\af2de2dc8273431b392f6cc2b9e7dee5\sqldiscoveryapi.dll
2008-11-25 02:14 . 2008-11-25 02:14 24928 ----a-w- c:\af2de2dc8273431b392f6cc2b9e7dee5\sqlcmd.rll
2008-11-21 22:37 . 2008-11-21 22:37 2432 ----a-w- c:\af2de2dc8273431b392f6cc2b9e7dee5\1033\eula.txt
2008-11-21 22:37 . 2008-11-21 22:37 844 ----a-w- c:\af2de2dc8273431b392f6cc2b9e7dee5\1033\finalsql2005information.rtf
2008-11-21 22:37 . 2008-11-21 22:37 116106 ----a-w- c:\af2de2dc8273431b392f6cc2b9e7dee5\1033\sqlhotfix.chm
2005-10-14 06:44 . 2005-10-14 06:44 15064 ----a-w- c:\af2de2dc8273431b392f6cc2b9e7dee5\osql.rll
2005-10-14 03:26 . 2005-10-14 03:26 548864 ----a-w- c:\af2de2dc8273431b392f6cc2b9e7dee5\msvcp80.dll
2005-10-14 03:26 . 2005-10-14 03:26 626688 ----a-w- c:\af2de2dc8273431b392f6cc2b9e7dee5\msvcr80.dll

---- Directory of C:\b8ece5809c0fd30991 ----

2010-07-07 20:18 . 2010-07-07 20:18 788 ---ha-w- c:\b8ece5809c0fd30991\$shtdwn$.req
2008-11-26 20:40 . 2008-11-26 20:40 57393504 ----a-w- c:\b8ece5809c0fd30991\hotfixexpress\files\sqlexpr.exe
2008-11-26 02:12 . 2008-11-26 02:12 2076 ----a-w- c:\b8ece5809c0fd30991\hotfixexpress.inf
2008-11-26 02:12 . 2008-11-26 02:12 534 ----a-w- c:\b8ece5809c0fd30991\master.inf
2008-11-25 03:26 . 2008-11-25 03:26 51552 ----a-w- c:\b8ece5809c0fd30991\osql.exe
2008-11-25 03:25 . 2008-11-25 03:25 2539872 ----a-w- c:\b8ece5809c0fd30991\hotfix.exe
2008-11-25 03:25 . 2008-11-25 03:25 53600 ----a-w- c:\b8ece5809c0fd30991\1033\hotfix.rll
2008-11-25 03:25 . 2008-11-25 03:25 61280 ----a-w- c:\b8ece5809c0fd30991\1033\sqlse.rll
2008-11-25 03:14 . 2008-11-25 03:14 125280 ----a-w- c:\b8ece5809c0fd30991\batchparser90.dll
2008-11-25 02:31 . 2008-11-25 02:31 227680 ----a-w- c:\b8ece5809c0fd30991\sqlsetupvista.dll
2008-11-25 02:31 . 2008-11-25 02:31 141664 ----a-w- c:\b8ece5809c0fd30991\sqlcmd.exe
2008-11-25 02:31 . 2008-11-25 02:31 530784 ----a-w- c:\b8ece5809c0fd30991\sqldiscoveryapi.dll
2008-11-25 02:14 . 2008-11-25 02:14 24928 ----a-w- c:\b8ece5809c0fd30991\sqlcmd.rll
2008-11-21 22:37 . 2008-11-21 22:37 2432 ----a-w- c:\b8ece5809c0fd30991\1033\eula.txt
2008-11-21 22:37 . 2008-11-21 22:37 844 ----a-w- c:\b8ece5809c0fd30991\1033\finalsql2005information.rtf
2008-11-21 22:37 . 2008-11-21 22:37 116106 ----a-w- c:\b8ece5809c0fd30991\1033\sqlhotfix.chm
2005-10-14 06:44 . 2005-10-14 06:44 15064 ----a-w- c:\b8ece5809c0fd30991\osql.rll
2005-10-14 03:26 . 2005-10-14 03:26 548864 ----a-w- c:\b8ece5809c0fd30991\msvcp80.dll
2005-10-14 03:26 . 2005-10-14 03:26 626688 ----a-w- c:\b8ece5809c0fd30991\msvcr80.dll

---- Directory of C:\d5af5285977b278886bd2d3c568d ----

2010-07-07 17:23 . 2010-07-07 17:23 788 ---ha-w- c:\d5af5285977b278886bd2d3c568d\$shtdwn$.req
2008-11-26 20:40 . 2008-11-26 20:40 57393504 ----a-w- c:\d5af5285977b278886bd2d3c568d\hotfixexpress\files\sqlexpr.exe
2008-11-26 02:12 . 2008-11-26 02:12 2076 ----a-w- c:\d5af5285977b278886bd2d3c568d\hotfixexpress.inf
2008-11-26 02:12 . 2008-11-26 02:12 534 ----a-w- c:\d5af5285977b278886bd2d3c568d\master.inf
2008-11-25 03:26 . 2008-11-25 03:26 51552 ----a-w- c:\d5af5285977b278886bd2d3c568d\osql.exe
2008-11-25 03:25 . 2008-11-25 03:25 2539872 ----a-w- c:\d5af5285977b278886bd2d3c568d\hotfix.exe
2008-11-25 03:25 . 2008-11-25 03:25 53600 ----a-w- c:\d5af5285977b278886bd2d3c568d\1033\hotfix.rll
2008-11-25 03:25 . 2008-11-25 03:25 61280 ----a-w- c:\d5af5285977b278886bd2d3c568d\1033\sqlse.rll
2008-11-25 03:14 . 2008-11-25 03:14 125280 ----a-w- c:\d5af5285977b278886bd2d3c568d\batchparser90.dll
2008-11-25 02:31 . 2008-11-25 02:31 227680 ----a-w- c:\d5af5285977b278886bd2d3c568d\sqlsetupvista.dll
2008-11-25 02:31 . 2008-11-25 02:31 141664 ----a-w- c:\d5af5285977b278886bd2d3c568d\sqlcmd.exe
2008-11-25 02:31 . 2008-11-25 02:31 530784 ----a-w- c:\d5af5285977b278886bd2d3c568d\sqldiscoveryapi.dll
2008-11-25 02:14 . 2008-11-25 02:14 24928 ----a-w- c:\d5af5285977b278886bd2d3c568d\sqlcmd.rll
2008-11-21 22:37 . 2008-11-21 22:37 2432 ----a-w- c:\d5af5285977b278886bd2d3c568d\1033\eula.txt
2008-11-21 22:37 . 2008-11-21 22:37 844 ----a-w- c:\d5af5285977b278886bd2d3c568d\1033\finalsql2005information.rtf
2008-11-21 22:37 . 2008-11-21 22:37 116106 ----a-w- c:\d5af5285977b278886bd2d3c568d\1033\sqlhotfix.chm
2005-10-14 06:44 . 2005-10-14 06:44 15064 ----a-w- c:\d5af5285977b278886bd2d3c568d\osql.rll
2005-10-14 03:26 . 2005-10-14 03:26 548864 ----a-w- c:\d5af5285977b278886bd2d3c568d\msvcp80.dll
2005-10-14 03:26 . 2005-10-14 03:26 626688 ----a-w- c:\d5af5285977b278886bd2d3c568d\msvcr80.dll

---- Directory of C:\f48d9db6b340e536f17c919d27 ----

2010-07-07 17:11 . 2010-07-07 17:11 788 ---ha-w- c:\f48d9db6b340e536f17c919d27\$shtdwn$.req
2008-11-26 20:40 . 2008-11-26 20:40 57393504 ----a-w- c:\f48d9db6b340e536f17c919d27\hotfixexpress\files\sqlexpr.exe
2008-11-26 02:12 . 2008-11-26 02:12 2076 ----a-w- c:\f48d9db6b340e536f17c919d27\hotfixexpress.inf
2008-11-26 02:12 . 2008-11-26 02:12 534 ----a-w- c:\f48d9db6b340e536f17c919d27\master.inf
2008-11-25 03:26 . 2008-11-25 03:26 51552 ----a-w- c:\f48d9db6b340e536f17c919d27\osql.exe
2008-11-25 03:25 . 2008-11-25 03:25 2539872 ----a-w- c:\f48d9db6b340e536f17c919d27\hotfix.exe
2008-11-25 03:25 . 2008-11-25 03:25 53600 ----a-w- c:\f48d9db6b340e536f17c919d27\1033\hotfix.rll
2008-11-25 03:25 . 2008-11-25 03:25 61280 ----a-w- c:\f48d9db6b340e536f17c919d27\1033\sqlse.rll
2008-11-25 03:14 . 2008-11-25 03:14 125280 ----a-w- c:\f48d9db6b340e536f17c919d27\batchparser90.dll
2008-11-25 02:31 . 2008-11-25 02:31 227680 ----a-w- c:\f48d9db6b340e536f17c919d27\sqlsetupvista.dll
2008-11-25 02:31 . 2008-11-25 02:31 141664 ----a-w- c:\f48d9db6b340e536f17c919d27\sqlcmd.exe
2008-11-25 02:31 . 2008-11-25 02:31 530784 ----a-w- c:\f48d9db6b340e536f17c919d27\sqldiscoveryapi.dll
2008-11-25 02:14 . 2008-11-25 02:14 24928 ----a-w- c:\f48d9db6b340e536f17c919d27\sqlcmd.rll
2008-11-21 22:37 . 2008-11-21 22:37 2432 ----a-w- c:\f48d9db6b340e536f17c919d27\1033\eula.txt
2008-11-21 22:37 . 2008-11-21 22:37 844 ----a-w- c:\f48d9db6b340e536f17c919d27\1033\finalsql2005information.rtf
2008-11-21 22:37 . 2008-11-21 22:37 116106 ----a-w- c:\f48d9db6b340e536f17c919d27\1033\sqlhotfix.chm
2005-10-14 06:44 . 2005-10-14 06:44 15064 ----a-w- c:\f48d9db6b340e536f17c919d27\osql.rll
2005-10-14 03:26 . 2005-10-14 03:26 548864 ----a-w- c:\f48d9db6b340e536f17c919d27\msvcp80.dll
2005-10-14 03:26 . 2005-10-14 03:26 626688 ----a-w- c:\f48d9db6b340e536f17c919d27\msvcr80.dll

---- Directory of C:\fbe043aec01c41f84736fda6 ----

2010-07-07 17:28 . 2010-07-07 17:28 788 ---ha-w- c:\fbe043aec01c41f84736fda6\$shtdwn$.req
2008-11-26 20:40 . 2008-11-26 20:40 57393504 ----a-w- c:\fbe043aec01c41f84736fda6\hotfixexpress\files\sqlexpr.exe
2008-11-26 02:12 . 2008-11-26 02:12 2076 ----a-w- c:\fbe043aec01c41f84736fda6\hotfixexpress.inf
2008-11-26 02:12 . 2008-11-26 02:12 534 ----a-w- c:\fbe043aec01c41f84736fda6\master.inf
2008-11-25 03:26 . 2008-11-25 03:26 51552 ----a-w- c:\fbe043aec01c41f84736fda6\osql.exe
2008-11-25 03:25 . 2008-11-25 03:25 2539872 ----a-w- c:\fbe043aec01c41f84736fda6\hotfix.exe
2008-11-25 03:25 . 2008-11-25 03:25 53600 ----a-w- c:\fbe043aec01c41f84736fda6\1033\hotfix.rll
2008-11-25 03:25 . 2008-11-25 03:25 61280 ----a-w- c:\fbe043aec01c41f84736fda6\1033\sqlse.rll
2008-11-25 03:14 . 2008-11-25 03:14 125280 ----a-w- c:\fbe043aec01c41f84736fda6\batchparser90.dll
2008-11-25 02:31 . 2008-11-25 02:31 227680 ----a-w- c:\fbe043aec01c41f84736fda6\sqlsetupvista.dll
2008-11-25 02:31 . 2008-11-25 02:31 141664 ----a-w- c:\fbe043aec01c41f84736fda6\sqlcmd.exe
2008-11-25 02:31 . 2008-11-25 02:31 530784 ----a-w- c:\fbe043aec01c41f84736fda6\sqldiscoveryapi.dll
2008-11-25 02:14 . 2008-11-25 02:14 24928 ----a-w- c:\fbe043aec01c41f84736fda6\sqlcmd.rll
2008-11-21 22:37 . 2008-11-21 22:37 2432 ----a-w- c:\fbe043aec01c41f84736fda6\1033\eula.txt
2008-11-21 22:37 . 2008-11-21 22:37 844 ----a-w- c:\fbe043aec01c41f84736fda6\1033\finalsql2005information.rtf
2008-11-21 22:37 . 2008-11-21 22:37 116106 ----a-w- c:\fbe043aec01c41f84736fda6\1033\sqlhotfix.chm
2005-10-14 06:44 . 2005-10-14 06:44 15064 ----a-w- c:\fbe043aec01c41f84736fda6\osql.rll
2005-10-14 03:26 . 2005-10-14 03:26 548864 ----a-w- c:\fbe043aec01c41f84736fda6\msvcp80.dll
2005-10-14 03:26 . 2005-10-14 03:26 626688 ----a-w- c:\fbe043aec01c41f84736fda6\msvcr80.dll


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2010-04-17 3872080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-04 8466432]
"nwiz"="nwiz.exe" [2007-09-04 1626112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-04 81920]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2007-07-23 77824]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2008-04-07 318488]
"SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 525824]
"Recguard"="c:\windows\Sminst\Recguard.exe" [2006-05-12 1138688]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2006-03-31 761856]
"Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-07-10 872448]
"D-Link Wireless G WUA-1340"="c:\program files\D-Link\Wireless G WUA-1340\AirGCFG.exe" [2007-08-27 1662976]
"ANIWZCS2Service"="c:\program files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2007-01-19 49152]
"HostManager"="c:\program files\Common Files\AOL\1241055163\ee\AOLSoftware.exe" [2008-06-24 41824]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-06-03 1144104]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-07-09 202256]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2010-7-14 113664]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
HP Photosmart Premier Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2006-2-10 73728]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\SMINST\\Scheduler.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Common Files\\aol\\acs\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\aol\\acs\\AOLacsd.exe"=
"c:\\Program Files\\Common Files\\aol\\1241055163\\ee\\aolsoftware.exe"=
"c:\\Program Files\\AOL 9.1\\waol.exe"=
"c:\\Program Files\\Common Files\\aol\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\aol\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\aol\\System Information\\sinf.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"57465:TCP"= 57465:TCP:Pando Media Booster
"57465:UDP"= 57465:UDP:Pando Media Booster
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management

R1 FSLX;FSLX;c:\windows\system32\drivers\fslx.sys [7/11/2008 5:44 PM 191872]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [4/27/2009 6:06 PM 576024]
S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [7/14/2010 5:46 AM 697328]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 1:37 PM 517096]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/4/2004 3:56 AM 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - CLR_OPTIMIZATION_V4.0.30319_32
*NewlyCreated* - SEAPORT
*NewlyCreated* - SQLBROWSER
*NewlyCreated* - UPNPHOST

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WINRM REG_MULTI_SZ WINRM
.
Contents of the 'Scheduled Tasks' folder

2010-07-25 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3669343903-3223389521-3351695587-500.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 07:02]

2010-07-23 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3669343903-3223389521-3351695587-500.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2010-06-03 07:02]
.
.
------- Supplementary Scan -------
.
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM
DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} - hxxp://panda-plugin.disney.go.com/plugi ... ctivex.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-25 21:40
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3669343903-3223389521-3351695587-500\Software\SecuROM\License information*]
"datasecu"=hex:1e,84,04,31,01,e6,be,b1,aa,5e,65,45,13,60,86,e8,74,ba,09,b4,11,
b2,eb,70,a7,a7,7a,24,83,cc,af,4a,3c,80,78,65,81,2d,bf,e8,c3,dd,27,e7,90,94,\
"rkeysecu"=hex:c1,f5,d3,b7,c2,eb,41,b9,16,23,40,0b,76,3e,7b,fa
.
Completion time: 2010-07-25 21:41:46
ComboFix-quarantined-files.txt 2010-07-26 01:41
ComboFix2.txt 2010-07-26 00:01

Pre-Run: 173,020,635,136 bytes free
Post-Run: 173,122,953,216 bytes free

- - End Of File - - 2CA7A2B80601D595DE32F110FF048BD5





--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Monday, July 26, 2010
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Sunday, July 25, 2010 19:40:20
Records in database: 4212259
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
G:\
H:\
I:\

Scan statistics:
Objects scanned: 95213
Threats found: 0
Infected objects found: 0
Suspicious objects found: 0
Scan duration: 04:29:53

No threats found. Scanned area is clean.

Selected area has been scanned.
664
Active Member
 
Posts: 5
Joined: July 20th, 2010, 5:19 am

Re: IE Malware

Unread postby jmw3 » July 26th, 2010, 9:17 am

Hi

Logs look good.

EDIT: Windows Update is still unable to install Microsoft SQL Server 2005 Express Edition Service Pack 3 (KB955706), however this may be unimportant because I never use SQL.
After doing some research on this, it appears to be a known problem:

You've run into a problem that is created by Windows XP SP3 and at the moment I don't have a resolution for you other than...

1. Install on Windows XP SP2 before upgrading to SP3.
2. Ensure that the language of SQL matches the language of your OS.

The problem is that Windows has decided to put msxml6 under System File Protection for SP3, and this change conflicts with the pre-existing requirements of installing SQL Server. In your specific case (at least Zosimo's case) the issue is related to installing a different language of SQL than the OS you have. During installation msxml64.dll attempts to make a language change that is not allowed under System File Protection.
Source: http://social.msdn.microsoft.com/Forums ... 19be504715

Apparently a work around is to uninstall XP Service Pack 3, install that update, then re-install SP3. In your case that would be a little excessive for something that you don't use. So personally I wouldn't worry about it.

Clean Up
Now we need to clear out the programs we've been using to clean up your computer, they are not suitable for general malware removal and could cause damage if used inappropriately.
Remove ComboFix
The following will implement some cleanup procedures as well as reset System Restore points:
Click Start > Run then copy/paste the following bolded text into the Run box and click OK:
ComboFix /Uninstall
OTC
Download OTC by Old Timer here & save it to your desktop.
Double click on OTC.exe. Click on CleanUp!.
You will receive a prompt that it needs to restart the computer to remove the files. Click Yes.
It will restart your computer automatically. If it doesn't, please restart your computer manually.
You can delete the following from your desktop:
TFC.exe
The Gmer.exe file (it will be randomly named .exe file)
Any logs that may have been saved to your desktop

You should also remove HijackThis. You can do this by going to Add or Remove Programs

Let me know of any other issuse before we wrap this up.
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia

Re: IE Malware

Unread postby 664 » July 26th, 2010, 5:53 pm

Cleaned everything up, and the computer is running just fine.

I don't have any other malware issues, but I have been running AVG on this computer and so far I'm very disappointed with it. Is there anything else worth downloading nowadays, preferably for Windows users that are a little more advance than the casual user?

Thanks again for all the help =]
664
Active Member
 
Posts: 5
Joined: July 20th, 2010, 5:19 am

Re: IE Malware

Unread postby jmw3 » July 26th, 2010, 11:28 pm

Hi

Good to hear you have no more problems.

Well at the moment I'm using Microsoft Security Essentials as my Anti-virus & find that to be very good. Easy to use, very light on resources. Here's some links to some free Anti-virus if you're considering changing from AVG:
1) Microsoft Security Essentials - Microsoft Security Essentials provides real-time protection for your home PC that guards against viruses, spyware, and other malicious software.
2) Antivir PersonalEdition Classic- Free anti-virus software for Windows. Detects and removes more than 50,000 viruses. Free support.
3) avast! 4 Home Edition - Anti-virus program for Windows. The home edition is freeware for noncommercial users.

Your computer must have only ONE anti-virus program installed at any time. Having more than one anti-virus program installed & active will cause program conflicts, false virus alerts, and system crashes.

And below some other recommendations you may like to consider.

All Clean
Now that your system is safe we would like you to keep it that way. Take the time to follow these recommendations & it will greatly reduce the risk of further infections and greatly diminish the chances of you having to visit here again.

Create a Clean System Restore Point
Create a new, clean System Restore point which you can use in case of future system problems:
Press Start->All Programs->Accessories->System Tools->System Restore
Select Create a restore point, then Next, type a name like All Clean then press the Create button and once it's done press Close
Now remove old, infected System Restore points:
Next click Start->Run and type cleanmgr in the box and click OK
Ensure the boxes for Temporary Files & Temporary Internet Files are checked. You can choose to check other boxes if you wish but they are not required.
Select the More Options tab, under System Restore click Clean up... and click Yes to the prompt
Click OK and Yes to confirm.

Microsoft Windows Update
Microsoft releases patches for Windows and Office products regularly to patch up Windows and Office products loopholes and fix any bugs found. Install the updates immediately if they are found.
To update Windows
Go to Start > All Programs > Windows Update
To update Office
Open up any Office program.
Go to Help > Check for Updates

Malwarebytes' Anti-Malware
Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is totally free but for real-time protection you will have to pay a small one-time fee.
You can find a tutorial here. Keep it updated & run it regularly.

SpywareBlaster
Download and install Javacools SpywareBlaster from here
SpywareBlaster adds a list of ActiveX controls, tracking cookies and sites which will be blocked in either Internet Explorer or Firefox browsers. You need to manually check for updates regularly.

Download and Install a HOSTS File
A HOSTS file is a big list of bad web sites. The list has a specific format, a specific name, (name is just HOSTS with no file extension), and a specific location. Your machine always looks at that file in that location before connecting to a web site to verify the address. So the HOSTS listing can be used to "short circuit" a request to a bad website by giving it the address of your own machine.
Install MVPS Hosts File From Here
The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer.
You can Find the Tutorial HERE

Web of Trust
WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
  • Green to go
  • Yellow for caution
  • Red to stop
WOT has an addon available for both Firefox and Internet Explorer.

Install WinPatrol
Download it here
You can find information about how WinPatrol works here

Read some information here on how to prevent Malware.

Hopefully these steps will help keep your computer clean.

If there are any other questions then feel free to ask or in future do not hesitate to contact us here at The Malware Removal Forums
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia

Re: IE Malware

Unread postby jmw3 » July 28th, 2010, 3:36 am

As your problems appear to have been resolved, this topic is now closed.

We are pleased we could help you resolve your computer's malware issues.

If you would like to make a comment or leave a compliment regarding the help you have received, please see Feedback for Our Helpers - Say "Thanks" Here.
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 80 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware