Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Google Redirect Issue

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Google Redirect Issue

Unread postby AdamL » January 16th, 2010, 2:05 pm

Hi, I have been suffering with the above issue since before Xmas.

Intermittently the results of google searches are redirected to seemingly random pages. I am running AVG free and this has picked up various Trojans and removed them to the virus vault. The redirect issue is still happening and I am not sure what to try next.

Logs as below. Any help gratefully received.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:53:38, on 16/01/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\sstray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\Copernic Desktop Search 2\DesktopSearchService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe
C:\Program Files\DAP\DAP.EXE
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Documents and Settings\Home User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Home User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Home User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Home User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.orange.co.uk
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://orange.co.uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by Orange
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
R3 - URLSearchHook: (no name) - *{4FBACD73-F67C-42AE-B46A-03960AFE3DFB} - (no file)
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - (no file)
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll
O2 - BHO: (no name) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: DAPIELoader Class - {FF6C3CF0-4B15-11D1-ABED-709549C10000} - C:\PROGRA~1\DAP\DAPIEL~1.DLL
O3 - Toolbar: Freeserve - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\FREESE~1\FSBar\FSBar.dll
O3 - Toolbar: Orange Toolbar - {E97B5F2E-CA8E-4D34-BDA3-44EEC4ED2B12} - C:\Program Files\Orange Toolbar UK\ToolbarContainer255.dll
O3 - Toolbar: Copernic Desktop Search - Home - {968631B6-4729-440D-9BF4-251F5593EC9A} - C:\Program Files\Copernic Desktop Search 2\DesktopSearchBand300000081.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [nForce Tray Options] sstray.exe /r
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [ioloDelayModule] C:\Program Files\iolo\System Mechanic 6\delay.exe
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKCU\..\Run: [SMSystemAnalyzer] "C:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe"
O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"
O4 - HKCU\..\Run: [Copernic Desktop Search - Home] "C:\Program Files\Copernic Desktop Search 2\DesktopSearchService.exe" /tray
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [DownloadAccelerator] "C:\Program Files\DAP\DAP.EXE" /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: &Clean Traces - C:\Program Files\DAP\Privacy Package\dapcleanerie.htm
O8 - Extra context menu item: &Download with &DAP - C:\Program Files\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\Program Files\DAP\dapextie2.htm
O8 - Extra context menu item: Search with Freeserve - res://C:\PROGRA~1\FREESE~1\FSBar\FSBar.dll/VSearch.htm
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\jp2iexp.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b31267.cab
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} (System Requirements Lab) - http://www.systemrequirementslab.com/sr ... ab_srl.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/ms ... b56986.cab
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - https://www.lockcastuk.com/Citrix/MetaF ... icaweb.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-GB/a-U ... E_UNO1.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microso ... 0341912984
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b31267.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/A ... tPkMSN.cab
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) - http://appdirectory.messenger.msn.com/A ... gWXMSN.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Me ... b56907.cab
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} (Java Plug-in 1.6.0) -
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} (Java Plug-in 1.6.0_01) -
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Java Plug-in 1.6.0_03) -
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O16 - DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} (JuniperSetup Control) - https://afsslvpn.alexanderforbes.co.uk/ ... rSetup.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/Mi ... b56986.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free E-mail Scanner (avg9emc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgemc.exe
O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Portrait Displays Display Tune Service (DTSRVC) - Unknown owner - C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Roxio\Digital Home 9\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XI\RpcSandraSrv.exe
O23 - Service: SonicStage Back-End Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SsBeSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 17101 bytes

4oD
Acrobat.com
Acrobat.com
Ad-Aware
Ad-Aware
Adobe AIR
Adobe AIR
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Media Player
Adobe Media Player
Adobe Reader 9.2
Adobe Shockwave Player 11
Adobe® Photoshop® Album Starter Edition 3.0
Adobe® Photoshop® Album Starter Edition 3.0.1
Age of Empires III
Apple Mobile Device Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Display Driver
Atomic Clock Sync
Audacity 1.3.4
AusLogics Disk Defrag
AVG Free 9.0
BBC iPlayer Desktop
BBC iPlayer Desktop
BBC iPlayer Download Manager
Belkin Bluetooth Software
Biology 1
Biology 2
BlackBerry Desktop Software 4.6
BlackBerry Desktop Software 4.6
Bonjour
Canon Camera Access Library
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon Internet Library for ZoomBrowser EX
Canon MovieEdit Task for ZoomBrowser EX
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities MyCamera
Canon Utilities MyCamera DC
Canon Utilities PhotoStitch
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
CCleaner
Citrix Presentation Server Web Client for Win32
Company of Heroes
Company of Heroes - FAKEMSI
Company of Heroes - FAKEMSI
Company of Heroes - FAKEMSI
Company of Heroes - FAKEMSI
Company of Heroes - FAKEMSI
Company of Heroes - FAKEMSI
Company of Heroes - FAKEMSI
Company of Heroes - FAKEMSI
Company of Heroes - FAKEMSI
Company of Heroes - FAKEMSI
Company of Heroes - FAKEMSI
Company of Heroes - FAKEMSI
Company of Heroes - FAKEMSI
Company of Heroes - FAKEMSI
ConceptDraw MINDMAP 5 Professional
Copernic Desktop Search - Home
Coupon Printer
Dawn Of War
Disc2Phone
Download Accelerator Plus (DAP)
Easy Picture2Icon 2.1
ESET Online Scanner v3
EssentialPIM
Freeserve Search toolbar
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Updater
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
hp instant support
HP Memories Disc
HP My Display
HP Photo and Imaging 2.0 - All-in-One
HP Photo and Imaging 2.0 - All-in-One Drivers
HP Photo and Imaging 2.0 - hp psc 1200 series
hp psc 1200 series
HyperCam 2
ID3-TagIT 3
iolo technologies' System Mechanic 6
iTunes
Java(TM) 6 Update 17
Junk Mail filter update
Korean Fonts Support For Adobe Reader 8
LiveUpdate BVRP Software
MAGIX Ringtone Maker 2007 silver 3.1.0.3 (UK)
MailWasher Free
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft AutoRoute v11.0
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Live Add-in 1.3
Microsoft Picture It! Photo Standard 9
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual J# .NET Redistributable Package 1.1
Microsoft Word 2002
Microsoft Works
Microsoft Works 2004 Setup Launcher
Microsoft Works Suite Add-in for Microsoft Word
mobile PhoneTools
MP3-Check (v1.0.35.0)
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NVIDIA Drivers
OpenMG Limited Patch 4.7-07-14-05-01
OpenMG Secure Module 4.7.00
OpenOffice.org 2.4
Orange Livebox
Orange Toolbar
PDF Manual NW-A10003000
Personal Backup 4.1
QuickTime
RealPlayer
Revo Uninstaller 1.85
Roxio Media Manager
Runtime 8.0 Libraries
SDK
Secunia PSI
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB972270)
Segoe UI
SiSoftware Sandra Lite XI (Win64/32/CE)
SonicStage 4.3
Sony Ericsson PC Suite
Sophos Anti-Rootkit 1.5.0
SpeedTouch USB Software
Spotify
Spybot - Search & Destroy
Steam
SUPERAntiSpyware Free Edition
SwiftKit
SwiftSwitch
System Requirements Lab
System Requirements Lab
The Battle for Middle-earth (tm) II
The Sims 2
TomTom HOME 2.6.2.1586
TomTom HOME Visual Studio Merge Modules
Trojan Remover 6.8.1
TUGZip 3.4
TuneUp Utilities 2008
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB975364)
VC 9.0 Runtime
VC 9.0 Runtime
Vegas Movie Studio 9.0
Virtual Earth 3D (Beta)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Windows Imaging Component
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
World in Conflict - DEMO
Zattoo 3.3.3 Beta
Zinio Reader
ZoneAlarm
ZoneAlarm Spy Blocker
AdamL
Active Member
 
Posts: 10
Joined: January 1st, 2010, 11:37 am
Advertisement
Register to Remove

Re: Google Redirect Issue

Unread postby jmw3 » January 22nd, 2010, 2:20 pm

Hello & Welcome to Malware Removal

Please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this ensure Notify me when a reply is postedis ticked on the POST A REPLY page.

In the meantime please note the following:
  • Please take time to read the Malware Removal Forum Guidelines and Rules where the conditions for receiving help at this forum are explained.
  • Any recommendations made are for your computer problems only and should NOT be used on any other computer.
  • Please DO NOT run any scans/tools or other fixes unless I ask you to. This is very important for several reasons. Here are just two of them:
    1. The tools that we use are very powerful and can cause >>irreparable damage<< to your computer if not used correctly.
    2. Commercial scanners, for the most part can not completely remove some of the more "resistant" infections. This makes it much more difficult to get rid of completely.
  • If you get stuck or are unsure of something please ask for a further explanation, do not guess.
  • It will require more than one round to properly clean your system. Continue to respond to this thread until I give you the All Clean! even if symptoms seemingly abate.
Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.
If for any reason you cannot complete instructions within that time, that's fine, just put a post here so that I know you're still here. We get a lot of people who simply leave & if there is no contact for that amount of time I will have to assume you have abandoned your topic.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Thanks

DDS
Download DDS.scr by sUBs from one of the following links & save it to your desktop.
Link 1
Link 2
  • Double-Click on dds.scr and a command window will appear. This is normal
  • Shortly after two logs will appear, DDS.txt & Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply
Gmer
Download GMER Rootkit Scanner from here.
  • Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO

    Image
    Click the image to enlarge it
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
  • Save it where you can easily find it, such as your desktop, and post it in reply
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Note: Do not run any programs while Gmer is running.

To post in next reply:
Contents of DDS log
Contents of Attach.txt
Contents of Gmer log
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia

Re: Google Redirect Issue

Unread postby AdamL » January 24th, 2010, 1:43 pm

Hi,thanks for your help on this.

Please find logs as below.


DDS (Ver_09-12-01.01) - NTFSx86
Run by Home User at 13:01:48.81 on 24/01/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1023.474 [GMT 0:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
svchost.exe
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Portrait Displays\Shared\DTSRVC.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\sstray.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\PROGRA~1\AVG\AVG9\avgtray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iolo\System Mechanic 6\SMSystemAnalyzer.exe
C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
C:\Program Files\Copernic Desktop Search 2\DesktopSearchService.exe
C:\Program Files\TuneUp Utilities 2008\MemOptimizer.exe
C:\Program Files\DAP\DAP.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\AVG\AVG9\avgemc.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Documents and Settings\Home User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Home User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\Home User\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://orange.co.uk
uDefault_Page_URL = hxxp://www.orange.co.uk
uWindow Title = Windows Internet Explorer provided by Orange
uInternet Settings,ProxyOverride = <local>
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: DAPIELoader Class: {ff6c3cf0-4b15-11d1-abed-709549c10000} - c:\progra~1\dap\DAPIEL~1.DLL
TB: Freeserve: {8b68564d-53fd-4293-b80c-993a9f3988ee} - c:\progra~1\freese~1\fsbar\FSBar.dll
TB: Orange Toolbar: {e97b5f2e-ca8e-4d34-bda3-44eec4ed2b12} - c:\program files\orange toolbar uk\ToolbarContainer255.dll
TB: Copernic Desktop Search - Home: {968631b6-4729-440d-9bf4-251f5593ec9a} - c:\program files\copernic desktop search 2\DesktopSearchBand300000081.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {4E7BD74F-2B8D-469E-A6FB-F862B587B57D} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} - No File
EB: Copernic Desktop Search - Home: {968631b6-4729-440d-9bf4-251f5593ec9a} - c:\program files\copernic desktop search 2\DesktopSearchBand300000081.dll
EB: Copernic Desktop Search - Home: {9c3fca1f-99e3-48f2-a7f4-dd3931b2f99a} - c:\program files\copernic desktop search 2\DesktopSearchBand300000081.dll
EB: Orange Toolbar: {e97b5f2e-ca8e-4d34-bda3-44eec4ed2b12} - c:\program files\orange toolbar uk\ToolbarContainer255.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [SMSystemAnalyzer] "c:\program files\iolo\system mechanic 6\SMSystemAnalyzer.exe"
uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe"
uRun: [Copernic Desktop Search - Home] "c:\program files\copernic desktop search 2\DesktopSearchService.exe" /tray
uRun: [TuneUp MemOptimizer] "c:\program files\tuneup utilities 2008\MemOptimizer.exe" autostart
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [DownloadAccelerator] "c:\program files\dap\DAP.EXE" /STARTUP
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [nForce Tray Options] sstray.exe /r
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [ioloDelayModule] c:\program files\iolo\system mechanic 6\delay.exe
mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Ad-Watch] c:\program files\lavasoft\ad-aware\AAWTray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [TrojanScanner] c:\program files\trojan remover\Trjscan.exe /boot
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hppsc1~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpohmr08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpoddt~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe
IE: &Clean Traces - c:\program files\dap\privacy package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\dap\dapextie.htm
IE: Download &all with DAP - c:\program files\dap\dapextie2.htm
IE: orange search
IE: Search with Freeserve - c:\progra~1\freese~1\fsbar\FSBar.dll/VSearch.htm
IE: Send To &Bluetooth - c:\program files\belkin\bluetooth software\btsendto_ie_ctx.htm
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\belkin\bluetooth software\btsendto_ie.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC} - c:\program files\java\jre6\bin\jp2iexp.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {00B71CFB-6864-4346-A978-C0A14556272C} - hxxp://messenger.zone.msn.com/binary/ms ... b31267.cab
DPF: {0DB074F0-617E-4EE9-912C-2965CF2AA5A4} - hxxp://download.microsoft.com/download/ ... arth3D.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shoc ... tor/sw.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.systemrequirementslab.com/sr ... ab_srl.cab
DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/ms ... b56986.cab
DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://fpdownload.macromedia.com/get/sh ... tor/sw.cab
DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - hxxps://www.lockcastuk.com/Citrix/MetaF ... icaweb.cab
DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/EN-GB/a-U ... E_UNO1.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microso ... 0341912984
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} - hxxp://messenger.zone.msn.com/binary/Me ... b31267.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/fl ... rashim.cab
DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} - hxxp://appdirectory.messenger.msn.com/A ... tPkMSN.cab
DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} - hxxp://appdirectory.messenger.msn.com/A ... gWXMSN.cab
DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} - hxxp://www.crucial.com/controls/cpcScanner.cab
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/Me ... b56907.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/sh ... wflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://afsslvpn.alexanderforbes.co.uk/ ... rSetup.cab
DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} - hxxp://messenger.zone.msn.com/binary/Mi ... b56986.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - c:\windows\system32\BTXPPanel.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-3-29 64288]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-5-3 333192]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-4-14 28424]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-5-3 360584]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-12-16 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-12-16 74480]
R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2006-12-23 353672]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2009-11-14 906520]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2009-11-14 285392]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-8-30 54752]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-9-24 1181328]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2009-4-8 92008]
R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-12-16 7408]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2006-12-18 17149]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 MEMSWEEP2;MEMSWEEP2; [x]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2009-3-24 7808]
S3 TTDec;ATI WDM Teletext Decoder (Microsoft Corporation);c:\windows\system32\drivers\atinttxx.sys [2006-12-18 13824]
S3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service; [x]

============== File Associations ===============

JSEFile=NOTEPAD.EXE %1
VBEFile=NOTEPAD.EXE %1
VBSFile=NOTEPAD.EXE %1

=============== Created Last 30 ================

2010-01-18 17:55:29 0 d-----w- c:\program files\MSECache
2010-01-07 23:01:12 0 d-----w- c:\docume~1\homeus~1\applic~1\PersBackup
2010-01-07 23:01:01 0 d-----w- c:\program files\Personal Backup 4
2010-01-06 17:50:29 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2010-01-06 17:50:29 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2010-01-06 17:50:29 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2010-01-06 17:50:27 0 d-----w- c:\program files\Trojan Remover
2010-01-06 17:50:27 0 d-----w- c:\docume~1\homeus~1\applic~1\Simply Super Software
2010-01-06 17:50:27 0 d-----w- c:\docume~1\alluse~1\applic~1\Simply Super Software
2010-01-01 18:07:36 29440 ----a-w- c:\windows\system32\uxtuneup.dll
2010-01-01 18:07:35 306432 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2009-12-31 16:22:43 0 d-----w- C:\VundoFix Backups
2009-12-31 16:01:40 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-31 16:01:38 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-31 16:01:38 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-30 17:48:21 0 d-----w- c:\program files\Sophos
2009-12-30 09:36:45 81 ----a-w- C:\CTX.DAT
2009-12-30 09:36:42 0 d-----w- c:\documents and settings\home user\Citrix
2009-12-30 09:28:14 36 ----a-w- C:\autorun.inf.vir
2009-12-29 19:04:01 0 d-----w- c:\program files\ESET
2009-12-29 17:36:57 0 d-----w- c:\program files\Trend Micro
2009-12-28 20:01:33 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-12-28 20:00:42 0 d-----w- c:\program files\SUPERAntiSpyware
2009-12-28 20:00:42 0 d-----w- c:\docume~1\homeus~1\applic~1\SUPERAntiSpyware.com
2009-12-27 15:53:37 0 d-----w- c:\docume~1\homeus~1\applic~1\Malwarebytes
2009-12-27 15:53:21 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-12-26 19:13:42 0 d-----w- c:\program files\CCleaner
2009-12-26 12:43:36 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2009-12-26 09:16:48 201 ----a-w- c:\windows\wininit.ini

==================== Find3M ====================

2010-01-20 16:23:50 132864 ----a-w- c:\windows\system32\drivers\Fasttx2k.sys
2010-01-17 13:23:30 39 ----a-w- c:\documents and settings\home user\jagex_runescape_preferences.dat
2010-01-17 13:23:27 69 ----a-w- c:\documents and settings\home user\jagex_runescape_preferences2.dat
2009-12-21 19:14:05 916480 ----a-w- c:\windows\system32\wininet.dll
2009-11-23 14:34:46 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-11-14 10:44:50 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-09-29 14:13:10 49152 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat

============= FINISH: 13:04:07.28 ===============


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 18/12/2006 17:44:14
System Uptime: 24/01/2010 10:00:19 (3 hours ago)

Motherboard: eveshamvale | |
Processor: AMD Athlon(tm) XP 3000+ | Socket A | 2171/166mhz

==== Disk Partitions =========================

A: is Removable
C: is FIXED (NTFS) - 153 GiB total, 56.657 GiB free.
D: is CDROM ()
E: is CDROM ()

==== Disabled Device Manager Items =============

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================

4oD
Acrobat.com
Ad-Aware
Adobe AIR
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Media Player
Adobe Reader 9.2
Adobe Shockwave Player 11
Adobe® Photoshop® Album Starter Edition 3.0
Adobe® Photoshop® Album Starter Edition 3.0.1
Age of Empires III
Apple Mobile Device Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Display Driver
Atomic Clock Sync
Audacity 1.3.4
AusLogics Disk Defrag
AVG Free 9.0
BBC iPlayer Desktop
BBC iPlayer Download Manager
Belkin Bluetooth Software
Biology 1
Biology 2
BlackBerry Desktop Software 4.6
Bonjour
Canon Camera Access Library
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon Internet Library for ZoomBrowser EX
Canon MovieEdit Task for ZoomBrowser EX
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities MyCamera
Canon Utilities MyCamera DC
Canon Utilities PhotoStitch
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
CCleaner
Citrix Presentation Server Web Client for Win32
Company of Heroes
Company of Heroes - FAKEMSI
Compatibility Pack for the 2007 Office system
ConceptDraw MINDMAP 5 Professional
Copernic Desktop Search - Home
Coupon Printer
Dawn Of War
Disc2Phone
Download Accelerator Plus (DAP)
Easy Picture2Icon 2.1
ESET Online Scanner v3
EssentialPIM
Freeserve Search toolbar
Google Chrome
Google Toolbar for Internet Explorer
Google Updater
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
hp instant support
HP Memories Disc
HP My Display
HP Photo and Imaging 2.0 - All-in-One
HP Photo and Imaging 2.0 - All-in-One Drivers
HP Photo and Imaging 2.0 - hp psc 1200 series
hp psc 1200 series
HyperCam 2
ID3-TagIT 3
iolo technologies' System Mechanic 6
iTunes
Java(TM) 6 Update 17
Juniper Networks Cache Cleaner 5.3.0
Juniper Networks Host Checker
Junk Mail filter update
Korean Fonts Support For Adobe Reader 8
LiveUpdate BVRP Software
MAGIX Ringtone Maker 2007 silver 3.1.0.3 (UK)
MailWasher Free
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Application Error Reporting
Microsoft AutoRoute v11.0
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office Live Add-in 1.3
Microsoft Picture It! Photo Standard 9
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual J# .NET Redistributable Package 1.1
Microsoft Word 2002
Microsoft Works
Microsoft Works 2004 Setup Launcher
Microsoft Works Suite Add-in for Microsoft Word
Microsoft XML Parser
mobile PhoneTools
MP3-Check (v1.0.35.0)
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NVIDIA Drivers
OpenMG Limited Patch 4.7-07-14-05-01
OpenMG Secure Module 4.7.00
OpenOffice.org 2.4
Orange Livebox
Orange Toolbar
PDF Manual NW-A10003000
Personal Backup 4.1
QuickTime
RealPlayer
Revo Uninstaller 1.85
Roxio Media Manager
Runtime 8.0 Libraries
SDK
Secunia PSI
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Media Player (KB911564)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB972270)
Segoe UI
SiSoftware Sandra Lite XI (Win64/32/CE)
SonicStage 4.3
Sony Ericsson PC Suite
Sophos Anti-Rootkit 1.5.0
SpeedTouch USB Software
Spotify
Spybot - Search & Destroy
Steam
SUPERAntiSpyware Free Edition
SwiftKit
SwiftSwitch
System Requirements Lab
The Battle for Middle-earth (tm) II
The Sims 2
TomTom HOME 2.6.2.1586
TomTom HOME Visual Studio Merge Modules
Trojan Remover 6.8.1
TUGZip 3.4
TuneUp Utilities 2008
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB975364)
VC 9.0 Runtime
Vegas Movie Studio 9.0
Virtual Earth 3D (Beta)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
Windows Imaging Component
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 11
Windows Movie Maker 2.0
Windows XP Service Pack 3
World in Conflict - DEMO
Zattoo 3.3.3 Beta
Zinio Reader
ZoneAlarm
ZoneAlarm Spy Blocker

==== Event Viewer Messages From Past Week ========

19/01/2010 22:27:42, error: Service Control Manager [7034] - The KService service terminated unexpectedly. It has done this 1 time(s).
19/01/2010 18:23:36, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher 9 service to connect.
19/01/2010 18:22:05, error: Ftdisk [49] - Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
19/01/2010 18:22:05, error: Ftdisk [45] - The system could not sucessfully load the crash dump driver.
18/01/2010 07:22:53, error: Service Control Manager [7022] - The KService service hung on starting.
17/01/2010 10:48:40, error: Service Control Manager [7034] - The Terminal Services service terminated unexpectedly. It has done this 1 time(s).
17/01/2010 10:48:40, error: Service Control Manager [7031] - The DCOM Server Process Launcher service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.

==== End Of File ===========================

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-01-24 17:35:27
Windows 5.1.2600 Service Pack 3
Running: 0s85442f.exe; Driver: C:\DOCUME~1\HOMEUS~1\LOCALS~1\Temp\fwporpoc.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwConnectPort [0xAAE83FC0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateFile [0xAAE80C80]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateKey [0xAAE9B170]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreatePort [0xAAE84580]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateProcess [0xAAE98900]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateProcessEx [0xAAE98B10]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateSection [0xAAE9CB10]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateWaitablePort [0xAAE84670]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteFile [0xAAE81210]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteKey [0xAAE9B9F0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteValueKey [0xAAE9B7A0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDuplicateObject [0xAAE98280]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwLoadKey [0xAAE9BF10]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0xAAE9BF90]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenFile [0xAAE81070]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenProcess [0xAAE9A180]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenThread [0xAAE99F40]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRenameKey [0xAAE9C6F0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwReplaceKey [0xAAE9C150]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRequestWaitReplyPort [0xAAE83BE0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRestoreKey [0xAAE9C540]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSecureConnectPort [0xAAE84190]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0xAAE81440]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSetValueKey [0xAAE9B4E0]
SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSystemDebugControl [0xAAE99200]
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xAAE240B0]

---- Devices - GMER 1.0.15 ----

Device \Driver\Tcpip \Device\Ip vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\Tcpip \Device\Tcp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp Lbd.sys (Boot Driver/Lavasoft AB)

Device \Driver\Tcpip \Device\Udp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp Lbd.sys (Boot Driver/Lavasoft AB)

Device \Driver\Tcpip \Device\RawIp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)

AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp fssfltr_tdi.sys (Family Safety Filter Driver (TDI)/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp Lbd.sys (Boot Driver/Lavasoft AB)

Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD)
Device -> \Driver\fasttx2k \Device\Harddisk0\DR0 87282618

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000a3a641adb
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000a3a641adb@000f8678ef0a 0xF6 0x30 0x42 0x17 ...
Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\000a3a641adb (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\000a3a641adb@000f8678ef0a 0xF6 0x30 0x42 0x17 ...

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\drivers\fasttx2k.sys suspicious modification

---- EOF - GMER 1.0.15 ----

Look forward to your further comments/instructions.

Adam
AdamL
Active Member
 
Posts: 10
Joined: January 1st, 2010, 11:37 am

Re: Google Redirect Issue

Unread postby jmw3 » January 24th, 2010, 3:02 pm

Hi

Multiple Anti-virus Programs
You are operating your computer with multiple Anti-virus programs running in memory at once:
AVG Free 9.0 | iolo technologies' System Mechanic 6
Anti-virus programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash. Please remove one of them NOW.

Remove Programs
Click Start > Control Panel > Add/Remove Programs
Remove these programs by clicking Remove

ZoneAlarm Spy Blocker

If some programs listed are not present, please do not panic

ComboFix
Download ComboFix from one of these locations (DO NOT download ComboFix from anywhere else but one of the provided links):
Link 1
Link 2

**IMPORTANT !!! Save ComboFix.exe to your Desktop**

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
    A guide to do this can be found here
  • Double click on ComboFix.exe & follow the prompts
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console
Image
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
Image

  • Click on Yes, to continue scanning for malware.
  • When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply
A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


Could you also run Gmer again please.

To post in next reply:
ComboFix log
New Gmer log
Update on how the computer is running
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia

Re: Google Redirect Issue

Unread postby AdamL » January 25th, 2010, 3:29 am

Hi, not sure if something has gone wrong!

When ComboFix ran the first time it came up with a message saying it had discovered rootkit activity and needed to reboot the PC.

The PC started up and when I logged in to my user the ComboFix window was there already and started the scan. The scan ran and then it started deleting files. It has been doing that for 8 hours.

Assume I should just let it finish what it is doing and see what the result is?

Thanks
AdamL
Active Member
 
Posts: 10
Joined: January 1st, 2010, 11:37 am

Re: Google Redirect Issue

Unread postby jmw3 » January 25th, 2010, 7:48 am

Hi

Can you give me an update on what's happening please.
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia

Re: Google Redirect Issue

Unread postby AdamL » January 25th, 2010, 10:11 am

Hi, I am at work at the moment so not too sure.

Looking at Bleeping Computer there does seem to be some sort of issue with ComboFix, but will be guided by you.

I will post when I get home, assuming I can, otherwise it will be in when back at work in 18 Hours.

Thanks
AdamL
Active Member
 
Posts: 10
Joined: January 1st, 2010, 11:37 am

Re: Google Redirect Issue

Unread postby jmw3 » January 25th, 2010, 12:34 pm

Hi

Yes there was an issue with ComboFix, but it has been fixed now, If it has caused any problems, we should be able to fix it.
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia

Re: Google Redirect Issue

Unread postby AdamL » January 25th, 2010, 5:20 pm

Update: ComboFix finished running and produced log. This is 4.2 Mb and shows numerous files deleted including the My Documents, Music and Pictures files. Also all e mails,folders etc in Outlook Express. Log is too big to post.

Internet connection is working fine but All Programs is empty and windows suggesting anti virus not running although AVG suggests components active. Firewall is ok.

All deleted files seem to be in quarantine folder in Qoobox which is approx 37Gb in size.

Any ideas how I can get files back where they belong?

Thanks

Adam
AdamL
Active Member
 
Posts: 10
Joined: January 1st, 2010, 11:37 am

Re: Google Redirect Issue

Unread postby jmw3 » January 25th, 2010, 5:46 pm

Hi

Had a feeling this may be the case. Unfortunately you were the victim of the bug in the version of ComboFix you had. But do not worry, it's fixable.

Delete your current copy of ComboFix.

Download this file & save to your desktop: http://download.bleepingcomputer.com/sU ... UsrPrf.exe
Double click it to run the file. Once finished it should produce a log. Save it to a convenient place.
Run this file ONCE only.
**Important - Do NOT reboot the computer after running the file

Download a fresh copy of ComboFix:
Link 1
Link 2

Run ComboFix once again following the instrucions previously posted.
Let me know how you go & post the contents of the new ComboFix.txt log
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia

Re: Google Redirect Issue

Unread postby AdamL » January 26th, 2010, 6:18 pm

Hi, restore process seemed to work fine.

ComboFix again detected a rootkit and had to reboot. Log File as attached.

ComboFix 10-01-26.02 - Home User 26/01/2010 21:42:42.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1023.566 [GMT 0:00]
Running from: c:\documents and settings\Home User\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((( Files Created from 2009-12-26 to 2010-01-26 )))))))))))))))))))))))))))))))
.

2010-01-26 15:13 . 2010-01-26 15:13 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2010-01-26 10:02 . 2010-01-26 10:02 -------- d-----w- c:\documents and settings\LocalService\IETldCache
2010-01-26 10:02 . 2010-01-26 10:02 -------- d-----w- c:\documents and settings\James\Tracing
2010-01-26 10:02 . 2010-01-26 10:02 -------- d-----w- c:\documents and settings\James\PrivacIE
2010-01-26 09:56 . 2010-01-26 09:56 -------- d-----w- c:\documents and settings\James\Local Settings\Application Data\Sony Ericsson
2010-01-26 09:56 . 2010-01-26 09:56 -------- d-----w- c:\documents and settings\James\Local Settings\Application Data\Sony
2010-01-26 09:56 . 2010-01-26 09:56 -------- d-----w- c:\documents and settings\James\Local Settings\Application Data\PCHealth
2010-01-26 09:55 . 2010-01-26 09:56 -------- d-----w- c:\documents and settings\James\Local Settings\Application Data\Microsoft
2010-01-26 09:55 . 2010-01-26 09:55 -------- d-----w- c:\documents and settings\James\Local Settings\Application Data\Identities
2010-01-26 09:55 . 2010-01-26 09:55 -------- d-----w- c:\documents and settings\James\Local Settings\Application Data\Google
2010-01-26 09:55 . 2010-01-26 09:55 -------- d-----w- c:\documents and settings\James\Local Settings\Application Data\ApplicationHistory
2010-01-26 09:55 . 2010-01-26 09:55 -------- d-----w- c:\documents and settings\James\Local Settings\Application Data\Apple Computer
2010-01-26 09:55 . 2010-01-26 09:55 -------- d-----w- c:\documents and settings\James\Local Settings\Application Data\Adobe
2010-01-26 09:55 . 2009-08-30 20:19 93496 ----a-w- c:\documents and settings\James\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-26 09:55 . 2010-01-26 09:55 -------- d-----w- c:\documents and settings\James\IETldCache
2010-01-26 09:55 . 2010-01-26 09:55 -------- d-----w- c:\documents and settings\James\IECompatCache
2010-01-26 09:52 . 2010-01-26 09:52 -------- d-----w- c:\documents and settings\Jackie\Local Settings\Application Data\Microsoft
2010-01-26 09:52 . 2010-01-26 09:52 -------- d-----w- c:\documents and settings\Jackie\Local Settings\Application Data\Apple Computer
2010-01-26 09:52 . 2010-01-26 09:52 -------- d-----w- c:\documents and settings\Jackie\Application Data\Teleca
2010-01-26 09:52 . 2006-12-26 16:51 71064 ----a-w- c:\documents and settings\Jackie\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-26 09:52 . 2010-01-26 09:52 -------- d-----w- c:\documents and settings\Jackie\Application Data\Sony Ericsson
2010-01-26 08:59 . 2010-01-26 08:59 -------- d-----w- c:\documents and settings\Home User\Local Settings\Application Data\ZattooPlayer
2010-01-26 08:59 . 2010-01-26 08:59 -------- d-----w- c:\documents and settings\Home User\Local Settings\Application Data\Zattoo
2010-01-26 08:59 . 2010-01-26 08:59 -------- d-----w- c:\documents and settings\Home User\Local Settings\Application Data\TomTom
2010-01-26 08:58 . 2010-01-26 08:58 -------- d-----w- c:\documents and settings\Home User\Local Settings\Application Data\Spotify
2010-01-26 08:58 . 2010-01-26 08:58 -------- d-----w- c:\documents and settings\Home User\Local Settings\Application Data\Sony Ericsson
2010-01-26 08:58 . 2010-01-26 08:58 -------- d-----w- c:\documents and settings\Home User\Local Settings\Application Data\Sony Corporation
2010-01-26 08:58 . 2010-01-26 08:58 -------- d-----w- c:\documents and settings\Home User\Local Settings\Application Data\PCHealth
2010-01-26 08:58 . 2010-01-26 08:58 -------- d-----w- c:\documents and settings\Home User\Local Settings\Application Data\Orange
2010-01-26 08:55 . 2010-01-26 08:55 -------- d-----w- c:\documents and settings\Home User\Local Settings\Application Data\IsolatedStorage
2010-01-26 08:42 . 2010-01-26 08:51 -------- d-----w- c:\documents and settings\Home User\Local Settings\Application Data\Google
2010-01-26 08:42 . 2010-01-26 08:42 -------- d-----w- c:\documents and settings\Home User\Local Settings\Application Data\BVRP Software
2010-01-26 08:42 . 2010-01-26 08:42 -------- d-----w- c:\documents and settings\Home User\Local Settings\Application Data\assembly
2010-01-26 08:42 . 2010-01-26 08:42 -------- d-----w- c:\documents and settings\Home User\Local Settings\Application Data\ApplicationHistory
2010-01-26 08:42 . 2010-01-26 08:42 -------- d-----w- c:\documents and settings\Home User\Local Settings\Application Data\Adobe
2010-01-26 08:42 . 2007-02-24 22:12 132 ----a-w- c:\documents and settings\Home User\Local Settings\Application Data\fusioncache.dat
2010-01-26 08:09 . 2010-01-26 08:09 -------- d-----w- c:\documents and settings\Home User\Application Data\OpenOffice.org2
2010-01-26 08:06 . 2010-01-26 08:06 -------- d-----w- c:\documents and settings\Emma\PrivacIE
2010-01-26 07:46 . 2010-01-26 07:46 -------- d-----w- c:\documents and settings\Emma\Local Settings\Application Data\Sony Ericsson
2010-01-26 07:46 . 2010-01-26 07:46 -------- d-----w- c:\documents and settings\Emma\Local Settings\Application Data\Sony Corporation
2010-01-26 07:46 . 2010-01-26 07:46 -------- d-----w- c:\documents and settings\Emma\Local Settings\Application Data\PCHealth
2010-01-26 07:43 . 2010-01-26 07:46 -------- d-----w- c:\documents and settings\Emma\Local Settings\Application Data\Microsoft
2010-01-26 07:43 . 2010-01-26 07:43 -------- d-----w- c:\documents and settings\Emma\Local Settings\Application Data\Identities
2010-01-26 07:43 . 2010-01-26 07:43 -------- d-----w- c:\documents and settings\Emma\Local Settings\Application Data\Google
2010-01-26 07:43 . 2010-01-26 07:43 -------- d-----w- c:\documents and settings\Emma\Local Settings\Application Data\BVRP Software
2010-01-26 07:43 . 2010-01-26 07:43 -------- d-----w- c:\documents and settings\Emma\Local Settings\Application Data\Apple Computer
2010-01-26 07:43 . 2010-01-26 07:43 -------- d-----w- c:\documents and settings\Emma\Local Settings\Application Data\Adobe
2010-01-26 07:43 . 2009-09-09 15:15 93496 ----a-w- c:\documents and settings\Emma\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-26 07:43 . 2010-01-26 07:43 -------- d-----w- c:\documents and settings\Emma\IETldCache
2010-01-26 07:40 . 2010-01-26 07:40 -------- d-----w- c:\documents and settings\All Users\SonicStage
2010-01-26 07:40 . 2010-01-26 07:40 -------- d-----w- c:\documents and settings\All Users\DRM
2010-01-26 07:39 . 2010-01-26 07:39 -------- d-----w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2010-01-26 07:39 . 2010-01-26 07:39 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software
2010-01-26 07:39 . 2010-01-26 07:39 -------- d-----w- c:\documents and settings\All Users\Application Data\TomTom
2010-01-26 07:39 . 2010-01-26 07:39 -------- d-----w- c:\documents and settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2010-01-26 07:39 . 2010-01-26 07:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Teleca
2010-01-26 07:39 . 2010-01-26 07:39 -------- d-----w- c:\documents and settings\All Users\Application Data\SwiftSwitch
2010-01-26 07:39 . 2010-01-26 07:39 -------- d-----w- c:\documents and settings\All Users\Application Data\SwiftKit
2010-01-26 07:39 . 2010-01-26 07:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-01-26 07:39 . 2010-01-26 07:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony Ericsson
2010-01-26 07:38 . 2010-01-26 07:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony Corporation
2010-01-26 07:38 . 2010-01-26 07:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony
2010-01-26 07:38 . 2010-01-26 07:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Sonic
2010-01-26 07:38 . 2010-01-26 07:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software
2010-01-26 07:38 . 2010-01-26 07:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Roxio
2010-01-26 07:38 . 2010-01-26 07:38 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-01-26 07:38 . 2010-01-26 07:38 -------- d-----w- c:\documents and settings\All Users\Application Data\MSN6
2010-01-26 07:38 . 2010-01-26 07:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-26 07:36 . 2010-01-26 07:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Kontiki
2010-01-26 07:36 . 2010-01-26 07:36 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield
2010-01-26 07:36 . 2010-01-26 07:36 -------- d-----w- c:\documents and settings\All Users\Application Data\ID3-TagIT 3
2010-01-26 07:36 . 2010-01-26 07:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Grisoft
2010-01-26 07:36 . 2010-01-26 07:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Channel4
2010-01-26 07:36 . 2010-01-26 07:36 -------- d-----w- c:\documents and settings\All Users\Application Data\BVRP Software
2010-01-26 07:35 . 2010-01-26 07:35 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2010-01-26 07:35 . 2010-01-26 07:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-01-26 07:35 . 2010-01-26 07:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-01-26 07:16 . 2010-01-26 08:09 -------- d-sh--w- c:\documents and settings\Home User\PrivacIE
2010-01-25 21:10 . 2010-01-25 09:21 -------- d-----w- c:\documents and settings\Home User\Local Settings\Application Data\Identities
2010-01-25 21:01 . 2010-01-25 21:28 107100 ----a-w- c:\documents and settings\Home User\Local Settings\Application Data\prvlcl.dat
2010-01-25 20:59 . 2010-01-20 22:34 97384 ----a-w- c:\documents and settings\Home User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-25 18:06 . 2010-01-25 03:23 -------- d-----w- c:\documents and settings\Home User\Application Data\Sony Ericsson
2010-01-25 17:44 . 2010-01-25 00:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Speedbit
2010-01-25 17:44 . 2010-01-25 03:28 -------- d-----w- c:\documents and settings\Home User\Application Data\TuneUp Software
2010-01-25 17:44 . 2010-01-25 09:02 -------- d-----w- c:\documents and settings\Home User\Local Settings\Application Data\Copernic
2010-01-25 17:44 . 2010-01-26 21:57 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-01-25 17:43 . 2010-01-25 17:43 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-01-25 17:43 . 2010-01-25 03:24 -------- d-----w- c:\documents and settings\Home User\Application Data\SUPERAntiSpyware.com
2010-01-25 17:43 . 2010-01-26 08:42 -------- d-----w- c:\documents and settings\Home User\Local Settings\Application Data\Apple Computer
2010-01-25 17:42 . 2010-01-26 08:42 -------- d-sh--w- c:\documents and settings\Home User\IETldCache
2010-01-25 14:35 . 2010-01-26 10:02 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-01-25 14:35 . 2010-01-26 07:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-01-25 14:13 . 2010-01-26 10:02 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-01-25 14:09 . 2010-01-26 15:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-01-18 17:55 . 2010-01-18 17:55 -------- d-----w- c:\program files\MSECache
2010-01-07 23:01 . 2010-01-07 23:01 -------- d-----w- c:\program files\Personal Backup 4
2010-01-06 17:50 . 2006-06-19 13:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2010-01-06 17:50 . 2006-05-25 15:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2010-01-06 17:50 . 2005-08-26 01:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2010-01-06 17:50 . 2010-01-06 17:50 -------- d-----w- c:\program files\Trojan Remover
2010-01-01 18:07 . 2007-12-20 09:41 29440 ----a-w- c:\windows\system32\uxtuneup.dll
2010-01-01 18:07 . 2010-01-01 18:07 306432 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2010-01-01 13:12 . 2010-01-01 13:12 -------- dc-h--w- c:\windows\ie8
2009-12-31 16:22 . 2009-12-31 16:22 -------- d-----w- C:\VundoFix Backups
2009-12-31 16:01 . 2010-01-07 16:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-31 16:01 . 2010-01-09 10:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-31 16:01 . 2010-01-07 16:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-30 17:48 . 2009-12-30 17:48 -------- d-----w- c:\program files\Sophos
2009-12-30 09:36 . 2009-12-30 09:36 81 ----a-w- C:\CTX.DAT
2009-12-30 09:28 . 2009-12-31 15:07 36 ----a-w- C:\autorun.inf.vir
2009-12-29 19:04 . 2009-12-29 19:04 -------- d-----w- c:\program files\ESET
2009-12-29 17:36 . 2009-12-29 17:36 -------- d-----w- c:\program files\Trend Micro
2009-12-28 20:00 . 2010-01-07 18:42 -------- d-----w- c:\program files\SUPERAntiSpyware

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-26 09:54 . 2010-01-26 09:54 -------- d-----w- c:\documents and settings\James\Application Data\Teleca
2010-01-26 09:54 . 2010-01-26 09:54 -------- d-----w- c:\documents and settings\James\Application Data\Sony Ericsson
2010-01-26 09:54 . 2010-01-26 09:54 -------- d-----w- c:\documents and settings\James\Application Data\Sony
2010-01-26 09:54 . 2010-01-26 09:54 -------- d-----w- c:\documents and settings\James\Application Data\SecuROM
2010-01-26 09:54 . 2010-01-26 09:54 -------- d-----w- c:\documents and settings\James\Application Data\OpenOffice.org2
2010-01-26 09:54 . 2010-01-26 09:54 -------- d-----w- c:\documents and settings\James\Application Data\My Battle for Middle-earth(tm) II Files
2010-01-26 09:54 . 2010-01-26 09:54 -------- d-----w- c:\documents and settings\James\Application Data\MailWasherPro
2010-01-26 09:54 . 2010-01-26 09:54 -------- d-----w- c:\documents and settings\James\Application Data\DisplayTune
2010-01-26 09:54 . 2010-01-26 09:54 -------- d-----w- c:\documents and settings\James\Application Data\Apple Computer
2010-01-26 09:54 . 2010-01-26 09:54 -------- d-----w- c:\documents and settings\James\Application Data\AdobeAUM
2010-01-26 09:54 . 2010-01-26 09:54 -------- d-----w- c:\documents and settings\James\Application Data\aAvgApi
2010-01-26 08:09 . 2010-01-26 08:09 -------- d-----w- c:\documents and settings\Home User\Application Data\My Battle for Middle-earth(tm) II Files
2010-01-26 07:42 . 2010-01-26 07:42 -------- d-----w- c:\documents and settings\Emma\Application Data\ZoomBrowser EX
2010-01-26 07:42 . 2010-01-26 07:42 -------- d-----w- c:\documents and settings\Emma\Application Data\Teleca
2010-01-26 07:42 . 2010-01-26 07:42 -------- d-----w- c:\documents and settings\Emma\Application Data\Steinberg
2010-01-26 07:42 . 2010-01-26 07:42 -------- d-----w- c:\documents and settings\Emma\Application Data\Sony Ericsson
2010-01-26 07:42 . 2010-01-26 07:42 -------- d-----w- c:\documents and settings\Emma\Application Data\Sony Corporation
2010-01-26 07:42 . 2010-01-26 07:42 -------- d-----w- c:\documents and settings\Emma\Application Data\OpenOffice.org2
2010-01-26 07:42 . 2010-01-26 07:42 -------- d-----w- c:\documents and settings\Emma\Application Data\LimeWire
2010-01-26 07:42 . 2010-01-26 07:42 -------- d-----w- c:\documents and settings\Emma\Application Data\Hewlett-Packard
2010-01-26 07:42 . 2010-01-26 07:42 -------- d-----w- c:\documents and settings\Emma\Application Data\DisplayTune
2010-01-26 07:42 . 2010-01-26 07:42 -------- d-----w- c:\documents and settings\Emma\Application Data\CANON INC
2010-01-26 07:42 . 2010-01-26 07:42 -------- d-----w- c:\documents and settings\Emma\Application Data\Apple Computer
2010-01-26 07:42 . 2010-01-26 07:42 -------- d-----w- c:\documents and settings\Emma\Application Data\AdobeAUM
2010-01-26 07:36 . 2009-11-14 10:43 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-01-25 17:44 . 2010-01-25 17:44 8329 ----a-w- C:\ADSB.tmp
2010-01-24 20:12 . 2007-06-21 20:33 -------- d-----w- c:\program files\iolo
2010-01-24 18:02 . 2006-12-18 16:31 132864 ----a-w- c:\windows\system32\drivers\Fasttx2k.sys
2010-01-22 13:59 . 2007-04-01 19:43 32517553 ----a-w- c:\windows\Internet Logs\tvDebug.zip
2010-01-20 14:27 . 2009-08-30 20:19 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-17 13:23 . 2010-01-26 08:09 39 ----a-w- c:\documents and settings\Home User\jagex_runescape_preferences.dat
2010-01-17 13:23 . 2010-01-26 08:09 69 ----a-w- c:\documents and settings\Home User\jagex_runescape_preferences2.dat
2010-01-03 18:57 . 2010-01-04 13:06 126976 ----a-w- c:\windows\Internet Logs\xDB6.tmp
2010-01-01 18:08 . 2009-04-13 16:58 -------- d-----w- c:\program files\TuneUp Utilities 2008
2009-12-31 17:27 . 2010-01-01 12:58 11140 ----a-w- c:\windows\PCHealth\HelpCtr\Config\Cache\Personal_32_1033.dat
2009-12-28 22:40 . 2009-04-10 21:41 -------- d-----w- c:\program files\SystemRequirementsLab
2009-12-28 22:06 . 2007-04-18 20:31 -------- d-----w- c:\program files\Java
2009-12-28 12:15 . 2009-04-13 16:57 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-26 19:13 . 2009-12-26 19:13 -------- d-----w- c:\program files\CCleaner
2009-12-26 18:01 . 2007-08-27 18:30 -------- d-----w- c:\program files\Oxigen
2009-12-26 09:21 . 2006-12-22 19:30 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-12-26 08:33 . 2009-12-26 09:21 1093632 ----a-w- c:\windows\Internet Logs\xDB5.tmp
2009-12-24 21:21 . 2010-01-26 09:54 69 ----a-w- c:\documents and settings\James\jagex_runescape_preferences2.dat
2009-12-24 21:20 . 2010-01-26 09:54 39 ----a-w- c:\documents and settings\James\jagex_runescape_preferences.dat
2009-12-23 16:17 . 2010-01-26 07:42 13228 ----a-w- c:\documents and settings\Emma\Application Data\wklnhst.dat
2009-12-22 10:29 . 2009-05-17 15:59 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-12-21 19:14 . 2002-08-29 11:00 916480 ------w- c:\windows\system32\wininet.dll
2009-12-13 13:09 . 2010-01-26 09:54 26880 ----a-w- c:\documents and settings\James\Application Data\wklnhst.dat
2009-11-30 14:52 . 2009-11-30 14:52 -------- d-----w- c:\program files\Coupon Printer
2009-11-30 14:52 . 2009-11-30 14:52 31 ---ha-w- c:\windows\UKCpInfo.sys
2009-11-23 14:34 . 2009-11-23 14:34 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-11-23 14:34 . 2009-03-29 20:21 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-11-21 15:51 . 2002-08-29 11:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-14 10:44 . 2008-05-03 12:29 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-11-14 10:44 . 2008-05-03 12:29 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-11-14 10:44 . 2008-05-03 12:29 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-11-14 10:44 . 2008-04-14 20:48 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-11-06 21:14 . 2009-11-07 13:02 2696192 ----a-w- c:\windows\Internet Logs\xDB4.tmp
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 13:01 1230080 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-04-08 251240]
"Copernic Desktop Search - Home"="c:\program files\Copernic Desktop Search 2\DesktopSearchService.exe" [2008-09-18 1698816]
"TuneUp MemOptimizer"="c:\program files\TuneUp Utilities 2008\MemOptimizer.exe" [2008-01-08 196864]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-26 68856]
"DownloadAccelerator"="c:\program files\DAP\DAP.EXE" [2009-04-09 2811392]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-01-07 2002160]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-16 981384]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-12 342312]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-12-21 788880]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-01-01 2033432]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2009-10-17 1070984]

c:\documents and settings\Emma\Start Menu\Programs\Startup\
OpenOffice.org 2.2.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-1-21 393216]

c:\documents and settings\James\Start Menu\Programs\Startup\
Adobe Media Player.lnk - c:\program files\Adobe Media Player\Adobe Media Player.exe [2008-9-5 260096]
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-1-21 393216]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-6 147456]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 14:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-11-14 10:44 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0smrgdf c:\program files\iolo\System Mechanic 6\\0lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zebtab]
c:\documents and settings\Home User\Start Menu [X]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"swg"=c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Microsoft Works Update Detection"=c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
"PinnacleDriverCheck"=c:\windows\system32\PSDrvCheck.exe
"SpeedTouch USB Diagnostics"="c:\program files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\DAP\\DAP.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XI\\RpcSandraSrv.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XI\\Win32\\RpcDataSrv.exe"=
"c:\\Program Files\\Electronic Arts\\The Battle for Middle-earth (tm) II\\game.dat"=
"c:\\Program Files\\Sierra Entertainment\\World in Conflict - DEMO\\wic.exe"=
"c:\\Program Files\\Kontiki\\KService.exe"=
"c:\\Program Files\\THQ\\Company of Heroes\\RelicCOH.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\THQ\\Company of Heroes\\RelicDownloader\\RelicDownloader.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [29/03/2009 19:28 64288]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [03/05/2008 12:29 333192]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [03/05/2008 12:29 360584]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [16/12/2009 16:26 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [16/12/2009 16:26 74480]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [14/11/2009 10:43 906520]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [14/11/2009 10:43 285392]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [30/08/2009 20:18 54752]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [08/04/2009 10:38 92008]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [16/12/2009 16:27 7408]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [18/12/2006 19:11 17149]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\Windows Live\Family Safety\fsssvc.exe [05/08/2009 21:48 704864]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [24/09/2009 11:17 1181328]
S3 MEMSWEEP2;MEMSWEEP2; [x]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [24/03/2009 11:03 7808]
S3 TTDec;ATI WDM Teletext Decoder (Microsoft Corporation);c:\windows\system32\drivers\atinttxx.sys [18/12/2006 18:45 13824]
S3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service; [x]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Contents of the 'Scheduled Tasks' folder

2010-01-26 c:\windows\Tasks\Ad-Aware Update (Daily 1).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 20:36]

2010-01-26 c:\windows\Tasks\Ad-Aware Update (Daily 2).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 20:36]

2010-01-24 c:\windows\Tasks\Ad-Aware Update (Daily 3).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 20:36]

2010-01-26 c:\windows\Tasks\Ad-Aware Update (Daily 4).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 20:36]

2010-01-25 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 20:36]

2010-01-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 11:34]

2010-01-26 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-10-26 18:12]

2010-01-26 c:\windows\Tasks\User_Feed_Synchronization-{8BFFD401-32DC-48DD-8454-8E1DB65A8328}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 04:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://orange.co.uk
uInternet Settings,ProxyOverride = <local>
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: orange search
IE: Search with Freeserve - c:\progra~1\FREESE~1\FSBar\FSBar.dll/VSearch.htm
IE: Send To &Bluetooth - c:\program files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
.
------- File Associations -------
.
JSEFile=NOTEPAD.EXE %1
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-26 22:00
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x87274618]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf7813f28
\Driver\ACPI -> ACPI.sys @ 0xf7766cb8
\Driver\atapi -> atapi.sys @ 0xf771e852
IoDeviceObjectType -> DeleteProcedure -> ntoskrnl.exe @ 0x805a05a9
ParseProcedure -> ntoskrnl.exe @ 0x8056ea15
\Device\Harddisk0\DR0 -> DeleteProcedure -> ntoskrnl.exe @ 0x805a05a9
ParseProcedure -> ntoskrnl.exe @ 0x8056ea15
user & kernel MBR OK

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1644491937-1801674531-839522115-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:1e,e9,84,0f,d2,71,48,eb,6b,a2,4c,7d,08,4a,e4,0f,d6,2d,46,5d,4b,fc,a7,
82,43,d1,df,6f,64,0d,24,9e,2e,2c,bb,5a,0c,34,a5,dd,07,d3,d2,b8,d8,db,b8,b2,\
"??"=hex:e2,06,90,c3,a9,ab,f7,ca,1c,f7,63,d7,3e,f2,89,5d
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(756)
c:\windows\system32\WININET.dll
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'lsass.exe'(816)
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(908)
c:\windows\system32\WININET.dll
c:\program files\Copernic Desktop Search 2\DesktopSearchSystem300000081.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\btncopy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Belkin\Bluetooth Software\bin\btwdins.exe
c:\program files\Common Files\Portrait Displays\Shared\DTSRVC.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Kontiki\KService.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\windows\system32\rundll32.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
.
**************************************************************************
.
Completion time: 2010-01-26 22:13:14 - machine was rebooted
ComboFix-quarantined-files.txt 2010-01-26 22:10

Pre-Run: 22,247,272,448 bytes free
Post-Run: 22,238,486,528 bytes free

- - End Of File - - B71F656A3D04DCABD08C8219D1665801

Await your further instructions.

Adam
AdamL
Active Member
 
Posts: 10
Joined: January 1st, 2010, 11:37 am

Re: Google Redirect Issue

Unread postby jmw3 » January 26th, 2010, 7:59 pm

Hi

TDSSKiller
Download TDSSKiller.zip by Kaspersky Lab from Here & save it to your desktop.
  • Extract (unzip) its contents to your Desktop
  • Double-click the TDSSKiller Folder on your desktop
  • Right-click on TDSSKiller.exe then click Copy then Paste it directly to your Desktop <<--- Important!
  • Highlight then copy all the text (including the quote marks) in the box below
Code: Select all
"%userprofile%\desktop\tdsskiller.exe" -l "%userprofile%\desktop\tdsskiller.txt"

  • Click Start >> Run. Paste the (above) copied text, into the opened text box then click OK
TDSSKiller will prompt to reboot the PC, to complete the disinfection procedure, if malicious files or services were found
Please reboot if prompted.
After reboot, TDSSKiller will delete malicious registry keys and files, as well as remove itself from the services list.
When finished a log fileshould be created on your desktop named tdsskiller.txt. Copy the contents of the log & post in your next reply.

CFScript
Close any open browsers.
Open notepad and copy/paste the text in the code box below into it:

Code: Select all
File::
C:\VundoFix Backups
C:\autorun.inf.vir
C:\ADSB.tmp
Folder::
c:\program files\Coupon Printer
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000000
NetSvc::
UxTuneUp
DDS::
uURLSearchHooks: H - No File
uURLSearchHooks: H - No File
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
BHO: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - No File
TB: {4E7BD74F-2B8D-469E-A6FB-F862B587B57D} - No File
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
TB: {F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

Save this as CFScript.txt, in the same location as ComboFix.exe

Image

Refering to the picture above, drag CFScript into ComboFix.exe
If prompted by ComboFix to update, please do so
When finished, it shall produce a log for you at "C:\ComboFix.txt"
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall
A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper


To post in next reply:
TDSSKiller log
ComboFix log
Update on how the computer is running
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia

Re: Google Redirect Issue

Unread postby AdamL » January 28th, 2010, 3:21 am

Hi logs as below

23:24:13:109 2768 TDSS rootkit removing tool 2.2.2 Jan 13 2010 08:42:25
23:24:13:109 2768 ================================================================================
23:24:13:109 2768 SystemInfo:

23:24:13:109 2768 OS Version: 5.1.2600 ServicePack: 3.0
23:24:13:109 2768 Product type: Workstation
23:24:13:109 2768 ComputerName: HOME-UMWKN5YLT0
23:24:13:109 2768 UserName: Home User
23:24:13:109 2768 Windows directory: C:\WINDOWS
23:24:13:109 2768 Processor architecture: Intel x86
23:24:13:109 2768 Number of processors: 1
23:24:13:109 2768 Page size: 0x1000
23:24:13:109 2768 Boot type: Normal boot
23:24:13:109 2768 ================================================================================
23:24:13:109 2768 UnloadDriverW: NtUnloadDriver error 2
23:24:13:109 2768 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
23:24:13:109 2768 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\drivers\klmd.sys) returned status 00000000
23:24:13:171 2768 UtilityInit: KLMD drop and load success
23:24:13:171 2768 KLMD_OpenDevice: Trying to open KLMD Device(KLMD201000)
23:24:13:171 2768 UtilityInit: KLMD open success
23:24:13:171 2768 UtilityInit: Initialize success
23:24:13:171 2768
23:24:13:171 2768 Scanning Services ...
23:24:13:171 2768 CreateRegParser: Registry parser init started
23:24:13:171 2768 DisableWow64Redirection: GetProcAddress(Wow64DisableWow64FsRedirection) error 127
23:24:13:171 2768 CreateRegParser: DisableWow64Redirection error
23:24:13:171 2768 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system
23:24:13:187 2768 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\config\system) returned status C0000043
23:24:13:187 2768 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
23:24:13:187 2768 wfopen_ex: Trying to KLMD file open
23:24:13:187 2768 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\config\system
23:24:13:187 2768 wfopen_ex: File opened ok (Flags 2)
23:24:13:187 2768 CreateRegParser: HIVE_ADAPTER(C:\WINDOWS\system32\config\system) init success: 274DA0
23:24:13:187 2768 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software
23:24:13:187 2768 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\config\software) returned status C0000043
23:24:13:187 2768 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
23:24:13:187 2768 wfopen_ex: Trying to KLMD file open
23:24:13:187 2768 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\config\software
23:24:13:187 2768 wfopen_ex: File opened ok (Flags 2)
23:24:13:187 2768 CreateRegParser: HIVE_ADAPTER(C:\WINDOWS\system32\config\software) init success: 274E48
23:24:13:187 2768 EnableWow64Redirection: GetProcAddress(Wow64RevertWow64FsRedirection) error 127
23:24:13:187 2768 CreateRegParser: EnableWow64Redirection error
23:24:13:187 2768 CreateRegParser: RegParser init completed
23:24:13:281 2768 GetAdvancedServicesInfo: Raw services enum returned 431 services
23:24:13:281 2768 fclose_ex: Trying to close file C:\WINDOWS\system32\config\system
23:24:13:281 2768 fclose_ex: Trying to close file C:\WINDOWS\system32\config\software
23:24:13:281 2768
23:24:13:281 2768 Scanning Kernel memory ...
23:24:13:281 2768 KLMD_GetSystemObjectAddressByNameW: Trying to get system object address by name \Driver\Disk
23:24:13:281 2768 DetectCureTDL3: \Driver\Disk PDRIVER_OBJECT: 873AB5C0
23:24:13:281 2768 DetectCureTDL3: KLMD_GetDeviceObjectList returned 2 DevObjects
23:24:13:281 2768
23:24:13:281 2768 DetectCureTDL3: DEVICE_OBJECT: 87309C68
23:24:13:281 2768 KLMD_GetLowerDeviceObject: Trying to get lower device object for 87309C68
23:24:13:281 2768 KLMD_ReadMem: Trying to ReadMemory 0x87309C68[0x38]
23:24:13:281 2768 DetectCureTDL3: DRIVER_OBJECT: 873AB5C0
23:24:13:281 2768 KLMD_ReadMem: Trying to ReadMemory 0x873AB5C0[0xA8]
23:24:13:281 2768 KLMD_ReadMem: Trying to ReadMemory 0xE101AD18[0x18]
23:24:13:281 2768 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
23:24:13:281 2768 DetectCureTDL3: IrpHandler (0) addr: F7815BB0
23:24:13:281 2768 DetectCureTDL3: IrpHandler (1) addr: 804FA87E
23:24:13:281 2768 DetectCureTDL3: IrpHandler (2) addr: F7815BB0
23:24:13:281 2768 DetectCureTDL3: IrpHandler (3) addr: F780FD1F
23:24:13:281 2768 DetectCureTDL3: IrpHandler (4) addr: F780FD1F
23:24:13:281 2768 DetectCureTDL3: IrpHandler (5) addr: 804FA87E
23:24:13:281 2768 DetectCureTDL3: IrpHandler (6) addr: 804FA87E
23:24:13:281 2768 DetectCureTDL3: IrpHandler (7) addr: 804FA87E
23:24:13:281 2768 DetectCureTDL3: IrpHandler (8) addr: 804FA87E
23:24:13:281 2768 DetectCureTDL3: IrpHandler (9) addr: F78102E2
23:24:13:281 2768 DetectCureTDL3: IrpHandler (10) addr: 804FA87E
23:24:13:281 2768 DetectCureTDL3: IrpHandler (11) addr: 804FA87E
23:24:13:281 2768 DetectCureTDL3: IrpHandler (12) addr: 804FA87E
23:24:13:281 2768 DetectCureTDL3: IrpHandler (13) addr: 804FA87E
23:24:13:281 2768 DetectCureTDL3: IrpHandler (14) addr: F78103BB
23:24:13:281 2768 DetectCureTDL3: IrpHandler (15) addr: F7813F28
23:24:13:281 2768 DetectCureTDL3: IrpHandler (16) addr: F78102E2
23:24:13:281 2768 DetectCureTDL3: IrpHandler (17) addr: 804FA87E
23:24:13:281 2768 DetectCureTDL3: IrpHandler (18) addr: 804FA87E
23:24:13:281 2768 DetectCureTDL3: IrpHandler (19) addr: 804FA87E
23:24:13:281 2768 DetectCureTDL3: IrpHandler (20) addr: 804FA87E
23:24:13:281 2768 DetectCureTDL3: IrpHandler (21) addr: 804FA87E
23:24:13:281 2768 DetectCureTDL3: IrpHandler (22) addr: F7811C82
23:24:13:281 2768 DetectCureTDL3: IrpHandler (23) addr: F781699E
23:24:13:281 2768 DetectCureTDL3: IrpHandler (24) addr: 804FA87E
23:24:13:281 2768 DetectCureTDL3: IrpHandler (25) addr: 804FA87E
23:24:13:281 2768 DetectCureTDL3: IrpHandler (26) addr: 804FA87E
23:24:13:281 2768 TDL3_FileDetect: Processing driver: Disk
23:24:13:281 2768 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys
23:24:13:281 2768 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys
23:24:13:296 2768 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
23:24:13:296 2768
23:24:13:296 2768 DetectCureTDL3: DEVICE_OBJECT: 872EAAB8
23:24:13:296 2768 KLMD_GetLowerDeviceObject: Trying to get lower device object for 872EAAB8
23:24:13:296 2768 DetectCureTDL3: DEVICE_OBJECT: 872F7A38
23:24:13:296 2768 KLMD_GetLowerDeviceObject: Trying to get lower device object for 872F7A38
23:24:13:296 2768 KLMD_ReadMem: Trying to ReadMemory 0x872F7A38[0x38]
23:24:13:296 2768 DetectCureTDL3: DRIVER_OBJECT: 872F59F8
23:24:13:296 2768 KLMD_ReadMem: Trying to ReadMemory 0x872F59F8[0xA8]
23:24:13:296 2768 KLMD_ReadMem: Trying to ReadMemory 0x87294A30[0x38]
23:24:13:296 2768 KLMD_ReadMem: Trying to ReadMemory 0x87349250[0xA8]
23:24:13:296 2768 KLMD_ReadMem: Trying to ReadMemory 0xE18C15F0[0x20]
23:24:13:296 2768 DetectCureTDL3: DRIVER_OBJECT name: \Driver\fasttx2k, Driver Name: fasttx2k
23:24:13:296 2768 DetectCureTDL3: IrpHandler (0) addr: 87274618
23:24:13:296 2768 DetectCureTDL3: IrpHandler (1) addr: 87274618
23:24:13:296 2768 DetectCureTDL3: IrpHandler (2) addr: 87274618
23:24:13:296 2768 DetectCureTDL3: IrpHandler (3) addr: 87274618
23:24:13:296 2768 DetectCureTDL3: IrpHandler (4) addr: 87274618
23:24:13:296 2768 DetectCureTDL3: IrpHandler (5) addr: 87274618
23:24:13:296 2768 DetectCureTDL3: IrpHandler (6) addr: 87274618
23:24:13:296 2768 DetectCureTDL3: IrpHandler (7) addr: 87274618
23:24:13:296 2768 DetectCureTDL3: IrpHandler (8) addr: 87274618
23:24:13:296 2768 DetectCureTDL3: IrpHandler (9) addr: 87274618
23:24:13:296 2768 DetectCureTDL3: IrpHandler (10) addr: 87274618
23:24:13:296 2768 DetectCureTDL3: IrpHandler (11) addr: 87274618
23:24:13:296 2768 DetectCureTDL3: IrpHandler (12) addr: 87274618
23:24:13:296 2768 DetectCureTDL3: IrpHandler (13) addr: 87274618
23:24:13:296 2768 DetectCureTDL3: IrpHandler (14) addr: 87274618
23:24:13:296 2768 DetectCureTDL3: IrpHandler (15) addr: 87274618
23:24:13:296 2768 DetectCureTDL3: IrpHandler (16) addr: 87274618
23:24:13:296 2768 DetectCureTDL3: IrpHandler (17) addr: 87274618
23:24:13:296 2768 DetectCureTDL3: IrpHandler (18) addr: 87274618
23:24:13:296 2768 DetectCureTDL3: IrpHandler (19) addr: 87274618
23:24:13:296 2768 DetectCureTDL3: IrpHandler (20) addr: 87274618
23:24:13:296 2768 DetectCureTDL3: IrpHandler (21) addr: 87274618
23:24:13:296 2768 DetectCureTDL3: IrpHandler (22) addr: 87274618
23:24:13:296 2768 DetectCureTDL3: IrpHandler (23) addr: 87274618
23:24:13:296 2768 DetectCureTDL3: IrpHandler (24) addr: 87274618
23:24:13:296 2768 DetectCureTDL3: IrpHandler (25) addr: 87274618
23:24:13:296 2768 DetectCureTDL3: IrpHandler (26) addr: 87274618
23:24:13:296 2768 DetectCureTDL3: All IRP handlers pointed to one addr: 87274618
23:24:13:296 2768 KLMD_ReadMem: Trying to ReadMemory 0x87274618[0x400]
23:24:13:296 2768 TDL3_IrpHookDetect: CheckParameters: 4, FFDF0308, 313, 101, 3, 89
23:24:13:296 2768 Driver "fasttx2k" Irp handler infected by TDSS rootkit ... 23:24:13:296 2768 KLMD_WriteMem: Trying to WriteMemory 0x8727467D[0xD]
23:24:13:296 2768 cured
23:24:13:296 2768 KLMD_ReadMem: Trying to ReadMemory 0x872744BF[0x400]
23:24:13:296 2768 TDL3_StartIoHookDetect: CheckParameters: 9, FFDF0308, 1
23:24:13:296 2768 Driver "fasttx2k" StartIo handler infected by TDSS rootkit ... 23:24:13:296 2768 TDL3_StartIoHookCure: Number of patches 1
23:24:13:296 2768 KLMD_WriteMem: Trying to WriteMemory 0x872745B6[0x6]
23:24:13:296 2768 cured
23:24:13:296 2768 TDL3_FileDetect: Processing driver: fasttx2k
23:24:13:296 2768 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\drivers\fasttx2k.sys
23:24:13:296 2768 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\drivers\fasttx2k.sys
23:24:13:312 2768 TDL3_FileDetect: C:\WINDOWS\system32\drivers\fasttx2k.sys - Verdict: Infected
23:24:13:312 2768 File C:\WINDOWS\system32\drivers\fasttx2k.sys infected by TDSS rootkit ... 23:24:13:312 2768 TDL3_FileCure: Processing driver file: C:\WINDOWS\system32\drivers\fasttx2k.sys
23:24:13:312 2768 ProcessDirEnumEx: FindFirstFile(C:\WINDOWS\system32\DriverStore\FileRepository\*) error 3
23:24:13:312 2768 CABFileCallback: Processing cab-file: C:\WINDOWS\Driver Cache\i386\driver.cab
23:24:13:375 2768 CABFileCallback: Processing cab-file: C:\WINDOWS\Driver Cache\i386\sp1.cab
23:24:13:406 2768 CABFileCallback: Processing cab-file: C:\WINDOWS\Driver Cache\i386\sp2.cab
23:24:13:437 2768 CABFileCallback: Processing cab-file: C:\WINDOWS\Driver Cache\i386\sp3.cab
23:24:13:484 2768 FileCallback: Backup candidate found: C:\WINDOWS\OemDir\fasttx2k.sys:132864, checking..
23:24:13:515 2768 ValidateDriverFile: Stage 1 passed
23:24:13:515 2768 VerifyFileVersionInfo: VerQueryValue (\StringFileInfo\040904b0\OriginalFilename) (C:\WINDOWS\OemDir\fasttx2k.sys) error 1813
23:24:13:515 2768 ValidateDriverFile: Stage 2 failed
23:24:13:515 2768 FileCallback: File doesn't pass validation
23:24:14:343 2768 TDL3_FileCure: Backup copy not found, trying to cure infected file..
23:24:14:343 2768 TDL3_FileCure: Cure success, using it..
23:24:14:343 2768 TDL3_FileCure: Dumping cured buffer to file C:\WINDOWS\system32\drivers\tsk10A.tmp
23:24:14:343 2768 TDL3_FileCure: New / Old Image paths: (system32\drivers\tsk10A.tmp, system32\drivers\fasttx2k.sys)
23:24:14:343 2768 TDL3_FileCure: KLMD jobs schedule success
23:24:14:343 2768 will be cured on next reboot
23:24:14:343 2768 UtilityBootReinit: Reboot required for cure complete..
23:24:14:343 2768 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\drivers\klmdb.sys) returned status 00000000
23:24:14:343 2768 UtilityBootReinit: KLMD drop success
23:24:14:343 2768 KLMD_ApplyPendList: Pending buffer(684C_7026, 624) dropped successfully
23:24:14:343 2768 UtilityBootReinit: Cure on reboot scheduled successfully
23:24:14:343 2768
23:24:14:343 2768 Completed
23:24:14:343 2768
23:24:14:343 2768 Results:
23:24:14:359 2768 Memory objects infected / cured / cured on reboot: 2 / 2 / 0
23:24:14:359 2768 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
23:24:14:359 2768 File objects infected / cured / cured on reboot: 1 / 0 / 1
23:24:14:359 2768
23:24:14:359 2768 UnloadDriverW: NtUnloadDriver error 1
23:24:14:359 2768 KLMD_Unload: UnloadDriverW(klmd21) error 1
23:24:14:359 2768 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\drivers\klmd.sys) returned status 00000000
23:24:14:359 2768 UtilityDeinit: KLMD(ARK) unloaded successfully

ComboFix 10-01-27.03 - Home User 27/01/2010 23:34:42.3.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1023.475 [GMT 0:00]
Running from: c:\documents and settings\Home User\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Home User\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

FILE ::
"C:\ADSB.tmp"
"C:\autorun.inf.vir"
"C:\VundoFix Backups"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\ADSB.tmp
C:\autorun.inf.vir
c:\program files\Coupon Printer
c:\program files\Coupon Printer\fav.ico
c:\program files\Coupon Printer\uninstall.exe
c:\program files\Coupon Printer\Uninstall\IRIMG1.JPG
c:\program files\Coupon Printer\Uninstall\IRIMG2.JPG
c:\program files\Coupon Printer\Uninstall\IRIMG3.JPG
c:\program files\Coupon Printer\Uninstall\IRIMG4.JPG
c:\program files\Coupon Printer\Uninstall\IRIMG5.JPG
c:\program files\Coupon Printer\Uninstall\uninstall.dat
c:\program files\Coupon Printer\Uninstall\uninstall.xml

.
((((((((((((((((((((((((( Files Created from 2009-12-27 to 2010-01-27 )))))))))))))))))))))))))))))))
.

2010-01-26 15:13 . 2010-01-26 15:13 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2010-01-26 10:02 . 2010-01-26 10:02 -------- d-----w- c:\documents and settings\LocalService\IETldCache
2010-01-26 10:02 . 2010-01-26 10:02 -------- d-----w- c:\documents and settings\James\Tracing
2010-01-26 10:02 . 2010-01-26 10:02 -------- d-----w- c:\documents and settings\James\PrivacIE
2010-01-26 09:56 . 2010-01-26 09:56 -------- d-----w- c:\documents and settings\James\Local Settings\Application Data\Sony Ericsson
2010-01-26 09:56 . 2010-01-26 09:56 -------- d-----w- c:\documents and settings\James\Local Settings\Application Data\Sony
2010-01-26 09:56 . 2010-01-26 09:56 -------- d-----w- c:\documents and settings\James\Local Settings\Application Data\PCHealth
2010-01-26 09:55 . 2010-01-26 09:56 -------- d-----w- c:\documents and settings\James\Local Settings\Application Data\Microsoft
2010-01-26 09:55 . 2010-01-26 09:55 -------- d-----w- c:\documents and settings\James\Local Settings\Application Data\Identities
2010-01-26 09:55 . 2010-01-26 09:55 -------- d-----w- c:\documents and settings\James\Local Settings\Application Data\Google
2010-01-26 09:55 . 2010-01-26 09:55 -------- d-----w- c:\documents and settings\James\Local Settings\Application Data\ApplicationHistory
2010-01-26 09:55 . 2010-01-26 09:55 -------- d-----w- c:\documents and settings\James\Local Settings\Application Data\Apple Computer
2010-01-26 09:55 . 2010-01-26 09:55 -------- d-----w- c:\documents and settings\James\Local Settings\Application Data\Adobe
2010-01-26 09:55 . 2009-08-30 20:19 93496 ----a-w- c:\documents and settings\James\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-26 09:55 . 2010-01-26 09:55 -------- d-----w- c:\documents and settings\James\IETldCache
2010-01-26 09:55 . 2010-01-26 09:55 -------- d-----w- c:\documents and settings\James\IECompatCache
2010-01-26 09:52 . 2010-01-26 09:52 -------- d-----w- c:\documents and settings\Jackie\Local Settings\Application Data\Microsoft
2010-01-26 09:52 . 2010-01-26 09:52 -------- d-----w- c:\documents and settings\Jackie\Local Settings\Application Data\Apple Computer
2010-01-26 09:52 . 2010-01-26 09:52 -------- d-----w- c:\documents and settings\Jackie\Application Data\Teleca
2010-01-26 09:52 . 2006-12-26 16:51 71064 ----a-w- c:\documents and settings\Jackie\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-26 09:52 . 2010-01-26 09:52 -------- d-----w- c:\documents and settings\Jackie\Application Data\Sony Ericsson
2010-01-26 08:59 . 2010-01-26 08:59 -------- d-----w- c:\documents and settings\Home User\Local Settings\Application Data\ZattooPlayer
2010-01-26 08:59 . 2010-01-26 08:59 -------- d-----w- c:\documents and settings\Home User\Local Settings\Application Data\Zattoo
2010-01-26 08:59 . 2010-01-26 08:59 -------- d-----w- c:\documents and settings\Home User\Local Settings\Application Data\TomTom
2010-01-26 08:58 . 2010-01-26 08:58 -------- d-----w- c:\documents and settings\Home User\Local Settings\Application Data\Spotify
2010-01-26 08:58 . 2010-01-26 08:58 -------- d-----w- c:\documents and settings\Home User\Local Settings\Application Data\Sony Ericsson
2010-01-26 08:58 . 2010-01-26 08:58 -------- d-----w- c:\documents and settings\Home User\Local Settings\Application Data\Sony Corporation
2010-01-26 08:58 . 2010-01-26 08:58 -------- d-----w- c:\documents and settings\Home User\Local Settings\Application Data\PCHealth
2010-01-26 08:58 . 2010-01-26 08:58 -------- d-----w- c:\documents and settings\Home User\Local Settings\Application Data\Orange
2010-01-26 08:55 . 2010-01-26 08:55 -------- d-----w- c:\documents and settings\Home User\Local Settings\Application Data\IsolatedStorage
2010-01-26 08:42 . 2010-01-26 08:51 -------- d-----w- c:\documents and settings\Home User\Local Settings\Application Data\Google
2010-01-26 08:42 . 2010-01-26 08:42 -------- d-----w- c:\documents and settings\Home User\Local Settings\Application Data\BVRP Software
2010-01-26 08:42 . 2010-01-26 08:42 -------- d-----w- c:\documents and settings\Home User\Local Settings\Application Data\assembly
2010-01-26 08:42 . 2010-01-26 08:42 -------- d-----w- c:\documents and settings\Home User\Local Settings\Application Data\ApplicationHistory
2010-01-26 08:42 . 2010-01-26 08:42 -------- d-----w- c:\documents and settings\Home User\Local Settings\Application Data\Adobe
2010-01-26 08:42 . 2007-02-24 22:12 132 ----a-w- c:\documents and settings\Home User\Local Settings\Application Data\fusioncache.dat
2010-01-26 08:09 . 2010-01-26 08:09 -------- d-----w- c:\documents and settings\Home User\Application Data\OpenOffice.org2
2010-01-26 08:06 . 2010-01-26 08:06 -------- d-----w- c:\documents and settings\Emma\PrivacIE
2010-01-26 07:46 . 2010-01-26 07:46 -------- d-----w- c:\documents and settings\Emma\Local Settings\Application Data\Sony Ericsson
2010-01-26 07:46 . 2010-01-26 07:46 -------- d-----w- c:\documents and settings\Emma\Local Settings\Application Data\Sony Corporation
2010-01-26 07:46 . 2010-01-26 07:46 -------- d-----w- c:\documents and settings\Emma\Local Settings\Application Data\PCHealth
2010-01-26 07:43 . 2010-01-26 07:46 -------- d-----w- c:\documents and settings\Emma\Local Settings\Application Data\Microsoft
2010-01-26 07:43 . 2010-01-26 07:43 -------- d-----w- c:\documents and settings\Emma\Local Settings\Application Data\Identities
2010-01-26 07:43 . 2010-01-26 07:43 -------- d-----w- c:\documents and settings\Emma\Local Settings\Application Data\Google
2010-01-26 07:43 . 2010-01-26 07:43 -------- d-----w- c:\documents and settings\Emma\Local Settings\Application Data\BVRP Software
2010-01-26 07:43 . 2010-01-26 07:43 -------- d-----w- c:\documents and settings\Emma\Local Settings\Application Data\Apple Computer
2010-01-26 07:43 . 2010-01-26 07:43 -------- d-----w- c:\documents and settings\Emma\Local Settings\Application Data\Adobe
2010-01-26 07:43 . 2009-09-09 15:15 93496 ----a-w- c:\documents and settings\Emma\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-26 07:43 . 2010-01-26 07:43 -------- d-----w- c:\documents and settings\Emma\IETldCache
2010-01-26 07:40 . 2010-01-26 07:40 -------- d-----w- c:\documents and settings\All Users\SonicStage
2010-01-26 07:40 . 2010-01-26 07:40 -------- d-----w- c:\documents and settings\All Users\DRM
2010-01-26 07:39 . 2010-01-26 07:39 -------- d-----w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2010-01-26 07:39 . 2010-01-26 07:39 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software
2010-01-26 07:39 . 2010-01-26 07:39 -------- d-----w- c:\documents and settings\All Users\Application Data\TomTom
2010-01-26 07:39 . 2010-01-26 07:39 -------- d-----w- c:\documents and settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2010-01-26 07:39 . 2010-01-26 07:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Teleca
2010-01-26 07:39 . 2010-01-26 07:39 -------- d-----w- c:\documents and settings\All Users\Application Data\SwiftSwitch
2010-01-26 07:39 . 2010-01-26 07:39 -------- d-----w- c:\documents and settings\All Users\Application Data\SwiftKit
2010-01-26 07:39 . 2010-01-26 07:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-01-26 07:39 . 2010-01-26 07:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony Ericsson
2010-01-26 07:38 . 2010-01-26 07:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony Corporation
2010-01-26 07:38 . 2010-01-26 07:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony
2010-01-26 07:38 . 2010-01-26 07:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Sonic
2010-01-26 07:38 . 2010-01-26 07:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Simply Super Software
2010-01-26 07:38 . 2010-01-26 07:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Roxio
2010-01-26 07:38 . 2010-01-26 07:38 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-01-26 07:38 . 2010-01-26 07:38 -------- d-----w- c:\documents and settings\All Users\Application Data\MSN6
2010-01-26 07:38 . 2010-01-26 07:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-01-26 07:36 . 2010-01-26 07:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Kontiki
2010-01-26 07:36 . 2010-01-26 07:36 -------- d-----w- c:\documents and settings\All Users\Application Data\InstallShield
2010-01-26 07:36 . 2010-01-26 07:36 -------- d-----w- c:\documents and settings\All Users\Application Data\ID3-TagIT 3
2010-01-26 07:36 . 2010-01-26 07:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Grisoft
2010-01-26 07:36 . 2010-01-26 07:36 -------- d-----w- c:\documents and settings\All Users\Application Data\Channel4
2010-01-26 07:36 . 2010-01-26 07:36 -------- d-----w- c:\documents and settings\All Users\Application Data\BVRP Software
2010-01-26 07:35 . 2010-01-26 07:35 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2010-01-26 07:35 . 2010-01-26 07:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-01-26 07:35 . 2010-01-26 07:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2010-01-26 07:16 . 2010-01-26 08:09 -------- d-sh--w- c:\documents and settings\Home User\PrivacIE
2010-01-25 21:10 . 2010-01-25 09:21 -------- d-----w- c:\documents and settings\Home User\Local Settings\Application Data\Identities
2010-01-25 21:01 . 2010-01-27 21:10 0 ----a-w- c:\documents and settings\Home User\Local Settings\Application Data\prvlcl.dat
2010-01-25 20:59 . 2010-01-20 22:34 97384 ----a-w- c:\documents and settings\Home User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-25 18:06 . 2010-01-25 03:23 -------- d-----w- c:\documents and settings\Home User\Application Data\Sony Ericsson
2010-01-25 17:44 . 2010-01-25 00:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Speedbit
2010-01-25 17:44 . 2010-01-25 03:28 -------- d-----w- c:\documents and settings\Home User\Application Data\TuneUp Software
2010-01-25 17:44 . 2010-01-25 09:02 -------- d-----w- c:\documents and settings\Home User\Local Settings\Application Data\Copernic
2010-01-25 17:44 . 2010-01-27 23:28 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-01-25 17:43 . 2010-01-25 17:43 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-01-25 17:43 . 2010-01-25 03:24 -------- d-----w- c:\documents and settings\Home User\Application Data\SUPERAntiSpyware.com
2010-01-25 17:43 . 2010-01-26 08:42 -------- d-----w- c:\documents and settings\Home User\Local Settings\Application Data\Apple Computer
2010-01-25 17:42 . 2010-01-26 08:42 -------- d-sh--w- c:\documents and settings\Home User\IETldCache
2010-01-25 14:35 . 2010-01-26 10:02 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-01-25 14:35 . 2010-01-26 07:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-01-25 14:13 . 2010-01-26 10:02 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2010-01-25 14:09 . 2010-01-27 16:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-01-18 17:55 . 2010-01-18 17:55 -------- d-----w- c:\program files\MSECache
2010-01-07 23:01 . 2010-01-07 23:01 -------- d-----w- c:\program files\Personal Backup 4
2010-01-06 17:50 . 2006-06-19 13:01 69632 ----a-w- c:\windows\system32\ztvcabinet.dll
2010-01-06 17:50 . 2006-05-25 15:52 162304 ----a-w- c:\windows\system32\ztvunrar36.dll
2010-01-06 17:50 . 2005-08-26 01:50 77312 ----a-w- c:\windows\system32\ztvunace26.dll
2010-01-06 17:50 . 2010-01-06 17:50 -------- d-----w- c:\program files\Trojan Remover
2010-01-01 18:07 . 2007-12-20 09:41 29440 ----a-w- c:\windows\system32\uxtuneup.dll
2010-01-01 18:07 . 2010-01-01 18:07 306432 ----a-w- c:\windows\system32\TuneUpDefragService.exe
2010-01-01 13:12 . 2010-01-01 13:12 -------- dc-h--w- c:\windows\ie8
2009-12-31 16:22 . 2009-12-31 16:22 -------- d-----w- C:\VundoFix Backups
2009-12-31 16:01 . 2010-01-07 16:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-31 16:01 . 2010-01-09 10:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-31 16:01 . 2010-01-07 16:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-12-30 17:48 . 2009-12-30 17:48 -------- d-----w- c:\program files\Sophos
2009-12-30 09:36 . 2009-12-30 09:36 81 ----a-w- C:\CTX.DAT
2009-12-29 19:04 . 2009-12-29 19:04 -------- d-----w- c:\program files\ESET
2009-12-29 17:36 . 2009-12-29 17:36 -------- d-----w- c:\program files\Trend Micro

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-01-27 23:25 . 2006-12-18 16:31 132864 ----a-w- c:\windows\system32\drivers\Fasttx2k.sys
2010-01-27 17:34 . 2010-01-26 08:09 -------- d-----w- c:\documents and settings\Home User\Application Data\MailWasherPro
2010-01-26 09:54 . 2010-01-26 09:54 -------- d-----w- c:\documents and settings\James\Application Data\Teleca
2010-01-26 09:54 . 2010-01-26 09:54 -------- d-----w- c:\documents and settings\James\Application Data\Sony Ericsson
2010-01-26 09:54 . 2010-01-26 09:54 -------- d-----w- c:\documents and settings\James\Application Data\Sony
2010-01-26 09:54 . 2010-01-26 09:54 -------- d-----w- c:\documents and settings\James\Application Data\SecuROM
2010-01-26 09:54 . 2010-01-26 09:54 -------- d-----w- c:\documents and settings\James\Application Data\OpenOffice.org2
2010-01-26 09:54 . 2010-01-26 09:54 -------- d-----w- c:\documents and settings\James\Application Data\My Battle for Middle-earth(tm) II Files
2010-01-26 09:54 . 2010-01-26 09:54 -------- d-----w- c:\documents and settings\James\Application Data\MailWasherPro
2010-01-26 09:54 . 2010-01-26 09:54 -------- d-----w- c:\documents and settings\James\Application Data\DisplayTune
2010-01-26 09:54 . 2010-01-26 09:54 -------- d-----w- c:\documents and settings\James\Application Data\Apple Computer
2010-01-26 09:54 . 2010-01-26 09:54 -------- d-----w- c:\documents and settings\James\Application Data\AdobeAUM
2010-01-26 09:54 . 2010-01-26 09:54 -------- d-----w- c:\documents and settings\James\Application Data\aAvgApi
2010-01-26 08:09 . 2010-01-26 08:09 -------- d-----w- c:\documents and settings\Home User\Application Data\My Battle for Middle-earth(tm) II Files
2010-01-26 07:42 . 2010-01-26 07:42 -------- d-----w- c:\documents and settings\Emma\Application Data\ZoomBrowser EX
2010-01-26 07:42 . 2010-01-26 07:42 -------- d-----w- c:\documents and settings\Emma\Application Data\Teleca
2010-01-26 07:42 . 2010-01-26 07:42 -------- d-----w- c:\documents and settings\Emma\Application Data\Steinberg
2010-01-26 07:42 . 2010-01-26 07:42 -------- d-----w- c:\documents and settings\Emma\Application Data\Sony Ericsson
2010-01-26 07:42 . 2010-01-26 07:42 -------- d-----w- c:\documents and settings\Emma\Application Data\Sony Corporation
2010-01-26 07:42 . 2010-01-26 07:42 -------- d-----w- c:\documents and settings\Emma\Application Data\OpenOffice.org2
2010-01-26 07:42 . 2010-01-26 07:42 -------- d-----w- c:\documents and settings\Emma\Application Data\LimeWire
2010-01-26 07:42 . 2010-01-26 07:42 -------- d-----w- c:\documents and settings\Emma\Application Data\Hewlett-Packard
2010-01-26 07:42 . 2010-01-26 07:42 -------- d-----w- c:\documents and settings\Emma\Application Data\DisplayTune
2010-01-26 07:42 . 2010-01-26 07:42 -------- d-----w- c:\documents and settings\Emma\Application Data\CANON INC
2010-01-26 07:42 . 2010-01-26 07:42 -------- d-----w- c:\documents and settings\Emma\Application Data\Apple Computer
2010-01-26 07:42 . 2010-01-26 07:42 -------- d-----w- c:\documents and settings\Emma\Application Data\AdobeAUM
2010-01-26 07:36 . 2009-11-14 10:43 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
2010-01-24 20:12 . 2007-06-21 20:33 -------- d-----w- c:\program files\iolo
2010-01-22 13:59 . 2007-04-01 19:43 32517553 ----a-w- c:\windows\Internet Logs\tvDebug.zip
2010-01-20 14:27 . 2009-08-30 20:19 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-17 13:23 . 2010-01-26 08:09 39 ----a-w- c:\documents and settings\Home User\jagex_runescape_preferences.dat
2010-01-17 13:23 . 2010-01-26 08:09 69 ----a-w- c:\documents and settings\Home User\jagex_runescape_preferences2.dat
2010-01-07 18:42 . 2009-12-28 20:00 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-01-03 18:57 . 2010-01-04 13:06 126976 ----a-w- c:\windows\Internet Logs\xDB6.tmp
2010-01-01 18:08 . 2009-04-13 16:58 -------- d-----w- c:\program files\TuneUp Utilities 2008
2009-12-31 17:27 . 2010-01-01 12:58 11140 ----a-w- c:\windows\PCHealth\HelpCtr\Config\Cache\Personal_32_1033.dat
2009-12-28 22:40 . 2009-04-10 21:41 -------- d-----w- c:\program files\SystemRequirementsLab
2009-12-28 22:06 . 2007-04-18 20:31 -------- d-----w- c:\program files\Java
2009-12-28 12:15 . 2009-04-13 16:57 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-12-26 19:13 . 2009-12-26 19:13 -------- d-----w- c:\program files\CCleaner
2009-12-26 18:01 . 2007-08-27 18:30 -------- d-----w- c:\program files\Oxigen
2009-12-26 09:21 . 2006-12-22 19:30 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-12-26 08:33 . 2009-12-26 09:21 1093632 ----a-w- c:\windows\Internet Logs\xDB5.tmp
2009-12-24 21:21 . 2010-01-26 09:54 69 ----a-w- c:\documents and settings\James\jagex_runescape_preferences2.dat
2009-12-24 21:20 . 2010-01-26 09:54 39 ----a-w- c:\documents and settings\James\jagex_runescape_preferences.dat
2009-12-23 16:17 . 2010-01-26 07:42 13228 ----a-w- c:\documents and settings\Emma\Application Data\wklnhst.dat
2009-12-22 10:29 . 2009-05-17 15:59 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-12-21 19:14 . 2002-08-29 11:00 916480 ------w- c:\windows\system32\wininet.dll
2009-12-13 13:09 . 2010-01-26 09:54 26880 ----a-w- c:\documents and settings\James\Application Data\wklnhst.dat
2009-11-30 14:52 . 2009-11-30 14:52 31 ---ha-w- c:\windows\UKCpInfo.sys
2009-11-23 14:34 . 2009-11-23 14:34 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-11-23 14:34 . 2009-03-29 20:21 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-11-21 15:51 . 2002-08-29 11:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-14 10:44 . 2008-05-03 12:29 360584 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-11-14 10:44 . 2008-05-03 12:29 333192 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-11-14 10:44 . 2008-05-03 12:29 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2009-11-14 10:44 . 2008-04-14 20:48 28424 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-11-06 21:14 . 2009-11-07 13:02 2696192 ----a-w- c:\windows\Internet Logs\xDB4.tmp
.

((((((((((((((((((((((((((((( SnapShot@2010-01-25_17.44.51 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-01-27 23:26 . 2010-01-27 23:26 16384 c:\windows\Temp\Perflib_Perfdata_574.dat
+ 2006-12-18 17:44 . 2010-01-27 07:11 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2006-12-18 17:44 . 2010-01-25 14:08 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2010-01-26 07:18 . 2010-01-27 07:11 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat
- 2010-01-25 14:13 . 2010-01-25 15:48 16384 c:\windows\system32\config\systemprofile\IETldCache\index.dat
+ 2006-12-18 17:44 . 2010-01-27 07:11 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2006-12-18 17:44 . 2010-01-25 14:08 32768 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2006-12-18 17:44 . 2010-01-27 07:11 311296 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2006-12-18 17:44 . 2010-01-25 14:08 311296 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-11-25 13:01 1230080 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2009-11-25 1230080]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-04-08 251240]
"Copernic Desktop Search - Home"="c:\program files\Copernic Desktop Search 2\DesktopSearchService.exe" [2008-09-18 1698816]
"TuneUp MemOptimizer"="c:\program files\TuneUp Utilities 2008\MemOptimizer.exe" [2008-01-08 196864]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-26 68856]
"DownloadAccelerator"="c:\program files\DAP\DAP.EXE" [2009-04-09 2811392]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-01-07 2002160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-14 110592]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-16 981384]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-12 342312]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-12-21 788880]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-09-04 935288]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2010-01-01 2033432]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2009-10-17 1070984]

c:\documents and settings\Emma\Start Menu\Programs\Startup\
OpenOffice.org 2.2.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-1-21 393216]

c:\documents and settings\James\Start Menu\Programs\Startup\
Adobe Media Player.lnk - c:\program files\Adobe Media Player\Adobe Media Player.exe [2008-9-5 260096]
OpenOffice.org 2.4.lnk - c:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-1-21 393216]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-6 147456]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 14:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-11-14 10:44 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0smrgdf c:\program files\iolo\System Mechanic 6\\0lsdelete

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zebtab]
c:\documents and settings\Home User\Start Menu [X]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"swg"=c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Microsoft Works Update Detection"=c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
"PinnacleDriverCheck"=c:\windows\system32\PSDrvCheck.exe
"SpeedTouch USB Diagnostics"="c:\program files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
"Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\DAP\\DAP.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XI\\RpcSandraSrv.exe"=
"c:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XI\\Win32\\RpcDataSrv.exe"=
"c:\\Program Files\\Electronic Arts\\The Battle for Middle-earth (tm) II\\game.dat"=
"c:\\Program Files\\Sierra Entertainment\\World in Conflict - DEMO\\wic.exe"=
"c:\\Program Files\\Kontiki\\KService.exe"=
"c:\\Program Files\\THQ\\Company of Heroes\\RelicCOH.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\THQ\\Company of Heroes\\RelicDownloader\\RelicDownloader.exe"=
"c:\\Program Files\\Spotify\\spotify.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [29/03/2009 19:28 64288]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [03/05/2008 12:29 333192]
R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [03/05/2008 12:29 360584]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [16/12/2009 16:26 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [16/12/2009 16:26 74480]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [14/11/2009 10:43 906520]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [14/11/2009 10:43 285392]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [30/08/2009 20:18 54752]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [08/04/2009 10:38 92008]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [16/12/2009 16:27 7408]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [18/12/2006 19:11 17149]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\Windows Live\Family Safety\fsssvc.exe [05/08/2009 21:48 704864]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [24/09/2009 11:17 1181328]
S3 MEMSWEEP2;MEMSWEEP2; [x]
S3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [24/03/2009 11:03 7808]
S3 TTDec;ATI WDM Teletext Decoder (Microsoft Corporation);c:\windows\system32\drivers\atinttxx.sys [18/12/2006 18:45 13824]
S3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service; [x]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - KLMDB
*Deregistered* - klmdb

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
.
Contents of the 'Scheduled Tasks' folder

2010-01-27 c:\windows\Tasks\Ad-Aware Update (Daily 1).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 20:36]

2010-01-27 c:\windows\Tasks\Ad-Aware Update (Daily 2).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 20:36]

2010-01-24 c:\windows\Tasks\Ad-Aware Update (Daily 3).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 20:36]

2010-01-27 c:\windows\Tasks\Ad-Aware Update (Daily 4).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 20:36]

2010-01-25 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 20:36]

2010-01-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 11:34]

2010-01-27 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-10-26 18:12]

2010-01-27 c:\windows\Tasks\User_Feed_Synchronization-{8BFFD401-32DC-48DD-8454-8E1DB65A8328}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 04:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://orange.co.uk
uInternet Settings,ProxyOverride = <local>
IE: &Clean Traces - c:\program files\DAP\Privacy Package\dapcleanerie.htm
IE: &Download with &DAP - c:\program files\DAP\dapextie.htm
IE: Download &all with DAP - c:\program files\DAP\dapextie2.htm
IE: orange search
IE: Search with Freeserve - c:\progra~1\FREESE~1\FSBar\FSBar.dll/VSearch.htm
IE: Send To &Bluetooth - c:\program files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
- - - - ORPHANS REMOVED - - - -

AddRemove-Coupon Printer2.0 - c:\program files\Coupon Printer\uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-27 23:47
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1644491937-1801674531-839522115-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:1e,e9,84,0f,d2,71,48,eb,6b,a2,4c,7d,08,4a,e4,0f,d6,2d,46,5d,4b,fc,a7,
82,43,d1,df,6f,64,0d,24,9e,2e,2c,bb,5a,0c,34,a5,dd,07,d3,d2,b8,d8,db,b8,b2,\
"??"=hex:e2,06,90,c3,a9,ab,f7,ca,1c,f7,63,d7,3e,f2,89,5d
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(756)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2010-01-27 23:58:19
ComboFix-quarantined-files.txt 2010-01-27 23:58
ComboFix2.txt 2010-01-26 22:13

Pre-Run: 22,508,244,992 bytes free
Post-Run: 22,525,480,960 bytes free

- - End Of File - - 92774A0DE787544286910443D5FA417C


Computer seems to be running well. Boot up quicker, IE and chrome both quicker and no redirect on google searches.

Await your comments.

Thanks

Adam
AdamL
Active Member
 
Posts: 10
Joined: January 1st, 2010, 11:37 am

Re: Google Redirect Issue

Unread postby jmw3 » January 28th, 2010, 4:04 am

Hi

Looking good. Just on more scan to check for any leftovers.

Kaspersky Online Scan
Do an online scan with >Kaspersky Online Scanner<
  • Read through the requirements and privacy statement and click on Accept button
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run
  • When the downloads have finished, click on Settings
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
      Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan
  • Once the scan is complete, it will display the results. Click on View Scan Report
  • You will see a list of infected items there. Click on Save Report As...
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button
  • Please post this log in your next reply
Pictured tutorial if required.

Kaspersky Online Scan log
New HijackThis log
User avatar
jmw3
MRU Emeritus
MRU Emeritus
 
Posts: 4621
Joined: February 12th, 2008, 2:36 am
Location: Port Hedland, Western Australia

Re: Google Redirect Issue

Unread postby AdamL » January 29th, 2010, 1:24 am

Hi, Kapersky log as below

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Friday, January 29, 2010
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Thursday, January 28, 2010 21:12:15
Records in database: 3381979
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
A:\
C:\
D:\
E:\

Scan statistics:
Objects scanned: 176160
Threats found: 2
Infected objects found: 2
Suspicious objects found: 4
Scan duration: 06:29:46


File name / Threat / Threats count
C:\Documents and Settings\Home User\Local Settings\Application Data\Identities\{DB335E66-22BB-4DB3-A9FD-8ACA292FC507}\Microsoft\Outlook Express\Deleted Items.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 2
C:\Documents and Settings\Home User\My Documents\My Completed Downloads\ie8_xp.exe Infected: Trojan.Win32.Pasta.td 1
C:\Qoobox\Quarantine\C\Documents and Settings\Home User\Local Settings\Application Data\Identities\{DB335E66-22BB-4DB3-A9FD-8ACA292FC507}\Microsoft\Outlook Express\Deleted Items.dbx Suspicious: Trojan-Spy.HTML.Fraud.gen 2
C:\Qoobox\Quarantine\C\Documents and Settings\Home User\My Documents\My Completed Downloads\ie8_xp.exe Infected: Trojan.Win32.Pasta.td 1

Selected area has been scanned.

Await further comments.

Adam
AdamL
Active Member
 
Posts: 10
Joined: January 1st, 2010, 11:37 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 344 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware