Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

searches being redirected [RESOLVED]


  • This topic is locked This topic is locked

#16
franny683

franny683

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts
Oops... so sorry here it is....

Deckard's System Scanner v20071014.68
Run by Maki 01 on 2008-02-26 17:47:09
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 3 Restore Point(s) --
3: 2008-02-26 23:47:14 UTC - RP3 - Deckard's System Scanner Restore Point
2: 2008-02-26 22:17:19 UTC - RP2 - Software Distribution Service 3.0
1: 2008-02-26 21:00:01 UTC - RP1 - System Checkpoint


Performed disk cleanup.



-- HijackThis (run as Maki 01.exe) ---------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:47:21 PM, on 2/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
C:\WINDOWS\System32\svchost.exe
C:\windows\system32\Brmfrmps.exe
C:\Program Files\Diskeeper Corporation\Diskeeper Administrator\DKSAdmin.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\WINDOWS\System32\NILaunch.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\Maki 01\desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\MAKI01~1.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bmo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Net-It Launcher] C:\WINDOWS\System32\NILaunch.exe
O4 - HKLM\..\Run: [GoToMyPC] C:\Program Files\Citrix\GoToMyPC\g2svc.exe -logon
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [BullGuard] "C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe" -boot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [DoubleSafety] "C:\Program Files\DoubleSafety\DoubleSafety.exe" /logon
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ccleaner] "C:\Documents and Settings\Maki 01\Desktop\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BullGuard] "C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Pervasive.SQL Workgroup Engine.lnk = C:\dea10\W3DBSMGR.EXE
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) -
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} -
O16 - DPF: {C5326A4D-E9AA-40AD-A09A-E74304D86B47} -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcp.../pcpitstop2.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BullGuard LiveUpdate (BgLiveSvc) - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
O23 - Service: BGRaSvc - BullGuard - C:\Program Files\BullGuard Ltd\BullGuard\support\bgrasvc.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\windows\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Diskeeper Administrator - Diskeeper® Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper Administrator\DKSAdmin.exe
O23 - Service: GoToMyPC - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToMyPC\g2svc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe

--
End of file - 7465 bytes

-- HijackThis Fixed Entries (C:\PROGRA~1\TRENDM~1\HIJACK~1\backups\) -----------

backup-20080225-140853-180 O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
backup-20080225-140853-355 O16 - DPF: {C5326A4D-E9AA-40AD-A09A-E74304D86B47} -
backup-20080225-140853-680 O17 - HKLM\System\CS3\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
backup-20080225-140853-858 O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
backup-20080225-140853-947 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
backup-20080225-140853-960 O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 SASDIFSV - c:\program files\superantispyware\sasdifsv.sys
R1 SASKUTIL - c:\program files\superantispyware\saskutil.sys
R2 CdaD10BA - c:\windows\system32\drivers\cdad10ba.sys <Not Verified; Macrovision Europe Ltd; Security Windows NT>
R3 SASENUM - c:\program files\superantispyware\sasenum.sys <Not Verified; SuperAdBlocker, Inc.; SuperAntiSpyware>

S3 iAimTV2 - c:\windows\system32\drivers\watv03nt.sys (file missing)


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 Diskeeper Administrator - "c:\program files\diskeeper corporation\diskeeper administrator\dksadmin.exe" <Not Verified; Diskeeper® Corporation; Diskeeper Administrator>


-- Device Manager: Disabled ----------------------------------------------------

No disabled devices found.


-- Process Modules -------------------------------------------------------------

C:\windows\system32\winlogon.exe (pid 896)
2007-04-19 13:41:36 294912 --a------ C:\Program Files\SUPERAntiSpyware\SASWINLO.dll <Not Verified; SUPERAntiSpyware.com; SUPERAntiSpyware WinLogon Processor>

C:\windows\system32\svchost.exe (pid 384)
2008-02-21 10:32:06 181760 --a------ C:\Program Files\BullGuard Ltd\BullGuard\Antivirus\bdcore.dll <Not Verified; SOFTWIN SRL; bdcore.dll>
2008-02-21 10:32:10 142848 --a------ C:\Program Files\BullGuard Ltd\BullGuard\Antivirus\libfn.dll

C:\windows\explorer.exe (pid 648)
2006-12-20 13:55:48 77824 --a------ C:\Program Files\SUPERAntiSpyware\SASSEH.DLL <Not Verified; SuperAdBlocker.com; SuperAntiSpyware>


-- Scheduled Tasks -------------------------------------------------------------

2008-02-26 13:12:02 426 --ah---c- C:\WINDOWS\Tasks\User_Feed_Synchronization-{8BE047CD-39BF-433B-8ABD-59BA4D6455BD}.job
2008-02-22 17:18:24 394 --a----c- C:\WINDOWS\Tasks\1-Click Maintenance.job


-- Files created between 2008-01-26 and 2008-02-26 -----------------------------

2008-02-26 17:42:41 0 dr-h----- C:\Documents and Settings\Maki 01\Recent
2008-02-26 17:31:11 0 d-------- C:\Documents and Settings\Maki 01\Application Data\Malwarebytes
2008-02-26 17:31:04 0 d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-02-26 17:31:00 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-02-26 15:10:56 0 d-------- C:\Documents and Settings\All Users\Application Data\Google
2008-02-26 15:10:19 0 d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-02-26 15:06:55 0 d-------- C:\Program Files\SpywareGuard
2008-02-26 15:05:45 0 d-------- C:\Program Files\Lavasoft
2008-02-26 15:04:29 0 d-------- C:\Program Files\SpywareBlaster
2008-02-25 16:36:32 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-02-25 16:36:31 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-02-22 15:13:46 0 d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-02-22 15:13:41 0 d-------- C:\Program Files\SUPERAntiSpyware
2008-02-22 15:13:41 0 d-------- C:\Documents and Settings\Maki 01\Application Data\SUPERAntiSpyware.com
2008-02-22 14:01:03 0 d-------- C:\Documents and Settings\Maki 01\Application Data\Grisoft
2008-02-21 15:25:46 0 d-------- C:\Program Files\T4_Internet_T4_ par_Internet_8.1
2008-02-21 10:23:36 0 d-------- C:\Documents and Settings\Maki 01\Application Data\BullGuard
2008-02-21 10:18:08 0 d-------- C:\Documents and Settings\All Users\Application Data\BullGuard
2008-02-21 10:18:06 0 d-------- C:\Program Files\BullGuard Ltd
2008-02-21 10:15:18 0 d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-02-20 11:10:54 0 d-------- C:\Program Files\Trend Micro
2008-02-19 16:16:21 0 d-------- C:\EngAdven
2008-02-06 13:01:07 0 d-------- C:\WINDOWS\Intuit


-- Find3M Report ---------------------------------------------------------------

2008-02-26 16:43:37 0 d-------- C:\Documents and Settings\Maki 01\Application Data\Google
2008-02-26 16:39:55 0 d-------- C:\Documents and Settings\Maki 01\Application Data\OfficeUpdate12
2008-02-26 15:10:56 0 d-------- C:\Program Files\Google
2008-02-26 09:45:21 0 d-------- C:\Program Files\LogMeIn
2008-02-22 15:13:21 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-02-21 15:25:52 0 d--h----- C:\Program Files\Zero G Registry
2008-02-20 09:53:58 0 d-------- C:\Program Files\QuickTime
2008-02-13 17:46:07 0 d-------- C:\Documents and Settings\Maki 01\Application Data\HouseCall 6.6
2008-02-06 13:06:43 0 d-------- C:\Program Files\Common Files\Symantec Shared
2008-02-06 13:04:59 0 d-------- C:\Program Files\Windows Live Toolbar
2008-02-06 13:04:18 0 d-------- C:\Program Files\Windows Live Safety Center
2008-02-06 13:02:51 0 d-------- C:\Program Files\Windows Live
2008-02-06 13:00:26 0 d-------- C:\Program Files\Common Files\Intuit
2008-02-06 12:56:23 0 d-------- C:\Program Files\DHL Easyship Desktop Software
2008-02-06 12:55:33 0 d-------- C:\Program Files\Common Files
2008-02-05 17:57:22 0 d-------- C:\Program Files\Glary Utilities
2008-01-23 17:06:13 0 d-------- C:\Documents and Settings\Maki 01\Application Data\Adobe
2008-01-21 13:00:32 0 d-------- C:\Program Files\Common Files\SWF Studio
2008-01-21 12:40:40 0 d-------- C:\Program Files\Common Files\supportsoft
2008-01-21 12:37:09 0 d-------- C:\Program Files\Intuit
2008-01-21 12:33:05 0 d-------- C:\Documents and Settings\Maki 01\Application Data\Download Manager
2008-01-21 12:05:27 0 d-------- C:\Program Files\Akamai
2008-01-16 10:47:41 0 d-------- C:\Program Files\PCPitstop
2008-01-15 16:44:34 0 d-------- C:\Program Files\Citrix
2008-01-15 15:35:18 0 d-------- C:\Documents and Settings\Maki 01\Application Data\iolo
2008-01-11 17:40:12 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-01-11 17:38:16 0 d-------- C:\Program Files\Free Download Manager
2008-01-09 11:47:25 0 d-------- C:\Program Files\Cursed Weel
2008-01-08 11:48:47 25 --a------ C:\Documents and Settings\Maki 01\Application Data\tcw_config.cfg
2008-01-05 15:28:09 421 --a------ C:\WINDOWS\brdfxspd.dat
2008-01-02 17:12:33 0 d-------- C:\Program Files\MSBuild
2008-01-02 17:08:42 0 d-------- C:\Program Files\Reference Assemblies
2008-01-02 17:07:48 0 d-------- C:\Program Files\MSXML 6.0
2008-01-02 16:58:26 0 d-------- C:\Program Files\Microsoft Works
2007-12-10 15:52:52 50 --a------ C:\WINDOWS\system32\BRIDF04A.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Net-It Launcher"="C:\WINDOWS\System32\NILaunch.exe" [02/05/1998 01:16 PM]
"GoToMyPC"="C:\Program Files\Citrix\GoToMyPC\g2svc.exe" [01/12/2007 05:45 PM]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [04/14/2004 02:46 PM]
"SetDefPrt"="C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe" [05/25/2004 09:16 AM]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [10/14/2005 02:49 PM]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [10/14/2005 02:50 PM]
"BullGuard"="C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe" [02/21/2008 10:31 AM]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [06/11/2007 03:25 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DoubleSafety"="C:\Program Files\DoubleSafety\DoubleSafety.exe" [10/28/2007 10:03 AM]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [01/28/2008 11:43 AM]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [10/18/2007 11:34 AM]
"ccleaner"="C:\Documents and Settings\Maki 01\Desktop\CCleaner.exe" [01/17/2008 03:40 AM]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 01:56 AM]
"BullGuard"="C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe" [02/21/2008 10:31 AM]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [06/21/2007 02:06 PM]

C:\Documents and Settings\Maki 01\Start Menu\Programs\Startup\
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [8/29/2003 7:05:35 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2/26/2008 3:10:19 PM]
Pervasive.SQL Workgroup Engine.lnk - C:\dea10\W3DBSMGR.EXE [6/30/2005 12:46:10 PM]
Status Monitor.lnk - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [12/10/2007 3:52:32 PM]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSharedDocuments"=00000000
"ClearRecentDocsOnExit"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [12/20/2006 01:55 PM 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 04/19/2007 01:41 PM 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToMyPC]
C:\Program Files\Citrix\GoToMyPC\G2WinLogon.dll 01/12/2007 05:45 PM 10800 C:\Program Files\Citrix\GoToMyPC\G2WinLogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 11/15/2007 06:46 PM 87352 C:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BgMainSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ControlCenter2.0"=C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
"IndexSearch"=C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
"LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
BullGuard BgMainSvc BsFileScan BsMailProxy BsFire

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp




-- Hosts -----------------------------------------------------------------------

127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com

7969 more entries in hosts file.


-- End of Deckard's System Scanner: finished at 2008-02-26 17:48:05 ------------
  • 0

Advertisements


#17
andrewuk

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
looks like it did not do much. so we will clear that up and run a rootkit scan.


====STEP 1====
Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O16 - DPF: {C5326A4D-E9AA-40AD-A09A-E74304D86B47} -


Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.


====STEP 2====
Please download the Sophos Anti-Rootkit Scanner and save it to your desktop.

You will need to enter your name, e-mail address and location in order to access the download page.

  • Once you have downloaded the file, double click the sarsfx icon
  • Review the licence agreement and click on the Accept button
  • The scanner will prompt you to extract the files to C:\SOPHTEMP - DO NOT change this location, simply click the Install button
  • Once the files have been extracted; using Windows Explorer, navigate to C:\SOPHTEMP and double click on the blue shield icon called sargui
  • Ensure that there are checkmarks next to Running processes, Windows registry and Local hard drives, then click Start scan
  • Allow the program to scan your computer - please be patient as it may take some time
  • Once the scan has completed a window will pop-up with the results of the scan - click OK to this
  • In the main window, you will see each of the entries found by the scan (if any)
    • If the scanner generated any warning messages, please click on each warning and copy and paste the text of it into this thread for me to review
    • Once you have posted any warning messages here, you can close the scanner and wait for me to get back to you
  • If you have not had any warnings, any entries which can be cleaned up by the scanner will have a box with a green checkmark in it next to the entry
  • To clean up these entries click on the Clean up checked items button
  • If you accidentally check a file NOT recommended for clean up, you will get a warning message and if necessary can re-select the entries you want to clean up
  • Once you have cleaned the selected files, you will be prompted to re-boot your computer - please do so
  • When you have re-booted, please post a fresh HijackThis log into this thread and tell me how your computer is running now
Thanks

andrewuk
  • 0

#18
franny683

franny683

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts
That sars scan did find anything. Here is the fresh hijackthis log

I have to go home now; but will check for your reply in the morning. Thanks for all your help.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:01:54 PM, on 2/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
C:\WINDOWS\System32\svchost.exe
C:\windows\system32\Brmfrmps.exe
C:\Program Files\Diskeeper Corporation\Diskeeper Administrator\DKSAdmin.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\NILaunch.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bmo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Net-It Launcher] C:\WINDOWS\System32\NILaunch.exe
O4 - HKLM\..\Run: [GoToMyPC] C:\Program Files\Citrix\GoToMyPC\g2svc.exe -logon
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [BullGuard] "C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe" -boot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [DoubleSafety] "C:\Program Files\DoubleSafety\DoubleSafety.exe" /logon
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ccleaner] "C:\Documents and Settings\Maki 01\Desktop\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BullGuard] "C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Pervasive.SQL Workgroup Engine.lnk = C:\dea10\W3DBSMGR.EXE
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) -
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} -
O16 - DPF: {C5326A4D-E9AA-40AD-A09A-E74304D86B47} -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcp.../pcpitstop2.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BullGuard LiveUpdate (BgLiveSvc) - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
O23 - Service: BGRaSvc - BullGuard - C:\Program Files\BullGuard Ltd\BullGuard\support\bgrasvc.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\windows\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Diskeeper Administrator - Diskeeper® Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper Administrator\DKSAdmin.exe
O23 - Service: GoToMyPC - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToMyPC\g2svc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe

--
End of file - 7426 bytes

Edited by franny683, 26 February 2008 - 07:06 PM.

  • 0

#19
andrewuk

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
those hijackthis entries dont seem to want to go, which indicates that we have not yet got to the bottom of this infection.

i am guessing that you are still being diverted?

we will use another tool which has a more powerful file deletion capability:

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

      -----------------------------------------------------------

    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

    -----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

andrewuk
  • 0

#20
franny683

franny683

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts
New Logs

ComboFix 08-02-25.3 - Maki 01 2008-02-27 12:57:14.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.567 [GMT -6:00]
Running from: C:\Documents and Settings\Maki 01\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\Downloaded Program Files\Quarantine

.
((((((((((((((((((((((((( Files Created from 2008-01-27 to 2008-02-27 )))))))))))))))))))))))))))))))
.

2008-02-27 12:32 . 2008-02-27 12:35 <DIR> d-------- C:\Program Files\Mamutu
2008-02-26 18:52 . 2008-02-26 18:52 <DIR> d-------- C:\Program Files\Sophos
2008-02-26 17:31 . 2008-02-26 17:31 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-02-26 17:31 . 2008-02-26 17:31 <DIR> d-------- C:\Documents and Settings\Maki 01\Application Data\Malwarebytes
2008-02-26 17:31 . 2008-02-26 17:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-02-26 15:10 . 2008-02-26 16:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-02-26 15:06 . 2008-02-26 16:41 <DIR> d-------- C:\Program Files\SpywareGuard
2008-02-26 15:05 . 2008-02-26 15:05 <DIR> d-------- C:\Program Files\Lavasoft
2008-02-26 15:04 . 2008-02-26 15:20 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-02-26 15:04 . 2005-08-25 18:19 115,920 --a------ C:\windows\system32\MSINET.OCX
2008-02-25 16:36 . 2008-02-25 16:36 <DIR> d-------- C:\windows\system32\Kaspersky Lab
2008-02-25 16:36 . 2008-02-25 16:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-02-22 18:23 . 2008-02-22 18:23 <DIR> d-------- C:\Deckard
2008-02-22 16:12 . 2008-02-22 16:12 2,550 --a------ C:\windows\system32\Uninstall.ico
2008-02-22 15:13 . 2008-02-25 15:26 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-02-22 15:13 . 2008-02-22 15:13 <DIR> d-------- C:\Documents and Settings\Maki 01\Application Data\SUPERAntiSpyware.com
2008-02-22 15:13 . 2008-02-22 15:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-02-22 14:01 . 2008-02-22 14:01 <DIR> d-------- C:\Documents and Settings\Maki 01\Application Data\Grisoft
2008-02-22 14:00 . 2007-05-30 06:10 10,872 --a------ C:\windows\system32\drivers\AvgAsCln.sys
2008-02-21 15:25 . 2008-02-21 18:38 <DIR> d-------- C:\Program Files\T4_Internet_T4_ par_Internet_8.1
2008-02-21 10:23 . 2008-02-21 11:54 <DIR> d-------- C:\Documents and Settings\Maki 01\Application Data\BullGuard
2008-02-21 10:18 . 2008-02-21 10:18 <DIR> d-------- C:\Program Files\BullGuard Ltd
2008-02-21 10:18 . 2008-02-27 11:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BullGuard
2008-02-21 10:18 . 2008-02-21 10:31 51,152 --a------ C:\windows\system32\drivers\BdFileSpy.sys
2008-02-21 10:15 . 2008-02-21 10:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg7
2008-02-20 11:10 . 2008-02-20 15:11 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-19 16:16 . 2008-02-19 16:16 <DIR> d-------- C:\EngAdven
2008-02-06 13:01 . 2008-02-06 13:01 <DIR> d-------- C:\windows\Intuit
2008-02-05 17:54 . 2001-08-17 13:28 794,654 --a------ C:\windows\system32\dllcache\usr1801.sys
2008-02-05 17:53 . 2001-08-17 22:36 495,616 --a------ C:\windows\system32\dllcache\sblfx.dll
2008-02-05 17:52 . 2001-08-17 13:28 899,146 --a------ C:\windows\system32\dllcache\r2mdkxga.sys
2008-02-05 17:51 . 2003-03-31 04:00 1,875,968 --a------ C:\windows\system32\dllcache\msir3jp.lex
2008-02-05 17:50 . 2003-03-31 04:00 1,158,818 --a------ C:\windows\system32\dllcache\korwbrkr.lex
2008-02-05 17:49 . 2003-03-31 04:00 13,463,552 --a------ C:\windows\system32\dllcache\hwxjpn.dll
2008-02-05 17:48 . 2001-08-17 14:56 1,733,120 --a------ C:\windows\system32\dllcache\g400d.dll
2008-02-05 17:47 . 2003-03-31 04:00 1,677,824 --a------ C:\windows\system32\dllcache\chsbrkr.dll
2008-02-05 17:46 . 2001-08-17 13:28 871,388 --a------ C:\windows\system32\dllcache\bcmdm.sys
2008-02-05 17:45 . 2001-08-17 13:28 762,780 --a------ C:\windows\system32\dllcache\3cwmcru.sys
2008-02-05 17:44 . 2004-04-19 10:28 169,984 --a------ C:\windows\system32\dllcache\iisui.dll
2008-02-05 17:44 . 2004-04-19 10:25 94,720 --a------ C:\windows\system32\dllcache\certmap.ocx
2008-02-05 17:44 . 2004-04-19 10:28 19,968 --a------ C:\windows\system32\dllcache\inetsloc.dll
2008-02-05 17:44 . 2004-04-19 10:28 14,336 --a------ C:\windows\system32\dllcache\iisreset.exe
2008-02-05 17:44 . 2004-04-19 10:28 7,680 --a------ C:\windows\system32\dllcache\inetmgr.exe
2008-02-05 17:44 . 2004-04-19 10:28 6,144 --a------ C:\windows\system32\dllcache\ftpsapi2.dll
2008-02-05 17:44 . 2004-04-19 10:28 5,632 --a------ C:\windows\system32\dllcache\iisrstap.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-27 16:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\pdf995
2008-02-27 15:45 --------- d-----w C:\Program Files\LogMeIn
2008-02-26 22:39 --------- d-----w C:\Documents and Settings\Maki 01\Application Data\OfficeUpdate12
2008-02-26 21:10 --------- d-----w C:\Program Files\Google
2008-02-22 23:03 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-02-22 21:13 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-02-21 21:25 --------- d--h--w C:\Program Files\Zero G Registry
2008-02-21 16:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-20 18:08 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trend Micro
2008-02-20 15:53 --------- d-----w C:\Program Files\QuickTime
2008-02-13 23:46 --------- d-----w C:\Documents and Settings\Maki 01\Application Data\HouseCall 6.6
2008-02-12 22:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\PCPitstop
2008-02-07 00:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-02-06 19:06 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-06 19:04 --------- d-----w C:\Program Files\Windows Live Toolbar
2008-02-06 19:04 --------- d-----w C:\Program Files\Windows Live Safety Center
2008-02-06 19:02 --------- d-----w C:\Program Files\Windows Live
2008-02-06 19:00 --------- d-----w C:\Program Files\Common Files\Intuit
2008-02-06 18:56 --------- d-----w C:\Program Files\DHL Easyship Desktop Software
2008-02-05 23:57 --------- d-----w C:\Program Files\Glary Utilities
2008-02-05 20:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-23 23:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Intuit
2008-01-21 19:00 --------- d-----w C:\Program Files\Common Files\SWF Studio
2008-01-21 18:40 --------- d-----w C:\Program Files\Common Files\supportsoft
2008-01-21 18:37 --------- d-----w C:\Program Files\Intuit
2008-01-21 18:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\COMMON FILES
2008-01-21 18:33 --------- d-----w C:\Documents and Settings\Maki 01\Application Data\Download Manager
2008-01-21 18:05 --------- d-----w C:\Program Files\Akamai
2008-01-16 16:47 --------- d-----w C:\Program Files\PCPitstop
2008-01-15 22:44 65,336 ----a-w C:\Documents and Settings\Maki 01\g2ax_expert_downloadhelper_win32_x86.exe
2008-01-15 22:44 --------- d-----w C:\Program Files\Citrix
2008-01-15 21:35 --------- d-----w C:\Documents and Settings\Maki 01\Application Data\iolo
2008-01-11 23:40 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-11 23:40 --------- d--h--w C:\Documents and Settings\All Users\Application Data\GTek
2008-01-11 23:38 --------- d-----w C:\Program Files\Free Download Manager
2008-01-11 05:53 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2008-01-09 17:47 --------- d-----w C:\Program Files\Cursed Weel
2008-01-02 23:32 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-01-02 23:32 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2008-01-02 23:12 --------- d-----w C:\Program Files\MSBuild
2008-01-02 23:08 --------- d-----w C:\Program Files\Reference Assemblies
2008-01-02 23:07 --------- d-----w C:\Program Files\MSXML 6.0
2008-01-02 22:58 --------- d-----w C:\Program Files\Microsoft Works
2008-01-02 22:58 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2007-12-20 09:48 14,152 ----a-w C:\WINDOWS\system32\client_cc.dll
2007-12-19 23:01 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-12-18 09:51 179,584 ----a-w C:\WINDOWS\system32\dllcache\mrxdav.sys
2007-12-14 17:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-12-08 05:21 3,592,192 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-12-06 12:51 19,784 ----a-w C:\WINDOWS\system32\BgOutlookHook.dll
2007-12-06 12:48 14,152 ----a-w C:\WINDOWS\system32\lccl.dll
2007-12-06 11:01 625,664 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-12-06 11:00 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-12-06 11:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-12-06 04:59 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\dllcache\oleaut32.dll
2007-12-04 18:38 550,912 ------w C:\WINDOWS\system32\oleaut32.dll
2007-05-16 00:00 3,820,104 -c--a-w C:\Documents and Settings\Maki 01\gosetup.exe
2006-08-18 16:35 774,144 -c--a-w C:\Program Files\RngInterstitial.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DoubleSafety"="C:\Program Files\DoubleSafety\DoubleSafety.exe" [2007-10-28 10:03 1385984]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
"ccleaner"="C:\Documents and Settings\Maki 01\Desktop\CCleaner.exe" [2008-01-17 03:40 816368]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56 15360]
"BullGuard"="C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe" [2008-02-21 10:31 304456]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Net-It Launcher"="C:\WINDOWS\System32\NILaunch.exe" [1998-02-05 13:16 24576]
"GoToMyPC"="C:\Program Files\Citrix\GoToMyPC\g2svc.exe" [2007-01-12 17:45 249904]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2004-04-14 14:46 57393]
"SetDefPrt"="C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe" [2004-05-25 09:16 49152]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-10-14 14:49 94208]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-10-14 14:50 114688]
"BullGuard"="C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe" [2008-02-21 10:31 304456]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 03:25 6731312]
"Mamutu Guard"="C:\PROGRAM FILES\MAMUTU\mamutu.exe" [2008-02-19 10:33 1295968]

C:\Documents and Settings\Maki 01\Start Menu\Programs\Startup\
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 19:05:35 360448]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Google Updater.lnk - C:\Program Files\Google\Google Updater\GoogleUpdater.exe [2008-02-26 15:10:19 125624]
Pervasive.SQL Workgroup Engine.lnk - C:\dea10\W3DBSMGR.EXE [2005-06-30 12:46:10 94208]
Status Monitor.lnk - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [2007-12-10 15:52:32 819200]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToMyPC]
C:\Program Files\Citrix\GoToMyPC\G2WinLogon.dll 2007-01-12 17:45 10800 C:\Program Files\Citrix\GoToMyPC\G2WinLogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LMIinit]
LMIinit.dll 2007-11-15 18:46 87352 C:\windows\system32\LMIinit.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"ControlCenter2.0"=C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
"IntelliPoint"="C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
"IndexSearch"=C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
"LogMeIn GUI"="C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\dea10\\W3DBSMGR.EXE"=
"C:\\windows\\system32\\fxsclnt.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\Diskeeper Corporation\\Diskeeper Administrator\\DKSAdmin.exe"=
"C:\\windows\\system32\\mmc.exe"=
"C:\\Program Files\\Diskeeper Corporation\\Diskeeper Administrator\\DKAdmin.exe"=
"C:\\dpos10\\W3DBSMGR.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1434:UDP"= 1434:UDP:DiskeeperSQL

R2 BdFileSpy;BullGuard File Monitor Driver;C:\WINDOWS\system32\drivers\BdFileSpy.sys [2008-02-21 10:31]
R2 BsFileScan;BullGuard File Scan Service;C:\WINDOWS\System32\svchost.exe [2004-08-04 01:56]
R2 BsFire;BullGuard Firewall Service;C:\WINDOWS\System32\svchost.exe [2004-08-04 01:56]
R2 Diskeeper Administrator;Diskeeper Administrator;"C:\Program Files\Diskeeper Corporation\Diskeeper Administrator\DKSAdmin.exe" [2006-06-26 17:25]
R2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files\LogMeIn\x86\RaInfo.sys [2007-08-03 15:09]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [2007-08-03 15:09]
R2 Mamutu;Mamutu Service;"C:\Program Files\Mamutu\a2service.exe" [2008-02-15 08:32]
R2 UxTuneUp;TuneUp Design Expansion;C:\WINDOWS\System32\svchost.exe [2004-08-04 01:56]
R3 afw;Agnitum firewall driver;C:\WINDOWS\system32\DRIVERS\afw.sys [2007-11-28 04:42]
R3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\Drivers\BrScnUsb.sys [2003-12-19 20:15]
R3 BrSerIf;Brother MFC Serial Port Interface WDM Driver;C:\WINDOWS\system32\Drivers\BrSerIf.sys [2004-09-29 03:24]
R3 BrUsbSer;Brother MFC USB Serial WDM Driver;C:\WINDOWS\system32\Drivers\BrUsbSer.sys [2004-01-10 04:28]
R3 Reconn;BullGuard Email Monitor;C:\Program Files\BullGuard Ltd\BullGuard\Reconn.sys [2007-10-29 02:08]
S3 BGRaSvc;BGRaSvc;"C:\Program Files\BullGuard Ltd\BullGuard\support\bgrasvc.exe" [2007-12-20 03:48]
S3 MEMSWEEP2;MEMSWEEP2;C:\WINDOWS\system32\25.tmp []
S3 radpms;Driver for RADPMS Device;C:\WINDOWS\system32\DRIVERS\radpms.sys [2007-08-03 15:04]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
BullGuard REG_MULTI_SZ BgMainSvc BsFileScan BsMailProxy BsFire

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

*Newly Created Service* - MAMUTU
*Newly Created Service* - MCHINJDRV
.
Contents of the 'Scheduled Tasks' folder
"2008-02-22 23:18:24 C:\WINDOWS\Tasks\1-Click Maintenance.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
"2008-02-27 03:44:05 C:\WINDOWS\Tasks\User_Feed_Synchronization-{8BE047CD-39BF-433B-8ABD-59BA4D6455BD}.job"
- C:\WINDOWS\system32\msfeedssync.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-27 12:58:34
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-27 12:59:16
ComboFix-quarantined-files.txt 2008-02-27 18:58:58
.
2008-02-13 17:03:49 --- E O F ---


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:01:01 PM, on 2/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
C:\WINDOWS\System32\svchost.exe
C:\windows\system32\Brmfrmps.exe
C:\Program Files\Diskeeper Corporation\Diskeeper Administrator\DKSAdmin.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\NILaunch.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
C:\Program Files\Mamutu\a2service.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bmo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Net-It Launcher] C:\WINDOWS\System32\NILaunch.exe
O4 - HKLM\..\Run: [GoToMyPC] C:\Program Files\Citrix\GoToMyPC\g2svc.exe -logon
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04a\BrStDvPt.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [BullGuard] "C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe" -boot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Mamutu Guard] "C:\PROGRAM FILES\MAMUTU\mamutu.exe" /silent
O4 - HKCU\..\Run: [DoubleSafety] "C:\Program Files\DoubleSafety\DoubleSafety.exe" /logon
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ccleaner] "C:\Documents and Settings\Maki 01\Desktop\CCleaner.exe" /AUTO
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BullGuard] "C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Pervasive.SQL Workgroup Engine.lnk = C:\dea10\W3DBSMGR.EXE
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) -
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcaf...01/mcinsctl.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {B7D07999-2ADB-4AEB-997E-F61CB7B2E2CD} -
O16 - DPF: {C5326A4D-E9AA-40AD-A09A-E74304D86B47} -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} (PCPitstop Exam) - http://utilities.pcp.../pcpitstop2.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BullGuard LiveUpdate (BgLiveSvc) - BullGuard Ltd. - C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
O23 - Service: BGRaSvc - BullGuard - C:\Program Files\BullGuard Ltd\BullGuard\support\bgrasvc.exe
O23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Brother Industries, Ltd. - C:\windows\system32\Brmfrmps.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Diskeeper Administrator - Diskeeper® Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper Administrator\DKSAdmin.exe
O23 - Service: GoToMyPC - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files\Citrix\GoToMyPC\g2svc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LogMeIn Maintenance Service (LMIMaint) - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\RaMaint.exe
O23 - Service: LogMeIn - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LogMeIn.exe
O23 - Service: Mamutu Service (Mamutu) - Emsi Software GmbH - C:\Program Files\Mamutu\a2service.exe

--
End of file - 7573 bytes
  • 0

#21
andrewuk

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
Hi franny683

do you know what the following programs are?

Mamutu Guard
DoubleSafety
Diskeeper Administrator



do you know what this file is?

C:\Documents and Settings\Maki 01\g2ax_expert_downloadhelper_win32_x86.exe


and are you still getting directed to other sites?

andrewuk
  • 0

#22
franny683

franny683

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts
Mamutu Guard a malware guard program
DoubleSafety a backup program
Diskeeper Administrator a utility program


do you know what this file is?

C:\Documents and Settings\Maki 01\g2ax_expert_downloadhelper_win32_x86.exe

This file I believe is something from citrix online which I have gotoassist program.

I just checked and my searches seem to be fine now.

Thank you very much for all your help. Is there anything I should do now?
  • 0

#23
andrewuk

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
you logs look clean (again....)

i dont recognise Mamutu Guard though looking through the internet it seems to be ok.

so, in this post we will clear away the fix tools and reset your restore points, and (again) i will leave you with that list to enhance the protection of your machine against future infection.

i will leave this thread open for a few days in case the infection comes back.

====STEP 1====
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK


    • Posted Image

  • When shown the disclaimer, Select "2"

The above procedure will:
  • Delete the following:
    • ComboFix and its associated files and folders.
    • VundoFix backups, if present
    • The C:\Deckard folder, if present
    • The C:_OtMoveIt folder, if present
  • Reset the clock settings.
  • Hide file extensions, if required.
  • Hide System/Hidden files, if required.
  • Reset System Restore.
If you have trouble with this, let me know and we will clear away the fix tools and reset your restore points another way


====AND FINALLY====
The following is a list of tools and utilities that I like to suggest to people. This list is full of great tools and utilities to help you understand how you got infected and how to keep from getting infected again.
  • Spybot Search & Destroy - Uber powerful tool which can search and annhilate nasties that make it onto your system. Now with an Immunize section that will help prevent future infections.
  • AdAware - Another very powerful tool which searches and kills nasties that infect your system. AdAware and Spybot Search & Destroy compliment each other very well.
  • SpywareBlaster - Great prevention tool to keep nasties from installing on your system.
  • SpywareGuard - Works as a Spyware "Shield" to protect your computer from getting malware in the first place.
  • IE-SpyAd - puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
  • ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
  • Windows Updates - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  • Google Toolbar - Free google toolbar that allows you to use the powerful Google search engine from the bar, but also blocks pop up windows.
  • Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)
To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein

andrewuk
  • 0

#24
franny683

franny683

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts
Everything seems to be working fine now. Thanks again
  • 0

#25
andrewuk

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP