Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Google search results in redirecting to Copy-Book


  • Please log in to reply

#1
throwing.shapes

throwing.shapes

    New Member

  • Member
  • Pip
  • 5 posts
hi there,

I have seen that many people have this problem (where I type a search into google and when I click it the link comes up with a redirection to copy-book.com and many others) and it seems that the only way to rectify this so far is by posting a hijackthis log onto this website, i hopeed someone here would be able to help me,

thanks in advance

Terry

Here is my HijackThis Log:-

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:30:27, on 08/11/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\explorer.exe
C:\Program Files\Huawei technologies\Huawei UMTS Data Card\3 USB Modem.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\Windows\System32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Samsung Update Plus - Unknown owner - C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe

--
End of file - 5751 bytes
  • 0

Advertisements


#2
Gravity Gripp

Gravity Gripp

    Trusted Helper

  • Malware Removal
  • 1,815 posts
throwing.shapes, Welcome to Geeks-To-Go. My name is GravityGripp and I'll be assisting you with your issues.

First, please do not alter any logs that I ask you to give. When posting in the forum, please do not modify the font, size, or color of the logs. And lastly, do no attach the logs to a post unless asked to do so. This will help me help you :).

Aslo, If I have not responded to you in a time period longer than 4 days, please feel free to PM me.

Thanks and I look forward to working with you. :)

STEP ONE
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

  • 0

#3
throwing.shapes

throwing.shapes

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
thank you for your help :)

i have had this for a little while so i got the log for the last 3 months,

ive uploaded them to this reply.


Thanks Again

Terry

Attached Files

  • Attached File  info.txt   8.25KB   1001 downloads
  • Attached File  log.txt   30.15KB   359 downloads

  • 0

#4
Gravity Gripp

Gravity Gripp

    Trusted Helper

  • Malware Removal
  • 1,815 posts
First, please do not alter any logs that I ask you to give. When posting in the forum, please do not modify the font, size, or color of the logs. And lastly, do no attach the logs to a post unless asked to do so. This will help me help you

Once you fix that we can continue.
  • 0

#5
throwing.shapes

throwing.shapes

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
info.txt logfile of random's system information tool 1.04 2008-11-11 14:46:06

======Uninstall list======

-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE
-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
3 USB Modem-->C:\PROGRA~1\HUAWEI~1\HUAWEI~1\Uninstall.exe
4oD-->MsiExec.exe /I {8B7443F5-E141-42A0-AB61-ED2331AAD606}
Ad-Aware-->MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player 9 ActiveX-->C:\Windows\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Reader 8.1.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81000000003}
Agere Systems HDA Modem-->agrsmdel
Apple Mobile Device Support-->MsiExec.exe /I{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Atheros WLAN Client-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{04983D37-2202-4295-94A2-8B547C66133F}\setup.exe" -l0x9
avast! Antivirus-->C:\Program Files\Alwil Software\Avast4\aswRunDll.exe "C:\Program Files\Alwil Software\Avast4\Setup\setiface.dll",RunSetup
BitLord 1.1-->C:\Program Files\BitLord\uninst.exe
Bonjour-->MsiExec.exe /I{8A25392D-C5D2-4E79-A2BD-C15DDC5B0959}
CyberLink DVD Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\setup.exe" -uninstall
CyberLink Power2Go-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\setup.exe" -uninstall
DAEMON Tools Toolbar-->C:\Program Files\DAEMON Tools Toolbar\uninst.exe
DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Program Files\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN
Easy Battery Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6F730513-8688-4C3C-90A3-6B9792CE2EF3}\setup.exe" -l0x9 Remove
Easy Display Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17283B95-21A8-4996-97DA-547A48DB266F}\setup.exe" -l0x9 -removeonly
Easy Network Manager 3.0-->C:\Program Files\InstallShield Installation Information\{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}\setup.exe -runfromtemp -l0x0409
Easy SpeedUp Manager-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EF367AA4-070B-493C-9575-85BE59D789C9}\setup.exe" -l0x9 Remove
FriendBlasterPro-->"C:\Program Files\FriendBlasterPro\unins000.exe"
HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall
imagine digital freedom - Samsung-->MsiExec.exe /X{00AF10C1-44BD-4862-9D7F-24E6BA3E87FD}
Intel PROSet Wireless-->Intel PROSet Wireless
Intel® Graphics Media Accelerator Driver-->C:\Windows\system32\igxpun.exe -uninstall
Intel® Matrix Storage Manager-->C:\Windows\system32\imsmudlg.exe -uninstall
iTunes-->MsiExec.exe /I{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}
Java™ 6 Update 10-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216010FF}
Java™ 6 Update 7-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160070}
LabelPrint-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\setup.exe" -uninstall
Lexmark 640 Series-->C:\Windows\system32\spool\drivers\w32x86\3\LXDAUN5C.EXE -dLexmark 640 Series
LightScribe System Software 1.12.37.1-->MsiExec.exe /X{004C5DA2-2051-4D25-94BA-51CF810C91EB}
LimeWire PRO 4.18.3-->"C:\Program Files\LimeWire\uninstall.exe"
Microsoft Office XP Professional with FrontPage-->MsiExec.exe /I{90280409-6000-11D3-8CFE-0050048383C9}
Microsoft SOAP Toolkit 2.0 SP2-->MsiExec.exe /I{36BEAD11-8577-49AD-9250-E06A50AE87B0}
Microsoft SQL Server Native Client-->MsiExec.exe /I{50A0893D-47D8-48E0-A7E8-44BCD7E4422E}
Microsoft SQL Server Setup Support Files (English)-->MsiExec.exe /X{53F5C3EE-05ED-4830-994B-50B2F0D50FCE}
Microsoft SQL Server VSS Writer-->MsiExec.exe /I{C0D2F614-5CE5-4DCB-8678-E5C9AF7044F8}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Play AVStation-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{955597D8-E5E1-474D-B647-60AC44566D24} /l1033
PlayCamera-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{804F1285-8CBF-408D-8CDC-D4D40003B2E4}\setup.exe" -l0x9
PowerDirector-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\setup.exe" -uninstall
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\setup.exe" -uninstall
PowerProducer-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B7A0CE06-068E-11D6-97FD-0050BACBF861}\setup.exe" -uninstall
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -removeonly
Samsung Magic Doctor-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{32D6A58F-9659-446C-BBFC-E6F2B41F24DC}\Setup.exe" -l0x9 Remove
Samsung Recovery Solution III-->"C:\Program Files\InstallShield Installation Information\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}\setup.exe" -runfromtemp -l0x0009 -removeonly
Samsung Update Plus-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\10\INTEL3~1\IDriver.exe /M{685707A4-911C-468D-BFC4-64A50E5E3A0C} /l1033
Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
The Battle for Middle-earth ™-->C:\Program Files\EA GAMES\The Battle for Middle-earth ™\EAUninstall.exe
User Guide-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}\setup.exe" -l0x9 Remove
Vimicro UVC Camera-->C:\Program Files\InstallShield Installation Information\{71A51B09-E7D3-11DB-A386-005056C00008}\setup.exe -runfromtemp -l0x0009 -removeonly
Virtual DJ - Atomix Productions-->C:\PROGRA~1\VIRTUA~1\UNWISE.EXE C:\PROGRA~1\VIRTUA~1\INSTALL.LOG
WIDCOMM Bluetooth Software 6.0.1.6300-->MsiExec.exe /X{03D1988F-469F-4843-8E6E-E5FE9D17889D}
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe
Yahoo! Toolbar-->C:\PROGRA~1\Yahoo!\Common\UNYT_W~1.EXE

======Security center information======

AV: avast! antivirus 4.8.1229 [VPS 081110-1]
AS: Windows Defender
AS: avast! antivirus 4.8.1229 [VPS 081110-1]

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Intel\WiFi\bin\;C:\Program Files\QuickTime\QTSystem\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=x86
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 13, GenuineIntel
"PROCESSOR_REVISION"=0f0d
"NUMBER_OF_PROCESSORS"=2
"TRACE_FORMAT_SEARCH_PATH"=\\NTREL202.ntdev.corp.microsoft.com\4F18C3A5-CA09-4DBD-B6FC-219FDD4C6BE0\TraceFormat
"DFSTRACINGON"=FALSE
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip

-----------------EOF-----------------


Logfile of random's system information tool 1.04 (written by random/random)
Run by Mr Clark at 2008-11-11 14:45:14
Microsoft® Windows Vista™ Home Premium Service Pack 1
System drive C: has 24 GB (34%) free of 71 GB
Total RAM: 3032 MB (63% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:46:03, on 11/11/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Kontiki\KHost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\Macromed\Flash\FlashUtil9d.exe
C:\Users\Mr Clark\Desktop\RSIT.exe
C:\Program Files\trend micro\Mr Clark.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O13 - Gopher Prefix:
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Kontiki Inc. - C:\Program Files\Kontiki\KService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\Windows\System32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Samsung Update Plus - Unknown owner - C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe

--
End of file - 7330 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2007-12-18 817936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre6\bin\ssv.dll [2008-11-07 320920]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java™ Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2008-11-07 34816]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2008-10-14 863688]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2007-12-18 817936]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2008-06-18 150040]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2008-06-18 170520]
"Persistence"=C:\Windows\system32\igfxpers.exe [2008-06-18 145944]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2008-04-17 6111232]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2007-10-26 1029416]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-05-10 40048]
"LanguageShortcut"=C:\Program Files\CyberLink\PowerDVD\Language\Language.exe [2007-01-08 52256]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe [2008-07-19 78008]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2008-11-07 136600]
"4oD"=C:\Program Files\Kontiki\KHost.exe [2007-04-23 1032640]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2008-09-06 413696]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-10-01 289576]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"kdx"=C:\Program Files\Kontiki\KHost.exe [2007-04-23 1032640]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\daemon.exe [2008-08-08 490952]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2008-03-17 2289664]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe [2007-03-14 71216]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2008-06-12 208896]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\aawservice]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com d:
shell\Open\command - resycled\boot.com d:

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{294c1c8a-aa7b-11dd-8c02-0013779252fd}]
shell\AutoRun\command - F:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{294c1c9f-aa7b-11dd-8c02-0013779252fd}]
shell\AutoRun\command - G:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c22e67ed-aa7a-11dd-bd02-806e6f6e6963}]
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL resycled\boot.com d:
shell\Open\command - resycled\boot.com d:

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c22e67f9-aa7a-11dd-bd02-806e6f6e6963}]
shell\AutoRun\command - G:\AutoRun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f7211c92-af52-11dd-8efe-0013779252fd}]
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
shell\Open(0)\command - Recycled\ctfmon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f7211c98-af52-11dd-8efe-0013779252fd}]
shell\AutoRun\command - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled\ctfmon.exe
shell\Open(0)\command - Recycled\ctfmon.exe


======List of files/folders created in the last 3 months======

2008-11-11 14:45:14 ----D---- C:\rsit
2008-11-11 14:45:14 ----D---- C:\Program Files\trend micro
2008-11-10 23:02:27 ----D---- C:\Program Files\VirtualDJ
2008-11-09 11:30:12 ----D---- C:\ProgramData\Yahoo! Companion
2008-11-09 11:26:30 ----D---- C:\Program Files\Common Files\PX Storage Engine
2008-11-09 11:26:10 ----D---- C:\Users\Mr Clark\AppData\Roaming\Yahoo!
2008-11-09 11:26:07 ----D---- C:\Program Files\Yahoo!
2008-11-09 11:26:06 ----D---- C:\Program Files\DivX
2008-11-08 22:17:27 ----D---- C:\Users\Mr Clark\AppData\Roaming\My Battle for Middle-earth Files
2008-11-08 22:00:58 ----D---- C:\Program Files\EA GAMES
2008-11-08 21:40:34 ----D---- C:\Program Files\FriendBlasterPro
2008-11-08 21:40:34 ----A---- C:\Windows\system32\VB6STKIT.DLL
2008-11-08 21:12:53 ----D---- C:\Program Files\Hijackthis
2008-11-08 17:41:35 ----D---- C:\ProgramData\Lavasoft
2008-11-08 17:41:35 ----D---- C:\Program Files\Lavasoft
2008-11-08 17:40:50 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2008-11-08 10:34:59 ----A---- C:\Windows\ODBC.INI
2008-11-08 10:33:05 ----D---- C:\Program Files\Microsoft ActiveSync
2008-11-08 10:32:55 ----D---- C:\Program Files\Common Files\Designer
2008-11-08 10:32:11 ----D---- C:\Program Files\Microsoft Office
2008-11-07 21:45:42 ----D---- C:\Users\Mr Clark\AppData\Roaming\CyberLink
2008-11-07 21:45:33 ----D---- C:\ProgramData\CyberLink
2008-11-07 21:22:51 ----A---- C:\Windows\system32\mdimon.dll
2008-11-07 21:01:03 ----A---- C:\Windows\system32\MSVCP50.DLL
2008-11-07 20:37:15 ----D---- C:\Users\Mr Clark\AppData\Roaming\Apple Computer
2008-11-07 20:37:04 ----DC---- C:\Windows\system32\DRVSTORE
2008-11-07 20:37:04 ----A---- C:\Windows\system32\GEARAspi.dll
2008-11-07 20:36:41 ----D---- C:\Program Files\iPod
2008-11-07 20:36:39 ----D---- C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-07 20:36:39 ----D---- C:\Program Files\iTunes
2008-11-07 20:36:06 ----D---- C:\Program Files\Bonjour
2008-11-07 20:35:17 ----D---- C:\Program Files\QuickTime
2008-11-07 20:35:14 ----D---- C:\ProgramData\Apple Computer
2008-11-07 20:34:48 ----D---- C:\Program Files\Apple Software Update
2008-11-07 20:34:07 ----D---- C:\Program Files\Common Files\Apple
2008-11-07 20:34:06 ----D---- C:\ProgramData\Apple
2008-11-07 17:46:11 ----D---- C:\Users\Mr Clark\AppData\Roaming\LimeWire
2008-11-07 17:44:22 ----D---- C:\Program Files\LimeWire
2008-11-07 15:45:17 ----D---- C:\Program Files\Kontiki
2008-11-07 15:45:16 ----D---- C:\ProgramData\Kontiki
2008-11-07 15:45:16 ----D---- C:\Program Files\Channel4
2008-11-07 15:44:50 ----D---- C:\ProgramData\Channel4
2008-11-07 15:26:32 ----D---- C:\Users\Mr Clark\AppData\Roaming\WinRAR
2008-11-07 15:25:28 ----A---- C:\Windows\system32\ff_vfw.dll.manifest
2008-11-07 15:25:26 ----A---- C:\Windows\system32\ff_vfw.dll
2008-11-07 15:25:25 ----D---- C:\Program Files\ffdshow
2008-11-07 12:47:27 ----D---- C:\Users\Mr Clark\AppData\Roaming\OpenOffice.org
2008-11-07 12:39:15 ----D---- C:\Program Files\OpenOffice.org 3
2008-11-07 12:38:37 ----A---- C:\Windows\system32\javaws.exe
2008-11-07 12:38:37 ----A---- C:\Windows\system32\javaw.exe
2008-11-07 12:38:37 ----A---- C:\Windows\system32\java.exe
2008-11-07 12:38:04 ----D---- C:\Program Files\Common Files\Java
2008-11-07 12:24:39 ----A---- C:\Windows\LEXSTAT.INI
2008-11-07 12:23:49 ----A---- C:\Windows\system32\deploytk.dll
2008-11-07 12:23:29 ----D---- C:\Program Files\Java
2008-11-07 12:12:22 ----A---- C:\Windows\uninst.exe
2008-11-06 15:41:22 ----D---- C:\Program Files\WinRAR
2008-11-06 09:46:22 ----D---- C:\Users\Mr Clark\AppData\Roaming\InstallShield
2008-11-05 14:09:51 ----A---- C:\Windows\system32\tzres.dll
2008-11-05 14:09:30 ----A---- C:\Windows\system32\NlsLexicons0007.dll
2008-11-05 14:09:26 ----A---- C:\Windows\system32\NlsLexicons0009.dll
2008-11-05 14:09:04 ----A---- C:\Windows\system32\NaturalLanguage6.dll
2008-11-04 18:58:09 ----D---- C:\Users\Mr Clark\AppData\Roaming\Adobe
2008-11-04 18:15:08 ----D---- C:\Program Files\DAEMON Tools Toolbar
2008-11-04 18:14:58 ----D---- C:\Program Files\DAEMON Tools Lite
2008-11-04 18:12:31 ----D---- C:\Users\Mr Clark\AppData\Roaming\DAEMON Tools
2008-11-04 17:57:50 ----A---- C:\Windows\IsUninst.exe
2008-11-04 16:42:46 ----A---- C:\Windows\system32\aswBoot.exe
2008-11-04 16:42:44 ----D---- C:\Program Files\Alwil Software
2008-11-04 16:13:50 ----A---- C:\Windows\system32\shell32.dll
2008-11-04 16:05:24 ----A---- C:\Windows\system32\ntkrnlpa.exe
2008-11-04 16:05:23 ----A---- C:\Windows\system32\ntoskrnl.exe
2008-11-04 16:03:39 ----A---- C:\Windows\system32\inetcomm.dll
2008-11-04 16:03:36 ----A---- C:\Windows\system32\mshtml.dll
2008-11-04 16:03:35 ----A---- C:\Windows\system32\ieframe.dll
2008-11-04 16:03:34 ----A---- C:\Windows\system32\wininet.dll
2008-11-04 16:03:34 ----A---- C:\Windows\system32\urlmon.dll
2008-11-04 16:03:34 ----A---- C:\Windows\system32\iertutil.dll
2008-11-04 16:03:31 ----A---- C:\Windows\system32\mstime.dll
2008-11-04 16:03:28 ----A---- C:\Windows\system32\jsproxy.dll
2008-11-04 16:01:03 ----A---- C:\Windows\system32\quartz.dll
2008-11-04 15:58:45 ----A---- C:\Windows\system32\IPSECSVC.DLL
2008-11-04 15:58:39 ----A---- C:\Windows\system32\rpcrt4.dll
2008-11-04 15:58:36 ----A---- C:\Windows\system32\pacerprf.dll
2008-11-04 15:53:13 ----A---- C:\Windows\system32\es.dll
2008-11-04 15:52:56 ----A---- C:\Windows\system32\wmpeffects.dll
2008-11-04 15:52:25 ----A---- C:\Windows\system32\win32spl.dll
2008-11-04 15:52:12 ----A---- C:\Windows\system32\emdmgmt.dll
2008-11-04 15:52:11 ----A---- C:\Windows\system32\dataclen.dll
2008-11-04 15:52:11 ----A---- C:\Windows\system32\cdd.dll
2008-11-04 15:52:00 ----A---- C:\Windows\system32\vbscript.dll
2008-11-04 15:51:59 ----A---- C:\Windows\system32\jscript.dll
2008-11-04 15:51:58 ----A---- C:\Windows\system32\wshext.dll
2008-11-04 15:51:58 ----A---- C:\Windows\system32\wscript.exe
2008-11-04 15:51:58 ----A---- C:\Windows\system32\scrrun.dll
2008-11-04 15:51:58 ----A---- C:\Windows\system32\scrobj.dll
2008-11-04 15:51:58 ----A---- C:\Windows\system32\cscript.exe
2008-11-04 15:35:39 ----A---- C:\Windows\system32\netapi32.dll
2008-11-04 15:27:09 ----D---- C:\Users\Mr Clark\AppData\Roaming\Macromedia
2008-11-04 14:24:23 ----D---- C:\Program Files\Huawei technologies
2008-11-04 14:22:13 ----D---- C:\ProgramData\LightScribe
2008-10-28 22:36:00 ----A---- C:\Windows\system32\divx_xx0c.dll
2008-10-28 22:36:00 ----A---- C:\Windows\system32\divx_xx07.dll
2008-10-28 22:35:58 ----A---- C:\Windows\system32\divx_xx11.dll
2008-10-28 22:35:58 ----A---- C:\Windows\system32\divx_xx0a.dll
2008-10-28 22:35:56 ----A---- C:\Windows\system32\DivX.dll
2008-09-25 08:03:44 ----A---- C:\Windows\system32\DivXsm.exe
2008-09-25 08:03:38 ----A---- C:\Windows\system32\dtu100.dll
2008-09-25 08:03:38 ----A---- C:\Windows\system32\dpl100.dll
2008-09-25 08:03:34 ----A---- C:\Windows\system32\dpuGUI10.dll
2008-09-25 08:03:32 ----A---- C:\Windows\system32\dpv11.dll
2008-09-25 08:03:32 ----A---- C:\Windows\system32\dpus11.dll
2008-09-25 08:03:32 ----A---- C:\Windows\system32\dpuGUI11.dll
2008-09-25 08:03:30 ----A---- C:\Windows\system32\dpu11.dll
2008-09-25 08:03:30 ----A---- C:\Windows\system32\dpu10.dll
2008-09-25 08:03:18 ----A---- C:\Windows\system32\DivXCodecVersionChecker.exe
2008-09-19 21:57:34 ----A---- C:\Windows\system32\qt-dx331.dll
2008-09-19 21:55:58 ----A---- C:\Windows\system32\ssldivx.dll
2008-09-19 21:55:58 ----A---- C:\Windows\system32\libdivx.dll
2008-09-19 21:55:10 ----A---- C:\Windows\system32\dtu100.dll.manifest
2008-09-19 21:55:10 ----A---- C:\Windows\system32\dpl100.dll.manifest
2008-09-19 21:54:18 ----A---- C:\Windows\system32\DivXWMPExtType.dll
2008-09-08 01:21:47 ----D---- C:\Users\Mr Clark\AppData\Roaming\Identities
2008-09-08 01:20:16 ----SD---- C:\Users\Mr Clark\AppData\Roaming\Microsoft
2008-09-08 01:20:16 ----D---- C:\Users\Mr Clark\AppData\Roaming\Media Center Programs
2008-08-29 10:18:58 ----A---- C:\Windows\system32\dns-sd.exe
2008-08-29 09:53:50 ----A---- C:\Windows\system32\dnssd.dll
2008-08-20 02:01:03 ----D---- C:\Windows\SoftwareDistribution

======List of files/folders modified in the last 3 months======

2008-11-11 14:45:18 ----D---- C:\Windows\Temp
2008-11-11 14:45:14 ----RD---- C:\Program Files
2008-11-11 10:38:07 ----D---- C:\Windows\System32
2008-11-11 10:38:07 ----D---- C:\Windows\inf
2008-11-11 10:38:07 ----A---- C:\Windows\system32\PerfStringBackup.INI
2008-11-10 23:18:52 ----SHD---- C:\System Volume Information
2008-11-10 21:37:30 ----D---- C:\Windows\Prefetch
2008-11-09 21:12:51 ----D---- C:\Windows\system32\catroot2
2008-11-09 11:30:12 ----HD---- C:\ProgramData
2008-11-09 11:26:30 ----D---- C:\Program Files\Common Files
2008-11-08 17:42:23 ----SHD---- C:\Windows\Installer
2008-11-08 17:42:23 ----D---- C:\Windows
2008-11-08 17:41:35 ----D---- C:\Windows\system32\drivers
2008-11-08 15:15:23 ----D---- C:\Windows\system32\LogFiles
2008-11-08 10:34:19 ----A---- C:\Windows\win.ini
2008-11-08 10:33:03 ----D---- C:\Program Files\Common Files\microsoft shared
2008-11-08 10:33:00 ----D---- C:\Windows\ShellNew
2008-11-08 10:32:32 ----D---- C:\Program Files\Common Files\System
2008-11-08 10:32:20 ----RSD---- C:\Windows\Fonts
2008-11-08 10:32:15 ----D---- C:\Windows\Help
2008-11-08 10:32:11 ----SD---- C:\ProgramData\Microsoft
2008-11-08 10:30:49 ----D---- C:\Windows\system
2008-11-07 22:41:45 ----D---- C:\Windows\system32\Tasks
2008-11-07 22:35:11 ----RSD---- C:\Windows\assembly
2008-11-07 21:53:04 ----D---- C:\ProgramData\Microsoft Help
2008-11-07 21:50:53 ----D---- C:\Program Files\MSBuild
2008-11-07 21:40:51 ----D---- C:\Windows\winsxs
2008-11-07 20:37:04 ----D---- C:\Windows\system32\catroot
2008-11-07 20:35:56 ----D---- C:\Program Files\Internet Explorer
2008-11-06 15:36:37 ----D---- C:\Windows\Debug
2008-11-06 09:52:46 ----D---- C:\Windows\system32\WDI
2008-11-06 00:03:56 ----D---- C:\Windows\rescache
2008-11-05 14:27:40 ----D---- C:\Windows\system32\en-US
2008-11-04 23:08:37 ----D---- C:\Windows\WinClon
2008-11-04 17:14:56 ----D---- C:\Windows\system32\NDF
2008-11-04 17:01:52 ----D---- C:\ProgramData\McAfee
2008-11-04 16:59:45 ----D---- C:\Windows\Tasks
2008-11-04 16:49:18 ----D---- C:\Windows\Registration
2008-11-04 14:26:31 ----D---- C:\Windows\ModemLogs
2008-10-07 12:19:42 ----A---- C:\Windows\system32\mrt.exe
2008-09-08 01:22:37 ----SHD---- C:\$Recycle.Bin
2008-09-08 01:21:04 ----D---- C:\Program Files\Samsung
2008-09-08 01:21:03 ----HD---- C:\Program Files\InstallShield Installation Information
2008-09-08 01:20:41 ----D---- C:\Windows\system32\restore
2008-09-08 01:20:37 ----D---- C:\Windows\MSetup
2008-09-08 01:20:15 ----RD---- C:\Users
2008-08-20 02:57:45 ----D---- C:\Windows\system32\sysprep
2008-08-20 02:57:45 ----D---- C:\Windows\Panther

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2008-07-19 23152]
R1 aswSP;avast! Self Protection; C:\Windows\system32\drivers\aswSP.sys [2008-07-19 78416]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2008-07-19 42912]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-07-19 20560]
R2 aswMonFlt;aswMonFlt; C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-07-19 51280]
R2 KMDFMEMIO;SAMSUNG Kernel Driver; C:\Windows\system32\DRIVERS\kmdfmemio.sys [2007-05-23 13312]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2006-11-28 1161888]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2007-09-13 755712]
R3 CmBatt;Microsoft ACPI Control Method Battery Driver; C:\Windows\system32\DRIVERS\CmBatt.sys [2008-01-21 14208]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2008-04-17 15464]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-06-12 2381312]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2008-04-17 2098904]
R3 IntcHdmiAddService;Intel® High Definition Audio HDMI; C:\Windows\system32\drivers\IntcHdmi.sys [2008-06-04 113664]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2007-10-26 193456]
R3 VMC302;Vimicro Camera Service VMC302; C:\Windows\System32\Drivers\VMC302.sys [2008-04-05 242560]
R3 yukonwlh;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x86.sys [2007-12-28 298496]
S3 a7k95m7a;a7k95m7a; C:\Windows\system32\drivers\a7k95m7a.sys []
S3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\Windows\system32\DRIVERS\bcm4sbxp.sys [2006-11-02 45056]
S3 BthEnum;Bluetooth Request Block Driver; C:\Windows\system32\DRIVERS\BthEnum.sys [2008-01-21 19456]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-21 92160]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2008-01-21 219648]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2008-01-21 29184]
S3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2008-02-13 80424]
S3 btwavdt;Bluetooth AVDT; C:\Windows\system32\drivers\btwavdt.sys [2007-07-15 80936]
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2007-07-15 16168]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys [2007-08-08 101504]
S3 ialm;ialm; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-06-12 2381312]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 NETw3v32;Intel® PRO/Wireless 3945ABG Adapter Driver for Windows Vista 32 Bit; C:\Windows\system32\DRIVERS\NETw3v32.sys [2008-01-21 2225664]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2008-02-21 50688]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2008-10-01 32000]
S3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
S4 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2008-01-21 88576]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2008-01-21 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 aawservice;Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe [2008-05-12 611664]
R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Windows\system32\agrsmsvc.exe [2006-10-05 9216]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-10-01 116040]
R2 aswUpdSv;avast! iAVS4 Control Service; C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe [2008-07-19 16056]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast4\ashServ.exe [2008-07-19 147640]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2008-08-29 238888]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 EvtEng;Intel® PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2008-05-23 819200]
R2 KService;KService; C:\Program Files\Kontiki\KService.exe [2007-04-23 3068352]
R2 LexBceS;LexBce Server; C:\Windows\System32\LEXBCES.EXE [2004-05-24 311296]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2008-03-17 73728]
R2 RegSrvc;Intel® PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2008-05-23 466944]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2006-12-19 272024]
R3 avast! Mail Scanner;avast! Mail Scanner; C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe [2008-07-19 250040]
R3 avast! Web Scanner;avast! Web Scanner; C:\Program Files\Alwil Software\Avast4\ashWebSv.exe [2008-07-23 348344]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-10-01 536872]
S2 Samsung Update Plus;Samsung Update Plus; C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe [2008-05-12 77480]
S3 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2006-04-14 87840]

-----------------EOF-----------------
  • 0

#6
Gravity Gripp

Gravity Gripp

    Trusted Helper

  • Malware Removal
  • 1,815 posts
disregard this for one moment.

Edited by Gravity Gripp, 11 November 2008 - 01:21 PM.

  • 0

#7
throwing.shapes

throwing.shapes

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
ive done some testing on the matter.

i found that when i connect directly to my modem its perfectly fine, no problems

but when i connect to my router it happens again, i have 2 other computers on that network, would it be wise to send thair logs also? or may it have something more to do with my router.
  • 0

#8
Gravity Gripp

Gravity Gripp

    Trusted Helper

  • Malware Removal
  • 1,815 posts
Let's go ahead and get a MalwareBytes scan.


STEP ONE
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.
  • 0

#9
throwing.shapes

throwing.shapes

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts
Malwarebytes' Anti-Malware 1.30
Database version: 1405
Windows 6.0.6001 Service Pack 1

17/11/2008 21:32:56
mbam-log-2008-11-17 (21-32-56).txt

Scan type: Quick Scan
Objects scanned: 45058
Time elapsed: 3 minute(s), 0 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 6
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.10 85.255.112.235 1.2.3.4 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{cf6f4652-11ea-4c17-b159-49347aeeb26b}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.10 85.255.112.235 1.2.3.4 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.10 85.255.112.235 1.2.3.4 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{cf6f4652-11ea-4c17-b159-49347aeeb26b}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.10 85.255.112.235 1.2.3.4 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.10 85.255.112.235 1.2.3.4 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{cf6f4652-11ea-4c17-b159-49347aeeb26b}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.112.10 85.255.112.235 1.2.3.4 -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#10
Gravity Gripp

Gravity Gripp

    Trusted Helper

  • Malware Removal
  • 1,815 posts
Ok, what you have is called Zlob/DNSChanger. Please follow the below instructions, and I reliaze that it's asking for another MBAM scan so go ahead and do it again then follow the rest of the instructions.


STEP ONE

It sounds like a case of Zlob/DNSchanger that change the router's DNS settings. Please download Malwarebytes' Anti-Malware from Here or Here

Next disconnect your system from the internet, and your router, then…

Double Click mbam-setup.exe to install the application.
  • Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
===============================================

Next you must reset the router to its default configuration. This can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router. Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds). If you don’t know the router's default password, you can look it up HERE

However, if there are other Zlob-infected machines using the same router, they will need to be cleared with the above steps before resetting the router. Otherwise, the malware will simply go back and change the router's DNS settings. You also need to reconfigure any security settings you had in place prior to the reset. Check out this site here for video tutorials on how to properly configure your router's encryption and security settings. You may also need to consult with your Internet service provider to find out which DNS servers your network should be using.

Once you have ran Malwarebytes' Anti-Malware on the infected system, and reset the router to its default configuration you can reconnect to the internet, and router. Then return to this site to post your logs.

===============================================

Please post the Malwarebytes log and let me know how things are running now :)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP