Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Browser keeps redirecting. [Solved]


  • This topic is locked This topic is locked

#1
ihavenews0cks

ihavenews0cks

    Member

  • Member
  • PipPip
  • 61 posts
Hi guys,

I'm having this really annoying problem where my internet browser keeps redirecting to annoying websites and won't open the one I want. It's mostly happening when I click on a link from Google.
I have tried going back and clicking on the link again, more than several times, and it just keeps redirecting.

I ran Malwarebytes' and it had 8 or so infected files and I used ATF cleaner also, but it keeps happening.

Here is the current log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4245

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

30/06/2010 11:23:27 AM
mbam-log-2010-06-30 (11-23-27).txt

Scan type: Quick scan
Objects scanned: 131865
Time elapsed: 12 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

Advertisements


#2
RPMcMurphy

RPMcMurphy

    Trusted Helper

  • Malware Removal
  • 930 posts
Hello ihavenews0cks and welcome to Geeks to Go! It will be very helpful if you follow these guidelines:
  • Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until I’ve given you the “All clear.” Absence of symptoms does not mean your machine is clean!
  • Please do not run any scans or install/uninstall any applications without being directed to do so.
  • Please follow my instructions carefully and in the order they are posted.
  • Any colored text in my posts indicates a clickable link.
  • You should print any instructions I give you for ease of use and reference.
  • If you have any questions at all, please stop and ask before proceeding.
Posted Image Download OTL to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Custom Scan box paste this in:
    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and include them in your next post.
Posted Image Download GMER Rootkit Scanner from here to your desktop.
  • Double click the exe file. If asked to allow gmer.sys driver to load, please consent .
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.


    Posted Image
    Click the image to enlarge it


  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • IAT/EAT
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop, and post it in reply.
**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


If you have trouble running GEMR:
  • Make sure that your security software is disabled
  • Uncheck the box next to "Files" this time also
  • If you still can't run it, try in the Safe Mode
Please include the following in your next post:
  • OTL and OTL Extras logs
  • GMER log

  • 0

#3
ihavenews0cks

ihavenews0cks

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts
OTL logfile created on: 1/07/2010 3:46:26 PM - Run 1
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Documents and Settings\Caitlin\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

479.00 Mb Total Physical Memory | 168.00 Mb Available Physical Memory | 35.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 74.00% Paging File free
Paging file location(s): C:\pagefile.sys 720 1440 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 21.89 Gb Free Space | 29.37% Space Free | Partition Type: NTFS
Drive D: | 7.55 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BUTLER
Current User Name: Caitlin
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Caitlin\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\SeekappSrch\seekappsrch.exe ()
PRC - C:\Documents and Settings\All Users\Application Data\SeekappSrch\seekapp199.exe ()
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)
PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)
PRC - C:\Program Files\NETGEAR\WG111v3\WG111v3.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Analog Devices\SoundMAX\SMTray.exe (Analog Devices, Inc.)
PRC - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)
PRC - C:\Program Files\Elaborate Bytes\DVD Region Killer\RegKillTray.exe (Elaborate Bytes)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Caitlin\My Documents\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\SeekappSrch\seekapp.dll ()
MOD - C:\WINDOWS\temp\logishrd\LVPrcInj01.dll (Logitech Inc.)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (SeekappSrch Service) -- C:\Documents and Settings\All Users\Application Data\SeekappSrch\seekapp199.exe ()
SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (DfSdkS) -- C:\Program Files\Ashampoo\Ashampoo WinOptimizer 6\Dfsdks.exe (mst software GmbH, Germany)
SRV - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (LVCOMSer) -- C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe (Logitech Inc.)
SRV - (SoundMAX Agent Service (default)) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)


========== Driver Services (SafeList) ==========

DRV - (aswTdi) -- C:\WINDOWS\system32\drivers\aswTdi.sys (ALWIL Software)
DRV - (aswSP) -- C:\WINDOWS\system32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswRdr) -- C:\WINDOWS\system32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswMon2) -- C:\WINDOWS\system32\drivers\aswmon2.sys (ALWIL Software)
DRV - (aswFsBlk) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys (ALWIL Software)
DRV - (Aavmker4) -- C:\WINDOWS\system32\drivers\aavmker4.sys (ALWIL Software)
DRV - (Cam3820) -- C:\WINDOWS\system32\drivers\cam3820a.sys (CamVendor)
DRV - (LVUSBSta) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (LVRS) -- C:\WINDOWS\system32\drivers\lvrs.sys (Logitech Inc.)
DRV - (PID_PEPI) Logitech QuickCam IM(PID_PEPI) -- C:\WINDOWS\system32\drivers\LV302V32.SYS (Logitech Inc.)
DRV - (pepifilter) -- C:\WINDOWS\system32\drivers\lv302af.sys (Logitech Inc.)
DRV - (LVPr2Mon) -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys ()
DRV - (USB_RNDIS) -- C:\WINDOWS\system32\drivers\usb8023.sys (Microsoft Corporation)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation)
DRV - (RTL8187B) -- C:\WINDOWS\system32\drivers\wg111v3.sys (Realtek Semiconductor Corporation )
DRV - (s116unic) Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (WDM) -- C:\WINDOWS\system32\drivers\s116unic.sys (MCCI Corporation)
DRV - (s116obex) -- C:\WINDOWS\system32\drivers\s116obex.sys (MCCI Corporation)
DRV - (s116nd5) Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (NDIS) -- C:\WINDOWS\system32\drivers\s116nd5.sys (MCCI Corporation)
DRV - (s116mgmt) Sony Ericsson Device 116 USB WMC Device Management Drivers (WDM) -- C:\WINDOWS\system32\drivers\s116mgmt.sys (MCCI Corporation)
DRV - (s116mdm) -- C:\WINDOWS\system32\drivers\s116mdm.sys (MCCI Corporation)
DRV - (s116mdfl) -- C:\WINDOWS\system32\drivers\s116mdfl.sys (MCCI Corporation)
DRV - (s116bus) Sony Ericsson Device 116 driver (WDM) -- C:\WINDOWS\system32\drivers\s116bus.sys (MCCI Corporation)
DRV - (U81xmdm) -- C:\WINDOWS\system32\drivers\U81xmdm.sys (MCCI)
DRV - (U81xmgmt) LGE U8XXX USB WMC Device Management Drivers (WDM) -- C:\WINDOWS\system32\drivers\U81xmgmt.sys (MCCI)
DRV - (U81xobex) -- C:\WINDOWS\system32\drivers\U81xobex.sys (MCCI)
DRV - (U81xbus) LGE U8XXX driver (WDM) -- C:\WINDOWS\system32\drivers\U81xbus.sys (MCCI)
DRV - (U81xmdfl) -- C:\WINDOWS\system32\drivers\U81xmdfl.sys (MCCI)
DRV - (SiS315) -- C:\WINDOWS\system32\drivers\sisgrp.sys (Silicon Integrated Systems Corporation)
DRV - (SiSkp) -- C:\WINDOWS\system32\drivers\srvkp.sys (Silicon Integrated Systems Corporation)
DRV - (SISNIC) -- C:\WINDOWS\system32\drivers\sisnic.sys (SiS Corporation)
DRV - (TIEHDUSB) -- C:\WINDOWS\system32\drivers\tiehdusb.sys (Texas Instruments Incorporated)
DRV - (SiSide) -- C:\WINDOWS\system32\DRIVERS\siside.sys (Silicon Integrated Systems Corp.)
DRV - (ElbyCDIO) -- C:\WINDOWS\system32\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV - (RegKill) -- C:\WINDOWS\system32\drivers\RegKill.sys (Elaborate Bytes)
DRV - (sisidex) -- C:\WINDOWS\system32\drivers\sisidex.sys (Windows ® 2000 DDK provider)
DRV - (sisperf) -- C:\WINDOWS\system32\drivers\sisperf.sys (Silicon Integrated Systems Corp.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.facebook.com/"
FF - prefs.js..extensions.enabledItems: {4548ECB8-DA60-439A-A00D-5C893F8E1F9A}:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.4
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/27 19:34:22 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/29 16:38:28 | 000,000,000 | ---D | M]

[2010/06/27 16:20:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Caitlin\Application Data\Mozilla\Extensions
[2010/07/01 12:14:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Caitlin\Application Data\Mozilla\Firefox\Profiles\19x75tam.default\extensions
[2010/06/30 10:37:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Caitlin\Application Data\Mozilla\Firefox\Profiles\19x75tam.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/06/27 16:25:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Caitlin\Application Data\Mozilla\Firefox\Profiles\19x75tam.default\extensions\[email protected]
[2010/07/01 12:14:06 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/27 16:15:37 | 000,000,000 | ---D | M] (Seekapp) -- C:\Program Files\Mozilla Firefox\extensions\{4548ECB8-DA60-439A-A00D-5C893F8E1F9A}

O1 HOSTS File: ([2008/08/27 11:44:17 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [RegKillElbyCheck] C:\Program Files\Elaborate Bytes\DVD Region Killer\ElbyCheck.exe (Elaborate Bytes)
O4 - HKLM..\Run: [RegKillTray] C:\Program Files\Elaborate Bytes\DVD Region Killer\RegKillTray.exe (Elaborate Bytes)
O4 - HKLM..\Run: [SiSPower] C:\WINDOWS\System32\SiSPower.dll (Silicon Integrated Systems Corporation)
O4 - HKLM..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe (Analog Devices, Inc.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled [2010/01/04 11:23:59 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0
O8 - Extra context menu item: &D&ownload &with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all video with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: &D&ownload all with BitComet - C:\Program Files\BitComet\BitComet.exe (www.BitComet.com)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre6\bin\npjpi160_13.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.)
O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} http://codecs.micros...cs/i386/fhg.CAB (Reg Error: Key error.)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail....ol/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Caitlin\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Caitlin\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/06/21 11:02:27 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{1321e82d-4bd2-11dd-8094-0011d8355cbd}\Shell - "" = AutoRun
O33 - MountPoints2\{1321e82d-4bd2-11dd-8094-0011d8355cbd}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{f2b4c570-4677-11dd-8084-0011d8355cbd}\Shell - "" = AutoRun
O33 - MountPoints2\{f2b4c570-4677-11dd-8084-0011d8355cbd}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2008/06/21 11:01:44 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: MIDI1 - C:\WINDOWS\System32\Syncor11.dll (SoundMAX)
Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3fhg - C:\WINDOWS\System32\mp3fhg.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.DIVX - C:\WINDOWS\System32\divx.dll (DivX, Inc.)
Drivers32: vidc.ffds - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: VIDC.I420 - C:\WINDOWS\System32\lvcodec2.dll (Logitech Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.VP60 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\WINDOWS\system32\vp6vfw.dll (On2.com)
Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (70382354929025024)

========== Files/Folders - Created Within 30 Days ==========

[2010/06/28 15:43:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2010/06/27 20:12:10 | 000,000,000 | ---D | C] -- C:\Program Files\Pure Motion
[2010/06/27 20:12:09 | 000,000,000 | ---D | C] -- C:\Program Files\Sonic Foundry
[2010/06/27 20:11:54 | 000,000,000 | ---D | C] -- C:\Program Files\DebugMode
[2010/06/27 20:02:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Caitlin\Application Data\avidemux
[2010/06/27 19:34:18 | 000,185,920 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2010/06/27 19:34:18 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2010/06/27 19:34:18 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2010/06/27 19:34:17 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2010/06/27 19:34:08 | 000,232,448 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\WINDOWS\System32\mp3fhg.acm
[2010/06/27 19:34:08 | 000,217,088 | ---- | C] (www.helixcommunity.org) -- C:\WINDOWS\System32\yv12vfw.dll
[2010/06/27 19:34:08 | 000,151,552 | ---- | C] (fccHandler) -- C:\WINDOWS\System32\ac3acm.acm
[2010/06/27 19:34:07 | 000,094,208 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\dpl100.dll
[2010/06/27 19:34:06 | 000,720,384 | ---- | C] (DivX, Inc.) -- C:\WINDOWS\System32\divx.dll
[2010/06/27 19:20:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2010/06/27 16:28:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9 Installer
[2010/06/27 16:19:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Caitlin\Local Settings\Application Data\Mozilla
[2010/06/27 16:19:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Caitlin\Application Data\Mozilla
[2010/06/27 16:15:27 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/06/26 22:51:35 | 000,164,048 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2010/06/26 22:51:35 | 000,100,432 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2010/06/26 22:51:35 | 000,046,672 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2010/06/26 22:51:35 | 000,023,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2010/06/26 22:51:35 | 000,019,024 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2010/06/26 22:51:34 | 000,094,800 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2010/06/26 22:51:34 | 000,028,880 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2010/06/26 22:50:45 | 000,165,032 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2010/06/26 22:50:45 | 000,038,848 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\avastSS.scr
[2010/06/26 10:29:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/06/26 10:28:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/06/26 09:53:15 | 000,000,000 | ---D | C] -- C:\temp_dvd
[2010/06/25 17:56:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Caitlin\Desktop\Glee
[2010/06/19 11:37:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Caitlin\Application Data\vlc
[2010/06/19 11:35:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Caitlin\My Documents\New Folder
[2010/06/19 11:34:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Caitlin\Application Data\Haihaisoft
[2010/06/19 11:34:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Caitlin\Application Data\Haihaisoft Universal Player
[2010/06/19 11:34:27 | 000,000,000 | ---D | C] -- C:\Program Files\Haihaisoft Universal Player
[2010/06/19 11:14:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Caitlin\Application Data\Media Player Classic
[2010/06/19 11:10:53 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack
[2010/06/17 18:10:58 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/06/17 18:08:03 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/06/17 18:06:05 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2010/06/12 22:57:45 | 000,000,000 | ---D | C] -- C:\Program Files\CyberLink
[2010/06/12 22:57:32 | 000,299,008 | ---- | C] (InstallShield Corporation, Inc.) -- C:\WINDOWS\uninst.exe
[2010/06/10 14:05:47 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2010/06/04 17:42:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

========== Files - Modified Within 30 Days ==========

[2010/07/01 12:03:09 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/07/01 12:03:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/06/30 13:06:08 | 006,815,744 | -H-- | M] () -- C:\Documents and Settings\Caitlin\NTUSER.DAT
[2010/06/30 13:06:08 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Caitlin\ntuser.ini
[2010/06/29 16:38:29 | 000,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/06/28 16:27:14 | 000,074,752 | ---- | M] () -- C:\Documents and Settings\Caitlin\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/28 12:12:08 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/28 12:10:00 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{73CFD3BF-174C-46B3-9A95-5409938A887B}.job
[2010/06/28 11:57:04 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/06/28 09:56:04 | 000,000,264 | ---- | M] () -- C:\WINDOWS\tasks\OGADaily.job
[2010/06/27 21:40:20 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\standby.job
[2010/06/27 21:38:12 | 000,000,041 | ---- | M] () -- C:\Documents and Settings\Caitlin\Desktop\standby.bat
[2010/06/27 20:00:59 | 011,139,277 | ---- | M] () -- C:\Documents and Settings\Caitlin\Desktop\avidemux_2.5.3_win32.exe
[2010/06/27 16:19:39 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2010/06/27 16:15:37 | 000,001,626 | ---- | M] () -- C:\Documents and Settings\Caitlin\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/06/27 16:15:37 | 000,001,608 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/06/26 22:51:37 | 000,001,706 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/06/26 22:51:35 | 000,002,639 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/06/25 23:30:30 | 000,488,244 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/25 23:30:30 | 000,432,356 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/25 23:30:30 | 000,067,312 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/19 11:35:45 | 000,000,719 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2010/06/17 18:09:56 | 000,001,610 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/06/17 18:08:08 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/06/12 22:16:00 | 000,214,472 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/12 22:14:43 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/06/11 20:26:31 | 000,000,865 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/06/03 19:35:09 | 006,427,026 | -H-- | M] () -- C:\Documents and Settings\Caitlin\Local Settings\Application Data\IconCache.db
[2010/06/02 18:00:00 | 000,278,528 | ---- | M] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2010/06/02 18:00:00 | 000,185,920 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\rmoc3260.dll
[2010/06/02 18:00:00 | 000,108,032 | ---- | M] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/06/02 18:00:00 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5016.dll
[2010/06/02 18:00:00 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\WINDOWS\System32\pndx5032.dll
[2010/06/02 18:00:00 | 000,000,038 | ---- | M] () -- C:\WINDOWS\avisplitter.ini

========== Files Created - No Company Name ==========

[2010/06/29 16:38:28 | 000,001,729 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2010/06/27 21:40:20 | 000,000,350 | ---- | C] () -- C:\WINDOWS\tasks\standby.job
[2010/06/27 21:38:12 | 000,000,041 | ---- | C] () -- C:\Documents and Settings\Caitlin\Desktop\standby.bat
[2010/06/27 20:00:26 | 011,139,277 | ---- | C] () -- C:\Documents and Settings\Caitlin\Desktop\avidemux_2.5.3_win32.exe
[2010/06/27 19:34:15 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010/06/27 19:34:07 | 000,881,664 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/06/27 19:34:07 | 000,205,824 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/06/27 19:34:06 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/06/27 19:34:06 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2010/06/27 16:19:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/06/27 16:15:37 | 000,001,626 | ---- | C] () -- C:\Documents and Settings\Caitlin\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/06/27 16:15:37 | 000,001,608 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/06/26 22:51:37 | 000,001,706 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2010/06/19 11:35:45 | 000,000,719 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VLC media player.lnk
[2010/06/17 18:11:55 | 000,002,137 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/06/17 18:09:56 | 000,001,610 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/03/17 15:42:59 | 006,963,712 | ---- | C] () -- C:\WINDOWS\System32\videotrans.dll
[2010/03/17 15:42:59 | 000,452,608 | ---- | C] () -- C:\WINDOWS\System32\videoformat.dll
[2010/03/17 15:42:59 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2010/03/17 15:42:59 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\viscomgifenc.dll
[2010/03/17 15:42:59 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\viscomtran.dll
[2010/03/17 15:42:59 | 000,154,624 | ---- | C] () -- C:\WINDOWS\System32\imgscaler.dll
[2010/03/17 15:42:59 | 000,028,160 | ---- | C] () -- C:\WINDOWS\System32\img_utils.dll
[2010/03/17 15:42:59 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\videocore.dll
[2009/12/27 08:07:41 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2009/12/12 15:34:26 | 000,000,034 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2009/10/30 12:32:14 | 000,000,736 | ---- | C] () -- C:\WINDOWS\DigimaxMaster.INI
[2009/06/04 22:02:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2009/05/04 20:30:06 | 000,066,482 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2008/12/31 16:04:42 | 000,691,560 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2008/09/24 15:14:46 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/08/06 07:18:13 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\imsispd.dll
[2008/08/06 07:18:13 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\DGRip.dll
[2008/08/06 07:18:08 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\imslevel.dll
[2008/07/26 08:25:02 | 000,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2008/07/09 13:15:49 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\FoxImager.dll
[2008/06/30 12:31:36 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\CNMVS7B.DLL
[2008/06/29 23:04:56 | 000,383,238 | ---- | C] () -- C:\WINDOWS\System32\libmp3lame-0.dll
[2008/06/24 19:34:56 | 000,000,050 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/06/21 13:41:17 | 000,103,172 | ---- | C] () -- C:\WINDOWS\VGAsetup.ini
[2008/06/21 13:40:46 | 000,096,075 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini
[2008/06/21 13:38:43 | 000,139,264 | R--- | C] () -- C:\WINDOWS\System32\IDEproperty.dll
[2008/06/21 12:54:12 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/06/21 12:39:58 | 000,002,997 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2008/06/21 12:39:55 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2005/10/14 20:56:50 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/06/03 18:58:19 | 017,043,476 | ---- | M] () -- C:\20090603_185617_bcdds.nba
[2008/06/21 11:02:27 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2008/06/21 10:51:17 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2008/08/27 20:14:45 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2008/08/28 14:31:02 | 000,018,775 | ---- | M] () -- C:\ComboFix.txt
[2008/06/21 11:02:27 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2008/06/21 11:02:27 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008/06/21 11:02:27 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 22:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/08/26 10:10:07 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2010/07/01 12:03:00 | 754,974,720 | -HS- | M] () -- C:\pagefile.sys
[2009/10/11 12:21:28 | 000,000,514 | ---- | M] () -- C:\Searches.txt
[2009/02/03 20:48:17 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2009/02/04 22:44:27 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2009/02/07 12:15:01 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2009/02/08 13:57:11 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
[2009/02/23 21:40:56 | 000,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
[2009/01/19 21:29:09 | 000,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
[2009/01/20 10:11:52 | 000,000,268 | -H-- | M] () -- C:\sqmdata06.sqm
[2009/01/21 22:05:52 | 000,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
[2009/01/23 20:53:12 | 000,000,232 | -H-- | M] () -- C:\sqmdata08.sqm
[2009/01/23 21:28:46 | 000,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
[2009/01/24 18:20:43 | 000,000,268 | -H-- | M] () -- C:\sqmdata10.sqm
[2009/01/25 11:48:31 | 000,000,268 | -H-- | M] () -- C:\sqmdata11.sqm
[2009/01/26 16:27:34 | 000,000,268 | -H-- | M] () -- C:\sqmdata12.sqm
[2009/01/26 20:38:47 | 000,000,268 | -H-- | M] () -- C:\sqmdata13.sqm
[2009/01/27 15:18:40 | 000,000,268 | -H-- | M] () -- C:\sqmdata14.sqm
[2009/01/28 15:11:57 | 000,000,268 | -H-- | M] () -- C:\sqmdata15.sqm
[2009/01/29 21:40:32 | 000,000,268 | -H-- | M] () -- C:\sqmdata16.sqm
[2009/01/30 21:15:43 | 000,000,268 | -H-- | M] () -- C:\sqmdata17.sqm
[2009/01/31 21:58:25 | 000,000,268 | -H-- | M] () -- C:\sqmdata18.sqm
[2009/02/02 22:02:26 | 000,000,268 | -H-- | M] () -- C:\sqmdata19.sqm
[2009/02/03 20:48:17 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2009/02/04 22:44:27 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2009/02/07 12:15:01 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2009/02/08 13:57:10 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2009/02/23 21:40:56 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2009/01/19 21:29:09 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2009/01/20 10:11:52 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2009/01/21 22:05:52 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2009/01/23 20:53:12 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2009/01/23 21:28:46 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2009/01/24 18:20:43 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2009/01/25 11:48:31 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2009/01/26 16:27:34 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2009/01/26 20:38:47 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2009/01/27 15:18:39 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2009/01/28 15:11:57 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2009/01/29 21:40:32 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2009/01/30 21:15:43 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2009/01/31 21:58:24 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2009/02/02 22:02:26 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
[2008/08/03 20:31:33 | 000,508,198 | ---- | M] () -- C:\vcredist_x86.log

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/06/21 19:56:53 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008/06/21 19:56:53 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008/06/21 19:56:53 | 000,880,640 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
< End of report >
  • 0

#4
ihavenews0cks

ihavenews0cks

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts
GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-01 18:35:32
Windows 5.1.2600 Service Pack 3
Running: 1u8syu5l.exe; Driver: C:\DOCUME~1\Caitlin\LOCALS~1\Temp\uftdqpod.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xB755AC7A]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xB755AB36]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteKey [0xB755B0EA]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xB755B014]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xB755A70C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xB755AC10]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xB755A64C]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xB755A6B0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xB755AD30]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRenameKey [0xB755B1B8]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xB755ACF0]
SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xB755AE70]

Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateProcessEx [0xB7567AC6]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateSection [0xB75678EA]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwLoadDriver [0xB7567A24]
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) NtCreateSection
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObInsertObject
Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ObMakeTemporaryObject

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!_abnormal_termination + 148 804E27B4 4 Bytes JMP 27B755B0
PAGE ntoskrnl.exe!ObInsertObject 8056503A 5 Bytes JMP B7564EC2 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntoskrnl.exe!NtCreateSection 805652B3 7 Bytes JMP B75678EE \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntoskrnl.exe!ZwCreateProcessEx 8057FE4C 7 Bytes JMP B7567ACA \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntoskrnl.exe!ObMakeTemporaryObject 8059F8CA 5 Bytes JMP B7563536 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
PAGE ntoskrnl.exe!ZwLoadDriver 805A3B73 7 Bytes JMP B7567A28 \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software)
.rsrc C:\WINDOWS\system32\DRIVERS\cdrom.sys entry point in ".rsrc" section [0xF6A92394]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\svchost.exe[1004] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0092000A
.text C:\WINDOWS\System32\svchost.exe[1004] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0093000A
.text C:\WINDOWS\System32\svchost.exe[1004] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0091000C
.text C:\WINDOWS\System32\svchost.exe[1004] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 021B000A
.text C:\WINDOWS\System32\svchost.exe[1004] ole32.dll!CoCreateInstance 7750057E 3 Bytes JMP 00DC000A
.text C:\WINDOWS\System32\svchost.exe[1004] ole32.dll!CoCreateInstance + 4 77500582 1 Byte [89]
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1080] USER32.dll!TrackPopupMenu 7E46531E 5 Bytes JMP 104505FE C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1400] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 0136000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[1400] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 0137000A
.text C:\Program Files\Mozilla Firefox\firefox.exe[1400] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 0135000C
.text C:\WINDOWS\Explorer.EXE[1452] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00B7000A
.text C:\WINDOWS\Explorer.EXE[1452] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00BD000A
.text C:\WINDOWS\Explorer.EXE[1452] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B6000C

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/ALWIL Software)

AttachedDevice \FileSystem\Ntfs \Ntfs sisidex.sys (SISIDEX Driver/Windows ® 2000 DDK provider)
AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)
AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software)

Device -> \Driver\atapi \Device\Harddisk0\DR0 85242EC5

---- Files - GMER 1.0.15 ----

File C:\WINDOWS\system32\DRIVERS\cdrom.sys suspicious modification
File C:\WINDOWS\system32\drivers\atapi.sys suspicious modification

---- EOF - GMER 1.0.15 ----
  • 0

#5
ihavenews0cks

ihavenews0cks

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts
Sorry I had to post them this way. My browser would not let me do it any other way, I don't know if there was something wrong with the extras text but as soon as I clicked add reply it would tell me the page could not be opened. Hence the attachment.

Attached Files


  • 0

#6
RPMcMurphy

RPMcMurphy

    Trusted Helper

  • Malware Removal
  • 930 posts
ihavenews0cks,

Posted Image You are infected with a trojan know to sometimes have backdoor properties and a rootkit. Rootkits and Backdoor Trojans are very dangerous because they can steal sensitive information which they send back to the hacker. You should limit your online activity until your system is cleaned. All passwords should be changed using a different computer and, if necessary, banking and credit card institutions should be notified of the possible security breach.


Posted Image P2P - I see you have P2P software (BitComet & FrostWire) installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to malware infections. Malware authors use P2P filesharing as a major conduit to spread their wares. I would strongly recommend that you uninstall these now. You can do so via Control Panel >> Add or Remove Programs. If you choose to keep these applications, please do not use them until our fixes at GtG are complete.

Posted Image Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.


Please include the following in your next post:
  • ComboFix log

  • 0

#7
ihavenews0cks

ihavenews0cks

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts
ComboFix 10-07-01.02 - Caitlin 03/07/2010 13:46:04.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.479.194 [GMT 10:00]
Running from: c:\documents and settings\Caitlin\Desktop\ComboFix.exe
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\SeekappSrch
c:\documents and settings\All Users\Application Data\SeekappSrch\seekapp199.exe
c:\documents and settings\Caitlin\Application Data\inst.exe
c:\program files\SeekappSrch
c:\program files\SeekappSrch\seekapp.dll
c:\program files\SeekappSrch\seekappsrch.exe
c:\program files\SeekappSrch\uninstall.exe
c:\windows\TEMP\logishrd\LVPrcInj01.dll

Infected copy of c:\windows\system32\drivers\cdrom.sys was found and disinfected
Restored copy from - Kitty had a snack :)
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SeekappSrch_Service
-------\Legacy_SeekappSrch_Service
-------\Service_SeekappSrch Service
-------\Service_SeekappSrch Service


((((((((((((((((((((((((( Files Created from 2010-06-03 to 2010-07-03 )))))))))))))))))))))))))))))))
.

2010-06-28 05:43 . 2010-06-28 05:48 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Adobe
2010-06-27 10:12 . 2010-06-27 10:12 -------- d-----w- c:\program files\Pure Motion
2010-06-27 10:12 . 2010-06-27 10:12 -------- d-----w- c:\program files\Sonic Foundry
2010-06-27 10:11 . 2010-06-29 06:30 -------- d-----w- c:\program files\DebugMode
2010-06-27 10:02 . 2010-06-27 10:03 -------- d-----w- c:\documents and settings\Caitlin\Application Data\avidemux
2010-06-27 09:34 . 2004-01-25 16:18 217088 ----a-w- c:\windows\system32\yv12vfw.dll
2010-06-27 09:34 . 2010-03-31 01:49 94208 ----a-w- c:\windows\system32\dpl100.dll
2010-06-27 09:34 . 2009-05-29 21:37 205824 ----a-w- c:\windows\system32\xvidvfw.dll
2010-06-27 09:34 . 2009-05-29 21:31 881664 ----a-w- c:\windows\system32\xvidcore.dll
2010-06-27 09:34 . 2010-06-02 08:00 108032 ----a-w- c:\windows\system32\ff_vfw.dll
2010-06-27 09:34 . 2010-02-19 19:27 720384 ----a-w- c:\windows\system32\divx.dll
2010-06-27 09:20 . 2010-06-27 09:20 -------- d-----w- c:\program files\Common Files\Windows Live
2010-06-27 06:19 . 2010-06-27 06:19 0 ----a-w- c:\windows\nsreg.dat
2010-06-27 06:19 . 2010-06-27 06:19 -------- d-----w- c:\documents and settings\Caitlin\Local Settings\Application Data\Mozilla
2010-06-26 12:51 . 2010-05-06 20:39 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-26 12:51 . 2010-05-06 20:39 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-26 12:51 . 2010-05-06 20:34 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-26 12:51 . 2010-05-06 20:33 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-06-26 12:51 . 2010-05-06 20:33 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-26 12:51 . 2010-05-06 20:33 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-06-26 12:51 . 2010-05-06 20:33 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-06-26 12:50 . 2010-05-06 20:59 38848 ----a-w- c:\windows\system32\avastSS.scr
2010-06-26 12:50 . 2010-05-06 20:59 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-25 23:53 . 2010-06-26 00:51 -------- d-----w- C:\temp_dvd
2010-06-19 01:37 . 2010-07-01 06:55 -------- d-----w- c:\documents and settings\Caitlin\Application Data\vlc
2010-06-19 01:34 . 2010-06-19 01:34 -------- d-----w- c:\documents and settings\Caitlin\Application Data\Haihaisoft
2010-06-19 01:34 . 2010-06-19 01:34 -------- d-----w- c:\documents and settings\Caitlin\Application Data\Haihaisoft Universal Player
2010-06-19 01:34 . 2010-06-19 01:36 -------- d-----w- c:\program files\Haihaisoft Universal Player
2010-06-19 01:14 . 2010-06-19 01:15 -------- d-----w- c:\documents and settings\Caitlin\Application Data\Media Player Classic
2010-06-19 01:10 . 2010-06-27 09:34 -------- d-----w- c:\program files\K-Lite Codec Pack
2010-06-17 09:27 . 2010-06-17 09:27 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache
2010-06-17 08:10 . 2010-06-17 08:10 -------- d-----w- c:\program files\iPod
2010-06-17 08:08 . 2010-06-17 08:08 -------- d-----w- c:\program files\Apple Software Update
2010-06-17 08:06 . 2010-06-17 08:06 -------- d-----w- c:\program files\Bonjour
2010-06-12 12:57 . 2010-06-12 12:57 -------- d-----w- c:\program files\CyberLink
2010-06-12 12:57 . 1996-11-05 06:13 299008 ----a-w- c:\windows\uninst.exe
2010-06-10 04:05 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2010-06-04 07:42 . 2010-06-04 07:44 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-28 05:36 . 2009-08-01 09:28 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-06-27 09:31 . 2008-06-24 09:32 -------- d-----w- c:\program files\Common Files\Real
2010-06-27 06:31 . 2008-06-21 02:47 -------- d-----w- c:\program files\Common Files\Adobe
2010-06-27 06:27 . 2008-12-14 11:29 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-06-27 06:26 . 2010-06-27 06:26 71680 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2010-06-27 01:00 . 2008-08-28 10:10 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-26 13:10 . 2008-08-30 09:16 -------- d-----w- c:\program files\iDump
2010-06-26 12:50 . 2010-02-28 02:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-06-25 08:10 . 2008-09-25 06:15 -------- d-----w- c:\documents and settings\Caitlin\Application Data\FrostWire
2010-06-25 04:20 . 2008-07-01 03:01 -------- d-----w- c:\documents and settings\Caitlin\Application Data\dvdcss
2010-06-25 04:19 . 2010-06-25 04:19 501936 ----a-w- c:\documents and settings\All Users\Application Data\Google\Google Toolbar\Update\gtb4.tmp.exe
2010-06-17 08:13 . 2008-06-22 04:31 -------- d-----w- c:\documents and settings\Caitlin\Application Data\Apple Computer
2010-06-17 08:11 . 2009-04-08 09:23 -------- d-----w- c:\program files\iTunes
2010-06-17 08:10 . 2008-06-22 04:27 -------- d-----w- c:\program files\Common Files\Apple
2010-06-17 08:10 . 2008-11-28 02:08 -------- d-----w- c:\program files\QuickTime
2010-06-15 10:01 . 2010-06-15 10:01 72504 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.2.0.61\SetupAdmin.exe
2010-06-11 11:08 . 2010-04-11 11:13 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-09 08:06 . 2010-06-09 08:06 976832 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\32111\AdobeARM.exe
2010-06-09 08:06 . 2010-06-09 08:06 70584 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\32111\AdobeExtractFiles.dll
2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\32111\ReaderUpdater.exe
2010-06-09 08:06 . 2010-06-09 08:06 331176 ----a-w- c:\documents and settings\All Users\Application Data\Adobe\Reader\9.3\ARM\32111\AcrobatUpdater.exe
2010-05-27 04:16 . 2010-05-27 04:16 58 ----a-w- c:\windows\showalarm.bat
2010-05-27 04:15 . 2010-05-27 04:15 321 ----a-w- c:\windows\setalarm.bat
2010-05-23 23:07 . 2008-09-29 04:21 40924 ---ha-w- c:\windows\system32\mlfcache.dat
2010-05-22 05:30 . 2009-02-06 00:32 -------- d-----w- c:\documents and settings\Caitlin\Application Data\Skype
2010-05-22 05:10 . 2009-02-06 00:33 -------- d-----w- c:\documents and settings\Caitlin\Application Data\skypePM
2010-05-22 05:09 . 2010-05-22 05:09 -------- d-----w- c:\program files\Common Files\Skype
2010-05-22 05:09 . 2009-02-06 00:31 -------- d-----r- c:\program files\Skype
2010-05-22 05:08 . 2009-02-06 00:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2010-05-18 06:35 . 2010-05-18 06:35 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-05-18 06:35 . 2010-05-18 06:35 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-05-12 09:37 . 2008-06-21 04:53 57616 ----a-w- c:\documents and settings\Caitlin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-05-06 10:41 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2004-08-04 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-29 05:39 . 2008-08-28 10:10 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 05:39 . 2008-08-28 10:10 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-20 05:30 . 2004-08-04 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-19 10:47 . 2009-03-19 09:15 3062048 ----a-w- c:\windows\system32\usbaaplrc.dll
2010-04-19 10:47 . 2008-07-19 04:47 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2008-09-22 12:53 . 2008-09-22 12:53 604 ---ha-w- c:\program files\STLL Notifier
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-04-29 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-04 143360]
"SiSPower"="SiSPower.dll" [2004-09-02 49152]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2010-04-12 47392]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-06-15 141624]
"RegKillElbyCheck"="c:\program files\Elaborate Bytes\DVD Region Killer\ElbyCheck.exe" [2001-12-06 45056]
"RegKillTray"="c:\program files\Elaborate Bytes\DVD Region Killer\RegKillTray.exe" [2002-04-13 49152]
"avast5"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2010-05-06 2815192]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
NETGEAR WG111v3 Smart Wizard.lnk - c:\program files\NETGEAR\WG111v3\WG111v3.exe [2008-7-1 2326528]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
"NoFileAssociate"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitComet]
2009-12-28 09:24 2940664 ----a-w- c:\program files\BitComet\BitComet.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]
2008-08-14 07:11 565008 ----a-w- c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
2008-08-14 07:15 2407184 ----a-w- c:\program files\Logitech\QuickCam\Quickcam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-03-08 19:19 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\FrostWire\\FrostWire.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaws.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\system32\\winver.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"9157:TCP"= 9157:TCP:BitComet 9157 TCP
"9157:UDP"= 9157:UDP:BitComet 9157 UDP

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [26/06/2010 10:51 PM 164048]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [26/06/2010 10:51 PM 19024]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [9/10/2007 12:13 PM 38144]
R3 RegKill;RegKill;c:\windows\system32\drivers\RegKill.sys [28/11/2002 7:46 AM 6400]
R3 RTL8187B;NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter Vista Driver;c:\windows\system32\drivers\wg111v3.sys [28/12/2007 2:02 PM 287232]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [29/04/2010 12:33 PM 136176]
S3 Cam3820;Cam3820 PC Camera Driver;c:\windows\system32\drivers\cam3820a.sys [1/08/2008 1:39 PM 239616]
S3 DfSdkS;Defragmentation-Service;c:\program files\Ashampoo\Ashampoo WinOptimizer 6\DfSdkS.exe [30/11/2009 3:57 PM 406016]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder

2010-06-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 01:50]

2010-05-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-29 02:33]

2010-06-27 c:\windows\Tasks\OGADaily.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 06:04]

2009-11-30 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAVerify.exe [2008-12-31 06:04]

2010-06-27 c:\windows\Tasks\standby.job
- c:\documents and settings\Caitlin\Desktop\standby.bat [2010-06-27 11:38]

2010-06-28 c:\windows\Tasks\User_Feed_Synchronization-{73CFD3BF-174C-46B3-9A95-5409938A887B}.job
- c:\windows\system32\msfeedssync.exe [2007-08-13 18:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.facebook.com/
uInternet Settings,ProxyOverride = *.local
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: {{898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
FF - ProfilePath - c:\documents and settings\Caitlin\Application Data\Mozilla\Firefox\Profiles\19x75tam.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Virtools\3D Life Player\npvirtools.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr
ef", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-PC Suite Tray - c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
AddRemove-SeekappSrch - c:\program files\SeekappSrch\uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-03 13:59
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(6036)
c:\windows\system32\WININET.dll
c:\windows\TEMP\logishrd\LVPrcInj01.dll
c:\program files\iTunes\iTunesMiniPlayer.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll
c:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
c:\program files\Analog Devices\SoundMAX\SMAgent.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2010-07-03 14:05:54 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-03 04:05
ComboFix2.txt 2008-08-28 04:31
ComboFix3.txt 2008-08-27 02:00

Pre-Run: 25,320,140,800 bytes free
Post-Run: 25,310,285,824 bytes free

- - End Of File - - 7D706773B9E6502279708B43F9F59A70
  • 0

#8
RPMcMurphy

RPMcMurphy

    Trusted Helper

  • Malware Removal
  • 930 posts
ihavenews0cks,

That looks better - how is it running? Please run these for me next:

Posted Image You have this program installed, Malwarebytes' Anti-Malware (MBAM). Please update it and run a scan.

Open MBAM
  • Click the Update tab
  • Click Check for Updates
  • If an update is found, it will download and install the latest version.
  • The program will close to update and reopen.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Posted Image Using Internet Explorer or Firefox, visit Kaspersky Online Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.

2. To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan. Click HERE to see how to disable the most common antivirus programs.
3. Click Run at the Security prompt.

The program will then begin downloading and installing and will also update the database.
Please be patient as this can take quite a long time to download.
  • Once the update is complete, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, adware, dialers, and other riskware
    • Archives
    • E-mail databases
  • Click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View report... at the bottom.
  • Click the Save report... button.

    Posted Image

  • Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next reply
Please include the following in your next post:
  • MBAM log
  • Kaspersky log

  • 0

#9
ihavenews0cks

ihavenews0cks

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts
I could not get the Kaspersky scan to work. It downloaded the updates the first time I tried it and then when I got to scanning it didn't work. I left it for a few hours and it didn't do anything. I think that might have something to do with the terrible RAM on my machine. I tried it a second time and the updates were taking a very long time again and I don't have enough usage to download close to 1 Gb of updates again. Is there any substitutes?

But everything seems to be working well after the Combo Fix.


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org


Database version: 4269

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

3/07/2010 5:27:29 PM
mbam-log-2010-07-03 (17-27-29).txt

Scan type: Quick scan
Objects scanned: 132129
Time elapsed: 9 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#10
RPMcMurphy

RPMcMurphy

    Trusted Helper

  • Malware Removal
  • 930 posts
Hi,

Please give this a try:

Posted Image Please run ESET Online Scanner
  • Place a check mark in the box YES, I accept the Terms Of Use
  • Click the Start button.
  • Now click the Install button.
  • Click Start. The scanner engine will initialize and update.
  • Do Not place a check mark in the box beside Remove found threats.
  • Click the Scan button. The scan will now run, please be patient.
  • When the scan finishes click the Details tab.
  • Copy and paste the contents of the C:\ProgramFiles\EsetOnlineScanner\log.txt into your next reply.

  • 0

#11
ihavenews0cks

ihavenews0cks

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts
[email protected] as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=00e92311807dff498113c8a2ccb75e57
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-07-08 07:52:30
# local_time=2010-07-08 05:52:30 (+1000, AUS Eastern Standard Time)
# country="Australia"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=514 16777214 0 1 63719002 63719002 0 0
# compatibility_mode=768 16777175 100 0 10411768 10411768 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=63031
# found=9
# cleaned=0
# scan_time=4864
C:\Documents and Settings\Caitlin\Desktop\Downloads (BitComet)\Ahead - Nero 8.3.6.0 Keygen&Crack [NEMESIS]\Nero-8.3.6.0_eng_trial.exe Win32/Toolbar.AskSBar application 00000000000000000000000000000000 I
C:\Documents and Settings\Caitlin\Desktop\Downloads (BitComet)\Metro Station - Metro Station [2008]\01 Seventeen Forever.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan 00000000000000000000000000000000 I
C:\QooBox\Quarantine\C\Documents and Settings\All Users\Application Data\SeekappSrch\seekapp199.exe.vir a variant of Win32/Adware.OneStep.H application 00000000000000000000000000000000 I
C:\QooBox\Quarantine\C\Program Files\SeekappSrch\seekappsrch.exe.vir a variant of Win32/Adware.OneStep.H application 00000000000000000000000000000000 I
C:\QooBox\Quarantine\C\WINDOWS\system32\eojqchau.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\QooBox\Quarantine\C\WINDOWS\system32\FeKjlnnn.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\QooBox\Quarantine\C\WINDOWS\system32\FeKjlnnn.ini2.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\QooBox\Quarantine\C\WINDOWS\system32\ntcvldbs.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
C:\QooBox\Quarantine\C\WINDOWS\system32\sqxipmkc.ini.vir Win32/Adware.Virtumonde.NEO application 00000000000000000000000000000000 I
  • 0

#12
RPMcMurphy

RPMcMurphy

    Trusted Helper

  • Malware Removal
  • 930 posts
ihavenews0cks,

Posted ImageYour logs indicate that you are using cracks and/or keygens. We don't support software piracy on this forum so, while I’ll deal with your current problem, any further help will be based on you not being seen to involve yourself with such practices in the future. This is the main reason your computer is infected. Visiting cracksites/warezsites - and other questionable/illegal sites is always a risk. You are running executable files from dubious, unknown sources. You are in effect giving these sources access to information on your hard disk, and potential control over the operation of your computer.

Posted Image Run OTL.exe
  • Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

    :Files
    C:\Documents and Settings\Caitlin\Desktop\Downloads (BitComet)\Ahead - Nero 8.3.6.0 Keygen&Crack [NEMESIS]\Nero-8.3.6.0_eng_trial.exe 
    C:\Documents and Settings\Caitlin\Desktop\Downloads (BitComet)\Metro Station - Metro Station [2008]\01 Seventeen Forever.mp3 
    
    :Commands
    [EmptyFlash]
    [EmptyTemp]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, it will reboot when it is done and produce a log
Please include the following in your next post:
  • OTL Fix log

  • 0

#13
ihavenews0cks

ihavenews0cks

    Member

  • Topic Starter
  • Member
  • PipPip
  • 61 posts
All processes killed
========== FILES ==========
C:\Documents and Settings\Caitlin\Desktop\Downloads (BitComet)\Ahead - Nero 8.3.6.0 Keygen&Crack [NEMESIS]\Nero-8.3.6.0_eng_trial.exe moved successfully.
C:\Documents and Settings\Caitlin\Desktop\Downloads (BitComet)\Metro Station - Metro Station [2008]\01 Seventeen Forever.mp3 moved successfully.
========== COMMANDS ==========

[EMPTYFLASH]

User: Administrator

User: All Users

User: Caitlin
->Flash cache emptied: 20898 bytes

User: Default User
->Flash cache emptied: 56504 bytes

User: LocalService

User: NetworkService
->Flash cache emptied: 21177 bytes

Total Flash Files Cleaned = 0.00 mb


[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Caitlin
->Temp folder emptied: 227238442 bytes
->Temporary Internet Files folder emptied: 1065605 bytes
->Java cache emptied: 1807641 bytes
->FireFox cache emptied: 104168176 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 65748 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 114939 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 372028970 bytes

Total Files Cleaned = 674.00 mb


OTL by OldTimer - Version 3.2.7.0 log created on 07102010_112809

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.
File move failed. C:\WINDOWS\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.

Registry entries deleted on Reboot...
  • 0

#14
RPMcMurphy

RPMcMurphy

    Trusted Helper

  • Malware Removal
  • 930 posts
ihavenews0cks,

Your logs look good now. All we have left to do are some important updates and cleanup:

Posted Image Your Java is out of date.

Java™ 6 Update 13 can be updated from the Java control panel Start > Control Panel (Classic View) > Java (looks like a coffee cup) > Update Tab > Update Now. An update should begin; follow the prompts. If it does not, let me know.

Once the install is complete...

Go into the Control Panel and double-click the Java Icon. (looks like a coffee cup)
  • On the General tab, under Temporary Internet Files, click the Settings button.
  • Next, click on the Delete Files button
  • There are two options in the window to clear the cache - Leave BOTH Checked
    • Applications and Applets
    • Trace and Log Files
  • Click OK on Delete Temporary Files Window
Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.
Posted Image Your Adobe reader needs to be updated. Please visit Adobe's site and grab the newest version.

Posted Image Go HERE to scan for any other out of date and/or vulnerable applications on your computer and follow the instructions given for updating them.

Posted Image Uninstall ComboFix
  • Press the Windows key + R on your keyboard or click Start -> Run. Copy and past the following text into the run box that opens and press OK:
    Combofix /Uninstall
Posted Image

Posted Image Clean up with OTL:
  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.
  • Manually delete any remaining logs or tools.
Posted Image Finally, I'd like to make a couple of suggestions to help you stay clean in the future:
  • Restart any anti-malware programs that we disabled while we were cleaning your machine.
  • Keep your antivirus application current and updated. Also, hang on to MBAM. Scan with them at least weekly.
  • Avoid using P2P programs, cracks and keygens! Refer back to my earlier post for more information.
  • Consider running in a limited user account. See this post for more information.
  • Please carefully review the information in our Preventing Malware and Safe Computing thread located HERE
Please post once more so I know you are all set and I can close this thread. Good luck and stay safe!
  • 0

#15
RPMcMurphy

RPMcMurphy

    Trusted Helper

  • Malware Removal
  • 930 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP