Jump to content
Sign in to follow this  
StanB

Browser Redirect

Recommended Posts

My browser gets redirected to different web sites when I click on a Google search result. This happens with both IE 6.0 and Firefox. In addition to the Google search redirect, occasionally Firefox will open a new tab for a random web site. Also, I can not access the Windows Update site.

 

I have used Malwarebytes' Anti-Malware and Avast Free Antivirus to scan my hard drive several times. The first time I scanned my hard drive, Malwarebytes and Avast both found many problem files which I removed. However the problem continued.

 

SuperAntiSpyware Free Edition found a few additional problem files which I quarantined.

 

The last time I scanned my hard drive, neither Malwarebytes nor Avast found any infected files, but the browser redirect problem is still here.

 

** hijackthis.log **

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 4:57:32 PM, on 6/5/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe

C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

C:\Program Files\Common Files\Motive\McciCMService.exe

C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe

C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\WINDOWS\Explorer.EXE

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\AT&T\Internet Security Wizard\ISW.exe

C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\HPQ\SHARED\HPQWMI.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=presario&pf=laptop

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)

O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll

O2 - BHO: (no name) - {6a2025e6-a562-4884-ac76-c1d75533a67a} - gahiboru.dll (file missing)

O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100604222733.dll

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll

O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll

O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [soundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

O4 - HKLM\..\Run: [soundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe

O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start

O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe

O4 - HKLM\..\Run: [iSUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup

O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start

O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [iSW.exe] "C:\Program Files\AT&T\Internet Security Wizard\ISW.exe" /AUTORUN

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet

O4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

O4 - HKUS\S-1-5-18\..\Run: [security Guard] "C:\Documents and Settings\All Users\Application Data\a656eba\SGa656.exe" /s /d (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [security Guard] "C:\Documents and Settings\All Users\Application Data\a656eba\SGa656.exe" /s /d (User 'Default user')

O4 - S-1-5-18 Startup: AutoMailer.lnk = C:\Troopmaster Software\AutoMailer\AutoMailer.exe (User 'SYSTEM')

O4 - .DEFAULT Startup: AutoMailer.lnk = C:\Troopmaster Software\AutoMailer\AutoMailer.exe (User 'Default user')

O4 - Startup: AutoMailer.lnk = C:\Troopmaster Software\AutoMailer\AutoMailer.exe

O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Monitor Apache Servers.lnk = C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe

O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: START_PAGE_URL=http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=presario&pf=laptop

O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab

O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} -

O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} (MUCatalogWebControl Class) - http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1246076119625

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6087.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1195712640453

O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} (Java Plug-in 1.6.0_14) -

O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} (Java Plug-in 1.6.0_15) -

O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - http://www.symantec.com/techsupp/asa/ctrl/SymAData.cab

O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll

O20 - AppInit_DLLs: binuvete.dll c:\windows\system32\muvetuvo.dll c:\windows\system32\nudewolu.dll c:\windows\system32\pumotozi.dll c:\windows\system32\tobamiwo.dll c:\windows\system32\telonapi.dll

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

O21 - SSODL: mebokileg - {00e72e38-0b35-47e4-b227-148fb079e63b} - c:\windows\system32\nudewolu.dll (file missing)

O21 - SSODL: mezeyomaz - {cf4cf8bf-0115-4dcf-b490-ceed73bad989} - c:\windows\system32\nudewolu.dll (file missing)

O21 - SSODL: dobigodop - {d439027e-50d1-489d-98d6-25693f7f7291} - c:\windows\system32\pumotozi.dll (file missing)

O21 - SSODL: gafodalol - {8f0f85b0-fc7a-44fd-8b85-32e25c768385} - c:\windows\system32\tobamiwo.dll (file missing)

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: mujuzedij - {00e72e38-0b35-47e4-b227-148fb079e63b} - c:\windows\system32\nudewolu.dll (file missing)

O22 - SharedTaskScheduler: mujuzedij - {cf4cf8bf-0115-4dcf-b490-ceed73bad989} - c:\windows\system32\nudewolu.dll (file missing)

O22 - SharedTaskScheduler: jugezatag - {d439027e-50d1-489d-98d6-25693f7f7291} - c:\windows\system32\pumotozi.dll (file missing)

O22 - SharedTaskScheduler: tokatiluy - {8f0f85b0-fc7a-44fd-8b85-32e25c768385} - c:\windows\system32\tobamiwo.dll (file missing)

O23 - Service: Apache2.2 - Apache Software Foundation - C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)

O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe

O23 - Service: McAfee Personal Firewall (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe

O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe

O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe

O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe

O23 - Service: McAfee Personal Firewall Service (MpfService) - Unknown owner - C:\Program Files\McAfee\MPF\MPFSrv.exe (file missing)

O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

 

--

End of file - 16251 bytes

 

** DOS.txt **

 

DDS (Ver_10-03-17.01) - NTFSx86

Run by Stan Beson at 19:56:09.34 on Sat 06/05/2010

Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_20

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.211 [GMT -7:00]

 

AV: Security Guard *On-access scanning enabled* (Updated) {15963F2F-11E0-41F4-9077-8648C685CC01}

AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}

FW: Security Guard *enabled* {B0BB15C4-0E0D-49F9-B1A7-9BE247C8F539}

FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

 

============== Running Processes ===============

 

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe

C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

C:\Program Files\McAfee\SiteAdvisor\McSACore.exe

C:\Program Files\Common Files\Motive\McciCMService.exe

C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe

C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe

C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\WINDOWS\Explorer.EXE

c:\PROGRA~1\mcafee.com\agent\mcagent.exe

C:\WINDOWS\system32\igfxtray.exe

C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\AT&T\Internet Security Wizard\ISW.exe

C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\HPQ\SHARED\HPQWMI.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe

C:\WINDOWS\system32\rundll32.exe

C:\Documents and Settings\Stan Beson\Desktop\dds.scr

 

============== Pseudo HJT Report ===============

 

uStart Page = about:blank

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=presario&pf=laptop

mDefault_Search_URL = hxxp://www.google.com/ie

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mSearchAssistant = hxxp://www.google.com/ie

uURLSearchHooks: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll

BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll

BHO: {6a2025e6-a562-4884-ac76-c1d75533a67a} - gahiboru.dll

BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20100604222733.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar4.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll

BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar4.dll

TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll

TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File

EB: &Research: {ff059e31-cc5a-4e2e-bf3b-96e929d65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet

uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [soundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe

mRun: [soundMAX] c:\program files\analog devices\soundmax\Smax4.exe /tray

mRun: [AGRSMMSG] AGRSMMSG.exe

mRun: [Apoint] c:\program files\apoint2k\Apoint.exe

mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe

mRun: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe

mRun: [eabconfg.cpl] c:\program files\hpq\quick launch buttons\EabServr.exe /Start

mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe

mRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup

mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

mRun: [symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [iSW.exe] "c:\program files\at&t\internet security wizard\ISW.exe" /AUTORUN

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui

dRun: [security Guard] "c:\documents and settings\all users\application data\a656eba\SGa656.exe" /s /d

StartupFolder: c:\docume~1\stanbe~1\startm~1\programs\startup\automa~1.lnk - c:\troopmaster software\automailer\AutoMailer.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 5.0\distillr\AcroTray.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\monito~1.lnk - c:\program files\apache software foundation\apache2.2\bin\ApacheMonitor.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL

DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/OAS/ActiveX/MSDcode.cab

DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A}

DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - hxxp://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab

DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll

DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1246076119625

DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6087.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1195712640453

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - hxxp://www.symantec.com/techsupp/asa/ctrl/SymAData.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL

Notify: igfxcui - igfxsrvc.dll

AppInit_DLLs: binuvete.dll c:\windows\system32\muvetuvo.dll c:\windows\system32\nudewolu.dll c:\windows\system32\pumotozi.dll c:\windows\system32\tobamiwo.dll c:\windows\system32\telonapi.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SSODL: mebokileg - {00e72e38-0b35-47e4-b227-148fb079e63b} - c:\windows\system32\nudewolu.dll

SSODL: mezeyomaz - {cf4cf8bf-0115-4dcf-b490-ceed73bad989} - c:\windows\system32\nudewolu.dll

SSODL: dobigodop - {d439027e-50d1-489d-98d6-25693f7f7291} - c:\windows\system32\pumotozi.dll

SSODL: gafodalol - {8f0f85b0-fc7a-44fd-8b85-32e25c768385} - c:\windows\system32\tobamiwo.dll

STS: mujuzedij: {00e72e38-0b35-47e4-b227-148fb079e63b} - c:\windows\system32\nudewolu.dll

STS: mujuzedij: {cf4cf8bf-0115-4dcf-b490-ceed73bad989} - c:\windows\system32\nudewolu.dll

STS: jugezatag: {d439027e-50d1-489d-98d6-25693f7f7291} - c:\windows\system32\pumotozi.dll

STS: tokatiluy: {8f0f85b0-fc7a-44fd-8b85-32e25c768385} - c:\windows\system32\tobamiwo.dll

SEH: Eudora's Shell Extension: {edb0e980-90bd-11d4-8599-0008c7d3b6f8} - c:\program files\qualcomm\eudora\EuShlExt.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

LSA: Notification Packages = scecli binuvete.dll

IFEO: image file execution options - svchost.exe

 

================= FIREFOX ===================

 

FF - ProfilePath - c:\docume~1\stanbe~1\applic~1\mozilla\firefox\profiles\qlwmisxj.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q=

FF - prefs.js: browser.startup.homepage -

FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll

FF - plugin: c:\documents and settings\stan beson\application data\mozilla\firefox\profiles\qlwmisxj.default\extensions\[email protected]\platform\winnt_x86-msvc\plugins\npmnqmp071303000006.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll

 

---- FIREFOX POLICIES ----

FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

 

============= SERVICES / DRIVERS ===============

 

R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-4-28 385880]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-4-25 164048]

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-4-11 82952]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]

R2 Apache2.2;Apache2.2;c:\program files\apache software foundation\apache2.2\bin\httpd.exe [2009-8-6 24645]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-4-25 19024]

R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-4-25 40384]

R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2010-4-11 93320]

R2 McMPFSvc;McAfee Personal Firewall;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-4-11 271480]

R2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-4-11 271480]

R2 McProxy;McAfee Proxy Service;"c:\program files\common files\mcafee\mcsvchost\McSvHost.exe" /McCoreSvc [2010-4-11 271480]

R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-4-28 170144]

R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-4-28 188136]

R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-4-28 141792]

R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-4-25 40384]

R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-4-25 40384]

R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-4-11 55456]

R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-4-11 152320]

R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-4-11 51688]

R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-4-11 312616]

R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010-4-11 88480]

S0 ltiu;ltiu;c:\windows\system32\drivers\vtuijpwj.sys --> c:\windows\system32\drivers\vtuijpwj.sys [?]

S2 pciinfo;HP Pci Information;\??\c:\docume~1\stanbe~1\locals~1\temp\hpispz\hpdom\pciinfo.sys --> c:\docume~1\stanbe~1\locals~1\temp\hpispz\hpdom\pciinfo.sys [?]

S3 HPEWSFXBULK;HPEWSFXBULK;c:\windows\system32\drivers\hpfxbulk.sys [2009-12-4 17432]

S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\1c3.tmp --> c:\windows\system32\1C3.tmp [?]

S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-4-11 88480]

S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-4-11 83496]

S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-6-20 34248]

S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-6-20 40552]

S3 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-4-3 1251720]

 

=============== Created Last 30 ================

 

2010-06-05 16:44:37 0 d-----w- c:\program files\Trend Micro

2010-06-04 16:28:03 0 d-----w- c:\docume~1\stanbe~1\applic~1\SUPERAntiSpyware.com

2010-06-04 16:28:03 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com

2010-06-04 16:27:44 0 d-----w- c:\program files\SUPERAntiSpyware

2010-05-31 18:12:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-05-31 18:12:34 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-05-31 18:12:33 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-05-25 17:57:13 1409 ----a-w- c:\windows\QTFont.for

2010-05-25 17:57:12 54156 ---ha-w- c:\windows\QTFont.qfn

2010-05-13 03:05:25 3254 ----a-w- c:\windows\system32\wbem\Outlook_01caf24921e170fc.mof

 

==================== Find3M ====================

 

2010-04-28 00:16:24 95568 ----a-w- c:\windows\system32\drivers\mfeapfk.sys

2010-04-28 00:16:24 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys

2010-04-28 00:16:24 88480 ----a-w- c:\windows\system32\drivers\mfendisk.sys

2010-04-28 00:16:24 83496 ----a-w- c:\windows\system32\drivers\mferkdet.sys

2010-04-28 00:16:24 82952 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys

2010-04-28 00:16:24 55456 ----a-w- c:\windows\system32\drivers\cfwids.sys

2010-04-28 00:16:24 51688 ----a-w- c:\windows\system32\drivers\mfebopk.sys

2010-04-28 00:16:24 385880 ----a-w- c:\windows\system32\drivers\mfehidk.sys

2010-04-28 00:16:24 312616 ----a-w- c:\windows\system32\drivers\mfefirek.sys

2010-04-28 00:16:24 152320 ----a-w- c:\windows\system32\drivers\mfeavfk.sys

2010-04-22 20:45:23 161581 ----a-w- c:\windows\fonts\AdobeFnt.lst

2010-04-20 15:03:48 411368 ----a-w- c:\windows\system32\deployJava1.dll

2010-04-15 03:55:19 361600 ----a-w- c:\windows\system32\drivers\tcpip.sys

2010-04-15 03:55:19 361600 ----a-w- c:\windows\system32\dllcache\tcpip.sys

2008-05-25 00:33:09 2725048 ----a-w- c:\program files\FLV PlayerFCSetup.exe

 

============= FINISH: 19:58:17.60 ===============

 

** Attach.txt **

 

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

 

DDS (Ver_10-03-17.01)

 

Microsoft Windows XP Home Edition

Boot Device: \Device\HarddiskVolume1

Install Date: 3/26/2006 6:43:58 AM

System Uptime: 6/5/2010 6:25:32 PM (1 hours ago)

 

Motherboard: Hewlett-Packard | | 309D

Processor: Intel® Pentium® M processor 1.60GHz | U1 | 1596/400mhz

 

==== Disk Partitions =========================

 

C: is FIXED (NTFS) - 56 GiB total, 10.692 GiB free.

D: is CDROM ()

 

==== Disabled Device Manager Items =============

 

==== System Restore Points ===================

 

RP654: 3/8/2010 8:10:56 AM - System Checkpoint

RP655: 3/12/2010 11:37:58 AM - System Checkpoint

RP656: 3/14/2010 4:22:49 PM - System Checkpoint

RP657: 3/15/2010 7:38:39 PM - System Checkpoint

RP658: 3/19/2010 2:51:07 PM - System Checkpoint

RP659: 3/21/2010 4:36:48 PM - System Checkpoint

RP660: 3/23/2010 10:33:19 AM - System Checkpoint

RP661: 3/24/2010 9:56:02 PM - System Checkpoint

RP662: 3/26/2010 6:59:22 PM - System Checkpoint

RP663: 3/31/2010 7:49:02 PM - System Checkpoint

RP664: 4/2/2010 10:05:13 AM - System Checkpoint

RP665: 4/3/2010 6:00:10 PM - System Checkpoint

RP666: 4/4/2010 6:29:10 PM - System Checkpoint

RP667: 4/7/2010 10:11:14 PM - System Checkpoint

RP668: 4/8/2010 11:04:05 PM - System Checkpoint

RP669: 4/11/2010 3:14:53 PM - System Checkpoint

RP670: 4/13/2010 11:10:57 AM - System Checkpoint

RP671: 4/15/2010 9:46:18 AM - System Checkpoint

RP672: 4/16/2010 10:47:20 PM - Removed Ad-Aware Email Scanner for Outlook

RP673: 4/17/2010 11:06:01 PM - System Checkpoint

RP674: 4/19/2010 11:34:20 AM - System Checkpoint

RP675: 4/20/2010 8:02:35 AM - Removed Java 6 Update 13

RP676: 4/20/2010 8:03:36 AM - Installed Java 6 Update 20

RP677: 4/22/2010 10:03:20 AM - System Checkpoint

RP678: 4/24/2010 12:27:48 AM - System Checkpoint

RP679: 4/25/2010 3:35:03 PM - avast! Free Antivirus Setup

RP680: 4/29/2010 9:07:48 AM - System Checkpoint

RP681: 4/30/2010 5:52:28 PM - System Checkpoint

RP682: 5/1/2010 6:49:31 PM - System Checkpoint

RP683: 5/3/2010 11:39:08 AM - System Checkpoint

RP684: 5/7/2010 7:22:18 PM - System Checkpoint

RP685: 5/9/2010 7:44:29 PM - System Checkpoint

RP686: 5/13/2010 8:38:18 AM - System Checkpoint

RP687: 5/14/2010 8:11:56 PM - System Checkpoint

RP688: 5/17/2010 9:42:29 AM - System Checkpoint

RP689: 5/20/2010 2:07:05 AM - System Checkpoint

RP690: 5/21/2010 8:23:30 PM - System Checkpoint

RP691: 5/23/2010 1:59:16 PM - System Checkpoint

RP692: 5/25/2010 9:52:04 PM - System Checkpoint

RP693: 5/28/2010 12:15:44 AM - System Checkpoint

RP694: 5/30/2010 5:15:44 PM - System Checkpoint

RP695: 6/1/2010 10:31:04 PM - System Checkpoint

RP696: 6/4/2010 7:45:38 AM - System Checkpoint

RP697: 6/5/2010 7:49:08 AM - System Checkpoint

RP698: 6/5/2010 9:44:33 AM - Installed HiJackThis

 

==== Installed Programs ======================

 

32 Bit HP CIO Components Installer

Absolute Beginner's Series SQL Lesson 1

Absolute Beginner's Series SQL Lesson 2

Absolute Beginner's Series SQL Lesson 3

Absolute Beginner's Series SQL Lesson 4

ActiveState Komodo Edit 5.0.3

Adobe Acrobat 5.0

Adobe Flash Player 10 ActiveX

Adobe Flash Player 10 Plugin

Adobe Reader 7.0.5 Language Support

Adobe Reader 7.1.0

Agere Systems AC'97 Modem

ALPS Touch Pad Driver

Apache HTTP Server 2.2.13

Apple Mobile Device Support

Apple Software Update

Applian FLV Player

AT&T Internet Security Wizard 1.5.11

AT&T Toolbar

ATT-HSI

avast! Free Antivirus

Bonjour

Canon MP Navigator EX 1.0

Canon MX310 series

Character Set Converter 1.01

Critical Update for Windows Media Player 11 (KB959772)

Easy Internet Sign-up

Eudora

GDR 4053 for SQL Server Tools and Workstation Components 2005 ENU (KB970892)

GNU Privacy Guard

Google Toolbar for Internet Explorer

Google Video Player

GoToMeeting/GoToWebinar 3.0.0.198

HiJackThis

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Format SDK (KB902344)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB915800-v4)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB970653-v3)

Hotfix for Windows XP (KB976098-v2)

Hotfix for Windows XP (KB979306)

HP Help and Support

HP Update

HP Wireless Assistant 1.01 B2

HP_User_Guides_0005

HpSdpAppCoreApp

Intel® Graphics Media Accelerator Driver for Mobile

InterVideo WinDVD

Ipswitch WS_FTP Home 2007

iTunes

J2SE Runtime Environment 5.0 Update 4

J2SE Runtime Environment 5.0 Update 9

Java Auto Updater

Java 6 Update 20

Java 6 Update 5

Java 6 Update 7

LightScribe 1.4.31.1

LiveUpdate Notice (Symantec Corporation)

Malwarebytes' Anti-Malware

McAfee Internet Security

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Hotfix (KB928366)

Microsoft Base Smart Card Cryptographic Service Provider Package

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Money 2005

Microsoft MSDN 2005 Express Edition - ENU

Microsoft Office 2007 Service Pack 2 (SP2)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Professional 2007

Microsoft Office Professional 2007 Trial

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Standard Edition 2003

Microsoft Office Word MUI (English) 2007

Microsoft Software Update for Web Folders (English) 12

Microsoft SQL Server 2000 Sample Database Scripts

Microsoft SQL Server 2005

Microsoft SQL Server 2005 Books Online (English) (May 2007)

Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)

Microsoft SQL Server 2005 Tools Express Edition

Microsoft SQL Server Management Studio Express

Microsoft SQL Server Native Client

Microsoft SQL Server Setup Support Files (English)

Microsoft SQL Server VSS Writer

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual Basic 2005 Express Edition - ENU

Microsoft Visual Basic 2005 Express Edition - ENU Service Pack 1 (KB926747)

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Express Edition - ENU

Microsoft Visual C++ 2005 Express Edition - ENU Service Pack 1 (KB926748)

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual Web Developer 2005 Express Edition - ENU

Microsoft Visual Web Developer 2005 Express Edition - ENU Service Pack 1 (KB926751)

Microsoft Works

Move Networks Media Player for Internet Explorer

Mozilla Firefox (3.6.3)

MSXML 4.0 SP2 (KB927978)

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MSXML 6.0 Parser (KB933579)

muvee autoProducer 4.0 - SE

MySQL Server 5.0

Norton 360

program3

Quick Launch Buttons 5.10 B5

QuickTime

Rhapsody Player Engine

Security Update for 2007 Microsoft Office System (KB969559)

Security Update for 2007 Microsoft Office System (KB973704)

Security Update for Microsoft Office Excel 2007 (KB973593)

Security Update for Microsoft Office Outlook 2007 (KB972363)

Security Update for Microsoft Office PowerPoint 2007 (KB957789)

Security Update for Microsoft Office Publisher 2007 (KB969693)

Security Update for Microsoft Office system 2007 (972581)

Security Update for Microsoft Office system 2007 (KB969613)

Security Update for Microsoft Office system 2007 (KB974234)

Security Update for Microsoft Office Visio Viewer 2007 (KB973709)

Security Update for Microsoft Office Word 2007 (KB969604)

Security Update for Microsoft Visual C++ 2005 Express Edition - ENU (KB971090)

Security Update for Step By Step Interactive Training (KB898458)

Security Update for Step By Step Interactive Training (KB923723)

Security Update for Windows Media Player (KB911564)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB968816)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player 10 (KB911565)

Security Update for Windows Media Player 10 (KB917734)

Security Update for Windows Media Player 10 (KB936782)

Security Update for Windows Media Player 11 (KB936782)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows Media Player 6.4 (KB925398)

Security Update for Windows Search 4 - KB963093

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923689)

Security Update for Windows XP (KB938464)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950759)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951066)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951698)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB953838)

Security Update for Windows XP (KB953839)

Security Update for Windows XP (KB954211)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB954600)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956390)

Security Update for Windows XP (KB956391)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956841)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB957095)

Security Update for Windows XP (KB957097)

Security Update for Windows XP (KB958215)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958687)

Security Update for Windows XP (KB958690)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960714)

Security Update for Windows XP (KB960715)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961371)

Security Update for Windows XP (KB961373)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB963027)

Security Update for Windows XP (KB968537)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB969897)

Security Update for Windows XP (KB969898)

Security Update for Windows XP (KB969947)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971486)

Security Update for Windows XP (KB971557)

Security Update for Windows XP (KB971633)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB972260)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973346)

Security Update for Windows XP (KB973354)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973525)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974455)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB976325)

Security Update for Windows XP (KB977165)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978251)

Security Update for Windows XP (KB9

Edited by StanB

Share this post


Link to post
Share on other sites

1 Can you go to C:\windows\system32\drivers\etc en open the file hosts with notepad, post the contents here. In this file you can set where you want websites to go to, for example you can set pcpitstop.com to go to whatever.com.

 

2 IE is now at version 8, you should normally always update to the last version (although updating won't fix the issue).

Share this post


Link to post
Share on other sites

1 Can you go to C:\windows\system32\drivers\etc en open the file hosts with notepad, post the contents here. In this file you can set where you want websites to go to, for example you can set pcpitstop.com to go to whatever.com.

 

Thanks for the reply.

 

** Start of C:\WINDOWS\System32\drivers\etc\hosts **

 

# Copyright © 1993-1999 Microsoft Corp.

#

# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.

#

# This file contains the mappings of IP addresses to host names. Each

# entry should be kept on an individual line. The IP address should

# be placed in the first column followed by the corresponding host name.

# The IP address and the host name should be separated by at least one

# space.

#

# Additionally, comments (such as these) may be inserted on individual

# lines or following the machine name denoted by a '#' symbol.

#

# For example:

#

# 102.54.94.97 rhino.acme.com # source server

# 38.25.63.10 x.acme.com # x client host

 

127.0.0.1 localhost

 

** End of C:\WINDOWS\System32\drivers\etc\hosts **

 

2 IE is now at version 8, you should normally always update to the last version (although updating won't fix the issue).

 

I mostly use Firefox on this computer. I use IE to test browser compatibility of web pages. That is why I have not updated the program. My other computer has the current version of IE.

Share this post


Link to post
Share on other sites

Hi and welcome

 

 

 

I see McAfee, Symantec/Norton. and avast! Antivirus.

Need to get this computer down to just 1 antivirus or we're stuck with conflicts and errors, nor will tools we need to run work.

Take care of this first before attempting further instructions.

 

 

Look in your add/remove programs list, and if found remove Security Guard. If you can't locate it don't worry, just continue.

 

 

 

 

 

Open HijackThis, Click Do a system scan only, checkmark these. Then close all other windows and browsers except HijackThis and press fix checked.

 

 

O2 - BHO: (no name) - {6a2025e6-a562-4884-ac76-c1d75533a67a} - gahiboru.dll (file missing)

O4 - HKUS\S-1-5-18\..\Run: [security Guard] "C:\Documents and Settings\All Users\Application Data\a656eba\SGa656.exe" /s /d (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [security Guard] "C:\Documents and Settings\All Users\Application Data\a656eba\SGa656.exe" /s /d (User 'Default user')

O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} (Java Plug-in 1.6.0_14) -

O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} (Java Plug-in 1.6.0_15) -

O20 - AppInit_DLLs: binuvete.dll c:\windows\system32\muvetuvo.dll c:\windows\system32\nudewolu.dll c:\windows\system32\pumotozi.dll c:\windows\system32\tobamiwo.dll c:\windows\system32\telonapi.dll

O21 - SSODL: mebokileg - {00e72e38-0b35-47e4-b227-148fb079e63b} - c:\windows\system32\nudewolu.dll (file missing)

O21 - SSODL: mezeyomaz - {cf4cf8bf-0115-4dcf-b490-ceed73bad989} - c:\windows\system32\nudewolu.dll (file missing)

O21 - SSODL: dobigodop - {d439027e-50d1-489d-98d6-25693f7f7291} - c:\windows\system32\pumotozi.dll (file missing)

O21 - SSODL: gafodalol - {8f0f85b0-fc7a-44fd-8b85-32e25c768385} - c:\windows\system32\tobamiwo.dll (file missing)

 

O22 - SharedTaskScheduler: mujuzedij - {00e72e38-0b35-47e4-b227-148fb079e63b} - c:\windows\system32\nudewolu.dll (file missing)

O22 - SharedTaskScheduler: mujuzedij - {cf4cf8bf-0115-4dcf-b490-ceed73bad989} - c:\windows\system32\nudewolu.dll (file missing)

O22 - SharedTaskScheduler: jugezatag - {d439027e-50d1-489d-98d6-25693f7f7291} - c:\windows\system32\pumotozi.dll (file missing)

O22 - SharedTaskScheduler: tokatiluy - {8f0f85b0-fc7a-44fd-8b85-32e25c768385} - c:\windows\system32\tobamiwo.dll (file missing)

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

Download OTM by OldTimer Here & save it to your desktop.

  • Double click on OTM.exe to run it
  • Copy & paste the contents inside the Code box below beginning with :Files into --->> Paste Instructions for Items to be Moved
Note: Do not type it out to minimize the risk of typo error

:Files
c:\windows\system32\nudewolu.dll
c:\windows\system32\pumotozi.dll
c:\windows\system32\tobamiwo.dll
c:\windows\system32\drivers\vtuijpwj.sys
:reg
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"="" 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"Notification Packages"=hex(7):73,63,65,63,6c,69,00,00
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Security Guard"=-
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Security Guard"=-
:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[EMPTYFLASH]
[Reboot]
  • Click on MoveIt!
  • When done, click on Exit
Note: If a file or folder can't be moved immediately, you may be asked to restart your computer. Choose Yes.

A log will be produced at C:\_OTM\MovedFiles\date_time.log, where date_time are numbers. Post this log in your next reply.

 

 

 

In your next reply post:

OTM log

new DDS.txt

 

 

give me an update as to how the computer is acting now.

Share this post


Link to post
Share on other sites

Hi and welcome

 

I see McAfee, Symantec/Norton. and avast! Antivirus.

Need to get this computer down to just 1 antivirus or we're stuck with conflicts and errors, nor will tools we need to run work.

Take care of this first before attempting further instructions.

 

Look in your add/remove programs list, and if found remove Security Guard. If you can't locate it don't worry, just continue.

 

Thanks for the reply. I have removed McAfee using Add or Remove Programs.

 

If I remember correctly, I uninstalled Symantec/Norton using Add or Remove Programs about a year ago, before I installed McAfee. In any event, Symantec/Norton is not in the Add or Remove Programs list now. There is still a "Norton 360" folder in the C:\Program Files directory, but the only two files in the folder are url.txt and urlhistory.txt.

 

What do I need to do to remove Symantec/Norton completely?

 

Also Security Guard is not in the Add or Remove Programs list.

Share this post


Link to post
Share on other sites

The two problems are still here.

 

I tried a Google search using Firefox and it was redirected to eyesmd.com and then a few seconds later redirected to 68.169.84.155.

 

I can not access Windows Update. When I copied the URL from IE to Firefox, I got the following message. "The connection to the server was reset while the page was loading."

 

The OTM log and new DDS.txt are included below.

 

** 06082010_072951.log **

 

All processes killed

========== FILES ==========

File/Folder c:\windows\system32\nudewolu.dll not found.

File/Folder c:\windows\system32\pumotozi.dll not found.

File/Folder c:\windows\system32\tobamiwo.dll not found.

File/Folder c:\windows\system32\drivers\vtuijpwj.sys not found.

========== REGISTRY ==========

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows\\"AppInit_DLLs"|"" /E : value set successfully!

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\"Notification Packages"|hex(7):73,63,65,63,6c,69,00,00 /E : value set successfully!

Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Security Guard not found.

Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Security Guard not found.

========== COMMANDS ==========

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

 

[EMPTYTEMP]

 

User: Administrator

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 32902 bytes

 

User: All Users

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 32768 bytes

 

User: LocalService

->Temp folder emptied: 65984 bytes

->Temporary Internet Files folder emptied: 5750034 bytes

 

User: NetworkService

->Temp folder emptied: 1867776 bytes

->Temporary Internet Files folder emptied: 26142759 bytes

->Flash cache emptied: 8590 bytes

 

User: PHP

->Temp folder emptied: 2020 bytes

->Temporary Internet Files folder emptied: 34349 bytes

->FireFox cache emptied: 10735480 bytes

->Flash cache emptied: 405 bytes

 

User: Stan Beson

->Temp folder emptied: 211088252 bytes

->Temporary Internet Files folder emptied: 13559227 bytes

->Java cache emptied: 83580034 bytes

->FireFox cache emptied: 78945239 bytes

->Flash cache emptied: 1201923 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 19569 bytes

%systemroot%\System32 .tmp files removed: 22333969 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 49006539 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 70078 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 481.00 mb

 

Restore point Set: OTM Restore Point (0)

 

OTM by OldTimer - Version 3.1.12.2 log created on 06082010_072951

 

Files moved on Reboot...

File C:\Documents and Settings\NetworkService\Local Settings\Temp\Perflib_Perfdata_100.dat not found!

File move failed. C:\WINDOWS\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

 

Registry entries deleted on Reboot...

 

** DDS.txt **

 

DDS (Ver_10-03-17.01) - NTFSx86

Run by Stan Beson at 7:41:46.37 on Tue 06/08/2010

Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_20

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.130 [GMT -7:00]

 

AV: Security Guard *On-access scanning enabled* (Updated) {15963F2F-11E0-41F4-9077-8648C685CC01}

AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

FW: Security Guard *enabled* {B0BB15C4-0E0D-49F9-B1A7-9BE247C8F539}

 

============== Running Processes ===============

 

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\System32\svchost.exe -k HTTPFilter

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

C:\Program Files\Common Files\Motive\McciCMService.exe

C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\SearchIndexer.exe

C:\Program Files\Apache Software Foundation\Apache2.2\bin\httpd.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\igfxtray.exe

C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe

C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe

C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\AT&T\Internet Security Wizard\ISW.exe

C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe

C:\Program Files\Messenger\msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\HPQ\SHARED\HPQWMI.exe

C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

C:\Program Files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

C:\Documents and Settings\Stan Beson\Desktop\dds.scr

 

============== Pseudo HJT Report ===============

 

uStart Page = about:blank

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q405&bd=presario&pf=laptop

mDefault_Search_URL = hxxp://www.google.com/ie

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mSearchAssistant = hxxp://www.google.com/ie

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar4.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg.dll

BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar4.dll

TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File

EB: &Research: {ff059e31-cc5a-4e2e-bf3b-96e929d65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet

uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe

uRun: [McAfee Update] c:\docume~1\stanbe~1\locals~1\temp\mcupdate_1275973752.exe /syncfin c:\docume~1\stanbe~1\locals~1\temp\mcupdate_1275973753.ini

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [soundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe

mRun: [soundMAX] c:\program files\analog devices\soundmax\Smax4.exe /tray

mRun: [AGRSMMSG] AGRSMMSG.exe

mRun: [Apoint] c:\program files\apoint2k\Apoint.exe

mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe

mRun: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe

mRun: [eabconfg.cpl] c:\program files\hpq\quick launch buttons\EabServr.exe /Start

mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe

mRun: [iSUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup

mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

mRun: [symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [iSW.exe] "c:\program files\at&t\internet security wizard\ISW.exe" /AUTORUN

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui

StartupFolder: c:\docume~1\stanbe~1\startm~1\programs\startup\automa~1.lnk - c:\troopmaster software\automailer\AutoMailer.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 5.0\distillr\AcroTray.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\monito~1.lnk - c:\program files\apache software foundation\apache2.2\bin\ApacheMonitor.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL

DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/OAS/ActiveX/MSDcode.cab

DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A}

DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - hxxp://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab

DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll

DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1246076119625

DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6087.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1195712640453

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} - hxxp://www.symantec.com/techsupp/asa/ctrl/SymAData.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL

Notify: igfxcui - igfxsrvc.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Eudora's Shell Extension: {edb0e980-90bd-11d4-8599-0008c7d3b6f8} - c:\program files\qualcomm\eudora\EuShlExt.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

IFEO: image file execution options - svchost.exe

 

================= FIREFOX ===================

 

FF - ProfilePath - c:\docume~1\stanbe~1\applic~1\mozilla\firefox\profiles\qlwmisxj.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q=

FF - prefs.js: browser.startup.homepage -

FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll

FF - plugin: c:\documents and settings\stan beson\application data\mozilla\firefox\profiles\qlwmisxj.default\extensions\[email protected]\platform\winnt_x86-msvc\plugins\npmnqmp071303000006.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll

 

---- FIREFOX POLICIES ----

FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

 

============= SERVICES / DRIVERS ===============

 

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-4-25 164048]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-5-10 67656]

R2 Apache2.2;Apache2.2;c:\program files\apache software foundation\apache2.2\bin\httpd.exe [2009-8-6 24645]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-4-25 19024]

R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-4-25 40384]

R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-4-25 40384]

R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-4-25 40384]

S0 ltiu;ltiu;c:\windows\system32\drivers\vtuijpwj.sys --> c:\windows\system32\drivers\vtuijpwj.sys [?]

S2 pciinfo;HP Pci Information;\??\c:\docume~1\stanbe~1\locals~1\temp\hpispz\hpdom\pciinfo.sys --> c:\docume~1\stanbe~1\locals~1\temp\hpispz\hpdom\pciinfo.sys [?]

S3 HPEWSFXBULK;HPEWSFXBULK;c:\windows\system32\drivers\hpfxbulk.sys [2009-12-4 17432]

S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\1c3.tmp --> c:\windows\system32\1C3.tmp [?]

S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-6-20 34248]

S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-6-20 40552]

S3 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2006-4-3 1251720]

 

=============== Created Last 30 ================

 

2010-06-08 14:29:51 0 d-----w- C:\_OTM

2010-06-05 16:44:37 0 d-----w- c:\program files\Trend Micro

2010-06-04 16:28:03 0 d-----w- c:\docume~1\stanbe~1\applic~1\SUPERAntiSpyware.com

2010-06-04 16:28:03 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com

2010-06-04 16:27:44 0 d-----w- c:\program files\SUPERAntiSpyware

2010-05-31 18:12:38 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-05-31 18:12:34 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-05-31 18:12:33 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-05-25 17:57:13 1409 ----a-w- c:\windows\QTFont.for

2010-05-25 17:57:12 54156 ---ha-w- c:\windows\QTFont.qfn

2010-05-13 03:05:25 3254 ----a-w- c:\windows\system32\wbem\Outlook_01caf24921e170fc.mof

 

==================== Find3M ====================

 

2010-04-22 20:45:23 161581 ----a-w- c:\windows\fonts\AdobeFnt.lst

2010-04-20 15:03:48 411368 ----a-w- c:\windows\system32\deployJava1.dll

2010-04-15 03:55:19 361600 ----a-w- c:\windows\system32\drivers\tcpip.sys

2010-04-15 03:55:19 361600 ----a-w- c:\windows\system32\dllcache\tcpip.sys

2008-05-25 00:33:09 2725048 ----a-w- c:\program files\FLV PlayerFCSetup.exe

 

============= FINISH: 7:43:14.81 ===============

 

I don't know if it will help you or not, but I deleted C:\Documents and Settings\All Users\Application Data\a656eba\SGa656.exe several weeks ago when I first noticed this problem.

 

Thanks for your assistance.

Share this post


Link to post
Share on other sites

Download ComboFix from either of these locations:

Link 1

Link 2

 

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

 

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here

AVAST

Right click on the avast! icon in system tray (looks like this: Posted Image) and choose (Stop On-Access Protection)

 

  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

 

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

 

Posted Image

 

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

 

  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Notes:

1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.

 

 

Extra note: After you have installed the Recovery Console - if you reboot your computer, right after reboot, you'll see the option for the Recovery Console now as well.

Don't select to run the Recovery Console as we don't need it.

By default, your main OS is selected there. The screen stays for 2 seconds and then it proceeds to load Windows.

 

 

 

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

 

If there are internet issues afterward:

 

*In IE: Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.

 

In Firefox in Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection and uncheck the proxyserver, set it to No Proxy.

 

 

 

 

You may need several replies to post the requested logs, otherwise they might get cut off.

Share this post


Link to post
Share on other sites

** ComboFix.txt **

 

ComboFix 10-06-08.02 - Stan Beson 06/08/2010 15:35:14.1.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.196 [GMT -7:00]

Running from: c:\documents and settings\Stan Beson\Desktop\ComboFix.exe

AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\documents and settings\Stan Beson\g2mdlhlpx.exe

c:\documents and settings\Stan Beson\Recent\ANTIGEN.sys

c:\documents and settings\Stan Beson\Recent\DBOLE.tmp

c:\documents and settings\Stan Beson\Recent\delfile.sys

c:\documents and settings\Stan Beson\Recent\eb.tmp

c:\documents and settings\Stan Beson\Recent\exec.drv

c:\documents and settings\Stan Beson\Recent\exec.sys

c:\documents and settings\Stan Beson\Recent\fix.drv

c:\documents and settings\Stan Beson\Recent\kernel32.exe

c:\documents and settings\Stan Beson\Recent\kernel32.tmp

c:\documents and settings\Stan Beson\Recent\PE.drv

c:\documents and settings\Stan Beson\Recent\PE.sys

c:\documents and settings\Stan Beson\Recent\ppal.dll

c:\documents and settings\Stan Beson\Recent\ppal.tmp

c:\documents and settings\Stan Beson\Recent\runddlkey.sys

c:\documents and settings\Stan Beson\Recent\SICKBOY.exe

c:\documents and settings\Stan Beson\Recent\SM.exe

c:\documents and settings\Stan Beson\Recent\std.sys

c:\documents and settings\Stan Beson\Recent\tjd.tmp

c:\program files\Mozilla Firefox\searchplugins\search.xml

c:\windows\Downloaded Program Files\ODCTOOLS

c:\windows\Tasks\cszsfqcj.job

 

Infected copy of c:\windows\system32\drivers\tcpip.sys was found and disinfected

Restored copy from - Kitty had a snack :P

.

((((((((((((((((((((((((( Files Created from 2010-05-08 to 2010-06-08 )))))))))))))))))))))))))))))))

.

 

2010-06-08 14:29 . 2010-06-08 14:29 -------- d-----w- C:\_OTM

2010-06-05 16:44 . 2010-06-05 16:44 -------- d-----w- c:\program files\Trend Micro

2010-06-04 16:28 . 2010-06-04 16:28 -------- d-----w- c:\documents and settings\Stan Beson\Application Data\SUPERAntiSpyware.com

2010-06-04 16:28 . 2010-06-04 16:28 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2010-06-04 16:27 . 2010-06-04 16:27 -------- d-----w- c:\program files\SUPERAntiSpyware

2010-05-31 18:12 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-05-31 18:12 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-05-31 18:12 . 2010-05-31 18:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-05-31 03:04 . 2010-05-31 17:18 -------- d-----w- c:\program files\Windows Live Safety Center

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-06-08 14:13 . 2008-06-21 00:02 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee

2010-06-08 05:20 . 2010-04-12 02:22 -------- d-----w- c:\program files\McAfee

2010-06-08 05:18 . 2010-04-12 02:23 -------- d-----w- c:\program files\Common Files\Mcafee

2010-06-07 23:31 . 2010-06-04 16:28 63488 ----a-w- c:\documents and settings\Stan Beson\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll

2010-06-07 23:30 . 2010-06-04 16:28 117760 ----a-w- c:\documents and settings\Stan Beson\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

2010-06-05 16:44 . 2010-06-05 16:44 388096 ----a-r- c:\documents and settings\Stan Beson\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2010-06-04 16:28 . 2010-06-04 16:28 52224 ----a-w- c:\documents and settings\Stan Beson\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll

2010-05-31 18:13 . 2010-04-11 23:02 -------- d-----w- c:\documents and settings\Stan Beson\Application Data\Malwarebytes

2010-05-31 18:12 . 2010-04-11 19:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-05-24 17:36 . 2010-05-24 17:36 503808 ----a-w- c:\documents and settings\Stan Beson\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-16100257-n\msvcp71.dll

2010-05-24 17:36 . 2010-05-24 17:36 499712 ----a-w- c:\documents and settings\Stan Beson\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-16100257-n\jmc.dll

2010-05-24 17:35 . 2010-05-24 17:35 12800 ----a-w- c:\documents and settings\Stan Beson\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-266e04a0-n\decora-d3d.dll

2010-05-24 17:35 . 2010-05-24 17:35 61440 ----a-w- c:\documents and settings\Stan Beson\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-266e04a0-n\decora-sse.dll

2010-05-24 17:35 . 2010-05-24 17:35 348160 ----a-w- c:\documents and settings\Stan Beson\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-16100257-n\msvcr71.dll

2010-05-22 03:34 . 2005-08-02 06:55 -------- d-----w- c:\program files\Easy Internet signup

2010-05-06 20:59 . 2010-04-25 22:35 165032 ----a-w- c:\windows\system32\aswBoot.exe

2010-05-06 20:39 . 2010-04-25 22:36 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2010-05-06 20:39 . 2010-04-25 22:36 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys

2010-05-06 20:34 . 2010-04-25 22:36 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2010-05-06 20:33 . 2010-04-25 22:36 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2010-05-06 20:33 . 2010-04-25 22:36 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys

2010-05-06 20:33 . 2010-04-25 22:36 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2010-05-06 20:33 . 2010-04-25 22:36 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2010-04-25 22:35 . 2010-04-25 22:35 -------- d-----w- c:\program files\Alwil Software

2010-04-25 22:35 . 2010-04-25 22:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software

2010-04-24 06:27 . 2010-04-24 06:27 -------- d-----w- c:\program files\Sophos

2010-04-20 15:05 . 2005-08-02 06:30 -------- d-----w- c:\program files\Common Files\Java

2010-04-20 15:03 . 2010-04-20 15:04 411368 ----a-w- c:\windows\system32\deployJava1.dll

2010-04-20 15:03 . 2005-08-02 06:30 -------- d-----w- c:\program files\Java

2010-04-17 05:50 . 2010-04-04 18:43 -------- d-----w- c:\program files\Lavasoft

2010-04-15 03:55 . 2004-08-04 08:00 361600 ----a-w- c:\windows\system32\drivers\tcpip.sys

2010-04-14 16:47 . 2010-04-25 22:35 38848 ----a-w- c:\windows\system32\avastSS.scr

2010-04-12 02:30 . 2009-06-20 09:15 -------- d-----w- c:\program files\SiteAdvisor

2010-04-11 18:25 . 2005-08-02 06:59 -------- d-----w- c:\program files\Google

2010-04-04 19:12 . 2010-04-04 19:13 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2008-05-25 00:33 . 2008-05-25 00:32 2725048 ----a-w- c:\program files\FLV PlayerFCSetup.exe

2009-06-17 06:27 . 2009-06-17 06:27 27976 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll

2009-06-17 06:27 . 2009-06-17 06:27 126360 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll

2009-06-17 06:27 . 2009-06-17 06:27 98712 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-01 68856]

"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-03-19 4363504]

"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-05-18 2397424]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-02-08 155648]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-02-08 126976]

"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]

"AGRSMMSG"="AGRSMMSG.exe" [2005-04-13 88209]

"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2005-02-08 159744]

"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-05-04 794624]

"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]

"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 290816]

"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-03-29 233534]

"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]

"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-30 583048]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-29 413696]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048]

"ISW.exe"="c:\program files\AT&T\Internet Security Wizard\ISW.exe" [2007-05-03 2061816]

"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192]

 

c:\documents and settings\Stan Beson\Start Menu\Programs\Startup\

AutoMailer.lnk - c:\troopmaster software\AutoMailer\AutoMailer.exe [2008-11-19 73728]

 

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2006-6-16 82026]

Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]

Monitor Apache Servers.lnk - c:\program files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe [2009-8-6 41051]

Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= "c:\program files\Qualcomm\Eudora\EuShlExt.dll" [2006-08-17 86016]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Program Files\\Hp\\HP Software Update\\hpwuschd2.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3306:TCP"= 3306:TCP:MySQL Server

 

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [4/25/2010 3:36 PM 164048]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 11:41 AM 67656]

R2 Apache2.2;Apache2.2;c:\program files\Apache Software Foundation\Apache2.2\bin\httpd.exe [8/6/2009 3:50 PM 24645]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [4/25/2010 3:36 PM 19024]

S0 ltiu;ltiu;c:\windows\system32\drivers\vtuijpwj.sys --> c:\windows\system32\drivers\vtuijpwj.sys [?]

S2 pciinfo;HP Pci Information;\??\c:\docume~1\STANBE~1\LOCALS~1\Temp\HPISPz\hpdom\pciinfo.sys --> c:\docume~1\STANBE~1\LOCALS~1\Temp\HPISPz\hpdom\pciinfo.sys [?]

S3 HPEWSFXBULK;HPEWSFXBULK;c:\windows\system32\drivers\hpfxbulk.sys [12/4/2009 12:11 PM 17432]

S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\1C3.tmp --> c:\windows\system32\1C3.tmp [?]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

.

Contents of the 'Scheduled Tasks' folder

 

2010-05-22 c:\windows\Tasks\Easy Internet Sign-up.job

- c:\program files\Easy Internet signup\HPSdpApp.exe [2005-03-03 18:04]

 

2007-05-01 c:\windows\Tasks\HubTask 0 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0.job

- c:\program files\Common Files\Sonic Shared\Sonic Central\Main\Mediahub.exe [2005-05-14 09:01]

.

.

------- Supplementary Scan -------

.

uStart Page = about:blank

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000

FF - ProfilePath - c:\documents and settings\Stan Beson\Application Data\Mozilla\Firefox\Profiles\qlwmisxj.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q=

FF - prefs.js: browser.startup.homepage -

FF - plugin: c:\documents and settings\Stan Beson\Application Data\Mozilla\Firefox\Profiles\qlwmisxj.default\extensions\[email protected]\platform\WINNT_x86-msvc\plugins\npmnqmp071303000006.dll

FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npatgpc.dll

 

---- FIREFOX POLICIES ----

FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-06-08 15:48

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????9?9?8?7??????? ???B?????????????hLC? ??????

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MEMSWEEP2]

"ImagePath"="\??\c:\windows\system32\1C3.tmp"

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]

"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.0\my.ini\" MySQL"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

 

[HKEY_USERS\S-1-5-21-3847439602-4269998751-1323973196-1006\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{44034FD7-1AAB-56DE-05376226E3E18762}\{E5927D01-F17A-5508-2A74EFC6C5188D90}\{F4E471EB-CB8D-E257-550ABC7FEB789AD1}*]

"{3EE4C831-B7E0-4ed1-B9FC-EDC523C9612F}1"=hex:01,00,01,00,0c,00,00,00,44,d2,df,

f1,16,69,51,c7,ad,b1,e3,48,96,f9,66,0c,88,32,22,b8,17,f2,ea,73,0d,08,cb,42,\

 

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{59FD906B-7064-D511-A92C76967AEA497D}\{7BE5E469-8614-18F7-FB4A2951C2296B41}\{4CE5DCAA-16CA-BCB0-DF1B4E45E77E17F5}*]

"S6KI1YERXJTIP3T5RVDI41UR2G1"=hex:01,00,01,00,00,00,00,00,26,ff,b1,c2,08,0b,50,

9e,35,81,92,71,e8,29,5a,84,14,35,16,70,d8,6e,ff,61

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

- - - - - - - > 'winlogon.exe'(820)

c:\program files\SUPERAntiSpyware\SASWINLO.DLL

c:\windows\system32\igfxsrvc.dll

c:\windows\system32\hccutils.DLL

.

Completion time: 2010-06-08 15:55:46

ComboFix-quarantined-files.txt 2010-06-08 22:55

 

Pre-Run: 11,949,334,528 bytes free

Post-Run: 11,932,024,832 bytes free

 

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

 

- - End Of File - - AAE48BF598E5E94FF430D2E0EFBC68A0

Share this post


Link to post
Share on other sites

Welcome back

 

Print this topic or save to notepad, it will make it easier for you to follow the instructions and complete all of the necessary steps as we will need to close all windows that are open later in the fix.

 

 

Go to My Computer->Tools->Folder Options->View tab:

  • Under the Hidden files and folders heading:
  • Select - Show hidden files and folders.
  • Uncheck- Hide protected operating system files (recommended) option.
  • Also, make sure there is no checkmark beside Hide file extensions for known file types.
  • Click OK. (Remember to Hide files and folders once done)
Please go to: VirusTotal
  • Posted Image

     

     

  • Click the Browse button and search for the following file: c:\windows\system32\drivers\vtuijpwj.sys
  • Click Open
  • Then click Send File
  • Please be patient while the file is scanned.
  • Once the scan results appear, please provide them in your next reply.
If it says already scanned -- click "reanalyze now"

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`

 

Download CKScanner by askey127 from HERE

Important - Save it to your desktop.

Doubleclick CKScanner.exe and click Search For Files.

After a very short time, when the cursor hourglass disappears, click Save List To File.

A message box will verify the file saved.

Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`

 

Next: Please disable all onboard security programs (all running with back ground protection) as it may hinder the scanner from working.

This includes Antivirus, Firewall, and any Spyware scanners that run in the background.

 

Click on this link Here to see a list of programs that should be disabled.

The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

 

Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the CODE box below:

Save this as "CFScript.txt" including quotes and change the "Save as type" to "All Files" and place it on your desktop.

File:: 
c:\windows\system32\1C3.tmp
c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
Folder::
c:\documents and settings\All Users\Application Data\McAfee
c:\program files\McAfee
c:\program files\Common Files\Mcafee
DDS::
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Symantec PIF AlertEng"=-
Driver::
MEMSWEEP2
RegNULL::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{44034FD7-1AAB-56DE-05376226E3E18762}\{E5927D01-F17A-5508-2A74EFC6C5188D90}\{F4E471EB-CB8D-E257-550ABC7FEB789AD1}*]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{59FD906B-7064-D511-A92C76967AEA497D}\{7BE5E469-8614-18F7-FB4A2951C2296B41}\{4CE5DCAA-16CA-BCB0-DF1B4E45E77E17F5}*]

Posted Image

Referring to the screenshot above, drag CFScript.txt into ComboFix.exe. ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.

When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.

 

 

CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

 

If there are internet issues afterward:

 

*In IE: Tools Menu -> Internet Options -> Connections Tab ->Lan Settings > uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.

 

In Firefox in Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection and uncheck the proxyserver, set it to No Proxy.

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`

 

After I see the results of the above logs I will be requesting an online scan.

 

Also, please give me an update on how the computer is at the moment.

 

In your next reply post:

File requested scanned

CKFiles.txt

ComboFix.txt

 

You may need several replies to post the requested logs, otherwise they might get cut off.

Share this post


Link to post
Share on other sites

Click the Browse button and search for the following file: c:\windows\system32\drivers\vtuijpwj.sys

 

That file is not on my computer. I double checked the Folder Options settings to make sure they are set according to your instructions and they are.

 

Should I complete the other instructions from your last message?

Share this post


Link to post
Share on other sites

Let's let the file wait for the time being, continue with the other instructions.

Share this post


Link to post
Share on other sites

My computer seems to be working better. Thanks for your assistance.

 

I tried two Google searches and the browser was not redirected when I clicked on the search result links.

 

Also I am now able to access Windows Updates.

 

I will test it more later.

 

** ckfiles.txt **

 

CKScanner - Additional Security Risks - These are not necessarily bad

c:\program files\ssh communications security\ssh secure shell\ssh-keygen2.exe

scanner sequence 3.NA.11

----- EOF -----

 

** ComboFix.txt **

 

ComboFix 10-06-08.02 - Stan Beson 06/09/2010 22:44:38.2.1 - x86

Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.502.227 [GMT -7:00]

Running from: c:\documents and settings\Stan Beson\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Stan Beson\Desktop\CFScript.txt

AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

 

FILE ::

"c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe"

"c:\windows\system32\1C3.tmp"

.

 

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

c:\documents and settings\All Users\Application Data\McAfee

c:\documents and settings\All Users\Application Data\McAfee\dspwrp\SmartMessaging.db

c:\documents and settings\All Users\Application Data\McAfee\MBK\Exceptions.txt

c:\documents and settings\All Users\Application Data\McAfee\MBK\MbkUsrPath

c:\documents and settings\All Users\Application Data\McAfee\MBK\MonitorInfo.xml

c:\documents and settings\All Users\Application Data\McAfee\MBK\UserBindingInfo.xml

c:\documents and settings\All Users\Application Data\McAfee\MCLOGS\MISP\mcupdate_1275973752\mcupdate_1275973752000.log

c:\documents and settings\All Users\Application Data\McAfee\MSC\Cache\McSubDB.Bak

c:\documents and settings\All Users\Application Data\McAfee\MSC\mcini.ini

c:\documents and settings\All Users\Application Data\McAfee\MSC\McSubDB.Dat

c:\program files\Common Files\Mcafee

c:\program files\Common Files\Mcafee\Installer\mcinst.exe

c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe

c:\program files\McAfee

 

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

 

-------\Legacy_MEMSWEEP2

-------\Service_MEMSWEEP2

-------\Legacy_LiveUpdate_Notice_Service

-------\Service_LiveUpdate Notice Service

 

 

((((((((((((((((((((((((( Files Created from 2010-05-10 to 2010-06-10 )))))))))))))))))))))))))))))))

.

 

2010-06-08 14:29 . 2010-06-08 14:29 -------- d-----w- C:\_OTM

2010-06-05 16:44 . 2010-06-05 16:44 -------- d-----w- c:\program files\Trend Micro

2010-06-04 16:28 . 2010-06-04 16:28 -------- d-----w- c:\documents and settings\Stan Beson\Application Data\SUPERAntiSpyware.com

2010-06-04 16:28 . 2010-06-04 16:28 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

2010-06-04 16:27 . 2010-06-04 16:27 -------- d-----w- c:\program files\SUPERAntiSpyware

2010-05-31 18:12 . 2010-04-29 22:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-05-31 18:12 . 2010-04-29 22:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-05-31 18:12 . 2010-05-31 18:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-05-31 03:04 . 2010-05-31 17:18 -------- d-----w- c:\program files\Windows Live Safety Center

 

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-06-07 23:31 . 2010-06-04 16:28 63488 ----a-w- c:\documents and settings\Stan Beson\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll

2010-06-07 23:30 . 2010-06-04 16:28 117760 ----a-w- c:\documents and settings\Stan Beson\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL

2010-06-05 16:44 . 2010-06-05 16:44 388096 ----a-r- c:\documents and settings\Stan Beson\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

2010-06-04 16:28 . 2010-06-04 16:28 52224 ----a-w- c:\documents and settings\Stan Beson\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll

2010-05-31 18:13 . 2010-04-11 23:02 -------- d-----w- c:\documents and settings\Stan Beson\Application Data\Malwarebytes

2010-05-31 18:12 . 2010-04-11 19:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2010-05-24 17:36 . 2010-05-24 17:36 503808 ----a-w- c:\documents and settings\Stan Beson\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-16100257-n\msvcp71.dll

2010-05-24 17:36 . 2010-05-24 17:36 499712 ----a-w- c:\documents and settings\Stan Beson\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-16100257-n\jmc.dll

2010-05-24 17:35 . 2010-05-24 17:35 12800 ----a-w- c:\documents and settings\Stan Beson\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-266e04a0-n\decora-d3d.dll

2010-05-24 17:35 . 2010-05-24 17:35 61440 ----a-w- c:\documents and settings\Stan Beson\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-266e04a0-n\decora-sse.dll

2010-05-24 17:35 . 2010-05-24 17:35 348160 ----a-w- c:\documents and settings\Stan Beson\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-16100257-n\msvcr71.dll

2010-05-22 03:34 . 2005-08-02 06:55 -------- d-----w- c:\program files\Easy Internet signup

2010-05-06 20:59 . 2010-04-25 22:35 165032 ----a-w- c:\windows\system32\aswBoot.exe

2010-05-06 20:39 . 2010-04-25 22:36 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2010-05-06 20:39 . 2010-04-25 22:36 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys

2010-05-06 20:34 . 2010-04-25 22:36 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2010-05-06 20:33 . 2010-04-25 22:36 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2010-05-06 20:33 . 2010-04-25 22:36 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys

2010-05-06 20:33 . 2010-04-25 22:36 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2010-05-06 20:33 . 2010-04-25 22:36 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2010-04-25 22:35 . 2010-04-25 22:35 -------- d-----w- c:\program files\Alwil Software

2010-04-25 22:35 . 2010-04-25 22:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software

2010-04-24 06:27 . 2010-04-24 06:27 -------- d-----w- c:\program files\Sophos

2010-04-20 15:05 . 2005-08-02 06:30 -------- d-----w- c:\program files\Common Files\Java

2010-04-20 15:03 . 2010-04-20 15:04 411368 ----a-w- c:\windows\system32\deployJava1.dll

2010-04-20 15:03 . 2005-08-02 06:30 -------- d-----w- c:\program files\Java

2010-04-17 05:50 . 2010-04-04 18:43 -------- d-----w- c:\program files\Lavasoft

2010-04-15 03:55 . 2004-08-04 08:00 361600 ----a-w- c:\windows\system32\drivers\tcpip.sys

2010-04-14 16:47 . 2010-04-25 22:35 38848 ----a-w- c:\windows\system32\avastSS.scr

2010-04-12 02:30 . 2009-06-20 09:15 -------- d-----w- c:\program files\SiteAdvisor

2010-04-11 18:25 . 2005-08-02 06:59 -------- d-----w- c:\program files\Google

2010-04-04 19:12 . 2010-04-04 19:13 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys

2008-05-25 00:33 . 2008-05-25 00:32 2725048 ----a-w- c:\program files\FLV PlayerFCSetup.exe

2009-06-17 06:27 . 2009-06-17 06:27 27976 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll

2009-06-17 06:27 . 2009-06-17 06:27 126360 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll

2009-06-17 06:27 . 2009-06-17 06:27 98712 ----a-w- c:\program files\mozilla firefox\plugins\ieatgpc.dll

.

 

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-01 68856]

"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-03-19 4363504]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-02-08 155648]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-02-08 126976]

"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-10-14 1388544]

"AGRSMMSG"="AGRSMMSG.exe" [2005-04-13 88209]

"Apoint"="c:\program files\Apoint2K\Apoint.exe" [2005-02-08 159744]

"hpWirelessAssistant"="c:\program files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe" [2005-05-04 794624]

"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]

"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 290816]

"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-03-29 233534]

"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-03-29 413696]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-03-30 267048]

"ISW.exe"="c:\program files\AT&T\Internet Security Wizard\ISW.exe" [2007-05-03 2061816]

"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192]

 

c:\documents and settings\Stan Beson\Start Menu\Programs\Startup\

AutoMailer.lnk - c:\troopmaster software\AutoMailer\AutoMailer.exe [2008-11-19 73728]

 

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2006-6-16 82026]

Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-4-23 29696]

Monitor Apache Servers.lnk - c:\program files\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe [2009-8-6 41051]

Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

 

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{EDB0E980-90BD-11D4-8599-0008C7D3B6F8}"= "c:\program files\Qualcomm\Eudora\EuShlExt.dll" [2006-08-17 86016]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]

"DisableMonitoring"=dword:00000001

 

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]

"DisableMonitoring"=dword:00000001

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\SmartFTP Client 2.0\\SmartFTP.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

"c:\\Program Files\\Hp\\HP Software Update\\hpwuschd2.exe"=

 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3306:TCP"= 3306:TCP:MySQL Server

 

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [4/25/2010 3:36 PM 164048]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 11:41 AM 67656]

R2 Apache2.2;Apache2.2;c:\program files\Apache Software Foundation\Apache2.2\bin\httpd.exe [8/6/2009 3:50 PM 24645]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [4/25/2010 3:36 PM 19024]

S0 ltiu;ltiu;c:\windows\system32\drivers\vtuijpwj.sys --> c:\windows\system32\drivers\vtuijpwj.sys [?]

S2 pciinfo;HP Pci Information;\??\c:\docume~1\STANBE~1\LOCALS~1\Temp\HPISPz\hpdom\pciinfo.sys --> c:\docume~1\STANBE~1\LOCALS~1\Temp\HPISPz\hpdom\pciinfo.sys [?]

S3 HPEWSFXBULK;HPEWSFXBULK;c:\windows\system32\drivers\hpfxbulk.sys [12/4/2009 12:11 PM 17432]

 

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

.

Contents of the 'Scheduled Tasks' folder

 

2010-05-22 c:\windows\Tasks\Easy Internet Sign-up.job

- c:\program files\Easy Internet signup\HPSdpApp.exe [2005-03-03 18:04]

 

2007-05-01 c:\windows\Tasks\HubTask 0 {0E7C166E-2D2F-4269-9034-DE1898BF2B1A} 0~0.job

- c:\program files\Common Files\Sonic Shared\Sonic Central\Main\Mediahub.exe [2005-05-14 09:01]

.

.

------- Supplementary Scan -------

.

uStart Page = about:blank

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

mDefault_Search_URL = hxxp://www.google.com/ie

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mSearchAssistant = hxxp://www.google.com/ie

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000

FF - ProfilePath - c:\documents and settings\Stan Beson\Application Data\Mozilla\Firefox\Profiles\qlwmisxj.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q=

FF - prefs.js: browser.startup.homepage -

FF - plugin: c:\documents and settings\Stan Beson\Application Data\Mozilla\Firefox\Profiles\qlwmisxj.default\extensions\[email protected]\platform\WINNT_x86-msvc\plugins\npmnqmp071303000006.dll

FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npatgpc.dll

 

---- FIREFOX POLICIES ----

FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

.

 

**************************************************************************

 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-06-09 23:01

Windows 5.1.2600 Service Pack 3 NTFS

 

scanning hidden processes ...

 

scanning hidden autostart entries ...

 

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????9?9?8?7??`???? ???B?????????????hLC? ??????

 

scanning hidden files ...

 

scan completed successfully

hidden files: 0

 

**************************************************************************

 

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]

"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.0\my.ini\" MySQL"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

 

[HKEY_USERS\S-1-5-21-3847439602-4269998751-1323973196-1006\Software\Microsoft\SystemCertificates\AddressBook*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

.

--------------------- DLLs Loaded Under Running Processes ---------------------

 

- - - - - - - > 'winlogon.exe'(820)

c:\program files\SUPERAntiSpyware\SASWINLO.DLL

 

- - - - - - - > 'explorer.exe'(2088)

c:\windows\system32\WPDShServiceObj.dll

c:\program files\SmartFTP Client 2.0\smarthook.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Alwil Software\Avast5\AvastSvc.exe

c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\program files\Common Files\Motive\McciCMService.exe

c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe

c:\program files\Analog Devices\SoundMAX\SMAgent.exe

c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe

c:\windows\system32\SearchIndexer.exe

c:\program files\Windows Media Player\WMPNetwk.exe

c:\windows\system32\wscntfy.exe

c:\windows\AGRSMMSG.exe

c:\program files\Apoint2K\Apntex.exe

c:\program files\iPod\bin\iPodService.exe

c:\program files\HPQ\SHARED\HPQWMI.exe

c:\program files\Yahoo!\Messenger\ymsgr_tray.exe

.

**************************************************************************

.

Completion time: 2010-06-09 23:09:58 - machine was rebooted

ComboFix-quarantined-files.txt 2010-06-10 06:09

ComboFix2.txt 2010-06-08 22:55

 

Pre-Run: 11,887,575,040 bytes free

Post-Run: 11,746,635,776 bytes free

 

- - End Of File - - A9F7AC70FA03408D53530A5631C5A966

Share this post


Link to post
Share on other sites

My computer seems to be working better. Thanks for your assistance.

 

I tried two Google searches and the browser was not redirected when I clicked on the search result links.

 

Also I am now able to access Windows Updates.

Good deal

 

c:\program files\ssh communications security\ssh secure shell\ssh-keygen2.exe

Forum Policy

I strongly suggest you remove any cracked software that is installed, we do not approve nor will we provide support in the future for problems produced because of illegal software.

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

  • Double click on OTM.exe to run it
  • Copy & paste the contents inside the Code box below beginning with :Files into --->> Paste Instructions for Items to be Moved
Note: Do not type it out to minimize the risk of typo error

:Files
c:\windows\system32\drivers\vtuijpwj.sys
:services
ltiu
:Commands
[purity]
[emptytemp]
[Reboot]
  • Click on MoveIt!
  • When done, click on Exit
Note: If a file or folder can't be moved immediately, you may be asked to restart your computer. Choose Yes.

A log will be produced at C:\_OTM\MovedFiles\date_time.log, where date_time are numbers. Post this log in your next reply.

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NEXT**

I'd like for you to run this next online scan to check for remnants or anything that might be hidden.

The below scan can take up to an hour or longer, so please be patient.

 

*Note

It is recommended to disable onboard antivirus program and antispyware programs while performing scans so no conflicts and to speed up scan time.

Please don't go surfing while your resident protection is disabled!

Once scan is finished remember to re-enable resident antivirus protection along with whatever antispyware app you use.

 

 

Using Internet Explorer, visit http://www.kaspersky.com/kos/eng/partner/d...n=1260122209224

Other available links

Kaspersky Online Scanner or from here

http://www.kaspersky.com/virusscanner

 

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

 

Click on the Accept button and install any components it needs.

  • The program will install and then begin downloading the latest definition

    files.

  • After the files have been downloaded on the left side of the page in the Scan section select My Computer.
  • This will start the program and scan your system.
  • The scan will take a while, so be patient and let it run. (At times it may appear to stall)

    * Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.

    * Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.

    * Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.

  • Once the scan is complete, click on View scan report To obtain the report:
Click on: Save Report As

Next, in the Save as prompt, Save in area, select: Desktop

In the File name area, use KScan, or something similar In Save as type, click the drop arrow and select:

Text file [*.txt]

Then, click: Save

Please post the Kaspersky Online Scanner Report in

your reply.

 

Animated tutorial

http://i275.photobucket.com/albums/jj285/B...ng/KAS/KAS9.gif

 

(Note.. for Internet Explorer 7 users:

If at any time you have trouble with the "Accept" button of the license, click on the "Zoom" tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.)

Or use Firefox with IE-Tab plugin

https://addons.mozilla.org/en-US/firefox/addon/1419

 

 

In your next reply post:

OTM log

Kaspersky log

 

 

 

You may need several replies to post the requested logs, otherwise they might get cut off.

Share this post


Link to post
Share on other sites

I will be away from my computer and the Internet for the next two days. As soon as I get back I will continue. Thanks very much for all your help.

Share this post


Link to post
Share on other sites

c:\program files\ssh communications security\ssh secure shell\ssh-keygen2.exe

Forum Policy

I strongly suggest you remove any cracked software that is installed, we do not approve nor will we provide support in the future for problems produced because of illegal software.

 

Was this file damaged by the virus? It is part of the FTP program I use for my school work that was recommended by my college. It is a non-commercial, non-expiring version and it was a free download when I installed it. I do not use it for commercial purposes per the license agreement. Please advise me what to do.

Share this post


Link to post
Share on other sites

*Note

It is recommended to disable onboard antivirus program and antispyware programs while performing scans so no conflicts and to speed up scan time.

Is it okay to leave the firewall enabled while the Kaspersky Online Scanner runs?

Share this post


Link to post
Share on other sites

Was this file damaged by the virus? It is part of the FTP program I use for my school work that was recommended by my college. It is a non-commercial, non-expiring version and it was a free download when I installed it. I do not use it for commercial purposes per the license agreement. Please advise me what to do.

 

No, the file has not been damaged. It was flagged by that tool because it had Keygen in the file name.

It's odd that if it was recommended it would have to have a keygen to keep the software running.

 

If it's needed and a legal program for college, and not flagged by other scanners as infected, then leave it on the computer.

 

Is it okay to leave the firewall enabled while the Kaspersky Online Scanner runs?

 

After the scan has downloaded all definitions and the firewall hasn't flagged anything,.....should be fine to leave it running.

Share this post


Link to post
Share on other sites

I did not disable my virus protection before I ran OTM.exe. I hope that was not a mistake. While OTM.exe ran, Avast! moved a file. Here is the report.

 

6/12/2010 8:52:36 AM C:\Program Files\Apoint2K\Apoint.exe [L] Win32:Malware-gen (0)

File was successfully moved to chest...

*

* avast! Real-time Shield Scan Report

* This file is generated automatically

*

* Started on: Saturday, June 12, 2010 8:55:30 AM

*

 

** start 06122010_085216.log **

 

All processes killed

========== FILES ==========

File/Folder c:\windows\system32\drivers\vtuijpwj.sys not found.

========== SERVICES/DRIVERS ==========

Service ltiu stopped successfully!

Service ltiu deleted successfully!

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: Administrator

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: All Users

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

 

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 2936317 bytes

 

User: NetworkService

->Temp folder emptied: 98304 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 1036 bytes

 

User: PHP

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->FireFox cache emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: Stan Beson

->Temp folder emptied: 9606631 bytes

->Temporary Internet Files folder emptied: 6907285 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 55931122 bytes

->Flash cache emptied: 558 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 9448 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes

RecycleBin emptied: 2789376 bytes

 

Total Files Cleaned = 75.00 mb

 

 

OTM by OldTimer - Version 3.1.12.2 log created on 06122010_085216

 

Files moved on Reboot...

C:\Documents and Settings\NetworkService\Local Settings\Temp\Perflib_Perfdata_204.dat moved successfully.

File move failed. C:\WINDOWS\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

 

Registry entries deleted on Reboot...

 

** end 06122010_085216.log **

 

Using Internet Explorer, visit http://www.kaspersky...n=1260122209224

 

There is a problem running the Kaspersky Online Scanner using IE 6.0. It looks like I can run it using Firefox. Should I use Firefox or upgrade IE?

 

I use IE 6.0 on this computer to test for web page browser compatibility problems, but if I need to upgrade to solve this virus problem I will do it.

 

(edited to correct misspelled word)

Edited by StanB

Share this post


Link to post
Share on other sites

Or use Firefox with IE-Tab plugin

https://addons.mozilla.org/en-US/firefox/addon/1419

 

 

I use IE 6.0 on this computer to test for web page browser compatibility problems, but if I need to upgrade to solve this virus problem I will do it.

In time you may want to consider upgrading IE to cover exploits and vulnerabilities.

Share this post


Link to post
Share on other sites

Or use Firefox with IE-Tab plugin

https://addons.mozil...efox/addon/1419

 

There is an updated version that works with Firefox 3.6, however I updated IE instead of installing it.

 

IE Tab 2

 

https://addons.mozil...ox/addon/92382/

 

In time you may want to consider upgrading IE to cover exploits and vulnerabilities.

 

I installed IE 8, but that did not fix the problem.

 

For some reason there is a problem with Java in IE when I access the Kaspersky Online Scanner.

 

"Kaspersky Online Scanner 7.0 download and operation require Java framework version 1.5 or later."

 

Java version 1.6.0_20 is installed on the computer. I checked the settings in IE and the Java Control Panel.

 

The following are listed in Add or Remove Programs window:

 

J2SE Runtime Environment 5.0 Update 4

J2SE Runtime Environment 5.0 Update 5

Java™ 6 Update 20

Java™ 6 Update 5

Java™ 6 Update 7

 

The C:\Program Files\Java folder has the following folders:

 

jre1.5.0_04

jre1.5.0_09

jre1.6.0_05

jre1.6.0_07

jre6

 

I will try to uninstall Java and reinstall it again. Do you have any other suggestions?

Share this post


Link to post
Share on other sites

Kaspersky generally works with Firefox, have you updated to the latest version?

 

Forget Kaspersky we'll try a different scanner.

 

 

You can use either Internet Explorer or Mozilla FireFox for this scan.

 

  • Please go here then click on: Posted Image

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Posted Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Posted Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on: Posted Image
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

Share this post


Link to post
Share on other sites

Kaspersky generally works with Firefox, have you updated to the latest version?

 

Yes, I have version 3.6.3 of Firefox. It looks like Kaspersky will run in Firefox on my computer, but I have not tried it yet.

 

** C:\Program Files\ESET\EsetOnlineScanner\log.txt **

 

[email protected] as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6211

# api_version=3.0.2

# EOSSerial=fd2e2b1da701db498934a2ef48c87765

# end=stopped

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2010-06-14 05:02:51

# local_time=2010-06-13 10:02:51 (-0800, Pacific Daylight Time)

# country="United States"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=512 16777215 100 0 0 0 0 0

# compatibility_mode=768 16777175 100 0 4170448 4170448 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=616

# found=0

# cleaned=0

# scan_time=25

esets_scanner_update returned -1 esets_gle=53251

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6211

# api_version=3.0.2

# EOSSerial=fd2e2b1da701db498934a2ef48c87765

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2010-06-14 09:28:43

# local_time=2010-06-14 02:28:43 (-0800, Pacific Daylight Time)

# country="United States"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=512 16777215 100 0 0 0 0 0

# compatibility_mode=768 16777191 100 0 4176191 4176191 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=126272

# found=1

# cleaned=0

# scan_time=10228

C:\System Volume Information\_restore{D5341F9C-33F7-43CF-8BD2-1AE937C9BA1B}\RP700\A0111066.sys Win32/Olmarik.ZC trojan 00000000000000000000000000000000 I

Share this post


Link to post
Share on other sites

OK, this scan actually looks good.

 

Let's go ahead with final clean up and send you on your way.

 

 

Don't miss or skip this next step, this will remove malicious files from quarantine and set a clean restore point.

 

Go to Start > Run > copy and paste the full text path in the run box

 

Start > Run & typing in ComboFix /Uninstall

 

Note the space between the x and the /U, it needs to be there.

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

  • Download OTC by OldTimer and save it to your desktop.
  • Double click Posted Image icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big Posted Image button.
  • You will get a prompt saying "Being Cleanup Process". Please select Yes.
  • Restart your computer when prompted.

 

~~~~~~~~~~~~~~~~~~~~~~~~~~`

 

Your good to go, good job!

 

 

Please take the time to read over a few of my preventive tips.

 

 

Please navigate to Microsoft Windows Updates and download all the "Critical Updates" for Windows.

 

 

Firefox 3

The award-winning Web browser is now faster, more secure, and fully customizable to your online life. With Firefox 3, added powerful new features that make your online experience even better. It has more features and is a lot more secure than IE. It is a very easy and painless download and install, it will no way interfere with IE, you can use them both.

*NoScript - Addon for Firefox that stops all scripts from running on websites. Stops malicious software from invading via flash, java, javascript, and many other entry points.

 

WOT Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites - green to go, yellow for caution and red to stop, helping you avoid the dangerous sites. WOT has an addon available for both Firefox and IE.

 

How to prevent Malware: Created by Miekiemoes

 

Here are some additional utilities that will further enhance your safety.

# http://www.trillian.cc → Trillian or http://www.miranda-im.com → Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN)

 

Scan your computer regularly for malware

Scan on a regular basis to keep your computer clean, free software such as Malwarebytes Anti-Malware (MBAM) and SUPERAntiSpyware-

Please note that these products can also be run as free without a licience as a scan on demand scanner.

 

Backup regularly

 

You never know when your PC will become unstable or become so infected that you can't recover it. Follow this Microsoft article to learn how to backup. Follow this article by Microsoft to restore your backups.

 

Alternatively, you can use 3rd-party programs to back up your data. One example can be found at Bleeping Computer.

 

Avoid P2P

 

P2P may be a great way to get lots of stuffs, but it is a great way to get infected as well. There's no way to tell if the file being shared is infected. Worse still, some worms spread via P2P networks, infecting you as well. If you do need to use them, use them sparingly. Check this list of clean and infected P2P programs if you need to use one.

 

Please read this article 'Safe Computing Practices'.

So how did I get infected in the first place.

 

Secure My Computer: A Layered Approach

 

Strong passwords: How to create and use them

 

Free Antivirus-AntiSpyware-Firewall Software

 

Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

 

Slow Computer May Not Be Malware Related, Help! My computer is slow!

http://users.telenet.be/bluepatchy/miekiemoes/slowcomputer.html

 

 

PC Safety and Security--What Do I Need?

http://www.techsupportforum.com/security-center/general-computer-security/115548-pc-safety-security-what-do-i-need.html

 

Stand Up and Be Counted ---> Malware Complaints <--- where you can make difference!

This site offers people who have been (or are) victims of malware the opportunity to document their story.

 

Extra note:

Make sure your programs are up to date - because older versions may contain Security Leaks. To find out what programs need to be updated, please run the Secunia Software Inspector Scan. http://secunia.com/software_inspector/

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

×
×
  • Create New...