Solved Vista anti-spyware 2011

MichaelCorleone · May 9, 2011

Whenever I try to doubleclick FireFox, a pop-up comes up stating "Vista Anti-Spyware has blocked a program from accessing the internet. When I attempt to access my homepage it says Alert. Visiting this site may pose a threat to your system! What I mean by anything like that, would be anything that needs an internet connection seems to be locked out due to this virus.

I've attempted to run malware bytes but each time I try to run the program, it never opens up.

There is also a pop-up on the task bar that says mal ware detected.

Bobbye · May 9, 2011

Did you mark this thread Active? That is suppose to be done by Broni and I went we pick up a thread. Please do not use the Thread Tools.

Try the following to run Malwarebytes:
Please download randmbam.exe

It will try to create random names and shortcuts for Malwarebytes Anti Malware(MBAM) if you have it installed already.

Once done, try running a scan again

Then please follow the rest of the steps in the Preliminary Virus and Malware Removal thread HERE.

NOTE: If you already have any of the scanning programs on the computer, please remove them and download the versions in these links.

When you have finished, leave the logs for review in your next reply .
NOTE: Logs must be pasted in the replies. Attached logs will not be reviewed.

Please do not use any other cleaning programs or scans while I'm helping you, unless I direct you to. Do not use a Registry cleaner or make any changes in the Registry.

MichaelCorleone · May 9, 2011

Oops, I put the thread title as active, sorry.

I already have avria and malware bytes on system. So ill have to remove and reinstall from the above links?

Also, I am using my phone because I could not access internet on my computer. I won't be back to my computer till about 2 hours from now. How would I download if I can't.get.access from FireFox.

Thank you for your help!

Bobbye · May 9, 2011

The current version of Malwarebytes is Malwarebytes Anti-Malware 1.50.1 and the database is updated when it's run. If you do have this version on the system, you can run it, but you won't be able to update it. You could go ahead and use it, but I will have you repeat the scan when the connection is restored.

Avira is fine.

If you can't access the internet, download the programs to a flash drive, then run them on the problem computer.

This is most likely from the rogue antispyware program.

MichaelCorleone · May 9, 2011

I came back from lunch and my roommate ran super anti spare and niece nothing will work.

When I click on desk top icon or any program the open with window comes up.

Ugh

MichaelCorleone · May 9, 2011

Ok I.got the programs working with a Vista exe support file I downloaded.

I have done step 2 and am doing step 3. I have mal ware bytes running and hope it'll be complete when I return from work.

I will post results from steps, 3, 4 and 5 in about 6 hours.

Bobbye · May 9, 2011

Okay. Fine.

MichaelCorleone · May 9, 2011

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6539

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

5/9/2011 7:53:17 PM
mbam-log-2011-05-09 (19-53-17).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 298883
Time elapsed: 46 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CLASSES_ROOT\.exe\shell\open\command\(default) (Hijack.ExeFile) -> Value: (default) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\Users\Levi\downloads\yontooclientsetup(2).exe (Adware.Agent) -> Quarantined and deleted successfully.
c:\Users\Levi\downloads\yontooclientsetup.exe (Adware.Agent) -> Quarantined and deleted successfully.

GMER 1.0.15.15627 - http://www.gmer.net
Rootkit scan 2011-05-09 20:26:41
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 rev.
Running: j6umgfig.exe; Driver: C:\Users\Levi\AppData\Local\Temp\pxldapod.sys

---- System - GMER 1.0.15 ----

SSDT 9AE39B54 ZwCreateThread
SSDT 9AE39B40 ZwOpenProcess
SSDT 9AE39B45 ZwOpenThread
SSDT 9AE39B4F ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetEvent + 221 81EFE9A4 4 Bytes [54, 9B, E3, 9A] {PUSH ESP; WAIT ; JECXZ 0xffffffffffffff9e}
.text ntkrnlpa.exe!KeSetEvent + 3F1 81EFEB74 4 Bytes [40, 9B, E3, 9A] {INC EAX; WAIT ; JECXZ 0xffffffffffffff9e}
.text ntkrnlpa.exe!KeSetEvent + 40D 81EFEB90 4 Bytes [45, 9B, E3, 9A] {INC EBP; WAIT ; JECXZ 0xffffffffffffff9e}
.text ntkrnlpa.exe!KeSetEvent + 621 81EFEDA4 4 Bytes [4F, 9B, E3, 9A] {DEC EDI; WAIT ; JECXZ 0xffffffffffffff9e}
? System32\drivers\ahvaqcu.sys The system cannot find the path specified. !
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8EC0D000, 0x1F8CAC, 0xE8000020]
C:\Program Files\CyberLink\PowerDVD DX\000.fcl entry point in "" section [0x9EC2C41C]
.clc C:\Program Files\CyberLink\PowerDVD DX\000.fcl unknown last code section [0x9EC2D000, 0x1000, 0xE0000020]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[2024] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73E77817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2024] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73ECA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2024] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73E7BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2024] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73E6F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2024] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73E775E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2024] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73E6E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2024] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [73EA8395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2024] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [73E7DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2024] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73E6FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2024] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73E6FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2024] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73E671CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2024] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [73EFCAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2024] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [73E9C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2024] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73E6D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2024] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73E66853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2024] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73E6687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2024] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73E72AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18342_none_9e54f8aaca13c773\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Program Files\AIM\aim.exe[2424] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9E78] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[2424] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[2424] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[2424] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[2424] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[2424] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9E78] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[2424] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[2424] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[2424] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[2424] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9E78] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[2424] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[2424] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[2424] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[2424] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[2424] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[2424] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9E78] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[2424] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[2424] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[2424] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[2424] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[2424] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[2424] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[2424] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[2424] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[2424] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9E78] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[2424] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[2424] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[2424] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[2424] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9E78] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[2424] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[2424] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[2424] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6BFA9E78] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[2424] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6BFA9D64] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[2424] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[2424] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [6BFA9CDD] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)
IAT C:\Program Files\AIM\aim.exe[2424] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!SetUnhandledExceptionFilter] [6BFA9F05] C:\Program Files\Common Files\AOL\AOLDiag\tbdiag.dll (AOL Diagnostics/AOL LLC)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Files - GMER 1.0.15 ----

ADS C:\Program Files\Retro64 Games\build-a-lot_3:_passport_to_europe.exe 99230672 bytes executable
ADS C:\Program Files\Retro64 Games\build-a-lot_3:_passport_to_europe.exe 0 bytes executable
ADS C:\Program Files\Retro64 Games\build-a-lot_3:_passport_to_europe.exe 0 bytes executable
ADS C:\Program Files\Retro64 Games\build-a-lot_3:_passport_to_europe.exe 0 bytes executable

---- EOF - GMER 1.0.15 ----

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by Levi at 20:27:57.76 on Mon 05/09/2011
Internet Explorer: 7.0.6002.18005 BrowserJavaVersion: 1.6.0_20
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3326.2027 [GMT -4:00]
.
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\Dell\DellDock\DockLogin.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\Ati2evxx.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\AERTSrv.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Dell\DellComms\bin\sprtsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Dell\DellComms\gs_agent\bcont.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Users\Levi\Downloads\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.google.com/
uWindow Title = Internet Explorer provided by Dell
uDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=4081022
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_BHO.dll
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_bho.dll
uRun: [Aim] "c:\program files\aim\aim.exe" /d locale=en-US
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ECenter] c:\dell\e-center\EULALauncher.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"
mRun: [dscactivate] "c:\program files\dell support center\gs_agent\custom\dsca.exe"
mRun: [DellComms] "c:\program files\dell\dellcomms\bin\sprtcmd.exe" /P DellComms
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [Nikon Transfer Monitor] c:\program files\common files\nikon\monitor\NkMonitor.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [HP Software Update] c:\program files\hewlett-packard\hp software update\HPWuSchd2.exe
mRun: [hpqSRMon]
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpoddt~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpotdd01.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hewlett-packard\digital imaging\smart web printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\levi\appdata\roaming\mozilla\firefox\profiles\k5l5p5uv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us&tb_uuid=100000000000000002&tb_oid=18-06-2010&tb_mrud=18-06-2010
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US

fficial
FF - prefs.js: keyword.URL - hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZUfox000&fl=0&ptb=oar4MspErF2B8tuwLXPKgg&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=kwd&searchfor=
FF - component: c:\users\levi\appdata\roaming\mozilla\firefox\profiles\k5l5p5uv.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCoreGecko19.dll
FF - component: c:\users\levi\appdata\roaming\mozilla\firefox\profiles\k5l5p5uv.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}\components\MailUtil.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
FF - plugin: c:\users\levi\appdata\roaming\facebook\npfbplugin_1_0_1.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Zynga Community Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - %profile%\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
FF - Ext: AIM Toolbar: {c2f863cd-0429-48c7-bb54-db756a951760} - %profile%\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
FF - user.js: browser.sessionstore.resume_from_crash - false
.
============= SERVICES / DRIVERS ===============
.
R0 AFS;AFS;c:\windows\system32\drivers\AFS.SYS [2009-8-8 77004]
R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-3-22 11608]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-2-17 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-2-17 67656]
R2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};{1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};c:\program files\cyberlink\powerdvd dx\000.fcl [2008-10-22 61424]
R2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2008-10-22 73728]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-3-22 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-3-22 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-3-22 56816]
R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-5-2 161048]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\drivers\RtNdPt60.sys [2008-10-22 27648]
R2 sprtsvc_DellComms;SupportSoft Sprocket Service (DellComms);c:\program files\dell\dellcomms\bin\sprtsvc.exe [2008-3-4 202544]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-3-14 24652]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 RoxLiveShare10;LiveShare P2P Server 10;"c:\program files\common files\roxio shared\10.0\sharedcom\roxliveshare10.exe" --> c:\program files\common files\roxio shared\10.0\sharedcom\RoxLiveShare10.exe [?]
S2 SessionLauncher;SessionLauncher;c:\users\admini~1\appdata\local\temp\dx9\sessionlauncher.exe --> c:\users\admini~1\appdata\local\temp\dx9\SessionLauncher.exe [?]
S3 netr73;Linksys Compact Wireless-G USB Adapter Driver for Vista;c:\windows\system32\drivers\WUSB54GCx86.sys [2007-3-12 256000]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-2-17 12872]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2011-05-06 06:26:37 7071056 ----a-w- c:\progra~2\microsoft\windows defender\definition updates\{1d53f781-f026-412f-b3d6-dfff60f9b2b6}\mpengine.dll
2011-04-27 00:24:16 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-04-27 00:24:16 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-04-27 00:24:14 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-04-17 20:08:18 -------- d-----w- c:\windows\John Tiller's Campaign Series
2011-04-17 20:08:17 -------- d-----w- C:\Matrix Games
2011-04-12 22:21:01 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-04-12 22:20:56 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-12 22:14:56 292864 ----a-w- c:\windows\system32\atmfd.dll
2011-04-12 22:14:55 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-04-12 22:09:11 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-04-12 22:09:11 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-04-12 22:09:11 213504 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-04-12 22:09:11 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-12 22:07:33 1162240 ----a-w- c:\windows\system32\mfc42u.dll
2011-04-12 22:07:33 1136640 ----a-w- c:\windows\system32\mfc42.dll
2011-04-12 22:05:14 305152 ----a-w- c:\windows\system32\drivers\srv.sys
2011-04-12 22:05:14 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-12 22:05:14 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-04-12 22:04:13 86528 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-04-12 22:04:13 25088 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-04-12 22:03:26 834048 ----a-w- c:\windows\system32\wininet.dll
2011-04-12 22:03:25 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-04-12 22:03:25 389632 ----a-w- c:\windows\system32\html.iec
2011-04-12 21:59:09 2041856 ----a-w- c:\windows\system32\win32k.sys
2011-04-12 21:58:04 430080 ----a-w- c:\windows\system32\vbscript.dll
2011-04-10 17:52:12 -------- d-----w- c:\users\levi\appdata\roaming\StreamTorrent
2011-04-10 17:52:11 -------- d-----w- c:\program files\StreamTorrent 1.0
.
==================== Find3M ====================
.
2011-03-03 15:40:07 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2011-03-03 15:40:05 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2011-03-03 15:40:05 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2011-03-03 15:40:04 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2011-02-22 14:13:01 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-22 13:33:12 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-02-22 13:33:09 797696 ----a-w- c:\windows\system32\FntCache.dll
.
============= FINISH: 20:28:15.27 ===============

MichaelCorleone · May 9, 2011

Sorry here is part 2 of step 5

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume3
Install Date: 10/21/2008 7:59:04 PM
System Uptime: 5/9/2011 7:54:21 PM (2 hours ago)
.
Motherboard: Dell Inc. | | 0M017G
Processor: Intel(R) Core(TM)2 Duo CPU E7200 @ 2.53GHz | CPU 1 | 2533/267mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 581 GiB total, 460.259 GiB free.
D: is FIXED (NTFS) - 15 GiB total, 9.69 GiB free.
E: is CDROM (UDF)
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1015: 4/13/2011 3:00:12 AM - Windows Update
RP1016: 4/14/2011 1:50:05 AM - Scheduled Checkpoint
RP1017: 4/15/2011 2:16:37 AM - Windows Update
RP1018: 4/16/2011 3:32:40 AM - Scheduled Checkpoint
RP1019: 4/17/2011 2:43:48 AM - Scheduled Checkpoint
RP1020: 4/18/2011 1:57:54 AM - Scheduled Checkpoint
RP1021: 4/19/2011 1:33:06 AM - Scheduled Checkpoint
RP1022: 4/19/2011 1:54:32 AM - Windows Update
RP1023: 4/20/2011 1:41:35 AM - Scheduled Checkpoint
RP1024: 4/21/2011 12:58:10 AM - Scheduled Checkpoint
RP1025: 4/22/2011 12:00:01 AM - Scheduled Checkpoint
RP1026: 4/22/2011 1:54:26 AM - Windows Update
RP1027: 4/22/2011 3:00:10 AM - Windows Update
RP1028: 4/23/2011 12:00:01 AM - Scheduled Checkpoint
RP1029: 4/24/2011 12:53:55 AM - Scheduled Checkpoint
RP1030: 4/25/2011 1:08:42 AM - Scheduled Checkpoint
RP1031: 4/26/2011 1:19:49 AM - Scheduled Checkpoint
RP1032: 4/26/2011 1:54:38 AM - Windows Update
RP1033: 4/27/2011 1:41:07 AM - Scheduled Checkpoint
RP1034: 4/27/2011 3:00:10 AM - Windows Update
RP1035: 4/28/2011 12:11:52 AM - Scheduled Checkpoint
RP1036: 4/29/2011 12:30:13 AM - Scheduled Checkpoint
RP1037: 4/29/2011 2:26:30 AM - Windows Update
RP1038: 4/30/2011 1:36:42 AM - Scheduled Checkpoint
RP1039: 5/1/2011 12:11:02 AM - Scheduled Checkpoint
RP1040: 5/2/2011 1:30:54 AM - Scheduled Checkpoint
RP1041: 5/3/2011 12:26:10 AM - Scheduled Checkpoint
RP1042: 5/3/2011 2:26:27 AM - Windows Update
RP1043: 5/4/2011 12:08:01 AM - Scheduled Checkpoint
RP1044: 5/5/2011 1:11:31 AM - Scheduled Checkpoint
RP1045: 5/6/2011 1:06:41 AM - Scheduled Checkpoint
RP1046: 5/6/2011 2:26:29 AM - Windows Update
RP1047: 5/7/2011 12:44:23 AM - Scheduled Checkpoint
RP1048: 5/8/2011 5:35:15 AM - Scheduled Checkpoint
RP1049: 5/9/2011 12:00:01 AM - Scheduled Checkpoint
RP1050: 5/9/2011 2:32:51 PM - Scheduled Checkpoint
.
==== Installed Programs ======================
.
32 Bit HP CIO Components Installer
4500_Help
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3.1
AIM 7
AIM Toolbar
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ArcSoft Panorama Maker 4
ATI Catalyst Control Center
Avira AntiVir Personal - Free Antivirus
Bonjour
BPD_HPSU
bpd_scan
BPDSoftware
BPDSoftware_Ini
Browser Address Error Redirector
BufferChm
Build A Lot 3 Passport To Europe
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Hungarian
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Turkish
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help English
CCC Help French
CCC Help German
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Portuguese
CCC Help Spanish
CCC Help Turkish
CCleaner
Comcast High-Speed Internet Install Wizard
Compatibility Pack for the 2007 Office system
Conexant D850 PCI V.92 Modem
Coupon Printer for Windows
CustomerResearchQFolder
Dell Communications
Dell Dock
Dell Getting Started Guide
Dell Support Center
Dell Video Chat (remove only)
Destination Component
DeviceDiscovery
DeviceManagementQFolder
Digital Line Detect
DirectXInstallService
DivX Codec
DivX Version Checker
DocMgr
DocProc
DocProcQFolder
Download Updater (AOL LLC)
EDocs
eSupportQFolder
Facebook Plug-In
Fax
File Uploader
GoToAssist 8.0.0.514
GPBaseService
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Customer Participation Program 10.0
HP Document Manager 1.0
HP Imaging Device Functions 10.0
HP Memories Disc
HP Officejet J4500 Series
HP Photo and Imaging 2.0 - All-in-One
HP Photo and Imaging 2.0 - All-in-One Drivers
HP Photosmart Essential 2.5
HP Smart Web Printing 4.60
HP Solution Center 10.0
HP Update
HPProductAssistant
HPSSupply
iTunes
J2SE Runtime Environment 5.0 Update 6
J4500
Java 2 Runtime Environment, SE v1.4.2
Java Auto Updater
Java(TM) 6 Update 20
Java(TM) 6 Update 7
John Tiller's Campaign Series
Malwarebytes' Anti-Malware
MarketResearch
MEET MANAGER 3.0 for Swimming
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Office 2000 SR-1 Professional
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Silverlight
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Works
Modem Diagnostic Tool
Mozilla Firefox (3.6.17)
MSVCSetup
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NetWaiting
Nikon Message Center
Nikon Transfer
OCR Software by I.R.I.S. 10.0
PowerDVD
ProductContext
PSSWCORE
QuickTime
Realtek Ethernet Network Card Diagnostic tool for Windows Vista
Realtek High Definition Audio Driver
Scan
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Shop for HP Supplies
Skins
SmartWebPrinting
SolutionCenter
SopCast 3.0.3
Spelling Dictionaries Support For Adobe Reader 9
SSH Secure Shell
Status
StreamTorrent 1.0
SUPERAntiSpyware Free Edition
TEAM MANAGER 5.0 for Swimming
Toolbox
TrayApp
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VideoToolkit01
Viewpoint Media Player
WebReg
Windows Media Player Firefox Plugin
WinRAR archiver
Yahtzee Master v1.47
.
==== Event Viewer Messages From Past Week ========
.
5/9/2011 8:27:05 PM, Error: Microsoft-Windows-Dhcp-Client [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 0021703D3AB0 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
5/9/2011 8:27:04 AM, Error: Service Control Manager [7000] - The SASDIFSV service failed to start due to the following error: Cannot create a file when that file already exists.
5/9/2011 7:56:23 PM, Error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.
5/9/2011 7:56:19 PM, Error: Service Control Manager [7000] - The SessionLauncher service failed to start due to the following error: The system cannot find the path specified.
5/9/2011 12:58:04 PM, Error: Service Control Manager [7034] - The Ati External Event Utility service terminated unexpectedly. It has done this 1 time(s).
5/9/2011 12:31:17 PM, Error: EventLog [6008] - The previous system shutdown at 12:29:12 PM on 5/9/2011 was unexpected.
.
==== End Of File ===========================

Bobbye · May 10, 2011

2 of these running???

C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12

Got to chuckle about some of this: between the Dell preloads and the unnecessary HP entries, it's a wonder the system moves at all! Someday, when things are slow, do a Google search for Tweaking Dell Preloads and Stopping unneeded HP printer processes. You will have an abundance of sites to check for what isn't needed and what doesn't need to run at all or run on boot!

Note: Please be sure to use a Site Advisor for this> only choose sites with the Green Circle:
Web of Trust (WOT) Site Advisor. Traffic-light rating symbols show which rate the site for Trustworthiness, Vendor Reliability, Privacy, Child Safety.
===================================================
Please note: If you have Combofix on the desktop already, please uninstall it. The download the current version and do the scan: Uninstall directions, if needed:

Click START> then RUN
Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

------------------------------------------------------
Download Combofix from HERE or HEREhttp://www.forospyware.com/sUBs/ComboFix.exe and save to the desktop

Double click combofix.exe & follow the prompts.
ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It is recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode if needed.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:
.Click on Yes, to continue scanning for malware
.If Combofix asks you to update the program, allow
.Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
.Close any open browsers.
.Double click combofix.exe

& follow the prompts to run.
When the scan completes , a report will be generated-it will open a text window. Please paste the C:\ComboFix.txt in next reply..

Re-enable your Antivirus software.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. Combofix prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security. If this is an issue or makes it difficult for you -- please tell your helper.
4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.
==============================
P2P or 'file sharing' Warning:
Note: Even if you are using a "safe" P2P program, it is only the program that is safe. The following P2P programs are on your computer:
1. yontooclientsetup.exe> 2 downloads, both infected> Warning on download site:"This is an executable file. It's recommended that you scan for viruses before use."
2. Stream Torrent
3. Zynga Community Toolbar: - a Conduit "Community Toolbar" - modifies the default IE URL search hook. Conduit toolbars are reputed to have a certain trackware functionality> This has been installed as an extension in Firefox.FF - Ext:
I suggest that you uninstall all of these for the following reasons:

As long as you are using file sharing networks and programs which are from sources that are not documented, you cannot verity that a download is legitimate.
Malware writers use these program to include malicious content.
File sharing is usually unmonitored and there is a danger that your private files might be accessed.
The 'sharing' also includes malware that the shared system has on it.
Files that are illegal can be spread through file sharing.

Please read the information on P2P Warning to help you better understand these dangers.
========================================
You have 4 outdated Java programs. Please run the following which will remove all of their entries and leave a link for current update. The outdated programs are vulnerabilities for the system: Note: I do NOT need this log!
Please download JavaRa and unzip it to your desktop.

Important!***Please close any instances of Internet Explorer before continuing!***

Double-click on JavaRa.exe to start the program.
From the drop-down menu, choose English and click on Select.
JavaRa will open; click on Remove Older Versions to remove the older versions of Java installed on your computer.
Click Yes when prompted. When JavaRa is done, a notice will appear that
a logfile has been produced. Click OK.
A logfile will pop up. Please save it to a convenient location.

Then download and install then most current version and update (v6u25) of Java Runtime Environment (JRE) HERE.

Reminder: Do not post the JavaRa log.

MichaelCorleone · May 10, 2011

ComboFix 11-05-09.03 - Levi 05/10/2011 12:16:46.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3326.1704 [GMT -4:00]
Running from: c:\users\Levi\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\msvbvm60.dll
c:\windows\usp10.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-04-10 to 2011-05-10 )))))))))))))))))))))))))))))))
.
.
2011-05-10 16:20 . 2011-05-10 16:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-10 06:15 . 2011-04-11 07:04 7071056 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3AA3332B-17A4-4269-8F6D-9CD191F46F41}\mpengine.dll
2011-04-27 00:24 . 2011-03-03 15:40 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-04-27 00:24 . 2011-03-03 13:35 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-04-27 00:24 . 2011-03-12 21:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-04-17 20:08 . 2011-04-17 20:08 -------- d-----w- c:\windows\John Tiller's Campaign Series
2011-04-17 20:08 . 2011-04-17 20:08 -------- d-----w- C:\Matrix Games
2011-04-12 22:21 . 2011-03-03 10:50 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-04-12 22:20 . 2011-03-03 15:42 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-12 22:14 . 2011-02-16 14:02 292864 ----a-w- c:\windows\system32\atmfd.dll
2011-04-12 22:14 . 2011-02-16 16:16 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-04-12 22:09 . 2011-02-22 13:24 213504 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-04-12 22:09 . 2011-02-22 13:24 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-04-12 22:09 . 2011-02-22 13:23 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-12 22:09 . 2011-02-22 13:23 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-04-12 22:07 . 2011-03-10 17:03 1162240 ----a-w- c:\windows\system32\mfc42u.dll
2011-04-12 22:07 . 2011-03-10 17:03 1136640 ----a-w- c:\windows\system32\mfc42.dll
2011-04-12 22:05 . 2011-02-18 14:03 305152 ----a-w- c:\windows\system32\drivers\srv.sys
2011-04-12 22:05 . 2011-02-18 14:03 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-12 22:05 . 2011-02-18 14:03 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-04-12 22:04 . 2011-03-02 15:44 86528 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-04-12 22:04 . 2009-05-04 09:59 25088 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-04-12 22:03 . 2011-02-18 16:38 834048 ----a-w- c:\windows\system32\wininet.dll
2011-04-12 22:03 . 2011-02-18 15:45 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-04-12 22:03 . 2011-02-18 14:49 389632 ----a-w- c:\windows\system32\html.iec
2011-04-12 21:59 . 2011-03-03 13:25 2041856 ----a-w- c:\windows\system32\win32k.sys
2011-04-12 21:58 . 2011-02-16 16:21 430080 ----a-w- c:\windows\system32\vbscript.dll
2011-04-10 17:52 . 2011-04-10 17:52 -------- d-----w- c:\users\Levi\AppData\Roaming\StreamTorrent
2011-04-10 17:52 . 2011-04-10 17:52 -------- d-----w- c:\program files\StreamTorrent 1.0
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-03 15:40 . 2011-04-27 00:24 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2011-03-03 15:40 . 2011-04-27 00:24 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2011-03-03 15:40 . 2011-04-27 00:24 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2011-03-03 15:40 . 2011-04-27 00:24 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2011-02-22 14:13 . 2011-03-23 03:47 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-22 13:33 . 2011-03-23 03:47 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-02-22 13:33 . 2011-03-23 03:47 797696 ----a-w- c:\windows\system32\FntCache.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim"="c:\program files\AIM\aim.exe" [2010-04-19 3972440]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-07-18 6246400]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"DellComms"="c:\program files\Dell\DellComms\bin\sprtcmd.exe" [2008-03-04 202544]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Nikon Transfer Monitor"="c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe" [2008-09-30 485208]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-23 141608]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-10-22 50688]
HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-7-15 1226024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-11-30 00:20 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-10-22 05:29 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 06:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2011-05-09 12:27 2424192 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:25 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [x]
R2 SessionLauncher;SessionLauncher;c:\users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x]
R3 netr73;Linksys Compact Wireless-G USB Adapter Driver for Vista;c:\windows\system32\DRIVERS\WUSB54GCx86.sys [2007-03-12 256000]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2010-03-30 12872]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 AFS;AFS; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-03-30 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2010-10-03 67656]
S2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};{1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};c:\program files\CyberLink\PowerDVD DX\000.fcl [2008-06-27 61424]
S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2008-07-18 73728]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-06-10 108289]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-05-02 161048]
S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys [2008-07-21 27648]
S2 sprtsvc_DellComms;SupportSoft Sprocket Service (DellComms);c:\program files\Dell\DellComms\bin\sprtsvc.exe [2008-03-04 202544]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - PXLDAPOD
*Deregistered* - pxldapod
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-09 c:\windows\Tasks\RtlNICDiagVistaStart.job
- c:\program files\Realtek\RTNICDiag\RTNICDiag.exe [2008-10-22 11:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
FF - ProfilePath - c:\users\Levi\AppData\Roaming\Mozilla\Firefox\Profiles\k5l5p5uv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us&tb_uuid=100000000000000002&tb_oid=18-06-2010&tb_mrud=18-06-2010
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US

fficial
FF - prefs.js: keyword.URL - hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZUfox000&fl=0&ptb=oar4MspErF2B8tuwLXPKgg&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=kwd&searchfor=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Zynga Community Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - %profile%\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
FF - Ext: AIM Toolbar: {c2f863cd-0429-48c7-bb54-db756a951760} - %profile%\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
FF - user.js: browser.sessionstore.resume_from_crash - false
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-ECenter - c:\dell\E-Center\EULALauncher.exe
HKLM-Run-hpqSRMon - (no file)
MSConfigStartUp-Aim6 - c:\program files\AIM6\aim6.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-05-10 12:20
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD DX\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-05-10 12:21:31
ComboFix-quarantined-files.txt 2011-05-10 16:21
.
Pre-Run: 493,496,713,216 bytes free
Post-Run: 493,433,380,864 bytes free
.
- - End Of File - - EC63B3E35BCEA2CB6D050529B60C8217

Bobbye · May 10, 2011

Please run this Custom CFScript:

[1]. Close any open browsers.
[2]. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
[3]. Open notepad> click on Format> Uncheck 'Word Wrap'> and copy/paste the text in the code below into it:Be sure to scroll down to include ALL lines.

Code:

File::
c:\program files\viewpoint\common\ViewpointService.exe
Folder::
c:\users\levi\appdata\roaming\StreamTorrent
c:\program files\StreamTorrent 1.0
c:\users\Default\AppData\Local\temp
DDS::
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\program files\dell\bae\BAE.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
Extra::
File::
c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
Firefox:: Firefox-: - Profile - c:\users\levi\appdata\roaming\mozilla\firefox\profiles\k5l5p5uv.default\

ADS::
C:\Program Files\Retro64 Games\build-a-lot_3:_passport_to_europe.exe
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
Driver::
Viewpoint Manager Service

Save this as CFScript.txt, in the same location as ComboFix.exe

Referring to the picture above, drag CFScript into ComboFix.exe

When finished, it will produce a log for you at C:\ComboFix.txt . Please paste in your next reply.
====================
Make sure that Firefox is closed before you do the following:
Follow this path: Use Windows key + E to access Windows Explorer>

Go to Tools > Folder Options.
Select the View tab.
Scroll down to Hidden files and folders.
Select Show hidden files and folders.
Uncheck Hide extensions of known file types.
Uncheck Hide protected operating system files (Recommended).
Click Yes when prompted.
Click OK.

Find Documents & Settings for your user name> Application Data> Mozilla> Firefox> Profiles>

Look for Search URL and click on the + sign to expand.
This is the full entry in Firefox:

FF - prefs.js: keyword.URL - hxxp://www. /jsp/cfg_redir2.jsp?id=ZUfox000&fl=0&ptb=oar4MspErF2B8tuwLXPKgg&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=kwd&searchfor=

Click to expand...
Do a right click> Rename on any & all entries for Mywebearch- Change to www.google.com
[o] Example: rename mywebsearch.com to google.com
If you don't see 'SearchURL', look for the mywebsearch and do the right click> Rename

Close Windows Explorer. Go to Folder Options in the Control Panel and rehide the files and folders.
======================================

Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESETOnlineScan
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
[o] Click on Posted Image to download the ESET Smart Installer. Save it to your desktop.
[o] Double click on the

on your desktop.
Check 'Yes I accept terms of use.'
Click Start button
Accept any security warnings from your browser.
Uncheck 'Remove found threats'
Check 'Scan archives/
Press the Start button.
ESET will then download updates for itself, install itself, and begin scanning your computer. Please wait for the scan to finish.
When the scan completes, press List of found threats
Push Export of text file and save the file to your desktop using a unique name, such as ESETScan. Paste this log in your next reply.
Push the Back button
Push Finish

NOTE: If no malware is found then no log will be produced. Let me know if this is the case.

MichaelCorleone · May 10, 2011

ComboFix 11-05-09.04 - Levi 05/10/2011 20:41:23.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3326.2141 [GMT -4:00]
Running from: c:\users\Levi\Desktop\ComboFix.exe
Command switches used :: c:\users\Levi\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}"
"c:\program files\viewpoint\common\ViewpointService.exe"
"c:\program files\viewpoint\viewpoint media player\npViewpoint.dll"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\dell\bae\BAE.dll
c:\program files\StreamTorrent 1.0
c:\program files\StreamTorrent 1.0\ChangeLog.TXT
c:\program files\StreamTorrent 1.0\Languages\streamtorrent_chs.ini
c:\program files\StreamTorrent 1.0\Languages\streamtorrent_cht.ini
c:\program files\StreamTorrent 1.0\Languages\streamtorrent_en.ini
c:\program files\StreamTorrent 1.0\StreamTorrent.exe
c:\program files\StreamTorrent 1.0\Uninstall.exe
c:\program files\viewpoint\common\ViewpointService.exe
c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
c:\users\Default\AppData\Local\temp
c:\users\levi\appdata\roaming\StreamTorrent
c:\users\levi\appdata\roaming\StreamTorrent\1.0\config\ft.dat
c:\users\levi\appdata\roaming\StreamTorrent\1.0\config\kn.dat
c:\users\levi\appdata\roaming\StreamTorrent\1.0\config\settings.ini
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Viewpoint Manager Service
.
.
((((((((((((((((((((((((( Files Created from 2011-04-11 to 2011-05-11 )))))))))))))))))))))))))))))))
.
.
2011-05-10 06:15 . 2011-04-11 07:04 7071056 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3AA3332B-17A4-4269-8F6D-9CD191F46F41}\mpengine.dll
2011-04-27 00:24 . 2011-03-03 15:40 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2011-04-27 00:24 . 2011-03-03 13:35 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2011-04-27 00:24 . 2011-03-12 21:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-04-17 20:08 . 2011-04-17 20:08 -------- d-----w- c:\windows\John Tiller's Campaign Series
2011-04-17 20:08 . 2011-04-17 20:08 -------- d-----w- C:\Matrix Games
2011-04-12 22:21 . 2011-03-03 10:50 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2011-04-12 22:20 . 2011-03-03 15:42 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-12 22:14 . 2011-02-16 14:02 292864 ----a-w- c:\windows\system32\atmfd.dll
2011-04-12 22:14 . 2011-02-16 16:16 34304 ----a-w- c:\windows\system32\atmlib.dll
2011-04-12 22:09 . 2011-02-22 13:24 213504 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-04-12 22:09 . 2011-02-22 13:24 79360 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-04-12 22:09 . 2011-02-22 13:23 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-12 22:09 . 2011-02-22 13:23 69632 ----a-w- c:\windows\system32\drivers\bowser.sys
2011-04-12 22:07 . 2011-03-10 17:03 1162240 ----a-w- c:\windows\system32\mfc42u.dll
2011-04-12 22:07 . 2011-03-10 17:03 1136640 ----a-w- c:\windows\system32\mfc42.dll
2011-04-12 22:05 . 2011-02-18 14:03 305152 ----a-w- c:\windows\system32\drivers\srv.sys
2011-04-12 22:05 . 2011-02-18 14:03 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-12 22:05 . 2011-02-18 14:03 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-04-12 22:04 . 2011-03-02 15:44 86528 ----a-w- c:\windows\system32\dnsrslvr.dll
2011-04-12 22:04 . 2009-05-04 09:59 25088 ----a-w- c:\windows\system32\dnscacheugc.exe
2011-04-12 22:03 . 2011-02-18 16:38 834048 ----a-w- c:\windows\system32\wininet.dll
2011-04-12 22:03 . 2011-02-18 15:45 78336 ----a-w- c:\windows\system32\ieencode.dll
2011-04-12 22:03 . 2011-02-18 14:49 389632 ----a-w- c:\windows\system32\html.iec
2011-04-12 21:59 . 2011-03-03 13:25 2041856 ----a-w- c:\windows\system32\win32k.sys
2011-04-12 21:58 . 2011-02-16 16:21 430080 ----a-w- c:\windows\system32\vbscript.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-14 09:07 . 2010-09-09 23:33 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-03-03 15:40 . 2011-04-27 00:24 173056 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2011-03-03 15:40 . 2011-04-27 00:24 542720 ----a-w- c:\windows\apppatch\AcLayers.dll
2011-03-03 15:40 . 2011-04-27 00:24 458752 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2011-03-03 15:40 . 2011-04-27 00:24 2159616 ----a-w- c:\windows\apppatch\AcGenral.dll
2011-02-22 14:13 . 2011-03-23 03:47 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-02-22 13:33 . 2011-03-23 03:47 1068544 ----a-w- c:\windows\system32\DWrite.dll
2011-02-22 13:33 . 2011-03-23 03:47 797696 ----a-w- c:\windows\system32\FntCache.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Aim"="c:\program files\AIM\aim.exe" [2010-04-19 3972440]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-07-18 6246400]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"DellComms"="c:\program files\Dell\DellComms\bin\sprtcmd.exe" [2008-03-04 202544]
"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Nikon Transfer Monitor"="c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe" [2008-09-30 485208]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-23 141608]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"HP Software Update"="c:\program files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-10-22 50688]
HP Digital Imaging Monitor.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2008-7-15 1226024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-11-30 00:20 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]
2008-10-22 05:29 10536 ----a-w- c:\program files\Citrix\GoToAssist\514\g2awinlogon.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 06:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2011-05-09 12:27 2424192 ----a-w- c:\program files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:23 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:25 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 RoxLiveShare10;LiveShare P2P Server 10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [x]
R2 SessionLauncher;SessionLauncher;c:\users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x]
R3 netr73;Linksys Compact Wireless-G USB Adapter Driver for Vista;c:\windows\system32\DRIVERS\WUSB54GCx86.sys [2007-03-12 256000]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2010-03-30 12872]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 AFS;AFS; [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-03-30 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2010-10-03 67656]
S2 {1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};{1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7};c:\program files\CyberLink\PowerDVD DX\000.fcl [2008-06-27 61424]
S2 AERTFilters;Andrea RT Filters Service;c:\windows\system32\AERTSrv.exe [2008-07-18 73728]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-06-10 108289]
S2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [2008-05-02 161048]
S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys [2008-07-21 27648]
S2 sprtsvc_DellComms;SupportSoft Sprocket Service (DellComms);c:\program files\Dell\DellComms\bin\sprtsvc.exe [2008-03-04 202544]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-11 c:\windows\Tasks\RtlNICDiagVistaStart.job
- c:\program files\Realtek\RTNICDiag\RTNICDiag.exe [2008-10-22 11:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
FF - ProfilePath - c:\users\Levi\AppData\Roaming\Mozilla\Firefox\Profiles\k5l5p5uv.default\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/aol/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us&tb_uuid=100000000000000002&tb_oid=18-06-2010&tb_mrud=18-06-2010
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US

fficial
FF - prefs.js: keyword.URL - hxxp://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZUfox000&fl=0&ptb=oar4MspErF2B8tuwLXPKgg&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=kwd&searchfor=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
FF - Ext: Zynga Community Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - %profile%\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
FF - Ext: AIM Toolbar: {c2f863cd-0429-48c7-bb54-db756a951760} - %profile%\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false
FF - user.js: browser.sessionstore.resume_from_crash - false
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-StreamTorrent 1.0 - c:\program files\StreamTorrent 1.0\uninstall.exe
.
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{1E444BE9-B8EC-4ce6-8C2B-6536FB7F4FB7}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD DX\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\windows\system32\WUDFHost.exe
c:\windows\RtHDVCpl.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqbam08.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\Hewlett-Packard\Digital Imaging\bin\hpqgpc01.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2011-05-10 20:53:33 - machine was rebooted
ComboFix-quarantined-files.txt 2011-05-11 00:53
ComboFix2.txt 2011-05-10 16:21
.
Pre-Run: 496,568,147,968 bytes free
Post-Run: 496,086,835,200 bytes free
.
- - End Of File - - 7BD30BC9E8A59F55A20C56774C52D635

MichaelCorleone · May 10, 2011

I can't seem to get this to work. When I click on the folder it won't let me enter

Make sure that Firefox is closed before you do the following:
Follow this path: Use Windows key + E to access Windows Explorer>

* Go to Tools > Folder Options.
* Select the View tab.
* Scroll down to Hidden files and folders.
* Select Show hidden files and folders.
* Uncheck Hide extensions of known file types.
* Uncheck Hide protected operating system files (Recommended).
* Click Yes when prompted.
* Click OK.

Find Documents & Settings for your user name> Application Data> Mozilla> Firefox> Profiles>

* Look for Search URL and click on the + sign to expand.
This is the full entry in Firefox:
Quote:
FF - prefs.js: keyword.URL - hxxp://www. /jsp/cfg_redir2.jsp?id=ZUfox000&fl=0&ptb=oar4MspErF2B8tuwLXPKgg&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=kwd&searchfor=
* Do a right click> Rename on any & all entries for Mywebearch- Change to www.google.com
[o] Example: rename mywebsearch.com to google.com
* If you don't see 'SearchURL', look for the mywebsearch and do the right click> Rename

Close Windows Explorer. Go to Folder Options in the Control Panel and rehide the files and folders.

MichaelCorleone · May 10, 2011

Okay I got to the Mozilla part for Mywebsearch but only found it under searchplugins. I renamed it to google

MichaelCorleone · May 10, 2011

No threats on the ESET OnlineScan scan.

Bobbye · May 11, 2011

Okay, good. I had tried the path in my Firefox, but it may differ with the versions- if you found it an renamed, that's what matters. You don't want to have anything on the system from 'mywebsearch' It's an insideour site/program/search that brings a multitude of junk whenever it's used. Frequently picked up from FunWeb sites Users visit them for cursors, wallpaper, screen savers and the like.

Looks like you may have gotten remote help as some time. Citrix left a footprint named GoToAssist on the system. You might want tp uninstall that.

Please remove both of these from the Firefox extensions:
Java v6u20 and v6u25
Java should be updated only on the system. You do not need a separate extension in Firefox. Java v6u25 is the current though so make sure the system has this version.

As previously mentioned, I would encourage you to remove the Zynga Community Toolbar from the Firefox entensions. (Post 10, #3)

If the initial problems have been resolved:
Removing all of the tools we used and the files and folders they created

Uninstall ComboFix and all Backups of the files it deleted
Click START> then RUN
Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the U, it needs to be there.

Download OTCleanIt by OldTimer and save it to your Desktop.
Double click OTCleanIt.exe.
Click the CleanUp! button.
If you are prompted to Reboot during the cleanup, select Yes.
The tool will delete itself once it finishes.

Note: If you receive a warning from your firewall or other security programs regarding OTC attempting to contact the internet, please allow it to do so.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

You should now set a new Restore Point and remove the old restore points to prevent infection from any previous Restore Points.
Go to Start > All Programs > Accessories > System Tools
Click "System Restore".
Choose "Create a Restore Point" on the first screen then click "Next".
Give the Restore Point a name> click "Create".
Go back and follow the path to > System Tools.
[*]Choose Disc Cleanup
[*]Click "OK" to select the partition or drive you want.
[*]Click the "More Options" Tab.
[*]Click "Clean Up" in the System Restore section to remove all previous Restore Points except the newly created one.

Empty the Recycle Bin
Let me know if you have any questions.

MichaelCorleone · May 11, 2011

Okay I did all the steps.

I deleted the Combofix, GMER download file, DDs download file and the plug ins that you mentioned on FireFox.

Can TFC stay or do I need to delete it?

I updated JAVA to the newest version. Are there any other updates I need for any other programs?

I didn't find this or understand this:

1. yontooclientsetup.exe> 2 downloads, both infected> Warning on download site:"This is an executable file. It's recommended that you scan for viruses before use."

Thank you for all your help!

Bobbye · May 12, 2011

Please remove TFC- for now. We have notice a problem with it currently.

I didn't find this or understand this:
1. yontooclientsetup.exe> 2 downloads, both infected> Warning on download site:"This is an executable file. It's recommended that you scan for viruses before use."

This was a 'hint' that the download site for this gave you a Warning that you do a virus scan first because it is an .exe file. I thought it was 'interesting' that Mbam found and quarantined these:

Files Infected:
c:\Users\Levi\downloads\yontooclientsetup(2).exe (Adware.Agent) -> Quarantined and deleted successfully.
c:\Users\Levi\downloads\yontooclientsetup.exe (Adware.Agent) -> Quarantined and deleted successfully.

And you downloaded the setup twice! Got to find a bit of warped humor in that! I don't recall ever seeing a download site tell a user to run a virus scan on a program!

MichaelCorleone · May 12, 2011

I deleted TFC download file.

Oh, hahaha.

Is there any other steps I need to do?

Thanks for all your help!

Bobbye · May 12, 2011

You're welcome! No more steps- here are some tips ro help you stay clean:
Tips for added security and safer browsing: (Links are in Bold Blue)

Browser Security
[o] Safe Settings (Please ignore the suggestion to use the Registry Editior in this section "Creating a Custom Security Zone")
[o] ZonedOut. This manages the Zones in Internet Explorer. (For IE7 and IE8, Windows 2000 thru Vista. No Windows 7)
[o] Replace the Host Files
[o] Google Toolbar Pop Up Blocker
[o]Web of Trust (WOT) Site Advisor. Traffic-light rating symbols show which rate the site for Trustworthiness, Vendor Reliability, Privacy, Child Safety.
Have layered Security:
[o]Antivirus :(only one):Both of the following programs are free and known to be good:
[o]Avira-AntiVir-Personal-Free-Antivirus
[o] [o]Avast-Free Antivirus
[o]Firewall (only one): Use bi-directional firewall. Both of the following programs are free and known to be good:
[o]Comodo
[o]Zone Alarm
Antimalware: I recommend all of the following:
[o]Spywareblaster: SpywareBlaster protects against bad ActiveX.
[o]Spybot Search & Destroy
Updates: Stay current:
[o] the Microsoft Download Sitefrequently. All updates marked Critical and the current SP updates.
[o]Adobe Reader Install current, uninstall old.
[o]Java Updates Install current, uninstall old.
Tracking Cookies
Reset Cookie:
[o]For Internet Explorer: Internet Options (through Tools or Control Panel) Privacy tab> Advanced button> check 'override automatic Cookie handling'> check 'accept first party Cookies'> check 'Block third party Cookies'> check 'allow per session Cookies'> Apply> OK.
[o]For Firefox: Tools> Options> Privacy> Cookies> check ‘accept Cookies from Sites’> Uncheck 'accept third party Cookies'> Set Keep until 'they expire'. This will allow you to keep Cookies for registered sites and prevent or remove others. (Note: for Firefox v3.5, after Privacy click on 'use custom settings for History.')
I suggest using the following two add-on for Firefox. They will prevent the Tracking Cookies that come from ads and banners and other sources:
AdBlock Plus
Easy List
[o]For Chrome: Tools> Options> Under The Hood> Privacy Section> CHECK 'Restrict how third party Cookies can be used'> Close.
Do regular Maintenance
[o] Temporary File Cleaner
Restore Points:
[o]See System Restore Guide
Safe Email Handling
[o] Don't open email from anyone you don't know.
[o] Don't open Attachments in the email. Safe to your desktop and scan for viruses using a right click
[o] Don't leave your personal email address on the internet. Have a separate email account at one of the free web-based emails like Yahoo.

Please let me know if you find any bad link.

MichaelCorleone · May 13, 2011

Thank you so much for all your help and advice, it is greatly appreciated

Bobbye · May 14, 2011

You're welcome. Stay safe and enjoy your computer experience.

Solved Vista anti-spyware 2011

Posts: 20 +0

Posts: 16,313 +36

Posts: 20 +0

Posts: 16,313 +36

Posts: 20 +0

Posts: 20 +0

Posts: 16,313 +36

Posts: 20 +0

Posts: 20 +0

Posts: 16,313 +36

Posts: 20 +0

Posts: 16,313 +36

Posts: 20 +0

Posts: 20 +0

Posts: 20 +0

Posts: 20 +0

Posts: 16,313 +36

Posts: 20 +0

Posts: 16,313 +36

Posts: 20 +0

Posts: 16,313 +36

Posts: 20 +0

Posts: 16,313 +36

Similar threads