Solved: Internet redirecting!

welshblood · 05-Sep-2009, 09:15 AM #1

Hi. I'm trying to fix a problem for a mate. He has a Toshiba laptop running Windows XP.
His daughter used this to connect to the internet whilst there was no antivirus installed (silly girl!).
Ever since, web page access is disrupted. When trying to go to a website, or when any Google search results are clicked on, instead of taking you to the address shown, you're redirected to a totally different website or to another search results page.

Action I have taken so far;
Tried to install AVG + Avast.
Result;
Internet connection required to complete set-up. Unable to connect to do this (Internet access is available otherwise).
Installed McAfee from a C.D.
Result;
Able to install without internet connection.
Ran a scan & found several risks (Trojans) but was unable to remove them.
Dowloaded iObit Security 360
Result;
Ran a scan. Found Trojans + deleted them.

Problem still exists!

Any help would be much appreciated.
Many thanks.
STEVE

km2357 · 06-Sep-2009, 02:13 PM #2

Hello and welcome to Tech Support Guy.

My name is km2357 and I will be helping you to remove any infection(s) that you may have.

I will be giving you a series of instructions that need to be followed in the order in which I give them to you.

If for any reason you do not understand an instruction or are just unsure then please do not guess, simply post back with your questions/concerns and we will go through it again.

Please do not start another thread or topic, I will assist you at this thread until we solve your problems.

Lastly the fix may take several attempts and my replies may take some time but I will stick with it if you do the same.

Step # 1 Download and run DDS

Download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds.scr to run the tool.

When done, DDS will open two (2) logs:
1. DDS.txt
2. Attach.txt
Save both reports to your desktop. Post them back to your topic.

Step # 2: Download and Run Gmer

Please download gmer.zip from Gmer and save it to your desktop.

***Please close any open programs ***

Double-click gmer.exe. The program will begin to run.

**Caution**
These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised by a trained Security Analyst

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.

Click No.
Once the scan is complete, you may receive another notice about rootkit activity.
Click OK.
GMER will produce a log. Click on the Save button, and save the log as gmer.txt somewhere you can easily find it, such as your desktop.

If you do not receive notice about possible rootkit activity remain on the Rootkit/Malware tab & make sure the 'Show All' button is unticked.

Click the Scan button and let the program do its work. GMER will produce a log.
Click on the Save button, and save the log as gmer.txt somewhere you can easily find it, such as your desktop.

DO NOT touch the PC at ALL for Whatever reason/s until it has 100% completed its scan, or attempted scan in case of some error etc !

Please post the results from the GMER scan in your reply.

In your next post/reply, I need to see the following:

1. The two DDS Logs (DDS and Attach.txt)
2. The GMER Log

welshblood · 08-Sep-2009, 05:54 PM #3

DDS (Ver_09-07-30.01) - NTFSx86
Run by Administrator at 19:26:27.31 on 08/09/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.494.86 [GMT 1:00]

AV: McAfee VirusScan *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\sySTEM32\svchost.exe -k ddnsfilter
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\PROGRA~1\McAfee\MPS\mps.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\SiteAdvisor\6145\SAService.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\McAfee\MPS\mpsevh.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\McAfee\MSK\MskAgent.exe
C:\Program Files\SiteAdvisor\6145\SiteAdv.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
svchost
C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\IObit\IObit Security 360\is360.exe
C:\Program Files\IObit\IObit Security 360\IS360tray.exe
C:\Program Files\IObit\IObit Security 360\IS360srv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator.TO38147\My Documents\Downloads\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.sky.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyServer = msproxy2:80
uInternet Settings,ProxyOverride = 10.*;rct.*
mSearchAssistant = hxxp://www.google.com
BHO: {089fd14d-132b-48fc-8861-0048ae113215} - c:\program files\siteadvisor\6145\SiteAdv.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptcl.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
TB: McAfee SiteAdvisor: {0bf43445-2f28-4351-9252-17fe6e806aa0} - c:\program files\siteadvisor\6145\SiteAdv.dll
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [LightScribe Control Panel] c:\program files\common files\lightscribe\LightScribeControlPanel.exe -hidden
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet
mRun: [00THotkey] c:\windows\system32\00THotkey.exe
mRun: [000StTHK] 000StTHK.exe
mRun: [TFNF5] TFNF5.exe
mRun: [SigmaTel StacMon] c:\program files\sigmatel\sigmatel ac97 audio drivers\stacmon.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [TPSMain] TPSMain.exe
mRun: [TFncKy] TFncKy.exe
mRun: [NDSTray.exe] NDSTray.exe
mRun: [RCTAudit] c:\windows\audit\Audit.vbs
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb12.exe
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe"
mRun: [MskAgentexe] c:\program files\mcafee\msk\MskAgent.exe
mRun: [SiteAdvisor] c:\program files\siteadvisor\6145\SiteAdv.exe
mRun: [McENUI] c:\progra~1\mcafee\mhn\McENUI.exe /hide
mRun: [IObit Security 360] c:\program files\iobit\iobit security 360\IS360tray.exe
uPolicies-explorer: NoSimpleStartMenu = 1 (0x1)
uPolicies-explorer: NoAutoUpdate = 0 (0x0)
uPolicies-system: EnableProfileQuota = 1 (0x1)
IE: {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab
Handler: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - c:\program files\siteadvisor\6145\SiteAdv.dll
Notify: igfxcui - igfxsrvc.dll
AppInit_DLLs: cru629.dat
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1.to3\applic~1\mozilla\firefox\profiles\wk9rx8fi.default \
FF - prefs.js: browser.startup.homepage - www.sky.com
FF - component: c:\documents and settings\administrator.to38147\application data\mozilla\firefox\profiles\wk9rx8fi.default\extensions\piclens@cooliris. com\components\coolirisstub.dll
FF - component: c:\program files\siteadvisor\6145\ff\components\FFHook.dll
FF - plugin: c:\documents and settings\administrator.to38147\application data\mozilla\firefox\profiles\wk9rx8fi.default\extensions\piclens@cooliris. com\plugins\npcoolirisplugin.dll
FF - plugin: c:\program files\java\j2re1.4.2_05\bin\NPJava11.dll
FF - plugin: c:\program files\java\j2re1.4.2_05\bin\NPJava12.dll
FF - plugin: c:\program files\java\j2re1.4.2_05\bin\NPJava13.dll
FF - plugin: c:\program files\java\j2re1.4.2_05\bin\NPJava14.dll
FF - plugin: c:\program files\java\j2re1.4.2_05\bin\NPJava32.dll
FF - plugin: c:\program files\java\j2re1.4.2_05\bin\NPJPI142_05.dll
FF - plugin: c:\program files\java\j2re1.4.2_05\bin\NPOJI610.dll

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R?Unknown ddnsfilter;ddnsfilter; [x]
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-9-3 206256]
R1 Filter;Filter;c:\windows\system32\drivers\Filter.sys [2009-8-30 37760]
R1 SMBHC;Microsoft SM Bus Host Controller Driver;c:\windows\system32\drivers\smbhc.sys [2005-9-8 6784]
R2 IS360service;IS360service;c:\program files\iobit\iobit security 360\is360srv.exe [2009-9-3 305936]
R2 McAfee HackerWatch Service;McAfee HackerWatch Service;c:\program files\common files\mcafee\hackerwatch\HWAPI.exe [2009-9-4 540776]
R2 mcpromgr;McAfee Protection Manager;c:\progra~1\mcafee\msc\mcpromgr.exe [2009-9-4 493144]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2009-9-4 352856]
R2 McRedirector;McAfee Redirector Service;c:\progra~1\common~1\mcafee\redirsvc\redirsvc.exe [2009-9-4 248416]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2009-9-4 144960]
R2 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2009-9-4 643664]
R3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2009-9-4 71496]
R3 mfebopk;McAfee Inc.;c:\windows\system32\drivers\mfebopk.sys [2009-9-4 34184]
R3 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2009-9-4 170408]
R3 mfesmfk;McAfee Inc.;c:\windows\system32\drivers\mfesmfk.sys [2009-9-4 37480]
R3 SMBBATT;Microsoft Smart Battery Driver;c:\windows\system32\drivers\smbbatt.sys [2005-9-8 16000]
S2 webserver;webserver;c:\program files\webserver\webserver.exe [2009-8-31 13824]
S3 mferkdk;McAfee Inc.;c:\windows\system32\drivers\mferkdk.sys [2009-9-4 32008]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [2009-8-8 86696]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [2009-8-8 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [2009-8-8 114472]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [2009-8-8 108328]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [2009-8-8 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [2009-8-8 104616]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [2009-8-8 109736]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-9-3 348752]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-9-3 1097096]

=============== Created Last 30 ================

2009-09-04 06:53 2,442 a------- c:\windows\system32\Config.MPF
2009-09-04 06:47 <DIR> --d----- c:\program files\SiteAdvisor
2009-09-04 06:47 <DIR> --d----- c:\docume~1\admini~1.to3\applic~1\SiteAdvisor
2009-09-04 06:45 143,360 a------- c:\windows\system32\dunzip32.dll
2009-09-04 06:43 32,008 a------- c:\windows\system32\drivers\mferkdk.sys
2009-09-04 06:43 37,480 a------- c:\windows\system32\drivers\mfesmfk.sys
2009-09-04 06:43 34,184 a------- c:\windows\system32\drivers\mfebopk.sys
2009-09-04 06:43 170,408 a------- c:\windows\system32\drivers\mfehidk.sys
2009-09-04 06:43 71,496 a------- c:\windows\system32\drivers\mfeavfk.sys
2009-09-04 06:43 109,608 a------- c:\windows\system32\drivers\Mpfp.sys
2009-09-04 06:41 <DIR> --d----- c:\program files\McAfee.com
2009-09-04 06:41 <DIR> --d----- c:\program files\common files\McAfee
2009-09-03 23:31 <DIR> --d----- c:\docume~1\alluse~1\applic~1\IObit
2009-09-03 11:23 73,728 a------- c:\windows\freddy62.exe
2009-09-03 11:23 2 a------- c:\windows\0101120101465054.fx
2009-09-03 00:59 159,600 a------- c:\windows\system32\drivers\pctgntdi.sys
2009-09-03 00:59 206,256 a------- c:\windows\system32\drivers\PCTCore.sys
2009-09-03 00:59 86,888 a------- c:\windows\system32\drivers\PCTAppEvent.sys
2009-09-03 00:59 7,396 a------- c:\windows\system32\drivers\pctcore.cat
2009-09-03 00:58 <DIR> --d----- c:\program files\common files\PC Tools
2009-09-03 00:58 64,392 a------- c:\windows\system32\drivers\pctplsg.sys
2009-09-03 00:58 <DIR> --d----- c:\program files\Spyware Doctor
2009-09-03 00:58 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC Tools
2009-09-03 00:58 <DIR> --d----- c:\docume~1\admini~1.to3\applic~1\PC Tools
2009-09-02 21:12 <DIR> --d----- c:\program files\McAfee
2009-09-02 20:23 <DIR> --d----- c:\windows\system32\scripting
2009-09-02 20:23 <DIR> --d----- c:\windows\l2schemas
2009-09-02 20:23 <DIR> --d----- c:\windows\system32\en
2009-09-02 20:23 <DIR> --d----- c:\windows\system32\bits
2009-09-02 20:17 <DIR> --d----- c:\windows\network diagnostic
2009-09-02 19:51 <DIR> --d----- c:\program files\IObit
2009-09-02 19:51 <DIR> --d----- c:\docume~1\admini~1.to3\applic~1\IObit
2009-09-02 13:15 <DIR> --d----- c:\windows\system32\appmgmt
2009-09-02 13:09 3,091,736 a------- c:\program files\avgstubres.dll
2009-09-02 13:09 959,768 a------- c:\program files\stub.exe
2009-08-31 12:18 1 ----h--- c:\windows\ex23567.dat
2009-08-31 12:18 69,632 a------- c:\windows\freddy61.exe
2009-08-31 12:18 2 a------- c:\windows\0101120101464954.fx
2009-08-31 12:18 <DIR> --d----- c:\program files\webserver
2009-08-30 18:26 37,760 a------- c:\windows\system32\drivers\Filter.sys
2009-08-30 18:26 <DIR> --d----- c:\program files\DDnsFilter
2009-08-14 17:10 <DIR> -cd-h--- C:\$AVG8.VAULT$
2009-08-14 17:07 <DIR> --d----- c:\docume~1\alluse~1\applic~1\avg8
2009-08-14 15:40 2 a------- c:\windows\0535251103110107106.xry
2009-08-14 15:40 2 a------- c:\windows\0101120101465449.fx
2009-08-14 15:40 2 a------- c:\windows\0101120101465653.fx
2009-08-14 15:31 <DIR> --d----- c:\docume~1\admini~1.to3\applic~1\AVG8
2009-08-13 22:49 19,753 a------- c:\windows\eguvi.inf
2009-08-13 22:49 19,028 a------- c:\windows\system32\obusi.reg
2009-08-13 22:49 17,957 a------- c:\windows\system32\adowenusif.db
2009-08-13 22:49 14,617 a------- c:\docume~1\alluse~1\applic~1\bikofe.bat
2009-08-13 22:49 13,959 a------- c:\windows\umemug.bin
2009-08-13 22:49 13,711 a------- c:\docume~1\admini~1.to3\applic~1\ipas.vbs
2009-08-13 22:49 11,490 a------- c:\windows\nynomys.db
2009-08-13 22:49 10,928 a------- c:\windows\idevutoz.scr
2009-08-13 22:49 19,288 a------- c:\windows\ugoz.db
2009-08-13 22:49 18,438 a------- c:\program files\common files\obudarydog.sys
2009-08-13 22:49 16,013 a------- c:\windows\eqabalylam.bat
2009-08-13 22:49 14,109 a------- c:\program files\common files\acukinuk.vbs
2009-08-13 22:49 13,514 a------- c:\program files\common files\yfezexehex.dat
2009-08-13 22:49 13,340 a------- c:\windows\iguk.dll
2009-08-13 22:49 13,209 a------- c:\docume~1\admini~1.to3\applic~1\efir.pif
2009-08-13 22:49 11,487 a------- c:\windows\system32\dicyjise._sy
2009-08-13 22:47 2 a------- c:\windows\0101120101464949.fx
2009-08-13 22:47 1 a------- c:\windows\4ff345dfbh521
2009-08-13 22:47 2 a------- c:\windows\010112010146120114.fx
2009-08-13 22:40 51,200 a------- c:\windows\ld12.exe
2009-08-12 21:01 <DIR> --d----- c:\windows\ServicePackFiles
2009-08-12 17:44 128,512 -c------ c:\windows\system32\dllcache\dhtmled.ocx
2009-08-12 17:38 1,315,328 -c------ c:\windows\system32\dllcache\msoe.dll
2009-08-12 17:36 655,872 -c------ c:\windows\system32\dllcache\mstscax.dll

==================== Find3M ====================

2009-09-02 20:27 86,995 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-08-13 22:49 19,561 a------- c:\program files\common files\samohyxa._sy
2009-08-08 12:52 148,736 a------- c:\docume~1\alluse~1\applic~1\hpe18F.dll
2009-08-05 10:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-07-24 13:52 261 a------- c:\program files\config.txt
2009-07-17 20:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-03 18:09 915,456 a------- c:\windows\system32\wininet.dll
2009-06-25 19:36 661,504 a------- c:\windows\system32\mqqm.dll
2009-06-25 19:36 517,120 a------- c:\windows\system32\mqsnap.dll
2009-06-25 19:36 471,552 a------- c:\windows\system32\mqutil.dll
2009-06-25 19:36 225,280 a------- c:\windows\system32\mqoa.dll
2009-06-25 19:36 186,880 a------- c:\windows\system32\mqtrig.dll
2009-06-25 19:36 177,152 a------- c:\windows\system32\mqrt.dll
2009-06-25 19:36 138,240 a------- c:\windows\system32\mqad.dll
2009-06-25 19:36 123,392 a------- c:\windows\system32\mqrtdep.dll
2009-06-25 19:36 95,744 a------- c:\windows\system32\mqsec.dll
2009-06-25 19:36 48,640 a------- c:\windows\system32\mqupgrd.dll
2009-06-25 19:36 47,104 a------- c:\windows\system32\mqdscli.dll
2009-06-25 19:36 16,896 a------- c:\windows\system32\mqise.dll
2009-06-25 09:25 730,112 a------- c:\windows\system32\lsasrv.dll
2009-06-25 09:25 301,568 a------- c:\windows\system32\kerberos.dll
2009-06-25 09:25 147,456 a------- c:\windows\system32\schannel.dll
2009-06-25 09:25 136,192 a------- c:\windows\system32\msv1_0.dll
2009-06-25 09:25 56,832 a------- c:\windows\system32\secur32.dll
2009-06-25 09:25 54,272 a------- c:\windows\system32\wdigest.dll
2009-06-22 12:49 117,248 a------- c:\windows\system32\mqtgsvc.exe
2009-06-22 12:49 19,968 a------- c:\windows\system32\mqbkup.exe
2009-06-22 12:49 4,608 a------- c:\windows\system32\mqsvc.exe
2009-06-16 15:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 15:36 81,920 a------- c:\windows\system32\fontsub.dll
2009-06-12 13:31 80,896 a------- c:\windows\system32\tlntsess.exe
2009-06-12 13:31 76,288 a------- c:\windows\system32\telnet.exe

============= FINISH: 19:27:19.25 ===============

welshblood · 08-Sep-2009, 06:01 PM #4

reply part 2

km2357 · 09-Sep-2009, 02:22 AM #5

Step # 1: Download and Run ComboFix

We will begin with ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/comb...o-use-combofix

*Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

* IMPORTANT !!! Save ComboFix.exe to your Desktop

When finished, it shall produce a log for you. Please include C:\ComboFix.txt in your next reply.

welshblood · 09-Sep-2009, 05:26 PM #6

ComboFix 09-09-09.01 - Administrator 09/09/2009 20:50.2.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.494.158 [GMT 1:00]
Running from: c:\documents and settings\Administrator.TO38147\My Documents\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\documents and settings\Administrator.TO38147\Application Data\efir.pif
c:\documents and settings\Administrator.TO38147\Application Data\ipas.vbs
c:\documents and settings\Administrator.TO38147\Cookies\uraqah.vbs
c:\documents and settings\Administrator.TO38147\Local Settings\Application Data\ewynynar.bat
c:\documents and settings\Administrator.TO38147\Local Settings\Application Data\loxe.sys
c:\documents and settings\Administrator.TO38147\Local Settings\Application Data\mivum.dl
c:\documents and settings\Administrator.TO38147\Local Settings\Application Data\okirob.sys
c:\documents and settings\All Users\Application Data\bikofe.bat
c:\documents and settings\All Users\Application Data\tabahulav._dl
c:\documents and settings\All Users\Documents\ubuke.vbs
c:\documents and settings\All Users\Documents\uxizor._dl
c:\program files\Common Files\acukinuk.vbs
c:\program files\Common Files\obudarydog.sys
c:\windows\010112010146120114.fx
c:\windows\0101120101464949.fx
c:\windows\0101120101464954.fx
c:\windows\0101120101465054.fx
c:\windows\0101120101465449.fx
c:\windows\0101120101465653.fx
c:\windows\4ff345dfbh521
c:\windows\eguvi.inf
c:\windows\eqabalylam.bat
c:\windows\idevutoz.scr
c:\windows\iguk.dll
c:\windows\system32\drivers\etc\lmhosts
c:\windows\system32\ltfil13n.DLL
c:\windows\system32\obusi.reg
c:\windows\umemug.bin

c:\windows\system32\proquota.exe was missing
Restored copy from - c:\windows\ServicePackFiles\i386\proquota.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_BROWSERCTL
-------\Legacy_BROWSERCTLDRV
-------\Service_SfX

((((((((((((((((((((((((( Files Created from 2009-08-09 to 2009-09-09 )))))))))))))))))))))))))))))))
.

2009-09-09 17:58 . 2008-04-14 00:12 50176 -c--a-w- c:\windows\system32\dllcache\proquota.exe
2009-09-09 17:58 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
2009-09-08 22:12 . 2009-09-08 22:12 -------- d-----w- c:\documents and settings\Administrator.TO38147\Local Settings\Application Data\AVG Security Toolbar
2009-09-08 22:06 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2009-09-08 21:29 . 2009-09-08 21:29 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-09-08 21:29 . 2009-09-08 21:29 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-09-08 21:29 . 2009-09-08 21:29 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-09-08 21:29 . 2009-09-08 21:29 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-09-08 21:23 . 2009-09-09 17:16 -------- d-----w- c:\windows\system32\drivers\Avg
2009-09-08 21:23 . 2009-09-08 21:44 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-09-08 21:22 . 2009-09-08 21:22 -------- d-----w- c:\program files\AVG
2009-09-03 22:31 . 2009-09-03 22:31 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit
2009-09-03 10:37 . 2009-09-03 10:37 -------- d-----w- c:\documents and settings\Administrator.TO38147\Local Settings\Application Data\Cooliris
2009-09-02 23:59 . 2008-12-11 07:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-09-02 23:59 . 2009-08-24 13:05 206256 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-09-02 23:59 . 2009-08-19 10:01 86888 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-09-02 23:58 . 2009-09-03 00:03 -------- d-----w- c:\program files\Common Files\PC Tools
2009-09-02 23:58 . 2008-12-10 10:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-09-02 23:58 . 2009-09-03 08:48 -------- d-----w- c:\program files\Spyware Doctor
2009-09-02 23:58 . 2009-09-02 23:58 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-09-02 23:58 . 2009-09-02 23:58 -------- d-----w- c:\documents and settings\Administrator.TO38147\Application Data\PC Tools
2009-09-02 23:58 . 2009-09-03 09:45 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-09-02 22:53 . 2009-09-02 22:53 0 ----a-w- c:\windows\nsreg.dat
2009-09-02 22:52 . 2009-09-02 22:52 -------- d-----w- c:\documents and settings\Administrator.TO38147\Local Settings\Application Data\Mozilla
2009-09-02 20:20 . 2009-09-02 20:20 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-09-02 20:18 . 2009-09-08 21:19 -------- d-----w- c:\documents and settings\All Users\Application Data\SiteAdvisor
2009-09-02 20:09 . 2009-09-08 22:00 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-09-02 19:23 . 2009-09-02 19:23 -------- d-----w- c:\windows\system32\scripting
2009-09-02 19:23 . 2009-09-02 19:23 -------- d-----w- c:\windows\l2schemas
2009-09-02 19:23 . 2009-09-02 19:23 -------- d-----w- c:\windows\system32\en
2009-09-02 19:23 . 2009-09-02 19:23 -------- d-----w- c:\windows\system32\bits
2009-09-02 18:51 . 2009-09-03 22:31 -------- d-----w- c:\program files\IObit
2009-09-02 18:51 . 2009-09-03 09:50 -------- d-----w- c:\documents and settings\Administrator.TO38147\Application Data\IObit
2009-09-02 12:09 . 2009-07-24 12:52 959768 ----a-w- c:\program files\stub.exe
2009-09-02 12:09 . 2009-07-24 12:52 3091736 ----a-w- c:\program files\avgstubres.dll
2009-08-31 11:18 . 2009-09-09 17:33 -------- d-----w- c:\program files\webserver
2009-08-14 16:10 . 2009-09-09 19:02 -------- dc----w- C:\$AVG8.VAULT$
2009-08-14 16:07 . 2009-09-09 18:01 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-08-14 14:31 . 2009-08-14 14:31 -------- d-----w- c:\documents and settings\Administrator.TO38147\Application Data\AVG8
2009-08-13 21:49 . 2009-08-13 21:49 13514 ----a-w- c:\program files\Common Files\yfezexehex.dat
2009-08-12 20:01 . 2009-09-02 19:19 -------- d-----w- c:\windows\ServicePackFiles
2009-08-12 16:38 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-08-12 16:36 . 2009-06-10 08:19 2066432 -c----w- c:\windows\system32\dllcache\mstscax.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-04 06:49 . 2009-06-17 18:58 -------- d-----w- c:\documents and settings\Administrator.TO38147\Application Data\DNA
2009-09-04 04:49 . 2009-06-17 18:58 -------- d-----w- c:\program files\DNA
2009-09-03 09:41 . 2006-05-27 08:54 -------- d-----w- c:\program files\HP
2009-09-03 08:32 . 2005-09-08 15:19 40976 ----a-w- c:\documents and settings\Administrator.TO38147\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-02 12:15 . 2004-08-19 12:34 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-09-02 12:15 . 2005-02-02 20:20 -------- d-----w- c:\program files\Network Associates
2009-08-14 05:58 . 2009-09-02 23:59 7396 ----a-w- c:\windows\system32\drivers\pctcore.cat
2009-08-13 21:49 . 2009-08-13 21:49 19561 ----a-w- c:\program files\Common Files\samohyxa._sy
2009-08-13 21:40 . 2005-09-08 15:12 -------- d-----w- c:\documents and settings\Administrator.TO38147\Application Data\AdobeUM
2009-08-08 12:20 . 2009-08-08 12:20 -------- d-----w- c:\documents and settings\Administrator.TO38147\Application Data\Apple Computer
2009-08-08 12:13 . 2009-08-08 12:13 -------- d-----w- c:\program files\Common Files\Sony Shared
2009-08-08 12:13 . 2009-08-08 12:13 -------- d-----w- c:\program files\Sony
2009-08-08 12:12 . 2009-08-08 12:11 -------- d-----w- c:\program files\QuickTime
2009-08-08 12:11 . 2009-08-08 12:11 -------- d-----w- c:\program files\Common Files\Apple
2009-08-08 12:11 . 2009-08-08 12:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-08-08 12:11 . 2009-08-08 12:11 -------- d-----w- c:\program files\Apple Software Update
2009-08-08 12:11 . 2009-08-08 12:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-08-08 12:08 . 2009-08-08 12:08 -------- d-----w- c:\documents and settings\Administrator.TO38147\Application Data\Sony
2009-08-08 11:59 . 2009-08-08 11:59 -------- d-----w- c:\documents and settings\All Users\Application Data\BVRP Software
2009-08-08 11:52 . 2009-08-08 11:52 148736 ----a-w- c:\documents and settings\All Users\Application Data\hpe18F.dll
2009-08-08 11:51 . 2009-08-08 11:51 -------- d-----w- c:\program files\Sony Ericsson
2009-08-08 11:51 . 2009-08-08 11:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony Ericsson
2009-08-08 11:51 . 2004-08-19 09:59 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-05 09:01 . 2004-08-18 15:41 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-27 16:55 . 2009-07-27 16:55 552 ----a-w- c:\windows\system32\d3d8caps.dat
2009-07-24 12:52 . 2009-09-02 12:09 261 ----a-w- c:\program files\config.txt
2009-07-17 19:01 . 2004-08-18 15:40 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-12 11:21 . 2004-08-18 15:43 233472 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-03 17:09 . 2004-08-18 15:42 915456 ------w- c:\windows\system32\wininet.dll
2009-06-25 18:36 . 2004-08-18 15:41 95744 ----a-w- c:\windows\system32\mqsec.dll
2009-06-25 18:36 . 2004-08-18 15:41 661504 ----a-w- c:\windows\system32\mqqm.dll
2009-06-25 18:36 . 2004-08-18 15:41 517120 ----a-w- c:\windows\system32\mqsnap.dll
2009-06-25 18:36 . 2004-08-18 15:41 48640 ----a-w- c:\windows\system32\mqupgrd.dll
2009-06-25 18:36 . 2004-08-18 15:41 471552 ----a-w- c:\windows\system32\mqutil.dll
2009-06-25 18:36 . 2004-08-18 15:41 47104 ----a-w- c:\windows\system32\mqdscli.dll
2009-06-25 18:36 . 2004-08-18 15:41 225280 ----a-w- c:\windows\system32\mqoa.dll
2009-06-25 18:36 . 2004-08-18 15:41 186880 ----a-w- c:\windows\system32\mqtrig.dll
2009-06-25 18:36 . 2004-08-18 15:41 177152 ----a-w- c:\windows\system32\mqrt.dll
2009-06-25 18:36 . 2004-08-18 15:41 16896 ----a-w- c:\windows\system32\mqise.dll
2009-06-25 18:36 . 2004-08-18 15:41 138240 ----a-w- c:\windows\system32\mqad.dll
2009-06-25 18:36 . 2004-08-18 15:41 123392 ----a-w- c:\windows\system32\mqrtdep.dll
2009-06-25 08:25 . 2004-08-18 15:42 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2004-08-18 15:42 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2004-08-18 15:42 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:25 . 2004-08-18 15:41 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-25 08:25 . 2004-08-18 15:41 730112 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2004-08-18 15:41 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-24 11:18 . 2004-08-18 15:41 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-22 11:49 . 2004-08-18 15:41 19968 ----a-w- c:\windows\system32\mqbkup.exe
2009-06-22 11:49 . 2004-08-18 15:41 117248 ----a-w- c:\windows\system32\mqtgsvc.exe
2009-06-22 11:49 . 2004-08-18 15:41 4608 ----a-w- c:\windows\system32\mqsvc.exe
2009-06-22 11:48 . 2004-08-18 15:41 91776 ----a-w- c:\windows\system32\drivers\mqac.sys
2009-06-16 14:36 . 2004-08-18 15:42 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2004-08-18 15:40 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-12 12:31 . 2004-08-18 15:42 80896 ----a-w- c:\windows\system32\tlntsess.exe
2009-06-12 12:31 . 2004-08-18 15:42 76288 ----a-w- c:\windows\system32\telnet.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-07-24 08:55 1090816 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-29 325000]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-29 325000]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2003-09-05 65536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-08-28 4861952]
"00THotkey"="c:\windows\system32\00THotkey.exe" [2004-08-11 253952]
"SigmaTel StacMon"="c:\program files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe" [2003-08-03 86073]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-08 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-08 688218]
"RCTAudit"="c:\windows\audit\Audit.vbs" [2004-09-14 1963]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-10-08 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-10-08 126976]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb12.exe" [2004-12-14 176128]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 49152]
"IObit Security 360"="c:\program files\IObit\IObit Security 360\IS360tray.exe" [2009-09-02 1216272]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-09-08 2007832]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2003-08-28 323584]
"000StTHK"="000StTHK.exe" - c:\windows\system32\000StTHK.exe [2001-06-23 24576]
"TFNF5"="TFNF5.exe" - c:\windows\system32\TFNF5.exe [2003-07-18 73728]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\agrsmmsg.exe [2004-02-20 88363]
"TPSMain"="TPSMain.exe" - c:\windows\system32\TPSMain.exe [2004-06-28 266240]
"TFncKy"="TFncKy.exe" [BU]
"NDSTray.exe"="NDSTray.exe" [BU]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explor er]
"NoSimpleStartMenu"= 1 (0x1)
"NoAutoUpdate"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-09-08 21:29 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxs ervice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcore service]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Glob allyOpenPorts\List]
"8085:TCP"= 8085:TCP:ddnsfilter
"53:TCP"= 53:TCP:webserver

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [03/09/2009 00:59 206256]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [08/09/2009 22:29 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [08/09/2009 22:29 108552]
R1 SMBHC;Microsoft SM Bus Host Controller Driver;c:\windows\system32\drivers\smbhc.sys [08/09/2005 15:43 6784]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [08/09/2009 22:22 297752]
R2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\is360srv.exe [03/09/2009 23:31 305936]
R3 SMBBATT;Microsoft Smart Battery Driver;c:\windows\system32\drivers\smbbatt.sys [08/09/2005 15:43 16000]
S1 Filter;Filter;\??\c:\windows\system32\drivers\Filter.sys --> c:\windows\system32\drivers\Filter.sys [?]
S2 webserver;webserver;c:\program files\webserver\webserver.exe --> c:\program files\webserver\webserver.exe [?]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [08/08/2009 12:57 86696]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [08/08/2009 12:57 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [08/08/2009 12:57 114472]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [08/08/2009 12:57 108328]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [08/08/2009 12:57 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [08/08/2009 12:57 104616]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [08/08/2009 12:57 109736]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [03/09/2009 00:58 348752]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2009-08-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2005-01-29 c:\windows\Tasks\Registration reminder 1.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-08-18 00:12]

2005-01-29 c:\windows\Tasks\Registration reminder 2.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-08-18 00:12]

2005-01-29 c:\windows\Tasks\Registration reminder 3.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-08-18 00:12]

2009-09-09 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-05-14 21:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.sky.com/
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyServer = msproxy2:80
uInternet Settings,ProxyOverride = 10.*;rct.*
IE: {{08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com
FF - ProfilePath - c:\documents and settings\Administrator.TO38147\Application Data\Mozilla\Firefox\Profiles\wk9rx8fi.default\
FF - prefs.js: browser.startup.homepage - www.sky.com
FF - component: c:\documents and settings\Administrator.TO38147\Application Data\Mozilla\Firefox\Profiles\wk9rx8fi.default\extensions\piclens@cooliris. com\components\coolirisstub.dll
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils 2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils 3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils 35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\documents and settings\Administrator.TO38147\Application Data\Mozilla\Firefox\Profiles\wk9rx8fi.default\extensions\piclens@cooliris. com\plugins\npcoolirisplugin.dll
FF - plugin: c:\program files\Java\j2re1.4.2_05\bin\NPJava11.dll
FF - plugin: c:\program files\Java\j2re1.4.2_05\bin\NPJava12.dll
FF - plugin: c:\program files\Java\j2re1.4.2_05\bin\NPJava13.dll
FF - plugin: c:\program files\Java\j2re1.4.2_05\bin\NPJava14.dll
FF - plugin: c:\program files\Java\j2re1.4.2_05\bin\NPJava32.dll
FF - plugin: c:\program files\Java\j2re1.4.2_05\bin\NPJPI142_05.dll
FF - plugin: c:\program files\Java\j2re1.4.2_05\bin\NPOJI610.dll

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)
AddRemove-Citrix Program Neighborhood - c:\windows\ISUNINST.EXE -fc:\progra~1\Citrix\ICACLI~1\Uninst.isu
AddRemove-Power Saver - c:\windows\IsUninst.exe -fc:\program files\TOSHIBA\Power Saver\Uninst.isu

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-09 20:58
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-893214074-5843438-130378471-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01 ,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d1,e1,01,91,73,07,a3,4d,a9,17,a0, \
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01 ,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,48,58,e9,4a,4b,cd,81,4f,a5,4b,71, \
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01 ,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d1,e1,01,91,73,07,a3,4d,a9,17,a0, \
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(892)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\msi.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-09-09 21:00
ComboFix-quarantined-files.txt 2009-09-09 20:00

Pre-Run: 48,951,525,376 bytes free
Post-Run: 48,946,925,568 bytes free

314

km2357 · 10-Sep-2009, 01:43 AM #7

Looking at the ComboFix log, I see that you've replaced McAfee with AVG as your AV of choice. If you haven't already, be sure to uninstall McAfee as you don't want to two Anti-Viruses running at the same time.

Step # 1: Run CFScript

Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

Code:

http://forums.techguy.org/6921017-post6.html

KILLALL::

Collect::

c:\program files\Common Files\yfezexehex.dat
c:\program files\Common Files\samohyxa._sy

Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

Note: This CFScript is for use on welshblood's computer only! Do not use it on your computer.
Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Please Note:

When ComboFix finishes running, the ComboFix log will open along with a message box--do not be alarmed. ComboFix is capturing a file/files to submit for analysis.

Ensure you are connected to the internet and click OK on the message box.

Please let me know if the file was successfully submitted. Thanks.

In your next post/reply, I need to see the following:

1. The ComboFix Log that appears after Step 1 has been completed.

welshblood · 12-Sep-2009, 12:24 PM #8

ComboFix 09-09-11.03 - Administrator 12/09/2009 15:21.7.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.494.163 [GMT 1:00]
Running from: c:\documents and settings\Administrator.TO38147\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator.TO38147\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((( Files Created from 2009-08-12 to 2009-09-12 )))))))))))))))))))))))))))))))
.

2009-09-09 17:58 . 2008-04-14 00:12 50176 -c--a-w- c:\windows\system32\dllcache\proquota.exe
2009-09-09 17:58 . 2008-04-14 00:12 50176 ----a-w- c:\windows\system32\proquota.exe
2009-09-08 22:12 . 2009-09-08 22:12 -------- d-----w- c:\documents and settings\Administrator.TO38147\Local Settings\Application Data\AVG Security Toolbar
2009-09-08 22:06 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2009-09-08 21:29 . 2009-09-08 21:29 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-09-08 21:29 . 2009-09-08 21:29 108552 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2009-09-08 21:29 . 2009-09-08 21:29 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-09-08 21:29 . 2009-09-08 21:29 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-09-08 21:23 . 2009-09-12 09:45 -------- d-----w- c:\windows\system32\drivers\Avg
2009-09-08 21:23 . 2009-09-08 21:44 -------- d-----w- c:\documents and settings\All Users\Application Data\AVG Security Toolbar
2009-09-08 21:22 . 2009-09-08 21:22 -------- d-----w- c:\program files\AVG
2009-09-03 22:31 . 2009-09-03 22:31 -------- d-----w- c:\documents and settings\All Users\Application Data\IObit
2009-09-03 10:37 . 2009-09-03 10:37 -------- d-----w- c:\documents and settings\Administrator.TO38147\Local Settings\Application Data\Cooliris
2009-09-02 23:59 . 2008-12-11 07:38 159600 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-09-02 23:59 . 2009-08-24 13:05 206256 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-09-02 23:59 . 2009-08-19 10:01 86888 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-09-02 23:58 . 2009-09-03 00:03 -------- d-----w- c:\program files\Common Files\PC Tools
2009-09-02 23:58 . 2008-12-10 10:36 64392 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-09-02 23:58 . 2009-09-03 08:48 -------- d-----w- c:\program files\Spyware Doctor
2009-09-02 23:58 . 2009-09-02 23:58 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-09-02 23:58 . 2009-09-02 23:58 -------- d-----w- c:\documents and settings\Administrator.TO38147\Application Data\PC Tools
2009-09-02 23:58 . 2009-09-03 09:45 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-09-02 22:53 . 2009-09-02 22:53 0 ----a-w- c:\windows\nsreg.dat
2009-09-02 22:52 . 2009-09-02 22:52 -------- d-----w- c:\documents and settings\Administrator.TO38147\Local Settings\Application Data\Mozilla
2009-09-02 20:20 . 2009-09-02 20:20 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache
2009-09-02 20:18 . 2009-09-08 21:19 -------- d-----w- c:\documents and settings\All Users\Application Data\SiteAdvisor
2009-09-02 19:23 . 2009-09-02 19:23 -------- d-----w- c:\windows\system32\scripting
2009-09-02 19:23 . 2009-09-02 19:23 -------- d-----w- c:\windows\l2schemas
2009-09-02 19:23 . 2009-09-02 19:23 -------- d-----w- c:\windows\system32\en
2009-09-02 19:23 . 2009-09-02 19:23 -------- d-----w- c:\windows\system32\bits
2009-09-02 18:51 . 2009-09-03 22:31 -------- d-----w- c:\program files\IObit
2009-09-02 18:51 . 2009-09-03 09:50 -------- d-----w- c:\documents and settings\Administrator.TO38147\Application Data\IObit
2009-09-02 12:09 . 2009-07-24 12:52 959768 ----a-w- c:\program files\stub.exe
2009-09-02 12:09 . 2009-07-24 12:52 3091736 ----a-w- c:\program files\avgstubres.dll
2009-08-31 11:18 . 2009-09-09 17:33 -------- d-----w- c:\program files\webserver
2009-08-14 16:10 . 2009-09-10 06:11 -------- dc----w- C:\$AVG8.VAULT$
2009-08-14 16:07 . 2009-09-09 18:01 -------- d-----w- c:\documents and settings\All Users\Application Data\avg8
2009-08-14 14:31 . 2009-08-14 14:31 -------- d-----w- c:\documents and settings\Administrator.TO38147\Application Data\AVG8

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-04 06:49 . 2009-06-17 18:58 -------- d-----w- c:\documents and settings\Administrator.TO38147\Application Data\DNA
2009-09-04 04:49 . 2009-06-17 18:58 -------- d-----w- c:\program files\DNA
2009-09-03 09:41 . 2006-05-27 08:54 -------- d-----w- c:\program files\HP
2009-09-03 08:32 . 2005-09-08 15:19 40976 ----a-w- c:\documents and settings\Administrator.TO38147\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-09-02 12:15 . 2004-08-19 12:34 -------- d-----w- c:\program files\Common Files\Symantec Shared
2009-09-02 12:15 . 2005-02-02 20:20 -------- d-----w- c:\program files\Network Associates
2009-08-14 05:58 . 2009-09-02 23:59 7396 ----a-w- c:\windows\system32\drivers\pctcore.cat
2009-08-13 21:40 . 2005-09-08 15:12 -------- d-----w- c:\documents and settings\Administrator.TO38147\Application Data\AdobeUM
2009-08-08 12:20 . 2009-08-08 12:20 -------- d-----w- c:\documents and settings\Administrator.TO38147\Application Data\Apple Computer
2009-08-08 12:13 . 2009-08-08 12:13 -------- d-----w- c:\program files\Common Files\Sony Shared
2009-08-08 12:13 . 2009-08-08 12:13 -------- d-----w- c:\program files\Sony
2009-08-08 12:12 . 2009-08-08 12:11 -------- d-----w- c:\program files\QuickTime
2009-08-08 12:11 . 2009-08-08 12:11 -------- d-----w- c:\program files\Common Files\Apple
2009-08-08 12:11 . 2009-08-08 12:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-08-08 12:11 . 2009-08-08 12:11 -------- d-----w- c:\program files\Apple Software Update
2009-08-08 12:11 . 2009-08-08 12:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-08-08 12:08 . 2009-08-08 12:08 -------- d-----w- c:\documents and settings\Administrator.TO38147\Application Data\Sony
2009-08-08 11:59 . 2009-08-08 11:59 -------- d-----w- c:\documents and settings\All Users\Application Data\BVRP Software
2009-08-08 11:52 . 2009-08-08 11:52 148736 ----a-w- c:\documents and settings\All Users\Application Data\hpe18F.dll
2009-08-08 11:51 . 2009-08-08 11:51 -------- d-----w- c:\program files\Sony Ericsson
2009-08-08 11:51 . 2009-08-08 11:51 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony Ericsson
2009-08-08 11:51 . 2004-08-19 09:59 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-05 09:01 . 2004-08-18 15:41 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-27 16:55 . 2009-07-27 16:55 552 ----a-w- c:\windows\system32\d3d8caps.dat
2009-07-24 12:52 . 2009-09-02 12:09 261 ----a-w- c:\program files\config.txt
2009-07-17 19:01 . 2004-08-18 15:40 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-12 11:21 . 2004-08-18 15:43 233472 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-03 17:09 . 2004-08-18 15:42 915456 ------w- c:\windows\system32\wininet.dll
2009-06-25 18:36 . 2004-08-18 15:41 95744 ----a-w- c:\windows\system32\mqsec.dll
2009-06-25 18:36 . 2004-08-18 15:41 661504 ----a-w- c:\windows\system32\mqqm.dll
2009-06-25 18:36 . 2004-08-18 15:41 517120 ----a-w- c:\windows\system32\mqsnap.dll
2009-06-25 18:36 . 2004-08-18 15:41 48640 ----a-w- c:\windows\system32\mqupgrd.dll
2009-06-25 18:36 . 2004-08-18 15:41 471552 ----a-w- c:\windows\system32\mqutil.dll
2009-06-25 18:36 . 2004-08-18 15:41 47104 ----a-w- c:\windows\system32\mqdscli.dll
2009-06-25 18:36 . 2004-08-18 15:41 225280 ----a-w- c:\windows\system32\mqoa.dll
2009-06-25 18:36 . 2004-08-18 15:41 186880 ----a-w- c:\windows\system32\mqtrig.dll
2009-06-25 18:36 . 2004-08-18 15:41 177152 ----a-w- c:\windows\system32\mqrt.dll
2009-06-25 18:36 . 2004-08-18 15:41 16896 ----a-w- c:\windows\system32\mqise.dll
2009-06-25 18:36 . 2004-08-18 15:41 138240 ----a-w- c:\windows\system32\mqad.dll
2009-06-25 18:36 . 2004-08-18 15:41 123392 ----a-w- c:\windows\system32\mqrtdep.dll
2009-06-25 08:25 . 2004-08-18 15:42 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2004-08-18 15:42 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2004-08-18 15:42 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:25 . 2004-08-18 15:41 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-25 08:25 . 2004-08-18 15:41 730112 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2004-08-18 15:41 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-24 11:18 . 2004-08-18 15:41 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-22 11:49 . 2004-08-18 15:41 19968 ----a-w- c:\windows\system32\mqbkup.exe
2009-06-22 11:49 . 2004-08-18 15:41 117248 ----a-w- c:\windows\system32\mqtgsvc.exe
2009-06-22 11:49 . 2004-08-18 15:41 4608 ----a-w- c:\windows\system32\mqsvc.exe
2009-06-22 11:48 . 2004-08-18 15:41 91776 ----a-w- c:\windows\system32\drivers\mqac.sys
2009-06-16 14:36 . 2004-08-18 15:42 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 14:36 . 2004-08-18 15:40 81920 ----a-w- c:\windows\system32\fontsub.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{A3BC75A2-1F87-4686-AA43-5347D756017C}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{a3bc75a2-1f87-4686-aa43-5347d756017c}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
2009-07-24 08:55 1090816 ----a-w- c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-29 325000]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-09-29 325000]
"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG8\Toolbar\IEToolbar.dll" [2009-07-24 1090816]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TOSCDSPD"="c:\program files\TOSHIBA\TOSCDSPD\toscdspd.exe" [2003-09-05 65536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-08-28 4861952]
"00THotkey"="c:\windows\system32\00THotkey.exe" [2004-08-11 253952]
"SigmaTel StacMon"="c:\program files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe" [2003-08-03 86073]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-08 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-08 688218]
"RCTAudit"="c:\windows\audit\Audit.vbs" [2004-09-14 1963]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-10-08 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-10-08 126976]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb12.exe" [2004-12-14 176128]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 49152]
"IObit Security 360"="c:\program files\IObit\IObit Security 360\IS360tray.exe" [2009-09-02 1216272]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2003-08-28 323584]
"000StTHK"="000StTHK.exe" - c:\windows\system32\000StTHK.exe [2001-06-23 24576]
"TFNF5"="TFNF5.exe" - c:\windows\system32\TFNF5.exe [2003-07-18 73728]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\agrsmmsg.exe [2004-02-20 88363]
"TPSMain"="TPSMain.exe" - c:\windows\system32\TPSMain.exe [2004-06-28 266240]
"TFncKy"="TFncKy.exe" [BU]
"NDSTray.exe"="NDSTray.exe" [BU]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explor er]
"NoSimpleStartMenu"= 1 (0x1)
"NoAutoUpdate"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-09-08 21:29 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxs ervice]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcore service]
@=""

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Glob allyOpenPorts\List]
"8085:TCP"= 8085:TCP:ddnsfilter
"53:TCP"= 53:TCP:webserver

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [03/09/2009 00:59 206256]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [08/09/2009 22:29 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [08/09/2009 22:29 108552]
R1 SMBHC;Microsoft SM Bus Host Controller Driver;c:\windows\system32\drivers\smbhc.sys [08/09/2005 15:43 6784]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [08/09/2009 22:22 297752]
R2 IS360service;IS360service;c:\program files\IObit\IObit Security 360\is360srv.exe [03/09/2009 23:31 305936]
R3 SMBBATT;Microsoft Smart Battery Driver;c:\windows\system32\drivers\smbbatt.sys [08/09/2005 15:43 16000]
S1 Filter;Filter;\??\c:\windows\system32\drivers\Filter.sys --> c:\windows\system32\drivers\Filter.sys [?]
S2 webserver;webserver;c:\program files\webserver\webserver.exe --> c:\program files\webserver\webserver.exe [?]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [08/08/2009 12:57 86696]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [08/08/2009 12:57 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [08/08/2009 12:57 114472]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [08/08/2009 12:57 108328]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [08/08/2009 12:57 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [08/08/2009 12:57 104616]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [08/08/2009 12:57 109736]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [03/09/2009 00:58 348752]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\program files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder

2009-08-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2005-01-29 c:\windows\Tasks\Registration reminder 1.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-08-18 00:12]

2005-01-29 c:\windows\Tasks\Registration reminder 2.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-08-18 00:12]

2005-01-29 c:\windows\Tasks\Registration reminder 3.job
- c:\windows\system32\OOBE\oobebaln.exe [2004-08-18 00:12]

2009-09-12 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-05-14 21:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.sky.com/
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyServer = msproxy2:80
uInternet Settings,ProxyOverride = 10.*;rct.*
IE: {{08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com
FF - ProfilePath - c:\documents and settings\Administrator.TO38147\Application Data\Mozilla\Firefox\Profiles\wk9rx8fi.default\
FF - prefs.js: browser.startup.homepage - www.sky.com
FF - component: c:\documents and settings\Administrator.TO38147\Application Data\Mozilla\Firefox\Profiles\wk9rx8fi.default\extensions\piclens@cooliris. com\components\coolirisstub.dll
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils 2.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils 3.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\IGeared_tavgp_xputils 35.dll
FF - component: c:\program files\AVG\AVG8\Toolbar\Firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\documents and settings\Administrator.TO38147\Application Data\Mozilla\Firefox\Profiles\wk9rx8fi.default\extensions\piclens@cooliris. com\plugins\npcoolirisplugin.dll
FF - plugin: c:\program files\Java\j2re1.4.2_05\bin\NPJava11.dll
FF - plugin: c:\program files\Java\j2re1.4.2_05\bin\NPJava12.dll
FF - plugin: c:\program files\Java\j2re1.4.2_05\bin\NPJava13.dll
FF - plugin: c:\program files\Java\j2re1.4.2_05\bin\NPJava14.dll
FF - plugin: c:\program files\Java\j2re1.4.2_05\bin\NPJava32.dll
FF - plugin: c:\program files\Java\j2re1.4.2_05\bin\NPJPI142_05.dll
FF - plugin: c:\program files\Java\j2re1.4.2_05\bin\NPOJI610.dll

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-12 16:02
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-893214074-5843438-130378471-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01 ,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d1,e1,01,91,73,07,a3,4d,a9,17,a0, \
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01 ,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,48,58,e9,4a,4b,cd,81,4f,a5,4b,71, \
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01 ,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,d1,e1,01,91,73,07,a3,4d,a9,17,a0, \
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3388)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\msi.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Toshiba\ConfigFree\CFSvcs.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\program files\AVG\AVG8\avgcsrvx.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Toshiba\TOSHIBA Controls\TFncKy.exe
c:\program files\Toshiba\ConfigFree\NDSTray.exe
.
**************************************************************************
.
Completion time: 2009-09-12 16:06 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-12 15:06
ComboFix2.txt 2009-09-12 13:18

Pre-Run: 48,802,492,416 bytes free
Post-Run: 48,841,302,016 bytes free

276

km2357 · 12-Sep-2009, 04:22 PM #9

Step # 1: Add/Remove Programs

Go to Start-Settings-Control Panel, click on Add Remove Programs. If any of the following programs are listed there, click on the program to highlight it, and click on remove. Then close the Control Panel.

Ask Toolbar

Reboot your Computer.

Step # 2 Update Java

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.

Please follow these steps to remove older version Java components and update.

Updating Java:

Download the latest version of Java Runtime Environment (JRE) 6u16.
Click on the link to download Windows Offline Installation and save to your desktop. Do NOT use the Sun Download Manager.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Remove the following old versions of Java:
Java 2 Runtime Environment, SE v1.4.2_05
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
From your desktop double-click on the download to install the newest version.

Step # 3: Download and Run ATF Cleaner
Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it.

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.

Step # 4 Download and Run Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

welshblood · 12-Sep-2009, 05:36 PM **#10**

Malwarebytes' Anti-Malware 1.41
Database version: 2785
Windows 5.1.2600 Service Pack 3

12/09/2009 21:24:29
mbam-log-2009-09-12 (21-24-29).txt

Scan type: Quick Scan
Objects scanned: 144642
Time elapsed: 8 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sunjavaupd atesched (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\0535251103110107106.xry (KoobFace.Trace) -> Quarantined and deleted successfully.
C:\Program Files\Java\jre6\bin\jusched.exe (Trojan.Agent) -> Quarantined and deleted successfully.

km2357 · 03:36 AM

Edit:

The following entries in the MBAM Log you posted are false positives:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sunjavaupd atesched (Trojan.Agent) -> Quarantined and deleted successfully.

C:\Program Files\Java\jre6\bin\jusched.exe (Trojan.Agent) -> Quarantined and deleted successfully.

To restore them, do the following:

Open up MalwareBytes' Anti-Malware and click on the Quarantine tab.

Make sure that the two false positive lines mentioned above have a checkmark in their boxes (only these two, do not restore anything else) and then press the Restore button.

Once the two items have been restored, you can close MBAM and continue with the instructions below.

Step # 1 Update Adobe Acrobat Reader

There is a newer version of Adobe Acrobat Reader available. (See Note below)

First, go to Add/Remove Programs and uninstall Adobe Reader 6.0.1.
Please go to this link Adobe Acrobat Reader Download Link
On the right Untick Adobe Phototshop Album Starter Edition if you do not wish to include this in the installation.
Click the Continue button
Click Run, and click Run again
Next click the Install Now button and follow the on screen prompts

Note: Adobe 9.1.3 is a large program and if you prefer a smaller program you can get Foxit 3.1 instead from http://www.foxitsoftware.com/pdf/rd_intro.php

If you decide to install Foxit 3.1 instead of Adobe, do the following during Foxit's Setup/Installation process:

Uncheck the following boxes:

I accept the License Terms and want to install Foxit Toolbar

Make Ask.com my default search

Create desktop, quick launch and start menu icon to eBay

Step # 2: Run Kaspersky Online Scan

Please go to Kaspersky website and perform an online antivirus scan.

Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
- Spyware, Adware, Dialers, and other potentially dangerous programs
  Archives
  Mail databases
Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
Please post this log in your next reply.

In your next post/reply, I need to see the following:

1. Kaspersky Log
2. A fresh DDS Log
3. How is the computer doing, any problems?

welshblood · 13-Sep-2009, 02:42 PM **#12**

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Sunday, September 13, 2009
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Sunday, September 13, 2009 12:44:54
Records in database: 2801307
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Objects scanned: 74824
Threats found: 0
Infected objects found: 0
Suspicious objects found: 0
Scan duration: 02:47:49

No threats found. Scanned area is clean.

Selected area has been scanned.

welshblood · 13-Sep-2009, 02:43 PM **#13**

DDS (Ver_09-07-30.01) - NTFSx86
Run by Administrator at 18:35:56.94 on 13/09/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_16
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.494.78 [GMT 1:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
C:\Program Files\IObit\IObit Security 360\IS360srv.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\TFNF5.exe
C:\Program Files\SigmaTel\SigmaTel AC97 Audio Drivers\stacmon.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\IObit\IObit Security 360\IS360tray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\IObit\IObit Security 360\is360.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator.TO38147\Desktop\dds.scr
C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.sky.com/
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyServer = msproxy2:80
uInternet Settings,ProxyOverride = 10.*;rct.*
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File
uRun: [TOSCDSPD] c:\program files\toshiba\toscdspd\toscdspd.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet
mRun: [00THotkey] c:\windows\system32\00THotkey.exe
mRun: [000StTHK] 000StTHK.exe
mRun: [TFNF5] TFNF5.exe
mRun: [SigmaTel StacMon] c:\program files\sigmatel\sigmatel ac97 audio drivers\stacmon.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [TPSMain] TPSMain.exe
mRun: [TFncKy] TFncKy.exe
mRun: [NDSTray.exe] NDSTray.exe
mRun: [RCTAudit] c:\windows\audit\Audit.vbs
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb12.exe
mRun: [HP Software Update] "c:\program files\hp\hp software update\HPWuSchd2.exe"
mRun: [IObit Security 360] c:\program files\iobit\iobit security 360\IS360tray.exe
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [sunjavaupdatesched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
uPolicies-explorer: NoSimpleStartMenu = 1 (0x1)
uPolicies-explorer: NoAutoUpdate = 0 (0x0)
IE: {08E730A4-FB02-45BD-A900-01E4AD8016F6} - http://www.sky.com
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1252447311302
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\admini~1.to3\applic~1\mozilla\firefox\profiles\wk9rx8fi.default \
FF - prefs.js: browser.startup.homepage - www.sky.com
FF - component: c:\documents and settings\administrator.to38147\application data\mozilla\firefox\profiles\wk9rx8fi.default\extensions\piclens@cooliris. com\components\coolirisstub.dll
FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils 2.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils 3.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils 35.dll
FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - plugin: c:\documents and settings\administrator.to38147\application data\mozilla\firefox\profiles\wk9rx8fi.default\extensions\piclens@cooliris. com\plugins\npcoolirisplugin.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: dom.disable_open_during_load - true // Popupblocker control handled by McAfee Privacy Service
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-9-3 206256]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-9-8 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-9-8 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-9-8 108552]
R1 SMBHC;Microsoft SM Bus Host Controller Driver;c:\windows\system32\drivers\smbhc.sys [2005-9-8 6784]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-9-8 297752]
R2 IS360service;IS360service;c:\program files\iobit\iobit security 360\is360srv.exe [2009-9-3 305936]
R3 SMBBATT;Microsoft Smart Battery Driver;c:\windows\system32\drivers\smbbatt.sys [2005-9-8 16000]
S1 Filter;Filter;\??\c:\windows\system32\drivers\filter.sys --> c:\windows\system32\drivers\Filter.sys [?]
S2 webserver;webserver;c:\program files\webserver\webserver.exe --> c:\program files\webserver\webserver.exe [?]
S3 s1018bus;Sony Ericsson Device 1018 driver (WDM);c:\windows\system32\drivers\s1018bus.sys [2009-8-8 86696]
S3 s1018mdfl;Sony Ericsson Device 1018 USB WMC Modem Filter;c:\windows\system32\drivers\s1018mdfl.sys [2009-8-8 15016]
S3 s1018mdm;Sony Ericsson Device 1018 USB WMC Modem Driver;c:\windows\system32\drivers\s1018mdm.sys [2009-8-8 114472]
S3 s1018mgmt;Sony Ericsson Device 1018 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s1018mgmt.sys [2009-8-8 108328]
S3 s1018nd5;Sony Ericsson Device 1018 USB Ethernet Emulation (NDIS);c:\windows\system32\drivers\s1018nd5.sys [2009-8-8 26024]
S3 s1018obex;Sony Ericsson Device 1018 USB WMC OBEX Interface;c:\windows\system32\drivers\s1018obex.sys [2009-8-8 104616]
S3 s1018unic;Sony Ericsson Device 1018 USB Ethernet Emulation (WDM);c:\windows\system32\drivers\s1018unic.sys [2009-8-8 109736]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2009-9-3 348752]
S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2009-9-3 1097096]

=============== Created Last 30 ================

2009-09-12 21:13 <DIR> --d----- c:\docume~1\admini~1.to3\applic~1\Malwarebytes
2009-09-12 21:13 38,224 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-12 21:13 19,160 a------- c:\windows\system32\drivers\mbam.sys
2009-09-12 21:13 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-09-12 21:13 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-09-12 21:01 411,368 a------- c:\windows\system32\deploytk.dll
2009-09-12 21:01 73,728 a------- c:\windows\system32\javacpl.cpl
2009-09-09 18:58 50,176 ac------ c:\windows\system32\dllcache\proquota.exe
2009-09-09 18:58 50,176 a------- c:\windows\system32\proquota.exe
2009-09-09 18:49 <DIR> acdshr-- C:\cmdcons
2009-09-09 18:47 230,912 a------- c:\windows\PEV.exe
2009-09-09 18:47 161,792 a------- c:\windows\SWREG.exe
2009-09-09 18:47 98,816 a------- c:\windows\sed.exe
2009-09-08 23:07 1,355 a------- c:\windows\imsins.BAK
2009-09-08 23:06 153,088 -c------ c:\windows\system32\dllcache\triedit.dll
2009-09-08 22:29 11,952 a------- c:\windows\system32\avgrsstx.dll
2009-09-08 22:29 108,552 a------- c:\windows\system32\drivers\avgtdix.sys
2009-09-08 22:29 335,240 a------- c:\windows\system32\drivers\avgldx86.sys
2009-09-08 22:23 <DIR> --d----- c:\windows\system32\drivers\Avg
2009-09-08 22:23 <DIR> --d----- c:\docume~1\alluse~1\applic~1\AVG Security Toolbar
2009-09-08 22:22 <DIR> --d----- c:\program files\AVG
2009-09-03 23:31 <DIR> --d----- c:\docume~1\alluse~1\applic~1\IObit
2009-09-03 00:59 159,600 a------- c:\windows\system32\drivers\pctgntdi.sys
2009-09-03 00:59 206,256 a------- c:\windows\system32\drivers\PCTCore.sys
2009-09-03 00:59 86,888 a------- c:\windows\system32\drivers\PCTAppEvent.sys
2009-09-03 00:59 7,396 a------- c:\windows\system32\drivers\pctcore.cat
2009-09-03 00:58 <DIR> --d----- c:\program files\common files\PC Tools
2009-09-03 00:58 64,392 a------- c:\windows\system32\drivers\pctplsg.sys
2009-09-03 00:58 <DIR> --d----- c:\program files\Spyware Doctor
2009-09-03 00:58 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC Tools
2009-09-03 00:58 <DIR> --d----- c:\docume~1\admini~1.to3\applic~1\PC Tools
2009-09-02 20:23 <DIR> --d----- c:\windows\system32\scripting
2009-09-02 20:23 <DIR> --d----- c:\windows\l2schemas
2009-09-02 20:23 <DIR> --d----- c:\windows\system32\en
2009-09-02 20:23 <DIR> --d----- c:\windows\system32\bits
2009-09-02 20:17 <DIR> --d----- c:\windows\network diagnostic
2009-09-02 19:51 <DIR> --d----- c:\program files\IObit
2009-09-02 19:51 <DIR> --d----- c:\docume~1\admini~1.to3\applic~1\IObit
2009-09-02 13:15 <DIR> --d----- c:\windows\system32\appmgmt
2009-09-02 13:09 3,091,736 a------- c:\program files\avgstubres.dll
2009-09-02 13:09 959,768 a------- c:\program files\stub.exe
2009-08-31 12:18 <DIR> --d----- c:\program files\webserver

==================== Find3M ====================

2009-09-02 20:27 86,995 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-08-08 12:52 148,736 a------- c:\docume~1\alluse~1\applic~1\hpe18F.dll
2009-08-05 10:01 204,800 a------- c:\windows\system32\mswebdvd.dll
2009-07-24 13:52 261 a------- c:\program files\config.txt
2009-07-17 20:01 58,880 a------- c:\windows\system32\atl.dll
2009-07-12 12:21 233,472 a------- c:\windows\system32\wmpdxm.dll
2009-07-03 18:09 915,456 -------- c:\windows\system32\wininet.dll
2009-06-25 19:36 661,504 a------- c:\windows\system32\mqqm.dll
2009-06-25 19:36 517,120 a------- c:\windows\system32\mqsnap.dll
2009-06-25 19:36 471,552 a------- c:\windows\system32\mqutil.dll
2009-06-25 19:36 225,280 a------- c:\windows\system32\mqoa.dll
2009-06-25 19:36 186,880 a------- c:\windows\system32\mqtrig.dll
2009-06-25 19:36 177,152 a------- c:\windows\system32\mqrt.dll
2009-06-25 19:36 138,240 a------- c:\windows\system32\mqad.dll
2009-06-25 19:36 123,392 a------- c:\windows\system32\mqrtdep.dll
2009-06-25 19:36 95,744 a------- c:\windows\system32\mqsec.dll
2009-06-25 19:36 48,640 a------- c:\windows\system32\mqupgrd.dll
2009-06-25 19:36 47,104 a------- c:\windows\system32\mqdscli.dll
2009-06-25 19:36 16,896 a------- c:\windows\system32\mqise.dll
2009-06-25 09:25 730,112 a------- c:\windows\system32\lsasrv.dll
2009-06-25 09:25 301,568 a------- c:\windows\system32\kerberos.dll
2009-06-25 09:25 147,456 a------- c:\windows\system32\schannel.dll
2009-06-25 09:25 136,192 a------- c:\windows\system32\msv1_0.dll
2009-06-25 09:25 56,832 a------- c:\windows\system32\secur32.dll
2009-06-25 09:25 54,272 a------- c:\windows\system32\wdigest.dll
2009-06-22 12:49 117,248 a------- c:\windows\system32\mqtgsvc.exe
2009-06-22 12:49 19,968 a------- c:\windows\system32\mqbkup.exe
2009-06-22 12:49 4,608 a------- c:\windows\system32\mqsvc.exe
2009-06-16 15:36 119,808 a------- c:\windows\system32\t2embed.dll
2009-06-16 15:36 81,920 a------- c:\windows\system32\fontsub.dll

============= FINISH: 18:37:01.77 ===============

km2357 · 13-Sep-2009, 05:11 PM **#14**

Both the Kaspersky and the DDS Logs look good.

How is the computer doing?

welshblood · 14-Sep-2009, 03:52 PM **#15**

Hi. After a long, involved communication with yourself, ALL SEEMS FINE! Any links in (Google) search results are leading to the correct pages once again.
I would like to express my profound gratitude for taking the time & trouble to help others (ME!) who are much less knowledgable than yourself. May you long contine.

Many Thanks.
STEVE

P.S.
If you could reccomend any free program to speed up a computer* I would be very gratefull.
* Already use Advanced System Care & IObit Security 360. I've done a defragment, stopped lots of programs from starting with Windows, done a Disc Cleanup & Error-Checked the drives. Is there anything else?

Tag Cloud
access acer asus batch bios bsod crash desktop driver drivers error ethernet excel freeze gaming gpu hard drive hardware hdmi internet laptop malware memory monitor motherboard netgear network printer problem ram registry router server slow software sound trojan ubuntu 11.10 uninstall usb video virus vista wifi windows windows 7 windows 7 32 bit windows 7 64 bit windows xp wireless

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)

Search
Search for:

Find the solution to yourcomputer problem!

Find the solution to your
computer problem!