1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

"Win32:Alureon-er" and "badcab-k" removal help needed!

Discussion in 'Virus & Other Malware Removal' started by sph142, Jun 23, 2011.

Thread Status:
Not open for further replies.
Advertisement
  1. sph142

    sph142 Thread Starter

    Joined:
    Jun 23, 2011
    Messages:
    6
    Hi.. My scanner showed that my system was infected with these 2 virus' and I need help removing them as I have read that they are very bad. Any help is greatly appreciated. I have attached and pasted what I believe is required. Thank you in advance!

    Hijackthis.log
    ------------------------------------

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 18:18:35, on 6/23/2011
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\AskBarDis\bar\bin\AskService.exe
    C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Luth Research\SavvyConnectFramework\bin\dtservice\JavaInvoke.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
    C:\Program Files\Common Files\Hewlett-Packard\WJA Update Service\HPWJAUpdateService.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\IoctlSvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\PSIService.exe
    C:\WINDOWS\ehome\RMSvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\PROGRA~1\MI3AA1~1\rapimgr.exe
    C:\Program Files\Comcast Universal Caller ID\Comcast Universal Caller ID.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Documents and Settings\Home\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Home\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Home\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Home\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Home\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Home\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R3 - URLSearchHook: AIM Toolbar Search Class - {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll
    R3 - URLSearchHook: (no name) - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - (no file)
    R3 - URLSearchHook: SpeedBitPlus Toolbar - {60270dc7-9ea0-472f-9b77-66652c06246e} - C:\Program Files\SpeedBitPlus\tbSpe2.dll
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
    R3 - URLSearchHook: MHURLSearchHook Class - {1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48} - C:\Program Files\Celebrity Toolbar\tbhelper.dll
    R3 - URLSearchHook: OddsMaker Toolbar - {b552069b-7b85-492f-8b98-ccf409c93a39} - C:\Program Files\OddsMaker\tbOdd2.dll
    O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 10\SnagitBHO.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
    O2 - BHO: MHTBPos00 - {0C37B053-FD68-456a-82E1-D788EE342E6F} - C:\Program Files\Celebrity Toolbar\tbcore3.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SpeedBitPlus Toolbar - {60270dc7-9ea0-472f-9b77-66652c06246e} - C:\Program Files\SpeedBitPlus\tbSpe2.dll
    O2 - BHO: CmjBrowserHelperObject Object - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files\Mindjet\MindManager 9\Mm8InternetExplorer.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
    O2 - BHO: OddsMaker Toolbar - {b552069b-7b85-492f-8b98-ccf409c93a39} - C:\Program Files\OddsMaker\tbOdd2.dll
    O2 - BHO: Google Gears Helper - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
    O2 - BHO: Luth Research Browser Add-on - {E6C6EC35-C04A-42CD-A3A7-4F09FB0F1B76} - C:\Program Files\Luth Research\SavvyConnectFramework\bin\iexplorer\LuthIEPlugin.dll
    O2 - BHO: OToolbarHelper Class - {EAD3A971-6A23-4246-8691-C9244E858967} - C:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dll (file missing)
    O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\YTSingleInstance.dll
    O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
    O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll
    O3 - Toolbar: SpeedBitPlus Toolbar - {60270dc7-9ea0-472f-9b77-66652c06246e} - C:\Program Files\SpeedBitPlus\tbSpe2.dll
    O3 - Toolbar: PayPal Plug-In - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll (file missing)
    O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll
    O3 - Toolbar: CitaMaticToolbar.IToolbar - {92F86E98-AB23-47F2-A177-73D47DF10C4C} - C:\Cita Matic\IEToolbar.dll
    O3 - Toolbar: Celebrity Toolbar - {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - C:\Program Files\Celebrity Toolbar\tbcore3.dll
    O3 - Toolbar: OddsMaker Toolbar - {b552069b-7b85-492f-8b98-ccf409c93a39} - C:\Program Files\OddsMaker\tbOdd2.dll
    O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 10\SnagitIEAddin.dll
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
    O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui
    O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
    O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
    O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
    O4 - HKLM\..\RunOnce: [SpybotDeletingA5348] command.com /c del "C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.5\BabylonToolbarsrv.exe"
    O4 - HKLM\..\RunOnce: [SpybotDeletingC4764] cmd.exe /c del "C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.5\BabylonToolbarsrv.exe"
    O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Home\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [MediaGet] C:\Program Files\MediaGet\mediaget.exe --minimized
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB3967] command.com /c del "C:\WINDOWS\TEMP#01.EXE"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD5574] cmd.exe /c del "C:\WINDOWS\TEMP#01.EXE"
    O4 - HKCU\..\RunOnce: [SpybotDeletingB843] command.com /c del "C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.5\BabylonToolbarsrv.exe"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD3185] cmd.exe /c del "C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.5\BabylonToolbarsrv.exe"
    O4 - Startup: Comcast Universal Caller ID.lnk = C:\Program Files\Comcast Universal Caller ID\Comcast Universal Caller ID.exe
    O8 - Extra context menu item: &AIM Toolbar Search - C:\Documents and Settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Documents and Settings\Home\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
    O9 - Extra button: (no name) - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
    O9 - Extra 'Tools' menuitem: &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: Send to Mindjet MindManager - {2F72393D-2472-4F82-B600-ED77F354B7FF} - C:\Program Files\Mindjet\MindManager 9\Mm8InternetExplorer.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Home\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (file missing) (HKCU)
    O9 - Extra 'Tools' menuitem: Absolute Poker - {13C1DBF6-7535-495c-91F6-8C13714ED485} - C:\Documents and Settings\Home\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (file missing) (HKCU)
    O9 - Extra button: Absolute Poker - {1FBA04EE-3024-11d2-8F1F-0000F87ABD16} - C:\Documents and Settings\Home\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (file missing) (HKCU)
    O9 - Extra 'Tools' menuitem: Absolute Poker - {1FBA04EE-3024-11d2-8F1F-0000F87ABD16} - C:\Documents and Settings\Home\Start Menu\Programs\Absolute Poker\Absolute Poker.lnk (file missing) (HKCU)
    O9 - Extra button: Red Flush - {65435EAC-6779-4D8F-AAC8-D2C105B9E10A} - C:\Microgaming\Casino\RedFlush\casinogame.exe (HKCU)
    O9 - Extra button: Sportsbook.com - {a0cadf8e-1c3d-4463-89f9-b6db8e1fe580} - C:\Documents and Settings\Home\Start Menu\Programs\Sportsbook.com\Sportsbook.com.lnk (HKCU)
    O9 - Extra button: Odds Maker - {b3cab7b9-eb43-46a2-8e15-02cc298dec71} - C:\Documents and Settings\Home\Start Menu\Programs\Odds Maker\Odds Maker.lnk (file missing) (HKCU)
    O9 - Extra button: CarbonPoker - {e4e8c758-34b4-44bb-8ef9-1f0786e81d2d} - C:\Documents and Settings\Home\Start Menu\Programs\CarbonPoker\CarbonPoker.lnk (file missing) (HKCU)
    O15 - Trusted Zone: http://research.ebay.com
    O16 - DPF: vzTCPConfig - http://www2.verizon.net/help/dsl_settings/include/vzTCPConfig.CAB
    O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.comcastsupport.com/OneClickFix/tgctlsr.cab
    O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file:///C:/Program%20Files/Risk/Images/stg_drm.ocx
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
    O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/OnlineScanner.cab
    O16 - DPF: {64CD313F-F079-4D93-959F-4D28B5519449} (Jeopardy Control) - http://www.worldwinner.com/games/v50/jeopardy/jeopardy.cab
    O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinner.com/games/shared/wwlaunch.cab
    O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file:///C:/Program%20Files/Risk/Images/armhelper.ocx
    O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.12) - http://www.yougamers.com/systeminfo/MSC3.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Unknown owner - C:\Program Files\Avira\AntiVir Desktop\sched.exe (file missing)
    O23 - Service: Avira AntiVir Guard (AntiVirService) - Unknown owner - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (file missing)
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
    O23 - Service: ASKUpgrade - Unknown owner - C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AutoExNT - Unknown owner - C:\WINDOWS\system32\AutoExNT.Exe
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: avast! Mail Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: avast! Web Scanner - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: dtservice - Unknown owner - C:\Program Files\Luth Research\SavvyConnectFramework\bin\dtservice\JavaInvoke.exe
    O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Update Service (gupdate1ca01aabc8e0fe9) (gupdate1ca01aabc8e0fe9) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HP WJA Update Service (HPWJAUpdateService) - Unknown owner - C:\Program Files\Common Files\Hewlett-Packard\WJA Update Service\HPWJAUpdateService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
    O23 - Service: PHPGeekUtil - Unknown owner - c:\apache\APACHE.EXE
    O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
    O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
    O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.11\bin\httpd.exe
    O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.1.36\bin\mysqld.exe
    O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

    --
    End of file - 20107 bytes

    DDS.txt
    ------------------------------------------


    .
    DDS (Ver_2011-06-23.01) - NTFSx86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_04
    Run by Home at 18:22:03 on 2011-06-23
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2038.1046 [GMT -4:00]
    .
    AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .
    ============== Running Processes ===============
    .
    C:\WINDOWS\system32\svchost -k DcomLaunch
    svchost.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    svchost.exe
    svchost.exe
    C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    svchost.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\AskBarDis\bar\bin\AskService.exe
    C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Luth Research\SavvyConnectFramework\bin\dtservice\JavaInvoke.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S40RP7.EXE
    C:\Program Files\Common Files\Hewlett-Packard\WJA Update Service\HPWJAUpdateService.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Google\Update\1.3.21.57\GoogleCrashHandler.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\WINDOWS\system32\IoctlSvc.exe
    C:\WINDOWS\System32\svchost.exe -k HPZ12
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\WINDOWS\system32\PSIService.exe
    C:\WINDOWS\ehome\RMSvc.exe
    svchost.exe
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\PROGRA~1\MI3AA1~1\rapimgr.exe
    C:\Program Files\Comcast Universal Caller ID\Comcast Universal Caller ID.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\WINDOWS\system32\igfxsrvc.exe
    C:\Documents and Settings\Home\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Home\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Home\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Home\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Home\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Home\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Documents and Settings\Home\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Home\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\Home\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = about:blank
    uInternet Settings,ProxyOverride = <local>;*.local
    uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
    uURLSearchHooks: H - No File
    uURLSearchHooks: SpeedBitPlus Toolbar: {60270dc7-9ea0-472f-9b77-66652c06246e} - c:\program files\speedbitplus\tbSpe2.dll
    uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
    uURLSearchHooks: MHURLSearchHook Class: {1c4ab6a5-595f-4e86-b15f-f93cce2bbd48} - c:\program files\celebrity toolbar\tbhelper.dll
    uURLSearchHooks: OddsMaker Toolbar: {b552069b-7b85-492f-8b98-ccf409c93a39} - c:\program files\oddsmaker\tbOdd2.dll
    mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
    BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 10\SnagitBHO.dll
    BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
    BHO: MHTBPos00 Class: {0c37b053-fd68-456a-82e1-d788ee342e6f} - c:\program files\celebrity toolbar\tbcore3.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll
    BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: SpeedBitPlus Toolbar: {60270dc7-9ea0-472f-9b77-66652c06246e} - c:\program files\speedbitplus\tbSpe2.dll
    BHO: CmjBrowserHelperObject Object: {6fe6a929-59d1-4763-91ad-29b61cffb35b} - c:\program files\mindjet\mindmanager 9\Mm8InternetExplorer.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
    BHO: OddsMaker Toolbar: {b552069b-7b85-492f-8b98-ccf409c93a39} - c:\program files\oddsmaker\tbOdd2.dll
    BHO: Google Gears Helper: {e0fefe40-fbf9-42ae-ba58-794ca7e3fb53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
    BHO: Luth Research Browser Add-on: {e6c6ec35-c04a-42cd-a3a7-4f09fb0f1b76} - c:\program files\luth research\savvyconnectframework\bin\iexplorer\LuthIEPlugin.dll
    BHO: OToolbarHelper Class: {ead3a971-6a23-4246-8691-c9244e858967} - c:\program files\paypal\paypal plug-in\PayPalHelper.dll
    BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn3\YTSingleInstance.dll
    TB: Google Web Accelerator: {db87bfa2-a2e3-451e-8e5a-c89982d87cbf} - c:\program files\google\web accelerator\GoogleWebAccToolbar.dll
    TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
    TB: SpeedBitPlus Toolbar: {60270dc7-9ea0-472f-9b77-66652c06246e} - c:\program files\speedbitplus\tbSpe2.dll
    TB: PayPal Plug-In: {dc0f2f93-27fa-4f84-acaa-9416f90b9511} - c:\program files\paypal\paypal plug-in\OToolbar.dll
    TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
    TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
    TB: CitaMaticToolbar.IToolbar: {92f86e98-ab23-47f2-a177-73d47df10c4c} - c:\cita matic\IEToolbar.dll
    TB: Celebrity Toolbar: {fd2fd708-1f6f-4b68-b141-c5778f0c19bb} - c:\program files\celebrity toolbar\tbcore3.dll
    TB: OddsMaker Toolbar: {b552069b-7b85-492f-8b98-ccf409c93a39} - c:\program files\oddsmaker\tbOdd2.dll
    TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 10\SnagitIEAddin.dll
    TB: {8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - No File
    uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [Google Update] "c:\documents and settings\home\local settings\application data\google\update\GoogleUpdate.exe" /c
    uRun: [MediaGet] c:\program files\mediaget\mediaget.exe --minimized
    uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"
    uRunOnce: [SpybotDeletingB3967] command.com /c del "c:\windows\TEMP#01.EXE"
    uRunOnce: [SpybotDeletingD5574] cmd.exe /c del "c:\windows\TEMP#01.EXE"
    uRunOnce: [SpybotDeletingB843] command.com /c del "c:\program files\babylontoolbar\babylontoolbar\1.4.19.5\BabylonToolbarsrv.exe"
    uRunOnce: [SpybotDeletingD3185] cmd.exe /c del "c:\program files\babylontoolbar\babylontoolbar\1.4.19.5\BabylonToolbarsrv.exe"
    mRun: [Symantec PIF AlertEng] "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\pifsvc.exe" /a /m "c:\program files\common files\symantec shared\pif\{b8e1dd85-8582-4c61-b58f-2f227fca9a08}\AlertEng.dll"
    mRun: [HydraVisionDesktopManager] c:\program files\ati technologies\ati hydravision\HydraDM.exe
    mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui
    mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
    mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
    mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
    mRun: [Persistence] c:\windows\system32\igfxpers.exe
    mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
    mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSCONFIG.EXE /auto
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
    mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
    mRunOnce: [SpybotDeletingA5348] command.com /c del "c:\program files\babylontoolbar\babylontoolbar\1.4.19.5\BabylonToolbarsrv.exe"
    mRunOnce: [SpybotDeletingC4764] cmd.exe /c del "c:\program files\babylontoolbar\babylontoolbar\1.4.19.5\BabylonToolbarsrv.exe"
    mRunOnce: [SpybotSnD] "c:\program files\spybot - search & destroy\SpybotSD.exe" /autocheck
    StartupFolder: c:\docume~1\home\startm~1\programs\startup\comcas~1.lnk - c:\program files\comcast universal caller id\Comcast Universal Caller ID.exe
    IE: &AIM Toolbar Search - c:\documents and settings\all users\application data\aim toolbar\ietoolbar\resources\en-us\local\search.html
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
    IE: Free YouTube to MP3 Converter - c:\documents and settings\home\application data\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_04\bin\ssv.dll
    IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
    IE: {2F72393D-2472-4F82-B600-ED77F354B7FF} - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - c:\program files\mindjet\mindmanager 9\Mm8InternetExplorer.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    Trusted Zone: ebay.com\research
    Trusted Zone: paypal.com\www
    DPF: vzTCPConfig - hxxp://www2.verizon.net/help/dsl_settings/include/vzTCPConfig.CAB
    DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} - hxxp://www.comcastsupport.com/OneClickFix/tgctlsr.cab
    DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} - file:///C:/Program%20Files/Risk/Images/stg_drm.ocx
    DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
    DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
    DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - hxxp://www.eset.eu/OnlineScanner.cab
    DPF: {64CD313F-F079-4D93-959F-4D28B5519449} - hxxp://www.worldwinner.com/games/v50/jeopardy/jeopardy.cab
    DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab
    DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Risk/Images/armhelper.ocx
    DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} - hxxp://www.yougamers.com/systeminfo/MSC3.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    TCP: DhcpNameServer = 68.87.64.150 68.87.75.198
    TCP: Interfaces\{A9628347-3233-478B-8C41-1B9AA6ACECF3} : DhcpNameServer = 68.87.64.150 68.87.75.198
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Notify: AtiExtEvent - Ati2evxx.dll
    Notify: igfxcui - igfxdev.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\home\application data\mozilla\firefox\profiles\3a3y7jd1.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=17434
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/home?AF=17434
    FF - component: c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\ext\components\nprpffbrowserrecordext.dll
    FF - component: c:\documents and settings\home\application data\mozilla\firefox\profiles\3a3y7jd1.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
    FF - component: c:\documents and settings\home\application data\mozilla\firefox\profiles\3a3y7jd1.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
    FF - component: c:\documents and settings\home\application data\mozilla\firefox\profiles\3a3y7jd1.default\extensions\{60270dc7-9ea0-472f-9b77-66652c06246e}\components\FFAlert.dll
    FF - component: c:\documents and settings\home\application data\mozilla\firefox\profiles\3a3y7jd1.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll
    FF - component: c:\documents and settings\home\application data\mozilla\firefox\profiles\3a3y7jd1.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll
    FF - component: c:\documents and settings\home\application data\mozilla\firefox\profiles\3a3y7jd1.default\extensions\[email protected]\components\FFHst.dll
    FF - component: c:\program files\google\google gears\firefox\lib\ff36\gears.dll
    FF - plugin: c:\documents and settings\home\application data\move networks\plugins\npqmp071706000001.dll
    FF - plugin: c:\documents and settings\home\application data\mozilla\firefox\profiles\3a3y7jd1.default\extensions\[email protected]\plugins\npImgCtl.dll
    FF - plugin: c:\documents and settings\home\local settings\application data\google\update\1.3.21.57\npGoogleUpdate3.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
    FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
    FF - plugin: c:\program files\google\update\1.2.183.29\npGoogleOneClick8.dll
    FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll
    FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\mozilla firefox 3 beta 5\plugins\npCtxCAOHF425.dll
    FF - plugin: c:\program files\mozilla firefox 3 beta 5\plugins\npdivx32.dll
    FF - plugin: c:\program files\mozilla firefox 3 beta 5\plugins\npDivxPlayerPlugin.dll
    FF - plugin: c:\program files\mozilla firefox 3 beta 5\plugins\npicaN.dll
    FF - plugin: c:\program files\mozilla firefox 3 beta 5\plugins\npnul32.dll
    FF - plugin: c:\program files\mozilla firefox 3 beta 5\plugins\NPOFF12.DLL
    FF - plugin: c:\program files\mozilla firefox 3 beta 5\plugins\nppdf32.dll
    FF - plugin: c:\program files\mozilla firefox 3 beta 5\plugins\npyaxmpb.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npclntax_ClickPotatoLiteSA.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
    FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
    FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll
    FF - plugin: c:\windows\system32\npmirage.dll
    FF - Ext: SpeedBitPlus Toolbar: {60270dc7-9ea0-472f-9b77-66652c06246e} - %profile%\extensions\{60270dc7-9ea0-472f-9b77-66652c06246e}
    FF - Ext: Ancestry.com Advanced Image Viewer: [email protected] - %profile%\extensions\[email protected]
    FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
    FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    FF - Ext: Ask Toolbar for Firefox: {E9A1DEE0-C623-4439-8932-001E7D17607D} - %profile%\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
    FF - Ext: Cita Matic button: [email protected] - %profile%\extensions\[email protected]
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - %profile%\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
    FF - Ext: SavvyConnect: [email protected] - %profile%\extensions\[email protected]
    FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
    FF - Ext: Celebrity Toolbar: {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - c:\program files\mozilla firefox\extensions\{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}
    FF - Ext: Google Gears: {000a9d1c-beef-4f90-9363-039d445309b8} - c:\program files\google\google gears\Firefox
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\all users\application data\real\realplayer\browserrecordplugin\firefox\Ext
    FF - Ext: Move Media Player: [email protected] - c:\documents and settings\home\application data\Move Networks
    .
    ---- FIREFOX POLICIES ----

    ============= SERVICES / DRIVERS ===============
    .
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-1-8 165584]
    R1 KmReg;System kernel configuration;c:\windows\system32\ansiox.sys [2008-5-27 38784]
    R1 NtLclIpc;Remote Procedure Call RT4s;c:\windows\system32\ansio.sys [2008-5-27 122112]
    R2 ASKService;ASKService;c:\program files\askbardis\bar\bin\AskService.exe [2009-7-26 464264]
    R2 ASKUpgrade;ASKUpgrade;c:\program files\askbardis\bar\bin\ASKUpgrade.exe [2009-7-26 234888]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-1-8 17744]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-4-27 40384]
    R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-11-21 56816]
    R2 dtservice;dtservice;c:\program files\luth research\savvyconnectframework\bin\dtservice\JavaInvoke.exe [2011-2-24 94208]
    R2 HPWJAUpdateService;HP WJA Update Service;c:\program files\common files\hewlett-packard\wja update service\HPWJAUpdateService.exe [2008-5-30 20480]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2008-12-27 366640]
    R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\McrdSvc.exe [2005-10-20 96256]
    R2 SBKUPNT;SBKUPNT;c:\windows\system32\drivers\SBKUPNT.SYS [2008-5-28 14976]
    R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [2008-4-16 39424]
    R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-4-27 40384]
    R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-4-27 40384]
    R3 DroidCam;DroidCam Virtual Audio;c:\windows\system32\drivers\droidcam.sys [2011-3-10 21376]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2008-12-27 22712]
    S0 nielprt;Nielsen Patch Service;c:\windows\system32\drivers\nielprt.sys --> c:\windows\system32\drivers\nielprt.sys [?]
    S1 avgio;avgio;\??\c:\program files\avira\antivir desktop\avgio.sys --> c:\program files\avira\antivir desktop\avgio.sys [?]
    S2 AntiVirSchedulerService;Avira AntiVir Scheduler;"c:\program files\avira\antivir desktop\sched.exe" --> c:\program files\avira\antivir desktop\sched.exe [?]
    S2 AntiVirService;Avira AntiVir Guard;"c:\program files\avira\antivir desktop\avguard.exe" --> c:\program files\avira\antivir desktop\avguard.exe [?]
    S2 AutoExNT;AutoExNT;c:\windows\system32\Autoexnt.exe [2008-6-14 5904]
    S2 gupdate1ca01aabc8e0fe9;Google Update Service (gupdate1ca01aabc8e0fe9);c:\program files\google\update\GoogleUpdate.exe [2009-7-10 133104]
    S2 PHPGeekUtil;PHPGeekUtil;c:\apache\Apache.exe [2002-1-25 20480]
    S3 AteksoftAudio;WebCamera Plus Audio;c:\windows\system32\drivers\ateksoftaudio.sys [2008-11-7 11776]
    S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [2011-3-14 23456]
    S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2011-3-10 36608]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-7-10 133104]
    S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2008-12-27 39984]
    S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [2009-4-8 40960]
    S3 NielGfx;Nielsen USB GFX;c:\windows\system32\drivers\nielgfx.sys --> c:\windows\system32\drivers\nielgfx.sys [?]
    S3 pneteth;PdaNet Broadband;c:\windows\system32\drivers\pneteth.sys [2011-5-19 13312]
    S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2011-5-19 96416]
    .
    =============== Created Last 30 ================
    .
    2011-06-23 01:22:18 54016 ----a-w- c:\windows\system32\drivers\weyqll.sys
    2011-06-04 13:10:43 -------- d-----w- c:\documents and settings\home\application data\DVDVideoSoftIEHelpers
    2011-06-04 13:10:24 -------- d-----w- c:\program files\common files\Plasmoo
    .
    ==================== Find3M ====================
    .
    2011-05-29 13:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-05-29 13:11:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-05-19 05:12:34 21376 ----a-w- c:\windows\system32\drivers\droidcam.sys
    2011-04-19 01:11:53 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2007-12-18 01:23:32 1136640 ----a-w- c:\program files\common files\ewutils2.dll
    .
    ============= FINISH: 18:23:20.78 ===============

    ark.txt
    ---------------------------------------------------------
    GMER 1.0.15.15640 - http://www.gmer.net
    Rootkit quick scan 2011-06-23 18:33:34
    Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e ST3500630AS rev.3.AAK
    Running: 7tktxl1e.exe; Driver: C:\DOCUME~1\Home\LOCALS~1\Temp\fwrirpod.sys


    ---- System - GMER 1.0.15 ----

    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateProcessEx [0xB818EBAE]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwCreateSection [0xB818E9D2]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ZwLoadDriver [0xB818EB0C]
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) NtCreateSection
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObInsertObject
    Code \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/AVAST Software) ObMakeTemporaryObject

    ---- Devices - GMER 1.0.15 ----

    Device \FileSystem\Ntfs \Ntfs aswSP.SYS (avast! self protection module/AVAST Software)

    AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)
    AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/AVAST Software)

    ---- EOF - GMER 1.0.15 ----
     

    Attached Files:

  2. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,930
    Hi,

    Please do the following:

    Download ComboFix from one of the following locations:
    Link 1
    Link 2

    VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

    * IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
    • Double click on ComboFix.exe & follow the prompts.
    As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

    • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

    [​IMG]

    • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    [​IMG]

    • Click on Yes, to continue scanning for malware.
    When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
    Notes:
    1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
    2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.
     
  3. sph142

    sph142 Thread Starter

    Joined:
    Jun 23, 2011
    Messages:
    6
    Thanks for your response. I ran combofix and it just produced a log that I have copied below:


    ComboFix 11-06-25.05 - Home 06/25/2011 20:06:43.5.2 - x86
    Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2038.1328 [GMT -4:00]
    Running from: c:\documents and settings\Home\My Documents\Downloads\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\documents and settings\All Users\Application Data\Tarma Installer
    c:\documents and settings\All Users\Application Data\Tarma Installer\{1E3CA1C4-1E90-401B-8CC0-911DF018D8D8}\_Setup.dll
    c:\documents and settings\All Users\Application Data\Tarma Installer\{1E3CA1C4-1E90-401B-8CC0-911DF018D8D8}\20081117230532.log
    c:\documents and settings\All Users\Application Data\Tarma Installer\{1E3CA1C4-1E90-401B-8CC0-911DF018D8D8}\Setup.dat
    c:\documents and settings\All Users\Application Data\Tarma Installer\{1E3CA1C4-1E90-401B-8CC0-911DF018D8D8}\Setup.exe
    c:\documents and settings\All Users\Application Data\Tarma Installer\{1E3CA1C4-1E90-401B-8CC0-911DF018D8D8}\Setup.ico
    c:\documents and settings\Home\pev.exe
    c:\windows\system\COMCAT.DLL
    c:\windows\system\COMDLG32.DLL
    c:\windows\system\olepro32.dll
    c:\windows\system32\winlogon.bak
    .
    .
    ((((((((((((((((((((((((( Files Created from 2011-05-26 to 2011-06-26 )))))))))))))))))))))))))))))))
    .
    .
    2011-06-04 13:10 . 2011-06-04 13:10 -------- d-----w- c:\documents and settings\Home\Application Data\DVDVideoSoftIEHelpers
    2011-06-04 13:10 . 2011-06-04 13:10 -------- d-----w- c:\program files\Common Files\Plasmoo
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2011-05-29 13:11 . 2008-12-27 16:50 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2011-05-29 13:11 . 2008-12-27 16:50 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-05-19 05:12 . 2011-03-10 16:37 21376 ----a-w- c:\windows\system32\drivers\droidcam.sys
    2011-05-03 14:59 . 2011-05-03 14:59 53248 ----a-r- c:\documents and settings\Home\Application Data\Microsoft\Installer\{C0C1D2BC-72FE-4F77-A2F9-CD10D5AA8F93}\ARPPRODUCTICON.exe
    2011-04-19 01:11 . 2011-04-19 01:12 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2007-12-18 01:23 . 2008-05-03 20:00 1136640 ----a-w- c:\program files\Common Files\ewutils2.dll
    2008-05-01 11:17 . 2008-05-28 00:16 192512 ----a-w- c:\program files\mozilla firefox\components\msvcrj71.dll
    .
    .
    ------- Sigcheck -------
    Note: Unsigned files aren't necessarily malware.
    .
    [-] 2010-01-06 14:50 . 3FC915489E69C764499325CB010622EC . 95360 . . [------] . . c:\windows\system32\drivers\atapi.sys
    [7] 2009-12-31 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\dllcache\atapi.sys
    [7] 2004-08-10 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0005\DriverFiles\i386\atapi.sys
    [7] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
    .
    [-] 2008-06-14 . 6225F14B8CE08CCBA8B25AD27843C674 . 502272 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{60270dc7-9ea0-472f-9b77-66652c06246e}"= "c:\program files\SpeedBitPlus\tbSpe2.dll" [2010-10-18 3908192]
    "{1C4AB6A5-595F-4e86-B15F-F93CCE2BBD48}"= "c:\program files\Celebrity Toolbar\tbhelper.dll" [2009-05-07 355840]
    "{b552069b-7b85-492f-8b98-ccf409c93a39}"= "c:\program files\OddsMaker\tbOdd2.dll" [2010-10-18 3908192]
    .
    [HKEY_CLASSES_ROOT\clsid\{60270dc7-9ea0-472f-9b77-66652c06246e}]
    .
    [HKEY_CLASSES_ROOT\clsid\{1c4ab6a5-595f-4e86-b15f-f93cce2bbd48}]
    [HKEY_CLASSES_ROOT\URLSearchHook.MHURLSearchHook.1]
    [HKEY_CLASSES_ROOT\TypeLib\{1EA6B471-CAD2-419a-9539-0586EEFE2D09}]
    [HKEY_CLASSES_ROOT\URLSearchHook.MHURLSearchHook]
    .
    [HKEY_CLASSES_ROOT\clsid\{b552069b-7b85-492f-8b98-ccf409c93a39}]
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0C37B053-FD68-456a-82E1-D788EE342E6F}]
    2009-05-07 21:46 2642432 ----a-w- c:\program files\Celebrity Toolbar\tbcore3.dll
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
    2010-10-18 10:26 3908192 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{60270dc7-9ea0-472f-9b77-66652c06246e}]
    2010-10-18 10:26 3908192 ----a-w- c:\program files\SpeedBitPlus\tbSpe2.dll
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b552069b-7b85-492f-8b98-ccf409c93a39}]
    2010-10-18 10:26 3908192 ----a-w- c:\program files\OddsMaker\tbOdd2.dll
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{E6C6EC35-C04A-42CD-A3A7-4F09FB0F1B76}]
    2010-09-20 21:02 310784 ----a-w- c:\program files\Luth Research\SavvyConnectFramework\bin\iexplorer\LuthIEPlugin.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{60270dc7-9ea0-472f-9b77-66652c06246e}"= "c:\program files\SpeedBitPlus\tbSpe2.dll" [2010-10-18 3908192]
    "{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-12-10 333192]
    "{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}"= "c:\program files\Celebrity Toolbar\tbcore3.dll" [2009-05-07 2642432]
    "{b552069b-7b85-492f-8b98-ccf409c93a39}"= "c:\program files\OddsMaker\tbOdd2.dll" [2010-10-18 3908192]
    .
    [HKEY_CLASSES_ROOT\clsid\{60270dc7-9ea0-472f-9b77-66652c06246e}]
    .
    [HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
    [HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
    .
    [HKEY_CLASSES_ROOT\clsid\{fd2fd708-1f6f-4b68-b141-c5778f0c19bb}]
    [HKEY_CLASSES_ROOT\MHToolbar.MHToolbar.3]
    [HKEY_CLASSES_ROOT\TypeLib\{EC4085F2-8DB3-45a6-AD0B-CA289F3C5D7E}]
    [HKEY_CLASSES_ROOT\MHToolbar.MHToolbar]
    .
    [HKEY_CLASSES_ROOT\clsid\{b552069b-7b85-492f-8b98-ccf409c93a39}]
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{60270DC7-9EA0-472F-9B77-66652C06246E}"= "c:\program files\SpeedBitPlus\tbSpe2.dll" [2010-10-18 3908192]
    "{B552069B-7B85-492F-8B98-CCF409C93A39}"= "c:\program files\OddsMaker\tbOdd2.dll" [2010-10-18 3908192]
    .
    [HKEY_CLASSES_ROOT\clsid\{60270dc7-9ea0-472f-9b77-66652c06246e}]
    .
    [HKEY_CLASSES_ROOT\clsid\{b552069b-7b85-492f-8b98-ccf409c93a39}]
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-04-17 68856]
    "MediaGet"="c:\program files\MediaGet\mediaget.exe" [2011-02-01 4211200]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-30 583048]
    "HydraVisionDesktopManager"="c:\program files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe" [2003-09-16 270336]
    "avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-09-07 2838912]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-04-20 142104]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-04-20 162584]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2007-04-20 138008]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-03-03 202256]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
    .
    c:\documents and settings\Home\Start Menu\Programs\Startup\
    Comcast Universal Caller ID.lnk - c:\program files\Comcast Universal Caller ID\Comcast Universal Caller ID.exe [2010-7-18 27648]
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KmReg]
    @="Event log"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NtLclIpc]
    @="Event log"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^Home^Start Menu^Programs^Startup^Adobe Gamma.lnk]
    path=c:\documents and settings\Home\Start Menu\Programs\Startup\Adobe Gamma.lnk
    backup=c:\windows\pss\Adobe Gamma.lnkStartup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^Home^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
    path=c:\documents and settings\Home\Start Menu\Programs\Startup\LimeWire On Startup.lnk
    backup=c:\windows\pss\LimeWire On Startup.lnkStartup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^Home^Start Menu^Programs^Startup^LimeWire On Startup.lnk.disabled]
    path=c:\documents and settings\Home\Start Menu\Programs\Startup\LimeWire On Startup.lnk.disabled
    backup=c:\windows\pss\LimeWire On Startup.lnk.disabledStartup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^Home^Start Menu^Programs^Startup^Sprint media monitor.lnk]
    path=c:\documents and settings\Home\Start Menu\Programs\Startup\Sprint media monitor.lnk
    backup=c:\windows\pss\Sprint media monitor.lnkStartup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
    2010-09-21 03:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
    2010-09-23 08:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeUpdater]
    2008-11-06 19:50 2356088 ----a-w- c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Family Tree Builder Update]
    2009-11-02 08:58 222736 ----a-w- c:\program files\MyHeritage\Bin\FTBCheckUpdates.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
    2008-09-06 19:18 133104 ----atw- c:\documents and settings\Home\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
    2008-10-25 19:44 31072 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
    2006-11-13 21:39 1289000 ----a-w- c:\program files\Microsoft ActiveSync\wcescomm.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
    2010-07-21 19:53 141608 ----a-w- c:\program files\iTunes\iTunesHelper.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Vid]
    2009-04-30 21:39 5472016 ----a-w- c:\program files\Logitech\Logitech Vid\Vid.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechQuickCamRibbon]
    2009-05-08 17:35 2780432 ----a-w- c:\program files\Logitech\Logitech WebCam Software\LWS.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaGet]
    2011-02-01 23:54 4211200 ----a-w- c:\program files\MediaGet\mediaget.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
    2010-04-29 20:59 5248312 ----a-w- c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    2008-02-28 16:59 570664 ----a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
    2010-03-19 02:16 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
    2008-04-17 13:26 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
    2010-03-03 16:48 202256 ----a-w- c:\program files\Common Files\Real\Update_OB\realsched.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TTMessengerPDF]
    2004-03-22 21:06 61440 ----a-w- c:\program files\TTMessenger\spool\PDFSaver.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector v2]
    2007-08-03 05:08 95504 ----a-w- c:\program files\Common Files\Ulead Systems\AutoDetector\Monitor.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VeohPlugin]
    2010-07-06 14:01 2634048 ----a-w- c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "Aim6"="c:\program files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
    "IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_04\bin\jusched.exe"
    "NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
    "ysicp"=c:\program files\Instant Color Picker\icp.exe
    "CanonMyPrinter"=c:\program files\Canon\MyPrinter\BJMyPrt.exe /logon
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
    "StartCCC"=c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
    "ehTray"=c:\windows\ehome\ehtray.exe
    "PWRISOVM.EXE"=c:\program files\PowerISO\PWRISOVM.EXE
    "Media Codec Update Service"=c:\program files\Essentials Codec Pack\update.exe -silent
    "SkyTel"=SkyTel.EXE
    "RTHDCPL"=RTHDCPL.EXE
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe"
    "Corel Photo Downloader"="c:\program files\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "c:\\Program Files\\IBP 9\\IBP.exe"=
    "c:\\Program Files\\SmartFTP Client\\SmartFTP.exe"=
    "c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
    "c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
    "c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
    "%windir%\\system32\\drivers\\svchost.exe"=
    "c:\\Program Files\\Vuze\\Azureus.exe"=
    "c:\\Program Files\\AIM\\aim.exe"=
    "c:\\wamp\\bin\\apache\\Apache2.2.11\\bin\\httpd.exe"=
    "c:\\Program Files\\dbQwikSite 5\\dbQwikWebServer.exe"=
    "c:\\Program Files\\Adobe\\Adobe Dreamweaver CS3\\Dreamweaver.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=
    "c:\\Program Files\\Logitech\\Logitech Vid\\Vid.exe"=
    "c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
    "c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
    "c:\\Program Files\\Veoh Networks\\VeohWebPlayer\\veohwebplayer.exe"=
    "c:\\Program Files\\Java\\jre1.6.0_04\\bin\\javaw.exe"=
    "c:\\Program Files\\NewsBin\\nbpro.exe"=
    "c:\\Program Files\\FrostWire\\FrostWire.exe"=
    "c:\\Program Files\\DroidCam\\DroidCamApp.exe"=
    "c:\\Program Files\\LimeWire\\LimeWire.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
    "3776:UDP"= 3776:UDP:Media Center Extender Service
    "3390:TCP"= 3390:TCP:Remote Media Center Experience
    .
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [1/8/2010 10:42 165584]
    R1 KmReg;System kernel configuration;c:\windows\system32\ansiox.sys [5/27/2008 19:29 38784]
    R1 NtLclIpc;Remote Procedure Call RT4s;c:\windows\system32\ansio.sys [5/27/2008 19:29 122112]
    R2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [7/26/2009 18:32 464264]
    R2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [7/26/2009 18:33 234888]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1/8/2010 10:42 17744]
    R2 HPWJAUpdateService;HP WJA Update Service;c:\program files\Common Files\Hewlett-Packard\WJA Update Service\HPWJAUpdateService.exe [5/30/2008 01:54 20480]
    R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12/27/2008 12:50 366640]
    R2 SBKUPNT;SBKUPNT;c:\windows\system32\drivers\SBKUPNT.SYS [5/28/2008 11:16 14976]
    R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [4/16/2008 05:48 39424]
    R3 DroidCam;DroidCam Virtual Audio;c:\windows\system32\drivers\droidcam.sys [3/10/2011 12:37 21376]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12/27/2008 12:50 22712]
    S0 nielprt;Nielsen Patch Service;c:\windows\system32\DRIVERS\nielprt.sys --> c:\windows\system32\DRIVERS\nielprt.sys [?]
    S2 AntiVirSchedulerService;Avira AntiVir Scheduler;"c:\program files\Avira\AntiVir Desktop\sched.exe" --> c:\program files\Avira\AntiVir Desktop\sched.exe [?]
    S2 AutoExNT;AutoExNT;c:\windows\system32\Autoexnt.exe [6/14/2008 08:45 5904]
    S2 dtservice;dtservice;c:\program files\Luth Research\SavvyConnectFramework\bin\dtservice\JavaInvoke.exe [2/24/2011 20:21 94208]
    S2 gupdate1ca01aabc8e0fe9;Google Update Service (gupdate1ca01aabc8e0fe9);c:\program files\Google\Update\GoogleUpdate.exe [7/10/2009 18:06 133104]
    S2 PHPGeekUtil;PHPGeekUtil;c:\apache\Apache.exe [1/25/2002 00:30 20480]
    S3 AteksoftAudio;WebCamera Plus Audio;c:\windows\system32\drivers\ateksoftaudio.sys [11/7/2008 18:20 11776]
    S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [3/14/2011 18:13 23456]
    S3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [3/10/2011 19:19 36608]
    S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [7/10/2009 18:06 133104]
    S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [12/27/2008 12:50 39984]
    S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\drivers\motodrv.sys [4/8/2009 20:59 40960]
    S3 NielGfx;Nielsen USB GFX;c:\windows\system32\drivers\nielgfx.sys --> c:\windows\system32\drivers\nielgfx.sys [?]
    S3 pneteth;PdaNet Broadband;c:\windows\system32\drivers\pneteth.sys [5/19/2011 00:53 13312]
    S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [5/19/2011 00:53 96416]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
    QWAVE REG_MULTI_SZ QWAVE
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2011-06-25 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-04-17 12:32]
    .
    2011-06-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-07-10 22:06]
    .
    2011-06-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-07-10 22:06]
    .
    2011-06-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-602162358-1965331169-839522115-1003Core.job
    - c:\documents and settings\Home\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-06 19:18]
    .
    2011-06-25 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-602162358-1965331169-839522115-1003UA.job
    - c:\documents and settings\Home\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2008-09-06 19:18]
    .
    2011-06-25 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-602162358-1965331169-839522115-1003.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 06:09]
    .
    2011-06-25 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-602162358-1965331169-839522115-1012.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 06:09]
    .
    2011-06-25 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-602162358-1965331169-839522115-500.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 06:09]
    .
    2011-06-21 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-602162358-1965331169-839522115-1003.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 06:09]
    .
    2011-06-23 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-602162358-1965331169-839522115-1012.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 06:09]
    .
    2011-06-22 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-602162358-1965331169-839522115-500.job
    - c:\program files\Real\RealUpgrade\realupgrade.exe [2010-02-25 06:09]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = about:blank
    uInternet Settings,ProxyOverride = <local>;*.local
    IE: &AIM Toolbar Search - c:\documents and settings\All Users\Application Data\AIM Toolbar\ieToolbar\resources\en-US\local\search.html
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    IE: Free YouTube to MP3 Converter - c:\documents and settings\Home\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
    Trusted Zone: ebay.com\research
    Trusted Zone: paypal.com\www
    TCP: DhcpNameServer = 68.87.64.150 68.87.75.198
    DPF: vzTCPConfig - hxxp://www2.verizon.net/help/dsl_settings/include/vzTCPConfig.CAB
    FF - ProfilePath - c:\documents and settings\Home\Application Data\Mozilla\Firefox\Profiles\3a3y7jd1.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=17434
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/home?AF=17434
    FF - Ext: SpeedBitPlus Toolbar: {60270dc7-9ea0-472f-9b77-66652c06246e} - %profile%\extensions\{60270dc7-9ea0-472f-9b77-66652c06246e}
    FF - Ext: Ancestry.com Advanced Image Viewer: [email protected] - %profile%\extensions\[email protected]
    FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
    FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
    FF - Ext: Ask Toolbar for Firefox: {E9A1DEE0-C623-4439-8932-001E7D17607D} - %profile%\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
    FF - Ext: Cita Matic button: [email protected] - %profile%\extensions\[email protected]
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
    FF - Ext: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - %profile%\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
    FF - Ext: SavvyConnect: [email protected] - %profile%\extensions\[email protected]
    FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
    FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
    FF - Ext: Java Console: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}
    FF - Ext: Celebrity Toolbar: {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - c:\program files\Mozilla Firefox\extensions\{FD2FD708-1F6F-4B68-B141-C5778F0C19BB}
    FF - Ext: Google Gears: {000a9d1c-beef-4f90-9363-039d445309b8} - c:\program files\Google\Google Gears\Firefox
    FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - Ext: RealPlayer Browser Record Plugin: {ABDE892B-13A8-4d1b-88E6-365A6E755758} - c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
    FF - Ext: Move Media Player: [email protected] - c:\documents and settings\Home\Application Data\Move Networks

    .
    - - - - ORPHANS REMOVED - - - -
    .
    URLSearchHooks-HookURL - (no file)
    URLSearchHooks-Rank - (no file)
    WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
    MSConfigStartUp-AutoStartNPSAgent - c:\program files\Samsung\Samsung New PC Studio\NPSAgent.exe
    MSConfigStartUp-BabylonToolbar - c:\program files\BabylonToolbar\BabylonToolbar\1.4.19.5\BabylonToolbarsrv.exe
    MSConfigStartUp-OrganizeME - c:\program files\OrganizeME\OrganizeME.EXE
    AddRemove-BetPhoenix - c:\program files\BetPhoenix\Install.exe
    AddRemove-Box24 - c:\program files\Box24\uninst.exe
    AddRemove-Cirrus Casino - c:\program files\Cirrus Casino\Install.exe
    AddRemove-CocoaCasino - c:\program files\CocoaCasino\uninst.exe
    AddRemove-Cool Cat Casino - c:\program files\Cool Cat Casino\Install.exe
    AddRemove-Mystic Island v3.86 - c:\progra~1\MYSTIC~1\UNWISE.EXE
    AddRemove-Palace of Chance - c:\program files\Palace of Chance\Install.exe
    AddRemove-Prism Casino - c:\program files\Prism Casino\Install.exe
    AddRemove-Rushmore Casino - c:\program files\Rushmore Casino\Install.exe
    AddRemove-SlotsJackpot - c:\program files\SlotsJackpot\uninst.exe
    AddRemove-SuperiorCasino - c:\program files\SuperiorCasino\uninst.exe
    AddRemove-{1E3CA1C4-1E90-401B-8CC0-911DF018D8D8} - c:\docume~1\ALLUSE~1\APPLIC~1\TARMAI~1\{1E3CA~1\Setup.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2011-06-25 20:18
    Windows 5.1.2600 Service Pack 2 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\atapi]
    "ImagePath"="system32\Drivers\atapi.tsk"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(744)
    c:\windows\system32\Ati2evxx.dll
    .
    Completion time: 2011-06-25 20:21:02
    ComboFix-quarantined-files.txt 2011-06-26 00:21
    ComboFix2.txt 2009-01-06 18:12
    ComboFix3.txt 2009-01-05 20:19
    ComboFix4.txt 2009-01-05 18:05
    .
    Pre-Run: 83,305,459,712 bytes free
    Post-Run: 83,666,817,024 bytes free
    .
    - - End Of File - - F5735A4BB89A44AFB5BDF7CC5C1CAB01
     
  4. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,930
    Please run the following:

    Please download TDSSKiller.zip
    • Extract it to your desktop
    • Double click TDSSKiller.exe
    • Press Start Scan
      • Only if Malicious objects are found then ensure Cure is selected
      • Then click Continue > Reboot now
    • Copy and paste the log in your next reply
      • A copy of the log will be saved automatically to the root of the drive (typically C:\)
     
  5. sph142

    sph142 Thread Starter

    Joined:
    Jun 23, 2011
    Messages:
    6
    Here is the log:


    2011/06/26 10:39:50.0696 0204 TDSS rootkit removing tool 2.5.5.0 Jun 16 2011 15:25:15
    2011/06/26 10:39:50.0977 0204 ================================================================================
    2011/06/26 10:39:50.0977 0204 SystemInfo:
    2011/06/26 10:39:50.0977 0204
    2011/06/26 10:39:50.0977 0204 OS Version: 5.1.2600 ServicePack: 2.0
    2011/06/26 10:39:50.0977 0204 Product type: Workstation
    2011/06/26 10:39:50.0977 0204 ComputerName: COMPUTER-B2A67D
    2011/06/26 10:39:50.0977 0204 UserName: Home
    2011/06/26 10:39:50.0977 0204 Windows directory: C:\WINDOWS
    2011/06/26 10:39:50.0977 0204 System windows directory: C:\WINDOWS
    2011/06/26 10:39:50.0977 0204 Processor architecture: Intel x86
    2011/06/26 10:39:50.0977 0204 Number of processors: 2
    2011/06/26 10:39:50.0977 0204 Page size: 0x1000
    2011/06/26 10:39:50.0977 0204 Boot type: Normal boot
    2011/06/26 10:39:50.0977 0204 ================================================================================
    2011/06/26 10:39:53.0118 0204 Initialize success
    2011/06/26 10:39:58.0899 0536 ================================================================================
    2011/06/26 10:39:58.0899 0536 Scan started
    2011/06/26 10:39:58.0899 0536 Mode: Manual;
    2011/06/26 10:39:58.0899 0536 ================================================================================
    2011/06/26 10:40:01.0181 0536 Aavmker4 (8d488938e2f7048906f1fbd3af394887) C:\WINDOWS\system32\drivers\Aavmker4.sys
    2011/06/26 10:40:01.0384 0536 ACPI (a10c7534f7223f4a73a948967d00e69b) C:\WINDOWS\system32\DRIVERS\ACPI.sys
    2011/06/26 10:40:01.0462 0536 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
    2011/06/26 10:40:01.0618 0536 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
    2011/06/26 10:40:01.0696 0536 AFD (55e6e1c51b6d30e54335750955453702) C:\WINDOWS\System32\drivers\afd.sys
    2011/06/26 10:40:02.0727 0536 aswFsBlk (a0d86b8ac93ef95620420c7a24ac5344) C:\WINDOWS\system32\drivers\aswFsBlk.sys
    2011/06/26 10:40:02.0790 0536 aswMon2 (7d880c76a285a41284d862e2d798ec0d) C:\WINDOWS\system32\drivers\aswMon2.sys
    2011/06/26 10:40:02.0868 0536 aswRdr (69823954bbd461a73d69774928c9737e) C:\WINDOWS\system32\drivers\aswRdr.sys
    2011/06/26 10:40:02.0931 0536 aswSP (7ecc2776638b04553f9a85bd684c3abf) C:\WINDOWS\system32\drivers\aswSP.sys
    2011/06/26 10:40:03.0009 0536 aswTdi (095ed820a926aa8189180b305e1bcfc9) C:\WINDOWS\system32\drivers\aswTdi.sys
    2011/06/26 10:40:03.0134 0536 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    2011/06/26 10:40:03.0212 0536 atapi (3fc915489e69c764499325cb010622ec) C:\WINDOWS\system32\Drivers\atapi.tsk
    2011/06/26 10:40:03.0306 0536 AtcL001 (cf63c4060f86350feb84555aef80ef6d) C:\WINDOWS\system32\DRIVERS\l151x86.sys
    2011/06/26 10:40:03.0462 0536 AteksoftAudio (f59ee1dfdd6deebcc46b16f8d951d8ed) C:\WINDOWS\system32\drivers\ateksoftaudio.sys
    2011/06/26 10:40:03.0696 0536 ati2mtag (7a95a5f3ed40a3b6f1275821553f3f4f) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
    2011/06/26 10:40:03.0852 0536 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    2011/06/26 10:40:03.0915 0536 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
    2011/06/26 10:40:04.0149 0536 avgntflt (14fe36d8f2c6a2435275338d061a0b66) C:\WINDOWS\system32\DRIVERS\avgntflt.sys
    2011/06/26 10:40:04.0259 0536 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
    2011/06/26 10:40:04.0524 0536 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
    2011/06/26 10:40:04.0556 0536 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
    2011/06/26 10:40:04.0649 0536 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
    2011/06/26 10:40:04.0712 0536 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
    2011/06/26 10:40:04.0759 0536 Cdrom (7b53584d94e9d8716b2de91d5f1cb42d) C:\WINDOWS\system32\DRIVERS\cdrom.sys
    2011/06/26 10:40:05.0071 0536 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
    2011/06/26 10:40:05.0165 0536 dmboot (c0fbb516e06e243f0cf31f597e7ebf7d) C:\WINDOWS\system32\drivers\dmboot.sys
    2011/06/26 10:40:05.0212 0536 dmio (f5e7b358a732d09f4bcf2824b88b9e28) C:\WINDOWS\system32\drivers\dmio.sys
    2011/06/26 10:40:05.0243 0536 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
    2011/06/26 10:40:05.0321 0536 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
    2011/06/26 10:40:05.0431 0536 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
    2011/06/26 10:40:05.0493 0536 DroidCam (89c89872f7fd8d06927ddb4abb5baff5) C:\WINDOWS\system32\drivers\droidcam.sys
    2011/06/26 10:40:05.0540 0536 DrvAgent32 (651554e483712b708ede864d0ca1aa73) C:\WINDOWS\system32\Drivers\DrvAgent32.sys
    2011/06/26 10:40:05.0649 0536 ENTECH (16ebd8bf1d5090923694cc972c7ce1b4) C:\WINDOWS\system32\DRIVERS\ENTECH.sys
    2011/06/26 10:40:05.0743 0536 FA312 (aa855fb8a866281aacb393c1feab91ae) C:\WINDOWS\system32\DRIVERS\FA312nd5.sys
    2011/06/26 10:40:05.0806 0536 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
    2011/06/26 10:40:05.0884 0536 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
    2011/06/26 10:40:05.0931 0536 FilterService (a75ddc492d2d1d6558ad8003a4adb73a) C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
    2011/06/26 10:40:05.0993 0536 Fips (e153ab8a11de5452bcf5ac7652dbf3ed) C:\WINDOWS\system32\drivers\Fips.sys
    2011/06/26 10:40:06.0040 0536 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    2011/06/26 10:40:06.0102 0536 FltMgr (3d234fb6d6ee875eb009864a299bea29) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
    2011/06/26 10:40:06.0165 0536 FsUsbExDisk (790a4ca68f44be35967b3df61f3e4675) C:\WINDOWS\system32\FsUsbExDisk.SYS
    2011/06/26 10:40:06.0212 0536 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
    2011/06/26 10:40:06.0243 0536 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    2011/06/26 10:40:06.0321 0536 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
    2011/06/26 10:40:06.0352 0536 giveio (77ebf3e9386daa51551af429052d88d0) C:\WINDOWS\system32\giveio.sys
    2011/06/26 10:40:06.0399 0536 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
    2011/06/26 10:40:06.0509 0536 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
    2011/06/26 10:40:06.0587 0536 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
    2011/06/26 10:40:06.0696 0536 HTTP (9f8b0f4276f618964fd118be4289b7cd) C:\WINDOWS\system32\Drivers\HTTP.sys
    2011/06/26 10:40:06.0821 0536 i8042prt (5502b58eef7486ee6f93f3f164dcb808) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    2011/06/26 10:40:07.0087 0536 ialm (28423512370705aeda6a652fedb25468) C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
    2011/06/26 10:40:07.0337 0536 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
    2011/06/26 10:40:07.0618 0536 IntcAzAudAddService (cdfd5a68a2e1caa89c5c0e0b3cb98731) C:\WINDOWS\system32\drivers\RtkHDAud.sys
    2011/06/26 10:40:07.0790 0536 intelppm (279fb78702454dff2bb445f238c048d2) C:\WINDOWS\system32\DRIVERS\intelppm.sys
    2011/06/26 10:40:07.0821 0536 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
    2011/06/26 10:40:07.0868 0536 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    2011/06/26 10:40:07.0899 0536 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
    2011/06/26 10:40:07.0977 0536 IpNat (e2168cbc7098ffe963c6f23f472a3593) C:\WINDOWS\system32\DRIVERS\ipnat.sys
    2011/06/26 10:40:08.0056 0536 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
    2011/06/26 10:40:08.0102 0536 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
    2011/06/26 10:40:08.0181 0536 isapnp (e504f706ccb699c2596e9a3da1596e87) C:\WINDOWS\system32\DRIVERS\isapnp.sys
    2011/06/26 10:40:08.0243 0536 Kbdclass (ebdee8a2ee5393890a1acee971c4c246) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    2011/06/26 10:40:08.0306 0536 kbdhid (e182fa8e49e8ee41b4adc53093f3c7e6) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    2011/06/26 10:40:08.0384 0536 kmixer (ba5deda4d934e6288c2f66caf58d2562) C:\WINDOWS\system32\drivers\kmixer.sys
    2011/06/26 10:40:08.0431 0536 KmReg (34acb2d7e1bdf5a2ed19d3d0719fcf66) C:\WINDOWS\system32\ansiox.sys
    2011/06/26 10:40:08.0462 0536 KSecDD (674d3e5a593475915dc6643317192403) C:\WINDOWS\system32\drivers\KSecDD.sys
    2011/06/26 10:40:08.0634 0536 lvpopflt (01f0e010acb61472163e9d02d3ff531a) C:\WINDOWS\system32\DRIVERS\lvpopflt.sys
    2011/06/26 10:40:08.0681 0536 LVPr2Mon (c57c48fb9ae3efb9848af594e3123a63) C:\WINDOWS\system32\Drivers\LVPr2Mon.sys
    2011/06/26 10:40:08.0759 0536 LVRS (87ecce893d8aec5a9337b917742d339c) C:\WINDOWS\system32\DRIVERS\lvrs.sys
    2011/06/26 10:40:08.0962 0536 LVUVC (291f69b3dda0f033d2490c5ba5179f7c) C:\WINDOWS\system32\DRIVERS\lvuvc.sys
    2011/06/26 10:40:09.0149 0536 MBAMProtector (3d2c13377763eeac0ca6fb46f57217ed) C:\WINDOWS\system32\drivers\mbam.sys
    2011/06/26 10:40:09.0212 0536 MBAMSwissArmy (b309912717c29fc67e1ba4730a82b6dd) C:\WINDOWS\system32\drivers\mbamswissarmy.sys
    2011/06/26 10:40:09.0259 0536 mcdbus (5fb43fe50aee92b2b7b34cf2563db2ac) C:\WINDOWS\system32\DRIVERS\mcdbus.sys
    2011/06/26 10:40:09.0352 0536 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys
    2011/06/26 10:40:09.0431 0536 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
    2011/06/26 10:40:09.0524 0536 Modem (6fc6f9d7acc36dca9b914565a3aeda05) C:\WINDOWS\system32\drivers\Modem.sys
    2011/06/26 10:40:09.0602 0536 MotDev (b8be746cf464d996c41a7f9c99ec71b8) C:\WINDOWS\system32\DRIVERS\motodrv.sys
    2011/06/26 10:40:09.0712 0536 Mouclass (34e1f0031153e491910e12551400192c) C:\WINDOWS\system32\DRIVERS\mouclass.sys
    2011/06/26 10:40:09.0759 0536 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
    2011/06/26 10:40:09.0806 0536 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
    2011/06/26 10:40:09.0915 0536 MRxDAV (29414447eb5bde2f8397dc965dbb3156) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    2011/06/26 10:40:09.0977 0536 MRxSmb (fb6c89bb3ce282b08bdb1e3c179e1c39) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    2011/06/26 10:40:10.0040 0536 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
    2011/06/26 10:40:10.0102 0536 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
    2011/06/26 10:40:10.0149 0536 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    2011/06/26 10:40:10.0196 0536 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
    2011/06/26 10:40:10.0243 0536 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
    2011/06/26 10:40:10.0290 0536 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
    2011/06/26 10:40:10.0352 0536 MTsensor (d48659bb24c48345d926ecb45c1ebdf5) C:\WINDOWS\system32\DRIVERS\ASACPI.sys
    2011/06/26 10:40:10.0415 0536 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
    2011/06/26 10:40:10.0462 0536 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
    2011/06/26 10:40:10.0524 0536 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
    2011/06/26 10:40:10.0587 0536 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
    2011/06/26 10:40:10.0634 0536 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    2011/06/26 10:40:10.0681 0536 Ndisuio (eefa1ce63805d2145978621be5c6d955) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    2011/06/26 10:40:10.0712 0536 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    2011/06/26 10:40:10.0759 0536 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
    2011/06/26 10:40:10.0806 0536 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
    2011/06/26 10:40:10.0837 0536 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
    2011/06/26 10:40:11.0040 0536 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
    2011/06/26 10:40:11.0134 0536 Ntfs (19a811ef5f1ed5c926a028ce107ff1af) C:\WINDOWS\system32\drivers\Ntfs.sys
    2011/06/26 10:40:11.0243 0536 NtLclIpc (20e4a06471bdb639292a2536a9ef5a0e) C:\WINDOWS\system32\ansio.sys
    2011/06/26 10:40:11.0290 0536 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
    2011/06/26 10:40:11.0368 0536 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    2011/06/26 10:40:11.0384 0536 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    2011/06/26 10:40:11.0477 0536 Parport (29744eb4ce659dfe3b4122deb45bc478) C:\WINDOWS\system32\DRIVERS\parport.sys
    2011/06/26 10:40:11.0509 0536 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
    2011/06/26 10:40:11.0540 0536 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
    2011/06/26 10:40:11.0602 0536 pccsmcfd (fd2041e9ba03db7764b2248f02475079) C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
    2011/06/26 10:40:11.0634 0536 PCI (8086d9979234b603ad5bc2f5d890b234) C:\WINDOWS\system32\DRIVERS\pci.sys
    2011/06/26 10:40:11.0712 0536 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys
    2011/06/26 10:40:11.0790 0536 Pcmcia (82a087207decec8456fbe8537947d579) C:\WINDOWS\system32\drivers\Pcmcia.sys
    2011/06/26 10:40:12.0243 0536 pneteth (088335b06f75adbcbb81575c7cae6c43) C:\WINDOWS\system32\DRIVERS\pneteth.sys
    2011/06/26 10:40:12.0306 0536 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
    2011/06/26 10:40:12.0415 0536 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
    2011/06/26 10:40:12.0509 0536 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
    2011/06/26 10:40:12.0634 0536 PxHelp20 (49452bfcec22f36a7a9b9c2181bc3042) C:\WINDOWS\system32\Drivers\PxHelp20.sys
    2011/06/26 10:40:12.0977 0536 QWAVEDRV (2bb1d2baf3493362e5c1949c5f210d5f) C:\WINDOWS\system32\DRIVERS\qwavedrv.sys
    2011/06/26 10:40:13.0024 0536 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
    2011/06/26 10:40:13.0102 0536 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    2011/06/26 10:40:13.0149 0536 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    2011/06/26 10:40:13.0181 0536 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
    2011/06/26 10:40:13.0259 0536 Rdbss (03b965b1ca47f6ef60eb5e51cb50e0af) C:\WINDOWS\system32\DRIVERS\rdbss.sys
    2011/06/26 10:40:13.0321 0536 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    2011/06/26 10:40:13.0384 0536 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    2011/06/26 10:40:13.0446 0536 RDPWD (b54cd38a9ebfbf2b3561426e3fe26f62) C:\WINDOWS\system32\drivers\RDPWD.sys
    2011/06/26 10:40:13.0509 0536 redbook (b31b4588e4086d8d84adbf9845c2402b) C:\WINDOWS\system32\DRIVERS\redbook.sys
    2011/06/26 10:40:13.0634 0536 RimVSerPort (d9b34325ee5df78b8f28a3de9f577c7d) C:\WINDOWS\system32\DRIVERS\RimSerial.sys
    2011/06/26 10:40:13.0681 0536 ROCKEYNT (7b9921a14be8d230148b87322cf1917a) C:\WINDOWS\system32\DRIVERS\Rockey4.sys
    2011/06/26 10:40:13.0743 0536 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
    2011/06/26 10:40:13.0852 0536 SBKUPNT (729248b54aff21e740054acebfdbcb1c) C:\WINDOWS\system32\Drivers\SBKUPNT.SYS
    2011/06/26 10:40:13.0931 0536 SCDEmu (11d4171bd7f6776a85553ca1f83f7303) C:\WINDOWS\system32\drivers\SCDEmu.sys
    2011/06/26 10:40:14.0009 0536 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
    2011/06/26 10:40:14.0087 0536 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
    2011/06/26 10:40:14.0149 0536 Serial (cd9404d115a00d249f70a371b46d5a26) C:\WINDOWS\system32\DRIVERS\serial.sys
    2011/06/26 10:40:14.0227 0536 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
    2011/06/26 10:40:14.0352 0536 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
    2011/06/26 10:40:14.0571 0536 speedfan (5d6401db90ec81b71f8e2c5c8f0fef23) C:\WINDOWS\system32\speedfan.sys
    2011/06/26 10:40:14.0634 0536 splitter (0ce218578fff5f4f7e4201539c45c78f) C:\WINDOWS\system32\drivers\splitter.sys
    2011/06/26 10:40:14.0712 0536 sr (e41b6d037d6cd08461470af04500dc24) C:\WINDOWS\system32\DRIVERS\sr.sys
    2011/06/26 10:40:14.0774 0536 Srv (7a4f147cc6b133f905f6e65e2f8669fb) C:\WINDOWS\system32\DRIVERS\srv.sys
    2011/06/26 10:40:14.0837 0536 ssadbus (a7de7b61e6e95a3bc5b9238a3d2f2079) C:\WINDOWS\system32\DRIVERS\ssadbus.sys
    2011/06/26 10:40:14.0915 0536 sscdbus (ffe42941e0326c322f40b0b79a46493c) C:\WINDOWS\system32\DRIVERS\sscdbus.sys
    2011/06/26 10:40:14.0977 0536 sscdmdfl (a68e7d87adfbb8c50d88cd58230c6819) C:\WINDOWS\system32\DRIVERS\sscdmdfl.sys
    2011/06/26 10:40:15.0024 0536 sscdmdm (b534b24151281856ec2f69ed3d6d60dd) C:\WINDOWS\system32\DRIVERS\sscdmdm.sys
    2011/06/26 10:40:15.0149 0536 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
    2011/06/26 10:40:15.0196 0536 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
    2011/06/26 10:40:15.0274 0536 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
    2011/06/26 10:40:15.0509 0536 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
    2011/06/26 10:40:15.0587 0536 Tcpip (2a5554fc5b1e04e131230e3ce035c3f9) C:\WINDOWS\system32\DRIVERS\tcpip.sys
    2011/06/26 10:40:15.0634 0536 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
    2011/06/26 10:40:15.0681 0536 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
    2011/06/26 10:40:15.0743 0536 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
    2011/06/26 10:40:15.0899 0536 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
    2011/06/26 10:40:16.0024 0536 Update (ced744117e91bdc0beb810f7d8608183) C:\WINDOWS\system32\DRIVERS\update.sys
    2011/06/26 10:40:16.0134 0536 USBAAPL (4b8a9c16b6d9258ed99c512aecb8c555) C:\WINDOWS\system32\Drivers\usbaapl.sys
    2011/06/26 10:40:16.0165 0536 usbaudio (45a0d14b26c35497ad93bce7e15c9941) C:\WINDOWS\system32\drivers\usbaudio.sys
    2011/06/26 10:40:16.0227 0536 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    2011/06/26 10:40:16.0290 0536 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
    2011/06/26 10:40:16.0352 0536 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
    2011/06/26 10:40:16.0415 0536 usbprint (a42369b7cd8886cd7c70f33da6fcbcf5) C:\WINDOWS\system32\DRIVERS\usbprint.sys
    2011/06/26 10:40:16.0462 0536 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
    2011/06/26 10:40:16.0509 0536 usbsermpt (caad3467fbfae8a380f67e9c7150a85e) C:\WINDOWS\system32\DRIVERS\usbsermpt.sys
    2011/06/26 10:40:16.0571 0536 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    2011/06/26 10:40:16.0602 0536 usbuhci (f8fd1400092e23c8f2f31406ef06167b) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    2011/06/26 10:40:16.0649 0536 usbvideo (8968ff3973a883c49e8b564200f565b9) C:\WINDOWS\system32\Drivers\usbvideo.sys
    2011/06/26 10:40:16.0712 0536 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
    2011/06/26 10:40:16.0899 0536 VolSnap (ee4660083deba849ff6c485d944b379b) C:\WINDOWS\system32\drivers\VolSnap.sys
    2011/06/26 10:40:17.0009 0536 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
    2011/06/26 10:40:17.0071 0536 wceusbsh (46a247f6617526afe38b6f12f5512120) C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
    2011/06/26 10:40:17.0118 0536 Wdf01000 (bbcfeab7e871cddac2d397ee7fa91fdc) C:\WINDOWS\system32\Drivers\wdf01000.sys
    2011/06/26 10:40:17.0259 0536 wdmaud (efd235ca22b57c81118c1aeb4798f1c1) C:\WINDOWS\system32\drivers\wdmaud.sys
    2011/06/26 10:40:17.0384 0536 WinUSB (fd600b032e741eb6aab509fc630f7c42) C:\WINDOWS\system32\DRIVERS\WinUSB.sys
    2011/06/26 10:40:17.0446 0536 WmBEnum (38932c4649f8baad6ce1000ac6503d5b) C:\WINDOWS\system32\drivers\WmBEnum.sys
    2011/06/26 10:40:17.0509 0536 WmFilter (58b3adab903fa1a78c86e6a42b80fe76) C:\WINDOWS\system32\drivers\WmFilter.sys
    2011/06/26 10:40:17.0602 0536 WmVirHid (e45f01f4014d7ab13b8a0c41ebf48a3d) C:\WINDOWS\system32\drivers\WmVirHid.sys
    2011/06/26 10:40:17.0634 0536 WmXlCore (0398265dd65aae2ece180fa9d1e7b5bb) C:\WINDOWS\system32\drivers\WmXlCore.sys
    2011/06/26 10:40:17.0712 0536 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
    2011/06/26 10:40:17.0774 0536 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    2011/06/26 10:40:17.0790 0536 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    2011/06/26 10:40:17.0899 0536 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
    2011/06/26 10:40:18.0118 0536 ================================================================================
    2011/06/26 10:40:18.0118 0536 Scan finished
    2011/06/26 10:40:18.0118 0536 ================================================================================
    2011/06/26 10:40:18.0149 1452 Detected object count: 0
    2011/06/26 10:40:18.0149 1452 Actual detected object count: 0
     
  6. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,930
    Hi,

    Please do the following:

    • Please open your MalwareBytes AntiMalware Program
    • Click the Update Tab and search for updates
    • If an update is found, it will download and install the latest version.
    • Once the program has loaded, select "Perform Quick Scan", then click Scan.
    • The scan may take some time to finish, so please be patient.
    • When the scan is complete, click OK, then Show Results to view the results.
    • Make sure that everything is checked, and click Remove Selected. <-- very important
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Copy&Paste the entire report in your next reply.

    Extra Note:If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.



    NEXT


    Go here to run an online scanner from ESET.
    • Turn off the real time scanner of any existing antivirus program while performing the online scan
    • Tick the box next to YES, I accept the Terms of Use.
    • Click Start
    • When asked, allow the activeX control to install
    • Click Start
    • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
    • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
    • Click Scan
    • Wait for the scan to finish
    • When the scan completes, press the LIST OF THREATS FOUND button
    • Press EXPORT TO TEXT FILE , name the file ESETSCAN and save it to your desktop
    • Include the contents of this report in your next reply.
    • Press the BACK button.
    • Press Finish
     
  7. sph142

    sph142 Thread Starter

    Joined:
    Jun 23, 2011
    Messages:
    6
    Hmmm.. Its saying there are no infections
    -------------------------------------------------------------------------------

    Malwarebytes' Anti-Malware 1.51.0.1200
    www.malwarebytes.org

    Database version: 6954

    Windows 5.1.2600 Service Pack 2
    Internet Explorer 8.0.6001.18702

    6/26/2011 11:07:40
    mbam-log-2011-06-26 (11-07-40).txt

    Scan type: Quick scan
    Objects scanned: 227203
    Time elapsed: 6 minute(s), 39 second(s)

    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 0
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0

    Memory Processes Infected:
    (No malicious items detected)

    Memory Modules Infected:
    (No malicious items detected)

    Registry Keys Infected:
    (No malicious items detected)

    Registry Values Infected:
    (No malicious items detected)

    Registry Data Items Infected:
    (No malicious items detected)

    Folders Infected:
    (No malicious items detected)

    Files Infected:
    (No malicious items detected)
     
  8. sph142

    sph142 Thread Starter

    Joined:
    Jun 23, 2011
    Messages:
    6
    If thats the case, then why would it malware bytes pop up all day long that it is blocking malicious sites? See log below:


    00:00:21 Home IP-BLOCK 125.45.109.166 (Type: incoming)
    00:00:21 Home IP-BLOCK 125.45.109.166 (Type: incoming)
    00:00:21 Home IP-BLOCK 125.45.109.166 (Type: incoming)
    00:00:22 Home IP-BLOCK 125.45.109.166 (Type: incoming)
    00:00:22 Home IP-BLOCK 125.45.109.166 (Type: incoming)
    00:00:22 Home IP-BLOCK 125.45.109.166 (Type: incoming)
    00:03:28 Home IP-BLOCK 60.173.10.27 (Type: incoming)
    00:44:37 Home IP-BLOCK 58.218.199.250 (Type: incoming)
    00:44:37 Home IP-BLOCK 58.218.199.250 (Type: incoming)
    00:44:37 Home IP-BLOCK 58.218.199.250 (Type: incoming)
    00:51:45 Home IP-BLOCK 125.45.109.166 (Type: incoming)
    00:51:45 Home IP-BLOCK 125.45.109.166 (Type: incoming)
    00:51:45 Home IP-BLOCK 125.45.109.166 (Type: incoming)
    00:51:45 Home IP-BLOCK 125.45.109.166 (Type: incoming)
    00:51:45 Home IP-BLOCK 125.45.109.166 (Type: incoming)
    00:51:45 Home IP-BLOCK 125.45.109.166 (Type: incoming)
    00:53:17 Home IP-BLOCK 60.173.10.27 (Type: incoming)
    01:06:10 Home IP-BLOCK 60.173.10.27 (Type: incoming)
    01:11:14 Home IP-BLOCK 222.69.92.93 (Type: incoming)
    01:41:12 Home IP-BLOCK 125.45.109.166 (Type: incoming)
    01:41:12 Home IP-BLOCK 125.45.109.166 (Type: incoming)
    01:41:12 Home IP-BLOCK 125.45.109.166 (Type: incoming)
    01:41:12 Home IP-BLOCK 125.45.109.166 (Type: incoming)
    01:41:12 Home IP-BLOCK 125.45.109.166 (Type: incoming)
    01:41:12 Home IP-BLOCK 125.45.109.166 (Type: incoming)
    01:41:12 Home IP-BLOCK 125.45.109.166 (Type: incoming)
    01:41:12 Home IP-BLOCK 125.45.109.166 (Type: incoming)
    02:09:49 Home IP-BLOCK 60.173.10.27 (Type: incoming)
    02:31:11 Home IP-BLOCK 58.218.199.250 (Type: incoming)
    02:34:29 Home IP-BLOCK 125.45.109.166 (Type: incoming)
    02:34:30 Home IP-BLOCK 125.45.109.166 (Type: incoming)
    02:34:30 Home IP-BLOCK 125.45.109.166 (Type: incoming)
    02:34:31 Home IP-BLOCK 125.45.109.166 (Type: incoming)
    02:34:31 Home IP-BLOCK 125.45.109.166 (Type: incoming)
    02:34:32 Home IP-BLOCK 125.45.109.166 (Type: incoming)
    02:34:32 Home IP-BLOCK 125.45.109.166 (Type: incoming)
    02:34:33 Home IP-BLOCK 125.45.109.166 (Type: incoming)
    02:34:33 Home IP-BLOCK 125.45.109.166 (Type: incoming)
    02:34:34 Home IP-BLOCK 125.45.109.166 (Type: incoming)
    02:34:35 Home IP-BLOCK 125.45.109.166 (Type: incoming)
    02:34:35 Home IP-BLOCK 125.45.109.166 (Type: incoming)
    02:34:36 Home IP-BLOCK 125.45.109.166 (Type: incoming)
    02:34:37 Home IP-BLOCK 125.45.109.166 (Type: incoming)
    02:34:38 Home IP-BLOCK 125.45.109.166 (Type: incoming)
    02:34:39 Home IP-BLOCK 125.45.109.166 (Type: incoming)
    02:34:40 Home IP-BLOCK 125.45.109.166 (Type: incoming)
    02:59:25 Home IP-BLOCK 60.173.10.27 (Type: incoming)
    03:12:21 Home IP-BLOCK 60.173.10.27 (Type: incoming)
    03:29:24 Home IP-BLOCK 125.45.109.166 (Type: incoming)
    03:29:24 Home IP-BLOCK 125.45.109.166 (Type: incoming)
    03:29:24 Home IP-BLOCK 125.45.109.166 (Type: incoming)
    03:29:24 Home IP-BLOCK 125.45.109.166 (Type: incoming)
    03:29:24 Home IP-BLOCK 125.45.109.166 (Type: incoming)
    03:29:24 Home IP-BLOCK 125.45.109.166 (Type: incoming)
    03:29:24 Home IP-BLOCK 125.45.109.166 (Type: incoming)
    04:04:01 Home IP-BLOCK 60.173.10.27 (Type: incoming)
    04:15:43 Home IP-BLOCK 60.173.10.27 (Type: incoming)
    04:17:12 Home IP-BLOCK 125.45.109.166 (Type: incoming)
    04:17:12 Home IP-BLOCK 125.45.109.166 (Type: incoming)
    04:17:12 Home IP-BLOCK 125.45.109.166 (Type: incoming)
    04:17:12 Home IP-BLOCK 125.45.109.166 (Type: incoming)
    04:17:12 Home IP-BLOCK 125.45.109.166 (Type: incoming)
    04:17:12 Home IP-BLOCK 125.45.109.166 (Type: incoming)
    04:17:12 Home IP-BLOCK 125.45.109.166 (Type: incoming)
    04:17:12 Home IP-BLOCK 125.45.109.166 (Type: incoming)
    04:17:25 Home IP-BLOCK 58.218.199.250 (Type: incoming)
    04:17:25 Home IP-BLOCK 58.218.199.250 (Type: incoming)
    04:17:25 Home IP-BLOCK 58.218.199.250 (Type: incoming)
    05:04:31 Home IP-BLOCK 89.28.114.197 (Type: incoming)
    05:05:58 Home IP-BLOCK 60.173.10.27 (Type: incoming)
    05:07:14 Home IP-BLOCK 125.45.109.166 (Type: incoming)
    05:07:14 Home IP-BLOCK 125.45.109.166 (Type: incoming)
    05:07:14 Home IP-BLOCK 125.45.109.166 (Type: incoming)
    05:07:14 Home IP-BLOCK 125.45.109.166 (Type: incoming)
    05:07:14 Home IP-BLOCK 125.45.109.166 (Type: incoming)
    05:07:14 Home IP-BLOCK 125.45.109.166 (Type: incoming)
    05:07:15 Home IP-BLOCK 125.45.109.166 (Type: incoming)
    05:07:15 Home IP-BLOCK 125.45.109.166 (Type: incoming)
    05:07:15 Home IP-BLOCK 125.45.109.166 (Type: incoming)
    05:08:28 Home IP-BLOCK 188.243.231.10 (Type: incoming)
    05:17:23 Home IP-BLOCK 60.173.10.27 (Type: incoming)
    06:03:50 Home IP-BLOCK 58.218.199.250 (Type: incoming)
    06:03:50 Home IP-BLOCK 58.218.199.250 (Type: incoming)
    06:03:50 Home IP-BLOCK 58.218.199.250 (Type: incoming)
    06:06:27 Home IP-BLOCK 60.173.10.27 (Type: incoming)
    06:13:07 Home IP-BLOCK 188.130.176.75 (Type: incoming)
    06:13:37 Home IP-BLOCK 83.128.112.165 (Type: incoming)
    06:19:11 Home IP-BLOCK 60.173.10.27 (Type: incoming)
    06:59:14 Home IP-BLOCK 125.45.109.166 (Type: incoming)
    06:59:14 Home IP-BLOCK 125.45.109.166 (Type: incoming)
    06:59:14 Home IP-BLOCK 125.45.109.166 (Type: incoming)
    06:59:14 Home IP-BLOCK 125.45.109.166 (Type: incoming)
    06:59:14 Home IP-BLOCK 125.45.109.166 (Type: incoming)
    06:59:14 Home IP-BLOCK 125.45.109.166 (Type: incoming)
    06:59:14 Home IP-BLOCK 125.45.109.166 (Type: incoming)
    06:59:14 Home IP-BLOCK 125.45.109.166 (Type: incoming)
    06:59:14 Home IP-BLOCK 125.45.109.166 (Type: incoming)
    06:59:14 Home IP-BLOCK 125.45.109.166 (Type: incoming)
    06:59:14 Home IP-BLOCK 125.45.109.166 (Type: incoming)
    06:59:14 Home IP-BLOCK 125.45.109.166 (Type: incoming)
    06:59:14 Home IP-BLOCK 125.45.109.166 (Type: incoming)
    06:59:14 Home IP-BLOCK 125.45.109.166 (Type: incoming)
    06:59:14 Home IP-BLOCK 125.45.109.166 (Type: incoming)
    07:08:51 Home IP-BLOCK 60.173.10.27 (Type: incoming)
    07:38:31 Home IP-BLOCK 188.243.231.10 (Type: incoming)
    07:50:24 Home IP-BLOCK 58.218.199.250 (Type: incoming)
    07:50:24 Home IP-BLOCK 58.218.199.250 (Type: incoming)
    07:50:24 Home IP-BLOCK 58.218.199.250 (Type: incoming)
    07:51:45 Home IP-BLOCK 125.45.109.166 (Type: incoming)
    07:51:46 Home IP-BLOCK 125.45.109.166 (Type: incoming)
    07:51:47 Home IP-BLOCK 125.45.109.166 (Type: incoming)
    07:51:48 Home IP-BLOCK 125.45.109.166 (Type: incoming)
    07:51:49 Home IP-BLOCK 125.45.109.166 (Type: incoming)
    07:51:50 Home IP-BLOCK 125.45.109.166 (Type: incoming)
    07:51:50 Home IP-BLOCK 125.45.109.166 (Type: incoming)
    07:51:51 Home IP-BLOCK 125.45.109.166 (Type: incoming)
    07:51:51 Home IP-BLOCK 125.45.109.166 (Type: incoming)
    07:51:52 Home IP-BLOCK 125.45.109.166 (Type: incoming)
    07:51:53 Home IP-BLOCK 125.45.109.166 (Type: incoming)
    07:51:53 Home IP-BLOCK 125.45.109.166 (Type: incoming)
    07:51:54 Home IP-BLOCK 125.45.109.166 (Type: incoming)
    07:51:54 Home IP-BLOCK 125.45.109.166 (Type: incoming)
    07:51:55 Home IP-BLOCK 125.45.109.166 (Type: incoming)
    07:51:55 Home IP-BLOCK 125.45.109.166 (Type: incoming)
    07:51:56 Home IP-BLOCK 125.45.109.166 (Type: incoming)
    07:53:35 Home IP-BLOCK 188.243.231.10 (Type: incoming)
    08:11:07 Home IP-BLOCK 60.173.10.27 (Type: incoming)
    08:11:48 Home MESSAGE Scheduled update executed successfully
    08:11:48 Home MESSAGE IP Protection stopped
    08:11:54 Home MESSAGE Database updated successfully
    08:12:00 Home MESSAGE IP Protection started successfully
    08:22:35 Home IP-BLOCK 60.173.10.27 (Type: incoming)
    08:53:33 Home IP-BLOCK 125.45.109.166 (Type: incoming)
    08:53:33 Home IP-BLOCK 125.45.109.166 (Type: incoming)
    08:53:33 Home IP-BLOCK 125.45.109.166 (Type: incoming)
    08:53:33 Home IP-BLOCK 125.45.109.166 (Type: incoming)
    08:53:33 Home IP-BLOCK 125.45.109.166 (Type: incoming)
    08:53:33 Home IP-BLOCK 125.45.109.166 (Type: incoming)
    08:53:33 Home IP-BLOCK 125.45.109.166 (Type: incoming)
    08:53:33 Home IP-BLOCK 125.45.109.166 (Type: incoming)
    08:53:33 Home IP-BLOCK 125.45.109.166 (Type: incoming)
    08:53:33 Home IP-BLOCK 125.45.109.166 (Type: incoming)
    08:53:33 Home IP-BLOCK 125.45.109.166 (Type: incoming)
    09:26:12 Home IP-BLOCK 60.173.10.27 (Type: incoming)
    09:36:34 Home IP-BLOCK 58.218.199.250 (Type: incoming)
    09:36:34 Home IP-BLOCK 58.218.199.250 (Type: incoming)
    09:49:43 Home IP-BLOCK 125.45.109.166 (Type: incoming)
    09:49:44 Home IP-BLOCK 125.45.109.166 (Type: incoming)
    09:49:44 Home IP-BLOCK 125.45.109.166 (Type: incoming)
    09:49:45 Home IP-BLOCK 125.45.109.166 (Type: incoming)
    09:49:45 Home IP-BLOCK 125.45.109.166 (Type: incoming)
    09:49:46 Home IP-BLOCK 125.45.109.166 (Type: incoming)
    09:49:46 Home IP-BLOCK 125.45.109.166 (Type: incoming)
    09:49:47 Home IP-BLOCK 125.45.109.166 (Type: incoming)
    09:49:48 Home IP-BLOCK 125.45.109.166 (Type: incoming)
    09:49:49 Home IP-BLOCK 125.45.109.166 (Type: incoming)
    09:49:51 Home IP-BLOCK 125.45.109.166 (Type: incoming)
    09:49:52 Home IP-BLOCK 125.45.109.166 (Type: incoming)
    09:49:53 Home IP-BLOCK 125.45.109.166 (Type: incoming)
    09:49:54 Home IP-BLOCK 125.45.109.166 (Type: incoming)
    09:49:54 Home IP-BLOCK 125.45.109.166 (Type: incoming)
    09:49:55 Home IP-BLOCK 125.45.109.166 (Type: incoming)
    09:49:56 Home IP-BLOCK 125.45.109.166 (Type: incoming)
    10:17:05 Home IP-BLOCK 60.173.10.27 (Type: incoming)
    10:28:28 Home IP-BLOCK 60.173.10.27 (Type: incoming)
    10:48:51 Home IP-BLOCK 125.45.109.166 (Type: incoming)
    10:48:51 Home IP-BLOCK 125.45.109.166 (Type: incoming)
    10:48:51 Home IP-BLOCK 125.45.109.166 (Type: incoming)
    10:48:51 Home IP-BLOCK 125.45.109.166 (Type: incoming)
    10:48:51 Home IP-BLOCK 125.45.109.166 (Type: incoming)
    10:48:51 Home IP-BLOCK 125.45.109.166 (Type: incoming)
    10:48:51 Home IP-BLOCK 125.45.109.166 (Type: incoming)
    10:48:51 Home IP-BLOCK 125.45.109.166 (Type: incoming)
    10:48:51 Home IP-BLOCK 125.45.109.166 (Type: incoming)
    11:00:10 Home MESSAGE IP Protection stopped
    11:00:19 Home MESSAGE Database updated successfully
    11:00:25 Home MESSAGE IP Protection started successfully
    11:17:18 Home IP-BLOCK 60.173.10.27 (Type: incoming)
    11:22:40 Home IP-BLOCK 58.218.199.250 (Type: incoming)
    11:22:40 Home IP-BLOCK 58.218.199.250 (Type: incoming)
    11:22:40 Home IP-BLOCK 58.218.199.250 (Type: incoming)
    11:22:40 Home IP-BLOCK 58.218.199.250 (Type: incoming)
    11:22:40 Home IP-BLOCK 58.218.199.250 (Type: incoming)
    11:22:40 Home IP-BLOCK 58.218.199.250 (Type: incoming)
     
  9. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,930
    Please run the following:

    Download Flush Flash Cookies by Bobbi Flekman.
    Select the Windows version and save flushflash.exe to your Desktop.
    Double-click flushflash.exe to run it.
    Select Everything but Site settings.
    Click Make it so!.
    When the "Killed off all Flash cookies" window opens, click OK.
    Close Flush Flash Cookies.



    clear all other cookies

    Delete all currently saved cookies from your computer.

    In Internet Explorer,
    click Tools > Internet Options and then click the Delete Cookies button on the General tab.

    In Firefox,
    click Tools > Clear Recent History > Set Time range to clear to Everything
    Click on the arrow next to Details to expand the list of history items.
    Select Cookies and make sure that other items you want to keep are not selected.
    Click Clear Now to clear the cookies and close the Clear Recent History window

    NEXT

    Please download TFC to your desktop
    • Close any open windows.
    • Double click the TFC icon to run the program
    • TFC will close all open programs itself in order to run,
    • Click the Start button to begin the process.
    • Allow TFC to run uninterrupted.
    • The program should not take long to finish it's job
    • Once its finished it should reboot your machine, if not, manually reboot to ensure a complete clean

    NEXT


    Reset your Hosts file back to default

    Use the 'fix-It" button on this microsoft site;

    http://support.microsoft.com/kb/972034


    NEXT


    Reset your Router:

    • This can be done by inserting something tiny like a paper clip end or pencil tip into a small hole labeled "reset" located on the back of the router.
    • Press and hold down the small button inside until the lights on the front of the router blink off and then on again (usually about 10 seconds).
    • If you don&#8217;t know the router's default password, you can look it up. HERE
    • You also need to reconfigure any security settings you had in place prior to the reset.
    • You may also need to consult with your Internet service provider to find out which DNS servers your network should be using.

    NEXT

    • Go to Start > Run > type: cmd
    • Press OK or Hit Enter.
    • At the command prompt, type or copy/paste: ipconfig /flushdns (note the space between &#8220;..g /f&#8230;&#8221; it needs to be there)
    • Hit Enter.
    • You will get a confirmation that the flush was successful.
    • Close the command box.


    Then continue on with the ESET scan
     
  10. sph142

    sph142 Thread Starter

    Joined:
    Jun 23, 2011
    Messages:
    6
    ok.. I did all of that and here is the log from ESET:


    C:\Documents and Settings\Home\Application Data\FrostWire\.AppSpecialShare\frostwire-4.21.8.windows.exe Win32/OpenCandy application deleted - quarantined
    C:\Documents and Settings\Home\My Documents\Downloads\FreeYouTubeDownload.exe Win32/OpenCandy application deleted - quarantined
    C:\Documents and Settings\Home\My Documents\Downloads\frostwire-4.21.1.windows.exe Win32/OpenCandy application deleted - quarantined
    C:\Documents and Settings\Home\My Documents\Downloads\KeyFinderInstaller.exe Win32/OpenCandy application deleted - quarantined
    C:\Documents and Settings\Home\My Documents\Downloads\registrybooster (1).exe Win32/RegistryBooster application deleted - quarantined
    C:\Documents and Settings\Home\My Documents\Downloads\registrybooster.exe Win32/RegistryBooster application deleted - quarantined
    C:\Documents and Settings\Home\My Documents\Downloads\VeohWebPlayerSetup_eng.exe Win32/OpenCandy application deleted - quarantined
    C:\Documents and Settings\Home\My Documents\Downloads\WGA_1991.rar Win32/Packed.Themida.O trojan deleted - quarantined
    C:\Documents and Settings\Home\My Documents\Newsbin Download\18_Xbox.360.Utility.Pack.par2_-_46.71_MB_-_yEnc\XBox.360.Utility.Pack\JungleFlasher.0.1.51.Beta.rar a variant of MSIL/TrojanDropper.Agent.EH trojan deleted - quarantined
    C:\Documents and Settings\Home\My Documents\Newsbin Download\alt.binaries.cd.image\en_winxp_pro_media_center_edition_with_sp3_oem.iso Win32/HackTool.WpaKill.C application deleted - quarantined
    C:\Documents and Settings\Home\My Documents\Newsbin Download\baby einstein\Baby Einstein 26 DVDs [ALL FRESH DVD RIPS] XviD 2500K HR1MP .rar MSIL/Spy.Agent.AB trojan deleted - quarantined
    C:\Documents and Settings\Home\My Documents\Newsbin Download\Binaries4ever.net_1_5_-_PHP_Designer_2008_v6.1.1.rar_yEnc\PHP Designer 2008 v6.1.1.rar a variant of Win32/Keygen.AG application deleted - quarantined
    C:\Documents and Settings\Home\My Documents\Newsbin Download\TEAM_JUNGLE_Presents_IXtreme_1.51_firmware_for_all_drives_Xbox_360_iXtreme_v._1.51.sfv_Yenc\Xbox 360 iXtreme v. 1.51.rar a variant of MSIL/TrojanDropper.Agent.EH trojan deleted - quarantined
    C:\Documents and Settings\work\My Documents\Downloads\UBCD4WinV360.exe Win32/PrcView application deleted - quarantined
    C:\fruity\Setup.exe Win32/OpenCandy application deleted - quarantined
    C:\HTMLprog\OLDHARDDRIVE\Programs\TuneUp Utilities 2007 & KeyGen ( !! Vista Final Version !! ).rar probably a variant of Win32/TrojanDownloader.Obfuscated.BRSEMO trojan deleted - quarantined
    C:\joomla\templatenew\Joomla15\aj_new_joomla.zip PHP/Kryptik.AB trojan deleted - quarantined
    C:\Joomla Tutorial\Joomla Tutorials en Template Xagnix\Joomla Friends Templates Collection Vol 1.rar PHP/Kryptik.AB trojan deleted - quarantined
    C:\Program Files\BetPhoenix\casino.dll a variant of Win32/CasOnline application cleaned by deleting - quarantined
    C:\Program Files\Party City Casino\casino.dll a variant of Win32/CasOnline application cleaned by deleting - quarantined
    C:\Program Files\Prism Casino\_patch\Lobby\casino.dll a variant of Win32/CasOnline application cleaned by deleting - quarantined
    C:\Program Files\Silver Oak Casino\casino.dll a variant of Win32/CasOnline application cleaned by deleting - quarantined
     
  11. CatByte

    CatByte Malware Specialist

    Joined:
    Feb 24, 2009
    Messages:
    3,930
    How is the computer running now?

    Are there any outstanding issues?
     
  12. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1003837

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice