Google redirect virus at least - Free Antivirus Forum

Google redirect virus at least

BullGuard Antivirus Forum > Virus Removal > Removal Help > Google redirect virus at least

Forum Quick Jump

[ << Previous Thread | Next Thread >> ]

jemineye09
New Member

Date Joined Sep 2008
Total Posts : 1

Posted 9-8-2008 9:16 (GMT +1)

Hey there. First off thanks for the help if it weren't for guys like you there would be alot of dead people from all the killing sprees stressed out people would go on because their computed are broken beyond their own repair capabilities.

After visiting some shady porn sites without zone alarm running (stupid horny !!!!!!!!) later in the day i came home to a computer that would randomly crash Internet explorer, would seem to load fake search engines (google yahoo) and redirect every single search to some random website. It blocks access to tech support websites of just about any kind. it blocks windows auto update from d/ling updates and out of all the norton live updates it ONLY stops the one that deals with intrustion prevention and detection. Ive run ad aware combo fix, super anti spyware, malbytes malware removal, registry repairs, to no avail, ive disabled auto restore for windows. They found plenty of other lil !!!!!!!s i didnt want but the problem still remains.

BTW. Have windows XP SP2 cable internet,

Now after all those scans it just closes IE as soon as you press ENTER to search or login to something.

Video games can still run smoothly and stay connected to the net, it just blocks and hinders certain things
things that will actually help
Here are my logs
Hijack this first
Then super antispyware
Then combo fix

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:41:28, on 9/7/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5450.0004)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Owner\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: NCO 2.0 IE BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\coIEPlg.dll
O2 - BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\PROGRA~1\COMMON~1\SYMANT~1\IDS\IPSBHO.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: A2NPopUpKiller Class - {8A321C7D-9CED-45A8-870D-DAE843A45FD0} - C:\Program Files\Armor2net\Armor2net Personal Firewall\PopUpKiller.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Show Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Referensinformation - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\armor2net\armor2net personal firewall\netdog.dll
O10 - Unknown file in Winsock LSP: c:\program files\armor2net\armor2net personal firewall\netdog.dll
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/mcgdmgr/1,0,0,26/mcgdmgr.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O22 - SharedTaskScheduler: IE Component Categories cache daemon - {553858A7-4922-4e7e-B1C1-97140C1C16EF} - C:\WINDOWS\system32\ieframe.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: LiveUpdate Notice - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Retrospect Express HD Launcher (RetroExpLauncher) - Dantz Development Corporation - C:\PROGRA~1\Dantz\RETROS~1\retrorun.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

--
End of file - 8885 bytes

ActiveSync Troubleshooting Utility version: 4.2.4876.0
Date/Time: 2007/09/13-18:44:49.750
Analysis started
Operating system has been qualified as Windows XP (Home or Professional) SP1 or greater
Current operating system is supported
Current version of IE is supported
ActiveSync version found is 4.2.4876
Outlook 2003 found
Current version of Outlook is supported
Exchange server not found in Outlook profile
Connection to Exchange server okay
PC is qualified
RNDIS driver has been detected.
Net start - %s
Net start - These Windows services are started:

Net start -

Net start - Application Layer Gateway Service

Net start - Bluetooth Support Service

Net start - COM+ Event System

Net start - Computer Browser

Net start - Cryptographic Services

Net start - DCOM Server Process Launcher

Net start - DHCP Client

Net start - Distributed Link Tracking Client

Net start - DNS Client

Net start - Error Reporting Service

Net start - Event Log

Net start - Fast User Switching Compatibility

Net start - Help and Support

Net start - HID Input Service

Net start - HTTP SSL

Net start - IPSEC Services

Net start - Network Connections

Net start - Network Location Awareness (NLA)

Net start - NVIDIA Display Driver Service

Net start - Plug and Play

Net start - Print Spooler

Net start - PrismXL

Net start - Protected Storage

Net start - Remote Access Connection Manager

Net start - Remote Procedure Call (RPC)

Net start - Retrospect Express HD Launcher

Net start - ScsiAccess

Net start - Secondary Logon

Net start - Security Accounts Manager

Net start - Security Center

Net start - Server

Net start - Shell Hardware Detection

Net start - SSDP Discovery Service

Net start - System Event Notification

Net start - System Restore Service

Net start - Task Scheduler

Net start - TCP/IP NetBIOS Helper

Net start - Telephony

Net start - Terminal Services

Net start - Themes

Net start - TrueVector Internet Monitor

Net start - WebClient

Net start - Windows Audio

Net start - Windows Firewall/Internet Connection Sharing (ICS)

Net start - Windows Image Acquisition (WIA)

Net start - Windows Management Instrumentation

Net start - Windows Time

Net start - Windows User Mode Driver Framework

Net start - Wireless Zero Configuration

Net start - Workstation

Net start -

Net start - The command completed successfully.

Net start -

Dumping Route information
Route - ===========================================================================

Route - Interface List

Route - 0x1 ........................... MS TCP Loopback interface
Route - 0x2 ...00 40 ca a9 8b 80 ...... Realtek RTL8139/810x Family Fast Ethernet NIC - Packet Scheduler Miniport
Route - 0x30004 ...80 00 60 0f e8 00 ...... Windows Mobile-based Device #5
Route - ===========================================================================

Route - ===========================================================================

Route - Active Routes:

Route - Network Destination Netmask Gateway Interface Metric

Route - 0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.100 20

Route - 127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1

Route - 169.254.2.0 255.255.255.0 169.254.2.2 169.254.2.2 30

Route - 169.254.2.2 255.255.255.255 127.0.0.1 127.0.0.1 30

Route - 169.254.255.255 255.255.255.255 169.254.2.2 169.254.2.2 30

Route - 192.168.0.0 255.255.255.0 192.168.0.100 192.168.0.100 20

Route - 192.168.0.100 255.255.255.255 127.0.0.1 127.0.0.1 20

Route - 192.168.0.255 255.255.255.255 192.168.0.100 192.168.0.100 20

Route - 224.0.0.0 240.0.0.0 169.254.2.2 169.254.2.2 30

Route - 224.0.0.0 240.0.0.0 192.168.0.100 192.168.0.100 20

Route - 255.255.255.255 255.255.255.255 169.254.2.2 169.254.2.2 1

Route - 255.255.255.255 255.255.255.255 192.168.0.100 192.168.0.100 1

Route - Default Gateway: 192.168.0.1

Route - ===========================================================================

Route - Persistent Routes:

Route - None

Dumping Ipconfig information
Ipconfig -

Ipconfig - Windows IP Configuration

Ipconfig -

Ipconfig - Host Name . . . . . . . . . . . . : JASON_OFFICE

Ipconfig - Primary Dns Suffix . . . . . . . :

Ipconfig - Node Type . . . . . . . . . . . . : Unknown

Ipconfig - IP Routing Enabled. . . . . . . . : No

Ipconfig - WINS Proxy Enabled. . . . . . . . : No

Ipconfig - DNS Suffix Search List. . . . . . : hsd1.ca.comcast.net.

Ipconfig -

Ipconfig - Ethernet adapter Local Area Connection:

Ipconfig -

Ipconfig - Connection-specific DNS Suffix . : hsd1.ca.comcast.net.

Ipconfig - Description . . . . . . . . . . . : Realtek RTL8139/810x Family Fast Ethernet NIC

Ipconfig - Physical Address. . . . . . . . . : 00-40-CA-A9-8B-80

Ipconfig - Dhcp Enabled. . . . . . . . . . . : Yes

Ipconfig - Autoconfiguration Enabled . . . . : Yes

Ipconfig - IP Address. . . . . . . . . . . . : 192.168.0.100

Ipconfig - Subnet Mask . . . . . . . . . . . : 255.255.255.0

Ipconfig - Default Gateway . . . . . . . . . : 192.168.0.1

Ipconfig - DHCP Server . . . . . . . . . . . : 192.168.0.1

Ipconfig - DNS Servers . . . . . . . . . . . : 192.168.0.1

Ipconfig - Lease Obtained. . . . . . . . . . : Thursday, September 13, 2007 6:09:04 PM

Ipconfig - Lease Expires . . . . . . . . . . : Thursday, September 20, 2007 6:09:04 PM

Ipconfig -

Ipconfig - Ethernet adapter Local Area Connection 7:

Ipconfig -

Ipconfig - Connection-specific DNS Suffix . :

Ipconfig - Description . . . . . . . . . . . : Windows Mobile-based Device #5

Ipconfig - Physical Address. . . . . . . . . : 80-00-60-0F-E8-00

Ipconfig - Dhcp Enabled. . . . . . . . . . . : Yes

Ipconfig - Autoconfiguration Enabled . . . . : Yes

Ipconfig - IP Address. . . . . . . . . . . . : 169.254.2.2

Ipconfig - Subnet Mask . . . . . . . . . . . : 255.255.255.0

Ipconfig - Default Gateway . . . . . . . . . :

Ipconfig - DHCP Server . . . . . . . . . . . : 169.254.2.1

Ipconfig - Lease Obtained. . . . . . . . . . : Thursday, September 13, 2007 6:41:40 PM

Ipconfig - Lease Expires . . . . . . . . . . : Saturday, October 13, 2007 6:41:40 PM

Dumping LSPs information
LSP - imslsp/1161725581 over [CA ISafe LSP over [MSAFD Tcpip [TCP/IP]]]
LSP - imslsp/1161725581 over [CA ISafe LSP over [MSAFD Tcpip [UDP/IP]]]
LSP - imslsp/1161725581 over [CA ISafe LSP over [MSAFD Tcpip [RAW/IP]]]
LSP - imslsp/1161725581 over [MSAFD Tcpip [TCP/IP]]
LSP - imslsp/1161725581 over [MSAFD Tcpip [UDP/IP]]
LSP - imslsp/1161725581 over [MSAFD Tcpip [RAW/IP]]
LSP - CA ISafe LSP over [MSAFD Tcpip [TCP/IP]]
LSP - CA ISafe LSP over [MSAFD Tcpip [UDP/IP]]
LSP - CA ISafe LSP over [MSAFD Tcpip [RAW/IP]]
LSP - MSAFD Tcpip [TCP/IP]
LSP - MSAFD Tcpip [UDP/IP]
LSP - MSAFD Tcpip [RAW/IP]
LSP - RSVP UDP Service Provider
LSP - RSVP TCP Service Provider
LSP - CA ISafe LSP
LSP - imslsp/1161725581
LSP - MSAFD RfComm [Bluetooth]
LSP - MSAFD NetBIOS [\Device\NetBT_Tcpip_{DFCD5573-C0E4-44AC-99C7-45D3A4076926}] SEQPACKET 7
LSP - MSAFD NetBIOS [\Device\NetBT_Tcpip_{DFCD5573-C0E4-44AC-99C7-45D3A4076926}] DATAGRAM 7
LSP - MSAFD NetBIOS [\Device\NetBT_Tcpip_{9880FD07-35E3-4A40-97E0-86A729A829CD}] SEQPACKET 6
LSP - MSAFD NetBIOS [\Device\NetBT_Tcpip_{9880FD07-35E3-4A40-97E0-86A729A829CD}] DATAGRAM 6
LSP - MSAFD NetBIOS [\Device\NetBT_Tcpip_{C85FB732-9FBC-47EE-A0DA-297AE318C9FF}] SEQPACKET 5
LSP - MSAFD NetBIOS [\Device\NetBT_Tcpip_{C85FB732-9FBC-47EE-A0DA-297AE318C9FF}] DATAGRAM 5
LSP - MSAFD NetBIOS [\Device\NetBT_Tcpip_{FE8016BF-AA95-4E7D-BC54-DC6F58C682C2}] SEQPACKET 4
LSP - MSAFD NetBIOS [\Device\NetBT_Tcpip_{FE8016BF-AA95-4E7D-BC54-DC6F58C682C2}] DATAGRAM 4
LSP - MSAFD NetBIOS [\Device\NetBT_Tcpip_{FDC9DD81-E946-4599-A97F-0F33A106A17D}] SEQPACKET 3
LSP - MSAFD NetBIOS [\Device\NetBT_Tcpip_{FDC9DD81-E946-4599-A97F-0F33A106A17D}] DATAGRAM 3
LSP - MSAFD NetBIOS [\Device\NetBT_Tcpip_{8DC1BD81-385A-40F7-9416-54A5A93464CF}] SEQPACKET 0
LSP - MSAFD NetBIOS [\Device\NetBT_Tcpip_{8DC1BD81-385A-40F7-9416-54A5A93464CF}] DATAGRAM 0
LSP - MSAFD NetBIOS [\Device\NetBT_Tcpip_{955BFF23-DCB0-49A8-8D84-4F570D95E42B}] SEQPACKET 1
LSP - MSAFD NetBIOS [\Device\NetBT_Tcpip_{955BFF23-DCB0-49A8-8D84-4F570D95E42B}] DATAGRAM 1
LSP - MSAFD NetBIOS [\Device\NetBT_Tcpip_{F5CCDB05-70E7-4E58-8B41-796A3AD0AB3F}] SEQPACKET 2
LSP - MSAFD NetBIOS [\Device\NetBT_Tcpip_{F5CCDB05-70E7-4E58-8B41-796A3AD0AB3F}] DATAGRAM 2
Dumping NSPs information
NSP - Tcpip
NSP - NTDS
NSP - Network Location Awareness (NLA) Namespace
NSP - Bluetooth Namespace
Dumping NDIS information
Listing Network Protocols
---Point to Point Protocol Over Ethernet
------Binding Path 1
---------Bluetooth Device (Personal Area Network) #2
------Binding Path 2
---------Bluetooth Device (Personal Area Network)
------Binding Path 3
---------Microsoft TV/Video Connection
------Binding Path 4
---------Realtek RTL8139/810x Family Fast Ethernet NIC
---Point to Point Tunneling Protocol
---Layer 2 Tunneling Protocol
---Remote Access NDIS WAN Driver
------Binding Path 1
---------WAN Miniport (ATW)
------Binding Path 2
---------Direct Parallel
------Binding Path 3
---------WAN Miniport (PPPOE)
------Binding Path 4
---------WAN Miniport (PPTP)
------Binding Path 5
---------WAN Miniport (L2TP)
------Binding Path 6
---------RAS Async Adapter
---NDIS Usermode I/O Protocol
------Binding Path 1
---------Bluetooth Device (Personal Area Network) #2
------Binding Path 2
---------Bluetooth Device (Personal Area Network)
------Binding Path 3
---------Microsoft TV/Video Connection
------Binding Path 4
---------Realtek RTL8139/810x Family Fast Ethernet NIC
---Message-oriented TCP/IP Protocol (SMB session)
---WINS Client(TCP/IP) Protocol
------Binding Path 1
---------Internet Protocol (TCP/IP)
---------Windows Mobile-based Device #6
------Binding Path 2
---------Internet Protocol (TCP/IP)
---------Bluetooth Device (Personal Area Network) #2
------Binding Path 3
---------Internet Protocol (TCP/IP)
---------Windows Mobile-based Device #5
------Binding Path 4
---------Internet Protocol (TCP/IP)
---------Bluetooth Device (Personal Area Network)
------Binding Path 5
---------Internet Protocol (TCP/IP)
---------Microsoft TV/Video Connection
------Binding Path 6
---------Internet Protocol (TCP/IP)
---------Realtek RTL8139/810x Family Fast Ethernet NIC
------Binding Path 7
---------Internet Protocol (TCP/IP)
---------WAN Miniport (IP)
---Internet Protocol (TCP/IP)
------Binding Path 1
---------Windows Mobile-based Device #6
------Binding Path 2
---------Bluetooth Device (Personal Area Network) #2
------Binding Path 3
---------Windows Mobile-based Device #5
------Binding Path 4
---------Bluetooth Device (Personal Area Network)
------Binding Path 5
---------Microsoft TV/Video Connection
------Binding Path 6
---------Realtek RTL8139/810x Family Fast Ethernet NIC
------Binding Path 7
---------WAN Miniport (IP)
Listing Network Services
---Wireless Zero Configuration
---Steelhead
---Dial-Up Server
---Remote Access Connection Manager
---Dial-Up Client
---File and Printer Sharing for Microsoft Networks
------Binding Path 1
---------Message-oriented TCP/IP Protocol (SMB session)
------Binding Path 2
---------WINS Client(TCP/IP) Protocol
---------Internet Protocol (TCP/IP)
---------Windows Mobile-based Device #6
------Binding Path 3
---------WINS Client(TCP/IP) Protocol
---------Internet Protocol (TCP/IP)
---------Bluetooth Device (Personal Area Network) #2
------Binding Path 4
---------WINS Client(TCP/IP) Protocol
---------Internet Protocol (TCP/IP)
---------Windows Mobile-based Device #5
------Binding Path 5
---------WINS Client(TCP/IP) Protocol
---------Internet Protocol (TCP/IP)
---------Bluetooth Device (Personal Area Network)
------Binding Path 6
---------WINS Client(TCP/IP) Protocol
---------Internet Protocol (TCP/IP)
---------Microsoft TV/Video Connection
------Binding Path 7
---------WINS Client(TCP/IP) Protocol
---------Internet Protocol (TCP/IP)
---------Realtek RTL8139/810x Family Fast Ethernet NIC
------Binding Path 8
---------WINS Client(TCP/IP) Protocol
---------Internet Protocol (TCP/IP)
---------WAN Miniport (IP)
---QoS Packet Scheduler
------Binding Path 1
---------Realtek RTL8139/810x Family Fast Ethernet NIC
------Binding Path 2
---------WAN Miniport (IP)
---Generic Packet Classifier
---Application Layer Gateway
---NetBIOS Interface
------Binding Path 1
---------WINS Client(TCP/IP) Protocol
---------Internet Protocol (TCP/IP)
---------Windows Mobile-based Device #6
------Binding Path 2
---------WINS Client(TCP/IP) Protocol
---------Internet Protocol (TCP/IP)
---------Bluetooth Device (Personal Area Network) #2
------Binding Path 3
---------WINS Client(TCP/IP) Protocol
---------Internet Protocol (TCP/IP)
---------Windows Mobile-based Device #5
------Binding Path 4
---------WINS Client(TCP/IP) Protocol
---------Internet Protocol (TCP/IP)
---------Bluetooth Device (Personal Area Network)
------Binding Path 5
---------WINS Client(TCP/IP) Protocol
---------Internet Protocol (TCP/IP)
---------Microsoft TV/Video Connection
------Binding Path 6
---------WINS Client(TCP/IP) Protocol
---------Internet Protocol (TCP/IP)
---------Realtek RTL8139/810x Family Fast Ethernet NIC
------Binding Path 7
---------WINS Client(TCP/IP) Protocol
---------Internet Protocol (TCP/IP)
---------WAN Miniport (IP)
---QoS RSVP
Pinging Desktop gateway 192.168.0.1 started
Ping echoed successfully
ZoneAlarm Security Suite has been detected. Firewall settings can prevent Windows Mobile powered devices from connecting. Get up-to-date solutions to common firewall problems and step by step instructions for correcting them. Please click the following link:
http://go.microsoft.com/fwlink/?LinkId=65178
and follow the steps provided to make sure that your firewall is configured correctly.
Pinging Device 169.254.2.2 started
Ping echoed successfully
Attempting to connect to device
Device operating system version 5.1.195
ActiveSync is performing a sync, please wait......
Searching ActiveSync log file
No errors found in ActiveSync log file

Exiting

ComboFix 08-09-05.03 - Owner 2008-09-07 15:37:15.1 - NTFSx86 MINIMAL
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\tdssinit.dll
C:\WINDOWS\system32\tdssl.dll
C:\WINDOWS\system32\tdsslog.dll
C:\WINDOWS\system32\tdssmain.dll
C:\WINDOWS\system32\tdssserf.dll
C:\WINDOWS\system32\tdssservers.dat

.
((((((((((((((((((((((((( Files Created from 2008-08-07 to 2008-09-07 )))))))))))))))))))))))))))))))
.

2008-09-07 14:14 . 2008-09-07 14:14 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-07 14:14 . 2008-09-07 14:14 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-09-07 14:14 . 2008-09-07 14:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-07 14:14 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-07 14:14 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-07 01:09 . 2008-09-07 01:09 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Simply Super Software
2008-09-07 01:09 . 2008-09-07 01:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2008-09-07 01:09 . 2006-05-25 15:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2008-09-07 01:09 . 2003-02-02 20:06 153,088 --a------ C:\WINDOWS\system32\unrar3.dll
2008-09-07 01:09 . 2005-08-26 01:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2008-09-07 01:09 . 2002-03-06 01:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2008-09-07 01:09 . 2006-06-19 13:01 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll
2008-09-07 00:40 . 2008-09-07 00:40 <DIR> d-------- C:\Program Files\Windows Sidebar
2008-09-07 00:40 . 2008-09-07 15:02 <DIR> d-------- C:\Program Files\Norton 360
2008-09-07 00:38 . 2008-09-07 11:37 10,671 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.CAT
2008-09-07 00:38 . 2008-09-07 11:37 805 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.INF
2008-09-06 22:55 . 2008-09-06 22:55 <DIR> d-------- C:\Program Files\CCleaner
2008-09-06 22:54 . 2008-09-06 22:54 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-09-06 22:54 . 2008-09-06 22:54 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com
2008-09-06 22:54 . 2008-09-06 22:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-09-06 20:55 . 2008-09-06 20:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-09-06 18:50 . 2008-09-06 18:53 1,802 --a------ C:\WINDOWS\system32\tmp.reg
2008-09-06 18:48 . 2004-08-27 02:54 <DIR> d-------- C:\Documents and Settings\Administrator.JASON_OFFICE\WINDOWS
2008-09-06 18:48 . 2005-09-09 16:39 <DIR> d-------- C:\Documents and Settings\Administrator.JASON_OFFICE\Application Data\You've Got Pictures Screensaver
2008-09-06 18:48 . 2005-09-09 16:38 <DIR> d-------- C:\Documents and Settings\Administrator.JASON_OFFICE\Application Data\SampleView
2008-09-06 18:48 . 2005-09-09 17:11 <DIR> d-------- C:\Documents and Settings\Administrator.JASON_OFFICE\Application Data\CyberLink
2008-09-06 18:48 . 2008-09-06 23:01 <DIR> d-------- C:\Documents and Settings\Administrator.JASON_OFFICE\Application Data\AOL
2008-09-06 18:48 . 2008-09-06 18:48 <DIR> d-------- C:\Documents and Settings\Administrator.JASON_OFFICE
2008-09-06 18:46 . 2008-09-07 15:32 12 --a------ C:\WINDOWS\bthservsdp.dat
2008-09-06 17:26 . 2008-09-06 17:26 10,240 --a------ C:\WINDOWS\system32\dhcpserv.dll
2008-09-06 17:26 . 2008-09-06 22:42 104 --a------ C:\WINDOWS\system32\inet.ocx
2008-09-06 17:25 . 2008-09-06 17:25 8,704 --a------ C:\WINDOWS\system32\regapi32.dll
2008-09-06 17:25 . 2008-09-06 17:25 8,192 --a------ C:\WINDOWS\system32\dcphnet.dll
2008-09-06 17:25 . 2008-09-06 17:25 8,192 --a------ C:\WINDOWS\system32\cbrowse.dll
2008-09-04 11:32 . 2008-09-04 11:32 <DIR> d-------- C:\Program Files\WinPcap
2008-08-31 12:19 . 2008-09-01 11:24 <DIR> d-------- C:\Chris

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-07 22:05 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-09-07 18:54 --------- d-----w C:\Program Files\Warcraft III
2008-09-07 18:41 611,840 ----a-w C:\WINDOWS\Internet Logs\xDB11.tmp
2008-09-07 18:41 4,448,768 ----a-w C:\WINDOWS\Internet Logs\xDB12.tmp
2008-09-07 18:37 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL
2008-09-07 18:37 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2008-09-07 18:37 --------- d-----w C:\Program Files\Symantec
2008-09-07 18:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-09-07 08:34 896,472 ----a-w C:\WINDOWS\system32\drivers\vetmonnt.sys
2008-09-07 08:34 114,856 ----a-w C:\WINDOWS\system32\drivers\vetfddnt.sys
2008-09-07 08:34 1,353,016 ----a-w C:\WINDOWS\system32\vete.dll
2008-09-07 07:52 --------- d-----w C:\Documents and Settings\Owner\Application Data\Symantec
2008-09-07 06:56 --------- d-----w C:\Program Files\Pure Networks
2008-09-07 06:17 --------- d-----w C:\Program Files\TaxCut06
2008-09-07 06:13 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-07 06:12 --------- d-----w C:\Program Files\iPod
2008-09-07 06:10 --------- d-----w C:\Program Files\DeductionPro 2006
2008-09-07 06:10 --------- d-----w C:\Program Files\BUFFALO
2008-09-07 06:09 --------- d-----w C:\Program Files\BigFix
2008-09-07 06:09 --------- d-----w C:\Program Files\Azureus
2008-09-07 06:07 --------- d-----w C:\Program Files\Common Files\AOL
2008-09-07 06:07 --------- d-----w C:\Program Files\AIM
2008-09-07 06:07 --------- d-----w C:\Documents and Settings\Owner\Application Data\Aim
2008-09-07 06:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-09-07 06:01 --------- d-----w C:\Documents and Settings\Owner\Application Data\AOL
2008-09-07 06:01 --------- d-----w C:\Documents and Settings\LogMeInRemoteUser\Application Data\AOL
2008-09-07 05:51 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-09-07 04:25 --------- d-----w C:\Documents and Settings\Owner\Application Data\mIRC
2008-09-07 04:20 --------- d-----w C:\Program Files\mIRC
2008-09-07 04:19 --------- d-----w C:\Program Files\Kazaa
2008-09-07 03:55 --------- d-----w C:\Program Files\Lavasoft
2008-09-07 03:55 --------- d-----w C:\Documents and Settings\Owner\Application Data\Lavasoft
2008-09-07 00:24 789,302 ----a-w C:\WINDOWS\Internet Logs\imsDebug.zip
2008-08-31 19:33 41,472 ----a-w C:\WINDOWS\Internet Logs\xDBF.tmp
2008-08-31 19:33 4,109,312 ----a-w C:\WINDOWS\Internet Logs\xDB10.tmp
2008-08-31 19:33 --------- d-----w C:\Documents and Settings\Owner\Application Data\DNA
2008-08-31 19:15 --------- d-----w C:\Program Files\DNA
2008-08-31 18:35 4,102,656 ----a-w C:\WINDOWS\Internet Logs\xDBE.tmp
2008-08-31 18:35 3,013,632 ----a-w C:\WINDOWS\Internet Logs\xDBD.tmp
2008-07-31 00:42 23,888 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.sys
2008-07-31 00:28 706 ----a-w C:\WINDOWS\system32\drivers\COH_Mon.inf
2008-07-31 00:28 10,537 ----a-w C:\WINDOWS\system32\drivers\coh_mon.cat
2008-07-20 23:33 --------- d-----w C:\Documents and Settings\Owner\Application Data\U3
2008-07-20 23:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kodak
2008-06-13 21:45 579,464 ----a-w C:\WINDOWS\system32\SymNeti.dll
2008-06-13 21:45 207,240 ----a-w C:\WINDOWS\system32\SymRedir.dll
2006-09-20 00:44 908 ----a-w C:\Documents and Settings\Owner\Application Data\wklnhst.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayExcluded]
@="{4433A54A-1AC8-432F-90FC-85F045CF383C}"
[HKEY_CLASSES_ROOT\CLSID\{4433A54A-1AC8-432F-90FC-85F045CF383C}]
2008-02-26 01:34 576352 --a------ C:\Program Files\Common Files\Symantec Shared\Backup\buShell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayPending]
@="{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}"
[HKEY_CLASSES_ROOT\CLSID\{F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225}]
2008-02-26 01:34 576352 --a------ C:\Program Files\Common Files\Symantec Shared\Backup\buShell.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\OverlayProtected]
@="{476D0EA3-80F9-48B5-B70B-05E677C9C148}"
[HKEY_CLASSES_ROOT\CLSID\{476D0EA3-80F9-48B5-B70B-05E677C9C148}]
2008-02-26 01:34 576352 --a------ C:\Program Files\Common Files\Symantec Shared\Backup\buShell.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 15360]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-09-03 1576176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2005-09-09 7110656]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 282624]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2008-02-18 51048]
"osCheck"="C:\Program Files\Norton 360\osCheck.exe" [2008-02-26 988512]
"Zone Labs Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2005-11-15 755472]
"SoundMan"="SOUNDMAN.EXE" [2003-12-09 C:\WINDOWS\SOUNDMAN.EXE]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-04 C:\WINDOWS\system32\bthprops.cpl]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 C:\WINDOWS\system32\narrator.exe]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{93994DE8-8239-4655-B1D1-5F4E91300429}"= "C:\Program Files\DVD Region+CSS Free2\DVDShell.dll" [2004-10-09 49152]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BigFix.lnk
backup=C:\WINDOWS\pss\BigFix.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Install Pending Files.LNK]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Install Pending Files.LNK
backup=C:\WINDOWS\pss\Install Pending Files.LNKCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Logitech SetPoint.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk
backup=C:\WINDOWS\pss\Logitech SetPoint.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Accessories^Accessories^Startup^Adobe Gamma.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Accessories\Accessories\Startup\Adobe Gamma.lnk
backup=C:\WINDOWS\pss\Adobe Gamma.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Accessories^Accessories^Startup^PowerReg Scheduler V3.exe]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Accessories\Accessories\Startup\PowerReg Scheduler V3.exe
backup=C:\WINDOWS\pss\PowerReg Scheduler V3.exeStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Accessories^Startup^BUFFALO NAS Navigator.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Accessories\Startup\BUFFALO NAS Navigator.lnk
backup=C:\WINDOWS\pss\BUFFALO NAS Navigator.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Accessories^Startup^Cyber-shot Viewer Media Check Tool.lnk]
path=C:\Documents and Settings\Owner\Start Menu\Programs\Accessories\Startup\Cyber-shot Viewer Media Check Tool.lnk
backup=C:\WINDOWS\pss\Cyber-shot Viewer Media Check Tool.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\602PC SUITE PDF Saver]
--a------ 2005-08-31 17:00 49152 C:\Program Files\Common Files\soft602\pdfSaver.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
--a------ 2005-07-25 23:30 50776 C:\Program Files\America Online 9.0\aol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\avast!]
--a------ 2005-03-12 01:14 98352 C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]
--a------ 2008-02-18 12:37 51048 C:\Program Files\Common Files\Symantec Shared\ccApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-04 12:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\H/PC Connection Agent]
--a------ 2006-11-13 13:39 1289000 C:\Program Files\Microsoft ActiveSync\wcescomm.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
--a------ 2005-11-02 20:01 50792 C:\Program Files\Common Files\AOL\1126309075\EE\aolsoftware.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
---hs---- 2004-10-13 09:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MXOBG]
--a------ 2003-10-10 12:23 94208 C:\WINDOWS\MXOALDR.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 15:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
--a------ 2005-09-09 16:26 7110656 C:\WINDOWS\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
--a------ 2005-09-09 16:26 86016 C:\WINDOWS\system32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PWRISOVM.EXE]
--a------ 2007-08-06 17:05 200704 C:\Program Files\PowerISO\PWRISOVM.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-10-25 19:58 282624 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
--a------ 2002-09-13 23:42 212992 C:\WINDOWS\SMINST\Recguard.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Reminder]
--a------ 2005-03-15 10:04 966656 C:\WINDOWS\creator\remind_xp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
--a------ 2004-11-02 20:24 32768 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RetroExpress]
--a------ 2004-07-30 16:47 6946816 C:\PROGRA~1\Dantz\RETROS~1\RetroExpress.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SsAAD.exe]
--a------ 2005-01-24 20:58 81920 C:\PROGRA~1\Sony\SONICS~1\SSAAD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 02:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
--a------ 2004-08-04 12:00 110592 C:\WINDOWS\system32\bthprops.cpl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Logitech Hardware Abstraction Layer]
--a------ 2006-05-10 09:48 94208 C:\WINDOWS\KHALMNPR.Exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2005-09-09 16:26 1519616 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
--a------ 2005-03-08 03:33 53248 C:\WINDOWS\system32\VTTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTrayp]
--a------ 2005-03-11 17:33 147456 C:\WINDOWS\system32\VTTrayp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"AVGEMS"=2 (0x2)
"Avg7UpdSvc"=2 (0x2)
"aswUpdSv"=2 (0x2)
"avast! Web Scanner"=3 (0x3)
"avast! Mail Scanner"=3 (0x3)
"avast! Antivirus"=2 (0x2)
"wuauserv"=2 (0x2)
"AOL TopSpeedMonitor"=2 (0x2)
"AOL ACS"=2 (0x2)
"iPod Service"=3 (0x3)
"Adobe LM Service"=3 (0x3)
"SSScsiSV"=3 (0x3)
"PrismXL"=2 (0x2)
"IDriverT"=3 (0x3)
"MSCSPTISRV"=3 (0x3)
"MrobeService"=3 (0x3)
"ose"=3 (0x3)
"PACSPTISVR"=3 (0x3)
"ScsiAccess"=2 (0x2)
"SPTISRV"=3 (0x3)
"SNDSrvc"=3 (0x3)
"ZuneNetworkSvc"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Common Files\\AOL\\1126309075\\EE\\aim6.exe"=
"C:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"C:\\Program Files\\Common Files\\AOL\\1126309075\\EE\\AOLServiceHost.exe"=
"C:\\Program Files\\America Online 9.0\\waol.exe"=
"C:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"C:\\Program Files\\Common Files\\AOL\\1126309075\\EE\\aexplore.exe"=
"C:\\Program Files\\Common Files\\AOL\\1126309075\\EE\\aolsoftware.exe"=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"C:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\WINDOWS\\system32\\sessmgr.exe"=
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"= C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"= C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"= C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:*:Disabled:blizzard downloader
"6112:TCP"= 6112:TCP:*:Disabled:Blizzard Downloader
"49159:TCP"= 49159:TCP:*:Disabled:Downloadn
"49159:UDP"= 49159:UDP:*:Disabled:downloadn
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 APFTrans;Armor2net Filter;C:\WINDOWS\system32\APFTrans.sys [2003-12-02 32896]
S2 LBeepKE;LBeepKE;C:\WINDOWS\system32\Drivers\LBeepKE.sys [2006-06-30 3712]
S2 LiveUpdate Notice;LiveUpdate Notice;C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe [2008-02-18 149352]
S3 COH_Mon;COH_Mon;C:\WINDOWS\system32\Drivers\COH_Mon.sys [2008-07-30 23888]
S3 NPF;NetGroup Packet Filter Driver;C:\WINDOWS\system32\drivers\npf.sys [2007-11-06 34064]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{14be22bd-7c79-11dd-b1d9-0040caa98b80}]
\Shell\Auto\command - Start.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Start.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3c76c143-2629-11da-9e3e-806d6172696f}]
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Info.exe folder.htt 480 480

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c6f112db-8048-11db-afcf-00038a000015}]
\Shell\AutoRun\command - G:\setupSNK.exe

*Newly Created Service* - COMHOST
*Newly Created Service* - LBEEPKE
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-AIM - C:\Program Files\AIM\aim.exe
MSConfigStartUp-AOL Spyware Protection - C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
MSConfigStartUp-Armor2net - C:\Documents and Settings\All Users\Documents\Install\Armor2net.exe
MSConfigStartUp-AVG7_CC - C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
MSConfigStartUp-iTunesHelper - C:\Program Files\iTunes\iTunesHelper.exe
MSConfigStartUp-LogMeIn GUI - C:\Program Files\LogMeIn\LogMeInSystray.exe
MSConfigStartUp-MaxtorOneTouch - C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
MSConfigStartUp-MCAgentExe - c:\PROGRA~1\mcafee.com\agent\mcagent.exe
MSConfigStartUp-MCUpdateExe - C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
MSConfigStartUp-NBJ - C:\Program Files\Ahead\Nero BackItUp\NBJ.exe
MSConfigStartUp-Pure Networks Port Magic - C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe
MSConfigStartUp-Symantec NetDriver Monitor - C:\PROGRA~1\SYMNET~1\SNDMon.exe
MSConfigStartUp-Zune Launcher - C:\Program Files\Zune\ZuneLauncher.exe
MSConfigStartUp-_AntiSpyware - c:\progra~1\mcafee\MCAFEE~1\MssCli.exe

.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\mknxvwqw.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.yahoo.com/
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-07 15:41:40
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

C:\DOCUME~1\Owner\LOCALS~1\Temp\RGI1.tmp

scan completed successfully
hidden files: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TDSSserv]
"imagepath"="\systemroot\system32\drivers\TDSSserv.sys"
.
Completion time: 2008-09-07 15:44:15
ComboFix-quarantined-files.txt 2008-09-07 22:43:57

Pre-Run: 43,234,021,376 bytes free
Post-Run: 43,244,990,464 bytes free

330 --- E O F --- 2008-09-07 18:48:24

Any and all help is greatly appreciated. My weed bill has gone through the roof to deal with the stress.

Thank you

Post Edited (jemineye09) : 08-09-2008 20:42:57 GMT

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 14290

Posted 9-9-2008 4:42 (GMT +1)

Hello

Download http://downloads.andymanchesta.com/RemovalTools/SDFix.exe

and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)
and save it to your desktop.

When you have done this, please boot into Safe Mode (Tap F8 during startup).

Open the extracted folder - C:\ SDFix and doubleclick on RunThis.bat to start the script.

Type Y to begin the script. It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot. When you hit any key, your computer will reboot. Your system will take longer that normal to restart as the fixtool will be running and removing files.

When your desktop loads, the utility will complete the removal and display Finished. Press any key again to end the script and load your desktop icons.

Open the SDFix folder on your desktop and copy and paste the contents of Report.txt along with new combofix log

Do NOT post your problem in someone elses thread.

Member of - Alliance of Security Analysis Professionals

A non-profit, volunteer network.

anih123
New Member

Date Joined Sep 2008
Total Posts : 1

Posted 9-11-2008 7:55 (GMT +1)

Just wanted to say i Have had this exact problem for a few days now and tried EVERYTHING. finally got a hold of this thread and the SDfix worked. thanks alot. Great job!

Forum Information

Currently it is Tuesday, January 06, 2009 2:08 PM (GMT +1)
There are a total of 65.861 posts in 16.164 threads.
In the last 3 days there were 21 new threads and 85 reply posts. View Active Threads