Jump to content

taipan

Members
 View Profile  See their activity

  • Posts

    6

  • Joined

  • Last visited

Reputation

0 Neutral
  1. taipan
    Sorry it took so long for me to post this. Antivirus Version Last Update Result AhnLab-V3 2010.11.21.01 2010.11.21 Trojan/Win32.Gen AntiVir 7.10.14.55 2010.11.19 - Antiy-AVL 2.0.3.7 2010.11.21 - Avast 4.8.1351.0 2010.11.21 Win32:Malware-gen Avast5 5.0.594.0 2010.11.21 Win32:Malware-gen AVG 9.0.0.851 2010.11.21 Clicker.ANSD BitDefender 7.2 2010.11.21 Trojan.Generic.5068024 CAT-QuickHeal 11.00 2010.11.09 - ClamAV 0.96.4.0 2010.11.21 - Command 5.2.11.5 2010.11.21 - Comodo 6798 2010.11.21 Heur.Suspicious DrWeb 5.0.2.03300 2010.11.21 Trojan.Click1.27384 Emsisoft 5.0.0.50 2010.11.21 Trojan-Clicker.Win32.Agent.NME!A2 eSafe 7.0.17.0 2010.11.21 - eTrust-Vet 36.1.7989 2010.11.20 - F-Prot 4.6.2.117 2010.11.21 - F-Secure 9.0.16160.0 2010.11.20 Trojan.Generic.5068024 Fortinet 4.2.254.0 2010.11.20 W32/Dx.URP!tr GData 21 2010.11.21 Trojan.Generic.5068024 Ikarus T3.1.1.90.0 2010.11.21 - Jiangmin 13.0.900 2010.11.20 - K7AntiVirus 9.68.3041 2010.11.20 - Kaspersky 7.0.0.125 2010.11.21 - McAfee 5.400.0.1158 2010.11.21 Generic.dx!urp McAfee-GW-Edition 2010.1C 2010.11.21 Generic.dx!urp Microsoft 1.6402 2010.11.19 Trojan:Win32/Clishmic.A NOD32 5636 2010.11.21 Win32/TrojanClicker.Agent.NME Norman 6.06.10 2010.11.21 - nProtect 2010-11-21.01 2010.11.21 Trojan.Generic.5068024 Panda 10.0.2.7 2010.11.21 Generic Trojan PCTools 7.0.3.5 2010.11.21 Trojan.Gen Prevx 3.0 2010.11.21 Medium Risk Malware Rising 22.74.05.01 2010.11.21 Packer.Win32.Agent.GEN Sophos 4.59.0 2010.11.21 - SUPERAntiSpyware 4.40.0.1006 2010.11.21 Trojan.Agent/Gen Symantec 20101.2.0.161 2010.11.21 Trojan.Gen TheHacker 6.7.0.1.087 2010.11.20 Trojan/Clicker.Agent.nme TrendMicro 9.120.0.1004 2010.11.21 TROJ_COBRA.AY TrendMicro-HouseCall 9.120.0.1004 2010.11.21 TROJ_COBRA.AY VBA32 3.12.14.2 2010.11.19 - VIPRE 7371 2010.11.21 Trojan-Downloader.Win32.Sfn!cobra (v) ViRobot 2010.11.20.4158 2010.11.21 - VirusBuster 13.6.52.1 2010.11.21 Trojan.CL.Agent2!zYDaq/vsyEU Additional informationShow all MD5 : cb93887c48a044a886b7ec0ab94e35a8 SHA1 : a43ce7c8720bcbbf7815e45bc14653b8f1aa27b1 SHA256: 4c796bd45f0f4d8b2053ab91c57737a10bcfa0705c8648ce0b4de2a77630d374 ssdeep: 768:yNeJAbTRKgQLf4Cg5fugUhu8WwnNiqQMsiMHftdgSjqeuQMX2TeTIZk:yNmwTRKgQT4Hftf i9QMsikftdvWUGye1 File size : 38786 bytes First seen: 2010-11-10 23:52:30 Last seen : 2010-11-21 18:49:37 TrID: Win32 Executable Generic (42.3%) Win32 Dynamic Link Library (generic) (37.6%) Generic Win/DOS Executable (9.9%) DOS Executable Generic (9.9%) Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%) sigcheck: publisher....: n/a copyright....: n/a product......: n/a description..: n/a original name: n/a internal name: n/a file version.: n/a comments.....: n/a signers......: - signing date.: - verified.....: Unsigned PEInfo: PE structure information [[ basic data ]] entrypointaddress: 0x79CE timedatestamp....: 0x4CD9C9DE (Tue Nov 09 22:23:26 2010) machinetype......: 0x14c (I386) [[ 5 section(s) ]] name, viradd, virsiz, rawdsiz, ntropy, md5 .text, 0x1000, 0x7046, 0x7200, 6.45, f98916ed2cbbef6ebfb09b75e5a7acbf .rdata, 0x9000, 0x1400, 0x1400, 5.13, c5106b2cd2825d652916adb60de174cd .data, 0xB000, 0x540, 0x200, 1.83, 37d62f2acc476f82825dbea9c4c4f4bf .rsrc, 0xC000, 0x1B4, 0x200, 5.10, c52ee9fcdbbff3ba2f8da39a1bd23689 .reloc, 0xD000, 0x7C8, 0x800, 5.58, a58e12ebd27cdc74d84e2cf26c572dc0 [[ 10 import(s) ]] PSAPI.DLL: GetModuleBaseNameA WININET.dll: InternetOpenA, InternetOpenUrlW, InternetOpenW, InternetReadFile, HttpQueryInfoA, HttpSendRequestA, InternetCloseHandle, InternetOpenUrlA SHLWAPI.dll: SHSetValueA urlmon.dll: CoInternetSetFeatureEnabled, ObtainUserAgentString KERNEL32.dll: HeapFree, GetStartupInfoA, GetSystemTime, CreateFileW, ExitProcess, WaitForSingleObject, CloseHandle, CreateEventA, SetEvent, ResetEvent, CreateWaitableTimerA, SetWaitableTimer, InitializeCriticalSection, EnterCriticalSection, GetSystemInfo, GetCurrentProcess, HeapAlloc, GetProcessHeap, GetSystemDirectoryA, LeaveCriticalSection, VirtualFree, VirtualAlloc, GetTickCount, CreateFileA, GetFileSize, ReadFile, Sleep, GetModuleHandleA, GetModuleFileNameA, GetCurrentThreadId, CreateThread, CompareStringW, GetLastError, MultiByteToWideChar, GetModuleFileNameW, SystemTimeToFileTime, IsBadWritePtr, SetFilePointer, GetCommandLineA USER32.dll: DefWindowProcA, RegisterClassExA, CreateWindowExA, GetMessageA, TranslateMessage, DispatchMessageA, CharLowerW, SetPropA, GetClientRect, ShowWindow, UpdateWindow, DestroyWindow, PostMessageA GDI32.dll: GetStockObject ADVAPI32.dll: CryptAcquireContextA, CryptReleaseContext, CryptGenRandom ole32.dll: CoInitialize, CreateStreamOnHGlobal, CoMarshalInterface, CoCreateInstance, CoUnmarshalInterface OLEAUT32.dll: -, -, - Prevx Info: http://info.prevx.com/aboutprogramtext.asp...CAABE0063FF9DF9 ThreatExpert: ThreatExpert info: http://www.threatexpert.com/report.aspx?md...6b7ec0ab94e35a8 ExifTool: file metadata CodeSize: 29184 EntryPoint: 0x79ce FileSize: 38 kB FileType: Win32 EXE ImageVersion: 0.0 InitializedDataSize: 8192 LinkerVersion: 9.0 MIMEType: application/octet-stream MachineType: Intel 386 or later, and compatibles OSVersion: 5.0 PEType: PE32 Subsystem: Windows GUI SubsystemVersion: 5.0 TimeStamp: 2010:11:09 23:23:26+01:00 UninitializedDataSize: 0
  2. taipan
    Things seem to be running well now. The Pop-ups and google redirects have stopped, and Malwarebytes no longer finds anything. Thank you so very much for your help!
  3. taipan
    DDS (Ver_10-11-10.01) - NTFSx86 Run by Compaq_Owner at 0:09:41.50 on Fri 11/19/2010 Internet Explorer: 7.0.5730.13 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2047.1207 [GMT -8:00] AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning disabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33} AV: ZoneAlarm Security Suite Antivirus *On-access scanning enabled* (Updated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF} FW: ZoneAlarm Security Suite Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B} ============== Running Processes =============== C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\Program Files\NovaStor\NovaBACKUP\NbkCtrl.exe C:\Program Files\McAfee\Common Framework\UdaterUI.exe svchost.exe C:\WINDOWS\RTHDCPL.EXE C:\PROGRA~1\NovaStor\NOVABA~1\NSENGINE.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\Program Files\McAfee\Common Framework\McTray.exe C:\Program Files\McAfee\Common Framework\FrameworkService.exe C:\Program Files\Canon\MyPrinter\BJMyPrt.exe C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe C:\WINDOWS\tsnp2std.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\vsnp2std.exe C:\Program Files\Cisco\Cisco NAC Agent\NACAgentUI.exe C:\Program Files\Cisco\Cisco NAC Agent\NACAgent.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\wanmpsvc.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\WINDOWS\system32\VTTimer.exe c:\windows\system\hpsysdrv.exe C:\Program Files\Java\jre1.5.0\bin\jusched.exe C:\Program Files\Java\jre1.5.0\bin\jucheck.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Compaq_Owner\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.mtgsalvation.com/ uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=presario&pf=desktop uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=presario&pf=desktop uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=presario&pf=desktop uSearchURL,(Default) = hxxp://www.google.com/keyword/%s mSearchAssistant = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=presario&pf=desktop BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_02\bin\ssv.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File EB: &Research: {ff059e31-cc5a-4e2e-bf3b-96e929d65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [steam] "c:\program files\steam\steam.exe" -silent uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe uRun: [skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe" mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run mRun: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exe mRun: [AOL Spyware Protection] "c:\progra~1\common~1\aol\aolspy~1\AOLSP Scheduler.exe" mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe mRun: [HPHUPD05] c:\program files\hewlett-packard\\{5372b9a6-6e51-4f90-9b40-e0a3b8475c4e}\hphupd05.exe mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe" mRun: [HP Software Update] "c:\program files\hewlett-packard\hp software update\HPWuSchd2.exe" mRun: [HPHmon05] c:\windows\system32\hphmon05.exe mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [HostManager] c:\program files\common files\aol\1166401248\ee\AOLSoftware.exe mRun: [WinSys2] c:\windows\system32\winsys2.exe mRun: [NovaBackup 7 Tray Control] "c:\program files\novastor\novabackup\NbkCtrl.exe" mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\UdaterUI.exe" /StartedFromRunKey mRun: [sunJavaUpdateSched] c:\program files\java\jre1.6.0_02\bin\jusched.exe mRun: [RTHDCPL] RTHDCPL.EXE mRun: [Alcmtr] ALCMTR.EXE mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon mRun: [sSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4\OpwareSE4.exe" mRun: [tsnp2std] c:\windows\tsnp2std.exe mRun: [snp2std] c:\windows\vsnp2std.exe mRun: [NACAgentUI] c:\program files\cisco\cisco nac agent\NACAgentUI.exe mRun: [nwiz] nwiz.exe /installquiet mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe" StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\americ~1.lnk - c:\program files\america online 9.0\aoltray.exe uPolicies-system: EnableProfileQuota = 1 (0x1) IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_02\bin\ssv.dll IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL Trusted Zone: wizards.com\www DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204 DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.systemrequirementslab.com/srl_bin/sysreqlab_srl.cab DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {2CA2C9B8-E4F6-4BE9-8601-52ED0AFBA79D} - hxxp://asp.mathxl.com/books/_Players/AccountingPlayer.cab DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} - hxxp://asp.mathxl.com/wizmodules/testgen/installers/TestGenXInstall.cab DPF: {39b0684f-d7bf-4743-b050-fdc3f48f7e3b} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.9.113.cab DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} - hxxp://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} - hxxp://webserver.dyyno.com/DyynoClient/DyynoCAB.CAB DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1135305162484 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {95D88B35-A521-472B-A182-BB1A98356421} - hxxp://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} - hxxp://h30155.www3.hp.com/ediags/dd/install/guidedsolutions.cab DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} - hxxps://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL LSA: Notification Packages = scecli scecli Hosts: 209.44.111.62 private.microsoft.com Hosts: 209.44.111.62 aviremover-2009.com Hosts: 209.44.111.62 www.aviremover-2009.com ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\compaq~1\applic~1\mozilla\firefox\profiles\atmxurm8.default\ FF - prefs.js: network.proxy.type - 0 FF - plugin: c:\program files\dyyno\dyyno player\npvlc.dll FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false); ============= SERVICES / DRIVERS =============== R0 kl1;kl1;c:\windows\system32\drivers\kl1.sys [2010-11-14 128016] R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-11-14 64288] R1 klif;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2010-11-14 317072] R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2009-7-12 528128] R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2008-11-15 104000] R2 NACAgent;Cisco NAC Agent;c:\program files\cisco\cisco nac agent\NACAgent.exe [2010-2-5 742144] R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?] R3 TNET1130;802.11 WLAN;c:\windows\system32\drivers\TNET1130.sys [2005-12-22 386688] S1 f14081da;f14081da;c:\windows\system32\drivers\f14081da.sys [2009-7-9 0] S1 mferkdk;VSCore mferkdk;\??\c:\program files\mcafee\virusscan enterprise\mferkdk.sys --> c:\program files\mcafee\virusscan enterprise\mferkdk.sys [?] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-6 135664] S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-9-22 1375992] S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-9-22 15264] S3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2008-11-15 72264] S3 mfebopk;McAfee Inc.;c:\windows\system32\drivers\mfebopk.sys [2008-11-15 34152] S3 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2008-11-15 168776] S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?] S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?] S3 XDva136;XDva136;\??\c:\windows\system32\xdva136.sys --> c:\windows\system32\XDva136.sys [?] S3 XDva143;XDva143;\??\c:\windows\system32\xdva143.sys --> c:\windows\system32\XDva143.sys [?] S3 XDva145;XDva145;\??\c:\windows\system32\xdva145.sys --> c:\windows\system32\XDva145.sys [?] S3 XDva152;XDva152;\??\c:\windows\system32\xdva152.sys --> c:\windows\system32\XDva152.sys [?] S3 XDva189;XDva189;\??\c:\windows\system32\xdva189.sys --> c:\windows\system32\XDva189.sys [?] =============== Created Last 30 ================ 2010-11-15 03:46:43 15880 ----a-w- c:\windows\system32\lsdelete.exe 2010-11-15 02:27:36 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys 2010-11-15 02:27:32 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2010-11-15 02:23:23 -------- d-----w- c:\docume~1\compaq~1\locals~1\applic~1\Sunbelt Software 2010-11-15 02:20:58 -------- dc-h--w- c:\docume~1\alluse~1\applic~1\{E961CE1B-C3EA-4882-9F67-F859B555D097} 2010-11-15 02:20:31 -------- d-----w- c:\program files\Lavasoft 2010-11-14 22:56:17 128016 ----a-w- c:\windows\system32\drivers\kl1.sys 2010-11-14 17:20:43 38786 ----a-w- c:\windows\system32\taskcgr.exe 2010-11-14 17:20:19 0 ----a-w- c:\windows\system32\lsp64.tmp 2010-11-13 19:50:47 -------- d-----w- c:\docume~1\compaq~1\applic~1\Malwarebytes 2010-11-13 19:50:35 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-11-13 19:50:34 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-11-13 19:50:34 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes 2010-11-13 19:50:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-10-25 23:51:46 -------- d-----w- c:\program files\MSECache ==================== Find3M ==================== 2010-08-29 10:53:14 72704 ----a-w- c:\windows\zllsputility.exe 2010-08-29 10:53:06 1238528 ----a-w- c:\windows\system32\zpeng25.dll ============= FINISH: 0:11:22.15 ===============
  4. taipan
    MBAM seemed to find different things this time around! Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 5145 Windows 5.1.2600 Service Pack 2 Internet Explorer 7.0.5730.13 11/18/2010 10:48:03 AM mbam-log-2010-11-18 (10-48-03).txt Scan type: Quick scan Objects scanned: 202006 Time elapsed: 38 minute(s), 3 second(s) Memory Processes Infected: 0 Memory Modules Infected: 1 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: C:\WINDOWS\system32\lsp64.dll (Trojan.AdClicker) -> Delete on reboot. Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: C:\WINDOWS\system32\lsp64.dll (Trojan.AdClicker) -> Delete on reboot.
  5. taipan
    I disabled the ad-aware and ran MBAM again - it comes up with the same two problems every time I turn my computer on. Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 5109 Windows 5.1.2600 Service Pack 2 Internet Explorer 7.0.5730.13 11/17/2010 5:04:30 PM mbam-log-2010-11-17 (17-04-30).txt Scan type: Quick scan Objects scanned: 201317 Time elapsed: 37 minute(s), 4 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 2 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BITS\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemRoot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\wuauserv\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemroot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) DDS (Ver_10-11-10.01) - NTFSx86 Run by Compaq_Owner at 15:44:32.57 on Wed 11/17/2010 Internet Explorer: 7.0.5730.13 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2047.1131 [GMT -8:00] AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning disabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33} AV: ZoneAlarm Security Suite Antivirus *On-access scanning enabled* (Updated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF} FW: ZoneAlarm Security Suite Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B} ============== Running Processes =============== C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\Program Files\McAfee\Common Framework\FrameworkService.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe C:\Program Files\Cisco\Cisco NAC Agent\NACAgent.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\Program Files\NovaStor\NovaBACKUP\NbkCtrl.exe C:\Program Files\McAfee\Common Framework\UdaterUI.exe C:\WINDOWS\RTHDCPL.EXE C:\PROGRA~1\NovaStor\NOVABA~1\NSENGINE.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\McAfee\Common Framework\McTray.exe C:\Program Files\Canon\MyPrinter\BJMyPrt.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe C:\WINDOWS\tsnp2std.exe C:\WINDOWS\vsnp2std.exe C:\WINDOWS\wanmpsvc.exe C:\Program Files\Cisco\Cisco NAC Agent\NACAgentUI.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Pando Networks\Media Booster\PMB.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\WINDOWS\system32\VTTimer.exe c:\windows\system\hpsysdrv.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\Program Files\Java\jre1.5.0\bin\jusched.exe C:\Program Files\Java\jre1.5.0\bin\jucheck.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Documents and Settings\Compaq_Owner\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.mtgsalvation.com/ uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=presario&pf=desktop uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=presario&pf=desktop uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=presario&pf=desktop uSearchURL,(Default) = hxxp://www.google.com/keyword/%s mSearchAssistant = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=presario&pf=desktop BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_02\bin\ssv.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File EB: &Research: {ff059e31-cc5a-4e2e-bf3b-96e929d65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [steam] "c:\program files\steam\steam.exe" -silent uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe uRun: [skype] "c:\program files\skype\\phone\Skype.exe" /nosplash /minimized uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe" mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run mRun: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exe mRun: [AOL Spyware Protection] "c:\progra~1\common~1\aol\aolspy~1\AOLSP Scheduler.exe" mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe mRun: [HPHUPD05] c:\program files\hewlett-packard\\{5372b9a6-6e51-4f90-9b40-e0a3b8475c4e}\hphupd05.exe mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe" mRun: [HP Software Update] "c:\program files\hewlett-packard\hp software update\HPWuSchd2.exe" mRun: [HPHmon05] c:\windows\system32\hphmon05.exe mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [HostManager] c:\program files\common files\aol\1166401248\ee\AOLSoftware.exe mRun: [WinSys2] c:\windows\system32\winsys2.exe mRun: [NovaBackup 7 Tray Control] "c:\program files\novastor\novabackup\NbkCtrl.exe" mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\UdaterUI.exe" /StartedFromRunKey mRun: [sunJavaUpdateSched] c:\program files\java\jre1.6.0_02\bin\jusched.exe mRun: [RTHDCPL] RTHDCPL.EXE mRun: [Alcmtr] ALCMTR.EXE mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon mRun: [sSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4\OpwareSE4.exe" mRun: [tsnp2std] c:\windows\tsnp2std.exe mRun: [snp2std] c:\windows\vsnp2std.exe mRun: [NACAgentUI] c:\program files\cisco\cisco nac agent\NACAgentUI.exe mRun: [nwiz] nwiz.exe /installquiet mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe" StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\americ~1.lnk - c:\program files\america online 9.0\aoltray.exe uPolicies-system: EnableProfileQuota = 1 (0x1) IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_02\bin\ssv.dll IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL LSP: c:\windows\system32\lsp64.dll Trusted Zone: wizards.com\www DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204 DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.systemrequirementslab.com/srl_bin/sysreqlab_srl.cab DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {2CA2C9B8-E4F6-4BE9-8601-52ED0AFBA79D} - hxxp://asp.mathxl.com/books/_Players/AccountingPlayer.cab DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} - hxxp://asp.mathxl.com/wizmodules/testgen/installers/TestGenXInstall.cab DPF: {39b0684f-d7bf-4743-b050-fdc3f48f7e3b} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.9.113.cab DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} - hxxp://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} - hxxp://webserver.dyyno.com/DyynoClient/DyynoCAB.CAB DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1135305162484 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {95D88B35-A521-472B-A182-BB1A98356421} - hxxp://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} - hxxp://h30155.www3.hp.com/ediags/dd/install/guidedsolutions.cab DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} - hxxps://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL LSA: Notification Packages = scecli scecli Hosts: 209.44.111.62 private.microsoft.com Hosts: 209.44.111.62 aviremover-2009.com Hosts: 209.44.111.62 www.aviremover-2009.com ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\compaq~1\applic~1\mozilla\firefox\profiles\atmxurm8.default\ FF - prefs.js: network.proxy.type - 0 FF - plugin: c:\program files\dyyno\dyyno player\npvlc.dll FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false); ============= SERVICES / DRIVERS =============== R0 kl1;kl1;c:\windows\system32\drivers\kl1.sys [2010-11-14 128016] R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-11-14 64288] R1 klif;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2010-11-14 317072] R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2009-7-12 528128] R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2008-11-15 104000] R2 NACAgent;Cisco NAC Agent;c:\program files\cisco\cisco nac agent\NACAgent.exe [2010-2-5 742144] R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?] R3 TNET1130;802.11 WLAN;c:\windows\system32\drivers\TNET1130.sys [2005-12-22 386688] S1 f14081da;f14081da;c:\windows\system32\drivers\f14081da.sys [2009-7-9 0] S1 mferkdk;VSCore mferkdk;\??\c:\program files\mcafee\virusscan enterprise\mferkdk.sys --> c:\program files\mcafee\virusscan enterprise\mferkdk.sys [?] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-6 135664] S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-9-22 1375992] S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-9-22 15264] S3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2008-11-15 72264] S3 mfebopk;McAfee Inc.;c:\windows\system32\drivers\mfebopk.sys [2008-11-15 34152] S3 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2008-11-15 168776] S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?] S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?] S3 XDva136;XDva136;\??\c:\windows\system32\xdva136.sys --> c:\windows\system32\XDva136.sys [?] S3 XDva143;XDva143;\??\c:\windows\system32\xdva143.sys --> c:\windows\system32\XDva143.sys [?] S3 XDva145;XDva145;\??\c:\windows\system32\xdva145.sys --> c:\windows\system32\XDva145.sys [?] S3 XDva152;XDva152;\??\c:\windows\system32\xdva152.sys --> c:\windows\system32\XDva152.sys [?] S3 XDva189;XDva189;\??\c:\windows\system32\xdva189.sys --> c:\windows\system32\XDva189.sys [?] =============== Created Last 30 ================ 2010-11-15 03:46:43 15880 ----a-w- c:\windows\system32\lsdelete.exe 2010-11-15 02:27:36 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys 2010-11-15 02:27:32 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2010-11-15 02:23:23 -------- d-----w- c:\docume~1\compaq~1\locals~1\applic~1\Sunbelt Software 2010-11-15 02:20:58 -------- dc-h--w- c:\docume~1\alluse~1\applic~1\{E961CE1B-C3EA-4882-9F67-F859B555D097} 2010-11-15 02:20:31 -------- d-----w- c:\program files\Lavasoft 2010-11-14 22:56:17 128016 ----a-w- c:\windows\system32\drivers\kl1.sys 2010-11-14 17:20:43 38786 ----a-w- c:\windows\system32\taskcgr.exe 2010-11-14 17:20:19 47490 ----a-w- c:\windows\system32\lsp64.dll 2010-11-14 17:20:19 0 ----a-w- c:\windows\system32\lsp64.tmp 2010-11-13 19:50:47 -------- d-----w- c:\docume~1\compaq~1\applic~1\Malwarebytes 2010-11-13 19:50:35 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-11-13 19:50:34 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-11-13 19:50:34 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes 2010-11-13 19:50:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-10-25 23:51:46 -------- d-----w- c:\program files\MSECache ==================== Find3M ==================== 2010-08-29 10:53:14 72704 ----a-w- c:\windows\zllsputility.exe 2010-08-29 10:53:06 1238528 ----a-w- c:\windows\system32\zpeng25.dll ============= FINISH: 15:46:14.96 ===============
  6. taipan
    Hello, My computer seems to have a nasty piece of malware on it. In addition to google redirects, my computer would spawn a process something along the lines of 7BJKT.exe that would repeatedly open up something called "Just-In-Time Debugging." It seems that this is something that can occur by itself, but this would pop up constantly. My computer also seems to be running more processes than usual. It normally ran around 52, but now is at 62. I did recently update some things, so I'm not sure if this is relevant, but I thought I'd throw this tidbit in anyways. These processes are the ones I didn't think ran before: C:\WINDOWS\vsnp2std.exe C:\WINDOWS\tsnp2std.exe Unfortunately I didn't know that support was offered, so I attacked this problem with a variety of resources. I updated and used Zone Alarm, Malwarebytes, Ad-Aware, and Kapersky's TDSS Killer. Malwarebytes, Ad-Aware, and TDSS all found malware. However, each time I reboot my computer or run Malwarebytes or Ad-Aware it keeps finding two malignant files. Below are my Malwarebytes and dss logs. I apologize that my computer is old and filled with crap. Multiple people have used this computer before I, so it has a lot of junk on it. Thank you very much in advance for your help. Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Database version: 5109 Windows 5.1.2600 Service Pack 2 Internet Explorer 7.0.5730.13 11/14/2010 2:26:41 PM mbam-log-2010-11-14 (14-26-41).txt Scan type: Quick scan Objects scanned: 198355 Time elapsed: 36 minute(s), 19 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 2 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\BITS\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemRoot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\wuauserv\ImagePath (Hijack.WindowsUpdates) -> Bad: (%fystemroot%\system32\svchost.exe -k netsvcs) Good: (%SystemRoot%\System32\svchost.exe -k netsvcs) -> Quarantined and deleted successfully. Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) DDS (Ver_10-11-10.01) - NTFSx86 Run by Compaq_Owner at 21:13:42.64 on Tue 11/16/2010 Internet Explorer: 7.0.5730.13 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2047.1183 [GMT -8:00] AV: Lavasoft Ad-Watch Live! Anti-Virus *On-access scanning enabled* (Updated) {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33} AV: ZoneAlarm Security Suite Antivirus *On-access scanning enabled* (Updated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF} FW: ZoneAlarm Security Suite Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B} ============== Running Processes =============== C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe C:\WINDOWS\system32\spoolsv.exe C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe C:\Program Files\HP\hpcoretech\hpcmpmgr.exe C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe C:\Program Files\NovaStor\NovaBACKUP\NbkCtrl.exe C:\Program Files\McAfee\Common Framework\UdaterUI.exe C:\WINDOWS\RTHDCPL.EXE C:\PROGRA~1\NovaStor\NOVABA~1\NSENGINE.exe svchost.exe C:\Program Files\McAfee\Common Framework\McTray.exe C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe C:\Program Files\Canon\MyPrinter\BJMyPrt.exe C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe C:\Program Files\McAfee\Common Framework\FrameworkService.exe C:\WINDOWS\tsnp2std.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\vsnp2std.exe C:\Program Files\Cisco\Cisco NAC Agent\NACAgentUI.exe C:\Program Files\Cisco\Cisco NAC Agent\NACAgent.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\wanmpsvc.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\Skype\Plugin Manager\skypePM.exe C:\WINDOWS\system32\VTTimer.exe c:\windows\system\hpsysdrv.exe C:\Program Files\Java\jre1.5.0\bin\jusched.exe C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\WINDOWS\system32\taskmgr.exe C:\Documents and Settings\Compaq_Owner\Desktop\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.mtgsalvation.com/ uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=presario&pf=desktop uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=presario&pf=desktop uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=presario&pf=desktop uSearchURL,(Default) = hxxp://www.google.com/keyword/%s mSearchAssistant = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=presario&pf=desktop BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_02\bin\ssv.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.5805.1910\swg.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: {C4069E3A-68F1-403E-B40E-20066696354B} - No File EB: &Research: {ff059e31-cc5a-4e2e-bf3b-96e929d65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [steam] "c:\program files\steam\steam.exe" -silent uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe uRun: [skype] "c:\program files\skype\\phone\Skype.exe" /nosplash /minimized uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe" mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run mRun: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [AOLDialer] c:\program files\common files\aol\acs\AOLDial.exe mRun: [AOL Spyware Protection] "c:\progra~1\common~1\aol\aolspy~1\AOLSP Scheduler.exe" mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb09.exe mRun: [HPHUPD05] c:\program files\hewlett-packard\\{5372b9a6-6e51-4f90-9b40-e0a3b8475c4e}\hphupd05.exe mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe" mRun: [HP Software Update] "c:\program files\hewlett-packard\hp software update\HPWuSchd2.exe" mRun: [HPHmon05] c:\windows\system32\hphmon05.exe mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [HostManager] c:\program files\common files\aol\1166401248\ee\AOLSoftware.exe mRun: [WinSys2] c:\windows\system32\winsys2.exe mRun: [NovaBackup 7 Tray Control] "c:\program files\novastor\novabackup\NbkCtrl.exe" mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\UdaterUI.exe" /StartedFromRunKey mRun: [sunJavaUpdateSched] c:\program files\java\jre1.6.0_02\bin\jusched.exe mRun: [RTHDCPL] RTHDCPL.EXE mRun: [Alcmtr] ALCMTR.EXE mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon mRun: [sSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot mRun: [OpwareSE4] "c:\program files\scansoft\omnipagese4\OpwareSE4.exe" mRun: [tsnp2std] c:\windows\tsnp2std.exe mRun: [snp2std] c:\windows\vsnp2std.exe mRun: [NACAgentUI] c:\program files\cisco\cisco nac agent\NACAgentUI.exe mRun: [nwiz] nwiz.exe /installquiet mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe" StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\americ~1.lnk - c:\program files\america online 9.0\aoltray.exe uPolicies-system: EnableProfileQuota = 1 (0x1) IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_02\bin\ssv.dll IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office11\REFIEBAR.DLL LSP: c:\windows\system32\lsp64.dll Trusted Zone: wizards.com\www DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab DPF: {140E4DF8-9E14-4A34-9577-C77561ED7883} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.1.71.0.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204 DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.systemrequirementslab.com/srl_bin/sysreqlab_srl.cab DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {2CA2C9B8-E4F6-4BE9-8601-52ED0AFBA79D} - hxxp://asp.mathxl.com/books/_Players/AccountingPlayer.cab DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} - hxxp://asp.mathxl.com/wizmodules/testgen/installers/TestGenXInstall.cab DPF: {39b0684f-d7bf-4743-b050-fdc3f48f7e3b} - hxxp://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.9.113.cab DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} - hxxp://office.microsoft.com/officeupdate/content/opuc3.cab DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} - hxxp://srtest-cdn.systemrequirementslab.com.s3.amazonaws.com/bin/sysreqlabdetect.cab DPF: {4E218431-2F07-40BD-A9D3-035324C1F13F} - hxxp://webserver.dyyno.com/DyynoClient/DyynoCAB.CAB DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1135305162484 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {95D88B35-A521-472B-A182-BB1A98356421} - hxxp://asp.mathxl.com/books/_Players/PearsonInstallAsst2.cab DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} - hxxp://h30155.www3.hp.com/ediags/dd/install/guidedsolutions.cab DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} - hxxps://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx DPF: {CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL LSA: Notification Packages = scecli scecli Hosts: 209.44.111.62 private.microsoft.com Hosts: 209.44.111.62 aviremover-2009.com Hosts: 209.44.111.62 www.aviremover-2009.com ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\compaq~1\applic~1\mozilla\firefox\profiles\atmxurm8.default\ FF - prefs.js: network.proxy.type - 0 FF - plugin: c:\program files\dyyno\dyyno player\npvlc.dll FF - plugin: c:\program files\google\update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true); c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false); ============= SERVICES / DRIVERS =============== R0 kl1;kl1;c:\windows\system32\drivers\kl1.sys [2010-11-14 128016] R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-11-14 64288] R1 klif;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2010-11-14 317072] R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2009-7-12 528128] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-9-22 1375992] R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2008-11-15 104000] R2 NACAgent;Cisco NAC Agent;c:\program files\cisco\cisco nac agent\NACAgent.exe [2010-2-5 742144] R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?] R3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-9-22 15264] R3 TNET1130;802.11 WLAN;c:\windows\system32\drivers\TNET1130.sys [2005-12-22 386688] S1 f14081da;f14081da;c:\windows\system32\drivers\f14081da.sys [2009-7-9 0] S1 mferkdk;VSCore mferkdk;\??\c:\program files\mcafee\virusscan enterprise\mferkdk.sys --> c:\program files\mcafee\virusscan enterprise\mferkdk.sys [?] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-6 135664] S3 mfeavfk;McAfee Inc.;c:\windows\system32\drivers\mfeavfk.sys [2008-11-15 72264] S3 mfebopk;McAfee Inc.;c:\windows\system32\drivers\mfebopk.sys [2008-11-15 34152] S3 mfehidk;McAfee Inc.;c:\windows\system32\drivers\mfehidk.sys [2008-11-15 168776] S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?] S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?] S3 XDva136;XDva136;\??\c:\windows\system32\xdva136.sys --> c:\windows\system32\XDva136.sys [?] S3 XDva143;XDva143;\??\c:\windows\system32\xdva143.sys --> c:\windows\system32\XDva143.sys [?] S3 XDva145;XDva145;\??\c:\windows\system32\xdva145.sys --> c:\windows\system32\XDva145.sys [?] S3 XDva152;XDva152;\??\c:\windows\system32\xdva152.sys --> c:\windows\system32\XDva152.sys [?] S3 XDva189;XDva189;\??\c:\windows\system32\xdva189.sys --> c:\windows\system32\XDva189.sys [?] =============== Created Last 30 ================ 2010-11-15 03:46:43 15880 ----a-w- c:\windows\system32\lsdelete.exe 2010-11-15 02:27:36 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys 2010-11-15 02:27:32 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys 2010-11-15 02:23:23 -------- d-----w- c:\docume~1\compaq~1\locals~1\applic~1\Sunbelt Software 2010-11-15 02:20:58 -------- dc-h--w- c:\docume~1\alluse~1\applic~1\{E961CE1B-C3EA-4882-9F67-F859B555D097} 2010-11-15 02:20:31 -------- d-----w- c:\program files\Lavasoft 2010-11-14 22:56:17 128016 ----a-w- c:\windows\system32\drivers\kl1.sys 2010-11-14 17:20:43 38786 ----a-w- c:\windows\system32\taskcgr.exe 2010-11-14 17:20:19 47490 ----a-w- c:\windows\system32\lsp64.dll 2010-11-14 17:20:19 0 ----a-w- c:\windows\system32\lsp64.tmp 2010-11-13 19:50:47 -------- d-----w- c:\docume~1\compaq~1\applic~1\Malwarebytes 2010-11-13 19:50:35 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-11-13 19:50:34 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-11-13 19:50:34 -------- d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes 2010-11-13 19:50:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-10-25 23:51:46 -------- d-----w- c:\program files\MSECache ==================== Find3M ==================== 2010-08-29 10:53:14 72704 ----a-w- c:\windows\zllsputility.exe 2010-08-29 10:53:06 1238528 ----a-w- c:\windows\system32\zpeng25.dll ============= FINISH: 21:15:31.12 =============== Attach.zip
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.