ri4

Members

View Profile See their activity

Posts
11
Joined
June 2, 2011
Last visited
August 28, 2011

Content Type

All Activity

Events

Profiles

Forums

Topics
Posts

Everything posted by ri4

Searchqu invasion

ri4 replied to ri4's topic in Resolved Malware Removal Logs

That didn't work.... same error message. So I uninstalled again, searched out any files or folders with the name Mozilla or Firefox and deleted them. Then reinstalled Firefox and it is working now. Thanks, Chris for your help over the past few weeks. I thing we can say my computer is clean now! Best wishes
- July 8, 2011
- 18 replies
Searchqu invasion

ri4 replied to ri4's topic in Resolved Malware Removal Logs

I did those things, and I still have the error message when I try to start Firefox: Firefox is already running, but is not responding. To open a new window, you must first close the existing Firefox process, or restart your system. My instinct would be to unistall/reistall Firefox, but I tried that before and it didn't help. I'll wait to see what you recommend. Thanks
- July 3, 2011
- 18 replies
Searchqu invasion

ri4 replied to ri4's topic in Resolved Malware Removal Logs

Yes, I uninstalled Viewpoint Manager and Viewpoint Media Player. Those were the only ones present in Add/Remove Programs. After running the tasks you requested, I still cannot open Firefox I get same error message : Firefox is already running, but is not responding. To open a new window, you must first close the existing Firefox process, or restart your system. Everything else seems to be running smoothly. Thank you. Here's the other stuff you asked for: ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6427 # api_version=3.0.2 # EOSSerial=0414ead44c347c4297c28803abbfa5b6 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-06-30 09:26:45 # local_time=2011-06-30 02:26:45 (-0800, Pacific Daylight Time) # country="United States" # lang=9 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=512 16777215 100 0 1546151 1546151 0 0 # compatibility_mode=768 16777215 100 0 12880289 12880289 0 0 # compatibility_mode=2560 16777215 100 0 0 0 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=229897 # found=4 # cleaned=4 # scan_time=9067 C:\Documents and Settings\Rick Ross\My Documents\Downloads\WhiteSmokeInstaller_9147.exe a variant of Win32/InstallCore.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Drivers&Downloads\registryfix.exe a variant of Win32/Adware.ErrorClean application (deleted - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{7D83713C-ADAB-4793-AA3D-B89DDB8C654A}\RP119\A0026535.exe a variant of Win32/InstallCore.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{7D83713C-ADAB-4793-AA3D-B89DDB8C654A}\RP119\A0026536.exe a variant of Win32/Adware.ErrorClean application (deleted - quarantined) 00000000000000000000000000000000 C Results of screen317's Security Check version 0.99.17 Windows XP Service Pack 3 Internet Explorer 8 `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Enabled! avast! Free Antivirus ESET Online Scanner v3 Antivirus up to date! (On Access scanning disabled!) ``````````````````````````````` Anti-malware/Other Utilities Check: Malwarebytes' Anti-Malware CCleaner Java 6 Update 23 Java 6 Update 3 Java 2 Runtime Environment, SE v1.4.2_05 Out of date Java installed! Adobe Flash Player 10.3.181.14 ```````````````````````````````` Process Check: objlist.exe by Laurent Alwil Software Avast5 AvastSvc.exe Alwil Software Avast5 avastUI.exe ``````````End of Log````````````
- June 30, 2011
- 18 replies
Searchqu invasion

ri4 replied to ri4's topic in Resolved Malware Removal Logs

ComboFix 11-06-26.01 - Rick Ross 06/26/2011 23:02:24.4.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1408 [GMT -7:00] Running from: c:\documents and settings\Rick Ross\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Rick Ross\Desktop\CFScript.txt AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\TEMP\logishrd\LVPrcInj01.dll N:\AUTORUN.INF . . ((((((((((((((((((((((((( Files Created from 2011-05-27 to 2011-06-27 ))))))))))))))))))))))))))))))) . . 2011-06-15 23:12 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys 2011-06-15 20:13 . 2001-08-17 20:28 762780 -c--a-w- c:\windows\system32\dllcache\3cwmcru.sys 2011-06-15 20:13 . 2001-08-17 21:06 11264 -c--a-w- c:\windows\system32\dllcache\1394vdbg.sys 2011-06-15 19:58 . 2001-08-17 21:56 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll 2011-06-15 18:48 . 2011-06-15 18:48 -------- d-----w- c:\program files\Common Files\Skype 2011-06-13 06:54 . 2011-06-15 18:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype Extras 2011-06-11 20:26 . 2011-06-11 20:26 -------- d-----w- c:\program files\Trend Micro 2011-06-11 19:20 . 2011-06-11 20:12 -------- d-----w- c:\program files\PC Health Optimizer Free Edition 2011-06-11 18:11 . 2010-07-16 21:59 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys 2011-06-11 18:11 . 2010-07-16 21:59 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys 2011-06-11 18:11 . 2011-01-17 16:10 251560 ----a-w- c:\windows\system32\drivers\pctgntdi.sys 2011-06-11 18:11 . 2010-12-10 23:57 160448 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys 2011-06-11 18:11 . 2010-12-10 20:24 239168 ----a-w- c:\windows\system32\drivers\PCTCore.sys 2011-06-11 18:11 . 2010-12-16 15:46 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys 2011-06-11 18:10 . 2011-06-11 18:58 -------- d-----w- c:\program files\PC Tools Security 2011-06-11 18:10 . 2011-06-11 18:15 -------- d-----w- c:\program files\Common Files\PC Tools 2011-06-11 18:10 . 2011-06-11 18:10 -------- d-----w- c:\documents and settings\Rick Ross\Application Data\PC Tools 2011-06-11 08:50 . 2011-06-11 08:50 -------- d-----w- c:\documents and settings\Rick Ross\Application Data\SUPERAntiSpyware.com 2011-06-11 08:50 . 2011-06-11 08:50 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2011-06-11 08:49 . 2011-06-11 08:50 -------- d-----w- c:\program files\SUPERAntiSpyware 2011-06-01 03:48 . 2011-06-01 03:49 -------- d-----w- C:\+to ipod 2011-05-29 02:01 . 2011-06-01 17:41 -------- d-----w- C:\MOVIES 2011-05-29 01:22 . 2011-05-29 01:22 -------- d-----w- c:\documents and settings\Rick Ross\Local Settings\Application Data\PackageAware . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-06-15 23:18 . 2005-01-25 19:08 118784 ----a-w- c:\windows\dsdxirmv.exe 2011-05-29 16:11 . 2011-01-22 01:12 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-05-29 16:11 . 2011-01-22 01:12 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-05-25 06:00 . 2011-05-25 06:00 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-05-10 12:10 . 2011-01-22 01:04 40112 ----a-w- c:\windows\avastSS.scr 2011-05-10 12:10 . 2011-01-22 01:04 199304 ----a-w- c:\windows\system32\aswBoot.exe 2011-05-10 12:03 . 2011-05-24 02:25 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-05-10 12:03 . 2011-01-22 01:04 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys 2011-05-10 12:02 . 2011-01-22 01:04 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2011-05-10 12:02 . 2011-01-22 01:04 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2011-05-10 12:02 . 2011-01-22 01:04 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys 2011-05-10 11:59 . 2011-01-22 01:04 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2011-05-10 11:59 . 2011-01-22 01:04 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2011-05-10 11:59 . 2011-01-22 01:04 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2011-05-02 15:31 . 2004-09-28 20:04 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-04-29 16:19 . 2004-09-28 19:54 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-04-25 16:11 . 2004-09-28 19:54 916480 ----a-w- c:\windows\system32\wininet.dll 2011-04-25 16:11 . 2004-09-28 19:54 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-04-25 16:11 . 2004-09-28 19:54 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2011-04-25 12:01 . 2004-09-28 19:54 385024 ----a-w- c:\windows\system32\html.iec 2011-04-21 13:37 . 2004-09-28 19:54 105472 ----a-w- c:\windows\system32\drivers\mup.sys 2011-04-13 22:40 . 2011-04-13 22:40 4284416 ----a-w- c:\windows\system32\GPhotos.scr 2001-10-05 19:53 . 2008-02-04 18:11 21866 ----a-w- c:\program files\Common Files\tppupd2k.dll 1998-02-09 09:59 . 2005-01-29 21:24 6416 ----a-w- c:\program files\FAC_PT63.EXE 2010-03-31 17:09 . 2010-03-31 17:09 10437264 ----a-w- c:\program files\mozilla firefox\plugins\PDFNetC.dll 2010-04-08 19:36 . 2010-04-08 19:36 107760 ----a-w- c:\program files\mozilla firefox\plugins\ScorchPDFWrapper.dll 2011-04-14 16:26 . 2011-06-12 02:51 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-05-10 12:10 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-28 68856] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-06-10 2424192] "AOL Fast Start"="c:\program files\AOL 9.1\AOL.EXE" [2008-11-06 50472] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672] "SoundMan"="SOUNDMAN.EXE" [2004-07-29 77824] "sHotKey"="c:\program files\SONY\sHotKey\sHotKey.exe" [2003-08-22 45056] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160] "avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-05-10 3459712] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "midi1"=usbmn2x2.dll "midi4"=usbns4x4.dll "midi3"=usbns4x4.dll "midi5"=usbns4x4.dll "midi7"=usbns4x4.dll "MIDI10"=vpnt.dll . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk] backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL 9.0 Tray-Symbol.lnk] backup=c:\windows\pss\AOL 9.0 Tray-Symbol.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Image Transfer.lnk] backup=c:\windows\pss\Image Transfer.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk] backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^Rick Ross^Start Menu^Programs^Startup^Launch Microsoft Office Outlook.lnk] backup=c:\windows\pss\Launch Microsoft Office Outlook.lnkStartup . [HKLM\~\startupfolder\C:^Documents and Settings^Rick Ross^Start Menu^Programs^Startup^M-Audio Quattro Control Panel Launcher.lnk] backup=c:\windows\pss\M-Audio Quattro Control Panel Launcher.lnkStartup . [HKLM\~\startupfolder\C:^Documents and Settings^Rick Ross^Start Menu^Programs^Startup^Picture Motion Browser Media Check Tool.lnk] backup=c:\windows\pss\Picture Motion Browser Media Check Tool.lnkStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] c:\windows\system32\dumprep 0 -k [X] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD] 2001-01-11 13:00 643072 ----a-w- c:\program files\Adaptec\Easy CD Creator 5\DirectCD\Directcd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2007-10-11 03:51 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start] 2008-11-06 11:42 50472 ----a-w- c:\program files\AOL 9.1\aol.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Spyware Protection] 2004-10-19 00:42 79448 ----a-w- c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer] 2006-10-23 12:50 71216 ----a-r- c:\program files\Common Files\AOL\ACS\AOLDial.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier] 2010-12-15 01:17 47904 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA] 2004-09-29 14:15 344064 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA] 2008-12-19 02:03 342848 ----a-w- c:\program files\DNA\btdna.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CreateCD50] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyLinkAdvisor] 2007-03-16 02:16 454784 ----a-w- c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray] 2005-08-05 20:56 64512 ----a-w- c:\windows\ehome\ehtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EverioService] 2006-11-23 04:10 151552 ------w- c:\program files\CyberLink\PCM4Everio\EverioService.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint] 2010-01-18 17:27 139944 ----a-w- c:\program files\Lexmark S300-S400 Series\ezprint.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk] 2007-01-01 21:22 3739648 ----a-w- c:\program files\Google\Google Talk\googletalk.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut] 2004-03-17 22:10 61952 ----a-w- c:\windows\system32\Hdaudpropshortcut.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager] 2007-05-25 17:16 42032 ----a-w- c:\program files\Common Files\AOL\1129216511\ee\aolsoftware.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility] 2003-01-31 02:55 196608 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif] 2004-03-23 19:16 135168 ----a-w- c:\program files\Intel\Intel Application Accelerator\IAAnotif.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2011-01-25 23:08 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager] 2008-08-15 00:11 565008 ----a-w- c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxeamon.exe] 2010-01-18 17:27 770728 ----a-w- c:\program files\Lexmark S300-S400 Series\lxeamon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaFace Integration] 2002-07-23 21:31 53248 ----a-w- c:\program files\Neato\MediaFACE 4.0\SetHook.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nero PhotoShow Media Manager] 2006-05-10 19:52 249856 ----a-w- c:\progra~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Omnipage] 2002-06-03 19:38 49152 ----a-w- c:\program files\ScanSoft\OmniPageSE\opware32.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-11-30 01:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray] 2008-03-27 03:14 214560 ----a-w- c:\program files\Real\RealPlayer\realplay.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2011-05-27 04:50 15147400 ----a-r- c:\program files\Skype\Phone\Skype.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sonic RecordNow!] 2004-06-22 15:02 1912832 ----a-w- c:\program files\Sonic\RecordNow!\RecordNow.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2008-05-28 02:37 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPP Auto Loader] 2001-10-05 19:54 118784 ----a-w- c:\windows\tppaldr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector v2] 2004-08-28 02:22 90112 ----a-w- c:\program files\Common Files\Ulead Systems\AutoDetector\Monitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Update 2] 2004-01-17 10:36 135168 ----a-w- c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Update 3] 2007-05-16 03:46 551032 ----a-w- c:\program files\Sony\VAIO Update 3\VAIOUpdt.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] 2005-07-15 21:48 479232 ----a-w- c:\program files\Google\Gmail Notifier\gnotify.exe . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Sony\\VAIO Media Integrated Server\\Platform\\SV_Httpd.exe"= "c:\\Program Files\\Sony\\VAIO Media Integrated Server\\Platform\\UPnPFramework.exe"= "c:\\Program Files\\Sony\\VAIO Media Integrated Server\\Platform\\VMConsole.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"= "c:\\Program Files\\AOL(DE) 9.0\\waol.exe"= "c:\\Program Files\\America Online 9.0\\waol.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\Common Files\\AOL\\1129216511\\ee\\aolsoftware.exe"= "c:\\Program Files\\Common Files\\AOL\\1129216511\\ee\\aim6.exe"= "c:\\Program Files\\America Online 9.0a\\waol.exe"= "c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"= "c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"= "c:\\Program Files\\Common Files\\AOL\\1129216511\\ee\\AOLServiceHost.exe"= "c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"= "c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"= "c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"= "c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"= "c:\\Program Files\\Sony\\Click to DVD 2\\CtoDvd.exe"= "c:\\Program Files\\CyberLink\\PCM4Everio\\PCM4Everio.exe"= "c:\\Program Files\\CyberLink\\PCM4Everio\\EverioService.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\Google\\Google Talk\\googletalk.exe"= "c:\\Program Files\\DNA\\btdna.exe"= "c:\\Program Files\\AOL 9.0\\waol.exe"= "c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"= "c:\\WINDOWS\\system32\\fxsclnt.exe"= "c:\\Program Files\\AOL 9.1\\waol.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\WINDOWS\\system32\\lxeacoms.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Documents and Settings\\Rick Ross\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"= "c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= . R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [6/11/2011 11:11 AM 239168] R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [6/11/2011 11:11 AM 338880] R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [6/11/2011 11:11 AM 656320] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [5/23/2011 7:25 PM 441176] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [1/21/2011 6:04 PM 307928] R1 GearAspiSys;GearAspiSys;c:\windows\system32\drivers\GEARASPISYS.SYS [11/5/2005 11:22 AM 53412] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 11:41 AM 67656] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1/21/2011 6:04 PM 19544] R2 lxea_device;lxea_device;c:\windows\system32\lxeacoms.exe -service --> c:\windows\system32\lxeacoms.exe -service [?] R2 lxeaCATSCustConnectService;lxeaCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxeaserv.exe [5/29/2010 1:56 PM 98984] R2 QuattroInstallerService;Quattro Installer;c:\program files\M-Audio USB Quattro\Install\QuatInst.exe [2/14/2005 12:05 PM 86016] R2 SBKUPNT;SBKUPNT;c:\windows\system32\drivers\SBKUPNT.SYS [10/9/2008 12:27 PM 14976] R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools Security\pctsAuxs.exe [6/11/2011 11:10 AM 366840] R3 USBMN2X2;M-Audio USB MidiSport 2x2;c:\windows\system32\drivers\usbmn2x2.sys [1/22/2005 6:41 PM 22304] R3 X10Hid;X10 Hid Device;c:\windows\system32\drivers\x10hid.sys [3/24/2008 2:41 PM 7040] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/8/2010 1:04 AM 135664] S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/8/2010 1:04 AM 135664] S3 m763001b;M-Audio Quattro Base Driver;c:\windows\system32\drivers\m763001b.sys [1/22/2005 6:34 PM 9216] S3 m763001d;M-Audio Quattro Legacy Driver;c:\windows\system32\drivers\m763001d.sys [1/22/2005 6:34 PM 6656] S3 ma763001;M-Audio Quattro;c:\windows\system32\drivers\MA763001.sys [1/22/2005 6:34 PM 41856] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1/21/2011 6:12 PM 22712] S3 PL-40R;CASIO USB MIDI;c:\windows\system32\drivers\pl40rwdm.sys [5/3/2009 5:12 PM 18048] S3 USB22LDR;M-Audio USB MidiSport 2x2 Loader;c:\windows\system32\drivers\usb22ldr.sys [1/22/2005 6:41 PM 14272] S3 USBNS4X4;M-Audio USB Quattro Midi;c:\windows\system32\drivers\usbns4x4.sys [1/22/2005 6:34 PM 22368] S4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1/21/2011 6:12 PM 366640] S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [12/29/2007 12:26 PM 24652] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] getPlusHelper REG_MULTI_SZ getPlusHelper . Contents of the 'Scheduled Tasks' folder . 2011-06-21 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-12 19:34] . 2011-06-27 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 19:20] . 2011-06-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-08 08:04] . 2011-06-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-08 08:04] . 2011-06-27 c:\windows\Tasks\User_Feed_Synchronization-{A04A00E0-C5DA-4502-A5D0-ABBF91C9B966}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 12:31] . . ------- Supplementary Scan ------- . uDefault_Search_URL = hxxp://search.msn.com uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 IE: &AOL Toolbar Search - c:\documents and settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 DPF: {4EC8E993-32C1-47F5-A07A-5B0574655AD4} - hxxp://us.dl1.yimg.com/download.yahoo.com/dl/controls/ysftcntr/ysftcntr_current.cab FF - ProfilePath - . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-06-26 23:29 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(828) c:\program files\SUPERAntiSpyware\SASWINLO.DLL c:\windows\system32\WININET.dll . - - - - - - - > 'lsass.exe'(884) c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll . - - - - - - - > 'explorer.exe'(4188) c:\windows\system32\WININET.dll c:\windows\TEMP\logishrd\LVPrcInj01.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\program files\Common Files\aolshare\aolshcpy.dll c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\Ati2evxx.exe c:\program files\Alwil Software\Avast5\AvastSvc.exe c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe c:\program files\Common Files\AOL\ACS\AOLAcsd.exe c:\program files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe c:\windows\eHome\ehRecvr.exe c:\windows\eHome\ehSched.exe c:\program files\Intel\Intel Application Accelerator\iaantmon.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\lxeacoms.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\CyberLink\Shared Files\RichVideo.exe c:\program files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe c:\program files\Sony\Sony TV Tuner Library\SMceMan.exe c:\program files\Sony\VAIO Media Integrated Server\VMISrv.exe c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe c:\windows\wanmpsvc.exe c:\windows\system32\MsPMSPSv.exe c:\windows\ehome\mcrdsvc.exe c:\program files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe c:\program files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe c:\windows\system32\dllhost.exe c:\program files\Sony\Sony TV Tuner Library\RM_SV.exe c:\windows\system32\wscntfy.exe c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe c:\windows\SOUNDMAN.EXE c:\program files\AOL 9.1\waol.exe c:\program files\iPod\bin\iPodService.exe c:\program files\Common Files\Java\Java Update\jucheck.exe c:\program files\AOL 9.1\shellmon.exe . ************************************************************************** . Completion time: 2011-06-26 23:44:15 - machine was rebooted ComboFix-quarantined-files.txt 2011-06-27 06:44 ComboFix2.txt 2011-06-16 05:58 ComboFix3.txt 2011-06-10 18:22 ComboFix4.txt 2011-06-08 22:41 . Pre-Run: 47,897,325,568 bytes free Post-Run: 47,928,807,424 bytes free . - - End Of File - - C11DF9AE6079668A354E2E2005A3B024 . DDS (Ver_2011-06-02.03) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23 Run by Rick Ross at 23:45:32 on 2011-06-26 . ============== Running Processes =============== . C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Alwil Software\Avast5\AvastSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxeaserv.exe C:\WINDOWS\system32\lxeacoms.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\M-Audio USB Quattro\Install\QuatInst.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\Program Files\PC Tools Security\pctsAuxs.exe C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\WINDOWS\ehome\mcrdsvc.exe C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\SONY\sHotKey\sHotKey.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Alwil Software\Avast5\avastUI.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\AOL 9.1\waol.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Java\Java Update\jucheck.exe C:\Program Files\AOL 9.1\shellmon.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Documents and Settings\Rick Ross\Desktop\dds.com C:\WINDOWS\system32\svchost.exe -k DcomLaunch C:\WINDOWS\system32\svchost.exe -k rpcss C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\System32\svchost.exe -k HTTPFilter . ============== Pseudo HJT Report =============== . uDefault_Search_URL = hxxp://search.msn.com uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll BHO: AOL Toolbar Loader: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol toolbar\aoltb.dll BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll BHO: 1 (0x1) - No File BHO: Lexmark Printable Web: {d2c5e510-be6d-42cc-9f61-e4f939078474} - c:\program files\lexmark printable web\bho.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol toolbar\aoltb.dll TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File TB: {6ADB0F93-1AA5-4BCF-9DF4-CEA689A3C111} - No File EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe uRun: [AOL Fast Start] "c:\program files\aol 9.1\AOL.EXE" -b mRun: [VAIO Recovery] c:\windows\sonysys\vaio recovery\PartSeal.exe mRun: [soundMan] SOUNDMAN.EXE mRun: [sHotKey] "c:\program files\sony\shotkey\sHotKey.exe" mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [avast] "c:\program files\alwil software\avast5\avastUI.exe" /nogui dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t IE: &AOL Toolbar Search - c:\documents and settings\all users\application data\aol\ietoolbar\resources\en-us\local\search.html IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html IE: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll DPF: {00000055-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/fhg.CAB DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} - hxxp://esupport.sony.com/VaioInfo.CAB DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/OAS/ActiveX/MSDcode.cab DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - hxxp://www.kaspersky.com/downloads/kws/kavwebscan.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} - hxxp://musicstore.connect.com/assets/activexplayer/SMALStreaming.cab DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} - hxxp://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cab DPF: {474F00F5-3853-492C-AC3A-476512BBC336} - hxxp://picasaweb.google.com/s/v/32.70/uploader2.cab DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - hxxp://aolcc.aol.com/computercheckup/qdiagcc.cab DPF: {4EC8E993-32C1-47F5-A07A-5B0574655AD4} - hxxp://us.dl1.yimg.com/download.yahoo.com/dl/controls/ysftcntr/ysftcntr_current.cab DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1140818082843 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 TCP: Interfaces\{C3C77818-ACF1-43AD-84ED-E3A61B2EABAF} : DhcpNameServer = 209.18.47.61 209.18.47.62 Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll . ================= FIREFOX =================== . FF - ProfilePath - . ============= SERVICES / DRIVERS =============== . R? gupdate;Google Update Service (gupdate) R? gupdatem;Google Update Service (gupdatem) R? m763001b;M-Audio Quattro Base Driver R? m763001d;M-Audio Quattro Legacy Driver R? ma763001;M-Audio Quattro R? MBAMProtector;MBAMProtector R? MBAMService;MBAMService R? PL-40R;CASIO USB MIDI R? sdCoreService;PC Tools Security Service R? USB22LDR;M-Audio USB MidiSport 2x2 Loader R? USBNS4X4;M-Audio USB Quattro Midi R? Viewpoint Manager Service;Viewpoint Manager Service S? aswFsBlk;aswFsBlk S? aswSnx;aswSnx S? aswSP;aswSP S? avast! Antivirus;avast! Antivirus S? GearAspiSys;GearAspiSys S? lxea_device;lxea_device S? lxeaCATSCustConnectService;lxeaCATSCustConnectService S? McrdSvc;Media Center Extender Service S? PCTCore;PCTools KDS S? pctDS;PC Tools Data Store S? pctEFA;PC Tools Extended File Attributes S? QuattroInstallerService;Quattro Installer S? SASDIFSV;SASDIFSV S? SASKUTIL;SASKUTIL S? SBKUPNT;SBKUPNT S? sdAuxService;PC Tools Auxiliary Service S? USBMN2X2;M-Audio USB MidiSport 2x2 S? X10Hid;X10 Hid Device . =============== Created Last 30 ================ . 2011-06-15 23:12:17 105472 -c----w- c:\windows\system32\dllcache\mup.sys 2011-06-15 20:13:20 762780 -c--a-w- c:\windows\system32\dllcache\3cwmcru.sys 2011-06-15 20:13:19 11264 -c--a-w- c:\windows\system32\dllcache\1394vdbg.sys 2011-06-15 19:58:18 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll 2011-06-13 06:54:19 -------- d-----w- c:\documents and settings\all users\application data\Skype Extras 2011-06-11 20:26:29 -------- d-----w- c:\program files\Trend Micro 2011-06-11 19:20:58 -------- d-----w- c:\program files\PC Health Optimizer Free Edition 2011-06-11 18:11:26 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys 2011-06-11 18:11:26 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys 2011-06-11 18:11:24 251560 ----a-w- c:\windows\system32\drivers\pctgntdi.sys 2011-06-11 18:11:18 239168 ----a-w- c:\windows\system32\drivers\PCTCore.sys 2011-06-11 18:11:18 160448 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys 2011-06-11 18:11:06 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys 2011-06-11 18:10:53 -------- d-----w- c:\program files\PC Tools Security 2011-06-11 18:10:53 -------- d-----w- c:\program files\common files\PC Tools 2011-06-11 18:10:53 -------- d-----w- c:\documents and settings\rick ross\application data\PC Tools 2011-06-11 08:50:19 -------- d-----w- c:\documents and settings\rick ross\application data\SUPERAntiSpyware.com 2011-06-11 08:50:19 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com 2011-06-11 08:49:52 -------- d-----w- c:\program files\SUPERAntiSpyware 2011-06-08 22:02:00 -------- d-sha-r- C:\cmdcons 2011-06-08 21:57:29 98816 ----a-w- c:\windows\sed.exe 2011-06-08 21:57:29 518144 ----a-w- c:\windows\SWREG.exe 2011-06-08 21:57:29 256512 ----a-w- c:\windows\PEV.exe 2011-06-08 21:57:29 208896 ----a-w- c:\windows\MBR.exe 2011-06-02 05:57:49 -------- d--h--w- c:\documents and settings\rick ross\Recent(3) 2011-06-01 23:00:48 -------- d--h--w- c:\documents and settings\rick ross\Recent(2) 2011-06-01 03:48:08 -------- d-----w- C:\+to ipod 2011-05-29 02:01:12 -------- d-----w- C:\MOVIES 2011-05-29 01:22:04 -------- d-----w- c:\documents and settings\rick ross\local settings\application data\PackageAware . ==================== Find3M ==================== . 2011-06-15 23:18:51 118784 ----a-w- c:\windows\dsdxirmv.exe 2011-05-29 16:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-05-29 16:11:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-05-25 06:00:27 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-05-10 12:10:59 40112 ----a-w- c:\windows\avastSS.scr 2011-05-10 12:03:54 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-05-02 15:31:52 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-04-29 16:19:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-04-25 16:11:12 916480 ----a-w- c:\windows\system32\wininet.dll 2011-04-25 16:11:11 43520 ----a-w- c:\windows\system32\licmgr10.dll 2011-04-25 16:11:11 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2011-04-25 12:01:22 385024 ----a-w- c:\windows\system32\html.iec 2011-04-21 13:37:43 105472 ----a-w- c:\windows\system32\drivers\mup.sys 2011-04-13 22:40:10 4284416 ----a-w- c:\windows\system32\GPhotos.scr 2001-10-05 19:53:04 21866 ----a-w- c:\program files\common files\tppupd2k.dll 1998-02-09 09:59:18 6416 ----a-w- c:\program files\FAC_PT63.EXE . ============= FINISH: 23:47:23.46 =============== . ==== Installed Programs ====================== . Adobe Acrobat - Reader 6.0.2 Update Adobe Acrobat 6.0 Professional Adobe Download Manager Adobe Download Manager 1.2 (Remove Only) Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Photoshop Album 2.0 Starter Edition Adobe Photoshop Elements 2.0 Adobe Premiere Standard Adobe Reader 6.0.1 Adobe Reader 8.1.2 Security Update 1 (KB403742) Adobe Reader 8.1.4 AOL Deutschland AOL Setup AOL Toolbar AOL Uninstaller (Choose which Products to Remove) Apple Application Support Apple Mobile Device Support Apple Software Update ArcSoft PhotoBase 3 ATI - Software Uninstall Utility ATI Control Panel ATI Display Driver AutoUpdate avast! Free Antivirus Bing Maps 3D Bonjour BRAVO2 FIRMWARE UPDATER Cakewalk Pyro 1.5 Cakewalk VST Adapter 4 Canon CanoScan Toolbox 4.1 CCleaner Click to DVD 2.0 Menu Data Click to DVD 2.4.12 Click to DVD 2.5.32 CraigsPalFree version 3.08 Critical Update for Windows Media Player 11 (KB959772) Digital Photo Navigator 1.5 DivX DivX Player DreamStation DXi2 Drivers Install For Linksys Easylink Advisor DVgate Plus Easy CD Creator 5 Platinum Free CD to MP3 Converter Google Chrome Google Earth Plug-in Google Gmail Notifier Google Talk (remove only) Google Talk Plugin Google Toolbar for Internet Explorer Google Update Helper High-Speed Internet Options High Definition Audio Driver Package - KB835221 Highlight Viewer (Windows Live Toolbar) HiJackThis Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows Internet Explorer 7 (KB947864) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 10 (KB903157) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB2443685) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB981793) Image Transfer ImageMixer for Sony Intel Application Accelerator Intel® PRO Network Adapters and Drivers InterVideo WinDVD 5 for VAIO iTunes J2SE Runtime Environment 5.0 Update 4 J2SE Runtime Environment 5.0 Update 6 Java 2 Runtime Environment, SE v1.4.2_05 Java Auto Updater Java 6 Update 23 Java 6 Update 3 Lexmark Printable Web Lexmark S300-S400 Series Lexmark Toolbar Linksys EasyLink Advisor 1.6 (0032) Logitech Legacy USB Camera Driver Package Logitech QuickCam Macromedia Shockwave Player Malwarebytes' Anti-Malware version 1.51.0.1200 Manual CanoScan 3000,3000F Map Button (Windows Live Toolbar) MD Simple Burner 2.0.05 MediaFACE 4.0 Memory Stick Formatter Microsoft .NET Framework 1.0 Hotfix (KB953295) Microsoft .NET Framework 1.0 Hotfix (KB979904) Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2416447) Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft Application Error Reporting Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Data Access Components KB870669 Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Office Professional Edition 2003 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Works MicroStaff WINASPI MobileMe Control Panel MoodLogic Movielink eHome version 1.1 Mozilla Firefox 4.0.1 (x86 en-US) MP3 Wav Editor 2.4 MSXML 4.0 SP2 (KB925672) MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Neato MediaFACE 4.0 Nero PhotoShow Express 4 neroxml Netflix Movie Viewer OmniPage SE OpenMG Limited Patch 4.7-07-14-05-01 OpenMG Metadata Extractor for Windows Media Player OpenMG Secure Module 4.4.00 OpenMG Secure Module 4.7.00 PC Health Optimizer Free Edition Picasa 3 PowerCinema NE for Everio PowerDirector Express PowerProducer PrimoDVD (English) Quicken 2008 QuickTime RealPlayer Realtek High Definition Audio Driver Rhapsody Player Engine Safari Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 2.0 (KB928365) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473) Security Update for Step By Step Interactive Training (KB898458) Security Update for Step By Step Interactive Training (KB923723) Security Update for Windows Internet Explorer 7 (KB929969) Security Update for Windows Internet Explorer 7 (KB931768) Security Update for Windows Internet Explorer 7 (KB933566) Security Update for Windows Internet Explorer 7 (KB937143) Security Update for Windows Internet Explorer 7 (KB938127) Security Update for Windows Internet Explorer 7 (KB939653) Security Update for Windows Internet Explorer 7 (KB942615) Security Update for Windows Internet Explorer 7 (KB944533) Security Update for Windows Internet Explorer 7 (KB950759) Security Update for Windows Internet Explorer 8 (KB2416400) Security Update for Windows Internet Explorer 8 (KB2482017) Security Update for Windows Internet Explorer 8 (KB2497640) Security Update for Windows Internet Explorer 8 (KB2510531) Security Update for Windows Internet Explorer 8 (KB2530548) Security Update for Windows Internet Explorer 8 (KB2544521) Security Update for Windows Internet Explorer 8 (KB971961) Security Update for Windows Internet Explorer 8 (KB981332) Security Update for Windows Internet Explorer 8 (KB982381) Security Update for Windows Media Player (KB2378111) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player (KB978695) Security Update for Windows Media Player 10 (KB911565) Security Update for Windows Media Player 10 (KB917734) Security Update for Windows Media Player 11 (KB936782) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows XP (KB2079403) Security Update for Windows XP (KB2115168) Security Update for Windows XP (KB2121546) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB2259922) Security Update for Windows XP (KB2286198) Security Update for Windows XP (KB2296011) Security Update for Windows XP (KB2296199) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB2360937) Security Update for Windows XP (KB2387149) Security Update for Windows XP (KB2393802) Security Update for Windows XP (KB2412687) Security Update for Windows XP (KB2419632) Security Update for Windows XP (KB2423089) Security Update for Windows XP (KB2436673) Security Update for Windows XP (KB2440591) Security Update for Windows XP (KB2443105) Security Update for Windows XP (KB2476490) Security Update for Windows XP (KB2476687) Security Update for Windows XP (KB2478960) Security Update for Windows XP (KB2478971) Security Update for Windows XP (KB2479628) Security Update for Windows XP (KB2481109) Security Update for Windows XP (KB2483185) Security Update for Windows XP (KB2485376) Security Update for Windows XP (KB2485663) Security Update for Windows XP (KB2491683) Security Update for Windows XP (KB2503658) Security Update for Windows XP (KB2503665) Security Update for Windows XP (KB2506212) Security Update for Windows XP (KB2506223) Security Update for Windows XP (KB2507618) Security Update for Windows XP (KB2508272) Security Update for Windows XP (KB2508429) Security Update for Windows XP (KB2509553) Security Update for Windows XP (KB2511455) Security Update for Windows XP (KB2524375) Security Update for Windows XP (KB2535512) Security Update for Windows XP (KB2536276) Security Update for Windows XP (KB2544893) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951066) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951698) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956841) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971468) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975561) Security Update for Windows XP (KB975562) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979559) Security Update for Windows XP (KB979683) Security Update for Windows XP (KB979687) Security Update for Windows XP (KB980195) Security Update for Windows XP (KB980218) Security Update for Windows XP (KB980232) Security Update for Windows XP (KB980436) Security Update for Windows XP (KB981322) Security Update for Windows XP (KB981852) Security Update for Windows XP (KB981997) Security Update for Windows XP (KB982132) Security Update for Windows XP (KB982214) Security Update for Windows XP (KB982665) Sibelius Scorch (ActiveX Only) Sibelius Scorch (Firefox, Opera, Netscape only) Skype Toolbars Skype™ 5.3 Smart Menus (Windows Live Toolbar) SONAR 7 Studio Edition Sonic Encoders Sonic RecordNow! SonicStage 4.3 SonicStage Mastering Studio 1.4 SonicStage Mastering Studio Audio Filter SonicStage Mastering Studio Plugins 1.3 Sony Certificate PCH Sony Download Taxi 1.5.0.0 Sony Picture Utility Sony TV Tuner Library 1.0 Sony USB Driver Sony Video Shared Library Spyware Doctor 8.0 SUPERAntiSpyware SureThing CD Labeler Primera Edition 5 TPP Storage Driver Installation Ulead PhotoImpact 10 ESD Update for Windows Internet Explorer 8 (KB976662) Update for Windows Media Player 10 (KB913800) Update for Windows XP (KB2141007) Update for Windows XP (KB2345886) Update for Windows XP (KB2467659) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971029) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) Update Rollup 2 for Windows XP Media Center Edition 2005 USB Storage Adapter (TPP) USB Storage Adapter V2 (TPP) USB Storage Adapter V3 (TPP) VAIO Edit Components VAIO Entertainment Platform VAIO Help and Support VAIO Media 4.0 VAIO Media Integrated Server 4.1 VAIO Media Redistribution 4.0 VAIO Media Registration Tool 4.0 VAIO Registration VAIO SLIT-C Screen Saver VAIO SLIT Pattern Wallpaper VAIO Survey Standalone VAIO System Information VAIO Update 2 VAIO Update 3 Viewpoint Manager (Remove Only) Viewpoint Media Player WavePad Uninstall WebFldrs XP Welcome to VAIO life Windows Defender Signatures Windows Genuine Advantage Notifications (KB905474) Windows Genuine Advantage v1.3.0254.0 Windows Genuine Advantage Validation Tool (KB892130) Windows Imaging Component Windows Installer Clean Up Windows Internet Explorer 7 Windows Internet Explorer 8 Windows Live Favorites for Windows Live Toolbar Windows Live installer Windows Live Mail Windows Live OneCare safety scanner Windows Live Photo Gallery Windows Live Sign-in Assistant Windows Live Toolbar Windows Live Toolbar Extension (Windows Live Toolbar) Windows Live Writer Windows Media Format 11 runtime Windows Media Player 10 Hotfix [see KB886612 for more information] Windows Media Player 11 Windows Media Player Firefox Plugin Windows Vista Upgrade Advisor Windows XP Media Center Edition 2005 KB2502898 Windows XP Media Center Edition 2005 KB925766 Windows XP Media Center Edition 2005 KB973768 Windows XP Service Pack 3 WinRAR archiver WinZip . ==== End Of File ===========================
- June 27, 2011
- 18 replies
Searchqu invasion

ri4 replied to ri4's topic in Resolved Malware Removal Logs

OK here you go.. Thanks SystemLook 04.09.10 by jpshortstuff Log created at 10:32 on 23/06/2011 by Rick Ross Administrator - Elevation successful ========== regfind ========== Searching for "searchqu" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}] "URL"="http://www.searchqu.com/web?src=ieb&systemid=406&q={searchTerms}" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}] "SuggestionsURL_JSON"="http://www.searchqu.com/suggest.php?src=ieb&systemid=406&qu={searchTerms}&ft=json" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard\CurVer] @="SearchQUIEHelper.UrlHelper.1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}\1.0] @="SearchQUIEBHO 1.0 Type Library" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}] "URL"="http://www.searchqu.com/web?src=ieb&systemid=406&q={searchTerms}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}] "SuggestionsURL_JSON"="http://www.searchqu.com/suggest.php?src=ieb&systemid=406&qu={searchTerms}&ft=json" [HKEY_USERS\S-1-5-21-3601482034-2425735451-1963320471-1004\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}] "URL"="http://www.searchqu.com/web?src=ieb&systemid=406&q={searchTerms}" [HKEY_USERS\S-1-5-21-3601482034-2425735451-1963320471-1004\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}] "SuggestionsURL_JSON"="http://www.searchqu.com/suggest.php?src=ieb&systemid=406&qu={searchTerms}&ft=json" ========== filefind ========== Searching for "searchqu" No files found. -= EOF =-
- June 23, 2011
- 18 replies
Searchqu invasion

ri4 replied to ri4's topic in Resolved Malware Removal Logs

Thank You Chris, Here is the SystemLook log: SystemLook 04.09.10 by jpshortstuff Log created at 13:36 on 20/06/2011 by Rick Ross Administrator - Elevation successful ========== regfind ========== Searching for "searchqu" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}] "URL"="http://www.searchqu.com/web?src=ieb&systemid=406&q={searchTerms}" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}] "SuggestionsURL_JSON"="http://www.searchqu.com/suggest.php?src=ieb&systemid=406&qu={searchTerms}&ft=json" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard\CurVer] @="SearchQUIEHelper.UrlHelper.1" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}\1.0] @="SearchQUIEBHO 1.0 Type Library" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}] "URL"="http://www.searchqu.com/web?src=ieb&systemid=406&q={searchTerms}" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}] "SuggestionsURL_JSON"="http://www.searchqu.com/suggest.php?src=ieb&systemid=406&qu={searchTerms}&ft=json" [HKEY_USERS\S-1-5-21-3601482034-2425735451-1963320471-1004\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}] "URL"="http://www.searchqu.com/web?src=ieb&systemid=406&q={searchTerms}" [HKEY_USERS\S-1-5-21-3601482034-2425735451-1963320471-1004\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}] "SuggestionsURL_JSON"="http://www.searchqu.com/suggest.php?src=ieb&systemid=406&qu={searchTerms}&ft=json" Invalid Context: fildfind No Context: searchqu -= EOF =-
- June 20, 2011
- 18 replies
Searchqu invasion

ri4 replied to ri4's topic in Resolved Malware Removal Logs

Sorry I misinterpreted your last reply and began to work on finding a remedy on my own. I have removed the utorrent which I have no use for. I am out of town frequently but hope to hear back from you and reply as quickly as I can to clean this system. Here is where things stand: My normal toolbar had been replaced with an unwanted toolbar called searchqu. Every time I opened the browser or use the searchbar, I would get an alert from Malwarebytes stating it has successfully blocked access to a potentially malicious website 202.232.22.60. I tried to use system restore to return settings to several different points before I had this problem, but the utility always stalls , reboots , then says restore was unsuccessful. I am afraid that this is an infection that will worsen over time. I also tried to several different virus, malware and spyware scans. MBAM,Avast,PCHealth,Combofix, Eusing Registry Fix and more... I even ran them in safe mode. I ran Hijackthis, but don't know what to do with it. OTL showed me some Folders that had searchqu in their names, so I deleted those. I no longer get the alert from MBAM. But now when I try to open Firefox, I get a message that Firefox is already running. I uninstalled and reinstalled Firefox, but I still cant use that browser. I am able to use Google Chrome and IE, but IE still tells me that Searchqu is my default. I know just enough to get myself in trouble so I thought I would ask you for help before I mess up something trying to fix it on my own. I hope I'm not too late. Can you please help me regain the use of System Restore and clean up whatever's bugging my computer? Another of my favorite programs called Sonar4 now gives me a error message and tells me to reinstall. I did that and I still get the same error message. I'd like to get Firefox working again, too. Thanks. ComboFix 11-06-15.02 - Rick Ross 06/15/2011 16:55:42.3.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1084 [GMT -7:00] Running from: c:\documents and settings\Rick Ross\My Documents\Downloads\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\TEMP\logishrd\LVPrcInj01.dll . . ((((((((((((((((((((((((( Files Created from 2011-05-16 to 2011-06-16 ))))))))))))))))))))))))))))))) . . 2011-06-15 20:13 . 2001-08-17 20:28 762780 -c--a-w- c:\windows\system32\dllcache\3cwmcru.sys 2011-06-15 20:13 . 2001-08-17 21:06 11264 -c--a-w- c:\windows\system32\dllcache\1394vdbg.sys 2011-06-15 19:58 . 2001-08-17 21:56 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll 2011-06-15 18:48 . 2011-06-15 18:48 -------- d-----w- c:\program files\Common Files\Skype 2011-06-13 06:54 . 2011-06-15 18:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype Extras 2011-06-11 20:26 . 2011-06-11 20:26 -------- d-----w- c:\program files\Trend Micro 2011-06-11 19:20 . 2011-06-11 20:12 -------- d-----w- c:\program files\PC Health Optimizer Free Edition 2011-06-11 18:11 . 2010-07-16 21:59 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys 2011-06-11 18:11 . 2010-07-16 21:59 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys 2011-06-11 18:11 . 2011-01-17 16:10 251560 ----a-w- c:\windows\system32\drivers\pctgntdi.sys 2011-06-11 18:11 . 2010-12-10 23:57 160448 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys 2011-06-11 18:11 . 2010-12-10 20:24 239168 ----a-w- c:\windows\system32\drivers\PCTCore.sys 2011-06-11 18:11 . 2010-12-16 15:46 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys 2011-06-11 18:10 . 2011-06-11 18:58 -------- d-----w- c:\program files\PC Tools Security 2011-06-11 18:10 . 2011-06-11 18:15 -------- d-----w- c:\program files\Common Files\PC Tools 2011-06-11 18:10 . 2011-06-11 18:10 -------- d-----w- c:\documents and settings\Rick Ross\Application Data\PC Tools 2011-06-11 08:50 . 2011-06-11 08:50 -------- d-----w- c:\documents and settings\Rick Ross\Application Data\SUPERAntiSpyware.com 2011-06-11 08:50 . 2011-06-11 08:50 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com 2011-06-11 08:49 . 2011-06-11 08:50 -------- d-----w- c:\program files\SUPERAntiSpyware 2011-06-01 03:48 . 2011-06-01 03:49 -------- d-----w- C:\+to ipod 2011-05-29 02:01 . 2011-06-01 17:41 -------- d-----w- C:\MOVIES 2011-05-29 01:22 . 2011-05-29 01:22 -------- d-----w- c:\documents and settings\Rick Ross\Local Settings\Application Data\PackageAware 2011-05-25 06:00 . 2011-05-25 06:00 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-05-24 02:25 . 2011-05-10 12:03 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-05-18 18:36 . 2011-05-18 18:36 -------- d-----w- c:\documents and settings\Rick Ross\Application Data\Sibelius Software 2011-05-18 17:52 . 2011-05-18 17:52 -------- d-----w- c:\program files\Sibelius Software . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-06-15 23:18 . 2005-01-25 19:08 118784 ----a-w- c:\windows\dsdxirmv.exe 2011-05-29 16:11 . 2011-01-22 01:12 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-05-29 16:11 . 2011-01-22 01:12 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-05-10 12:10 . 2011-01-22 01:04 40112 ----a-w- c:\windows\avastSS.scr 2011-05-10 12:10 . 2011-01-22 01:04 199304 ----a-w- c:\windows\system32\aswBoot.exe 2011-05-10 12:03 . 2011-01-22 01:04 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys 2011-05-10 12:02 . 2011-01-22 01:04 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2011-05-10 12:02 . 2011-01-22 01:04 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2011-05-10 12:02 . 2011-01-22 01:04 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys 2011-05-10 11:59 . 2011-01-22 01:04 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2011-05-10 11:59 . 2011-01-22 01:04 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2011-05-10 11:59 . 2011-01-22 01:04 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2011-04-13 22:40 . 2011-04-13 22:40 4284416 ----a-w- c:\windows\system32\GPhotos.scr 2001-10-05 19:53 . 2008-02-04 18:11 21866 ----a-w- c:\program files\Common Files\tppupd2k.dll 1998-02-09 09:59 . 2005-01-29 21:24 6416 ----a-w- c:\program files\FAC_PT63.EXE 2010-03-31 17:09 . 2010-03-31 17:09 10437264 ----a-w- c:\program files\mozilla firefox\plugins\PDFNetC.dll 2010-04-08 19:36 . 2010-04-08 19:36 107760 ----a-w- c:\program files\mozilla firefox\plugins\ScorchPDFWrapper.dll 2011-04-14 16:26 . 2011-06-12 02:51 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-05-10 12:10 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-28 68856] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-06-10 2424192] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672] "SoundMan"="SOUNDMAN.EXE" [2004-07-29 77824] "sHotKey"="c:\program files\SONY\sHotKey\sHotKey.exe" [2003-08-22 45056] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160] "avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-05-10 3459712] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "midi1"=usbmn2x2.dll "midi4"=usbns4x4.dll "midi3"=usbns4x4.dll "midi5"=usbns4x4.dll "midi7"=usbns4x4.dll "MIDI10"=vpnt.dll . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk] backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL 9.0 Tray-Symbol.lnk] backup=c:\windows\pss\AOL 9.0 Tray-Symbol.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Image Transfer.lnk] backup=c:\windows\pss\Image Transfer.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk] backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^Rick Ross^Start Menu^Programs^Startup^Launch Microsoft Office Outlook.lnk] backup=c:\windows\pss\Launch Microsoft Office Outlook.lnkStartup . [HKLM\~\startupfolder\C:^Documents and Settings^Rick Ross^Start Menu^Programs^Startup^M-Audio Quattro Control Panel Launcher.lnk] backup=c:\windows\pss\M-Audio Quattro Control Panel Launcher.lnkStartup . [HKLM\~\startupfolder\C:^Documents and Settings^Rick Ross^Start Menu^Programs^Startup^Picture Motion Browser Media Check Tool.lnk] backup=c:\windows\pss\Picture Motion Browser Media Check Tool.lnkStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] c:\windows\system32\dumprep 0 -k [X] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD] 2001-01-11 13:00 643072 ----a-w- c:\program files\Adaptec\Easy CD Creator 5\DirectCD\Directcd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2007-10-11 03:51 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start] 2008-11-06 11:42 50472 ----a-w- c:\program files\AOL 9.1\aol.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Spyware Protection] 2004-10-19 00:42 79448 ----a-w- c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer] 2006-10-23 12:50 71216 ----a-r- c:\program files\Common Files\AOL\ACS\AOLDial.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier] 2010-12-15 01:17 47904 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA] 2004-09-29 14:15 344064 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA] 2008-12-19 02:03 342848 ----a-w- c:\program files\DNA\btdna.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CreateCD50] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyLinkAdvisor] 2007-03-16 02:16 454784 ----a-w- c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray] 2005-08-05 20:56 64512 ----a-w- c:\windows\ehome\ehtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EverioService] 2006-11-23 04:10 151552 ------w- c:\program files\CyberLink\PCM4Everio\EverioService.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint] 2010-01-18 17:27 139944 ----a-w- c:\program files\Lexmark S300-S400 Series\ezprint.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk] 2007-01-01 21:22 3739648 ----a-w- c:\program files\Google\Google Talk\googletalk.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut] 2004-03-17 22:10 61952 ----a-w- c:\windows\system32\Hdaudpropshortcut.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager] 2007-05-25 17:16 42032 ----a-w- c:\program files\Common Files\AOL\1129216511\ee\aolsoftware.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility] 2003-01-31 02:55 196608 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif] 2004-03-23 19:16 135168 ----a-w- c:\program files\Intel\Intel Application Accelerator\IAAnotif.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2011-01-25 23:08 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager] 2008-08-15 00:11 565008 ----a-w- c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxeamon.exe] 2010-01-18 17:27 770728 ----a-w- c:\program files\Lexmark S300-S400 Series\lxeamon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaFace Integration] 2002-07-23 21:31 53248 ----a-w- c:\program files\Neato\MediaFACE 4.0\SetHook.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nero PhotoShow Media Manager] 2006-05-10 19:52 249856 ----a-w- c:\progra~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Omnipage] 2002-06-03 19:38 49152 ----a-w- c:\program files\ScanSoft\OmniPageSE\opware32.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-11-30 01:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray] 2008-03-27 03:14 214560 ----a-w- c:\program files\Real\RealPlayer\realplay.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2011-05-27 04:50 15147400 ----a-r- c:\program files\Skype\Phone\Skype.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sonic RecordNow!] 2004-06-22 15:02 1912832 ----a-w- c:\program files\Sonic\RecordNow!\RecordNow.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2008-05-28 02:37 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPP Auto Loader] 2001-10-05 19:54 118784 ----a-w- c:\windows\tppaldr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector v2] 2004-08-28 02:22 90112 ----a-w- c:\program files\Common Files\Ulead Systems\AutoDetector\Monitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Update 2] 2004-01-17 10:36 135168 ----a-w- c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Update 3] 2007-05-16 03:46 551032 ----a-w- c:\program files\Sony\VAIO Update 3\VAIOUpdt.exe . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Sony\\VAIO Media Integrated Server\\Platform\\SV_Httpd.exe"= "c:\\Program Files\\Sony\\VAIO Media Integrated Server\\Platform\\UPnPFramework.exe"= "c:\\Program Files\\Sony\\VAIO Media Integrated Server\\Platform\\VMConsole.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"= "c:\\Program Files\\AOL(DE) 9.0\\waol.exe"= "c:\\Program Files\\America Online 9.0\\waol.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\Common Files\\AOL\\1129216511\\ee\\aolsoftware.exe"= "c:\\Program Files\\Common Files\\AOL\\1129216511\\ee\\aim6.exe"= "c:\\Program Files\\America Online 9.0a\\waol.exe"= "c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"= "c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"= "c:\\Program Files\\Common Files\\AOL\\1129216511\\ee\\AOLServiceHost.exe"= "c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"= "c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"= "c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"= "c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"= "c:\\Program Files\\Sony\\Click to DVD 2\\CtoDvd.exe"= "c:\\Program Files\\CyberLink\\PCM4Everio\\PCM4Everio.exe"= "c:\\Program Files\\CyberLink\\PCM4Everio\\EverioService.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\Google\\Google Talk\\googletalk.exe"= "c:\\Program Files\\DNA\\btdna.exe"= "c:\\Program Files\\AOL 9.0\\waol.exe"= "c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"= "c:\\WINDOWS\\system32\\fxsclnt.exe"= "c:\\Program Files\\AOL 9.1\\waol.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\WINDOWS\\system32\\lxeacoms.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Documents and Settings\\Rick Ross\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"= "c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= . R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [6/11/2011 11:11 AM 239168] R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [6/11/2011 11:11 AM 338880] R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [6/11/2011 11:11 AM 656320] R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [5/23/2011 7:25 PM 441176] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [1/21/2011 6:04 PM 307928] R1 GearAspiSys;GearAspiSys;c:\windows\system32\drivers\GEARASPISYS.SYS [11/5/2005 11:22 AM 53412] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 11:41 AM 67656] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1/21/2011 6:04 PM 19544] R2 lxea_device;lxea_device;c:\windows\system32\lxeacoms.exe -service --> c:\windows\system32\lxeacoms.exe -service [?] R2 lxeaCATSCustConnectService;lxeaCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxeaserv.exe [5/29/2010 1:56 PM 98984] R2 QuattroInstallerService;Quattro Installer;c:\program files\M-Audio USB Quattro\Install\QuatInst.exe [2/14/2005 12:05 PM 86016] R2 SBKUPNT;SBKUPNT;c:\windows\system32\drivers\SBKUPNT.SYS [10/9/2008 12:27 PM 14976] R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools Security\pctsAuxs.exe [6/11/2011 11:10 AM 366840] R3 m763001b;M-Audio Quattro Base Driver;c:\windows\system32\drivers\m763001b.sys [1/22/2005 6:34 PM 9216] R3 m763001d;M-Audio Quattro Legacy Driver;c:\windows\system32\drivers\m763001d.sys [1/22/2005 6:34 PM 6656] R3 ma763001;M-Audio Quattro;c:\windows\system32\drivers\MA763001.sys [1/22/2005 6:34 PM 41856] R3 USBMN2X2;M-Audio USB MidiSport 2x2;c:\windows\system32\drivers\usbmn2x2.sys [1/22/2005 6:41 PM 22304] R3 USBNS4X4;M-Audio USB Quattro Midi;c:\windows\system32\drivers\usbns4x4.sys [1/22/2005 6:34 PM 22368] R3 X10Hid;X10 Hid Device;c:\windows\system32\drivers\x10hid.sys [3/24/2008 2:41 PM 7040] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/8/2010 1:04 AM 135664] S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/8/2010 1:04 AM 135664] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1/21/2011 6:12 PM 22712] S3 PL-40R;CASIO USB MIDI;c:\windows\system32\drivers\pl40rwdm.sys [5/3/2009 5:12 PM 18048] S3 USB22LDR;M-Audio USB MidiSport 2x2 Loader;c:\windows\system32\drivers\usb22ldr.sys [1/22/2005 6:41 PM 14272] S4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1/21/2011 6:12 PM 366640] S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [12/29/2007 12:26 PM 24652] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] getPlusHelper REG_MULTI_SZ getPlusHelper . Contents of the 'Scheduled Tasks' folder . 2011-06-14 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-12 19:34] . 2011-06-16 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 19:20] . 2011-06-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-08 08:04] . 2011-06-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-08 08:04] . 2011-06-16 c:\windows\Tasks\User_Feed_Synchronization-{A04A00E0-C5DA-4502-A5D0-ABBF91C9B966}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 12:31] . . ------- Supplementary Scan ------- . uDefault_Search_URL = hxxp://search.msn.com uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 IE: &AOL Toolbar Search - c:\documents and settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 DPF: {4EC8E993-32C1-47F5-A07A-5B0574655AD4} - hxxp://us.dl1.yimg.com/download.yahoo.com/dl/controls/ysftcntr/ysftcntr_current.cab FF - ProfilePath - c:\documents and settings\Rick Ross\Application Data\Mozilla\Firefox\Profiles\fk3uq85c.default\ . - - - - ORPHANS REMOVED - - - - . ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file) . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-06-15 22:47 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(812) c:\windows\system32\usbns4x4.dll c:\program files\SUPERAntiSpyware\SASWINLO.DLL c:\windows\system32\WININET.dll . - - - - - - - > 'lsass.exe'(872) c:\windows\system32\usbns4x4.dll c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll . - - - - - - - > 'explorer.exe'(5576) c:\windows\system32\WININET.dll c:\windows\system32\usbns4x4.dll c:\windows\TEMP\logishrd\LVPrcInj01.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\program files\Common Files\aolshare\aolshcpy.dll c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\Ati2evxx.exe c:\program files\Alwil Software\Avast5\AvastSvc.exe c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe c:\program files\Common Files\AOL\ACS\AOLAcsd.exe c:\program files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe c:\windows\eHome\ehRecvr.exe c:\windows\eHome\ehSched.exe c:\program files\Intel\Intel Application Accelerator\iaantmon.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\lxeacoms.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\CyberLink\Shared Files\RichVideo.exe c:\program files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe c:\program files\Sony\Sony TV Tuner Library\SMceMan.exe c:\program files\Sony\VAIO Media Integrated Server\VMISrv.exe c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe c:\windows\wanmpsvc.exe c:\windows\system32\MsPMSPSv.exe c:\windows\ehome\mcrdsvc.exe c:\program files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe c:\program files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe c:\windows\system32\dllhost.exe c:\program files\Sony\Sony TV Tuner Library\RM_SV.exe c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe c:\windows\system32\wscntfy.exe c:\windows\SOUNDMAN.EXE c:\program files\iPod\bin\iPodService.exe c:\program files\Common Files\Java\Java Update\jucheck.exe . ************************************************************************** . Completion time: 2011-06-15 22:58:52 - machine was rebooted ComboFix-quarantined-files.txt 2011-06-16 05:58 ComboFix2.txt 2011-06-10 18:22 ComboFix3.txt 2011-06-08 22:41 . Pre-Run: 49,015,664,640 bytes free Post-Run: 49,032,433,664 bytes free . - - End Of File - - BF44BF383CC802E19A2A857BB355BF03 . DDS (Ver_2011-06-02.03) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23 Run by Rick Ross at 23:01:08 on 2011-06-15 . ============== Running Processes =============== . C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Alwil Software\Avast5\AvastSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxeaserv.exe C:\WINDOWS\system32\lxeacoms.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\M-Audio USB Quattro\Install\QuatInst.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\Program Files\PC Tools Security\pctsAuxs.exe C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\WINDOWS\ehome\mcrdsvc.exe C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\SONY\sHotKey\sHotKey.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Alwil Software\Avast5\avastUI.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Common Files\Java\Java Update\jucheck.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Documents and Settings\Rick Ross\My Documents\Downloads\dds.com C:\WINDOWS\system32\svchost.exe -k DcomLaunch C:\WINDOWS\system32\svchost.exe -k rpcss C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\System32\svchost.exe -k HTTPFilter . ============== Pseudo HJT Report =============== . uDefault_Search_URL = hxxp://search.msn.com uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll BHO: AOL Toolbar Loader: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol toolbar\aoltb.dll BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll BHO: 1 (0x1) - No File BHO: Lexmark Printable Web: {d2c5e510-be6d-42cc-9f61-e4f939078474} - c:\program files\lexmark printable web\bho.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol toolbar\aoltb.dll TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File TB: {6ADB0F93-1AA5-4BCF-9DF4-CEA689A3C111} - No File EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe" uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe mRun: [VAIO Recovery] c:\windows\sonysys\vaio recovery\PartSeal.exe mRun: [soundMan] SOUNDMAN.EXE mRun: [sHotKey] "c:\program files\sony\shotkey\sHotKey.exe" mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [avast] "c:\program files\alwil software\avast5\avastUI.exe" /nogui dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t IE: &AOL Toolbar Search - c:\documents and settings\all users\application data\aol\ietoolbar\resources\en-us\local\search.html IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html IE: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL LSP: c:\program files\common files\pc tools\lsp\PCTLsp.dll DPF: {00000055-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/fhg.CAB DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} - hxxp://esupport.sony.com/VaioInfo.CAB DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/OAS/ActiveX/MSDcode.cab DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - hxxp://www.kaspersky.com/downloads/kws/kavwebscan.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} - hxxp://musicstore.connect.com/assets/activexplayer/SMALStreaming.cab DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} - hxxp://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cab DPF: {474F00F5-3853-492C-AC3A-476512BBC336} - hxxp://picasaweb.google.com/s/v/32.70/uploader2.cab DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - hxxp://aolcc.aol.com/computercheckup/qdiagcc.cab DPF: {4EC8E993-32C1-47F5-A07A-5B0574655AD4} - hxxp://us.dl1.yimg.com/download.yahoo.com/dl/controls/ysftcntr/ysftcntr_current.cab DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1140818082843 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 TCP: Interfaces\{C3C77818-ACF1-43AD-84ED-E3A61B2EABAF} : DhcpNameServer = 209.18.47.61 209.18.47.62 Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll . ================= FIREFOX =================== . FF - ProfilePath - . ============= SERVICES / DRIVERS =============== . R? gupdate;Google Update Service (gupdate) R? gupdatem;Google Update Service (gupdatem) R? MBAMProtector;MBAMProtector R? MBAMService;MBAMService R? PL-40R;CASIO USB MIDI R? sdCoreService;PC Tools Security Service R? USB22LDR;M-Audio USB MidiSport 2x2 Loader R? Viewpoint Manager Service;Viewpoint Manager Service S? aswFsBlk;aswFsBlk S? aswSnx;aswSnx S? aswSP;aswSP S? avast! Antivirus;avast! Antivirus S? GearAspiSys;GearAspiSys S? lxea_device;lxea_device S? lxeaCATSCustConnectService;lxeaCATSCustConnectService S? m763001b;M-Audio Quattro Base Driver S? m763001d;M-Audio Quattro Legacy Driver S? ma763001;M-Audio Quattro S? McrdSvc;Media Center Extender Service S? PCTCore;PCTools KDS S? pctDS;PC Tools Data Store S? pctEFA;PC Tools Extended File Attributes S? QuattroInstallerService;Quattro Installer S? SASDIFSV;SASDIFSV S? SASKUTIL;SASKUTIL S? SBKUPNT;SBKUPNT S? sdAuxService;PC Tools Auxiliary Service S? USBMN2X2;M-Audio USB MidiSport 2x2 S? USBNS4X4;M-Audio USB Quattro Midi S? X10Hid;X10 Hid Device . =============== Created Last 30 ================ . 2011-06-15 20:13:20 762780 -c--a-w- c:\windows\system32\dllcache\3cwmcru.sys 2011-06-15 20:13:19 11264 -c--a-w- c:\windows\system32\dllcache\1394vdbg.sys 2011-06-15 19:58:18 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll 2011-06-13 06:54:19 -------- d-----w- c:\documents and settings\all users\application data\Skype Extras 2011-06-11 20:26:29 -------- d-----w- c:\program files\Trend Micro 2011-06-11 19:20:58 -------- d-----w- c:\program files\PC Health Optimizer Free Edition 2011-06-11 18:11:26 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys 2011-06-11 18:11:26 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys 2011-06-11 18:11:24 251560 ----a-w- c:\windows\system32\drivers\pctgntdi.sys 2011-06-11 18:11:18 239168 ----a-w- c:\windows\system32\drivers\PCTCore.sys 2011-06-11 18:11:18 160448 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys 2011-06-11 18:11:06 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys 2011-06-11 18:10:53 -------- d-----w- c:\program files\PC Tools Security 2011-06-11 18:10:53 -------- d-----w- c:\program files\common files\PC Tools 2011-06-11 18:10:53 -------- d-----w- c:\documents and settings\rick ross\application data\PC Tools 2011-06-11 08:50:19 -------- d-----w- c:\documents and settings\rick ross\application data\SUPERAntiSpyware.com 2011-06-11 08:50:19 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com 2011-06-11 08:49:52 -------- d-----w- c:\program files\SUPERAntiSpyware 2011-06-08 22:02:00 -------- d-sha-r- C:\cmdcons 2011-06-08 21:57:29 98816 ----a-w- c:\windows\sed.exe 2011-06-08 21:57:29 518144 ----a-w- c:\windows\SWREG.exe 2011-06-08 21:57:29 256512 ----a-w- c:\windows\PEV.exe 2011-06-08 21:57:29 208896 ----a-w- c:\windows\MBR.exe 2011-06-02 05:57:49 -------- d--h--w- c:\documents and settings\rick ross\Recent(3) 2011-06-01 23:00:48 -------- d--h--w- c:\documents and settings\rick ross\Recent(2) 2011-06-01 03:48:08 -------- d-----w- C:\+to ipod 2011-05-29 02:01:12 -------- d-----w- C:\MOVIES 2011-05-29 01:22:04 -------- d-----w- c:\documents and settings\rick ross\local settings\application data\PackageAware 2011-05-25 06:00:27 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-05-24 02:25:10 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-05-18 18:36:02 -------- d-----w- c:\documents and settings\rick ross\application data\Sibelius Software 2011-05-18 17:52:10 -------- d-----w- c:\program files\Sibelius Software . ==================== Find3M ==================== . 2011-06-15 23:18:51 118784 ----a-w- c:\windows\dsdxirmv.exe 2011-05-29 16:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-05-29 16:11:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-05-10 12:10:59 40112 ----a-w- c:\windows\avastSS.scr 2011-04-13 22:40:10 4284416 ----a-w- c:\windows\system32\GPhotos.scr 2001-10-05 19:53:04 21866 ----a-w- c:\program files\common files\tppupd2k.dll 1998-02-09 09:59:18 6416 ----a-w- c:\program files\FAC_PT63.EXE . ============= FINISH: 23:08:13.34 =============== Malwarebytes' Anti-Malware 1.51.0.1200 www.malwarebytes.org Database version: 6863 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 6/15/2011 4:38:36 PM mbam-log-2011-06-15 (16-38-36).txt Scan type: Quick scan Objects scanned: 186109 Time elapsed: 10 minute(s), 38 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)
- June 16, 2011
- 18 replies
Resending "Searchqu Invasion"

ri4 posted a topic in Resolved Malware Removal Logs

I read that I should wait 48 hours before resending my post. I haven't heard back, and I really need some help I hope I am doing this the right way. Here's everything for the previous post: ********* After searching for a video torrent,I ended up with iLivid on my computer and it has resulted in giving me a Searchqu toolbar I cannot get rid of. My System Restore will not run. I have tried my Avast and Malwarebytes. They found a couple of infections. I removed them, but I still have the Searchqu. It is causing Malwarebytes to alert every time I access the internet. I presume other problems will follow. Can you help me get my system back to normal? thanks . DDS (Ver_2011-06-02.03) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23 Run by Rick Ross at 14:24:04 on 2011-06-02 . ============== Running Processes =============== . C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxeaserv.exe C:\WINDOWS\system32\lxeacoms.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\M-Audio USB Quattro\Install\QuatInst.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe C:\WINDOWS\ehome\mcrdsvc.exe C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\SONY\sHotKey\sHotKey.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Alwil Software\Avast5\avastUI.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\Java\Java Update\jucheck.exe C:\Documents and Settings\Rick Ross\My Documents\Downloads\8myt0um1.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Documents and Settings\Rick Ross\My Documents\Downloads\dds.com C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\System32\svchost.exe -k HTTPFilter . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.searchqu.com/406 uSearch Bar = hxxp://www.google.com/ie uDefault_Search_URL = hxxp://search.msn.com uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 mDefault_Page_URL = hxxp://www.sony.com/vaiopeople mSearch Page = uURLSearchHooks: IAOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol toolbar\aoltb.dll uURLSearchHooks: H - No File mURLSearchHooks: IAOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol toolbar\aoltb.dll BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No File BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll BHO: {465E08E7-F005-4389-980F-1D8764B3486C} - No File BHO: AOL Toolbar Loader: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol toolbar\aoltb.dll BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\wi371a~1\toolbar\searchqudtx.dll BHO: UrlHelper Class: {a40dc6c5-79d0-4ca8-a185-8ff989af1115} - c:\progra~1\wi371a~1\datamngr\IEBHO.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll BHO: 1 (0x1) - No File BHO: Lexmark Printable Web: {d2c5e510-be6d-42cc-9f61-e4f939078474} - c:\program files\lexmark printable web\bho.dll BHO: Java
- June 10, 2011
- 1 reply
Searchqu invasion

ri4 replied to ri4's topic in Resolved Malware Removal Logs

Malwarebytes' Anti-Malware 1.51.0.1200 www.malwarebytes.org Database version: 6814 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 6/8/2011 2:32:18 PM mbam-log-2011-06-08 (14-32-18).txt Scan type: Quick scan Objects scanned: 190594 Time elapsed: 14 minute(s), 27 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) DDS LOG: . DDS (Ver_2011-06-02.03) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23 Run by Rick Ross at 16:00:25 on 2011-06-08 . ============== Running Processes =============== . C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Alwil Software\Avast5\AvastSvc.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxeaserv.exe C:\WINDOWS\system32\lxeacoms.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\M-Audio USB Quattro\Install\QuatInst.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe C:\WINDOWS\ehome\mcrdsvc.exe C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\SONY\sHotKey\sHotKey.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Alwil Software\Avast5\avastUI.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\Java\Java Update\jucheck.exe C:\WINDOWS\explorer.exe C:\WINDOWS\system32\notepad.exe C:\Documents and Settings\Rick Ross\My Documents\Downloads\gyfir1g8.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Documents and Settings\Rick Ross\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe C:\Documents and Settings\Rick Ross\My Documents\Downloads\dds.com C:\WINDOWS\system32\svchost.exe -k DcomLaunch C:\WINDOWS\system32\svchost.exe -k rpcss C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\System32\svchost.exe -k HTTPFilter . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.searchqu.com/406 uDefault_Search_URL = hxxp://search.msn.com uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 uURLSearchHooks: IAOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol toolbar\aoltb.dll uURLSearchHooks: H - No File mURLSearchHooks: IAOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol toolbar\aoltb.dll BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No File BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll BHO: {465E08E7-F005-4389-980F-1D8764B3486C} - No File BHO: AOL Toolbar Loader: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol toolbar\aoltb.dll BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll BHO: 1 (0x1) - No File BHO: Lexmark Printable Web: {d2c5e510-be6d-42cc-9f61-e4f939078474} - c:\program files\lexmark printable web\bho.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol toolbar\aoltb.dll TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File TB: {6ADB0F93-1AA5-4BCF-9DF4-CEA689A3C111} - No File EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File mRun: [VAIO Recovery] c:\windows\sonysys\vaio recovery\PartSeal.exe mRun: [soundMan] SOUNDMAN.EXE mRun: [sHotKey] "c:\program files\sony\shotkey\sHotKey.exe" mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray mRun: [avast] "c:\program files\alwil software\avast5\avastUI.exe" /nogui dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t IE: &AOL Toolbar Search - c:\documents and settings\all users\application data\aol\ietoolbar\resources\en-us\local\search.html IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html IE: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL DPF: {00000055-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/fhg.CAB DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} - hxxp://esupport.sony.com/VaioInfo.CAB DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/OAS/ActiveX/MSDcode.cab DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - hxxp://www.kaspersky.com/downloads/kws/kavwebscan.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} - hxxp://musicstore.connect.com/assets/activexplayer/SMALStreaming.cab DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} - hxxp://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cab DPF: {474F00F5-3853-492C-AC3A-476512BBC336} - hxxp://picasaweb.google.com/s/v/32.70/uploader2.cab DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - hxxp://aolcc.aol.com/computercheckup/qdiagcc.cab DPF: {4EC8E993-32C1-47F5-A07A-5B0574655AD4} - hxxp://us.dl1.yimg.com/download.yahoo.com/dl/controls/ysftcntr/ysftcntr_current.cab DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1140818082843 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 TCP: Interfaces\{C3C77818-ACF1-43AD-84ED-E3A61B2EABAF} : DhcpNameServer = 209.18.47.61 209.18.47.62 Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\rick ross\application data\mozilla\firefox\profiles\fk3uq85c.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/aolcom/search?invocationType=tb50-ff-aolmailtb-chromesbox-en-us&query= FF - prefs.js: browser.search.selectedEngine - Web Search FF - prefs.js: browser.startup.homepage - hxxps://mail.google.com/mail/?zx=ea49c3qx0q9n&zx=co595wvlqlf8&shva=1#inbox FF - prefs.js: keyword.URL - hxxp://www.searchqu.com/web?src=ffb&systemid=406&q= FF - plugin: c:\documents and settings\rick ross\application data\facebook\npfbplugin_1_0_3.dll FF - plugin: c:\documents and settings\rick ross\application data\move networks\plugins\071803000001\npqmp071803000001.dll FF - plugin: c:\documents and settings\rick ross\application data\mozilla\plugins\npgoogletalk.dll FF - plugin: c:\documents and settings\rick ross\application data\mozilla\plugins\npgtpo3dautoplugin.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\picasa3\npPicasa3.dll FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npmusicn.dll FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll . ---- FIREFOX POLICIES ---- FF - user.js: yahoo.ytff.general.dontshowhpoffer - true . ============= SERVICES / DRIVERS =============== . R? gupdate;Google Update Service (gupdate) R? gupdatem;Google Update Service (gupdatem) R? m763001b;M-Audio Quattro Base Driver R? m763001d;M-Audio Quattro Legacy Driver R? ma763001;M-Audio Quattro R? PL-40R;CASIO USB MIDI R? USB22LDR;M-Audio USB MidiSport 2x2 Loader R? USBNS4X4;M-Audio USB Quattro Midi S? aswFsBlk;aswFsBlk S? aswSnx;aswSnx S? aswSP;aswSP S? avast! Antivirus;avast! Antivirus S? GearAspiSys;GearAspiSys S? lxea_device;lxea_device S? lxeaCATSCustConnectService;lxeaCATSCustConnectService S? MBAMProtector;MBAMProtector S? MBAMService;MBAMService S? McrdSvc;Media Center Extender Service S? QuattroInstallerService;Quattro Installer S? SBKUPNT;SBKUPNT S? USBMN2X2;M-Audio USB MidiSport 2x2 S? Viewpoint Manager Service;Viewpoint Manager Service S? X10Hid;X10 Hid Device . =============== Created Last 30 ================ . 2011-06-08 22:02:00 -------- d-sha-r- C:\cmdcons 2011-06-08 21:57:29 98816 ----a-w- c:\windows\sed.exe 2011-06-08 21:57:29 518144 ----a-w- c:\windows\SWREG.exe 2011-06-08 21:57:29 256512 ----a-w- c:\windows\PEV.exe 2011-06-08 21:57:29 208896 ----a-w- c:\windows\MBR.exe 2011-06-02 05:57:49 -------- d--h--w- c:\documents and settings\rick ross\Recent(3) 2011-06-01 23:00:48 -------- d--h--w- c:\documents and settings\rick ross\Recent(2) 2011-06-01 03:48:08 -------- d-----w- C:\+to ipod 2011-06-01 03:31:23 -------- d-----w- c:\documents and settings\rick ross\application data\searchquband 2011-05-29 02:01:12 -------- d-----w- C:\MOVIES 2011-05-29 01:24:54 -------- d-----w- c:\documents and settings\rick ross\local settings\application data\Ilivid Player 2011-05-29 01:22:32 -------- d-----w- c:\documents and settings\rick ross\application data\searchqutoolbar 2011-05-29 01:22:23 -------- d-----w- c:\program files\Windows iLivid Toolbar 2011-05-29 01:22:04 -------- d-----w- c:\documents and settings\rick ross\local settings\application data\PackageAware 2011-05-25 06:00:27 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-05-24 02:25:10 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-05-18 18:36:02 -------- d-----w- c:\documents and settings\rick ross\application data\Sibelius Software 2011-05-18 17:52:10 -------- d-----w- c:\program files\Sibelius Software 2011-05-10 21:34:16 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll 2011-05-10 21:34:16 1874904 ----a-w- c:\program files\mozilla firefox\mozjs.dll 2011-05-10 21:34:15 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll 2011-05-10 21:34:15 465880 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll 2011-05-10 21:34:15 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll 2011-05-10 21:34:14 1892184 ----a-w- c:\program files\mozilla firefox\d3dx9_42.dll 2011-05-10 21:34:14 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll 2011-05-10 21:34:13 1974616 ----a-w- c:\program files\mozilla firefox\D3DCompiler_42.dll . ==================== Find3M ==================== . 2011-05-29 16:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-05-29 16:11:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-05-10 12:10:59 40112 ----a-w- c:\windows\avastSS.scr 2011-04-13 22:40:10 4284416 ----a-w- c:\windows\system32\GPhotos.scr 2008-11-14 17:49:43 1754240 ----a-w- c:\program files\BitTorrent-6.1.2a.exe 2001-10-05 19:53:04 21866 ----a-w- c:\program files\common files\tppupd2k.dll 1998-02-09 09:59:18 6416 ----a-w- c:\program files\FAC_PT63.EXE . ============= FINISH: 16:02:17.42 =============== COMBOFIX LOG: ComboFix 11-06-08.01 - Rick Ross 06/08/2011 15:06:18.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1062 [GMT -7:00] Running from: c:\documents and settings\Rick Ross\My Documents\Downloads\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\Rick Ross\System c:\documents and settings\Rick Ross\System\win_qs8.jqx c:\documents and settings\Rick Ross\WINDOWS c:\progra~1\WI371A~1\Datamngr\IEBHo.dll c:\progra~1\WI371A~1\ToolBar\seARchqudtx.dll c:\windows\explorer(3).exe c:\windows\system32\msMAsk32.ocx c:\windows\TEMP\logishrd\LVPrcInj01.dll . . ((((((((((((((((((((((((( Files Created from 2011-05-08 to 2011-06-08 ))))))))))))))))))))))))))))))) . . 2011-06-01 03:48 . 2011-06-01 03:49 -------- d-----w- C:\+to ipod 2011-06-01 03:31 . 2011-06-01 03:31 -------- d-----w- c:\documents and settings\Rick Ross\Application Data\searchquband 2011-05-29 02:01 . 2011-06-01 17:41 -------- d-----w- C:\MOVIES 2011-05-29 01:24 . 2011-05-29 01:24 -------- d-----w- c:\documents and settings\Rick Ross\Local Settings\Application Data\Ilivid Player 2011-05-29 01:22 . 2011-06-01 18:13 -------- d-----w- c:\documents and settings\Rick Ross\Application Data\searchqutoolbar 2011-05-29 01:22 . 2011-05-29 01:22 -------- d-----w- c:\program files\Windows iLivid Toolbar 2011-05-29 01:22 . 2011-05-29 01:22 -------- d-----w- c:\documents and settings\Rick Ross\Local Settings\Application Data\PackageAware 2011-05-25 06:00 . 2011-05-25 06:00 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-05-24 02:25 . 2011-05-10 12:03 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-05-18 18:36 . 2011-05-18 18:36 -------- d-----w- c:\documents and settings\Rick Ross\Application Data\Sibelius Software 2011-05-18 17:52 . 2011-05-18 17:52 -------- d-----w- c:\program files\Sibelius Software 2011-05-10 21:34 . 2011-05-10 21:34 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll 2011-05-10 21:34 . 2011-05-10 21:34 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll 2011-05-10 21:34 . 2011-05-10 21:34 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll 2011-05-10 21:34 . 2011-05-10 21:34 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll 2011-05-10 21:34 . 2011-05-10 21:34 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll 2011-05-10 21:34 . 2011-05-10 21:34 1892184 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll 2011-05-10 21:34 . 2011-05-10 21:34 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll 2011-05-10 21:34 . 2011-05-10 21:34 1974616 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-05-29 16:11 . 2011-01-22 01:12 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-05-29 16:11 . 2011-01-22 01:12 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-05-10 12:10 . 2011-01-22 01:04 40112 ----a-w- c:\windows\avastSS.scr 2011-05-10 12:10 . 2011-01-22 01:04 199304 ----a-w- c:\windows\system32\aswBoot.exe 2011-05-10 12:03 . 2011-01-22 01:04 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys 2011-05-10 12:02 . 2011-01-22 01:04 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys 2011-05-10 12:02 . 2011-01-22 01:04 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys 2011-05-10 12:02 . 2011-01-22 01:04 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys 2011-05-10 11:59 . 2011-01-22 01:04 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys 2011-05-10 11:59 . 2011-01-22 01:04 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys 2011-05-10 11:59 . 2011-01-22 01:04 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys 2011-04-13 22:40 . 2011-04-13 22:40 4284416 ----a-w- c:\windows\system32\GPhotos.scr 2008-11-14 17:49 . 2008-11-14 17:49 1754240 ----a-w- c:\program files\BitTorrent-6.1.2a.exe 2001-10-05 19:53 . 2008-02-04 18:11 21866 ----a-w- c:\program files\Common Files\tppupd2k.dll 1998-02-09 09:59 . 2005-01-29 21:24 6416 ----a-w- c:\program files\FAC_PT63.EXE 2010-03-31 17:09 . 2010-03-31 17:09 10437264 ----a-w- c:\program files\mozilla firefox\plugins\PDFNetC.dll 2010-04-08 19:36 . 2010-04-08 19:36 107760 ----a-w- c:\program files\mozilla firefox\plugins\ScorchPDFWrapper.dll 2011-05-10 21:34 . 2011-05-10 21:34 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2011-05-10 12:10 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672] "SoundMan"="SOUNDMAN.EXE" [2004-07-29 77824] "sHotKey"="c:\program files\SONY\sHotKey\sHotKey.exe" [2003-08-22 45056] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584] "avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-05-10 3459712] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "midi1"=usbmn2x2.dll "midi4"=usbns4x4.dll "midi3"=usbns4x4.dll "midi5"=usbns4x4.dll "midi7"=usbns4x4.dll "MIDI10"=vpnt.dll . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk] backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL 9.0 Tray-Symbol.lnk] backup=c:\windows\pss\AOL 9.0 Tray-Symbol.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Image Transfer.lnk] backup=c:\windows\pss\Image Transfer.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk] backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^Rick Ross^Start Menu^Programs^Startup^Launch Microsoft Office Outlook.lnk] backup=c:\windows\pss\Launch Microsoft Office Outlook.lnkStartup . [HKLM\~\startupfolder\C:^Documents and Settings^Rick Ross^Start Menu^Programs^Startup^M-Audio Quattro Control Panel Launcher.lnk] backup=c:\windows\pss\M-Audio Quattro Control Panel Launcher.lnkStartup . [HKLM\~\startupfolder\C:^Documents and Settings^Rick Ross^Start Menu^Programs^Startup^Picture Motion Browser Media Check Tool.lnk] backup=c:\windows\pss\Picture Motion Browser Media Check Tool.lnkStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck] c:\windows\system32\dumprep 0 -k [X] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD] 2001-01-11 13:00 643072 ----a-w- c:\program files\Adaptec\Easy CD Creator 5\DirectCD\Directcd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2007-10-11 03:51 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start] 2008-11-06 11:42 50472 ----a-w- c:\program files\AOL 9.1\aol.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Spyware Protection] 2004-10-19 00:42 79448 ----a-w- c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer] 2006-10-23 12:50 71216 ----a-r- c:\program files\Common Files\AOL\ACS\AOLDial.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier] 2010-12-15 01:17 47904 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA] 2004-09-29 14:15 344064 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA] 2008-12-19 02:03 342848 ----a-w- c:\program files\DNA\btdna.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CreateCD50] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] 2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DATAMNGR] . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyLinkAdvisor] 2007-03-16 02:16 454784 ----a-w- c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray] 2005-08-05 20:56 64512 ----a-w- c:\windows\ehome\ehtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EverioService] 2006-11-23 04:10 151552 ------w- c:\program files\CyberLink\PCM4Everio\EverioService.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint] 2010-01-18 17:27 139944 ----a-w- c:\program files\Lexmark S300-S400 Series\ezprint.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk] 2007-01-01 21:22 3739648 ----a-w- c:\program files\Google\Google Talk\googletalk.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut] 2004-03-17 22:10 61952 ----a-w- c:\windows\system32\Hdaudpropshortcut.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager] 2007-05-25 17:16 42032 ----a-w- c:\program files\Common Files\AOL\1129216511\ee\aolsoftware.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility] 2003-01-31 02:55 196608 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif] 2004-03-23 19:16 135168 ----a-w- c:\program files\Intel\Intel Application Accelerator\IAAnotif.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2011-01-25 23:08 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager] 2008-08-15 00:11 565008 ----a-w- c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxeamon.exe] 2010-01-18 17:27 770728 ----a-w- c:\program files\Lexmark S300-S400 Series\lxeamon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaFace Integration] 2002-07-23 21:31 53248 ----a-w- c:\program files\Neato\MediaFACE 4.0\SetHook.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nero PhotoShow Media Manager] 2006-05-10 19:52 249856 ----a-w- c:\progra~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Omnipage] 2002-06-03 19:38 49152 ----a-w- c:\program files\ScanSoft\OmniPageSE\opware32.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-11-30 01:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray] 2008-03-27 03:14 214560 ----a-w- c:\program files\Real\RealPlayer\realplay.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2010-05-13 23:12 26192168 ----a-r- c:\program files\Skype\Phone\Skype.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sonic RecordNow!] 2004-06-22 15:02 1912832 ----a-w- c:\program files\Sonic\RecordNow!\RecordNow.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2008-05-28 02:37 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPP Auto Loader] 2001-10-05 19:54 118784 ----a-w- c:\windows\tppaldr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector v2] 2004-08-28 02:22 90112 ----a-w- c:\program files\Common Files\Ulead Systems\AutoDetector\Monitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Update 2] 2004-01-17 10:36 135168 ----a-w- c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Update 3] 2007-05-16 03:46 551032 ----a-w- c:\program files\Sony\VAIO Update 3\VAIOUpdt.exe . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Sony\\VAIO Media Integrated Server\\Platform\\SV_Httpd.exe"= "c:\\Program Files\\Sony\\VAIO Media Integrated Server\\Platform\\UPnPFramework.exe"= "c:\\Program Files\\Sony\\VAIO Media Integrated Server\\Platform\\VMConsole.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"= "c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"= "c:\\Program Files\\AOL(DE) 9.0\\waol.exe"= "c:\\Program Files\\America Online 9.0\\waol.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\Common Files\\AOL\\1129216511\\ee\\aolsoftware.exe"= "c:\\Program Files\\Common Files\\AOL\\1129216511\\ee\\aim6.exe"= "c:\\Program Files\\America Online 9.0a\\waol.exe"= "c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"= "c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"= "c:\\Program Files\\Common Files\\AOL\\1129216511\\ee\\AOLServiceHost.exe"= "c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"= "c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"= "c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"= "c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"= "c:\\Program Files\\Sony\\Click to DVD 2\\CtoDvd.exe"= "c:\\Program Files\\CyberLink\\PCM4Everio\\PCM4Everio.exe"= "c:\\Program Files\\CyberLink\\PCM4Everio\\EverioService.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\Program Files\\Google\\Google Talk\\googletalk.exe"= "c:\\Program Files\\DNA\\btdna.exe"= "c:\\Program Files\\AOL 9.0\\waol.exe"= "c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"= "c:\\WINDOWS\\system32\\fxsclnt.exe"= "c:\\Drivers&Downloads\\utorrent.exe"= "c:\\Program Files\\AOL 9.1\\waol.exe"= "c:\\Program Files\\Real\\RealPlayer\\realplay.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\WINDOWS\\system32\\lxeacoms.exe"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Documents and Settings\\Rick Ross\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"= "c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Windows iLivid Toolbar\\ToolBar\\dtUser.exe"= . R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [5/23/2011 7:25 PM 441176] R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [1/21/2011 6:04 PM 307928] R1 GearAspiSys;GearAspiSys;c:\windows\system32\drivers\GEARASPISYS.SYS [11/5/2005 11:22 AM 53412] R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1/21/2011 6:04 PM 19544] R2 lxea_device;lxea_device;c:\windows\system32\lxeacoms.exe -service --> c:\windows\system32\lxeacoms.exe -service [?] R2 lxeaCATSCustConnectService;lxeaCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxeaserv.exe [5/29/2010 1:56 PM 98984] R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1/21/2011 6:12 PM 366640] R2 QuattroInstallerService;Quattro Installer;c:\program files\M-Audio USB Quattro\Install\QuatInst.exe [2/14/2005 12:05 PM 86016] R2 SBKUPNT;SBKUPNT;c:\windows\system32\drivers\SBKUPNT.SYS [10/9/2008 12:27 PM 14976] R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [12/29/2007 12:26 PM 24652] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1/21/2011 6:12 PM 22712] R3 USBMN2X2;M-Audio USB MidiSport 2x2;c:\windows\system32\drivers\usbmn2x2.sys [1/22/2005 6:41 PM 22304] R3 X10Hid;X10 Hid Device;c:\windows\system32\drivers\x10hid.sys [3/24/2008 2:41 PM 7040] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/8/2010 1:04 AM 135664] S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/8/2010 1:04 AM 135664] S3 m763001b;M-Audio Quattro Base Driver;c:\windows\system32\drivers\m763001b.sys [1/22/2005 6:34 PM 9216] S3 m763001d;M-Audio Quattro Legacy Driver;c:\windows\system32\drivers\m763001d.sys [1/22/2005 6:34 PM 6656] S3 ma763001;M-Audio Quattro;c:\windows\system32\drivers\MA763001.sys [1/22/2005 6:34 PM 41856] S3 PL-40R;CASIO USB MIDI;c:\windows\system32\drivers\pl40rwdm.sys [5/3/2009 5:12 PM 18048] S3 USB22LDR;M-Audio USB MidiSport 2x2 Loader;c:\windows\system32\drivers\usb22ldr.sys [1/22/2005 6:41 PM 14272] S3 USBNS4X4;M-Audio USB Quattro Midi;c:\windows\system32\drivers\usbns4x4.sys [1/22/2005 6:34 PM 22368] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] getPlusHelper REG_MULTI_SZ getPlusHelper . Contents of the 'Scheduled Tasks' folder . 2011-05-31 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-12 19:34] . 2011-06-08 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job - c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 19:20] . 2011-06-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-08 08:04] . 2011-06-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-08 08:04] . 2011-06-08 c:\windows\Tasks\User_Feed_Synchronization-{A04A00E0-C5DA-4502-A5D0-ABBF91C9B966}.job - c:\windows\system32\msfeedssync.exe [2006-10-17 12:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.searchqu.com/406 uDefault_Search_URL = hxxp://search.msn.com uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 IE: &AOL Toolbar Search - c:\documents and settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.html IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 DPF: {4EC8E993-32C1-47F5-A07A-5B0574655AD4} - hxxp://us.dl1.yimg.com/download.yahoo.com/dl/controls/ysftcntr/ysftcntr_current.cab FF - ProfilePath - c:\documents and settings\Rick Ross\Application Data\Mozilla\Firefox\Profiles\fk3uq85c.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/aolcom/search?invocationType=tb50-ff-aolmailtb-chromesbox-en-us&query= FF - prefs.js: browser.search.selectedEngine - Web Search FF - prefs.js: browser.startup.homepage - hxxps://mail.google.com/mail/?zx=ea49c3qx0q9n&zx=co595wvlqlf8&shva=1#inbox FF - prefs.js: keyword.URL - hxxp://www.searchqu.com/web?src=ffb&systemid=406&q= FF - user.js: yahoo.ytff.general.dontshowhpoffer - true . - - - - ORPHANS REMOVED - - - - . Toolbar-10 - (no file) WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) MSConfigStartUp-HPHmon03 - c:\windows\system32\hphmon03.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-06-08 15:31 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(7328) c:\windows\system32\WININET.dll c:\windows\TEMP\logishrd\LVPrcInj01.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\program files\Common Files\aolshare\aolshcpy.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\Ati2evxx.exe c:\program files\Alwil Software\Avast5\AvastSvc.exe c:\windows\system32\rundll32.exe c:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe c:\program files\Common Files\AOL\ACS\AOLAcsd.exe c:\program files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe c:\windows\eHome\ehRecvr.exe c:\windows\eHome\ehSched.exe c:\program files\Intel\Intel Application Accelerator\iaantmon.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\system32\lxeacoms.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE c:\program files\CyberLink\Shared Files\RichVideo.exe c:\program files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe c:\program files\Sony\Sony TV Tuner Library\SMceMan.exe c:\program files\Sony\VAIO Media Integrated Server\VMISrv.exe c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe c:\windows\wanmpsvc.exe c:\windows\system32\MsPMSPSv.exe c:\progra~1\COMMON~1\X10\Common\x10nets.exe c:\windows\ehome\mcrdsvc.exe c:\program files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe c:\program files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe c:\windows\system32\dllhost.exe c:\windows\system32\wscntfy.exe c:\program files\Sony\Sony TV Tuner Library\RM_SV.exe c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe c:\windows\SOUNDMAN.EXE c:\program files\iPod\bin\iPodService.exe c:\program files\Common Files\Java\Java Update\jucheck.exe . ************************************************************************** . Completion time: 2011-06-08 15:41:39 - machine was rebooted ComboFix-quarantined-files.txt 2011-06-08 22:41 . Pre-Run: 49,005,502,464 bytes free Post-Run: 49,267,216,384 bytes free . WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect . - - End Of File - - 0812E71E8A4FFD68F9739483EDF68863 THANK YOU!!!
- June 8, 2011
- 18 replies
Searchqu invasion

ri4 posted a topic in Resolved Malware Removal Logs

After searching for a video torrent,I ended up with iLivid on my computer and it has resulted in giving me a Searchqu toolbar I cannot get rid of. My System Restore will not run. I have tried my Avast and Malwarebytes. They found a couple of infections. I removed them, but I still have the Searchqu. It is causing Malwarebytes to alert every time I access the internet. I presume other problems will follow. Can you help me get my system back to normal? thanks . DDS (Ver_2011-06-02.03) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23 Run by Rick Ross at 14:24:04 on 2011-06-02 . ============== Running Processes =============== . C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\rundll32.exe C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxeaserv.exe C:\WINDOWS\system32\lxeacoms.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\M-Audio USB Quattro\Install\QuatInst.exe C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exe C:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exe C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe C:\Program Files\Viewpoint\Common\ViewpointService.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\system32\MsPMSPSv.exe C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe C:\WINDOWS\ehome\mcrdsvc.exe C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\SONY\sHotKey\sHotKey.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Alwil Software\Avast5\avastUI.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Common Files\Java\Java Update\jucheck.exe C:\Documents and Settings\Rick Ross\My Documents\Downloads\8myt0um1.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Program Files\Mozilla Firefox\plugin-container.exe C:\Documents and Settings\Rick Ross\My Documents\Downloads\dds.com C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\System32\svchost.exe -k HTTPFilter . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.searchqu.com/406 uSearch Bar = hxxp://www.google.com/ie uDefault_Search_URL = hxxp://search.msn.com uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 mDefault_Page_URL = hxxp://www.sony.com/vaiopeople mSearch Page = uURLSearchHooks: IAOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol toolbar\aoltb.dll uURLSearchHooks: H - No File mURLSearchHooks: IAOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol toolbar\aoltb.dll BHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No File BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll BHO: {465E08E7-F005-4389-980F-1D8764B3486C} - No File BHO: AOL Toolbar Loader: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol toolbar\aoltb.dll BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\wi371a~1\toolbar\searchqudtx.dll BHO: UrlHelper Class: {a40dc6c5-79d0-4ca8-a185-8ff989af1115} - c:\progra~1\wi371a~1\datamngr\IEBHO.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll BHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll BHO: 1 (0x1) - No File BHO: Lexmark Printable Web: {d2c5e510-be6d-42cc-9f61-e4f939078474} - c:\program files\lexmark printable web\bho.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll TB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dll TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol toolbar\aoltb.dll TB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dll TB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\wi371a~1\toolbar\searchqudtx.dll TB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No File TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File TB: {6ADB0F93-1AA5-4BCF-9DF4-CEA689A3C111} - No File TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dll EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [VAIO Recovery] c:\windows\sonysys\vaio recovery\PartSeal.exe mRun: [soundMan] SOUNDMAN.EXE mRun: [sHotKey] "c:\program files\sony\shotkey\sHotKey.exe" mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /nogui mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t IE: &AOL Toolbar Search - c:\documents and settings\all users\application data\aol\ietoolbar\resources\en-us\local\search.html IE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htm IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html IE: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLL DPF: {00000055-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/fhg.CAB DPF: {02CF1781-EA91-4FA5-A200-646E8241987C} - hxxp://esupport.sony.com/VaioInfo.CAB DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/OAS/ActiveX/MSDcode.cab DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - hxxp://www.kaspersky.com/downloads/kws/kavwebscan.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab DPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} - hxxp://musicstore.connect.com/assets/activexplayer/SMALStreaming.cab DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} - hxxp://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cab DPF: {474F00F5-3853-492C-AC3A-476512BBC336} - hxxp://picasaweb.google.com/s/v/32.70/uploader2.cab DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - hxxp://aolcc.aol.com/computercheckup/qdiagcc.cab DPF: {4EC8E993-32C1-47F5-A07A-5B0574655AD4} - hxxp://us.dl1.yimg.com/download.yahoo.com/dl/controls/ysftcntr/ysftcntr_current.cab DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cab DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1140818082843 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 TCP: Interfaces\{C3C77818-ACF1-43AD-84ED-E3A61B2EABAF} : DhcpNameServer = 209.18.47.61 209.18.47.62 Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL AppInit_DLLs: c:\progra~1\wi371a~1\datamngr\datamngr.dll c:\progra~1\wi371a~1\datamngr\IEBHO.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll Hosts: 127.0.0.1 www.spywareinfo.com . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\rick ross\application data\mozilla\firefox\profiles\fk3uq85c.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/aolcom/search?invocationType=tb50-ff-aolmailtb-chromesbox-en-us&query= FF - prefs.js: browser.search.selectedEngine - Web Search FF - prefs.js: browser.startup.homepage - hxxps://mail.google.com/mail/?zx=ea49c3qx0q9n&zx=co595wvlqlf8&shva=1#inbox FF - prefs.js: keyword.URL - hxxp://www.searchqu.com/web?src=ffb&systemid=406&q= FF - plugin: c:\documents and settings\rick ross\application data\facebook\npfbplugin_1_0_3.dll FF - plugin: c:\documents and settings\rick ross\application data\move networks\plugins\071803000001\npqmp071803000001.dll FF - plugin: c:\documents and settings\rick ross\application data\mozilla\plugins\npgoogletalk.dll FF - plugin: c:\documents and settings\rick ross\application data\mozilla\plugins\npgtpo3dautoplugin.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\picasa3\npPicasa3.dll FF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npmusicn.dll FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll FF - plugin: c:\program files\virtual earth 3d\npVE3D.dll . ---- FIREFOX POLICIES ---- FF - user.js: yahoo.ytff.general.dontshowhpoffer - true ============= SERVICES / DRIVERS =============== . R? avast! Antivirus;avast! Antivirus R? gupdate;Google Update Service (gupdate) R? gupdatem;Google Update Service (gupdatem) R? m763001b;M-Audio Quattro Base Driver R? m763001d;M-Audio Quattro Legacy Driver R? ma763001;M-Audio Quattro R? MBAMSwissArmy;MBAMSwissArmy R? PL-40R;CASIO USB MIDI R? USB22LDR;M-Audio USB MidiSport 2x2 Loader R? USBNS4X4;M-Audio USB Quattro Midi S? aswFsBlk;aswFsBlk S? aswSnx;aswSnx S? aswSP;aswSP S? GearAspiSys;GearAspiSys S? lxea_device;lxea_device S? lxeaCATSCustConnectService;lxeaCATSCustConnectService S? MBAMProtector;MBAMProtector S? MBAMService;MBAMService S? McrdSvc;Media Center Extender Service S? QuattroInstallerService;Quattro Installer S? SBKUPNT;SBKUPNT S? USBMN2X2;M-Audio USB MidiSport 2x2 S? Viewpoint Manager Service;Viewpoint Manager Service S? X10Hid;X10 Hid Device . =============== Created Last 30 ================ . 2011-06-02 05:57:49 -------- d--h--w- c:\documents and settings\rick ross\Recent(3) 2011-06-01 23:00:48 -------- d--h--w- c:\documents and settings\rick ross\Recent(2) 2011-06-01 03:48:08 -------- d-----w- C:\+to ipod 2011-06-01 03:31:23 -------- d-----w- c:\documents and settings\rick ross\application data\searchquband 2011-05-29 02:01:12 -------- d-----w- C:\MOVIES 2011-05-29 01:24:54 -------- d-----w- c:\documents and settings\rick ross\local settings\application data\Ilivid Player 2011-05-29 01:22:32 -------- d-----w- c:\documents and settings\rick ross\application data\searchqutoolbar 2011-05-29 01:22:23 -------- d-----w- c:\program files\Windows iLivid Toolbar 2011-05-29 01:22:04 -------- d-----w- c:\documents and settings\rick ross\local settings\application data\PackageAware 2011-05-25 06:00:27 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-05-24 02:25:10 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2011-05-18 18:36:02 -------- d-----w- c:\documents and settings\rick ross\application data\Sibelius Software 2011-05-18 17:52:10 -------- d-----w- c:\program files\Sibelius Software 2011-05-10 21:34:16 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll 2011-05-10 21:34:16 1874904 ----a-w- c:\program files\mozilla firefox\mozjs.dll 2011-05-10 21:34:15 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll 2011-05-10 21:34:15 465880 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll 2011-05-10 21:34:15 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll 2011-05-10 21:34:14 1892184 ----a-w- c:\program files\mozilla firefox\d3dx9_42.dll 2011-05-10 21:34:14 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll 2011-05-10 21:34:13 1974616 ----a-w- c:\program files\mozilla firefox\D3DCompiler_42.dll . ==================== Find3M ==================== . 2011-05-29 16:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-05-29 16:11:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-05-10 12:10:59 40112 ----a-w- c:\windows\avastSS.scr 2011-04-13 22:40:10 4284416 ----a-w- c:\windows\system32\GPhotos.scr 2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll 2008-11-14 17:49:43 1754240 ----a-w- c:\program files\BitTorrent-6.1.2a.exe 2001-10-05 19:53:04 21866 ----a-w- c:\program files\common files\tppupd2k.dll 1998-02-09 09:59:18 6416 ----a-w- c:\program files\FAC_PT63.EXE . ============= FINISH: 14:31:23.35 =============== attach.zip ark.zip dds.zip protection-log-2011-06-02.zip
- June 2, 2011
- 18 replies
Searchqu invasion

ri4 posted a topic in Malwarebytes for Windows Support Forum

After searching for a video torrent,I ended up with iLivid on my computer and it has resulted in giving me a Searchqu toolbar I cannot get rid of. My System Restore will not run. I have tried my Avast and Malwarebytes. They found a couple of infections. I removed them, but I still have the Searchqu. Can you help me get my system back to normal?
- June 2, 2011
- 4 replies

Sign In

ri4

Posts

Joined

Last visited

Content Type

Events

Profiles

Forums

Everything posted by ri4

Searchqu invasion

Searchqu invasion

Searchqu invasion

Searchqu invasion

Searchqu invasion

Searchqu invasion

Searchqu invasion

Resending "Searchqu Invasion"

Searchqu invasion

Searchqu invasion

Searchqu invasion

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information