Google Redirect

CelticFrost · May 24, 2010

I have seen quite a few post on this same subject but I wanna make sure that this gets done right if can. My pc has 2 user accounts, my wifes and mine. Noticed this problem on her account today as her homepage is google. We are both running Firefox as the default browser. So when trying to do a search on google it brings up the list of links to what was searched for but when ya click one it pops up Redirect in the top left of the browser and takes me to weird sites, nothing at all in common with the search. One of them is a site called ToseekA. Anyway so I tryed it on her account on IE also and same thing. So then decided to log off her account and try mine, same thing on both Firefox and IE. Went ahead and did a HiJack This log. Any help on this would be great, not sure how bad this is because other search engines work fine. Just like to get taken care of but there could be something on my machine that could be bad. Aslo did a quick scan with latest and updated version of Malwarebytes Anti Malware, it showed 0 .

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 5:58:46 PM, on 5/24/2010

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\WINDOWS\arservice.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\TEMP\deji.tmp\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\ARPWRMSG.EXE

C:\Program Files\HP\HP Software Update\HPwuSchd2.exe

C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\DivX\DivX Update\DivXUpdate.exe

C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe

c:\windows\system\hpsysdrv.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\DISC\DISCover.exe

C:\Program Files\DISC\DiscUpdMgr.exe

C:\Program Files\DISC\DiscStreamHub.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\PROGRA~1\Inbox\CToolbar.exe

c:\PROGRA~1\Inbox\CMail.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.orbitdownloader.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...&pf=desktop

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.imesh.com/sidebar.html?src=ssb

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O1 - Hosts: 89.149.225.59 www.google.com

O1 - Hosts: 89.149.225.59 www.google.de

O1 - Hosts: 89.149.225.59 www.google.fr

O1 - Hosts: 89.149.225.59 www.google.co.uk

O1 - Hosts: 89.149.225.59 www.google.com.br

O1 - Hosts: 89.149.225.59 www.google.it

O1 - Hosts: 89.149.225.59 www.google.es

O1 - Hosts: 89.149.225.59 www.google.co.jp

O1 - Hosts: 89.149.225.59 www.google.com.mx

O1 - Hosts: 89.149.225.59 www.google.ca

O1 - Hosts: 89.149.225.59 www.google.com.au

O1 - Hosts: 89.149.225.59 www.google.nl

O1 - Hosts: 89.149.225.59 www.google.co.za

O1 - Hosts: 89.149.225.59 www.google.be

O1 - Hosts: 89.149.225.59 www.google.gr

O1 - Hosts: 89.149.225.59 www.google.at

O1 - Hosts: 89.149.225.59 www.google.se

O1 - Hosts: 89.149.225.59 www.google.ch

O1 - Hosts: 89.149.225.59 www.google.pt

O1 - Hosts: 89.149.225.59 www.google.dk

O1 - Hosts: 89.149.225.59 www.google.fi

O1 - Hosts: 89.149.225.59 www.google.ie

O1 - Hosts: 89.149.225.59 www.google.no

O1 - Hosts: 89.149.225.59 www.google.ru

O1 - Hosts: 89.149.225.59 www.google.ua

O1 - Hosts: 89.149.225.59 www.google.pl

O1 - Hosts: 89.149.225.59 www.google.ro

O1 - Hosts: 89.149.225.59 www.google.co.nz

O1 - Hosts: 89.149.225.59 www.google.in

O1 - Hosts: 89.149.225.59 www.google.th

O1 - Hosts: 89.149.225.59 www.google.tr

O1 - Hosts: 89.149.225.59 www.google.hu

O1 - Hosts: 89.149.225.59 www.google.cr

O1 - Hosts: 89.149.225.59 www.google.lv

O1 - Hosts: 89.149.225.59 www.google.lt

O1 - Hosts: 89.149.225.59 www.google.bg

O1 - Hosts: 89.149.225.59 www.google.be

O1 - Hosts: 89.149.225.59 www.google.vn

O1 - Hosts: 89.149.225.59 www.google.ve

O1 - Hosts: 89.149.225.59 www.google.sw

O1 - Hosts: 89.149.225.59 search.yahoo.com

O1 - Hosts: 89.149.225.59 us.search.yahoo.com

O1 - Hosts: 89.149.225.59 uk.search.yahoo.com

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: (no name) - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} - C:\PROGRA~1\Inbox\ctbr.dll

O2 - BHO: PlaySushi - {21608B66-026F-4DCB-9244-0DACA328DCED} - C:\Program Files\PlaySushi\PSText.dll

O2 - BHO: UrlHelper Class - {474597C5-AB09-49d6-A4D5-2E8D7341384E} - (no file)

O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: &Inbox.com Toolbar - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - C:\PROGRA~1\Inbox\ctbr.dll

O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [AlwaysReady Power Message APP] ARPWRMSG.EXE

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE

O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe

O4 - HKLM\..\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui

O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe"

O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')

O4 - S-1-5-18 Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'SYSTEM')

O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')

O4 - .DEFAULT Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')

O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')

O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')

O4 - Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe

O8 - Extra context menu item: Inbox Search - tbr:iemenu

O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm

O9 - Extra button: Go PlaySushi! - {EBD24BD3-E272-4FA3-A8BA-C5D709757CAB} - C:\Program Files\PlaySushi\PSText.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: *.moove.com

O15 - Trusted Zone: http://*.trymedia.com (HKLM)

O18 - Protocol: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - C:\PROGRA~1\Inbox\ctbr.dll

O20 - AppInit_DLLs: C:\PROGRA~1\IMESHA~1\MediaBar\DataMngr\datamngr.dll

O20 - Winlogon Notify: puinsd - C:\WINDOWS\SYSTEM32\puinsd.dll

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

--

End of file - 10627 bytes

gringo_pr · May 25, 2010

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

1.Please do not run any other tool untill instructed to do so!
2.Please reply to this thread, do not start another!
3.Please tell me about any problems that have occurred during the fix.
4.Please tell me of any other symptoms you may be having as these can help also.
5.Please try as much as possible not to run anything while executing a fix.

If you follow these instructions, everything should go smoothly.

Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

I would like to get a better look at your system, please do the following so I can get some more detailed logs.

DeFogger:

Please download

DeFogger to your desktop.
Double click DeFogger to run the tool.

The application window will appear
Click the Disable button to disable your CD Emulation drivers
Click Yes to continue
A 'Finished!' message will appear
Click OK
DeFogger may ask you to reboot the machine, if it does - click OK

Do not re-enable these drivers until otherwise instructed.

IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Download DDS:

Please download DDS by sUBs from one of the links below and save it to your desktop:

Download DDS and save it to your desktop

Link1
Link2
Link3
Please disable any anti-malware program that will block scripts from running before running DDS.

Double-Click on dds.scr and a command window will appear. This is normal.
Shortly after two logs will appear:
- DDS.txt
- Attach.txt
[*]A window will open instructing you save & post the logs
[*]Save the logs to a convenient place such as your desktop
[*]Copy the contents of both logs & post in your next reply

Gmer

Download GMER Rootkit Scanner from here.

Double click the .exe file. If asked to allow gmer.sys driver to load, please consent
If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO
In the right panel, you will see several boxes that have been checked. Uncheck the following ...
- IAT/EAT
- Drives/Partition other than Systemdrive (typically C:\)
- Show All (don't miss this one)
[*]Then click the Scan button & wait for it to finish
[*]Once done click on the [save..] button, and in the File name area, type in "Gmer.txt" or it will save as a .log file
[*]Save it where you can easily find it, such as your desktop, and post it in reply

**Caution**

Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Note: Do not run any programs while Gmer is running.

information and logs:

In your next post I need the following
- 1.logs from DDS
  2.log from GMER
  3.let me know of any problems you may have had

Gringo

CelticFrost · May 26, 2010

Thank you Gringo for your reply and help on this matter. Sorry took so long to respond, had to wait till got home from work and the Gmer scan took near 5 hrs. Here are the logs from what you asked for.

DDS (Ver_10-03-17.01) - NTFSx86

Run by Mike at 16:27:12.20 on Tue 05/25/2010

Internet Explorer: 6.0.2900.2180 BrowserJavaVersion: 1.6.0_20

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.446.71 [GMT -5:00]

AV: avast! Antivirus *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\WINDOWS\arservice.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\system32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe -k HPZ12

svchost.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\ARPWRMSG.EXE

C:\Program Files\HP\HP Software Update\HPwuSchd2.exe

C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\DivX\DivX Update\DivXUpdate.exe

C:\WINDOWS\system32\wuauclt.exe

c:\windows\system\hpsysdrv.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\PROGRA~1\Inbox\CToolbar.exe

c:\PROGRA~1\Inbox\CMail.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\DISC\DISCover.exe

C:\Program Files\DISC\DiscUpdMgr.exe

C:\Program Files\DISC\DiscStreamHub.exe

C:\Documents and Settings\Mike.YOUR-4DACD0EA75\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://search.orbitdownloader.com

uSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop

uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PRESARIO&pf=desktop

uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop

uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop

mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PRESARIO&pf=desktop

mDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop

mSearch Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PRESARIO&pf=desktop

mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop

mSearchAssistant = hxxp://search.imesh.com/sidebar.html?src=ssb

uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: : {1cb20bf0-bbae-40a7-93f4-6435ff3d0411} - c:\progra~1\inbox\ctbr.dll

BHO: PlaySushi: {21608b66-026f-4dcb-9244-0daca328dced} - c:\program files\playsushi\PSText.dll

BHO: {474597c5-ab09-49d6-a4d5-2e8d7341384e} - UrlHelper Class

BHO: hpWebHelper Class: {aaae832a-5fff-4661-9c8f-369692d1dcb9} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\plugin\WebHelper.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: &Inbox.com Toolbar: {4b3803ea-5230-4dc3-a7fc-33638f3d3542} - c:\progra~1\inbox\ctbr.dll

TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} -

uRun: [TomTomHOME.exe] "c:\program files\tomtom home 2\TomTomHOMERunner.exe"

mRun: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [AlwaysReady Power Message APP] ARPWRMSG.EXE

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] nwiz.exe /install

mRun: [Recguard] c:\windows\sminst\RECGUARD.EXE

mRun: [HPBootOp] "c:\program files\hewlett-packard\hp boot optimizer\HPBootOp.exe" /run

mRun: [HP Software Update] c:\program files\hp\hp software update\HPwuSchd2.exe

mRun: [avast5] c:\progra~1\alwils~1\avast5\avastUI.exe /nogui

mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

StartupFolder: c:\docume~1\mike~1.you\startm~1\programs\startup\pinmclnk.lnk - c:\hp\bin\cloaker.exe

IE: Inbox Search - tbr:iemenu

IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {EBD24BD3-E272-4FA3-A8BA-C5D709757CAB} - {EBD24BD3-E272-4FA3-A8BA-C5D709757CAB} - c:\program files\playsushi\PSText.dll

Trusted Zone: moove.com

Trusted Zone: trymedia.com

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\inbox\ctbr.dll

Notify: puinsd - puinsd.dll

AppInit_DLLs: c:\progra~1\imesha~1\mediabar\datamngr\datamngr.dll

LSA: Notification Packages = scecli scecli scecli

Hosts: 89.149.225.59 www.google.com

Hosts: 89.149.225.59 www.google.de

Hosts: 89.149.225.59 www.google.fr

Hosts: 89.149.225.59 www.google.co.uk

Hosts: 89.149.225.59 www.google.com.br

Note: multiple HOSTS entries found. Please refer to Attach.txt

============= SERVICES / DRIVERS ===============

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2010-2-13 164048]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2010-2-13 19024]

R2 avast! Antivirus;avast! Antivirus;c:\program files\alwil software\avast5\AvastSvc.exe [2010-2-13 40384]

R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]

R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2009-11-13 92008]

R2 vvlppc2;vvlppc2;c:\windows\system32\drivers\vvlppc2.sys [2010-5-3 30112]

R3 avast! Mail Scanner;avast! Mail Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-2-13 40384]

R3 avast! Web Scanner;avast! Web Scanner;c:\program files\alwil software\avast5\AvastSvc.exe [2010-2-13 40384]

=============== Created Last 30 ================

2010-05-25 21:24:30 0 ----a-w- c:\documents and settings\mike.your-4dacd0ea75\defogger_reenable

2010-05-24 21:15:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-05-24 21:15:40 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-05-24 21:15:40 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-05-24 11:56:36 22528 ----a-w- c:\windows\system32\puinsd.dll

2010-05-20 21:12:25 0 d-----w- c:\docume~1\alluse~1\applic~1\TomTom

2010-05-20 21:06:56 0 d-----w- c:\docume~1\mike~1.you\applic~1\TomTom

2010-05-20 21:06:46 0 d-----w- c:\program files\TomTom International B.V

2010-05-20 21:06:30 0 d-----w- c:\program files\TomTom HOME 2

2010-05-19 21:40:13 0 d-----w- c:\docume~1\mike~1.you\applic~1\HPQ

2010-05-18 20:49:10 0 d-----w- c:\docume~1\mike~1.you\applic~1\Malwarebytes

2010-05-03 15:26:41 0 d-----w- C:\CtDriverInstTemp

2010-05-03 15:26:36 0 d-----w- C:\WebCam3Gen

2010-05-03 14:53:32 71168 ----a-w- c:\windows\system32\vvldec32.dll

2010-05-03 14:53:32 30720 ----a-w- c:\windows\system32\vvlcodec.dll

2010-05-03 14:53:32 30112 ----a-w- c:\windows\system32\drivers\vvlppc2.sys

2010-05-03 14:53:32 143360 ----a-w- c:\windows\system32\vvlppc2.dll

2010-04-26 22:04:42 353592 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl

2010-04-26 00:11:15 133616 ------w- c:\windows\system32\pxafs.dll

2010-04-26 00:08:35 0 d-----w- c:\docume~1\alluse~1\applic~1\DivX

==================== Find3M ====================

2010-04-15 23:06:55 411368 ----a-w- c:\windows\system32\deployJava1.dll

2010-03-31 01:58:04 44944 ------w- c:\windows\system32\drivers\pxhelp20.sys

2010-03-31 01:58:04 125424 ------w- c:\windows\system32\pxinsi64.exe

2010-03-31 01:58:04 123888 ------w- c:\windows\system32\pxcpyi64.exe

2010-03-24 22:12:05 170 ----a-w- c:\docume~1\mike~1.you\applic~1\wklnhst.dat

2010-03-09 14:53:09 121325 ----a-w- c:\windows\hpoins15.dat

2010-03-08 17:59:18 94208 ----a-w- c:\windows\system32\dpl100.dll

2010-02-27 04:59:24 35200 ---ha-w- c:\windows\system32\mlfcache.dat

============= FINISH: 16:28:12.93 ===============

DDS (Ver_10-03-17.01)

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 2/13/2010 7:57:10 AM

System Uptime: 5/25/2010 9:18:56 AM (7 hours ago)

Motherboard: ASUSTek Computer INC. | | NAOS

Processor: AMD Athlon 64 Processor 3800+ | Socket AM2 | 2405/199mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 140 GiB total, 67.215 GiB free.

D: is FIXED (FAT32) - 9 GiB total, 0.536 GiB free.

E: is CDROM ()

G: is FIXED (NTFS) - 466 GiB total, 281.733 GiB free.

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP20: 2/24/2010 6:17:29 PM - System Checkpoint

RP21: 2/25/2010 6:44:38 PM - System Checkpoint

RP22: 2/26/2010 9:31:55 PM - System Checkpoint

RP23: 2/26/2010 10:11:27 PM - Installed iTunes

RP24: 2/27/2010 10:45:42 PM - System Checkpoint

RP25: 3/1/2010 5:13:56 PM - System Checkpoint

RP26: 3/2/2010 5:37:03 PM - System Checkpoint

RP27: 3/3/2010 7:48:48 AM - Removed Bonjour

RP28: 3/3/2010 7:49:19 AM - Configured easy Internet sign-up

RP29: 3/4/2010 8:52:16 PM - System Checkpoint

RP30: 3/5/2010 10:20:00 PM - System Checkpoint

RP31: 3/6/2010 11:47:23 PM - System Checkpoint

RP32: 3/8/2010 6:03:09 PM - System Checkpoint

RP33: 3/9/2010 7:18:08 PM - System Checkpoint

RP34: 3/14/2010 9:58:52 PM - System Checkpoint

RP35: 3/14/2010 10:03:08 PM - Installed COWON Media Center - jetAudio Basic VX

RP36: 3/18/2010 1:13:54 PM - Software Distribution Service 3.0

RP37: 3/18/2010 1:20:02 PM - Software Distribution Service 3.0

RP38: 3/18/2010 1:25:26 PM - Software Distribution Service 3.0

RP39: 3/19/2010 1:35:19 PM - System Checkpoint

RP40: 3/20/2010 2:35:24 PM - System Checkpoint

RP41: 3/21/2010 3:52:42 PM - System Checkpoint

RP42: 3/26/2010 4:06:19 PM - System Checkpoint

RP43: 3/27/2010 4:19:51 PM - System Checkpoint

RP44: 3/28/2010 6:08:57 PM - System Checkpoint

RP45: 3/29/2010 9:42:41 PM - System Checkpoint

RP46: 3/31/2010 7:20:00 AM - System Checkpoint

RP47: 4/3/2010 6:08:33 AM - System Checkpoint

RP48: 4/4/2010 6:14:51 AM - System Checkpoint

RP49: 4/8/2010 8:59:58 AM - System Checkpoint

RP50: 4/9/2010 4:10:53 PM - System Checkpoint

RP51: 4/10/2010 8:18:15 PM - System Checkpoint

RP52: 4/11/2010 8:46:30 PM - System Checkpoint

RP53: 4/12/2010 9:12:06 PM - System Checkpoint

RP54: 4/14/2010 8:00:03 AM - Removed Adobe Reader 7.0.5

RP55: 4/14/2010 8:00:25 AM - Installed Adobe Reader 9.3.

RP56: 4/14/2010 2:23:47 PM - Installed Java 6 Update 18

RP57: 4/15/2010 6:06:05 PM - Removed Java 6 Update 18

RP58: 4/15/2010 6:06:48 PM - Installed Java 6 Update 20

RP59: 4/16/2010 6:34:22 PM - System Checkpoint

RP60: 4/19/2010 9:13:00 AM - System Checkpoint

RP61: 4/20/2010 6:43:48 AM - Software Distribution Service 3.0

RP62: 4/21/2010 9:42:02 AM - System Checkpoint

RP63: 4/22/2010 4:55:50 PM - System Checkpoint

RP64: 4/23/2010 6:01:03 PM - System Checkpoint

RP65: 4/24/2010 6:38:27 PM - System Checkpoint

RP66: 4/25/2010 8:06:10 PM - System Checkpoint

RP67: 4/28/2010 8:24:15 AM - System Checkpoint

RP68: 4/29/2010 4:15:04 PM - System Checkpoint

RP69: 4/29/2010 9:22:02 PM - Software Distribution Service 3.0

RP70: 4/30/2010 9:28:50 PM - System Checkpoint

RP71: 5/1/2010 10:17:28 PM - System Checkpoint

RP72: 5/3/2010 9:05:46 AM - System Checkpoint

RP73: 5/3/2010 10:10:05 AM - Unsigned driver install

RP74: 5/3/2010 10:27:51 AM - Unsigned driver install

RP75: 5/5/2010 5:14:09 PM - System Checkpoint

RP76: 5/6/2010 7:19:25 PM - System Checkpoint

RP77: 5/7/2010 7:41:55 PM - System Checkpoint

RP78: 5/9/2010 8:12:32 AM - System Checkpoint

RP79: 5/10/2010 8:58:21 AM - System Checkpoint

RP80: 5/10/2010 6:56:14 PM - Advanced Uninstaller RestorePoint

RP81: 5/12/2010 1:51:39 PM - System Checkpoint

RP82: 5/13/2010 4:36:36 PM - System Checkpoint

RP83: 5/14/2010 6:10:46 PM - System Checkpoint

RP84: 5/16/2010 9:53:43 AM - System Checkpoint

RP85: 5/17/2010 11:37:35 AM - System Checkpoint

RP86: 5/18/2010 12:29:36 PM - System Checkpoint

RP87: 5/19/2010 5:45:40 PM - System Checkpoint

RP88: 5/20/2010 5:52:31 PM - System Checkpoint

RP89: 5/21/2010 6:04:42 PM - System Checkpoint

RP90: 5/22/2010 6:45:36 PM - System Checkpoint

RP91: 5/23/2010 7:30:18 PM - System Checkpoint

RP92: 5/24/2010 10:04:12 PM - System Checkpoint

==== Hosts File Hijack ======================

Hosts: 89.149.225.59 www.google.com

Hosts: 89.149.225.59 www.google.de

Hosts: 89.149.225.59 www.google.fr

Hosts: 89.149.225.59 www.google.co.uk

Hosts: 89.149.225.59 www.google.com.br

Hosts: 89.149.225.59 www.google.it

Hosts: 89.149.225.59 www.google.es

Hosts: 89.149.225.59 www.google.co.jp

Hosts: 89.149.225.59 www.google.com.mx

Hosts: 89.149.225.59 www.google.ca

Hosts: 89.149.225.59 www.google.com.au

Hosts: 89.149.225.59 www.google.nl

Hosts: 89.149.225.59 www.google.co.za

Hosts: 89.149.225.59 www.google.be

Hosts: 89.149.225.59 www.google.gr

Hosts: 89.149.225.59 www.google.at

Hosts: 89.149.225.59 www.google.se

Hosts: 89.149.225.59 www.google.ch

Hosts: 89.149.225.59 www.google.pt

Hosts: 89.149.225.59 www.google.dk

Hosts: 89.149.225.59 www.google.fi

Hosts: 89.149.225.59 www.google.ie

Hosts: 89.149.225.59 www.google.no

Hosts: 89.149.225.59 www.google.ru

Hosts: 89.149.225.59 www.google.ua

Hosts: 89.149.225.59 www.google.pl

Hosts: 89.149.225.59 www.google.ro

Hosts: 89.149.225.59 www.google.co.nz

Hosts: 89.149.225.59 www.google.in

Hosts: 89.149.225.59 www.google.th

Hosts: 89.149.225.59 www.google.tr

Hosts: 89.149.225.59 www.google.hu

Hosts: 89.149.225.59 www.google.cr

Hosts: 89.149.225.59 www.google.lv

Hosts: 89.149.225.59 www.google.lt

Hosts: 89.149.225.59 www.google.bg

Hosts: 89.149.225.59 www.google.be

Hosts: 89.149.225.59 www.google.vn

Hosts: 89.149.225.59 www.google.ve

Hosts: 89.149.225.59 www.google.sw

Hosts: 89.149.225.59 search.yahoo.com

Hosts: 89.149.225.59 us.search.yahoo.com

Hosts: 89.149.225.59 uk.search.yahoo.com

==== Installed Programs ======================

gringo_pr · May 26, 2010

Hello

I Would like you to do the following.

Please print out or make a copy in notpad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix
Please ensure you read this guide carefully and install the Recovery Console first.
The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode.
This allows us to more easily help you should your computer have a problem after an attempted removal of malware.
It is a simple procedure that will only take a few moments of your time.
Once installed, you should see a blue screen prompt that says:

The Recovery Console was successfully installed.

Please continue as follows:

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Click Yes to allow ComboFix to continue scanning for malware.

When the tool is finished, it will produce a report for you.

Please include the report in your next post:

C:\ComboFix.txt

"information and logs"

In your next post I need the following

Log from Combofix
let me know of any problems you may have had
How is the computer doing now?

Gringo

CelticFrost · May 26, 2010

Everything seems to be working fine now, Google is going to all links that I click on with no redirect. Thank you very! much! for the help. Here is the ComboFix log.

ComboFix 10-05-25.05 - Mike 05/26/2010 7:23.1.1 - x86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.446.177 [GMT -5:00]

Running from: c:\documents and settings\Mike.YOUR-4DACD0EA75\My Documents\Downloads\ComboFix.exe

AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\program files\PlaySushi\PSTExt.dll

c:\windows\system32\_004774_.tmp.dll

c:\windows\system32\_004775_.tmp.dll

c:\windows\system32\_004776_.tmp.dll

c:\windows\system32\_004777_.tmp.dll

c:\windows\system32\_004784_.tmp.dll

c:\windows\system32\_004785_.tmp.dll

c:\windows\system32\_004786_.tmp.dll

c:\windows\system32\_004788_.tmp.dll

c:\windows\system32\_004789_.tmp.dll

c:\windows\system32\_004792_.tmp.dll

c:\windows\system32\_004793_.tmp.dll

c:\windows\system32\_004795_.tmp.dll

c:\windows\system32\_004796_.tmp.dll

c:\windows\system32\_004797_.tmp.dll

c:\windows\system32\_004799_.tmp.dll

c:\windows\system32\_004802_.tmp.dll

c:\windows\system32\_004803_.tmp.dll

c:\windows\system32\_004807_.tmp.dll

c:\windows\system32\_004808_.tmp.dll

c:\windows\system32\_004810_.tmp.dll

c:\windows\system32\_004813_.tmp.dll

c:\windows\system32\_004815_.tmp.dll

c:\windows\system32\_004816_.tmp.dll

c:\windows\system32\_004817_.tmp.dll

c:\windows\system32\_004818_.tmp.dll

c:\windows\system32\_004821_.tmp.dll

c:\windows\system32\_004822_.tmp.dll

c:\windows\system32\_004823_.tmp.dll

c:\windows\system32\_004824_.tmp.dll

c:\windows\system32\_004825_.tmp.dll

c:\windows\system32\_004830_.tmp.dll

c:\windows\system32\_004832_.tmp.dll

c:\windows\system32\_004833_.tmp.dll

c:\windows\system32\_004994_.tmp.dll

c:\windows\system32\_004995_.tmp.dll

c:\windows\system32\_004996_.tmp.dll

c:\windows\system32\_004997_.tmp.dll

c:\windows\system32\_005004_.tmp.dll

c:\windows\system32\_005005_.tmp.dll

c:\windows\system32\_005006_.tmp.dll

c:\windows\system32\_005008_.tmp.dll

c:\windows\system32\_005009_.tmp.dll

c:\windows\system32\_005012_.tmp.dll

c:\windows\system32\_005013_.tmp.dll

c:\windows\system32\_005015_.tmp.dll

c:\windows\system32\_005016_.tmp.dll

c:\windows\system32\_005017_.tmp.dll

c:\windows\system32\_005019_.tmp.dll

c:\windows\system32\_005022_.tmp.dll

c:\windows\system32\_005023_.tmp.dll

c:\windows\system32\_005027_.tmp.dll

c:\windows\system32\_005028_.tmp.dll

c:\windows\system32\_005030_.tmp.dll

c:\windows\system32\_005033_.tmp.dll

c:\windows\system32\_005035_.tmp.dll

c:\windows\system32\_005036_.tmp.dll

c:\windows\system32\_005037_.tmp.dll

c:\windows\system32\_005038_.tmp.dll

c:\windows\system32\_005041_.tmp.dll

c:\windows\system32\_005042_.tmp.dll

c:\windows\system32\_005043_.tmp.dll

c:\windows\system32\_005044_.tmp.dll

c:\windows\system32\_005045_.tmp.dll

c:\windows\system32\_005050_.tmp.dll

c:\windows\system32\_005052_.tmp.dll

c:\windows\system32\_005053_.tmp.dll

c:\windows\system32\_007952_.tmp.dll

c:\windows\system32\_007953_.tmp.dll

c:\windows\system32\_007954_.tmp.dll

c:\windows\system32\_007955_.tmp.dll

c:\windows\system32\_007962_.tmp.dll

c:\windows\system32\_007963_.tmp.dll

c:\windows\system32\_007964_.tmp.dll

c:\windows\system32\_007965_.tmp.dll

c:\windows\system32\_007967_.tmp.dll

c:\windows\system32\_007968_.tmp.dll

c:\windows\system32\_007971_.tmp.dll

c:\windows\system32\_007972_.tmp.dll

c:\windows\system32\_007974_.tmp.dll

c:\windows\system32\_007975_.tmp.dll

c:\windows\system32\_007976_.tmp.dll

c:\windows\system32\_007978_.tmp.dll

c:\windows\system32\_007981_.tmp.dll

c:\windows\system32\_007982_.tmp.dll

c:\windows\system32\_007986_.tmp.dll

c:\windows\system32\_007987_.tmp.dll

c:\windows\system32\_007989_.tmp.dll

c:\windows\system32\_007992_.tmp.dll

c:\windows\system32\_007994_.tmp.dll

c:\windows\system32\_007995_.tmp.dll

c:\windows\system32\_007996_.tmp.dll

c:\windows\system32\_007997_.tmp.dll

c:\windows\system32\_007998_.tmp.dll

c:\windows\system32\_008001_.tmp.dll

c:\windows\system32\_008002_.tmp.dll

c:\windows\system32\_008003_.tmp.dll

c:\windows\system32\_008004_.tmp.dll

c:\windows\system32\_008005_.tmp.dll

c:\windows\system32\_008010_.tmp.dll

c:\windows\system32\_008012_.tmp.dll

c:\windows\system32\_008013_.tmp.dll

c:\windows\system32\AutoRun.inf

D:\Autorun.inf

G:\Autorun.inf

Infected copy of c:\windows\system32\drivers\intelide.sys was found and disinfected

Restored copy from - Kitty had a snack

.

((((((((((((((((((((((((( Files Created from 2010-04-26 to 2010-05-26 )))))))))))))))))))))))))))))))

.

2010-05-24 21:15 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-05-24 21:15 . 2010-05-24 21:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-05-24 21:15 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-05-24 21:03 . 2010-05-24 21:03 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75\Application Data\Malwarebytes

2010-05-24 11:56 . 2010-05-24 11:56 22528 ----a-w- c:\windows\system32\puinsd.dll

2010-05-20 21:12 . 2010-05-20 21:12 -------- d-----w- c:\documents and settings\All Users\Application Data\TomTom

2010-05-20 21:06 . 2010-05-20 21:06 -------- d-----w- c:\documents and settings\Mike.YOUR-4DACD0EA75\Local Settings\Application Data\TomTom

2010-05-20 21:06 . 2010-05-20 21:06 -------- d-----w- c:\documents and settings\Mike.YOUR-4DACD0EA75\Application Data\TomTom

2010-05-20 21:06 . 2010-05-20 21:06 -------- d-----w- c:\program files\TomTom International B.V

2010-05-20 21:06 . 2010-05-20 21:06 -------- d-----w- c:\program files\TomTom HOME 2

2010-05-20 01:55 . 2010-05-20 01:55 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\Google

2010-05-19 21:40 . 2010-05-19 21:40 -------- d-----w- c:\documents and settings\Mike.YOUR-4DACD0EA75\Application Data\HPQ

2010-05-19 09:15 . 2010-05-19 09:15 -------- d-s---w- c:\documents and settings\NetworkService\UserData

2010-05-18 20:49 . 2010-05-18 20:49 -------- d-----w- c:\documents and settings\Mike.YOUR-4DACD0EA75\Application Data\Malwarebytes

2010-05-10 23:58 . 2010-05-10 23:58 -------- d-----w- c:\documents and settings\Mike.YOUR-4DACD0EA75\Local Settings\Application Data\Google

2010-05-03 15:26 . 2010-05-03 15:28 -------- d-----w- C:\CtDriverInstTemp

2010-05-03 15:26 . 2010-05-03 15:28 -------- d-----w- C:\WebCam3Gen

2010-05-03 14:53 . 1999-01-08 21:39 143360 ----a-w- c:\windows\system32\vvlppc2.dll

2010-05-03 14:53 . 1999-01-06 15:47 30112 ----a-w- c:\windows\system32\drivers\vvlppc2.sys

2010-05-03 14:53 . 1998-09-18 18:59 71168 ----a-w- c:\windows\system32\vvldec32.dll

2010-05-03 14:53 . 1998-08-14 19:39 30720 ----a-w- c:\windows\system32\vvlcodec.dll

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-05-26 12:33 . 2010-04-02 22:03 -------- d-----w- c:\program files\PlaySushi

2010-05-26 12:04 . 2010-03-23 22:49 -------- d-----w- c:\program files\Inbox

2010-05-25 00:18 . 2010-05-25 00:18 503808 ----a-w- c:\documents and settings\Mike.YOUR-4DACD0EA75\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7e2dd005-n\msvcp71.dll

2010-05-25 00:18 . 2010-05-25 00:18 61440 ----a-w- c:\documents and settings\Mike.YOUR-4DACD0EA75\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-4caafccb-n\decora-sse.dll

2010-05-25 00:18 . 2010-05-25 00:18 499712 ----a-w- c:\documents and settings\Mike.YOUR-4DACD0EA75\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7e2dd005-n\jmc.dll

2010-05-25 00:18 . 2010-05-25 00:18 348160 ----a-w- c:\documents and settings\Mike.YOUR-4DACD0EA75\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-7e2dd005-n\msvcr71.dll

2010-05-25 00:18 . 2010-05-25 00:18 12800 ----a-w- c:\documents and settings\Mike.YOUR-4DACD0EA75\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-4caafccb-n\decora-d3d.dll

2010-05-22 23:58 . 2010-02-13 13:58 159 ----a-w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75\Local Settings\Application Data\fusioncache.dat

2010-05-22 22:56 . 2010-05-22 22:56 503808 ----a-w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-1c925385-n\msvcp71.dll

2010-05-22 22:56 . 2010-05-22 22:56 499712 ----a-w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-1c925385-n\jmc.dll

2010-05-22 22:56 . 2010-05-22 22:56 12800 ----a-w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-69a56f53-n\decora-d3d.dll

2010-05-22 22:56 . 2010-05-22 22:56 61440 ----a-w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-69a56f53-n\decora-sse.dll

2010-05-22 22:56 . 2010-05-22 22:56 348160 ----a-w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-1c925385-n\msvcr71.dll

2010-05-21 01:52 . 2010-04-15 00:00 664 ----a-w- c:\windows\system32\d3d9caps.dat

2010-05-15 21:17 . 2010-02-22 20:18 -------- d-----w- c:\documents and settings\Mike.YOUR-4DACD0EA75\Application Data\DVD Flick

2010-05-15 15:01 . 2010-02-22 19:46 -------- d-----w- c:\documents and settings\Mike.YOUR-4DACD0EA75\Application Data\uTorrent

2010-05-13 22:07 . 2010-02-20 23:36 2106 ----a-w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75\Application Data\wklnhst.dat

2010-05-10 23:54 . 2010-02-17 13:25 -------- d-----w- c:\documents and settings\Mike.YOUR-4DACD0EA75\Application Data\IObit

2010-05-06 20:59 . 2010-02-13 17:35 165032 ----a-w- c:\windows\system32\aswBoot.exe

2010-05-06 20:39 . 2010-02-13 17:36 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2010-05-06 20:39 . 2010-02-13 17:36 164048 ----a-w- c:\windows\system32\drivers\aswSP.sys

2010-05-06 20:34 . 2010-02-13 17:36 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys

2010-05-06 20:33 . 2010-02-13 17:36 100432 ----a-w- c:\windows\system32\drivers\aswmon2.sys

2010-05-06 20:33 . 2010-02-13 17:36 94800 ----a-w- c:\windows\system32\drivers\aswmon.sys

2010-05-06 20:33 . 2010-02-13 17:36 19024 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2010-05-06 20:33 . 2010-02-13 17:36 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys

2010-05-05 21:30 . 2010-04-26 00:08 -------- d-----w- c:\documents and settings\All Users\Application Data\DivX

2010-05-05 21:30 . 2010-04-26 00:12 57344 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.dll

2010-05-05 21:30 . 2010-05-05 21:30 56766 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXPlusShortcuts\Uninstaller.exe

2010-05-05 21:30 . 2007-09-20 22:38 -------- d-----w- c:\program files\DivX

2010-05-05 21:30 . 2010-05-05 21:30 53600 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Update\Uninstaller.exe

2010-05-05 21:30 . 2010-05-05 21:30 57679 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Player\Uninstaller.exe

2010-05-05 21:29 . 2010-05-05 21:29 84040 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TransferWizard\Uninstaller.exe

2010-05-05 21:29 . 2010-05-05 21:29 54166 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAVCDecoder\Uninstaller.exe

2010-05-05 21:29 . 2010-05-05 21:29 57532 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSASPDecoder\Uninstaller.exe

2010-05-05 21:29 . 2010-05-05 21:29 54153 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DFXPlugin\Uninstaller.exe

2010-05-05 21:29 . 2010-05-05 21:29 54128 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Converter\Uninstaller.exe

2010-05-05 21:29 . 2010-05-05 21:29 57409 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ControlPanel\Uninstaller.exe

2010-05-05 21:28 . 2010-04-26 00:08 144696 ----a-w- c:\documents and settings\All Users\Application Data\DivX\RunAsUser\RUNASUSERPROCESS.exe

2010-05-05 21:28 . 2010-04-26 00:12 754984 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\Resource.dll

2010-05-05 21:28 . 2010-04-26 00:12 1180952 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Setup\DivXSetup.exe

2010-04-28 16:32 . 2010-04-14 14:27 -------- d-----w- c:\program files\MatriX

2010-04-26 00:14 . 2010-04-26 00:11 -------- d-----w- c:\documents and settings\Mike.YOUR-4DACD0EA75\Application Data\DivX

2010-04-26 00:12 . 2010-04-26 00:12 56978 ----a-w- c:\documents and settings\All Users\Application Data\DivX\WebPlayer\Uninstaller.exe

2010-04-26 00:11 . 2010-04-26 00:11 57054 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSDesktopComponents\Uninstaller.exe

2010-04-26 00:11 . 2010-04-26 00:11 56458 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DivXDecoderShortcut\Uninstaller.exe

2010-04-26 00:11 . 2010-04-26 00:11 54174 ----a-w- c:\documents and settings\All Users\Application Data\DivX\DSAACDecoder\Uninstaller.exe

2010-04-26 00:11 . 2010-04-26 00:11 54629 ----a-w- c:\documents and settings\All Users\Application Data\DivX\TranscodeEngine\Uninstaller.exe

2010-04-26 00:10 . 2010-04-26 00:10 54101 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MPEG2Plugin\Uninstaller.exe

2010-04-26 00:10 . 2010-04-26 00:10 52963 ----a-w- c:\documents and settings\All Users\Application Data\DivX\MSVC80CRTRedist\Uninstaller.exe

2010-04-26 00:10 . 2010-04-26 00:10 54073 ----a-w- c:\documents and settings\All Users\Application Data\DivX\Qt4.5\Uninstaller.exe

2010-04-26 00:10 . 2010-04-26 00:10 56969 ----a-w- c:\documents and settings\All Users\Application Data\DivX\ASPEncoder\Uninstaller.exe

2010-04-26 00:10 . 2009-08-15 03:14 -------- d-----w- c:\program files\Common Files\DivX Shared

2010-04-15 23:07 . 2006-09-12 00:59 -------- d-----w- c:\program files\Common Files\Java

2010-04-15 23:06 . 2010-04-15 23:07 411368 ----a-w- c:\windows\system32\deployJava1.dll

2010-04-15 23:06 . 2006-09-12 00:59 -------- d-----w- c:\program files\Java

2010-04-15 00:00 . 2010-04-15 00:00 348160 ----a-w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5de7490b-n\msvcr71.dll

2010-04-15 00:00 . 2010-04-15 00:00 503808 ----a-w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5de7490b-n\msvcp71.dll

2010-04-15 00:00 . 2010-04-15 00:00 61440 ----a-w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-69e04e31-n\decora-sse.dll

2010-04-15 00:00 . 2010-04-15 00:00 499712 ----a-w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-5de7490b-n\jmc.dll

2010-04-15 00:00 . 2010-04-15 00:00 12800 ----a-w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-69e04e31-n\decora-d3d.dll

2010-04-14 19:24 . 2010-04-14 19:24 348160 ----a-w- c:\documents and settings\Mike.YOUR-4DACD0EA75\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-57d4268f-n\msvcr71.dll

2010-04-14 19:24 . 2010-04-14 19:24 61440 ----a-w- c:\documents and settings\Mike.YOUR-4DACD0EA75\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-775eb6a8-n\decora-sse.dll

2010-04-14 19:24 . 2010-04-14 19:24 503808 ----a-w- c:\documents and settings\Mike.YOUR-4DACD0EA75\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-57d4268f-n\msvcp71.dll

2010-04-14 19:24 . 2010-04-14 19:24 499712 ----a-w- c:\documents and settings\Mike.YOUR-4DACD0EA75\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-57d4268f-n\jmc.dll

2010-04-14 19:24 . 2010-04-14 19:24 12800 ----a-w- c:\documents and settings\Mike.YOUR-4DACD0EA75\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-775eb6a8-n\decora-d3d.dll

2010-04-14 16:47 . 2010-02-13 17:35 38848 ----a-w- c:\windows\system32\avastSS.scr

2010-04-14 16:36 . 2010-03-18 04:28 -------- d-----w- c:\program files\Free DVD Creator

2010-04-14 13:15 . 2010-04-14 12:57 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS

2010-04-14 13:01 . 2006-09-12 01:35 -------- d-----w- c:\program files\Common Files\Adobe

2010-04-14 12:58 . 2010-04-14 12:58 -------- d-----w- c:\program files\Common Files\Adobe AIR

2010-04-14 12:57 . 2010-04-14 12:57 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe

2010-04-08 05:15 . 2010-03-15 04:34 -------- d-----w- c:\program files\DownloadToolz

2010-04-05 12:25 . 2010-02-17 17:26 -------- d-----w- c:\documents and settings\Mike.YOUR-4DACD0EA75\Application Data\dvdcss

2010-04-02 22:01 . 2010-02-27 04:13 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75\Application Data\Apple Computer

2010-04-01 02:19 . 2010-02-28 02:29 -------- d-----w- c:\documents and settings\Mike.YOUR-4DACD0EA75\Application Data\Apple Computer

2010-04-01 01:24 . 2010-04-01 01:23 -------- d-----w- c:\program files\iTunes

2010-04-01 01:24 . 2010-04-01 01:23 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

2010-04-01 01:23 . 2010-04-01 01:23 -------- d-----w- c:\program files\iPod

2010-04-01 01:23 . 2010-02-27 04:07 -------- d-----w- c:\program files\Common Files\Apple

2010-04-01 01:20 . 2007-09-20 22:40 -------- d-----w- c:\program files\QuickTime

2010-04-01 01:16 . 2010-04-01 01:16 -------- d-----w- c:\program files\Bonjour

2010-04-01 01:14 . 2010-04-01 01:14 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.0.79\SetupAdmin.exe

2010-04-01 01:13 . 2010-04-01 01:13 -------- d-----w- c:\program files\Safari

2010-04-01 01:11 . 2010-04-01 01:11 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.31.22.7\SetupAdmin.exe

2010-03-31 01:58 . 2010-04-26 00:11 133616 ------w- c:\windows\system32\pxafs.dll

2010-03-31 01:58 . 2006-09-12 01:29 125424 ------w- c:\windows\system32\pxinsi64.exe

2010-03-31 01:58 . 2006-09-12 01:29 123888 ------w- c:\windows\system32\pxcpyi64.exe

2010-03-31 01:58 . 2005-08-19 17:00 44944 ----a-w- c:\windows\system32\drivers\pxhelp20.sys

2010-03-29 14:59 . 2010-05-22 23:08 52224 ----a-w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75\Application Data\Mozilla\Firefox\Profiles\00r9myd4.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\FFExternalAlert.dll

2010-03-29 14:59 . 2010-05-22 23:08 101376 ----a-w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75\Application Data\Mozilla\Firefox\Profiles\00r9myd4.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\components\RadioWMPCore.dll

2010-03-28 22:26 . 2010-03-28 22:26 -------- d-----w- c:\documents and settings\Compaq_Administrator.YOUR-4DACD0EA75\Application Data\COWON

2010-03-24 22:12 . 2010-03-24 22:01 170 ----a-w- c:\documents and settings\Mike.YOUR-4DACD0EA75\Application Data\wklnhst.dat

2010-03-18 18:48 . 2005-08-31 04:01 92947 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat

2010-03-18 18:48 . 2010-03-18 18:48 208896 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll

2010-03-18 18:48 . 2010-03-18 18:48 45056 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\uninstallUI\eHelpSetup.exe

2010-03-18 18:48 . 2010-03-18 18:48 61440 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\modemutil.dll

2010-03-18 18:48 . 2010-03-18 18:48 44032 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\Scripts\devcon.exe

2010-03-18 18:48 . 2010-03-18 18:48 40960 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\ScDmi.dll

2010-03-18 18:48 . 2010-03-18 18:48 341048 ----a-w- c:\windows\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\HPBasicDetection3.dll

2007-06-22 00:38 . 2007-06-22 00:38 30280 ----a-w- c:\program files\mozilla firefox\plugins\cgpcfg.dll

2007-06-22 00:38 . 2007-06-22 00:38 79432 ----a-w- c:\program files\mozilla firefox\plugins\CgpCore.dll

2007-06-22 00:38 . 2007-06-22 00:38 71240 ----a-w- c:\program files\mozilla firefox\plugins\confmgr.dll

2007-06-22 00:38 . 2007-06-22 00:38 140872 ----a-w- c:\program files\mozilla firefox\plugins\ctxmui.dll

2007-06-22 00:39 . 2007-06-22 00:39 38472 ----a-w- c:\program files\mozilla firefox\plugins\icafile.dll

2007-06-22 00:39 . 2007-06-22 00:39 46664 ----a-w- c:\program files\mozilla firefox\plugins\icalogon.dll

2007-06-22 00:39 . 2007-06-22 00:39 34376 ----a-w- c:\program files\mozilla firefox\plugins\logging.dll

2007-06-22 00:39 . 2007-06-22 00:39 685640 ----a-w- c:\program files\mozilla firefox\plugins\sslsdk_b.dll

2007-06-22 00:40 . 2007-06-22 00:40 30280 ----a-w- c:\program files\mozilla firefox\plugins\TcpPServ.dll

.

------- Sigcheck -------

[-] 2009-12-09 . 05BE3D9A71972223AFF6A3C823BA51B1 . 2189312 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165\SP3QFE\ntoskrnl.exe

[-] 2009-12-09 . 05BE3D9A71972223AFF6A3C823BA51B1 . 2189312 . . [5.1.2600.5913] . . c:\windows\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\SP3QFE\ntoskrnl.exe

[-] 2009-12-08 . 78EC47F9B9A3A1D539262D8834C896CE . 2189184 . . [5.1.2600.5913] . . c:\windows\Driver Cache\i386\ntoskrnl.exe

[-] 2009-12-08 . 78EC47F9B9A3A1D539262D8834C896CE . 2189184 . . [5.1.2600.5913] . . c:\windows\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\SP3GDR\ntoskrnl.exe

[-] 2009-12-08 . 78EC47F9B9A3A1D539262D8834C896CE . 2189184 . . [5.1.2600.5913] . . c:\windows\system32\ntoskrnl.exe

[-] 2009-12-08 . 5648297DBF1C631164F779863DF9D5BF . 2180352 . . [5.1.2600.3654] . . c:\windows\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\SP2GDR\ntoskrnl.exe

[-] 2009-12-08 . 128D88B3176E70B2E3088ECEB842B673 . 2185984 . . [5.1.2600.3654] . . c:\windows\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\SP2QFE\ntoskrnl.exe

[-] 2009-08-04 . FDE779EA1A564EBFE16F4E0F82B61BAD . 2189312 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntoskrnl.exe

[7] 2009-02-08 . EFE8EACE83EAAD5849A7A548FB75B584 . 2189184 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe

[7] 2009-02-06 . FACEBB0CA3154F77009CDFEE78A00BBB . 2180480 . . [5.1.2600.3520] . . c:\windows\system32\dllcache\ntoskrnl.exe

[7] 2009-02-06 . 7A95B10A73737EBF24139AAA63F5212B . 2189056 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntoskrnl.exe

[7] 2009-02-06 . 6A936E9D7BADAF3CAAEED1E1966EC1B0 . 2186112 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\ntoskrnl.exe

[-] 2008-08-14 . 31914172342BFF330063F343AC6958FE . 2189184 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntoskrnl.exe

[7] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntoskrnl.exe

[7] 2008-04-13 . 0C89243C7C3EE199B96FCC16990E0679 . 2188928 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ntoskrnl.exe

[7] 2007-02-28 . 5A5C8DB4AA962C714C8371FBDF189FC9 . 2182144 . . [5.1.2600.3093] . . c:\windows\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe

[7] 2006-12-19 . CEF243F6DEFD20BE4ADDE26C7ECACB54 . 2182016 . . [5.1.2600.3051] . . c:\windows\$hf_mig$\KB929338\SP2QFE\ntoskrnl.exe

[7] 2005-03-02 . 28187802B7C368C0D3AEF7D4C382AABB . 2179456 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe

[-] 2009-12-09 . FFDCE1EEA79C678C40237D4E031E5B51 . 2066176 . . [5.1.2600.5913] . . c:\windows\$hf_mig$\KB977165\SP3QFE\ntkrnlpa.exe

[-] 2009-12-09 . FFDCE1EEA79C678C40237D4E031E5B51 . 2066176 . . [5.1.2600.5913] . . c:\windows\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\SP3QFE\ntkrnlpa.exe

[-] 2009-12-08 . A6683E23468776F75EB2D8C6A02AAD3B . 2066048 . . [5.1.2600.5913] . . c:\windows\Driver Cache\i386\ntkrnlpa.exe

[-] 2009-12-08 . A6683E23468776F75EB2D8C6A02AAD3B . 2066048 . . [5.1.2600.5913] . . c:\windows\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\SP3GDR\ntkrnlpa.exe

[-] 2009-12-08 . A6683E23468776F75EB2D8C6A02AAD3B . 2066048 . . [5.1.2600.5913] . . c:\windows\system32\ntkrnlpa.exe

[-] 2009-12-08 . 384B15FBDCE2A54089A922886DED4EA0 . 2057728 . . [5.1.2600.3654] . . c:\windows\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\SP2GDR\ntkrnlpa.exe

[-] 2009-12-08 . BC123D9238A0C9BB3D853E407EE77254 . 2063104 . . [5.1.2600.3654] . . c:\windows\SoftwareDistribution\Download\1e737459aaabc35cf71b0434922b4d59\SP2QFE\ntkrnlpa.exe

[-] 2009-08-04 . 363B2BBEE0AEDC9E5433616D0AD0236A . 2066176 . . [5.1.2600.5857] . . c:\windows\$hf_mig$\KB971486\SP3QFE\ntkrnlpa.exe

[7] 2009-02-08 . 5BA7F2141BC6DB06100D0E5A732C617A . 2066048 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3GDR\ntkrnlpa.exe

[7] 2009-02-06 . 3006410E24772CC6953F0B5C01BEB35F . 2057728 . . [5.1.2600.3520] . . c:\windows\system32\dllcache\ntkrnlpa.exe

[7] 2009-02-06 . 607352B9CB3D708C67F6039097801B5A . 2066176 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe

[7] 2009-02-06 . 9D832AF3FD1917DB0E1E8B2F000A2E3A . 2062976 . . [5.1.2600.3520] . . c:\windows\$hf_mig$\KB956572\SP2QFE\ntkrnlpa.exe

[-] 2008-08-14 . A25E9B86EFFB2AF33BF51E676B68BFB0 . 2066048 . . [5.1.2600.5657] . . c:\windows\$hf_mig$\KB956841\SP3QFE\ntkrnlpa.exe

[7] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntkrnlpa.exe

[7] 2008-04-13 . 109F8E3E3C82E337BB71B6BC9B895D61 . 2065792 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ntkrnlpa.exe

[7] 2007-02-28 . 4D3DBDCCBF97F5BA1E74F322B155C3BA . 2059392 . . [5.1.2600.3093] . . c:\windows\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe

[7] 2006-12-19 . BA4B97C00A437C1CC3DA365D93EE1E9D . 2059392 . . [5.1.2600.3051] . . c:\windows\$hf_mig$\KB929338\SP2QFE\ntkrnlpa.exe

[7] 2005-03-02 . D8ABA3EAB509627E707A3B14F00FBB6B . 2056832 . . [5.1.2600.2622] . . c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2009-11-13 247144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ftutil2"="ftutil2.dll" [2004-06-07 106496]

"RTHDCPL"="RTHDCPL.EXE" [2006-06-14 16239616]

"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 77312]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-05-09 7311360]

"nwiz"="nwiz.exe" [2006-05-09 1519616]

"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]

"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-16 249856]

"HP Software Update"="c:\program files\HP\HP Software Update\HPwuSchd2.exe" [2005-02-17 49152]

"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-05-06 2815192]

"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-09-12 180269]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-04-12 1135912]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-18 421888]

c:\documents and settings\Default User\Start Menu\Programs\Startup\

Pin.lnk - c:\hp\bin\CLOAKER.EXE [2006-9-11 27136]

PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-9-11 27136]

c:\documents and settings\Mike.YOUR-4DACD0EA75\Start Menu\Programs\Startup\

PinMcLnk.lnk - c:\hp\bin\cloaker.exe [2006-9-11 27136]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\puinsd]

2010-05-24 11:56 22528 ----a-w- c:\windows\system32\puinsd.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]

2004-10-13 23:24 1694208 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\DISC\\DISCover.exe"=

"c:\\Program Files\\DISC\\DiscStreamHub.exe"=

"c:\\Program Files\\DISC\\myFTP.exe"=

"c:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Program Files\\Shareaza\\Shareaza.exe"=

"c:\\Program Files\\uTorrent\\utorrent.exe"=

"c:\\Program Files\\iMesh Applications\\iMesh\\iMesh.exe"=

"c:\\moove\\_adv.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\MatriX\\mIRC.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2/13/2010 12:36 PM 164048]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2/13/2010 12:36 PM 19024]

R2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [11/13/2009 6:31 AM 92008]

R2 vvlppc2;vvlppc2;c:\windows\system32\drivers\vvlppc2.sys [5/3/2010 9:53 AM 30112]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

.

Contents of the 'Scheduled Tasks' folder

2010-05-20 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

.

------- Supplementary Scan -------

.

uStart Page = hxxp://search.orbitdownloader.com

uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop

mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=64&bd=PRESARIO&pf=desktop

mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=64&bd=PRESARIO&pf=desktop

IE: Inbox Search - tbr:iemenu

Trusted Zone: moove.com

Trusted Zone: trymedia.com

Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~1\Inbox\ctbr.dll

.

- - - - ORPHANS REMOVED - - - -

BHO-{474597C5-AB09-49d6-A4D5-2E8D7341384E} - (no file)

Notify-dimsntfy - (no file)

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-05-26 07:38

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(720)

c:\windows\system32\puinsd.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Alwil Software\Avast5\AvastSvc.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\windows\arservice.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\windows\eHome\ehRecvr.exe

c:\windows\eHome\ehSched.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\program files\Common Files\LightScribe\LSSrvc.exe

c:\windows\system32\nvsvc32.exe

c:\windows\system32\wdfmgr.exe

c:\windows\ehome\mcrdsvc.exe

c:\windows\system32\dllhost.exe

c:\windows\RTHDCPL.EXE

c:\windows\ARPWRMSG.EXE

c:\windows\system\hpsysdrv.exe

c:\program files\iTunes\iTunesHelper.exe

c:\program files\DISC\DISCover.exe

c:\program files\DISC\DiscUpdMgr.exe

c:\program files\DISC\DiscStreamHub.exe

c:\program files\iPod\bin\iPodService.exe

.

**************************************************************************

.

Completion time: 2010-05-26 07:47:52 - machine was rebooted

ComboFix-quarantined-files.txt 2010-05-26 12:47

Pre-Run: 71,997,796,352 bytes free

Post-Run: 72,035,082,240 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=5 Sets=,1,2,3,4,5

- - End Of File - - 79B11C70C12928E125809035871BC522

gringo_pr · May 27, 2010

greetings

:upload files to jotti:

Please upload a file for scanning:
- Open virusscan.jotti
- Copy/paste this file and path into the white box at the top:

c:\windows\system32\drivers\vvlppc2.sys

Press Submit - this will submit the file for testing.

Please wait for all the scanners to finish then copy and paste the results in your next response.

Note: If Jotti is busy, you can use VirusTotal instead.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

File::
c:\windows\system32\puinsd.dll

DDS:
Trusted Zone: moove.com
Trusted Zone: trymedia.com

Save it to your desktop as CFScript.txt

Refering to the picture above, drag CFScript.txt into ComboFix.exe

This will let ComboFix run again.

Restart if you have to.

Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

NOTE**

When ComboFix finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will upload files to submit for analysis.
Ensure you are connected to the internet and click OK on the message box.

"information and logs"

In your next post I need the following

report from jotti
log from combofix
let me know of any problems you may have had
How is the computer doing now?

Gringo

CelticFrost · May 31, 2010

The Jotti scan said Found nothing on all scans and here is the ComboFix log. Computer is still working fine.

ComboFix 10-05-30.09 - Mike 05/31/2010 9:18.2.1 - x86

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.446.121 [GMT -5:00]

Running from: c:\documents and settings\Mike.YOUR-4DACD0EA75\My Documents\Downloads\ComboFix.exe

Command switches used :: c:\documents and settings\Mike.YOUR-4DACD0EA75\My Documents\Downloads\CFScript.txt

AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}

FILE ::

"c:\windows\system32\puinsd.dll"

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\system32\puinsd.dll

.

((((((((((((((((((((((((( Files Created from 2010-04-28 to 2010-05-31 )))))))))))))))))))))))))))))))

.

2010-05-30 16:07 . 2010-05-30 16:08 -------- d-----w- c:\documents and settings\All Users\Application Data\FreeHideIP

2010-05-30 16:07 . 2010-05-30 16:07 -------- d-----w- c:\documents and settings\Mike.YOUR-4DACD0EA75\Application Data\FreeHideIP

2010-05-30 16:07 . 2010-05-30 16:07 -------- d-----w- c:\program files\FreeHideIP