ri4 Posted June 2, 2011 ID:436093 Share Posted June 2, 2011 After searching for a video torrent,I ended up with iLivid on my computer and it has resulted in giving me a Searchqu toolbar I cannot get rid of. My System Restore will not run. I have tried my Avast and Malwarebytes. They found a couple of infections. I removed them, but I still have the Searchqu. It is causing Malwarebytes to alert every time I access the internet. I presume other problems will follow. Can you help me get my system back to normal? thanks.DDS (Ver_2011-06-02.03) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23Run by Rick Ross at 14:24:04 on 2011-06-02.============== Running Processes ===============.C:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\rundll32.exeC:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exeC:\Program Files\Common Files\AOL\ACS\AOLAcsd.exeC:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exeC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\Program Files\Intel\Intel Application Accelerator\iaantmon.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxeaserv.exeC:\WINDOWS\system32\lxeacoms.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\M-Audio USB Quattro\Install\QuatInst.exeC:\Program Files\CyberLink\Shared Files\RichVideo.exeC:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exeC:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exeC:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exeC:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exeC:\Program Files\Viewpoint\Common\ViewpointService.exeC:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exeC:\WINDOWS\wanmpsvc.exeC:\WINDOWS\system32\MsPMSPSv.exeC:\PROGRA~1\COMMON~1\X10\Common\x10nets.exeC:\WINDOWS\ehome\mcrdsvc.exeC:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exeC:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exeC:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exeC:\WINDOWS\system32\dllhost.exeC:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exeC:\WINDOWS\System32\alg.exeC:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exeC:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exeC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\SOUNDMAN.EXEC:\Program Files\SONY\sHotKey\sHotKey.exeC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\Program Files\Alwil Software\Avast5\avastUI.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\Common Files\Java\Java Update\jucheck.exeC:\Documents and Settings\Rick Ross\My Documents\Downloads\8myt0um1.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\plugin-container.exeC:\Program Files\Mozilla Firefox\plugin-container.exeC:\Documents and Settings\Rick Ross\My Documents\Downloads\dds.comC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k NetworkServiceC:\WINDOWS\system32\svchost.exe -k LocalServiceC:\WINDOWS\system32\svchost.exe -k LocalServiceC:\WINDOWS\system32\svchost.exe -k LocalServiceC:\WINDOWS\system32\svchost.exe -k imgsvcC:\WINDOWS\System32\svchost.exe -k HTTPFilter.============== Pseudo HJT Report ===============.uStart Page = hxxp://www.searchqu.com/406uSearch Bar = hxxp://www.google.com/ieuDefault_Search_URL = hxxp://search.msn.comuSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7mDefault_Page_URL = hxxp://www.sony.com/vaiopeoplemSearch Page = uURLSearchHooks: IAOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol toolbar\aoltb.dlluURLSearchHooks: H - No FilemURLSearchHooks: IAOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol toolbar\aoltb.dllBHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No FileBHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dllBHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dllBHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dllBHO: {465E08E7-F005-4389-980F-1D8764B3486C} - No FileBHO: AOL Toolbar Loader: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol toolbar\aoltb.dllBHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dllBHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dllBHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\wi371a~1\toolbar\searchqudtx.dllBHO: UrlHelper Class: {a40dc6c5-79d0-4ca8-a185-8ff989af1115} - c:\progra~1\wi371a~1\datamngr\IEBHO.dllBHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dllBHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dllBHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dllBHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dllBHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dllBHO: 1 (0x1) - No FileBHO: Lexmark Printable Web: {d2c5e510-be6d-42cc-9f61-e4f939078474} - c:\program files\lexmark printable web\bho.dllBHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dllBHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllTB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dllTB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dllTB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol toolbar\aoltb.dllTB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dllTB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dllTB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dllTB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\wi371a~1\toolbar\searchqudtx.dllTB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No FileTB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No FileTB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No FileTB: {6ADB0F93-1AA5-4BCF-9DF4-CEA689A3C111} - No FileTB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No FileEB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dllEB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No FileuRun: [ctfmon.exe] c:\windows\system32\ctfmon.exemRun: [VAIO Recovery] c:\windows\sonysys\vaio recovery\PartSeal.exemRun: [soundMan] SOUNDMAN.EXEmRun: [sHotKey] "c:\program files\sony\shotkey\sHotKey.exe"mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /noguimRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttraydRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -tIE: &AOL Toolbar Search - c:\documents and settings\all users\application data\aol\ietoolbar\resources\en-us\local\search.htmlIE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htmIE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspxIE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.htmlIE: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE}IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exeIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exeIE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dllIE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLLDPF: {00000055-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/fhg.CABDPF: {02CF1781-EA91-4FA5-A200-646E8241987C} - hxxp://esupport.sony.com/VaioInfo.CABDPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/OAS/ActiveX/MSDcode.cabDPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cabDPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - hxxp://www.kaspersky.com/downloads/kws/kavwebscan.cabDPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cabDPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cabDPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} - hxxp://musicstore.connect.com/assets/activexplayer/SMALStreaming.cabDPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} - hxxp://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cabDPF: {474F00F5-3853-492C-AC3A-476512BBC336} - hxxp://picasaweb.google.com/s/v/32.70/uploader2.cabDPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - hxxp://aolcc.aol.com/computercheckup/qdiagcc.cabDPF: {4EC8E993-32C1-47F5-A07A-5B0574655AD4} - hxxp://us.dl1.yimg.com/download.yahoo.com/dl/controls/ysftcntr/ysftcntr_current.cabDPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cabDPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cabDPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1140818082843DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cabDPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cabDPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cabDPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cabDPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cabDPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cabTCP: DhcpNameServer = 209.18.47.61 209.18.47.62TCP: Interfaces\{C3C77818-ACF1-43AD-84ED-E3A61B2EABAF} : DhcpNameServer = 209.18.47.61 209.18.47.62Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dllHandler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLLAppInit_DLLs: c:\progra~1\wi371a~1\datamngr\datamngr.dll c:\progra~1\wi371a~1\datamngr\IEBHO.dllSSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dllHosts: 127.0.0.1 www.spywareinfo.com.================= FIREFOX ===================.FF - ProfilePath - c:\documents and settings\rick ross\application data\mozilla\firefox\profiles\fk3uq85c.default\FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/aolcom/search?invocationType=tb50-ff-aolmailtb-chromesbox-en-us&query=FF - prefs.js: browser.search.selectedEngine - Web SearchFF - prefs.js: browser.startup.homepage - hxxps://mail.google.com/mail/?zx=ea49c3qx0q9n&zx=co595wvlqlf8&shva=1#inboxFF - prefs.js: keyword.URL - hxxp://www.searchqu.com/web?src=ffb&systemid=406&q=FF - plugin: c:\documents and settings\rick ross\application data\facebook\npfbplugin_1_0_3.dllFF - plugin: c:\documents and settings\rick ross\application data\move networks\plugins\071803000001\npqmp071803000001.dllFF - plugin: c:\documents and settings\rick ross\application data\mozilla\plugins\npgoogletalk.dllFF - plugin: c:\documents and settings\rick ross\application data\mozilla\plugins\npgtpo3dautoplugin.dllFF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dllFF - plugin: c:\program files\google\picasa3\npPicasa3.dllFF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dllFF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dllFF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dllFF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dllFF - plugin: c:\program files\mozilla firefox\plugins\npmusicn.dllFF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dllFF - plugin: c:\program files\virtual earth 3d\npVE3D.dll.---- FIREFOX POLICIES ----FF - user.js: yahoo.ytff.general.dontshowhpoffer - true============= SERVICES / DRIVERS ===============.R? avast! Antivirus;avast! AntivirusR? gupdate;Google Update Service (gupdate)R? gupdatem;Google Update Service (gupdatem)R? m763001b;M-Audio Quattro Base DriverR? m763001d;M-Audio Quattro Legacy DriverR? ma763001;M-Audio QuattroR? MBAMSwissArmy;MBAMSwissArmyR? PL-40R;CASIO USB MIDIR? USB22LDR;M-Audio USB MidiSport 2x2 LoaderR? USBNS4X4;M-Audio USB Quattro MidiS? aswFsBlk;aswFsBlkS? aswSnx;aswSnxS? aswSP;aswSPS? GearAspiSys;GearAspiSysS? lxea_device;lxea_deviceS? lxeaCATSCustConnectService;lxeaCATSCustConnectServiceS? MBAMProtector;MBAMProtectorS? MBAMService;MBAMServiceS? McrdSvc;Media Center Extender ServiceS? QuattroInstallerService;Quattro InstallerS? SBKUPNT;SBKUPNTS? USBMN2X2;M-Audio USB MidiSport 2x2S? Viewpoint Manager Service;Viewpoint Manager ServiceS? X10Hid;X10 Hid Device.=============== Created Last 30 ================.2011-06-02 05:57:49 -------- d--h--w- c:\documents and settings\rick ross\Recent(3)2011-06-01 23:00:48 -------- d--h--w- c:\documents and settings\rick ross\Recent(2)2011-06-01 03:48:08 -------- d-----w- C:\+to ipod2011-06-01 03:31:23 -------- d-----w- c:\documents and settings\rick ross\application data\searchquband2011-05-29 02:01:12 -------- d-----w- C:\MOVIES2011-05-29 01:24:54 -------- d-----w- c:\documents and settings\rick ross\local settings\application data\Ilivid Player2011-05-29 01:22:32 -------- d-----w- c:\documents and settings\rick ross\application data\searchqutoolbar2011-05-29 01:22:23 -------- d-----w- c:\program files\Windows iLivid Toolbar2011-05-29 01:22:04 -------- d-----w- c:\documents and settings\rick ross\local settings\application data\PackageAware2011-05-25 06:00:27 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2011-05-24 02:25:10 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys2011-05-18 18:36:02 -------- d-----w- c:\documents and settings\rick ross\application data\Sibelius Software2011-05-18 17:52:10 -------- d-----w- c:\program files\Sibelius Software2011-05-10 21:34:16 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll2011-05-10 21:34:16 1874904 ----a-w- c:\program files\mozilla firefox\mozjs.dll2011-05-10 21:34:15 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll2011-05-10 21:34:15 465880 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll2011-05-10 21:34:15 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll2011-05-10 21:34:14 1892184 ----a-w- c:\program files\mozilla firefox\d3dx9_42.dll2011-05-10 21:34:14 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll2011-05-10 21:34:13 1974616 ----a-w- c:\program files\mozilla firefox\D3DCompiler_42.dll.==================== Find3M ====================.2011-05-29 16:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2011-05-29 16:11:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys2011-05-10 12:10:59 40112 ----a-w- c:\windows\avastSS.scr2011-04-13 22:40:10 4284416 ----a-w- c:\windows\system32\GPhotos.scr2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll2008-11-14 17:49:43 1754240 ----a-w- c:\program files\BitTorrent-6.1.2a.exe2001-10-05 19:53:04 21866 ----a-w- c:\program files\common files\tppupd2k.dll1998-02-09 09:59:18 6416 ----a-w- c:\program files\FAC_PT63.EXE.============= FINISH: 14:31:23.35 ===============attach.zipark.zipdds.zipprotection-log-2011-06-02.zip Link to post Share on other sites More sharing options...
Staff screen317 Posted June 4, 2011 Staff ID:436902 Share Posted June 4, 2011 Hi and welcome to Malwarebytes.In the future, please post all logs directly into your reply instead of attaching them. With that said, please update MBAM, run a Quick Scan, and post its log.Next, please visit this webpage for instructions for running ComboFix: http://www.bleepingcomputer.com/combofix/how-to-use-combofixWhen the tool is finished, it will produce a report for you.Please post the C:\ComboFix.txt along with a new DDS log so we may continue cleaning the system.-screen317 Link to post Share on other sites More sharing options...
ri4 Posted June 8, 2011 Author ID:438604 Share Posted June 8, 2011 After searching for a video torrent,I ended up with iLivid on my computer and it has resulted in giving me a Searchqu toolbar I cannot get rid of. My System Restore will not run. I have tried my Avast and Malwarebytes. They found a couple of infections. I removed them, but I still have the Searchqu. It is causing Malwarebytes to alert every time I access the internet. I presume other problems will follow. Can you help me get my system back to normal? thanks.DDS (Ver_2011-06-02.03) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23Run by Rick Ross at 14:24:04 on 2011-06-02.============== Running Processes ===============.C:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\rundll32.exeC:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exeC:\Program Files\Common Files\AOL\ACS\AOLAcsd.exeC:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exeC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\Program Files\Intel\Intel Application Accelerator\iaantmon.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxeaserv.exeC:\WINDOWS\system32\lxeacoms.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\M-Audio USB Quattro\Install\QuatInst.exeC:\Program Files\CyberLink\Shared Files\RichVideo.exeC:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exeC:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exeC:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exeC:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exeC:\Program Files\Viewpoint\Common\ViewpointService.exeC:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exeC:\WINDOWS\wanmpsvc.exeC:\WINDOWS\system32\MsPMSPSv.exeC:\PROGRA~1\COMMON~1\X10\Common\x10nets.exeC:\WINDOWS\ehome\mcrdsvc.exeC:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exeC:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exeC:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exeC:\WINDOWS\system32\dllhost.exeC:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exeC:\WINDOWS\System32\alg.exeC:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exeC:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exeC:\WINDOWS\system32\ctfmon.exeC:\WINDOWS\SOUNDMAN.EXEC:\Program Files\SONY\sHotKey\sHotKey.exeC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\Program Files\Alwil Software\Avast5\avastUI.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\Common Files\Java\Java Update\jucheck.exeC:\Documents and Settings\Rick Ross\My Documents\Downloads\8myt0um1.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\plugin-container.exeC:\Program Files\Mozilla Firefox\plugin-container.exeC:\Documents and Settings\Rick Ross\My Documents\Downloads\dds.comC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k NetworkServiceC:\WINDOWS\system32\svchost.exe -k LocalServiceC:\WINDOWS\system32\svchost.exe -k LocalServiceC:\WINDOWS\system32\svchost.exe -k LocalServiceC:\WINDOWS\system32\svchost.exe -k imgsvcC:\WINDOWS\System32\svchost.exe -k HTTPFilter.============== Pseudo HJT Report ===============.uStart Page = hxxp://www.searchqu.com/406uSearch Bar = hxxp://www.google.com/ieuDefault_Search_URL = hxxp://search.msn.comuSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7mDefault_Page_URL = hxxp://www.sony.com/vaiopeoplemSearch Page = uURLSearchHooks: IAOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol toolbar\aoltb.dlluURLSearchHooks: H - No FilemURLSearchHooks: IAOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol toolbar\aoltb.dllBHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No FileBHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dllBHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dllBHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dllBHO: {465E08E7-F005-4389-980F-1D8764B3486C} - No FileBHO: AOL Toolbar Loader: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol toolbar\aoltb.dllBHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dllBHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dllBHO: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\wi371a~1\toolbar\searchqudtx.dllBHO: UrlHelper Class: {a40dc6c5-79d0-4ca8-a185-8ff989af1115} - c:\progra~1\wi371a~1\datamngr\IEBHO.dllBHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dllBHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dllBHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dllBHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dllBHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dllBHO: 1 (0x1) - No FileBHO: Lexmark Printable Web: {d2c5e510-be6d-42cc-9f61-e4f939078474} - c:\program files\lexmark printable web\bho.dllBHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dllBHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllTB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dllTB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dllTB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol toolbar\aoltb.dllTB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dllTB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dllTB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dllTB: Searchqu Toolbar: {99079a25-328f-4bd4-be04-00955acaa0a7} - c:\progra~1\wi371a~1\toolbar\searchqudtx.dllTB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No FileTB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No FileTB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No FileTB: {6ADB0F93-1AA5-4BCF-9DF4-CEA689A3C111} - No FileTB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No FileEB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dllEB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No FileuRun: [ctfmon.exe] c:\windows\system32\ctfmon.exemRun: [VAIO Recovery] c:\windows\sonysys\vaio recovery\PartSeal.exemRun: [soundMan] SOUNDMAN.EXEmRun: [sHotKey] "c:\program files\sony\shotkey\sHotKey.exe"mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"mRun: [avast5] "c:\program files\alwil software\avast5\avastUI.exe" /noguimRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttraydRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -tIE: &AOL Toolbar Search - c:\documents and settings\all users\application data\aol\ietoolbar\resources\en-us\local\search.htmlIE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htmIE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspxIE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.htmlIE: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE}IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exeIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exeIE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dllIE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLLDPF: {00000055-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/fhg.CABDPF: {02CF1781-EA91-4FA5-A200-646E8241987C} - hxxp://esupport.sony.com/VaioInfo.CABDPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/OAS/ActiveX/MSDcode.cabDPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cabDPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - hxxp://www.kaspersky.com/downloads/kws/kavwebscan.cabDPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cabDPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cabDPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} - hxxp://musicstore.connect.com/assets/activexplayer/SMALStreaming.cabDPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} - hxxp://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cabDPF: {474F00F5-3853-492C-AC3A-476512BBC336} - hxxp://picasaweb.google.com/s/v/32.70/uploader2.cabDPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - hxxp://aolcc.aol.com/computercheckup/qdiagcc.cabDPF: {4EC8E993-32C1-47F5-A07A-5B0574655AD4} - hxxp://us.dl1.yimg.com/download.yahoo.com/dl/controls/ysftcntr/ysftcntr_current.cabDPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cabDPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cabDPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1140818082843DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cabDPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cabDPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cabDPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cabDPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cabDPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cabTCP: DhcpNameServer = 209.18.47.61 209.18.47.62TCP: Interfaces\{C3C77818-ACF1-43AD-84ED-E3A61B2EABAF} : DhcpNameServer = 209.18.47.61 209.18.47.62Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dllHandler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLLAppInit_DLLs: c:\progra~1\wi371a~1\datamngr\datamngr.dll c:\progra~1\wi371a~1\datamngr\IEBHO.dllSSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dllHosts: 127.0.0.1 www.spywareinfo.com.================= FIREFOX ===================.FF - ProfilePath - c:\documents and settings\rick ross\application data\mozilla\firefox\profiles\fk3uq85c.default\FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/aolcom/search?invocationType=tb50-ff-aolmailtb-chromesbox-en-us&query=FF - prefs.js: browser.search.selectedEngine - Web SearchFF - prefs.js: browser.startup.homepage - hxxps://mail.google.com/mail/?zx=ea49c3qx0q9n&zx=co595wvlqlf8&shva=1#inboxFF - prefs.js: keyword.URL - hxxp://www.searchqu.com/web?src=ffb&systemid=406&q=FF - plugin: c:\documents and settings\rick ross\application data\facebook\npfbplugin_1_0_3.dllFF - plugin: c:\documents and settings\rick ross\application data\move networks\plugins\071803000001\npqmp071803000001.dllFF - plugin: c:\documents and settings\rick ross\application data\mozilla\plugins\npgoogletalk.dllFF - plugin: c:\documents and settings\rick ross\application data\mozilla\plugins\npgtpo3dautoplugin.dllFF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dllFF - plugin: c:\program files\google\picasa3\npPicasa3.dllFF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dllFF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dllFF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dllFF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dllFF - plugin: c:\program files\mozilla firefox\plugins\npmusicn.dllFF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dllFF - plugin: c:\program files\virtual earth 3d\npVE3D.dll.---- FIREFOX POLICIES ----FF - user.js: yahoo.ytff.general.dontshowhpoffer - true============= SERVICES / DRIVERS ===============.R? avast! Antivirus;avast! AntivirusR? gupdate;Google Update Service (gupdate)R? gupdatem;Google Update Service (gupdatem)R? m763001b;M-Audio Quattro Base DriverR? m763001d;M-Audio Quattro Legacy DriverR? ma763001;M-Audio QuattroR? MBAMSwissArmy;MBAMSwissArmyR? PL-40R;CASIO USB MIDIR? USB22LDR;M-Audio USB MidiSport 2x2 LoaderR? USBNS4X4;M-Audio USB Quattro MidiS? aswFsBlk;aswFsBlkS? aswSnx;aswSnxS? aswSP;aswSPS? GearAspiSys;GearAspiSysS? lxea_device;lxea_deviceS? lxeaCATSCustConnectService;lxeaCATSCustConnectServiceS? MBAMProtector;MBAMProtectorS? MBAMService;MBAMServiceS? McrdSvc;Media Center Extender ServiceS? QuattroInstallerService;Quattro InstallerS? SBKUPNT;SBKUPNTS? USBMN2X2;M-Audio USB MidiSport 2x2S? Viewpoint Manager Service;Viewpoint Manager ServiceS? X10Hid;X10 Hid Device.=============== Created Last 30 ================.2011-06-02 05:57:49 -------- d--h--w- c:\documents and settings\rick ross\Recent(3)2011-06-01 23:00:48 -------- d--h--w- c:\documents and settings\rick ross\Recent(2)2011-06-01 03:48:08 -------- d-----w- C:\+to ipod2011-06-01 03:31:23 -------- d-----w- c:\documents and settings\rick ross\application data\searchquband2011-05-29 02:01:12 -------- d-----w- C:\MOVIES2011-05-29 01:24:54 -------- d-----w- c:\documents and settings\rick ross\local settings\application data\Ilivid Player2011-05-29 01:22:32 -------- d-----w- c:\documents and settings\rick ross\application data\searchqutoolbar2011-05-29 01:22:23 -------- d-----w- c:\program files\Windows iLivid Toolbar2011-05-29 01:22:04 -------- d-----w- c:\documents and settings\rick ross\local settings\application data\PackageAware2011-05-25 06:00:27 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2011-05-24 02:25:10 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys2011-05-18 18:36:02 -------- d-----w- c:\documents and settings\rick ross\application data\Sibelius Software2011-05-18 17:52:10 -------- d-----w- c:\program files\Sibelius Software2011-05-10 21:34:16 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll2011-05-10 21:34:16 1874904 ----a-w- c:\program files\mozilla firefox\mozjs.dll2011-05-10 21:34:15 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll2011-05-10 21:34:15 465880 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll2011-05-10 21:34:15 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll2011-05-10 21:34:14 1892184 ----a-w- c:\program files\mozilla firefox\d3dx9_42.dll2011-05-10 21:34:14 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll2011-05-10 21:34:13 1974616 ----a-w- c:\program files\mozilla firefox\D3DCompiler_42.dll.==================== Find3M ====================.2011-05-29 16:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2011-05-29 16:11:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys2011-05-10 12:10:59 40112 ----a-w- c:\windows\avastSS.scr2011-04-13 22:40:10 4284416 ----a-w- c:\windows\system32\GPhotos.scr2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll2008-11-14 17:49:43 1754240 ----a-w- c:\program files\BitTorrent-6.1.2a.exe2001-10-05 19:53:04 21866 ----a-w- c:\program files\common files\tppupd2k.dll1998-02-09 09:59:18 6416 ----a-w- c:\program files\FAC_PT63.EXE.============= FINISH: 14:31:23.35 ===============Malwarebytes' Anti-Malware 1.51.0.1200www.malwarebytes.orgDatabase version: 6814Windows 5.1.2600 Service Pack 3Internet Explorer 8.0.6001.187026/8/2011 2:32:18 PMmbam-log-2011-06-08 (14-32-18).txtScan type: Quick scanObjects scanned: 190594Time elapsed: 14 minute(s), 27 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected)DDS LOG:.DDS (Ver_2011-06-02.03) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23Run by Rick Ross at 16:00:25 on 2011-06-08.============== Running Processes ===============.C:\WINDOWS\system32\Ati2evxx.exeC:\Program Files\Alwil Software\Avast5\AvastSvc.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\rundll32.exeC:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exeC:\Program Files\Common Files\AOL\ACS\AOLAcsd.exeC:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exeC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\Program Files\Intel\Intel Application Accelerator\iaantmon.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxeaserv.exeC:\WINDOWS\system32\lxeacoms.exeC:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\M-Audio USB Quattro\Install\QuatInst.exeC:\Program Files\CyberLink\Shared Files\RichVideo.exeC:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exeC:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exeC:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exeC:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exeC:\Program Files\Viewpoint\Common\ViewpointService.exeC:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exeC:\WINDOWS\wanmpsvc.exeC:\WINDOWS\system32\MsPMSPSv.exeC:\PROGRA~1\COMMON~1\X10\Common\x10nets.exeC:\WINDOWS\ehome\mcrdsvc.exeC:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exeC:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exeC:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exeC:\WINDOWS\system32\dllhost.exeC:\WINDOWS\system32\wscntfy.exeC:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exeC:\WINDOWS\System32\alg.exeC:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exeC:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exeC:\WINDOWS\SOUNDMAN.EXEC:\Program Files\SONY\sHotKey\sHotKey.exeC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Alwil Software\Avast5\avastUI.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\Common Files\Java\Java Update\jucheck.exeC:\WINDOWS\explorer.exeC:\WINDOWS\system32\notepad.exeC:\Documents and Settings\Rick Ross\My Documents\Downloads\gyfir1g8.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Mozilla Firefox\plugin-container.exeC:\Program Files\Mozilla Firefox\plugin-container.exeC:\Documents and Settings\Rick Ross\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exeC:\Documents and Settings\Rick Ross\My Documents\Downloads\dds.comC:\WINDOWS\system32\svchost.exe -k DcomLaunchC:\WINDOWS\system32\svchost.exe -k rpcssC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k NetworkServiceC:\WINDOWS\system32\svchost.exe -k LocalServiceC:\WINDOWS\system32\svchost.exe -k LocalServiceC:\WINDOWS\system32\svchost.exe -k LocalServiceC:\WINDOWS\system32\svchost.exe -k imgsvcC:\WINDOWS\System32\svchost.exe -k HTTPFilter.============== Pseudo HJT Report ===============.uStart Page = hxxp://www.searchqu.com/406uDefault_Search_URL = hxxp://search.msn.comuSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7uURLSearchHooks: IAOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol toolbar\aoltb.dlluURLSearchHooks: H - No FilemURLSearchHooks: IAOLTBSearch Class: {ea756889-2338-43db-8f07-d1ca6fb9c90d} - c:\program files\aol toolbar\aoltb.dllBHO: {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No FileBHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dllBHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dllBHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dllBHO: {465E08E7-F005-4389-980F-1D8764B3486C} - No FileBHO: AOL Toolbar Loader: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol toolbar\aoltb.dllBHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dllBHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dllBHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dllBHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dllBHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dllBHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dllBHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dllBHO: 1 (0x1) - No FileBHO: Lexmark Printable Web: {d2c5e510-be6d-42cc-9f61-e4f939078474} - c:\program files\lexmark printable web\bho.dllBHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dllBHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllTB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dllTB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dllTB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol toolbar\aoltb.dllTB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dllTB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dllTB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dllTB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No FileTB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No FileTB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No FileTB: {6ADB0F93-1AA5-4BCF-9DF4-CEA689A3C111} - No FileEB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No FilemRun: [VAIO Recovery] c:\windows\sonysys\vaio recovery\PartSeal.exemRun: [soundMan] SOUNDMAN.EXEmRun: [sHotKey] "c:\program files\sony\shotkey\sHotKey.exe"mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttraymRun: [avast] "c:\program files\alwil software\avast5\avastUI.exe" /noguidRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -tIE: &AOL Toolbar Search - c:\documents and settings\all users\application data\aol\ietoolbar\resources\en-us\local\search.htmlIE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htmIE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspxIE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.htmlIE: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE}IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exeIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exeIE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dllIE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLLDPF: {00000055-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/fhg.CABDPF: {02CF1781-EA91-4FA5-A200-646E8241987C} - hxxp://esupport.sony.com/VaioInfo.CABDPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/OAS/ActiveX/MSDcode.cabDPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cabDPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - hxxp://www.kaspersky.com/downloads/kws/kavwebscan.cabDPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cabDPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cabDPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} - hxxp://musicstore.connect.com/assets/activexplayer/SMALStreaming.cabDPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} - hxxp://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cabDPF: {474F00F5-3853-492C-AC3A-476512BBC336} - hxxp://picasaweb.google.com/s/v/32.70/uploader2.cabDPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - hxxp://aolcc.aol.com/computercheckup/qdiagcc.cabDPF: {4EC8E993-32C1-47F5-A07A-5B0574655AD4} - hxxp://us.dl1.yimg.com/download.yahoo.com/dl/controls/ysftcntr/ysftcntr_current.cabDPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cabDPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cabDPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1140818082843DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cabDPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cabDPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cabDPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cabDPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cabDPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cabTCP: DhcpNameServer = 209.18.47.61 209.18.47.62TCP: Interfaces\{C3C77818-ACF1-43AD-84ED-E3A61B2EABAF} : DhcpNameServer = 209.18.47.61 209.18.47.62Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dllHandler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLLSSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll.================= FIREFOX ===================.FF - ProfilePath - c:\documents and settings\rick ross\application data\mozilla\firefox\profiles\fk3uq85c.default\FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/aolcom/search?invocationType=tb50-ff-aolmailtb-chromesbox-en-us&query=FF - prefs.js: browser.search.selectedEngine - Web SearchFF - prefs.js: browser.startup.homepage - hxxps://mail.google.com/mail/?zx=ea49c3qx0q9n&zx=co595wvlqlf8&shva=1#inboxFF - prefs.js: keyword.URL - hxxp://www.searchqu.com/web?src=ffb&systemid=406&q=FF - plugin: c:\documents and settings\rick ross\application data\facebook\npfbplugin_1_0_3.dllFF - plugin: c:\documents and settings\rick ross\application data\move networks\plugins\071803000001\npqmp071803000001.dllFF - plugin: c:\documents and settings\rick ross\application data\mozilla\plugins\npgoogletalk.dllFF - plugin: c:\documents and settings\rick ross\application data\mozilla\plugins\npgtpo3dautoplugin.dllFF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dllFF - plugin: c:\program files\google\picasa3\npPicasa3.dllFF - plugin: c:\program files\google\update\1.3.21.53\npGoogleUpdate3.dllFF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dllFF - plugin: c:\program files\microsoft silverlight\4.0.60310.0\npctrlui.dllFF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dllFF - plugin: c:\program files\mozilla firefox\plugins\npmusicn.dllFF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dllFF - plugin: c:\program files\virtual earth 3d\npVE3D.dll.---- FIREFOX POLICIES ----FF - user.js: yahoo.ytff.general.dontshowhpoffer - true.============= SERVICES / DRIVERS ===============.R? gupdate;Google Update Service (gupdate)R? gupdatem;Google Update Service (gupdatem)R? m763001b;M-Audio Quattro Base DriverR? m763001d;M-Audio Quattro Legacy DriverR? ma763001;M-Audio QuattroR? PL-40R;CASIO USB MIDIR? USB22LDR;M-Audio USB MidiSport 2x2 LoaderR? USBNS4X4;M-Audio USB Quattro MidiS? aswFsBlk;aswFsBlkS? aswSnx;aswSnxS? aswSP;aswSPS? avast! Antivirus;avast! AntivirusS? GearAspiSys;GearAspiSysS? lxea_device;lxea_deviceS? lxeaCATSCustConnectService;lxeaCATSCustConnectServiceS? MBAMProtector;MBAMProtectorS? MBAMService;MBAMServiceS? McrdSvc;Media Center Extender ServiceS? QuattroInstallerService;Quattro InstallerS? SBKUPNT;SBKUPNTS? USBMN2X2;M-Audio USB MidiSport 2x2S? Viewpoint Manager Service;Viewpoint Manager ServiceS? X10Hid;X10 Hid Device.=============== Created Last 30 ================.2011-06-08 22:02:00 -------- d-sha-r- C:\cmdcons2011-06-08 21:57:29 98816 ----a-w- c:\windows\sed.exe2011-06-08 21:57:29 518144 ----a-w- c:\windows\SWREG.exe2011-06-08 21:57:29 256512 ----a-w- c:\windows\PEV.exe2011-06-08 21:57:29 208896 ----a-w- c:\windows\MBR.exe2011-06-02 05:57:49 -------- d--h--w- c:\documents and settings\rick ross\Recent(3)2011-06-01 23:00:48 -------- d--h--w- c:\documents and settings\rick ross\Recent(2)2011-06-01 03:48:08 -------- d-----w- C:\+to ipod2011-06-01 03:31:23 -------- d-----w- c:\documents and settings\rick ross\application data\searchquband2011-05-29 02:01:12 -------- d-----w- C:\MOVIES2011-05-29 01:24:54 -------- d-----w- c:\documents and settings\rick ross\local settings\application data\Ilivid Player2011-05-29 01:22:32 -------- d-----w- c:\documents and settings\rick ross\application data\searchqutoolbar2011-05-29 01:22:23 -------- d-----w- c:\program files\Windows iLivid Toolbar2011-05-29 01:22:04 -------- d-----w- c:\documents and settings\rick ross\local settings\application data\PackageAware2011-05-25 06:00:27 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2011-05-24 02:25:10 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys2011-05-18 18:36:02 -------- d-----w- c:\documents and settings\rick ross\application data\Sibelius Software2011-05-18 17:52:10 -------- d-----w- c:\program files\Sibelius Software2011-05-10 21:34:16 781272 ----a-w- c:\program files\mozilla firefox\mozsqlite3.dll2011-05-10 21:34:16 1874904 ----a-w- c:\program files\mozilla firefox\mozjs.dll2011-05-10 21:34:15 89048 ----a-w- c:\program files\mozilla firefox\libEGL.dll2011-05-10 21:34:15 465880 ----a-w- c:\program files\mozilla firefox\libGLESv2.dll2011-05-10 21:34:15 15832 ----a-w- c:\program files\mozilla firefox\mozalloc.dll2011-05-10 21:34:14 1892184 ----a-w- c:\program files\mozilla firefox\d3dx9_42.dll2011-05-10 21:34:14 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll2011-05-10 21:34:13 1974616 ----a-w- c:\program files\mozilla firefox\D3DCompiler_42.dll.==================== Find3M ====================.2011-05-29 16:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2011-05-29 16:11:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys2011-05-10 12:10:59 40112 ----a-w- c:\windows\avastSS.scr2011-04-13 22:40:10 4284416 ----a-w- c:\windows\system32\GPhotos.scr2008-11-14 17:49:43 1754240 ----a-w- c:\program files\BitTorrent-6.1.2a.exe2001-10-05 19:53:04 21866 ----a-w- c:\program files\common files\tppupd2k.dll1998-02-09 09:59:18 6416 ----a-w- c:\program files\FAC_PT63.EXE.============= FINISH: 16:02:17.42 ===============COMBOFIX LOG:ComboFix 11-06-08.01 - Rick Ross 06/08/2011 15:06:18.1.2 - x86Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1062 [GMT -7:00]Running from: c:\documents and settings\Rick Ross\My Documents\Downloads\ComboFix.exeAV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D} * Created a new restore point..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\documents and settings\Rick Ross\Systemc:\documents and settings\Rick Ross\System\win_qs8.jqxc:\documents and settings\Rick Ross\WINDOWSc:\progra~1\WI371A~1\Datamngr\IEBHo.dllc:\progra~1\WI371A~1\ToolBar\seARchqudtx.dllc:\windows\explorer(3).exec:\windows\system32\msMAsk32.ocxc:\windows\TEMP\logishrd\LVPrcInj01.dll..((((((((((((((((((((((((( Files Created from 2011-05-08 to 2011-06-08 )))))))))))))))))))))))))))))))..2011-06-01 03:48 . 2011-06-01 03:49 -------- d-----w- C:\+to ipod2011-06-01 03:31 . 2011-06-01 03:31 -------- d-----w- c:\documents and settings\Rick Ross\Application Data\searchquband2011-05-29 02:01 . 2011-06-01 17:41 -------- d-----w- C:\MOVIES2011-05-29 01:24 . 2011-05-29 01:24 -------- d-----w- c:\documents and settings\Rick Ross\Local Settings\Application Data\Ilivid Player2011-05-29 01:22 . 2011-06-01 18:13 -------- d-----w- c:\documents and settings\Rick Ross\Application Data\searchqutoolbar2011-05-29 01:22 . 2011-05-29 01:22 -------- d-----w- c:\program files\Windows iLivid Toolbar2011-05-29 01:22 . 2011-05-29 01:22 -------- d-----w- c:\documents and settings\Rick Ross\Local Settings\Application Data\PackageAware2011-05-25 06:00 . 2011-05-25 06:00 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2011-05-24 02:25 . 2011-05-10 12:03 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys2011-05-18 18:36 . 2011-05-18 18:36 -------- d-----w- c:\documents and settings\Rick Ross\Application Data\Sibelius Software2011-05-18 17:52 . 2011-05-18 17:52 -------- d-----w- c:\program files\Sibelius Software2011-05-10 21:34 . 2011-05-10 21:34 781272 ----a-w- c:\program files\Mozilla Firefox\mozsqlite3.dll2011-05-10 21:34 . 2011-05-10 21:34 1874904 ----a-w- c:\program files\Mozilla Firefox\mozjs.dll2011-05-10 21:34 . 2011-05-10 21:34 89048 ----a-w- c:\program files\Mozilla Firefox\libEGL.dll2011-05-10 21:34 . 2011-05-10 21:34 465880 ----a-w- c:\program files\Mozilla Firefox\libGLESv2.dll2011-05-10 21:34 . 2011-05-10 21:34 15832 ----a-w- c:\program files\Mozilla Firefox\mozalloc.dll2011-05-10 21:34 . 2011-05-10 21:34 1892184 ----a-w- c:\program files\Mozilla Firefox\d3dx9_42.dll2011-05-10 21:34 . 2011-05-10 21:34 142296 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll2011-05-10 21:34 . 2011-05-10 21:34 1974616 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_42.dll...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2011-05-29 16:11 . 2011-01-22 01:12 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2011-05-29 16:11 . 2011-01-22 01:12 22712 ----a-w- c:\windows\system32\drivers\mbam.sys2011-05-10 12:10 . 2011-01-22 01:04 40112 ----a-w- c:\windows\avastSS.scr2011-05-10 12:10 . 2011-01-22 01:04 199304 ----a-w- c:\windows\system32\aswBoot.exe2011-05-10 12:03 . 2011-01-22 01:04 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys2011-05-10 12:02 . 2011-01-22 01:04 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys2011-05-10 12:02 . 2011-01-22 01:04 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys2011-05-10 12:02 . 2011-01-22 01:04 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys2011-05-10 11:59 . 2011-01-22 01:04 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys2011-05-10 11:59 . 2011-01-22 01:04 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys2011-05-10 11:59 . 2011-01-22 01:04 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys2011-04-13 22:40 . 2011-04-13 22:40 4284416 ----a-w- c:\windows\system32\GPhotos.scr2008-11-14 17:49 . 2008-11-14 17:49 1754240 ----a-w- c:\program files\BitTorrent-6.1.2a.exe2001-10-05 19:53 . 2008-02-04 18:11 21866 ----a-w- c:\program files\Common Files\tppupd2k.dll1998-02-09 09:59 . 2005-01-29 21:24 6416 ----a-w- c:\program files\FAC_PT63.EXE2010-03-31 17:09 . 2010-03-31 17:09 10437264 ----a-w- c:\program files\mozilla firefox\plugins\PDFNetC.dll2010-04-08 19:36 . 2010-04-08 19:36 107760 ----a-w- c:\program files\mozilla firefox\plugins\ScorchPDFWrapper.dll2011-05-10 21:34 . 2011-05-10 21:34 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]@="{472083B0-C522-11CF-8763-00608CC02F24}"[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]2011-05-10 12:10 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll.[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672]"SoundMan"="SOUNDMAN.EXE" [2004-07-29 77824]"sHotKey"="c:\program files\SONY\sHotKey\sHotKey.exe" [2003-08-22 45056]"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-05-10 3459712].[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160].[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]"midi1"=usbmn2x2.dll"midi4"=usbns4x4.dll"midi3"=usbns4x4.dll"midi5"=usbns4x4.dll"midi7"=usbns4x4.dll"MIDI10"=vpnt.dll.[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup.[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL 9.0 Tray-Symbol.lnk]backup=c:\windows\pss\AOL 9.0 Tray-Symbol.lnkCommon Startup.[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Image Transfer.lnk]backup=c:\windows\pss\Image Transfer.lnkCommon Startup.[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup.[HKLM\~\startupfolder\C:^Documents and Settings^Rick Ross^Start Menu^Programs^Startup^Launch Microsoft Office Outlook.lnk]backup=c:\windows\pss\Launch Microsoft Office Outlook.lnkStartup.[HKLM\~\startupfolder\C:^Documents and Settings^Rick Ross^Start Menu^Programs^Startup^M-Audio Quattro Control Panel Launcher.lnk]backup=c:\windows\pss\M-Audio Quattro Control Panel Launcher.lnkStartup.[HKLM\~\startupfolder\C:^Documents and Settings^Rick Ross^Start Menu^Programs^Startup^Picture Motion Browser Media Check Tool.lnk]backup=c:\windows\pss\Picture Motion Browser Media Check Tool.lnkStartup.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]c:\windows\system32\dumprep 0 -k [X].[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]2001-01-11 13:00 643072 ----a-w- c:\program files\Adaptec\Easy CD Creator 5\DirectCD\Directcd.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]2007-10-11 03:51 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]2008-11-06 11:42 50472 ----a-w- c:\program files\AOL 9.1\aol.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Spyware Protection]2004-10-19 00:42 79448 ----a-w- c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]2006-10-23 12:50 71216 ----a-r- c:\program files\Common Files\AOL\ACS\AOLDial.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]2010-12-15 01:17 47904 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]2004-09-29 14:15 344064 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]2008-12-19 02:03 342848 ----a-w- c:\program files\DNA\btdna.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CreateCD50].[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DATAMNGR].[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyLinkAdvisor]2007-03-16 02:16 454784 ----a-w- c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]2005-08-05 20:56 64512 ----a-w- c:\windows\ehome\ehtray.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EverioService]2006-11-23 04:10 151552 ------w- c:\program files\CyberLink\PCM4Everio\EverioService.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]2010-01-18 17:27 139944 ----a-w- c:\program files\Lexmark S300-S400 Series\ezprint.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]2007-01-01 21:22 3739648 ----a-w- c:\program files\Google\Google Talk\googletalk.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]2004-03-17 22:10 61952 ----a-w- c:\windows\system32\Hdaudpropshortcut.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]2007-05-25 17:16 42032 ----a-w- c:\program files\Common Files\AOL\1129216511\ee\aolsoftware.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]2003-01-31 02:55 196608 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]2004-03-23 19:16 135168 ----a-w- c:\program files\Intel\Intel Application Accelerator\IAAnotif.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]2011-01-25 23:08 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]2008-08-15 00:11 565008 ----a-w- c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxeamon.exe]2010-01-18 17:27 770728 ----a-w- c:\program files\Lexmark S300-S400 Series\lxeamon.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaFace Integration]2002-07-23 21:31 53248 ----a-w- c:\program files\Neato\MediaFACE 4.0\SetHook.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nero PhotoShow Media Manager]2006-05-10 19:52 249856 ----a-w- c:\progra~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Omnipage]2002-06-03 19:38 49152 ----a-w- c:\program files\ScanSoft\OmniPageSE\opware32.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]2010-11-30 01:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]2008-03-27 03:14 214560 ----a-w- c:\program files\Real\RealPlayer\realplay.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]2010-05-13 23:12 26192168 ----a-r- c:\program files\Skype\Phone\Skype.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sonic RecordNow!]2004-06-22 15:02 1912832 ----a-w- c:\program files\Sonic\RecordNow!\RecordNow.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]2008-05-28 02:37 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPP Auto Loader]2001-10-05 19:54 118784 ----a-w- c:\windows\tppaldr.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector v2]2004-08-28 02:22 90112 ----a-w- c:\program files\Common Files\Ulead Systems\AutoDetector\Monitor.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Update 2]2004-01-17 10:36 135168 ----a-w- c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Update 3]2007-05-16 03:46 551032 ----a-w- c:\program files\Sony\VAIO Update 3\VAIOUpdt.exe.[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\Sony\\VAIO Media Integrated Server\\Platform\\SV_Httpd.exe"="c:\\Program Files\\Sony\\VAIO Media Integrated Server\\Platform\\UPnPFramework.exe"="c:\\Program Files\\Sony\\VAIO Media Integrated Server\\Platform\\VMConsole.exe"="c:\\Program Files\\Messenger\\msmsgs.exe"="c:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"="c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="c:\\Program Files\\AOL(DE) 9.0\\waol.exe"="c:\\Program Files\\America Online 9.0\\waol.exe"="c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="c:\\Program Files\\Common Files\\AOL\\1129216511\\ee\\aolsoftware.exe"="c:\\Program Files\\Common Files\\AOL\\1129216511\\ee\\aim6.exe"="c:\\Program Files\\America Online 9.0a\\waol.exe"="c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"="c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"="c:\\Program Files\\Common Files\\AOL\\1129216511\\ee\\AOLServiceHost.exe"="c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"="c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"="c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"="c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"="c:\\Program Files\\Sony\\Click to DVD 2\\CtoDvd.exe"="c:\\Program Files\\CyberLink\\PCM4Everio\\PCM4Everio.exe"="c:\\Program Files\\CyberLink\\PCM4Everio\\EverioService.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\WINDOWS\\system32\\dpvsetup.exe"="c:\\Program Files\\Google\\Google Talk\\googletalk.exe"="c:\\Program Files\\DNA\\btdna.exe"="c:\\Program Files\\AOL 9.0\\waol.exe"="c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"="c:\\WINDOWS\\system32\\fxsclnt.exe"="c:\\Drivers&Downloads\\utorrent.exe"="c:\\Program Files\\AOL 9.1\\waol.exe"="c:\\Program Files\\Real\\RealPlayer\\realplay.exe"="c:\\Program Files\\Mozilla Firefox\\firefox.exe"="c:\\WINDOWS\\system32\\lxeacoms.exe"="c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"="c:\\Documents and Settings\\Rick Ross\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"="c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"="c:\\Program Files\\Skype\\Phone\\Skype.exe"="c:\\Program Files\\iTunes\\iTunes.exe"="c:\\Program Files\\Windows iLivid Toolbar\\ToolBar\\dtUser.exe"=.R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [5/23/2011 7:25 PM 441176]R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [1/21/2011 6:04 PM 307928]R1 GearAspiSys;GearAspiSys;c:\windows\system32\drivers\GEARASPISYS.SYS [11/5/2005 11:22 AM 53412]R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1/21/2011 6:04 PM 19544]R2 lxea_device;lxea_device;c:\windows\system32\lxeacoms.exe -service --> c:\windows\system32\lxeacoms.exe -service [?]R2 lxeaCATSCustConnectService;lxeaCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxeaserv.exe [5/29/2010 1:56 PM 98984]R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1/21/2011 6:12 PM 366640]R2 QuattroInstallerService;Quattro Installer;c:\program files\M-Audio USB Quattro\Install\QuatInst.exe [2/14/2005 12:05 PM 86016]R2 SBKUPNT;SBKUPNT;c:\windows\system32\drivers\SBKUPNT.SYS [10/9/2008 12:27 PM 14976]R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [12/29/2007 12:26 PM 24652]R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1/21/2011 6:12 PM 22712]R3 USBMN2X2;M-Audio USB MidiSport 2x2;c:\windows\system32\drivers\usbmn2x2.sys [1/22/2005 6:41 PM 22304]R3 X10Hid;X10 Hid Device;c:\windows\system32\drivers\x10hid.sys [3/24/2008 2:41 PM 7040]S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/8/2010 1:04 AM 135664]S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/8/2010 1:04 AM 135664]S3 m763001b;M-Audio Quattro Base Driver;c:\windows\system32\drivers\m763001b.sys [1/22/2005 6:34 PM 9216]S3 m763001d;M-Audio Quattro Legacy Driver;c:\windows\system32\drivers\m763001d.sys [1/22/2005 6:34 PM 6656]S3 ma763001;M-Audio Quattro;c:\windows\system32\drivers\MA763001.sys [1/22/2005 6:34 PM 41856]S3 PL-40R;CASIO USB MIDI;c:\windows\system32\drivers\pl40rwdm.sys [5/3/2009 5:12 PM 18048]S3 USB22LDR;M-Audio USB MidiSport 2x2 Loader;c:\windows\system32\drivers\usb22ldr.sys [1/22/2005 6:41 PM 14272]S3 USBNS4X4;M-Audio USB Quattro Midi;c:\windows\system32\drivers\usbns4x4.sys [1/22/2005 6:34 PM 22368].[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]getPlusHelper REG_MULTI_SZ getPlusHelper.Contents of the 'Scheduled Tasks' folder.2011-05-31 c:\windows\Tasks\AppleSoftwareUpdate.job- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-12 19:34].2011-06-08 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 19:20].2011-06-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-08 08:04].2011-06-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-08 08:04].2011-06-08 c:\windows\Tasks\User_Feed_Synchronization-{A04A00E0-C5DA-4502-A5D0-ABBF91C9B966}.job- c:\windows\system32\msfeedssync.exe [2006-10-17 12:31]..------- Supplementary Scan -------.uStart Page = hxxp://www.searchqu.com/406uDefault_Search_URL = hxxp://search.msn.comuSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7IE: &AOL Toolbar Search - c:\documents and settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.htmlIE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htmIE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspxIE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.htmlTCP: DhcpNameServer = 209.18.47.61 209.18.47.62DPF: {4EC8E993-32C1-47F5-A07A-5B0574655AD4} - hxxp://us.dl1.yimg.com/download.yahoo.com/dl/controls/ysftcntr/ysftcntr_current.cabFF - ProfilePath - c:\documents and settings\Rick Ross\Application Data\Mozilla\Firefox\Profiles\fk3uq85c.default\FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/aolcom/search?invocationType=tb50-ff-aolmailtb-chromesbox-en-us&query=FF - prefs.js: browser.search.selectedEngine - Web SearchFF - prefs.js: browser.startup.homepage - hxxps://mail.google.com/mail/?zx=ea49c3qx0q9n&zx=co595wvlqlf8&shva=1#inboxFF - prefs.js: keyword.URL - hxxp://www.searchqu.com/web?src=ffb&systemid=406&q=FF - user.js: yahoo.ytff.general.dontshowhpoffer - true.- - - - ORPHANS REMOVED - - - -.Toolbar-10 - (no file)WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)MSConfigStartUp-HPHmon03 - c:\windows\system32\hphmon03.exe...**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2011-06-08 15:31Windows 5.1.2600 Service Pack 3 NTFS.scanning hidden processes ... .scanning hidden autostart entries ... .scanning hidden files ... .scan completed successfullyhidden files: 0.**************************************************************************.--------------------- DLLs Loaded Under Running Processes ---------------------.- - - - - - - > 'explorer.exe'(7328)c:\windows\system32\WININET.dllc:\windows\TEMP\logishrd\LVPrcInj01.dllc:\windows\system32\ieframe.dllc:\windows\system32\webcheck.dllc:\windows\system32\WPDShServiceObj.dllc:\program files\Common Files\aolshare\aolshcpy.dllc:\windows\system32\PortableDeviceTypes.dllc:\windows\system32\PortableDeviceApi.dll.------------------------ Other Running Processes ------------------------.c:\windows\system32\Ati2evxx.exec:\program files\Alwil Software\Avast5\AvastSvc.exec:\windows\system32\rundll32.exec:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exec:\program files\Common Files\AOL\ACS\AOLAcsd.exec:\program files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exec:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exec:\program files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exec:\windows\eHome\ehRecvr.exec:\windows\eHome\ehSched.exec:\program files\Intel\Intel Application Accelerator\iaantmon.exec:\program files\Java\jre6\bin\jqs.exec:\windows\system32\lxeacoms.exec:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEc:\program files\CyberLink\Shared Files\RichVideo.exec:\program files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exec:\program files\Sony\Sony TV Tuner Library\SMceMan.exec:\program files\Sony\VAIO Media Integrated Server\VMISrv.exec:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exec:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exec:\windows\wanmpsvc.exec:\windows\system32\MsPMSPSv.exec:\progra~1\COMMON~1\X10\Common\x10nets.exec:\windows\ehome\mcrdsvc.exec:\program files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exec:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exec:\program files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exec:\windows\system32\dllhost.exec:\windows\system32\wscntfy.exec:\program files\Sony\Sony TV Tuner Library\RM_SV.exec:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exec:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exec:\windows\SOUNDMAN.EXEc:\program files\iPod\bin\iPodService.exec:\program files\Common Files\Java\Java Update\jucheck.exe.**************************************************************************.Completion time: 2011-06-08 15:41:39 - machine was rebootedComboFix-quarantined-files.txt 2011-06-08 22:41.Pre-Run: 49,005,502,464 bytes freePost-Run: 49,267,216,384 bytes free.WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe[boot loader]timeout=2default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS[operating systems]c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdconsUnsupportedDebug="do not select this" /debugmulti(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect.- - End Of File - - 0812E71E8A4FFD68F9739483EDF68863THANK YOU!!! Link to post Share on other sites More sharing options...
Staff screen317 Posted June 11, 2011 Staff ID:439467 Share Posted June 11, 2011 Hi,Please see:HijackThis Forum PolicyWe will not be party to obvious use of key gens, cracks, warez or other illegal means of downloading software, music, videos ect. This means no P2P evidence will be supported. Logs that show these in them, will given the option to remove the P2P items. Keygens, cracks, warez and similar will have the thread closed period. It's theft and against the law.This goes for uTorrent and anything else you may have installed. Link to post Share on other sites More sharing options...
ri4 Posted June 16, 2011 Author ID:441663 Share Posted June 16, 2011 Sorry I misinterpreted your last reply and began to work on finding a remedy on my own. I have removed the utorrent which I have no use for. I am out of town frequently but hope to hear back from you and reply as quickly as I can to clean this system. Here is where things stand:My normal toolbar had been replaced with an unwanted toolbar called searchqu. Every time I opened the browser or use the searchbar, I would get an alert from Malwarebytes stating it has successfully blocked access to a potentially malicious website 202.232.22.60. I tried to use system restore to return settings to several different points before I had this problem, but the utility always stalls , reboots , then says restore was unsuccessful. I am afraid that this is an infection that will worsen over time. I also tried to several different virus, malware and spyware scans. MBAM,Avast,PCHealth,Combofix, Eusing Registry Fix and more... I even ran them in safe mode. I ran Hijackthis, but don't know what to do with it. OTL showed me some Folders that had searchqu in their names, so I deleted those. I no longer get the alert from MBAM. But now when I try to open Firefox, I get a message that Firefox is already running. I uninstalled and reinstalled Firefox, but I still cant use that browser. I am able to use Google Chrome and IE, but IE still tells me that Searchqu is my default. I know just enough to get myself in trouble so I thought I would ask you for help before I mess up something trying to fix it on my own. I hope I'm not too late. Can you please help me regain the use of System Restore and clean up whatever's bugging my computer? Another of my favorite programs called Sonar4 now gives me a error message and tells me to reinstall. I did that and I still get the same error message. I'd like to get Firefox working again, too. Thanks.ComboFix 11-06-15.02 - Rick Ross 06/15/2011 16:55:42.3.2 - x86Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1084 [GMT -7:00]Running from: c:\documents and settings\Rick Ross\My Documents\Downloads\ComboFix.exeAV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\windows\TEMP\logishrd\LVPrcInj01.dll..((((((((((((((((((((((((( Files Created from 2011-05-16 to 2011-06-16 )))))))))))))))))))))))))))))))..2011-06-15 20:13 . 2001-08-17 20:28 762780 -c--a-w- c:\windows\system32\dllcache\3cwmcru.sys2011-06-15 20:13 . 2001-08-17 21:06 11264 -c--a-w- c:\windows\system32\dllcache\1394vdbg.sys2011-06-15 19:58 . 2001-08-17 21:56 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll2011-06-15 18:48 . 2011-06-15 18:48 -------- d-----w- c:\program files\Common Files\Skype2011-06-13 06:54 . 2011-06-15 18:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype Extras2011-06-11 20:26 . 2011-06-11 20:26 -------- d-----w- c:\program files\Trend Micro2011-06-11 19:20 . 2011-06-11 20:12 -------- d-----w- c:\program files\PC Health Optimizer Free Edition2011-06-11 18:11 . 2010-07-16 21:59 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys2011-06-11 18:11 . 2010-07-16 21:59 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys2011-06-11 18:11 . 2011-01-17 16:10 251560 ----a-w- c:\windows\system32\drivers\pctgntdi.sys2011-06-11 18:11 . 2010-12-10 23:57 160448 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys2011-06-11 18:11 . 2010-12-10 20:24 239168 ----a-w- c:\windows\system32\drivers\PCTCore.sys2011-06-11 18:11 . 2010-12-16 15:46 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys2011-06-11 18:10 . 2011-06-11 18:58 -------- d-----w- c:\program files\PC Tools Security2011-06-11 18:10 . 2011-06-11 18:15 -------- d-----w- c:\program files\Common Files\PC Tools2011-06-11 18:10 . 2011-06-11 18:10 -------- d-----w- c:\documents and settings\Rick Ross\Application Data\PC Tools2011-06-11 08:50 . 2011-06-11 08:50 -------- d-----w- c:\documents and settings\Rick Ross\Application Data\SUPERAntiSpyware.com2011-06-11 08:50 . 2011-06-11 08:50 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com2011-06-11 08:49 . 2011-06-11 08:50 -------- d-----w- c:\program files\SUPERAntiSpyware2011-06-01 03:48 . 2011-06-01 03:49 -------- d-----w- C:\+to ipod2011-05-29 02:01 . 2011-06-01 17:41 -------- d-----w- C:\MOVIES2011-05-29 01:22 . 2011-05-29 01:22 -------- d-----w- c:\documents and settings\Rick Ross\Local Settings\Application Data\PackageAware2011-05-25 06:00 . 2011-05-25 06:00 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2011-05-24 02:25 . 2011-05-10 12:03 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys2011-05-18 18:36 . 2011-05-18 18:36 -------- d-----w- c:\documents and settings\Rick Ross\Application Data\Sibelius Software2011-05-18 17:52 . 2011-05-18 17:52 -------- d-----w- c:\program files\Sibelius Software...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2011-06-15 23:18 . 2005-01-25 19:08 118784 ----a-w- c:\windows\dsdxirmv.exe2011-05-29 16:11 . 2011-01-22 01:12 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2011-05-29 16:11 . 2011-01-22 01:12 22712 ----a-w- c:\windows\system32\drivers\mbam.sys2011-05-10 12:10 . 2011-01-22 01:04 40112 ----a-w- c:\windows\avastSS.scr2011-05-10 12:10 . 2011-01-22 01:04 199304 ----a-w- c:\windows\system32\aswBoot.exe2011-05-10 12:03 . 2011-01-22 01:04 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys2011-05-10 12:02 . 2011-01-22 01:04 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys2011-05-10 12:02 . 2011-01-22 01:04 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys2011-05-10 12:02 . 2011-01-22 01:04 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys2011-05-10 11:59 . 2011-01-22 01:04 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys2011-05-10 11:59 . 2011-01-22 01:04 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys2011-05-10 11:59 . 2011-01-22 01:04 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys2011-04-13 22:40 . 2011-04-13 22:40 4284416 ----a-w- c:\windows\system32\GPhotos.scr2001-10-05 19:53 . 2008-02-04 18:11 21866 ----a-w- c:\program files\Common Files\tppupd2k.dll1998-02-09 09:59 . 2005-01-29 21:24 6416 ----a-w- c:\program files\FAC_PT63.EXE2010-03-31 17:09 . 2010-03-31 17:09 10437264 ----a-w- c:\program files\mozilla firefox\plugins\PDFNetC.dll2010-04-08 19:36 . 2010-04-08 19:36 107760 ----a-w- c:\program files\mozilla firefox\plugins\ScorchPDFWrapper.dll2011-04-14 16:26 . 2011-06-12 02:51 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]@="{472083B0-C522-11CF-8763-00608CC02F24}"[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]2011-05-10 12:10 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-28 68856]"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-06-10 2424192]"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672]"SoundMan"="SOUNDMAN.EXE" [2004-07-29 77824]"sHotKey"="c:\program files\SONY\sHotKey\sHotKey.exe" [2003-08-22 45056]"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-05-10 3459712].[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160].[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL.[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]"midi1"=usbmn2x2.dll"midi4"=usbns4x4.dll"midi3"=usbns4x4.dll"midi5"=usbns4x4.dll"midi7"=usbns4x4.dll"MIDI10"=vpnt.dll.[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup.[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL 9.0 Tray-Symbol.lnk]backup=c:\windows\pss\AOL 9.0 Tray-Symbol.lnkCommon Startup.[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Image Transfer.lnk]backup=c:\windows\pss\Image Transfer.lnkCommon Startup.[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup.[HKLM\~\startupfolder\C:^Documents and Settings^Rick Ross^Start Menu^Programs^Startup^Launch Microsoft Office Outlook.lnk]backup=c:\windows\pss\Launch Microsoft Office Outlook.lnkStartup.[HKLM\~\startupfolder\C:^Documents and Settings^Rick Ross^Start Menu^Programs^Startup^M-Audio Quattro Control Panel Launcher.lnk]backup=c:\windows\pss\M-Audio Quattro Control Panel Launcher.lnkStartup.[HKLM\~\startupfolder\C:^Documents and Settings^Rick Ross^Start Menu^Programs^Startup^Picture Motion Browser Media Check Tool.lnk]backup=c:\windows\pss\Picture Motion Browser Media Check Tool.lnkStartup.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]c:\windows\system32\dumprep 0 -k [X].[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]2001-01-11 13:00 643072 ----a-w- c:\program files\Adaptec\Easy CD Creator 5\DirectCD\Directcd.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]2007-10-11 03:51 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]2008-11-06 11:42 50472 ----a-w- c:\program files\AOL 9.1\aol.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Spyware Protection]2004-10-19 00:42 79448 ----a-w- c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]2006-10-23 12:50 71216 ----a-r- c:\program files\Common Files\AOL\ACS\AOLDial.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]2010-12-15 01:17 47904 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]2004-09-29 14:15 344064 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]2008-12-19 02:03 342848 ----a-w- c:\program files\DNA\btdna.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CreateCD50].[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyLinkAdvisor]2007-03-16 02:16 454784 ----a-w- c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]2005-08-05 20:56 64512 ----a-w- c:\windows\ehome\ehtray.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EverioService]2006-11-23 04:10 151552 ------w- c:\program files\CyberLink\PCM4Everio\EverioService.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]2010-01-18 17:27 139944 ----a-w- c:\program files\Lexmark S300-S400 Series\ezprint.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]2007-01-01 21:22 3739648 ----a-w- c:\program files\Google\Google Talk\googletalk.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]2004-03-17 22:10 61952 ----a-w- c:\windows\system32\Hdaudpropshortcut.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]2007-05-25 17:16 42032 ----a-w- c:\program files\Common Files\AOL\1129216511\ee\aolsoftware.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]2003-01-31 02:55 196608 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]2004-03-23 19:16 135168 ----a-w- c:\program files\Intel\Intel Application Accelerator\IAAnotif.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]2011-01-25 23:08 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]2008-08-15 00:11 565008 ----a-w- c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxeamon.exe]2010-01-18 17:27 770728 ----a-w- c:\program files\Lexmark S300-S400 Series\lxeamon.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaFace Integration]2002-07-23 21:31 53248 ----a-w- c:\program files\Neato\MediaFACE 4.0\SetHook.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nero PhotoShow Media Manager]2006-05-10 19:52 249856 ----a-w- c:\progra~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Omnipage]2002-06-03 19:38 49152 ----a-w- c:\program files\ScanSoft\OmniPageSE\opware32.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]2010-11-30 01:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]2008-03-27 03:14 214560 ----a-w- c:\program files\Real\RealPlayer\realplay.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]2011-05-27 04:50 15147400 ----a-r- c:\program files\Skype\Phone\Skype.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sonic RecordNow!]2004-06-22 15:02 1912832 ----a-w- c:\program files\Sonic\RecordNow!\RecordNow.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]2008-05-28 02:37 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPP Auto Loader]2001-10-05 19:54 118784 ----a-w- c:\windows\tppaldr.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector v2]2004-08-28 02:22 90112 ----a-w- c:\program files\Common Files\Ulead Systems\AutoDetector\Monitor.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Update 2]2004-01-17 10:36 135168 ----a-w- c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Update 3]2007-05-16 03:46 551032 ----a-w- c:\program files\Sony\VAIO Update 3\VAIOUpdt.exe.[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\Sony\\VAIO Media Integrated Server\\Platform\\SV_Httpd.exe"="c:\\Program Files\\Sony\\VAIO Media Integrated Server\\Platform\\UPnPFramework.exe"="c:\\Program Files\\Sony\\VAIO Media Integrated Server\\Platform\\VMConsole.exe"="c:\\Program Files\\Messenger\\msmsgs.exe"="c:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"="c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="c:\\Program Files\\AOL(DE) 9.0\\waol.exe"="c:\\Program Files\\America Online 9.0\\waol.exe"="c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="c:\\Program Files\\Common Files\\AOL\\1129216511\\ee\\aolsoftware.exe"="c:\\Program Files\\Common Files\\AOL\\1129216511\\ee\\aim6.exe"="c:\\Program Files\\America Online 9.0a\\waol.exe"="c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"="c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"="c:\\Program Files\\Common Files\\AOL\\1129216511\\ee\\AOLServiceHost.exe"="c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"="c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"="c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"="c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"="c:\\Program Files\\Sony\\Click to DVD 2\\CtoDvd.exe"="c:\\Program Files\\CyberLink\\PCM4Everio\\PCM4Everio.exe"="c:\\Program Files\\CyberLink\\PCM4Everio\\EverioService.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\WINDOWS\\system32\\dpvsetup.exe"="c:\\Program Files\\Google\\Google Talk\\googletalk.exe"="c:\\Program Files\\DNA\\btdna.exe"="c:\\Program Files\\AOL 9.0\\waol.exe"="c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"="c:\\WINDOWS\\system32\\fxsclnt.exe"="c:\\Program Files\\AOL 9.1\\waol.exe"="c:\\Program Files\\Real\\RealPlayer\\realplay.exe"="c:\\Program Files\\Mozilla Firefox\\firefox.exe"="c:\\WINDOWS\\system32\\lxeacoms.exe"="c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"="c:\\Documents and Settings\\Rick Ross\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"="c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"="c:\\Program Files\\iTunes\\iTunes.exe"="c:\\Program Files\\Skype\\Phone\\Skype.exe"=.R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [6/11/2011 11:11 AM 239168]R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [6/11/2011 11:11 AM 338880]R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [6/11/2011 11:11 AM 656320]R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [5/23/2011 7:25 PM 441176]R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [1/21/2011 6:04 PM 307928]R1 GearAspiSys;GearAspiSys;c:\windows\system32\drivers\GEARASPISYS.SYS [11/5/2005 11:22 AM 53412]R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 11:41 AM 67656]R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1/21/2011 6:04 PM 19544]R2 lxea_device;lxea_device;c:\windows\system32\lxeacoms.exe -service --> c:\windows\system32\lxeacoms.exe -service [?]R2 lxeaCATSCustConnectService;lxeaCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxeaserv.exe [5/29/2010 1:56 PM 98984]R2 QuattroInstallerService;Quattro Installer;c:\program files\M-Audio USB Quattro\Install\QuatInst.exe [2/14/2005 12:05 PM 86016]R2 SBKUPNT;SBKUPNT;c:\windows\system32\drivers\SBKUPNT.SYS [10/9/2008 12:27 PM 14976]R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools Security\pctsAuxs.exe [6/11/2011 11:10 AM 366840]R3 m763001b;M-Audio Quattro Base Driver;c:\windows\system32\drivers\m763001b.sys [1/22/2005 6:34 PM 9216]R3 m763001d;M-Audio Quattro Legacy Driver;c:\windows\system32\drivers\m763001d.sys [1/22/2005 6:34 PM 6656]R3 ma763001;M-Audio Quattro;c:\windows\system32\drivers\MA763001.sys [1/22/2005 6:34 PM 41856]R3 USBMN2X2;M-Audio USB MidiSport 2x2;c:\windows\system32\drivers\usbmn2x2.sys [1/22/2005 6:41 PM 22304]R3 USBNS4X4;M-Audio USB Quattro Midi;c:\windows\system32\drivers\usbns4x4.sys [1/22/2005 6:34 PM 22368]R3 X10Hid;X10 Hid Device;c:\windows\system32\drivers\x10hid.sys [3/24/2008 2:41 PM 7040]S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/8/2010 1:04 AM 135664]S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/8/2010 1:04 AM 135664]S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1/21/2011 6:12 PM 22712]S3 PL-40R;CASIO USB MIDI;c:\windows\system32\drivers\pl40rwdm.sys [5/3/2009 5:12 PM 18048]S3 USB22LDR;M-Audio USB MidiSport 2x2 Loader;c:\windows\system32\drivers\usb22ldr.sys [1/22/2005 6:41 PM 14272]S4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1/21/2011 6:12 PM 366640]S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [12/29/2007 12:26 PM 24652].[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]getPlusHelper REG_MULTI_SZ getPlusHelper.Contents of the 'Scheduled Tasks' folder.2011-06-14 c:\windows\Tasks\AppleSoftwareUpdate.job- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-12 19:34].2011-06-16 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 19:20].2011-06-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-08 08:04].2011-06-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-08 08:04].2011-06-16 c:\windows\Tasks\User_Feed_Synchronization-{A04A00E0-C5DA-4502-A5D0-ABBF91C9B966}.job- c:\windows\system32\msfeedssync.exe [2006-10-17 12:31]..------- Supplementary Scan -------.uDefault_Search_URL = hxxp://search.msn.comuSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7IE: &AOL Toolbar Search - c:\documents and settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.htmlIE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htmIE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspxIE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.htmlLSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dllTCP: DhcpNameServer = 209.18.47.61 209.18.47.62DPF: {4EC8E993-32C1-47F5-A07A-5B0574655AD4} - hxxp://us.dl1.yimg.com/download.yahoo.com/dl/controls/ysftcntr/ysftcntr_current.cabFF - ProfilePath - c:\documents and settings\Rick Ross\Application Data\Mozilla\Firefox\Profiles\fk3uq85c.default\.- - - - ORPHANS REMOVED - - - -.ShellExecuteHooks-{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - (no file)...**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2011-06-15 22:47Windows 5.1.2600 Service Pack 3 NTFS.scanning hidden processes ... .scanning hidden autostart entries ... .scanning hidden files ... .scan completed successfullyhidden files: 0.**************************************************************************.--------------------- DLLs Loaded Under Running Processes ---------------------.- - - - - - - > 'winlogon.exe'(812)c:\windows\system32\usbns4x4.dllc:\program files\SUPERAntiSpyware\SASWINLO.DLLc:\windows\system32\WININET.dll.- - - - - - - > 'lsass.exe'(872)c:\windows\system32\usbns4x4.dllc:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll.- - - - - - - > 'explorer.exe'(5576)c:\windows\system32\WININET.dllc:\windows\system32\usbns4x4.dllc:\windows\TEMP\logishrd\LVPrcInj01.dllc:\windows\system32\ieframe.dllc:\windows\system32\webcheck.dllc:\windows\system32\WPDShServiceObj.dllc:\program files\Common Files\aolshare\aolshcpy.dllc:\program files\Common Files\PC Tools\Lsp\PCTLsp.dllc:\windows\system32\PortableDeviceTypes.dllc:\windows\system32\PortableDeviceApi.dll.------------------------ Other Running Processes ------------------------.c:\windows\system32\Ati2evxx.exec:\program files\Alwil Software\Avast5\AvastSvc.exec:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exec:\program files\Common Files\AOL\ACS\AOLAcsd.exec:\program files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exec:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exec:\program files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exec:\windows\eHome\ehRecvr.exec:\windows\eHome\ehSched.exec:\program files\Intel\Intel Application Accelerator\iaantmon.exec:\program files\Java\jre6\bin\jqs.exec:\windows\system32\lxeacoms.exec:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEc:\program files\CyberLink\Shared Files\RichVideo.exec:\program files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exec:\program files\Sony\Sony TV Tuner Library\SMceMan.exec:\program files\Sony\VAIO Media Integrated Server\VMISrv.exec:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exec:\windows\wanmpsvc.exec:\windows\system32\MsPMSPSv.exec:\windows\ehome\mcrdsvc.exec:\program files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exec:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exec:\program files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exec:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exec:\windows\system32\dllhost.exec:\program files\Sony\Sony TV Tuner Library\RM_SV.exec:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exec:\windows\system32\wscntfy.exec:\windows\SOUNDMAN.EXEc:\program files\iPod\bin\iPodService.exec:\program files\Common Files\Java\Java Update\jucheck.exe.**************************************************************************.Completion time: 2011-06-15 22:58:52 - machine was rebootedComboFix-quarantined-files.txt 2011-06-16 05:58ComboFix2.txt 2011-06-10 18:22ComboFix3.txt 2011-06-08 22:41.Pre-Run: 49,015,664,640 bytes freePost-Run: 49,032,433,664 bytes free.- - End Of File - - BF44BF383CC802E19A2A857BB355BF03.DDS (Ver_2011-06-02.03) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23Run by Rick Ross at 23:01:08 on 2011-06-15.============== Running Processes ===============.C:\WINDOWS\system32\Ati2evxx.exeC:\Program Files\Alwil Software\Avast5\AvastSvc.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exeC:\Program Files\Common Files\AOL\ACS\AOLAcsd.exeC:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exeC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\Program Files\Intel\Intel Application Accelerator\iaantmon.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxeaserv.exeC:\WINDOWS\system32\lxeacoms.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\M-Audio USB Quattro\Install\QuatInst.exeC:\Program Files\CyberLink\Shared Files\RichVideo.exeC:\Program Files\PC Tools Security\pctsAuxs.exeC:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exeC:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exeC:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exeC:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exeC:\WINDOWS\wanmpsvc.exeC:\WINDOWS\system32\MsPMSPSv.exeC:\WINDOWS\ehome\mcrdsvc.exeC:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exeC:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exeC:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exeC:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exeC:\WINDOWS\system32\dllhost.exeC:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exeC:\WINDOWS\System32\alg.exeC:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exeC:\WINDOWS\system32\wscntfy.exeC:\WINDOWS\system32\wuauclt.exeC:\WINDOWS\SOUNDMAN.EXEC:\Program Files\SONY\sHotKey\sHotKey.exeC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Alwil Software\Avast5\avastUI.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeC:\Program Files\iPod\bin\iPodService.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Common Files\Java\Java Update\jucheck.exeC:\WINDOWS\explorer.exeC:\WINDOWS\system32\notepad.exeC:\Documents and Settings\Rick Ross\My Documents\Downloads\dds.comC:\WINDOWS\system32\svchost.exe -k DcomLaunchC:\WINDOWS\system32\svchost.exe -k rpcssC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k NetworkServiceC:\WINDOWS\system32\svchost.exe -k LocalServiceC:\WINDOWS\system32\svchost.exe -k LocalServiceC:\WINDOWS\system32\svchost.exe -k LocalServiceC:\WINDOWS\system32\svchost.exe -k imgsvcC:\WINDOWS\System32\svchost.exe -k HTTPFilter.============== Pseudo HJT Report ===============.uDefault_Search_URL = hxxp://search.msn.comuSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dllBHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dllBHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dllBHO: AOL Toolbar Loader: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol toolbar\aoltb.dllBHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dllBHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dllBHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dllBHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dllBHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dllBHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dllBHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dllBHO: 1 (0x1) - No FileBHO: Lexmark Printable Web: {d2c5e510-be6d-42cc-9f61-e4f939078474} - c:\program files\lexmark printable web\bho.dllBHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dllBHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllTB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dllTB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dllTB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol toolbar\aoltb.dllTB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dllTB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dllTB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dllTB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No FileTB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No FileTB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No FileTB: {6ADB0F93-1AA5-4BCF-9DF4-CEA689A3C111} - No FileEB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No FileuRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exemRun: [VAIO Recovery] c:\windows\sonysys\vaio recovery\PartSeal.exemRun: [soundMan] SOUNDMAN.EXEmRun: [sHotKey] "c:\program files\sony\shotkey\sHotKey.exe"mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"mRun: [avast] "c:\program files\alwil software\avast5\avastUI.exe" /noguidRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -tIE: &AOL Toolbar Search - c:\documents and settings\all users\application data\aol\ietoolbar\resources\en-us\local\search.htmlIE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htmIE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspxIE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.htmlIE: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE}IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exeIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exeIE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dllIE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLLLSP: c:\program files\common files\pc tools\lsp\PCTLsp.dllDPF: {00000055-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/fhg.CABDPF: {02CF1781-EA91-4FA5-A200-646E8241987C} - hxxp://esupport.sony.com/VaioInfo.CABDPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/OAS/ActiveX/MSDcode.cabDPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cabDPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - hxxp://www.kaspersky.com/downloads/kws/kavwebscan.cabDPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cabDPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cabDPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} - hxxp://musicstore.connect.com/assets/activexplayer/SMALStreaming.cabDPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} - hxxp://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cabDPF: {474F00F5-3853-492C-AC3A-476512BBC336} - hxxp://picasaweb.google.com/s/v/32.70/uploader2.cabDPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - hxxp://aolcc.aol.com/computercheckup/qdiagcc.cabDPF: {4EC8E993-32C1-47F5-A07A-5B0574655AD4} - hxxp://us.dl1.yimg.com/download.yahoo.com/dl/controls/ysftcntr/ysftcntr_current.cabDPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cabDPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cabDPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1140818082843DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cabDPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cabDPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cabDPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cabDPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cabDPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cabTCP: DhcpNameServer = 209.18.47.61 209.18.47.62TCP: Interfaces\{C3C77818-ACF1-43AD-84ED-E3A61B2EABAF} : DhcpNameServer = 209.18.47.61 209.18.47.62Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dllHandler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLLNotify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLLSSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll.================= FIREFOX ===================.FF - ProfilePath - .============= SERVICES / DRIVERS ===============.R? gupdate;Google Update Service (gupdate)R? gupdatem;Google Update Service (gupdatem)R? MBAMProtector;MBAMProtectorR? MBAMService;MBAMServiceR? PL-40R;CASIO USB MIDIR? sdCoreService;PC Tools Security ServiceR? USB22LDR;M-Audio USB MidiSport 2x2 LoaderR? Viewpoint Manager Service;Viewpoint Manager ServiceS? aswFsBlk;aswFsBlkS? aswSnx;aswSnxS? aswSP;aswSPS? avast! Antivirus;avast! AntivirusS? GearAspiSys;GearAspiSysS? lxea_device;lxea_deviceS? lxeaCATSCustConnectService;lxeaCATSCustConnectServiceS? m763001b;M-Audio Quattro Base DriverS? m763001d;M-Audio Quattro Legacy DriverS? ma763001;M-Audio QuattroS? McrdSvc;Media Center Extender ServiceS? PCTCore;PCTools KDSS? pctDS;PC Tools Data StoreS? pctEFA;PC Tools Extended File AttributesS? QuattroInstallerService;Quattro InstallerS? SASDIFSV;SASDIFSVS? SASKUTIL;SASKUTILS? SBKUPNT;SBKUPNTS? sdAuxService;PC Tools Auxiliary ServiceS? USBMN2X2;M-Audio USB MidiSport 2x2S? USBNS4X4;M-Audio USB Quattro MidiS? X10Hid;X10 Hid Device.=============== Created Last 30 ================.2011-06-15 20:13:20 762780 -c--a-w- c:\windows\system32\dllcache\3cwmcru.sys2011-06-15 20:13:19 11264 -c--a-w- c:\windows\system32\dllcache\1394vdbg.sys2011-06-15 19:58:18 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll2011-06-13 06:54:19 -------- d-----w- c:\documents and settings\all users\application data\Skype Extras2011-06-11 20:26:29 -------- d-----w- c:\program files\Trend Micro2011-06-11 19:20:58 -------- d-----w- c:\program files\PC Health Optimizer Free Edition2011-06-11 18:11:26 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys2011-06-11 18:11:26 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys2011-06-11 18:11:24 251560 ----a-w- c:\windows\system32\drivers\pctgntdi.sys2011-06-11 18:11:18 239168 ----a-w- c:\windows\system32\drivers\PCTCore.sys2011-06-11 18:11:18 160448 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys2011-06-11 18:11:06 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys2011-06-11 18:10:53 -------- d-----w- c:\program files\PC Tools Security2011-06-11 18:10:53 -------- d-----w- c:\program files\common files\PC Tools2011-06-11 18:10:53 -------- d-----w- c:\documents and settings\rick ross\application data\PC Tools2011-06-11 08:50:19 -------- d-----w- c:\documents and settings\rick ross\application data\SUPERAntiSpyware.com2011-06-11 08:50:19 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com2011-06-11 08:49:52 -------- d-----w- c:\program files\SUPERAntiSpyware2011-06-08 22:02:00 -------- d-sha-r- C:\cmdcons2011-06-08 21:57:29 98816 ----a-w- c:\windows\sed.exe2011-06-08 21:57:29 518144 ----a-w- c:\windows\SWREG.exe2011-06-08 21:57:29 256512 ----a-w- c:\windows\PEV.exe2011-06-08 21:57:29 208896 ----a-w- c:\windows\MBR.exe2011-06-02 05:57:49 -------- d--h--w- c:\documents and settings\rick ross\Recent(3)2011-06-01 23:00:48 -------- d--h--w- c:\documents and settings\rick ross\Recent(2)2011-06-01 03:48:08 -------- d-----w- C:\+to ipod2011-05-29 02:01:12 -------- d-----w- C:\MOVIES2011-05-29 01:22:04 -------- d-----w- c:\documents and settings\rick ross\local settings\application data\PackageAware2011-05-25 06:00:27 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2011-05-24 02:25:10 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys2011-05-18 18:36:02 -------- d-----w- c:\documents and settings\rick ross\application data\Sibelius Software2011-05-18 17:52:10 -------- d-----w- c:\program files\Sibelius Software.==================== Find3M ====================.2011-06-15 23:18:51 118784 ----a-w- c:\windows\dsdxirmv.exe2011-05-29 16:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2011-05-29 16:11:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys2011-05-10 12:10:59 40112 ----a-w- c:\windows\avastSS.scr2011-04-13 22:40:10 4284416 ----a-w- c:\windows\system32\GPhotos.scr2001-10-05 19:53:04 21866 ----a-w- c:\program files\common files\tppupd2k.dll1998-02-09 09:59:18 6416 ----a-w- c:\program files\FAC_PT63.EXE.============= FINISH: 23:08:13.34 ===============Malwarebytes' Anti-Malware 1.51.0.1200www.malwarebytes.orgDatabase version: 6863Windows 5.1.2600 Service Pack 3Internet Explorer 8.0.6001.187026/15/2011 4:38:36 PMmbam-log-2011-06-15 (16-38-36).txtScan type: Quick scanObjects scanned: 186109Time elapsed: 10 minute(s), 38 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected) Link to post Share on other sites More sharing options...
Staff screen317 Posted June 19, 2011 Staff ID:442903 Share Posted June 19, 2011 Hi,Please download SystemLook from one of the links below and save it to your Desktop.Download Mirror #1Download Mirror #2Double-click SystemLook.exe to run it.Copy the content of the following codebox into the main textfield::regfindsearchqu:fildfindsearchquClick the Look button to start the scan.When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.Note: The log can also be found on your Desktop entitled SystemLook.txt Link to post Share on other sites More sharing options...
ri4 Posted June 20, 2011 Author ID:443561 Share Posted June 20, 2011 Thank You Chris,Here is the SystemLook log:SystemLook 04.09.10 by jpshortstuffLog created at 13:36 on 20/06/2011 by Rick RossAdministrator - Elevation successful========== regfind ==========Searching for "searchqu"[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}]"URL"="http://www.searchqu.com/web?src=ieb&systemid=406&q={searchTerms}"[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}]"SuggestionsURL_JSON"="http://www.searchqu.com/suggest.php?src=ieb&systemid=406&qu={searchTerms}&ft=json"[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard\CurVer]@="SearchQUIEHelper.UrlHelper.1"[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}\1.0]@="SearchQUIEBHO 1.0 Type Library"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}]"URL"="http://www.searchqu.com/web?src=ieb&systemid=406&q={searchTerms}"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}]"SuggestionsURL_JSON"="http://www.searchqu.com/suggest.php?src=ieb&systemid=406&qu={searchTerms}&ft=json"[HKEY_USERS\S-1-5-21-3601482034-2425735451-1963320471-1004\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}]"URL"="http://www.searchqu.com/web?src=ieb&systemid=406&q={searchTerms}"[HKEY_USERS\S-1-5-21-3601482034-2425735451-1963320471-1004\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}]"SuggestionsURL_JSON"="http://www.searchqu.com/suggest.php?src=ieb&systemid=406&qu={searchTerms}&ft=json"Invalid Context: fildfindNo Context: searchqu-= EOF =- Link to post Share on other sites More sharing options...
Staff screen317 Posted June 23, 2011 Staff ID:444566 Share Posted June 23, 2011 I made a mistake in the script. Try this one please instead::regfindsearchqu:filefindsearchqu Link to post Share on other sites More sharing options...
ri4 Posted June 23, 2011 Author ID:444768 Share Posted June 23, 2011 OK here you go.. ThanksSystemLook 04.09.10 by jpshortstuffLog created at 10:32 on 23/06/2011 by Rick RossAdministrator - Elevation successful========== regfind ==========Searching for "searchqu"[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}]"URL"="http://www.searchqu.com/web?src=ieb&systemid=406&q={searchTerms}"[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}]"SuggestionsURL_JSON"="http://www.searchqu.com/suggest.php?src=ieb&systemid=406&qu={searchTerms}&ft=json"[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard\CurVer]@="SearchQUIEHelper.UrlHelper.1"[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1][HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}\1.0]@="SearchQUIEBHO 1.0 Type Library"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}]"URL"="http://www.searchqu.com/web?src=ieb&systemid=406&q={searchTerms}"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}]"SuggestionsURL_JSON"="http://www.searchqu.com/suggest.php?src=ieb&systemid=406&qu={searchTerms}&ft=json"[HKEY_USERS\S-1-5-21-3601482034-2425735451-1963320471-1004\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}]"URL"="http://www.searchqu.com/web?src=ieb&systemid=406&q={searchTerms}"[HKEY_USERS\S-1-5-21-3601482034-2425735451-1963320471-1004\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}]"SuggestionsURL_JSON"="http://www.searchqu.com/suggest.php?src=ieb&systemid=406&qu={searchTerms}&ft=json"========== filefind ==========Searching for "searchqu"No files found.-= EOF =- Link to post Share on other sites More sharing options...
Staff screen317 Posted June 27, 2011 Staff ID:446094 Share Posted June 27, 2011 Hi,Please delete your copy of ComboFix, download the latest version from here, and save it to your Desktop. Do not run it yet.Next, please open Notepad - don't use any other text editor than notepad or the script will fail.Copy/paste the text in the box below into Notepad:Registry::[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}][-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard][-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1][-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}][-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}][-HKEY_USERS\S-1-5-21-3601482034-2425735451-1963320471-1004\Software\Microsoft\Internet Explorer\SearchScopes\{8A96AF9E-4074-43b7-BEA3-87217BDA7406}][HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]"SuggestionsURLFallback"="http://api.bing.com/qsml.aspx?query={searchTerms}&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}§ionHeight={ie:sectionHeight}&FORM=IE8SSC&market={language}""FaviconURLFallback"="http://www.bing.com/favicon.ico""FaviconPath"="C:\\Users\\screen317\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico""DisplayName"="Bing""URL"="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC""TopResultURLFallback"="http://www.bing.com/search?q={searchTerms}&src=ie9tr"[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}]"SuggestionsURLFallback"="http://api.bing.com/qsml.aspx?query={searchTerms}&maxwidth={ie:maxWidth}&rowheight={ie:rowHeight}§ionHeight={ie:sectionHeight}&FORM=IE8SSC&market={language}""FaviconURLFallback"="http://www.bing.com/favicon.ico""FaviconPath"="C:\\Users\\screen317\\AppData\\LocalLow\\Microsoft\\Internet Explorer\\Services\\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico""DisplayName"="Bing""URL"="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC""TopResultURLFallback"="http://www.bing.com/search?q={searchTerms}&src=ie9tr"Save this as CFScript Then drag the CFScript into ComboFix.exe as you see in the screenshot below.This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new DDS log.-screen317 Link to post Share on other sites More sharing options...
ri4 Posted June 27, 2011 Author ID:446143 Share Posted June 27, 2011 ComboFix 11-06-26.01 - Rick Ross 06/26/2011 23:02:24.4.2 - x86Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2047.1408 [GMT -7:00]Running from: c:\documents and settings\Rick Ross\Desktop\ComboFix.exeCommand switches used :: c:\documents and settings\Rick Ross\Desktop\CFScript.txtAV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}..((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))..c:\windows\TEMP\logishrd\LVPrcInj01.dllN:\AUTORUN.INF..((((((((((((((((((((((((( Files Created from 2011-05-27 to 2011-06-27 )))))))))))))))))))))))))))))))..2011-06-15 23:12 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys2011-06-15 20:13 . 2001-08-17 20:28 762780 -c--a-w- c:\windows\system32\dllcache\3cwmcru.sys2011-06-15 20:13 . 2001-08-17 21:06 11264 -c--a-w- c:\windows\system32\dllcache\1394vdbg.sys2011-06-15 19:58 . 2001-08-17 21:56 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll2011-06-15 18:48 . 2011-06-15 18:48 -------- d-----w- c:\program files\Common Files\Skype2011-06-13 06:54 . 2011-06-15 18:48 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype Extras2011-06-11 20:26 . 2011-06-11 20:26 -------- d-----w- c:\program files\Trend Micro2011-06-11 19:20 . 2011-06-11 20:12 -------- d-----w- c:\program files\PC Health Optimizer Free Edition2011-06-11 18:11 . 2010-07-16 21:59 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys2011-06-11 18:11 . 2010-07-16 21:59 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys2011-06-11 18:11 . 2011-01-17 16:10 251560 ----a-w- c:\windows\system32\drivers\pctgntdi.sys2011-06-11 18:11 . 2010-12-10 23:57 160448 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys2011-06-11 18:11 . 2010-12-10 20:24 239168 ----a-w- c:\windows\system32\drivers\PCTCore.sys2011-06-11 18:11 . 2010-12-16 15:46 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys2011-06-11 18:10 . 2011-06-11 18:58 -------- d-----w- c:\program files\PC Tools Security2011-06-11 18:10 . 2011-06-11 18:15 -------- d-----w- c:\program files\Common Files\PC Tools2011-06-11 18:10 . 2011-06-11 18:10 -------- d-----w- c:\documents and settings\Rick Ross\Application Data\PC Tools2011-06-11 08:50 . 2011-06-11 08:50 -------- d-----w- c:\documents and settings\Rick Ross\Application Data\SUPERAntiSpyware.com2011-06-11 08:50 . 2011-06-11 08:50 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com2011-06-11 08:49 . 2011-06-11 08:50 -------- d-----w- c:\program files\SUPERAntiSpyware2011-06-01 03:48 . 2011-06-01 03:49 -------- d-----w- C:\+to ipod2011-05-29 02:01 . 2011-06-01 17:41 -------- d-----w- C:\MOVIES2011-05-29 01:22 . 2011-05-29 01:22 -------- d-----w- c:\documents and settings\Rick Ross\Local Settings\Application Data\PackageAware...(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2011-06-15 23:18 . 2005-01-25 19:08 118784 ----a-w- c:\windows\dsdxirmv.exe2011-05-29 16:11 . 2011-01-22 01:12 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2011-05-29 16:11 . 2011-01-22 01:12 22712 ----a-w- c:\windows\system32\drivers\mbam.sys2011-05-25 06:00 . 2011-05-25 06:00 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2011-05-10 12:10 . 2011-01-22 01:04 40112 ----a-w- c:\windows\avastSS.scr2011-05-10 12:10 . 2011-01-22 01:04 199304 ----a-w- c:\windows\system32\aswBoot.exe2011-05-10 12:03 . 2011-05-24 02:25 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys2011-05-10 12:03 . 2011-01-22 01:04 307928 ----a-w- c:\windows\system32\drivers\aswSP.sys2011-05-10 12:02 . 2011-01-22 01:04 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys2011-05-10 12:02 . 2011-01-22 01:04 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys2011-05-10 12:02 . 2011-01-22 01:04 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys2011-05-10 11:59 . 2011-01-22 01:04 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys2011-05-10 11:59 . 2011-01-22 01:04 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys2011-05-10 11:59 . 2011-01-22 01:04 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys2011-05-02 15:31 . 2004-09-28 20:04 692736 ----a-w- c:\windows\system32\inetcomm.dll2011-04-29 16:19 . 2004-09-28 19:54 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys2011-04-25 16:11 . 2004-09-28 19:54 916480 ----a-w- c:\windows\system32\wininet.dll2011-04-25 16:11 . 2004-09-28 19:54 43520 ----a-w- c:\windows\system32\licmgr10.dll2011-04-25 16:11 . 2004-09-28 19:54 1469440 ----a-w- c:\windows\system32\inetcpl.cpl2011-04-25 12:01 . 2004-09-28 19:54 385024 ----a-w- c:\windows\system32\html.iec2011-04-21 13:37 . 2004-09-28 19:54 105472 ----a-w- c:\windows\system32\drivers\mup.sys2011-04-13 22:40 . 2011-04-13 22:40 4284416 ----a-w- c:\windows\system32\GPhotos.scr2001-10-05 19:53 . 2008-02-04 18:11 21866 ----a-w- c:\program files\Common Files\tppupd2k.dll1998-02-09 09:59 . 2005-01-29 21:24 6416 ----a-w- c:\program files\FAC_PT63.EXE2010-03-31 17:09 . 2010-03-31 17:09 10437264 ----a-w- c:\program files\mozilla firefox\plugins\PDFNetC.dll2010-04-08 19:36 . 2010-04-08 19:36 107760 ----a-w- c:\program files\mozilla firefox\plugins\ScorchPDFWrapper.dll2011-04-14 16:26 . 2011-06-12 02:51 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll..((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4.[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]@="{472083B0-C522-11CF-8763-00608CC02F24}"[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]2011-05-10 12:10 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll.[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-28 68856]"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-06-10 2424192]"AOL Fast Start"="c:\program files\AOL 9.1\AOL.EXE" [2008-11-06 50472]"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360].[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"VAIO Recovery"="c:\windows\Sonysys\VAIO Recovery\PartSeal.exe" [2003-04-20 28672]"SoundMan"="SOUNDMAN.EXE" [2004-07-29 77824]"sHotKey"="c:\program files\SONY\sHotKey\sHotKey.exe" [2003-08-22 45056]"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-01-25 421160]"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-05-10 3459712].[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160].[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL.[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]"midi1"=usbmn2x2.dll"midi4"=usbns4x4.dll"midi3"=usbns4x4.dll"midi5"=usbns4x4.dll"midi7"=usbns4x4.dll"MIDI10"=vpnt.dll.[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup.[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AOL 9.0 Tray-Symbol.lnk]backup=c:\windows\pss\AOL 9.0 Tray-Symbol.lnkCommon Startup.[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Image Transfer.lnk]backup=c:\windows\pss\Image Transfer.lnkCommon Startup.[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^WinZip Quick Pick.lnk]backup=c:\windows\pss\WinZip Quick Pick.lnkCommon Startup.[HKLM\~\startupfolder\C:^Documents and Settings^Rick Ross^Start Menu^Programs^Startup^Launch Microsoft Office Outlook.lnk]backup=c:\windows\pss\Launch Microsoft Office Outlook.lnkStartup.[HKLM\~\startupfolder\C:^Documents and Settings^Rick Ross^Start Menu^Programs^Startup^M-Audio Quattro Control Panel Launcher.lnk]backup=c:\windows\pss\M-Audio Quattro Control Panel Launcher.lnkStartup.[HKLM\~\startupfolder\C:^Documents and Settings^Rick Ross^Start Menu^Programs^Startup^Picture Motion Browser Media Check Tool.lnk]backup=c:\windows\pss\Picture Motion Browser Media Check Tool.lnkStartup.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]c:\windows\system32\dumprep 0 -k [X].[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdaptecDirectCD]2001-01-11 13:00 643072 ----a-w- c:\program files\Adaptec\Easy CD Creator 5\DirectCD\Directcd.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]2007-10-11 03:51 39792 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]2008-11-06 11:42 50472 ----a-w- c:\program files\AOL 9.1\aol.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Spyware Protection]2004-10-19 00:42 79448 ----a-w- c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]2006-10-23 12:50 71216 ----a-r- c:\program files\Common Files\AOL\ACS\AOLDial.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]2010-12-15 01:17 47904 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIPTA]2004-09-29 14:15 344064 ----a-w- c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]2008-12-19 02:03 342848 ----a-w- c:\program files\DNA\btdna.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CreateCD50].[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]2008-04-14 00:12 15360 ----a-w- c:\windows\system32\ctfmon.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EasyLinkAdvisor]2007-03-16 02:16 454784 ----a-w- c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ehTray]2005-08-05 20:56 64512 ----a-w- c:\windows\ehome\ehtray.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EverioService]2006-11-23 04:10 151552 ------w- c:\program files\CyberLink\PCM4Everio\EverioService.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EzPrint]2010-01-18 17:27 139944 ----a-w- c:\program files\Lexmark S300-S400 Series\ezprint.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\googletalk]2007-01-01 21:22 3739648 ----a-w- c:\program files\Google\Google Talk\googletalk.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\High Definition Audio Property Page Shortcut]2004-03-17 22:10 61952 ----a-w- c:\windows\system32\Hdaudpropshortcut.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]2007-05-25 17:16 42032 ----a-w- c:\program files\Common Files\AOL\1129216511\ee\aolsoftware.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]2003-01-31 02:55 196608 ----a-w- c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IAAnotif]2004-03-23 19:16 135168 ----a-w- c:\program files\Intel\Intel Application Accelerator\IAAnotif.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]2011-01-25 23:08 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechCommunicationsManager]2008-08-15 00:11 565008 ----a-w- c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxeamon.exe]2010-01-18 17:27 770728 ----a-w- c:\program files\Lexmark S300-S400 Series\lxeamon.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaFace Integration]2002-07-23 21:31 53248 ----a-w- c:\program files\Neato\MediaFACE 4.0\SetHook.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nero PhotoShow Media Manager]2006-05-10 19:52 249856 ----a-w- c:\progra~1\Nero\NEROPH~1\data\Xtras\mssysmgr.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Omnipage]2002-06-03 19:38 49152 ----a-w- c:\program files\ScanSoft\OmniPageSE\opware32.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]2010-11-30 01:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]2008-03-27 03:14 214560 ----a-w- c:\program files\Real\RealPlayer\realplay.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]2011-05-27 04:50 15147400 ----a-r- c:\program files\Skype\Phone\Skype.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sonic RecordNow!]2004-06-22 15:02 1912832 ----a-w- c:\program files\Sonic\RecordNow!\RecordNow.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]2008-05-28 02:37 68856 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPP Auto Loader]2001-10-05 19:54 118784 ----a-w- c:\windows\tppaldr.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Ulead AutoDetector v2]2004-08-28 02:22 90112 ----a-w- c:\program files\Common Files\Ulead Systems\AutoDetector\Monitor.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Update 2]2004-01-17 10:36 135168 ----a-w- c:\program files\Sony\VAIO Update 2\VAIOUpdt.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIO Update 3]2007-05-16 03:46 551032 ----a-w- c:\program files\Sony\VAIO Update 3\VAIOUpdt.exe.[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\{0228e555-4f9c-4e35-a3ec-b109a192b4c2}]2005-07-15 21:48 479232 ----a-w- c:\program files\Google\Gmail Notifier\gnotify.exe.[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]"%windir%\\system32\\sessmgr.exe"="c:\\Program Files\\Sony\\VAIO Media Integrated Server\\Platform\\SV_Httpd.exe"="c:\\Program Files\\Sony\\VAIO Media Integrated Server\\Platform\\UPnPFramework.exe"="c:\\Program Files\\Sony\\VAIO Media Integrated Server\\Platform\\VMConsole.exe"="c:\\Program Files\\Messenger\\msmsgs.exe"="c:\\Program Files\\Common Files\\AOL\\ACS\\AOLAcsd.exe"="c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"="c:\\Program Files\\AOL(DE) 9.0\\waol.exe"="c:\\Program Files\\America Online 9.0\\waol.exe"="c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"="c:\\Program Files\\Common Files\\AOL\\1129216511\\ee\\aolsoftware.exe"="c:\\Program Files\\Common Files\\AOL\\1129216511\\ee\\aim6.exe"="c:\\Program Files\\America Online 9.0a\\waol.exe"="c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"="c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"="c:\\Program Files\\Common Files\\AOL\\1129216511\\ee\\AOLServiceHost.exe"="c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"="c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\AOLSP Scheduler.exe"="c:\\Program Files\\Common Files\\AOL\\AOL Spyware Protection\\asp.exe"="c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"="c:\\Program Files\\Sony\\Click to DVD 2\\CtoDvd.exe"="c:\\Program Files\\CyberLink\\PCM4Everio\\PCM4Everio.exe"="c:\\Program Files\\CyberLink\\PCM4Everio\\EverioService.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe"="c:\\WINDOWS\\system32\\dpvsetup.exe"="c:\\Program Files\\Google\\Google Talk\\googletalk.exe"="c:\\Program Files\\DNA\\btdna.exe"="c:\\Program Files\\AOL 9.0\\waol.exe"="c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"="c:\\WINDOWS\\system32\\fxsclnt.exe"="c:\\Program Files\\AOL 9.1\\waol.exe"="c:\\Program Files\\Real\\RealPlayer\\realplay.exe"="c:\\Program Files\\Mozilla Firefox\\firefox.exe"="c:\\WINDOWS\\system32\\lxeacoms.exe"="c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"="c:\\Documents and Settings\\Rick Ross\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"="c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"="c:\\Program Files\\iTunes\\iTunes.exe"="c:\\Program Files\\Skype\\Phone\\Skype.exe"=.R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [6/11/2011 11:11 AM 239168]R0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [6/11/2011 11:11 AM 338880]R0 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA.sys [6/11/2011 11:11 AM 656320]R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [5/23/2011 7:25 PM 441176]R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [1/21/2011 6:04 PM 307928]R1 GearAspiSys;GearAspiSys;c:\windows\system32\drivers\GEARASPISYS.SYS [11/5/2005 11:22 AM 53412]R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 11:41 AM 67656]R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [1/21/2011 6:04 PM 19544]R2 lxea_device;lxea_device;c:\windows\system32\lxeacoms.exe -service --> c:\windows\system32\lxeacoms.exe -service [?]R2 lxeaCATSCustConnectService;lxeaCATSCustConnectService;c:\windows\system32\spool\drivers\w32x86\3\lxeaserv.exe [5/29/2010 1:56 PM 98984]R2 QuattroInstallerService;Quattro Installer;c:\program files\M-Audio USB Quattro\Install\QuatInst.exe [2/14/2005 12:05 PM 86016]R2 SBKUPNT;SBKUPNT;c:\windows\system32\drivers\SBKUPNT.SYS [10/9/2008 12:27 PM 14976]R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools Security\pctsAuxs.exe [6/11/2011 11:10 AM 366840]R3 USBMN2X2;M-Audio USB MidiSport 2x2;c:\windows\system32\drivers\usbmn2x2.sys [1/22/2005 6:41 PM 22304]R3 X10Hid;X10 Hid Device;c:\windows\system32\drivers\x10hid.sys [3/24/2008 2:41 PM 7040]S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/8/2010 1:04 AM 135664]S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2/8/2010 1:04 AM 135664]S3 m763001b;M-Audio Quattro Base Driver;c:\windows\system32\drivers\m763001b.sys [1/22/2005 6:34 PM 9216]S3 m763001d;M-Audio Quattro Legacy Driver;c:\windows\system32\drivers\m763001d.sys [1/22/2005 6:34 PM 6656]S3 ma763001;M-Audio Quattro;c:\windows\system32\drivers\MA763001.sys [1/22/2005 6:34 PM 41856]S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [1/21/2011 6:12 PM 22712]S3 PL-40R;CASIO USB MIDI;c:\windows\system32\drivers\pl40rwdm.sys [5/3/2009 5:12 PM 18048]S3 USB22LDR;M-Audio USB MidiSport 2x2 Loader;c:\windows\system32\drivers\usb22ldr.sys [1/22/2005 6:41 PM 14272]S3 USBNS4X4;M-Audio USB Quattro Midi;c:\windows\system32\drivers\usbns4x4.sys [1/22/2005 6:34 PM 22368]S4 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [1/21/2011 6:12 PM 366640]S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [12/29/2007 12:26 PM 24652].[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]getPlusHelper REG_MULTI_SZ getPlusHelper.Contents of the 'Scheduled Tasks' folder.2011-06-21 c:\windows\Tasks\AppleSoftwareUpdate.job- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-04-12 19:34].2011-06-27 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 19:20].2011-06-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-08 08:04].2011-06-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-08 08:04].2011-06-27 c:\windows\Tasks\User_Feed_Synchronization-{A04A00E0-C5DA-4502-A5D0-ABBF91C9B966}.job- c:\windows\system32\msfeedssync.exe [2006-10-17 12:31]..------- Supplementary Scan -------.uDefault_Search_URL = hxxp://search.msn.comuSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7IE: &AOL Toolbar Search - c:\documents and settings\All Users\Application Data\AOL\ieToolbar\resources\en-US\local\search.htmlIE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htmIE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspxIE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.htmlLSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dllTCP: DhcpNameServer = 209.18.47.61 209.18.47.62DPF: {4EC8E993-32C1-47F5-A07A-5B0574655AD4} - hxxp://us.dl1.yimg.com/download.yahoo.com/dl/controls/ysftcntr/ysftcntr_current.cabFF - ProfilePath - ..**************************************************************************.catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2011-06-26 23:29Windows 5.1.2600 Service Pack 3 NTFS.scanning hidden processes ... .scanning hidden autostart entries ... .scanning hidden files ... .scan completed successfullyhidden files: 0.**************************************************************************.--------------------- DLLs Loaded Under Running Processes ---------------------.- - - - - - - > 'winlogon.exe'(828)c:\program files\SUPERAntiSpyware\SASWINLO.DLLc:\windows\system32\WININET.dll.- - - - - - - > 'lsass.exe'(884)c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll.- - - - - - - > 'explorer.exe'(4188)c:\windows\system32\WININET.dllc:\windows\TEMP\logishrd\LVPrcInj01.dllc:\windows\system32\ieframe.dllc:\windows\system32\webcheck.dllc:\windows\system32\WPDShServiceObj.dllc:\program files\Common Files\aolshare\aolshcpy.dllc:\program files\Common Files\PC Tools\Lsp\PCTLsp.dllc:\windows\system32\PortableDeviceTypes.dllc:\windows\system32\PortableDeviceApi.dll.------------------------ Other Running Processes ------------------------.c:\windows\system32\Ati2evxx.exec:\program files\Alwil Software\Avast5\AvastSvc.exec:\program files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exec:\program files\Common Files\AOL\ACS\AOLAcsd.exec:\program files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exec:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exec:\program files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exec:\windows\eHome\ehRecvr.exec:\windows\eHome\ehSched.exec:\program files\Intel\Intel Application Accelerator\iaantmon.exec:\program files\Java\jre6\bin\jqs.exec:\windows\system32\lxeacoms.exec:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEc:\program files\CyberLink\Shared Files\RichVideo.exec:\program files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exec:\program files\Sony\Sony TV Tuner Library\SMceMan.exec:\program files\Sony\VAIO Media Integrated Server\VMISrv.exec:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exec:\windows\wanmpsvc.exec:\windows\system32\MsPMSPSv.exec:\windows\ehome\mcrdsvc.exec:\program files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exec:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exec:\program files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exec:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exec:\windows\system32\dllhost.exec:\program files\Sony\Sony TV Tuner Library\RM_SV.exec:\windows\system32\wscntfy.exec:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exec:\windows\SOUNDMAN.EXEc:\program files\AOL 9.1\waol.exec:\program files\iPod\bin\iPodService.exec:\program files\Common Files\Java\Java Update\jucheck.exec:\program files\AOL 9.1\shellmon.exe.**************************************************************************.Completion time: 2011-06-26 23:44:15 - machine was rebootedComboFix-quarantined-files.txt 2011-06-27 06:44ComboFix2.txt 2011-06-16 05:58ComboFix3.txt 2011-06-10 18:22ComboFix4.txt 2011-06-08 22:41.Pre-Run: 47,897,325,568 bytes freePost-Run: 47,928,807,424 bytes free.- - End Of File - - C11DF9AE6079668A354E2E2005A3B024.DDS (Ver_2011-06-02.03) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_23Run by Rick Ross at 23:45:32 on 2011-06-26.============== Running Processes ===============.C:\WINDOWS\system32\Ati2evxx.exeC:\Program Files\Alwil Software\Avast5\AvastSvc.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exeC:\Program Files\Common Files\AOL\ACS\AOLAcsd.exeC:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exeC:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\Program Files\Intel\Intel Application Accelerator\iaantmon.exeC:\Program Files\Java\jre6\bin\jqs.exeC:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxeaserv.exeC:\WINDOWS\system32\lxeacoms.exeC:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXEC:\Program Files\M-Audio USB Quattro\Install\QuatInst.exeC:\Program Files\CyberLink\Shared Files\RichVideo.exeC:\Program Files\PC Tools Security\pctsAuxs.exeC:\Program Files\Common Files\Sony Shared\WMPlugIn\SonicStageMonitoring.exeC:\Program Files\Sony\Sony TV Tuner Library\SMceMan.exeC:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exeC:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exeC:\WINDOWS\wanmpsvc.exeC:\WINDOWS\system32\MsPMSPSv.exeC:\WINDOWS\ehome\mcrdsvc.exeC:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exeC:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exeC:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exeC:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exeC:\WINDOWS\system32\dllhost.exeC:\Program Files\Sony\Sony TV Tuner Library\RM_SV.exeC:\WINDOWS\System32\alg.exeC:\WINDOWS\system32\wscntfy.exeC:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exeC:\WINDOWS\SOUNDMAN.EXEC:\Program Files\SONY\sHotKey\sHotKey.exeC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Alwil Software\Avast5\avastUI.exeC:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exeC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeC:\Program Files\AOL 9.1\waol.exeC:\Program Files\iPod\bin\iPodService.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\Common Files\Java\Java Update\jucheck.exeC:\Program Files\AOL 9.1\shellmon.exeC:\WINDOWS\explorer.exeC:\WINDOWS\system32\notepad.exeC:\Documents and Settings\Rick Ross\Desktop\dds.comC:\WINDOWS\system32\svchost.exe -k DcomLaunchC:\WINDOWS\system32\svchost.exe -k rpcssC:\WINDOWS\System32\svchost.exe -k netsvcsC:\WINDOWS\system32\svchost.exe -k NetworkServiceC:\WINDOWS\system32\svchost.exe -k LocalServiceC:\WINDOWS\system32\svchost.exe -k LocalServiceC:\WINDOWS\system32\svchost.exe -k LocalServiceC:\WINDOWS\system32\svchost.exe -k imgsvcC:\WINDOWS\System32\svchost.exe -k HTTPFilter.============== Pseudo HJT Report ===============.uDefault_Search_URL = hxxp://search.msn.comuSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dllBHO: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dllBHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dllBHO: AOL Toolbar Loader: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol toolbar\aoltb.dllBHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dllBHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dllBHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dllBHO: AcroIEToolbarHelper Class: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dllBHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dllBHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.6406.1642\swg.dllBHO: Windows Live Toolbar Helper: {bdbd1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dllBHO: 1 (0x1) - No FileBHO: Lexmark Printable Web: {d2c5e510-be6d-42cc-9f61-e4f939078474} - c:\program files\lexmark printable web\bho.dllBHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dllBHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dllTB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 6.0\acrobat\AcroIEFavClient.dllTB: Windows Live Toolbar: {bdad1dad-c946-4a17-adc1-64b5b4ff55d0} - c:\program files\windows live toolbar\msntb.dllTB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol toolbar\aoltb.dllTB: Lexmark Toolbar: {1017a80c-6f09-4548-a84d-edd6ac9525f0} - c:\program files\lexmark toolbar\toolband.dllTB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dllTB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\alwil software\avast5\aswWebRepIE.dllTB: {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No FileTB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No FileTB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No FileTB: {6ADB0F93-1AA5-4BCF-9DF4-CEA689A3C111} - No FileEB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No FileuRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"uRun: [sUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exeuRun: [AOL Fast Start] "c:\program files\aol 9.1\AOL.EXE" -bmRun: [VAIO Recovery] c:\windows\sonysys\vaio recovery\PartSeal.exemRun: [soundMan] SOUNDMAN.EXEmRun: [sHotKey] "c:\program files\sony\shotkey\sHotKey.exe"mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"mRun: [avast] "c:\program files\alwil software\avast5\avastUI.exe" /noguidRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -tIE: &AOL Toolbar Search - c:\documents and settings\all users\application data\aol\ietoolbar\resources\en-us\local\search.htmlIE: &Windows Live Search - c:\program files\windows live toolbar\msntb.dll/search.htmIE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200IE: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspxIE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.htmlIE: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE}IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE}IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exeIE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exeIE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dllIE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office11\REFIEBAR.DLLLSP: c:\program files\common files\pc tools\lsp\PCTLsp.dllDPF: {00000055-9980-0010-8000-00AA00389B71} - hxxp://codecs.microsoft.com/codecs/i386/fhg.CABDPF: {02CF1781-EA91-4FA5-A200-646E8241987C} - hxxp://esupport.sony.com/VaioInfo.CABDPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} - hxxps://support.microsoft.com/OAS/ActiveX/MSDcode.cabDPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cabDPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} - hxxp://www.kaspersky.com/downloads/kws/kavwebscan.cabDPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cabDPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cabDPF: {341FF14B-00CB-49F5-A427-A164DF1D5E1F} - hxxp://musicstore.connect.com/assets/activexplayer/SMALStreaming.cabDPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} - hxxp://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cabDPF: {474F00F5-3853-492C-AC3A-476512BBC336} - hxxp://picasaweb.google.com/s/v/32.70/uploader2.cabDPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} - hxxp://aolcc.aol.com/computercheckup/qdiagcc.cabDPF: {4EC8E993-32C1-47F5-A07A-5B0574655AD4} - hxxp://us.dl1.yimg.com/download.yahoo.com/dl/controls/ysftcntr/ysftcntr_current.cabDPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w2/pr02/resources/MSNPUpld.cabDPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cabDPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1140818082843DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cabDPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cabDPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} - hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cabDPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cabDPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cabDPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cabTCP: DhcpNameServer = 209.18.47.61 209.18.47.62TCP: Interfaces\{C3C77818-ACF1-43AD-84ED-E3A61B2EABAF} : DhcpNameServer = 209.18.47.61 209.18.47.62Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dllHandler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLLNotify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLLSSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll.================= FIREFOX ===================.FF - ProfilePath - .============= SERVICES / DRIVERS ===============.R? gupdate;Google Update Service (gupdate)R? gupdatem;Google Update Service (gupdatem)R? m763001b;M-Audio Quattro Base DriverR? m763001d;M-Audio Quattro Legacy DriverR? ma763001;M-Audio QuattroR? MBAMProtector;MBAMProtectorR? MBAMService;MBAMServiceR? PL-40R;CASIO USB MIDIR? sdCoreService;PC Tools Security ServiceR? USB22LDR;M-Audio USB MidiSport 2x2 LoaderR? USBNS4X4;M-Audio USB Quattro MidiR? Viewpoint Manager Service;Viewpoint Manager ServiceS? aswFsBlk;aswFsBlkS? aswSnx;aswSnxS? aswSP;aswSPS? avast! Antivirus;avast! AntivirusS? GearAspiSys;GearAspiSysS? lxea_device;lxea_deviceS? lxeaCATSCustConnectService;lxeaCATSCustConnectServiceS? McrdSvc;Media Center Extender ServiceS? PCTCore;PCTools KDSS? pctDS;PC Tools Data StoreS? pctEFA;PC Tools Extended File AttributesS? QuattroInstallerService;Quattro InstallerS? SASDIFSV;SASDIFSVS? SASKUTIL;SASKUTILS? SBKUPNT;SBKUPNTS? sdAuxService;PC Tools Auxiliary ServiceS? USBMN2X2;M-Audio USB MidiSport 2x2S? X10Hid;X10 Hid Device.=============== Created Last 30 ================.2011-06-15 23:12:17 105472 -c----w- c:\windows\system32\dllcache\mup.sys2011-06-15 20:13:20 762780 -c--a-w- c:\windows\system32\dllcache\3cwmcru.sys2011-06-15 20:13:19 11264 -c--a-w- c:\windows\system32\dllcache\1394vdbg.sys2011-06-15 19:58:18 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll2011-06-13 06:54:19 -------- d-----w- c:\documents and settings\all users\application data\Skype Extras2011-06-11 20:26:29 -------- d-----w- c:\program files\Trend Micro2011-06-11 19:20:58 -------- d-----w- c:\program files\PC Health Optimizer Free Edition2011-06-11 18:11:26 656320 ----a-w- c:\windows\system32\drivers\pctEFA.sys2011-06-11 18:11:26 338880 ----a-w- c:\windows\system32\drivers\pctDS.sys2011-06-11 18:11:24 251560 ----a-w- c:\windows\system32\drivers\pctgntdi.sys2011-06-11 18:11:18 239168 ----a-w- c:\windows\system32\drivers\PCTCore.sys2011-06-11 18:11:18 160448 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys2011-06-11 18:11:06 70536 ----a-w- c:\windows\system32\drivers\pctplsg.sys2011-06-11 18:10:53 -------- d-----w- c:\program files\PC Tools Security2011-06-11 18:10:53 -------- d-----w- c:\program files\common files\PC Tools2011-06-11 18:10:53 -------- d-----w- c:\documents and settings\rick ross\application data\PC Tools2011-06-11 08:50:19 -------- d-----w- c:\documents and settings\rick ross\application data\SUPERAntiSpyware.com2011-06-11 08:50:19 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com2011-06-11 08:49:52 -------- d-----w- c:\program files\SUPERAntiSpyware2011-06-08 22:02:00 -------- d-sha-r- C:\cmdcons2011-06-08 21:57:29 98816 ----a-w- c:\windows\sed.exe2011-06-08 21:57:29 518144 ----a-w- c:\windows\SWREG.exe2011-06-08 21:57:29 256512 ----a-w- c:\windows\PEV.exe2011-06-08 21:57:29 208896 ----a-w- c:\windows\MBR.exe2011-06-02 05:57:49 -------- d--h--w- c:\documents and settings\rick ross\Recent(3)2011-06-01 23:00:48 -------- d--h--w- c:\documents and settings\rick ross\Recent(2)2011-06-01 03:48:08 -------- d-----w- C:\+to ipod2011-05-29 02:01:12 -------- d-----w- C:\MOVIES2011-05-29 01:22:04 -------- d-----w- c:\documents and settings\rick ross\local settings\application data\PackageAware.==================== Find3M ====================.2011-06-15 23:18:51 118784 ----a-w- c:\windows\dsdxirmv.exe2011-05-29 16:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys2011-05-29 16:11:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys2011-05-25 06:00:27 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl2011-05-10 12:10:59 40112 ----a-w- c:\windows\avastSS.scr2011-05-10 12:03:54 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys2011-05-02 15:31:52 692736 ----a-w- c:\windows\system32\inetcomm.dll2011-04-29 16:19:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys2011-04-25 16:11:12 916480 ----a-w- c:\windows\system32\wininet.dll2011-04-25 16:11:11 43520 ----a-w- c:\windows\system32\licmgr10.dll2011-04-25 16:11:11 1469440 ----a-w- c:\windows\system32\inetcpl.cpl2011-04-25 12:01:22 385024 ----a-w- c:\windows\system32\html.iec2011-04-21 13:37:43 105472 ----a-w- c:\windows\system32\drivers\mup.sys2011-04-13 22:40:10 4284416 ----a-w- c:\windows\system32\GPhotos.scr2001-10-05 19:53:04 21866 ----a-w- c:\program files\common files\tppupd2k.dll1998-02-09 09:59:18 6416 ----a-w- c:\program files\FAC_PT63.EXE.============= FINISH: 23:47:23.46 ===============.==== Installed Programs ======================.Adobe Acrobat - Reader 6.0.2 UpdateAdobe Acrobat 6.0 ProfessionalAdobe Download ManagerAdobe Download Manager 1.2 (Remove Only)Adobe Flash Player 10 ActiveXAdobe Flash Player 10 PluginAdobe Photoshop Album 2.0 Starter EditionAdobe Photoshop Elements 2.0Adobe Premiere StandardAdobe Reader 6.0.1Adobe Reader 8.1.2 Security Update 1 (KB403742)Adobe Reader 8.1.4AOL DeutschlandAOL SetupAOL Toolbar AOL Uninstaller (Choose which Products to Remove)Apple Application SupportApple Mobile Device SupportApple Software UpdateArcSoft PhotoBase 3ATI - Software Uninstall UtilityATI Control PanelATI Display DriverAutoUpdateavast! Free AntivirusBing Maps 3DBonjourBRAVO2 FIRMWARE UPDATERCakewalk Pyro 1.5Cakewalk VST Adapter 4Canon CanoScan Toolbox 4.1CCleanerClick to DVD 2.0 Menu DataClick to DVD 2.4.12Click to DVD 2.5.32CraigsPalFree version 3.08Critical Update for Windows Media Player 11 (KB959772)Digital Photo Navigator 1.5DivXDivX PlayerDreamStation DXi2Drivers Install For Linksys Easylink AdvisorDVgate PlusEasy CD Creator 5 PlatinumFree CD to MP3 ConverterGoogle ChromeGoogle Earth Plug-inGoogle Gmail NotifierGoogle Talk (remove only)Google Talk PluginGoogle Toolbar for Internet ExplorerGoogle Update HelperHigh-Speed Internet OptionsHigh Definition Audio Driver Package - KB835221Highlight Viewer (Windows Live Toolbar)HiJackThisHotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)Hotfix for Windows Internet Explorer 7 (KB947864)Hotfix for Windows Media Format 11 SDK (KB929399)Hotfix for Windows Media Player 10 (KB903157)Hotfix for Windows Media Player 11 (KB939683)Hotfix for Windows XP (KB2443685)Hotfix for Windows XP (KB952287)Hotfix for Windows XP (KB954550-v5)Hotfix for Windows XP (KB961118)Hotfix for Windows XP (KB981793)Image TransferImageMixer for SonyIntel Application AcceleratorIntel® PRO Network Adapters and DriversInterVideo WinDVD 5 for VAIOiTunesJ2SE Runtime Environment 5.0 Update 4J2SE Runtime Environment 5.0 Update 6Java 2 Runtime Environment, SE v1.4.2_05Java Auto UpdaterJava 6 Update 23Java 6 Update 3Lexmark Printable WebLexmark S300-S400 SeriesLexmark ToolbarLinksys EasyLink Advisor 1.6 (0032)Logitech Legacy USB Camera Driver PackageLogitech QuickCamMacromedia Shockwave PlayerMalwarebytes' Anti-Malware version 1.51.0.1200Manual CanoScan 3000,3000FMap Button (Windows Live Toolbar)MD Simple Burner 2.0.05MediaFACE 4.0Memory Stick FormatterMicrosoft .NET Framework 1.0 Hotfix (KB953295)Microsoft .NET Framework 1.0 Hotfix (KB979904)Microsoft .NET Framework 1.1Microsoft .NET Framework 1.1 Security Update (KB2416447)Microsoft .NET Framework 1.1 Security Update (KB979906)Microsoft .NET Framework 2.0 Service Pack 2Microsoft .NET Framework 3.0 Service Pack 2Microsoft .NET Framework 3.5 SP1Microsoft Application Error ReportingMicrosoft Compression Client Pack 1.0 for Windows XPMicrosoft Data Access Components KB870669Microsoft Internationalized Domain Names Mitigation APIsMicrosoft National Language Support Downlevel APIsMicrosoft Office Professional Edition 2003Microsoft SilverlightMicrosoft SQL Server 2005 Compact Edition [ENU]Microsoft User-Mode Driver Framework Feature Pack 1.0Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft WorksMicroStaff WINASPIMobileMe Control PanelMoodLogicMovielink eHome version 1.1Mozilla Firefox 4.0.1 (x86 en-US)MP3 Wav Editor 2.4MSXML 4.0 SP2 (KB925672)MSXML 4.0 SP2 (KB927978)MSXML 4.0 SP2 (KB936181)MSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)Neato MediaFACE 4.0Nero PhotoShow Express 4neroxmlNetflix Movie ViewerOmniPage SEOpenMG Limited Patch 4.7-07-14-05-01OpenMG Metadata Extractor for Windows Media PlayerOpenMG Secure Module 4.4.00OpenMG Secure Module 4.7.00PC Health Optimizer Free EditionPicasa 3PowerCinema NE for EverioPowerDirector ExpressPowerProducerPrimoDVD (English)Quicken 2008QuickTimeRealPlayerRealtek High Definition Audio DriverRhapsody Player EngineSafariSecurity Update for CAPICOM (KB931906)Security Update for Microsoft .NET Framework 2.0 (KB928365)Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)Security Update for Step By Step Interactive Training (KB898458)Security Update for Step By Step Interactive Training (KB923723)Security Update for Windows Internet Explorer 7 (KB929969)Security Update for Windows Internet Explorer 7 (KB931768)Security Update for Windows Internet Explorer 7 (KB933566)Security Update for Windows Internet Explorer 7 (KB937143)Security Update for Windows Internet Explorer 7 (KB938127)Security Update for Windows Internet Explorer 7 (KB939653)Security Update for Windows Internet Explorer 7 (KB942615)Security Update for Windows Internet Explorer 7 (KB944533)Security Update for Windows Internet Explorer 7 (KB950759)Security Update for Windows Internet Explorer 8 (KB2416400)Security Update for Windows Internet Explorer 8 (KB2482017)Security Update for Windows Internet Explorer 8 (KB2497640)Security Update for Windows Internet Explorer 8 (KB2510531)Security Update for Windows Internet Explorer 8 (KB2530548)Security Update for Windows Internet Explorer 8 (KB2544521)Security Update for Windows Internet Explorer 8 (KB971961)Security Update for Windows Internet Explorer 8 (KB981332)Security Update for Windows Internet Explorer 8 (KB982381)Security Update for Windows Media Player (KB2378111)Security Update for Windows Media Player (KB952069)Security Update for Windows Media Player (KB954155)Security Update for Windows Media Player (KB973540)Security Update for Windows Media Player (KB975558)Security Update for Windows Media Player (KB978695)Security Update for Windows Media Player 10 (KB911565)Security Update for Windows Media Player 10 (KB917734)Security Update for Windows Media Player 11 (KB936782)Security Update for Windows Media Player 11 (KB954154)Security Update for Windows XP (KB2079403)Security Update for Windows XP (KB2115168)Security Update for Windows XP (KB2121546)Security Update for Windows XP (KB2229593)Security Update for Windows XP (KB2259922)Security Update for Windows XP (KB2286198)Security Update for Windows XP (KB2296011)Security Update for Windows XP (KB2296199)Security Update for Windows XP (KB2347290)Security Update for Windows XP (KB2360937)Security Update for Windows XP (KB2387149)Security Update for Windows XP (KB2393802)Security Update for Windows XP (KB2412687)Security Update for Windows XP (KB2419632)Security Update for Windows XP (KB2423089)Security Update for Windows XP (KB2436673)Security Update for Windows XP (KB2440591)Security Update for Windows XP (KB2443105)Security Update for Windows XP (KB2476490)Security Update for Windows XP (KB2476687)Security Update for Windows XP (KB2478960)Security Update for Windows XP (KB2478971)Security Update for Windows XP (KB2479628)Security Update for Windows XP (KB2481109)Security Update for Windows XP (KB2483185)Security Update for Windows XP (KB2485376)Security Update for Windows XP (KB2485663)Security Update for Windows XP (KB2491683)Security Update for Windows XP (KB2503658)Security Update for Windows XP (KB2503665)Security Update for Windows XP (KB2506212)Security Update for Windows XP (KB2506223)Security Update for Windows XP (KB2507618)Security Update for Windows XP (KB2508272)Security Update for Windows XP (KB2508429)Security Update for Windows XP (KB2509553)Security Update for Windows XP (KB2511455)Security Update for Windows XP (KB2524375)Security Update for Windows XP (KB2535512)Security Update for Windows XP (KB2536276)Security Update for Windows XP (KB2544893)Security Update for Windows XP (KB923561)Security Update for Windows XP (KB941569)Security Update for Windows XP (KB946648)Security Update for Windows XP (KB950760)Security Update for Windows XP (KB950762)Security Update for Windows XP (KB950974)Security Update for Windows XP (KB951066)Security Update for Windows XP (KB951376-v2)Security Update for Windows XP (KB951698)Security Update for Windows XP (KB951748)Security Update for Windows XP (KB952004)Security Update for Windows XP (KB952954)Security Update for Windows XP (KB955069)Security Update for Windows XP (KB956572)Security Update for Windows XP (KB956744)Security Update for Windows XP (KB956802)Security Update for Windows XP (KB956803)Security Update for Windows XP (KB956841)Security Update for Windows XP (KB956844)Security Update for Windows XP (KB958644)Security Update for Windows XP (KB958869)Security Update for Windows XP (KB959426)Security Update for Windows XP (KB960225)Security Update for Windows XP (KB960803)Security Update for Windows XP (KB960859)Security Update for Windows XP (KB961501)Security Update for Windows XP (KB969059)Security Update for Windows XP (KB970238)Security Update for Windows XP (KB970430)Security Update for Windows XP (KB971468)Security Update for Windows XP (KB971657)Security Update for Windows XP (KB972270)Security Update for Windows XP (KB973507)Security Update for Windows XP (KB973869)Security Update for Windows XP (KB973904)Security Update for Windows XP (KB974112)Security Update for Windows XP (KB974318)Security Update for Windows XP (KB974392)Security Update for Windows XP (KB974571)Security Update for Windows XP (KB975467)Security Update for Windows XP (KB975560)Security Update for Windows XP (KB975561)Security Update for Windows XP (KB975562)Security Update for Windows XP (KB975713)Security Update for Windows XP (KB977816)Security Update for Windows XP (KB977914)Security Update for Windows XP (KB978037)Security Update for Windows XP (KB978338)Security Update for Windows XP (KB978542)Security Update for Windows XP (KB978601)Security Update for Windows XP (KB978706)Security Update for Windows XP (KB979309)Security Update for Windows XP (KB979482)Security Update for Windows XP (KB979559)Security Update for Windows XP (KB979683)Security Update for Windows XP (KB979687)Security Update for Windows XP (KB980195)Security Update for Windows XP (KB980218)Security Update for Windows XP (KB980232)Security Update for Windows XP (KB980436)Security Update for Windows XP (KB981322)Security Update for Windows XP (KB981852)Security Update for Windows XP (KB981997)Security Update for Windows XP (KB982132)Security Update for Windows XP (KB982214)Security Update for Windows XP (KB982665)Sibelius Scorch (ActiveX Only)Sibelius Scorch (Firefox, Opera, Netscape only)Skype ToolbarsSkype™ 5.3Smart Menus (Windows Live Toolbar)SONAR 7 Studio EditionSonic EncodersSonic RecordNow!SonicStage 4.3SonicStage Mastering Studio 1.4SonicStage Mastering Studio Audio FilterSonicStage Mastering Studio Plugins 1.3Sony Certificate PCHSony Download Taxi 1.5.0.0Sony Picture UtilitySony TV Tuner Library 1.0Sony USB DriverSony Video Shared LibrarySpyware Doctor 8.0SUPERAntiSpywareSureThing CD Labeler Primera Edition 5TPP Storage Driver InstallationUlead PhotoImpact 10 ESDUpdate for Windows Internet Explorer 8 (KB976662)Update for Windows Media Player 10 (KB913800)Update for Windows XP (KB2141007)Update for Windows XP (KB2345886)Update for Windows XP (KB2467659)Update for Windows XP (KB951978)Update for Windows XP (KB955759)Update for Windows XP (KB967715)Update for Windows XP (KB968389)Update for Windows XP (KB971029)Update for Windows XP (KB971737)Update for Windows XP (KB973687)Update for Windows XP (KB973815)Update Rollup 2 for Windows XP Media Center Edition 2005USB Storage Adapter (TPP)USB Storage Adapter V2 (TPP)USB Storage Adapter V3 (TPP)VAIO Edit ComponentsVAIO Entertainment PlatformVAIO Help and SupportVAIO Media 4.0VAIO Media Integrated Server 4.1VAIO Media Redistribution 4.0VAIO Media Registration Tool 4.0VAIO RegistrationVAIO SLIT-C Screen SaverVAIO SLIT Pattern WallpaperVAIO Survey StandaloneVAIO System InformationVAIO Update 2VAIO Update 3Viewpoint Manager (Remove Only)Viewpoint Media PlayerWavePad UninstallWebFldrs XPWelcome to VAIO lifeWindows Defender SignaturesWindows Genuine Advantage Notifications (KB905474)Windows Genuine Advantage v1.3.0254.0Windows Genuine Advantage Validation Tool (KB892130)Windows Imaging ComponentWindows Installer Clean UpWindows Internet Explorer 7Windows Internet Explorer 8Windows Live Favorites for Windows Live ToolbarWindows Live installerWindows Live MailWindows Live OneCare safety scannerWindows Live Photo GalleryWindows Live Sign-in AssistantWindows Live ToolbarWindows Live Toolbar Extension (Windows Live Toolbar)Windows Live WriterWindows Media Format 11 runtimeWindows Media Player 10 Hotfix [see KB886612 for more information]Windows Media Player 11Windows Media Player Firefox PluginWindows Vista Upgrade AdvisorWindows XP Media Center Edition 2005 KB2502898Windows XP Media Center Edition 2005 KB925766Windows XP Media Center Edition 2005 KB973768Windows XP Service Pack 3WinRAR archiverWinZip.==== End Of File =========================== Link to post Share on other sites More sharing options...
Staff screen317 Posted June 30, 2011 Staff ID:447470 Share Posted June 30, 2011 Hi,I see you have Viewpoint installed...Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". I suggest you remove the program now. Navigate to Start --> Control Panel --> Add or Remove Programs and uninstall the following programs if present.ViewpointViewpoint ManagerViewpoint Media PlayerViewpoint ToolbarLet me know if you decided to uninstall it.Next, please run a free online scan with the ESET Online ScannerNote: You will need to use Internet Explorer for this scan.Tick the box next to YES, I accept the Terms of Use.Click StartWhen asked, allow the ActiveX control to installClick StartMake sure that the options Remove found threats and the option Scan unwanted applications is checkedClick ScanWait for the scan to finishUse Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txtCopy and paste that log as a reply to this topicNext, download my Security Check from here or here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt; please post the contents of that document.Let me know how things are running now and what issues remain.-screen317 Link to post Share on other sites More sharing options...
ri4 Posted June 30, 2011 Author ID:447620 Share Posted June 30, 2011 Yes, I uninstalled Viewpoint Manager and Viewpoint Media Player. Those were the only ones present in Add/Remove Programs. After running the tasks you requested, I still cannot open Firefox I get same error message : Firefox is already running, but is not responding. To open a new window, you must first close the existing Firefox process, or restart your system. Everything else seems to be running smoothly. Thank you.Here's the other stuff you asked for:ESETSmartInstaller@High as CAB hook log:OnlineScanner.ocx - registred OK# version=7# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)# OnlineScanner.ocx=1.0.0.6427# api_version=3.0.2# EOSSerial=0414ead44c347c4297c28803abbfa5b6# end=finished# remove_checked=true# archives_checked=false# unwanted_checked=true# unsafe_checked=false# antistealth_checked=true# utc_time=2011-06-30 09:26:45# local_time=2011-06-30 02:26:45 (-0800, Pacific Daylight Time)# country="United States"# lang=9# osver=5.1.2600 NT Service Pack 3# compatibility_mode=512 16777215 100 0 1546151 1546151 0 0# compatibility_mode=768 16777215 100 0 12880289 12880289 0 0# compatibility_mode=2560 16777215 100 0 0 0 0 0# compatibility_mode=8192 67108863 100 0 0 0 0 0# scanned=229897# found=4# cleaned=4# scan_time=9067C:\Documents and Settings\Rick Ross\My Documents\Downloads\WhiteSmokeInstaller_9147.exe a variant of Win32/InstallCore.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 CC:\Drivers&Downloads\registryfix.exe a variant of Win32/Adware.ErrorClean application (deleted - quarantined) 00000000000000000000000000000000 CC:\System Volume Information\_restore{7D83713C-ADAB-4793-AA3D-B89DDB8C654A}\RP119\A0026535.exe a variant of Win32/InstallCore.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 CC:\System Volume Information\_restore{7D83713C-ADAB-4793-AA3D-B89DDB8C654A}\RP119\A0026536.exe a variant of Win32/Adware.ErrorClean application (deleted - quarantined) 00000000000000000000000000000000 C Results of screen317's Security Check version 0.99.17 Windows XP Service Pack 3 Internet Explorer 8 `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Enabled! avast! Free Antivirus ESET Online Scanner v3 Antivirus up to date! (On Access scanning disabled!) ``````````````````````````````` Anti-malware/Other Utilities Check: Malwarebytes' Anti-Malware CCleaner Java 6 Update 23 Java 6 Update 3 Java 2 Runtime Environment, SE v1.4.2_05 Out of date Java installed! Adobe Flash Player 10.3.181.14 ```````````````````````````````` Process Check: objlist.exe by Laurent Alwil Software Avast5 AvastSvc.exe Alwil Software Avast5 avastUI.exe ``````````End of Log```````````` Link to post Share on other sites More sharing options...
Staff screen317 Posted July 3, 2011 Staff ID:448679 Share Posted July 3, 2011 Hi,Navigate to Start --> Run, and type Combofix /uninstall in the box that appears. Click OK afterward. Notice the space between the X and the /uninstallThis uninstalls all of ComboFix's components.Delete SecurityCheck.After that, navigate to Start --> Control Panel --> Add or Remove Programs, and uninstall the following program (if present):Java™ 6 Update 23Java™ 6 Update 3Java 2 Runtime Environment, SE v1.4.2_05 Restart your computer.Get the latest version of Java.Reboot and see if any issues remain.-screen317 Link to post Share on other sites More sharing options...
ri4 Posted July 3, 2011 Author ID:448855 Share Posted July 3, 2011 I did those things, and I still have the error message when I try to start Firefox:Firefox is already running, but is not responding. To open a new window, you must first close the existing Firefox process, or restart your system.My instinct would be to unistall/reistall Firefox, but I tried that before and it didn't help. I'll wait to see what you recommend.Thanks Link to post Share on other sites More sharing options...
Staff screen317 Posted July 6, 2011 Staff ID:450174 Share Posted July 6, 2011 Uninstall Firefox. Reboot, then install the latest version.See if it persists. Link to post Share on other sites More sharing options...
ri4 Posted July 8, 2011 Author ID:451159 Share Posted July 8, 2011 That didn't work.... same error message. So I uninstalled again, searched out any files or folders with the name Mozilla or Firefox and deleted them. Then reinstalled Firefox and it is working now. Thanks, Chris for your help over the past few weeks. I thing we can say my computer is clean now! Best wishes Link to post Share on other sites More sharing options...
Staff screen317 Posted July 12, 2011 Staff ID:452757 Share Posted July 12, 2011 Great!I highly recommend the PRO version of MBAM; with it, it's likely that this issue would have been prevented in the first place.Now that your computer seems to be in proper working order, please take the following steps to help prevent reinfection:1) Download and install Javacool's SpywareBlaster, which will prevent malware from being installed on your computer. A tutorial on it can be found here.2) Go to Windows Update frequently to get all of the latest updates (security or otherwise) for Windows.3) Make sure your programs are up to date! Older versions may contain security risks. To find out what programs need to be updated, please run Secunia's Software Inspector.4) WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:Green to go Yellow for caution Red to stop WOT has an addon available for both Firefox and IE.5) Be sure to update your Antivirus and Antispyware programs often!Finally, please also take the time to read Tony Klein's excellent article on: So How Did I Get Infected in the First Place?Safe surfing,-screen317 Link to post Share on other sites More sharing options...
Staff screen317 Posted August 5, 2011 Staff ID:462418 Share Posted August 5, 2011 Glad we could help. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts