Newbie
Hi,
I have Windows 7 and am having problems with chrome & firefox search results redirecting to the incorrect sites. Any help would be greatly appreciated as I can't seem to find a solution.
I have ran a full scan with search & destroy but the problem is still there.
I have also used spyware doctor & malwarebytes anti-malware but to no avail.
My HiJackthis log is:
Logfile of Trend Micro HijackThis v2.0.3 (BETA)
Scan saved at 20:18:38, on 27/01/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe
C:\Program Files\ASUS\AI Suite\QFan3\QFanHelp.exe
C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\RescueTime\RescueTime.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\FOXITS~1\FOXITR~1\FOXITR~1.EXE
C:\Windows\system32\calc.exe
C:\Users\upstaris\AppData\Local\Google\Chrome\Appl ication\chrome.exe
C:\Users\upstaris\AppData\Local\Google\Chrome\Appl ication\chrome.exe
C:\Users\upstaris\AppData\Local\Google\Chrome\Appl ication\chrome.exe
C:\Users\upstaris\AppData\Local\Google\Chrome\Appl ication\chrome.exe
C:\Program Files\TrendMicro\HiJackThis\HiJackThis.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Users\upstaris\AppData\Local\Google\Chrome\Appl ication\chrome.exe
C:\Users\upstaris\AppData\Local\Google\Chrome\Appl ication\chrome.exe
C:\Users\upstaris\AppData\Local\Google\Chrome\Appl ication\chrome.exe
C:\Users\upstaris\AppData\Local\Google\Chrome\Appl ication\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, News, Sport, Music, Movies, Money, Cars, Shopping, Windows Live from MSN UK
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, News, Sport, Music, Movies, Money, Cars, Shopping, Windows Live from MSN UK
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, News, Sport, Music, Movies, Money, Cars, Shopping, Windows Live from MSN UK
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Browser Defender BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT
\PCTBrowserDefender.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy
\SDHelper.dll
O2 - BHO: DIALux 3.1 ULDBrowserHelper Class - {69AB812A-8CE4-4BF3-B49B-3B60A9F31FB2} - C:\Program Files\DIALux
\DLXShellExtension.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin
\jp2ssv.dll
O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT
\PCTBrowserDefender.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.ex e"
-launchedbylogin
O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [QFan Help] "C:\Program Files\ASUS\AI Suite\QFan3\QFanHelp.exe"
O4 - HKLM\..\Run: [Cpu Level Up help] "C:\Program Files\ASUS\AI Suite\CpuLevelUpHelp.exe"
O4 - HKLM\..\Run: [FontExpertType1Loader] C:\Program Files\FontExpert\Type1Loader.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [vmware-tray] "C:\Program Files\VMware\VMware Workstation\vmware-tray.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\upstaris\AppData\Local\Google\Update\Goo gleUpdate.exe" /c
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: OOo-dev 3.2.lnk = C:\Program Files\OOo-dev 3\program\quickstart.exe
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Startup: RescueTime.lnk = C:\Program Files\RescueTime\RescueTime.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy
\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:
\Program Files\Spybot - Search & Destroy\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware workstation\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware workstation\vsocklib.dll
O13 - Gopher Prefix:
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software
\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared
\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search &
Destroy\SDWinSec.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA
Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-
ufad.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation
\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files\Common Files\VMware
\USB\vmware-usbarbitrator.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp2\bin\apache\apache2.2.11\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp2\bin\mysql\mysql5.1.36\bin
and mu uninstall list is:
Acrobat.com
Acrobat.com
Ad-Aware
Ad-Aware
Adobe After Effects CS4
Adobe After Effects CS4 Presets
Adobe After Effects CS4 Third Party Content
Adobe AIR
Adobe AIR
Adobe Anchor Service CS4
Adobe Bridge CS4
Adobe CMaps CS4
Adobe Color - Photoshop Specific CS4
Adobe Color EU Recommended Settings CS4
Adobe Color JA Extra Settings CS4
Adobe Color NA Extra Settings CS4
Adobe Color Video Profiles AE CS4
Adobe Color Video Profiles CS CS4
Adobe Creative Suite 4 Master Collection
Adobe Creative Suite 4 Master Collection
Adobe CS4 American English Speech Analysis Models
Adobe CSI CS4
Adobe Default Language CS4
Adobe Device Central CS4
Adobe Dreamweaver CS4
Adobe Drive CS4
Adobe Dynamiclink Support
Adobe Encore CS4 Codecs
Adobe ExtendScript Toolkit CS4
Adobe Extension Manager CS4
Adobe Flash CS4
Adobe Flash CS4 Extension - Flash Lite STI en
Adobe Flash CS4 STI-en
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Fonts All
Adobe Illustrator CS4
Adobe InDesign CS4
Adobe InDesign CS4 Application Feature Set Files (Roman)
Adobe InDesign CS4 Common Base Files
Adobe InDesign CS4 Icon Handler
Adobe Linguistics CS4
Adobe Media Encoder CS4
Adobe Media Encoder CS4 Additional Exporter
Adobe Media Encoder CS4 Dolby
Adobe Media Encoder CS4 Exporter
Adobe Media Encoder CS4 Importer
Adobe Media Player
Adobe Media Player
Adobe MotionPicture Color Files CS4
Adobe Output Module
Adobe PDF Library Files CS4
Adobe Photoshop CS4
Adobe Photoshop CS4 Support
Adobe Premiere Pro CS4
Adobe Premiere Pro CS4 Functional Content
Adobe Premiere Pro CS4 Third Party Content
Adobe Search for Help
Adobe Service Manager Extension
Adobe Setup
Adobe SGM CS4
Adobe SING CS4
Adobe Soundbooth CS4 Codecs
Adobe Type Support CS4
Adobe Update Manager CS4
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS4
AdobeColorCommonSetCMYK
AdobeColorCommonSetRGB
AI Suite
Apple Application Support
Apple Software Update
avast! Antivirus
Browser Defender 2.0.6.10
Connect
DIALux 4.7
eM Client
EOS Camera Movie Record 0.1.9 Beta 3
Express Rip
FileZilla Client 3.3.1
FontExpert 2009
Foxit Reader
Free Easy Burner V 3.9
HiJackThis
ImgBurn
Java(TM) 6 Update 16
Java(TM) 6 Update 17
kuler
Magic ISO Maker v5.5 (build 0276)
Malwarebytes' Anti-Malware
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Mozilla Firefox (3.5.7)
Mozilla Thunderbird (2.0.0.23)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Notepad++
NVIDIA Drivers
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
OOo-dev 3.2
Ooyala Backlot
Ooyala Backlot
OpenOffice.org 3.1
OpenOffice.org 3.1 Language Pack (English (United Kingdom))
Paragon Partition Manager™ 10.0 Personal
PDF Settings CS4
Photoshop Camera Raw
Pismo File Mount Audit Package
Pixel ****** Toolkit
PL-2303 USB-to-Serial
POV-Ray for Windows v3.6.0
QuickTime
RescueTime 2.1.0
Revo Uninstaller 1.83
SmartFTP Client
SmartFTP Client 4.0 Setup Files (remove only)
Spotify
Spybot - Search & Destroy
Spyware Doctor 7.0
Steam
STREET FIGHTER IV
Suite Shared Configuration CS4
Switch Sound File Converter
tools-freebsd
tools-linux
tools-netware
tools-solaris
tools-windows
tools-winPre2k
Topaz Adjust 3
VLC media player 1.0.3
VMware Workstation
VMware Workstation
WampServer 2.0
WinRAR archiver
Thanks a lot for any help!
Senior Member
Please, disable "word wrap" in Notepad, because your log is hard to read.
Don't use HJT 2.03 (beta). Uninstall your version. Download 2.0.2 version from the link, I provided below...
Please download ComboFix from Here or Here to your Desktop.
**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
- Please, never rename Combofix unless instructed.
- Close any open browsers.
- Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
NOTE 1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
- Double click on combofix.exe & follow the prompts.
- When finished, it will produce a report for you.
- Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**
Make sure, you re-enable your security programs, when you're done with Combofix.
DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!
Download HijackThis:
HijackThis - Trend Micro USA
by clicking on Installer under Version 2.0.2
[DO NOT download version 2.0.3 (beta)]
Install, and run it.
Post HijackTHis log.
Do NOT attempt to fix anything!
NOTE. If you're using Vista, or 7, right click on HijackThis, and click Run as Administrator
Newbie
Thanks for your quick response.
ComboFix 10-01-28.05 - upstaris 29/01/2010 11:17:18.1.4 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.44.1033.18.3327.2254 [GMT 0:00]
Running from: c:\users\upstaris\Desktop\ComboFix.exe
SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\install.exe
c:\recycler\S-1-5-21-1935655697-1417001333-1801674531-1003
c:\recycler\S-1-5-21-448539723-57989841-725345543-1003
C:\Thumbs.db
c:\windows\Fonts\MyriadPro-Regular.otf
c:\windows\System32\isoburn.exe . . . is infected!!
.
((((((((((((((((((((((((( Files Created from 2009-12-28 to 2010-01-29 )))))))))))))))))))))))))))))))
.
2010-01-29 11:28 . 2010-01-29 11:29 -------- d-----w- c:\users\upstaris\AppData\Local\temp
2010-01-29 11:28 . 2010-01-29 11:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-01-28 20:19 . 2010-01-28 20:19 -------- d-----w- c:\users\upstaris\AppData\Local\Cooliris
2010-01-28 03:01 . 2009-09-04 17:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2010-01-28 03:01 . 2009-09-04 17:29 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
2010-01-27 14:39 . 2010-01-27 14:39 -------- d-----w- c:\program files\TrendMicro
2010-01-27 13:11 . 2010-01-29 10:54 -------- d-----w- c:\programdata\Lavasoft
2010-01-27 11:18 . 2010-01-27 11:38 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-01-27 11:18 . 2010-01-27 11:19 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-01-27 11:11 . 2010-01-27 11:11 -------- d-----w- c:\program files\Microsoft Silverlight
2010-01-27 10:57 . 2009-10-31 05:45 2614272 ----a-w- c:\windows\explorer.exe
2010-01-27 10:57 . 2009-10-28 06:17 285696 ----a-w- c:\windows\system32\winlogon.exe
2010-01-27 00:08 . 2009-10-08 13:14 59664 --s---w- c:\windows\system32\drivers\TfSysMon.sys
2010-01-27 00:08 . 2009-10-08 13:14 33552 --s---w- c:\windows\system32\drivers\TfNetMon.sys
2010-01-27 00:08 . 2009-10-08 13:14 51984 --s---w- c:\windows\system32\drivers\TfFsMon.sys
2010-01-26 23:35 . 2009-09-24 08:55 97208 ----a-w- c:\windows\system32\drivers\pctwfpfilter.sys
2010-01-26 23:35 . 2009-09-24 08:55 229304 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2010-01-26 23:35 . 2009-10-06 16:31 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2010-01-26 23:35 . 2009-09-23 16:10 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2010-01-26 23:35 . 2009-09-03 09:45 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2010-01-26 23:35 . 2010-01-29 11:12 -------- d-----w- c:\program files\Spyware Doctor
2010-01-26 23:35 . 2010-01-27 00:08 -------- d-----w- c:\programdata\PC Tools
2010-01-26 23:35 . 2010-01-26 23:38 -------- d-----w- c:\program files\Common Files\PC Tools
2010-01-26 23:35 . 2010-01-26 23:35 -------- d-----w- c:\users\upstaris\AppData\Roaming\PC Tools
2010-01-24 18:20 . 2010-01-24 18:21 -------- d-----w- c:\program files\POV-Ray for Windows v3.6
2010-01-24 18:18 . 2006-08-01 14:09 1966080 ----a-w- c:\windows\system32\cdintf251.dll
2010-01-24 18:18 . 2009-02-16 16:13 3833856 ----a-w- c:\windows\system32\cdintf300.dll
2010-01-24 18:16 . 2010-01-24 21:03 -------- d-----w- c:\programdata\DIALux
2010-01-24 18:16 . 2010-01-24 18:19 -------- d-----w- c:\program files\DIALux
2010-01-24 18:16 . 2010-01-24 18:17 -------- d-----w- c:\program files\Common Files\DIALux
2010-01-24 18:16 . 2010-01-24 18:16 -------- d-----w- c:\windows\DIALux
2010-01-22 09:28 . 2009-12-19 09:02 977920 ----a-w- c:\windows\system32\wininet.dll
2010-01-21 12:14 . 2010-01-21 12:14 -------- d-----w- c:\users\upstaris\AppData\Roaming\Malwarebytes
2010-01-21 12:14 . 2010-01-21 12:14 -------- d-----w- c:\programdata\Malwarebytes
2010-01-21 09:39 . 2010-01-21 09:39 -------- d-----w- c:\users\upstaris\AppData\Roaming\Foxit
2010-01-21 09:39 . 2010-01-21 09:39 -------- d-----w- c:\program files\Foxit Software
2010-01-20 19:06 . 2010-01-20 19:06 -------- d-----w- c:\program files\Topaz Labs
2010-01-20 12:58 . 2010-01-20 12:58 -------- d-----w- c:\program files\eos_movrec
2010-01-17 19:43 . 2010-01-17 19:43 -------- d-----w- c:\programdata\NCH Swift Sound
2010-01-17 19:43 . 2010-01-17 19:44 -------- d-----w- c:\users\upstaris\AppData\Roaming\NCH Swift Sound
2010-01-17 19:43 . 2010-01-17 19:43 -------- d-----w- c:\program files\NCH Software
2010-01-17 19:43 . 2010-01-17 19:43 -------- d-----w- c:\program files\NCH Swift Sound
2010-01-16 09:14 . 2010-01-16 12:06 -------- d-----w- c:\users\upstaris\AppData\Roaming\VMware
2010-01-16 09:11 . 2010-01-16 09:11 909320 ----a-w- c:\programdata\VMware\VMware Workstation\Uninstaller\uninstall.exe
2010-01-16 09:11 . 2010-01-16 09:11 625200 ----a-w- c:\programdata\VMware\VMware Workstation\Uninstaller\instUtils.dll
2010-01-16 09:11 . 2010-01-16 09:05 360448 ----a-w- c:\programdata\VMware\VMware Workstation\Uninstaller\module_license.dll
2010-01-16 09:11 . 2010-01-16 09:05 331776 ----a-w- c:\programdata\VMware\VMware Workstation\Uninstaller\module_ws.dll
2010-01-16 09:11 . 2010-01-16 09:05 569344 ----a-w- c:\programdata\VMware\VMware Workstation\Uninstaller\module_core.dll
2010-01-16 09:11 . 2010-01-16 09:05 760368 ----a-w- c:\programdata\VMware\VMware Workstation\Uninstaller\vnetlib.dll
2010-01-16 09:11 . 2010-01-16 09:05 958000 ----a-w- c:\programdata\VMware\VMware Workstation\Uninstaller\vnetlib64.dll
2010-01-16 09:11 . 2010-01-16 09:05 922672 ----a-w- c:\programdata\VMware\VMware Workstation\Uninstaller\vnetlib64.exe
2010-01-16 09:11 . 2010-01-16 09:05 703024 ----a-w- c:\programdata\VMware\VMware Workstation\Uninstaller\vnetlib.exe
2010-01-16 09:11 . 2010-01-16 09:05 731696 ----a-w- c:\programdata\VMware\VMware Workstation\Uninstaller\vminstutil.dll
2010-01-16 09:10 . 2009-10-22 00:13 59952 ----a-w- c:\windows\system32\vnetinst.dll
2010-01-16 09:10 . 2009-10-22 00:13 16560 ----a-w- c:\windows\system32\drivers\vmnetadapter.sys
2010-01-16 09:10 . 2009-10-22 04:59 334384 ----a-w- c:\windows\system32\vmnetdhcp.exe
2010-01-16 09:10 . 2009-10-22 05:00 395824 ----a-w- c:\windows\system32\vmnat.exe
2010-01-16 09:10 . 2009-10-22 05:00 26288 ----a-w- c:\windows\system32\drivers\vmnetuserif.sys
2010-01-16 09:10 . 2009-10-22 00:13 51248 ----a-r- c:\windows\system32\vmnetbridge.dll
2010-01-16 09:10 . 2009-10-22 00:13 36400 ----a-r- c:\windows\system32\drivers\vmnetbridge.sys
2010-01-16 09:10 . 2009-10-22 00:13 18736 ----a-r- c:\windows\system32\drivers\vmnet.sys
2010-01-16 09:10 . 2009-10-22 05:00 760368 ----a-w- c:\windows\system32\vnetlib.dll
2010-01-16 09:09 . 2009-10-22 05:00 23216 ----a-w- c:\windows\system32\drivers\VMkbd.sys
2010-01-16 09:08 . 2010-01-16 09:08 -------- d-----w- c:\program files\Common Files\VMware
2010-01-16 09:07 . 2010-01-29 11:10 -------- d-----w- c:\programdata\VMware
2010-01-16 09:06 . 2010-01-16 09:06 -------- d-----w- c:\program files\VMware
2010-01-16 08:44 . 2010-01-16 08:44 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-01-16 08:44 . 2010-01-16 08:44 -------- d-----w- c:\program files\DAEMON Tools Lite
2010-01-16 08:43 . 2010-01-27 18:36 -------- d-----w- c:\users\upstaris\AppData\Roaming\DAEMON Tools Lite
2010-01-16 08:43 . 2010-01-16 08:43 -------- d-----w- c:\programdata\DAEMON Tools Lite
2010-01-15 16:07 . 2010-01-15 16:07 -------- d-----w- c:\program files\MagicISO
2010-01-15 07:31 . 2010-01-15 07:31 -------- d-----w- c:\programdata\newos
2010-01-15 07:06 . 2010-01-15 07:06 -------- d-----w- c:\programdata\deletepart
2010-01-15 04:26 . 2010-01-15 04:26 -------- d-----w- c:\programdata\createpart
2010-01-15 04:26 . 2010-01-15 04:26 -------- d-----w- c:\programdata\explauncher
2010-01-15 04:25 . 2010-01-15 04:25 -------- d-----w- c:\programdata\launcher
2010-01-14 16:11 . 2010-01-15 08:42 -------- d-----w- c:\users\upstaris\AppData\Roaming\ImgBurn
2010-01-14 16:11 . 2010-01-14 16:11 -------- d-----w- c:\program files\ImgBurn
2010-01-14 12:36 . 2009-09-29 13:06 40560 ----a-w- c:\windows\system32\drivers\hotcore3.sys
2010-01-14 12:36 . 2010-01-29 10:54 -------- dc----w- c:\windows\system32\DRVSTORE
2010-01-14 12:36 . 2010-01-14 12:36 -------- d-----w- c:\program files\Paragon Software
2010-01-14 10:27 . 2009-10-19 14:10 108544 ----a-w- c:\windows\system32\t2embed.dll
2010-01-14 10:27 . 2009-10-19 14:10 70656 ----a-w- c:\windows\system32\fontsub.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2010-01-29 11:11 . 2009-12-08 18:32 -------- d-----w- c:\program files\Steam
2010-01-29 11:10 . 2009-11-04 22:45 -------- d-----w- c:\programdata\NVIDIA
2010-01-29 10:56 . 2009-11-07 17:38 -------- d-----w- c:\users\upstaris\AppData\Roaming\vlc
2010-01-28 22:23 . 2009-11-23 14:17 -------- d-----w- c:\users\upstaris\AppData\Roaming\Spotify
2010-01-28 19:51 . 2009-11-12 12:27 -------- d-----w- c:\users\upstaris\AppData\Roaming\FileZilla
2010-01-27 12:35 . 2009-11-05 02:58 -------- d-----w- c:\users\upstaris\AppData\Roaming\eM Client
2010-01-27 12:34 . 2009-11-05 02:58 -------- d-----w- c:\program files\eM Client
2010-01-26 20:33 . 2009-11-05 02:37 -------- d-----w- c:\program files\eclipse
2010-01-23 20:06 . 2009-11-04 22:27 90432 ----a-w- c:\users\upstaris\AppData\Local\GDIPFONTCACHEV1.DA T
2010-01-21 14:40 . 2009-12-04 15:24 1 ----a-w- c:\users\upstaris\AppData\Roaming\OpenOffice.org\3 \user\uno_packages\cache\stamp.sys
2010-01-21 09:39 . 2009-11-06 02:33 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-01-20 21:41 . 2009-11-05 02:09 -------- d-----w- c:\program files\Common Files\Adobe
2010-01-20 13:01 . 2010-01-20 13:01 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_ 09_00.Wdf
2010-01-18 18:35 . 2009-11-27 22:50 -------- d-----w- c:\users\upstaris\AppData\Roaming\dvdcss
2010-01-16 07:33 . 2009-12-09 10:53 -------- d-----w- c:\program files\Free Easy Burner
2010-01-14 12:32 . 2009-11-12 12:27 -------- d-----w- c:\program files\FileZilla FTP Client
2010-01-14 11:12 . 2009-11-05 06:04 181120 ------w- c:\windows\system32\MpSigStub.exe
2009-12-17 22:44 . 2009-12-17 22:44 -------- d-----w- c:\users\upstaris\AppData\Roaming\com.ooyala.backl ot.9DCE59B19CC46B6A4801BF98F6143EBC7EFD03F0.1
2009-12-17 22:44 . 2009-12-17 22:44 -------- d-----w- c:\program files\Ooyala Backlot
2009-12-17 22:44 . 2009-12-17 22:44 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-12-17 20:21 . 2009-12-17 22:44 38784 ----a-w- c:\users\upstaris\AppData\Roaming\Macromedia\Flash Player\http://www.macromedia.com\bin\airapp...pinstaller.exe
2009-12-17 20:21 . 2009-12-17 22:44 38784 ----a-w- c:\users\Default\AppData\Roaming\Macromedia\Flash Player\http://www.macromedia.com\bin\airapp...pinstaller.exe
2009-12-12 11:26 . 2009-12-12 11:26 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_09_ 00.Wdf
2009-12-10 03:00 . 2009-12-10 03:00 -------- d-----w- c:\program files\MSXML 4.0
2009-12-09 19:59 . 2009-12-09 19:59 -------- d-----w- c:\program files\CAPCOM
2009-12-09 19:58 . 2009-12-09 19:58 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
2009-12-09 17:59 . 2009-07-13 23:11 406528 ----a-w- c:\windows\system32\msvcp60.dll
2009-12-09 17:57 . 2009-07-13 20:30 8704 ----a-w- c:\windows\Fonts\ega40857.fon
2009-12-09 15:31 . 2009-12-09 15:31 -------- d-----w- c:\program files\RescueTime
2009-12-08 18:32 . 2009-12-08 18:32 -------- d-----w- c:\program files\Common Files\Steam
2009-12-07 15:54 . 2009-11-05 04:32 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-12-05 17:29 . 2009-12-05 17:29 -------- d-----w- c:\program files\Common Files\Apple
2009-12-05 17:28 . 2009-12-05 17:28 -------- d-----w- c:\program files\QuickTime
2009-12-05 17:28 . 2009-12-05 17:28 -------- d-----w- c:\programdata\Apple Computer
2009-12-05 16:49 . 2009-11-15 19:24 710976 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlig ht\MCESpotlight-2\SpotlightResources.dll
2009-12-04 15:24 . 2009-12-04 15:24 -------- d-----w- c:\users\upstaris\AppData\Roaming\OpenOffice.org
2009-12-04 15:16 . 2009-12-04 15:16 -------- d-----w- c:\program files\JRE
2009-12-04 15:16 . 2009-12-04 15:16 -------- d-----w- c:\program files\OpenOffice.org 3
2009-11-30 18:02 . 2009-11-30 18:02 171144 ----a-w- c:\windows\system32\xliveinstall.dll
2009-11-30 18:02 . 2009-11-30 18:02 72840 ----a-w- c:\windows\system32\xliveinstallhost.exe
2009-11-25 16:36 . 2009-11-05 04:24 723248 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlig ht\MCESpotlight\SpotlightResources.dll
2009-11-24 23:54 . 2009-11-04 23:13 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:49 . 2009-11-04 23:13 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2009-11-04 23:13 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2009-11-04 23:13 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-19 11:48 . 2009-12-01 13:25 872960 ----a-w- c:\users\upstaris\AppData\Roaming\Mozilla\Firefox\ Profiles\tswn3hit.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2009-11-19 11:48 . 2009-12-01 13:25 43008 ----a-w- c:\users\upstaris\AppData\Roaming\Mozilla\Firefox\ Profiles\tswn3hit.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2009-11-19 11:48 . 2009-12-01 13:25 340480 ----a-w- c:\users\upstaris\AppData\Roaming\Mozilla\Firefox\ Profiles\tswn3hit.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2009-11-19 11:48 . 2009-12-01 13:25 346624 ----a-w- c:\users\upstaris\AppData\Roaming\Mozilla\Firefox\ Profiles\tswn3hit.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2009-11-18 16:14 . 2009-11-05 04:25 1923864 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientU X\UpdateableMarkup\markup.dll
2009-11-15 19:24 . 2009-11-08 18:33 2011912 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientU X\UpdateableMarkup-2\markup.dll
2009-11-11 20:04 . 2009-11-09 11:52 1 ----a-w- c:\users\upstaris\AppData\Roaming\OOo-dev\3\user\uno_packages\cache\stamp.sys
2009-11-06 10:59 . 2009-11-06 10:59 15406728 ----a-w- c:\windows\system32\xlive.dll
2009-11-06 10:59 . 2009-11-06 10:59 13642888 ----a-w- c:\windows\system32\xlivefnt.dll
2009-11-05 21:36 . 2008-08-14 07:57 73312 ----a-w- c:\windows\system32\drivers\adfs.sys
2009-11-05 03:46 . 2009-11-05 03:46 0 ----a-w- c:\windows\nsreg.dat
2009-11-04 23:00 . 2009-11-04 23:01 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb 108c86c\WinMail.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\explorer\shelliconoverlayidentifiers\{4 BBAAAE9-0004-4000-9AA5-1BBD98C86E9B}]
@="{4BBAAAE9-0004-4000-9AA5-1BBD98C86E9B}"
[HKEY_CLASSES_ROOT\CLSID\{4BBAAAE9-0004-4000-9AA5-1BBD98C86E9B}]
2009-10-14 19:41 150872 ----a-w- c:\windows\System32\pfmshx_359.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"Google Update"="c:\users\upstaris\AppData\Local\Google\Up date\GoogleUpdate.exe" [2009-11-04 135664]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"Steam"="c:\program files\Steam\Steam.exe" [2009-12-09 1217808]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-04 149280]
"avast!"="c:\program files\Alwil Software\Avast4\ashDisp.exe" [2009-11-24 81000]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.ex e" [2009-11-05 611712]
"Ai Nap"="c:\program files\ASUS\AI Suite\AiNap\AiNap.exe" [2009-07-01 1435136]
"QFan Help"="c:\program files\ASUS\AI Suite\QFan3\QFanHelp.exe" [2009-07-01 601088]
"Cpu Level Up help"="c:\program files\ASUS\AI Suite\CpuLevelUpHelp.exe" [2007-11-30 881152]
"FontExpertType1Loader"="c:\program files\FontExpert\Type1Loader.exe" [2009-03-19 294152]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-10 417792]
"vmware-tray"="c:\program files\VMware\VMware Workstation\vmware-tray.exe" [2009-10-22 129584]
c:\users\upstaris\AppData\Roaming\Microsoft\Window s\Start Menu\Programs\Startup\
OOo-dev 3.2.lnk - c:\program files\OOo-dev 3\program\quickstart.exe [2009-9-26 384000]
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]
RescueTime.lnk - c:\program files\RescueTime\RescueTime.exe [2009-12-9 2379776]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@=""
[HKLM\~\startupfolder\C:^Users^upstaris^AppData^Roa ming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\users\upstaris\AppData\Roaming\Microsoft\W indows\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnk.Startup
backupExtension=.Startup
R0 hotcore3;hc3ServiceName;c:\windows\System32\driver s\hotcore3.sys [14/01/2010 12:36 40560]
R0 PCTCore;PCTools KDS;c:\windows\System32\drivers\PCTCore.sys [26/01/2010 23:35 207280]
R0 TfFsMon;TfFsMon;c:\windows\System32\drivers\TfFsMo n.sys [27/01/2010 00:08 51984]
R0 TfSysMon;TfSysMon;c:\windows\System32\drivers\TfSy sMon.sys [27/01/2010 00:08 59664]
R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [04/11/2009 23:13 114768]
R1 pfmfs_359;pfmfs_359;c:\windows\System32\drivers\pf mfs_359.sys [05/11/2009 02:07 185048]
R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswF sBlk.sys [04/11/2009 23:13 20560]
R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\as wMonFlt.sys [04/11/2009 23:13 53328]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [27/09/2009 16:48 240232]
R2 vmci;VMware vmci;c:\windows\System32\drivers\vmci.sys [22/10/2009 05:00 70704]
R2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [22/10/2009 03:47 563760]
S0 sptd;sptd;c:\windows\System32\drivers\sptd.sys [16/01/2010 08:44 691696]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [27/01/2010 11:18 1153368]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [26/01/2010 23:35 358600]
S3 TfNetMon;TfNetMon;c:\windows\System32\drivers\TfNe tMon.sys [27/01/2010 00:08 33552]
S4 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctg ntdi.sys [26/01/2010 23:35 229304]
S4 pctplsg;pctplsg;c:\windows\System32\drivers\pctpls g.sys [26/01/2010 23:35 70408]
.
Contents of the 'Scheduled Tasks' folder
2010-01-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2114085335-3892171782-2411487453-1001Core.job
- c:\users\upstaris\AppData\Local\Google\Update\Goog leUpdate.exe [2009-11-04 22:41]
2010-01-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2114085335-3892171782-2411487453-1001UA.job
- c:\users\upstaris\AppData\Local\Google\Update\Goog leUpdate.exe [2009-11-04 22:41]
.
.
------- Supplementary Scan -------
.
LSP: c:\program files\VMware\VMware Workstation\vsocklib.dll
FF - ProfilePath - c:\users\upstaris\AppData\Roaming\Mozilla\Firefox\ Profiles\tswn3hit.default\
FF - component: c:\users\upstaris\AppData\Roaming\Mozilla\Firefox\ Profiles\tswn3hit.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
FF - component: c:\users\upstaris\AppData\Roaming\Mozilla\Firefox\ Profiles\tswn3hit.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\platform\WINNT\components\ColorZilla .dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\users\upstaris\AppData\Local\Google\Update\1.2. 183.13\npGoogleOneClick8.dll
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-AdobeBridge - (no file)
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PC W\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2010-01-29 11:34:14
ComboFix-quarantined-files.txt 2010-01-29 11:34
Pre-Run: 6,832,914,432 bytes free
Post-Run: 8,351,866,880 bytes free
- - End Of File - - 186E4121BFD174B6A3A667FCD0B97FCA
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:41:31, on 29/01/2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\ASUS\AI Suite\QFan3\QFanHelp.exe
C:\Program Files\VMware\VMware Workstation\vmware-tray.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Windows\system32\notepad.exe
C:\Windows\explorer.exe
C:\Users\upstaris\AppData\Local\Google\Chrome\Appl ication\chrome.exe
C:\Users\upstaris\AppData\Local\Google\Chrome\Appl ication\chrome.exe
C:\Users\upstaris\AppData\Local\Google\Chrome\Appl ication\chrome.exe
C:\Users\upstaris\AppData\Local\Google\Chrome\Appl ication\chrome.exe
C:\Users\upstaris\AppData\Local\Google\Chrome\Appl ication\chrome.exe
C:\Users\upstaris\AppData\Local\Google\Chrome\Appl ication\chrome.exe
C:\Users\upstaris\AppData\Local\Google\Chrome\Appl ication\chrome.exe
C:\Users\upstaris\AppData\Local\Google\Chrome\Appl ication\chrome.exe
C:\Users\upstaris\AppData\Local\Google\Chrome\Appl ication\chrome.exe
C:\Users\upstaris\AppData\Local\Google\Chrome\Appl ication\chrome.exe
C:\Users\upstaris\AppData\Local\Google\Chrome\Appl ication\chrome.exe
C:\Users\upstaris\AppData\Local\Google\Chrome\Appl ication\chrome.exe
C:\Users\upstaris\AppData\Local\Google\Chrome\Appl ication\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, News, Sport, Music, Movies, Money, Cars, Shopping, Windows Live from MSN UK
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Hotmail, News, Sport, Music, Movies, Money, Cars, Shopping, Windows Live from MSN UK
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Hotmail, News, Sport, Music, Movies, Money, Cars, Shopping, Windows Live from MSN UK
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DIALux 3.1 ULDBrowserHelper Class - {69AB812A-8CE4-4BF3-B49B-3B60A9F31FB2} - C:\Program Files\DIALux\DLXShellExtension.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.ex e" -launchedbylogin
O4 - HKLM\..\Run: [Ai Nap] "C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [QFan Help] "C:\Program Files\ASUS\AI Suite\QFan3\QFanHelp.exe"
O4 - HKLM\..\Run: [Cpu Level Up help] "C:\Program Files\ASUS\AI Suite\CpuLevelUpHelp.exe"
O4 - HKLM\..\Run: [FontExpertType1Loader] C:\Program Files\FontExpert\Type1Loader.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [vmware-tray] "C:\Program Files\VMware\VMware Workstation\vmware-tray.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\upstaris\AppData\Local\Google\Update\Goo gleUpdate.exe" /c
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: OOo-dev 3.2.lnk = C:\Program Files\OOo-dev 3\program\quickstart.exe
O4 - Startup: OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O4 - Startup: RescueTime.lnk = C:\Program Files\RescueTime\RescueTime.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware workstation\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\program files\vmware\vmware workstation\vsocklib.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
O23 - Service: wampapache - Apache Software Foundation - c:\wamp2\bin\apache\apache2.2.11\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp2\bin\mysql\mysql5.1.36\bin\mysqld.exe
--
End of file - 6880 bytes
Senior Member
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
Note: The log can also be found on your Desktop entitled SystemLook.txt
- Double-click SystemLook.exe to run it.
- Vista users:: Right click on SystemLook.exe, click Run As Administrator
- Copy the content of the following box into the main textfield:
Code::filefind isoburn.exe- Click the Look button to start the scan.
- When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Newbie
SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 01:40 on 30/01/2010 by upstaris (Administrator - Elevation successful)
========== filefind ==========
Searching for "isoburn.exe"
C:\Windows\System32\isoburn.exe --a--- 86528 bytes [23:40 13/07/2009] [01:14 14/07/2009] C4A5086FFCE4FC9C78683E74E42B1E17
C:\Windows\winsxs\x86_microsoft-windows-isoburn_31bf3856ad364e35_6.1.7600.16385_none_e608f d42fa8ed70d\isoburn.exe --a--- 86528 bytes [23:40 13/07/2009] [01:14 14/07/2009] C4A5086FFCE4FC9C78683E74E42B1E17
-=End Of File=-
Senior Member
1. Please download The Avenger to your Desktop.
- Right click on the Avenger.zip folder and select "Extract All..."
- Follow the prompts and extract the Avenger folder to your desktop
2. Copy all the text contained in the code box below to your Clipboard by highlighting it and pressing (Ctrl+C):
Code:Begin copying here: Files to move: C:\Windows\winsxs\x86_microsoft-windows-isoburn_31bf3856ad364e35_6.1.7600.16385_none_e608f d42fa8ed70d\isoburn.exe | C:\Windows\System32\isoburn.exe
3. Now, open the avenger folder and start The Avenger program by clicking on its icon.
- Right click on the window under Input script here:, and select Paste.
- You can also click on this window and press (Ctrl+V) to paste the contents of the clipboard.
- Click on Execute
- Answer "Yes" twice when prompted.
4. The Avenger will automatically do the following:
- It will Restart your computer. ( In cases where the code to execute contains "Drivers to Delete", The Avenger will actually restart your system twice.)
- On reboot, it will briefly open a black command windowon your desktop, this is normal.
- After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
- The Avenger will also back up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
5. Please copy/paste the content of c:\avenger.txt into your reply
Newbie
Logfile of The Avenger Version 2.0, (c) by Swandog46
Swandog46's Public Anti-Malware Tools
Platform: Windows Vista
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
Error: could not open file "C:\Windows\winsxs\x86_microsoft-windows-isoburn_31bf3856ad364e35_6.1.7600.16385_none_e608f d42fa8ed70d\isoburn.exe" for move operation
File move operation "C:\Windows\winsxs\x86_microsoft-windows-isoburn_31bf3856ad364e35_6.1.7600.16385_none_e608f d42fa8ed70d\isoburn.exe|C:\Windows\System32\isobur n.exe" failed!
Status: 0xc000003a (STATUS_OBJECT_PATH_NOT_FOUND)
--> bad path / the parent directory does not exist
Completed script processing.
*******************
Finished! Terminate.
Senior Member
Grrrrrrrr....I hate this DAL bug, which creates a space after so many characters. Sorry for that.
Re-run with this script:
Code:Begin copying here: Files to move: C:\Windows\winsxs\x86_microsoft-windows-isoburn_31bf3856ad364e35_6.1.7600.16385_none_e608fd42fa8ed70d\isoburn.exe | C:\Windows\System32\isoburn.exe
Newbie
no problem!
trying it now....
Newbie
Logfile of The Avenger Version 2.0, (c) by Swandog46
Swandog46's Public Anti-Malware Tools
Platform: Windows Vista
*******************
Script file opened successfully.
Script file read successfully.
Backups directory opened successfully at C:\Avenger
*******************
Beginning to process script file:
Rootkit scan active.
No rootkits found!
File move operation "C:\Windows\winsxs\x86_microsoft-windows-isoburn_31bf3856ad364e35_6.1.7600.16385_none_e608f d42fa8ed70d\isoburn.exe|C:\Windows\System32\isobur n.exe" completed successfully.
Completed script processing.
*******************
Finished! Terminate.
