Browser hijacked

Thread Status:
Not open for further replies.
  1. Vomisa

    Vomisa New Member Bronze Member

    Joined:
    May 18, 2010
    Posts:
    4
    Likes Received:
    0
    Local time:
    16:42
    My System
    Loading...

    Thank you for your help.

    When I click on a link in search it is hijacked. I tried combofix and ran an online (reputable) virus scan can not get rid of it.

    I am running Windows XP 64.
    AMD Athon 64 3500+
    2.20ghz with 960 ram

    Here is the hijack file

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 6:52:12 AM, on 5/18/2010
    Platform: Windows XP SP3 (WinNT 5.01.2600)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\AVG\AVG9\avgchsvx.exe
    C:\Program Files\AVG\AVG9\avgrsx.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    C:\WINDOWS\arservice.exe
    C:\Program Files\AVG\AVG9\avgwdsvc.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\BOINC\boincmgr.exe
    C:\Program Files\BOINC\boinctray.exe
    C:\Program Files\COMPAQ\RF Wheel Mouse and Keyboard\Keyboard.exe
    C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
    C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\SurfBoard\PanelApp\PanelApp.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\COMPAQ\RF Wheel Mouse and Keyboard\openusbkbd.exe
    C:\Program Files\BOINC\boinc.exe
    C:\Documents and Settings\All Users\Application Data\BOINC\projects\setiathome.berkeley.edu\setiathome_6.03_windows_intelx86.exe
    C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
    c:\windows\system\hpsysdrv.exe
    C:\Program Files\DISC\DISCover.exe
    C:\Program Files\DISC\DiscUpdMgr.exe
    C:\Program Files\DISC\DiscStreamHub.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = IMDb :: Boards :: The Soapbox
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    R3 - URLSearchHook: preciseNews Toolbar - {0cb2b9d9-726f-4c35-9f9f-7cfbf60b68a1} - C:\Program Files\preciseNews\tbpre1.dll
    O2 - BHO: preciseNews Toolbar - {0cb2b9d9-726f-4c35-9f9f-7cfbf60b68a1} - C:\Program Files\preciseNews\tbpre1.dll
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: hpWebHelper Class - {AAAE832A-5FFF-4661-9C8F-369692D1DCB9} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\plugin\WebHelper.dll
    O2 - BHO: ChromeFrame BHO - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files\Google\Chrome Frame\Application\5.0.375.41\npchrome_frame.dll
    O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
    O3 - Toolbar: preciseNews Toolbar - {0cb2b9d9-726f-4c35-9f9f-7cfbf60b68a1} - C:\Program Files\preciseNews\tbpre1.dll
    O4 - HKLM\..\Run: [ftutil2] rundll32.exe ftutil2.dll,SetWriteCacheMode
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [HPBootOp] "C:\Program Files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" /run
    O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [boincmgr] "C:\Program Files\BOINC\boincmgr.exe" /a /s
    O4 - HKLM\..\Run: [boinctray] "C:\Program Files\BOINC\boinctray.exe"
    O4 - HKLM\..\Run: [Gnetmous] C:\Program Files\COMPAQ\RF Wheel Mouse and Keyboard\gnetmous.exe
    O4 - HKLM\..\Run: [Gkeybd] C:\Program Files\COMPAQ\RF Wheel Mouse and Keyboard\Keyboard.exe
    O4 - HKLM\..\Run: [USBToolTip] C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
    O4 - HKLM\..\Run: [Conime] %windir%\system32\conime.exe
    O4 - HKLM\..\Run: [EKIJ5000StatusMonitor] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKCU\..\Run: [DW6] "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
    O4 - HKCU\..\Run: [PanelApp] C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\SurfBoard\PanelApp\PanelApp.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - S-1-5-18 Startup: Check for OneTouch Updates.lnk.disabled (User 'SYSTEM')
    O4 - S-1-5-18 Startup: PMCRemoteLauncher.lnk = C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Pinnacle\TVC\Tools\PMCRemoteCtrl.exe (User 'SYSTEM')
    O4 - .DEFAULT Startup: Check for OneTouch Updates.lnk.disabled (User 'Default user')
    O4 - .DEFAULT Startup: PMCRemoteLauncher.lnk = C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Pinnacle\TVC\Tools\PMCRemoteCtrl.exe (User 'Default user')
    O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
    O4 - .DEFAULT User Startup: PinMcLnk.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
    O4 - Startup: Check for OneTouch Updates.lnk.disabled
    O4 - Startup: PMCRemoteLauncher.lnk = C:\Documents and Settings\Compaq_Administrator\Local Settings\Application Data\Pinnacle\TVC\Tools\PMCRemoteCtrl.exe
    O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
    O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
    O8 - Extra context menu item: Lookup on Merriam Webster - file://C:\Program Files\ieSpell\Merriam Webster.HTM
    O8 - Extra context menu item: Lookup on Wikipedia - file://C:\Program Files\ieSpell\wikipedia.HTM
    O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
    O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
    O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
    O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
    O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
    O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
    O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: http://*.trymedia.com (HKLM)
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/betapit/PCPitStop.CAB
    O16 - DPF: {3E90FFF5-1347-45B9-91F6-DA47926E9697} (PlaNet SysInfo Agent) - http://www.newhomebasedccr.com/test/PlaNetSysInfo.cab
    O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} (GMNRev Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
    O16 - DPF: {C52439A0-2693-4E40-B141-9F9AD5257241} (Lexmark eDiagnostics Class) - https://ediagnostics.lexmark.com/serval.cab
    O18 - Protocol: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files\Google\Chrome Frame\Application\5.0.375.41\npchrome_frame.dll
    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
    O23 - Service: AVG Free WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Kodak AiO Network Discovery Service - Eastman Kodak Company - C:\Program Files\Kodak\AiO\Center\ekdiscovery.exe
    O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
    O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
    O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: PanelSvc - Unknown owner - C:\Program Files\SurfBoard\PanelApp\PanelSvc.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    --
    End of file - 12310 bytes
  2. DCiAdmin

    DCiAdmin Well-Known Member

    Joined:
    Sep 30, 2008
    Posts:
    1,907
    Likes Received:
    274
    Local time:
    16:42
    My System
    Loading...

    Hello Vomisa :)

    If you don't mind, please review the PCHF PreWork document (link found in my signature) and post back ALL requested logs. It's a tried and true method to start the process to clear your system of the nasties that currently inhabit it :)

    Once we have your logs, the thread will be relocated to the [NEW] HJT Logs area of the forum for review and recommendation by the PCHF Security team.

    Please do NOT accept malware advice from anyone other than the PCHF Security team while you are working through this.
  3. Vomisa

    Vomisa New Member Bronze Member

    Joined:
    May 18, 2010
    Posts:
    4
    Likes Received:
    0
    Local time:
    16:42
    My System
    Loading...

    Thanks. I could not find the HJT forum sorry about that.:mrgreen:

    Attached Files:

  4. DCiAdmin

    DCiAdmin Well-Known Member

    Joined:
    Sep 30, 2008
    Posts:
    1,907
    Likes Received:
    274
    Local time:
    16:42
    My System
    Loading...

    No worries :) Someone will be with you as soon as possible!
  5. Sneakyone

    Sneakyone Well-Known Member Elite Member

    Joined:
    Oct 28, 2009
    Posts:
    1,968
    Likes Received:
    75
    Location:
    Alabama, USA
    Local time:
    16:42
    My System
    Loading...

    Hi, Welcome to PCHF!:)

    Warning: Running ComboFix without proper instruction from a expert can be very damaging to your computer.

    Please navigate here and post this log: C:\ComboFix.txt

    Regards,
    Sneakyone :)
  6. Pancake

    Pancake Well-Known Member

    Joined:
    Jun 1, 2006
    Posts:
    3,921
    Likes Received:
    5
    Location:
    Victoria, Australia
    Local time:
    07:42
    My System
    Loading...

    Hi.Welcome to the forum

    Please run both these programs.

    Please download Malwarebytes' Anti-Malware from one of these places:
    |MG| Malwarebytes Anti-Malware 1.46 Download
    |MG| Malwarebytes Anti-Malware 1.46 Download

    Double Click mbam-setup.exe to install the application.
    * Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.

    * Once the program has loaded, select "Perform Quick Scan", then click Scan.
    * The scan may take some time to finish,so please be patient.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Make sure that everything is checked, and click Remove Selected.
    * When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
    * The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    * Copy&Paste the entire report in your next reply.

    ===============================================

    Download Combofix and place it on your Desktop.

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    * Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.Combofix may be slow to start and appear to be doing nothing before it starts scanning.Just leave it,it will start.
    You can get help on disabling your protection programs here : How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
    Please include the C:\ComboFix.txt in your next reply for further review.

    Caution.....
    Never use this program to remove files.Only use it with help from an experienced user.Wrongful use can damage your computer.This tool is not a toy and not for everyday use. ComboFix SHOULD NOT be used unless requested by a qualified helper

  7. Vomisa

    Vomisa New Member Bronze Member

    Joined:
    May 18, 2010
    Posts:
    4
    Likes Received:
    0
    Local time:
    16:42
    My System
    Loading...

    Here is the Malware log

    Malwarebytes' Anti-Malware 1.46
    www.malwarebytes.org
    Database version: 4115
    Windows 5.1.2600 Service Pack 3
    Internet Explorer 8.0.6001.18702
    5/18/2010 8:45:18 PM
    mbam-log-2010-05-18 (20-45-18).txt
    Scan type: Quick scan
    Objects scanned: 145542
    Time elapsed: 10 minute(s), 9 second(s)
    Memory Processes Infected: 0
    Memory Modules Infected: 0
    Registry Keys Infected: 1
    Registry Values Infected: 0
    Registry Data Items Infected: 0
    Folders Infected: 0
    Files Infected: 0
    Memory Processes Infected:
    (No malicious items detected)
    Memory Modules Infected:
    (No malicious items detected)
    Registry Keys Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    Registry Values Infected:
    (No malicious items detected)
    Registry Data Items Infected:
    (No malicious items detected)
    Folders Infected:
    (No malicious items detected)
    Files Infected:
    (No malicious items detected)
    ----------------------------------------------

    And combofix

    ComboFix 10-05-17.01 - Compaq_Administrator 05/18/2010 20:51:09.6.1 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.958.378 [GMT -5:00]
    Running from: c:\documents and settings\Compaq_Administrator\Desktop\downloads\ComboFix.exe
    AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
    .
    ((((((((((((((((((((((((( Files Created from 2010-04-19 to 2010-05-19 )))))))))))))))))))))))))))))))
    .
    2010-05-19 01:33 . 2010-05-19 01:33 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\Malwarebytes
    2010-05-19 01:33 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-05-19 01:33 . 2010-05-19 01:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
    2010-05-19 01:33 . 2010-05-19 01:33 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-05-19 01:33 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-05-18 10:21 . 2010-05-18 10:21 -------- d-----w- c:\program files\Trend Micro
    2010-05-12 12:12 . 2010-05-12 12:12 -------- d-----w- c:\documents and settings\NetworkService\Application Data\AdobeUM
    2010-05-12 12:11 . 2010-05-12 12:12 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
    2010-05-12 02:29 . 2009-06-30 14:37 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
    2010-05-12 02:28 . 2010-05-12 02:28 -------- d-----w- c:\program files\Panda Security
    2010-05-11 20:14 . 2010-05-11 20:14 -------- d-----w- C:\$AVG
    2010-05-11 03:10 . 2010-05-19 00:24 88 ----a-w- c:\documents and settings\All Users\Application Data\BOINC\slots\0\libfftw3f-3-1-1a_upx.dll
    2010-05-11 03:10 . 2010-05-19 00:24 100 ----a-w- c:\documents and settings\All Users\Application Data\BOINC\slots\0\setiathome_6.03_windows_intelx86.exe
    2010-05-09 22:40 . 2010-03-15 09:31 165376 ----a-w- c:\windows\system32\unrar.dll
    2010-05-09 08:04 . 2010-05-09 08:27 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\gtk-2.0
    2010-05-09 07:45 . 2010-05-09 07:45 -------- d-----w- c:\documents and settings\Compaq_Administrator\.fontconfig
    2010-05-09 07:45 . 2010-05-09 08:29 -------- d-----w- c:\documents and settings\Compaq_Administrator\.gimp-2.6
    2010-05-09 07:40 . 2010-05-09 07:40 -------- d-----w- c:\program files\GIMP-2.0
    2010-05-09 06:30 . 2010-04-03 22:55 61440 ----a-w- c:\windows\system32\OpenCL.dll
    2010-05-09 06:30 . 2010-04-03 22:55 11647592 ----a-w- c:\windows\system32\nvcompiler.dll
    2010-05-05 05:35 . 2010-03-02 03:36 15688 ----a-w- c:\windows\system32\lsdelete.exe
    2010-04-22 13:58 . 2010-04-22 13:58 4093280 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgui.exe
    2010-04-22 13:58 . 2010-04-22 13:58 2064224 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgtray.exe
    2010-04-22 13:58 . 2010-04-22 13:58 1276768 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgfrw.exe
    2010-04-22 13:58 . 2010-04-22 13:58 1245464 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgabout.dll
    2010-04-22 13:58 . 2010-04-22 13:58 4258144 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgcorex.dll
    2010-04-22 13:57 . 2010-04-22 13:57 1689952 ----a-w- c:\documents and settings\All Users\Application Data\avg9\update\backup\avgupd.dll
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-05-19 01:04 . 2009-12-21 18:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Kodak
    2010-05-19 00:57 . 2008-11-27 15:05 -------- d-----w- c:\documents and settings\All Users\Application Data\BOINC
    2010-05-18 12:50 . 2008-11-27 14:22 -------- d-----w- c:\program files\LimeWire
    2010-05-11 21:02 . 2010-02-23 01:54 -------- d-----w- c:\documents and settings\Compaq_Administrator\Application Data\Facebook
    2010-05-11 02:36 . 2009-03-25 05:34 630157 ----a-w- c:\windows\Internet Logs\tvDebug.Zip
    2010-05-11 02:15 . 2010-03-21 00:59 -------- d-----w- c:\documents and settings\All Users\Application Data\avg9
    2010-05-09 06:32 . 2009-09-02 06:37 -------- d-----w- c:\program files\NVIDIA Corporation
    2010-05-09 06:23 . 2008-12-17 19:17 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
    2010-05-05 04:18 . 2006-09-06 01:10 -------- d---a-w- c:\program files\Common Files\LightScribe
    2010-05-05 04:18 . 2006-09-06 01:04 -------- d-----w- c:\program files\Common Files\InstallShield
    2010-05-01 06:37 . 2010-03-07 09:21 439816 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\Real\Update\setup3.10\setup.exe
    2010-04-17 20:54 . 2010-04-18 00:04 3139072 ----a-w- c:\windows\Internet Logs\xDB1E.tmp
    2010-04-11 03:24 . 2008-11-29 16:34 -------- d-----w- c:\program files\DivX
    2010-04-11 01:39 . 2010-02-23 01:54 50354 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\Facebook\uninstall.exe
    2010-04-11 00:36 . 2010-04-11 00:22 -------- d-----w- c:\program files\Microsoft GIF Animator
    2010-04-10 22:43 . 2006-09-06 01:09 153496 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
    2010-04-10 22:40 . 2010-04-10 22:40 -------- d-----w- c:\documents and settings\LocalService\Application Data\DivX
    2010-04-10 22:33 . 2010-04-10 22:33 -------- d-----w- c:\program files\OSS
    2010-04-10 22:18 . 2009-10-24 06:32 -------- d-----w- c:\program files\Free Video Converter
    2010-04-08 00:53 . 2009-03-08 06:11 -------- d-----w- c:\program files\Windows Live
    2010-04-04 00:23 . 2010-04-04 00:23 278120 ----a-w- c:\windows\system32\nvmccs.dll
    2010-04-04 00:23 . 2010-04-04 00:23 154216 ----a-w- c:\windows\system32\nvsvc32.exe
    2010-04-04 00:23 . 2010-04-04 00:23 145000 ----a-w- c:\windows\system32\nvcolor.exe
    2010-04-04 00:23 . 2010-04-04 00:23 13670504 ----a-w- c:\windows\system32\nvcpl.dll
    2010-04-04 00:23 . 2010-04-04 00:23 110696 ----a-w- c:\windows\system32\nvmctray.dll
    2010-04-04 00:22 . 2010-04-04 00:22 81920 ----a-w- c:\windows\system32\nvwddi.dll
    2010-04-03 22:55 . 2009-08-17 05:57 4075520 ----a-w- c:\windows\system32\nvcuda.dll
    2010-04-03 22:55 . 2009-08-17 05:57 2646632 ----a-w- c:\windows\system32\nvcuvenc.dll
    2010-04-03 22:55 . 2009-08-17 05:57 2183470 ----a-w- c:\windows\system32\nvdata.bin
    2010-04-03 22:55 . 2009-08-17 05:57 2030184 ----a-w- c:\windows\system32\nvcuvid.dll
    2010-04-03 22:55 . 2006-09-06 00:54 600680 ----a-w- c:\windows\system32\nvudisp.exe
    2010-04-03 22:55 . 2006-09-06 00:54 14757888 ----a-w- c:\windows\system32\nvoglnt.dll
    2010-04-03 22:55 . 2006-09-06 00:54 6432128 ----a-w- c:\windows\system32\nv4_disp.dll
    2010-04-03 22:55 . 2006-09-06 00:54 227944 ----a-w- c:\windows\system32\nvcodins.dll
    2010-04-03 22:55 . 2006-09-06 00:54 227944 ----a-w- c:\windows\system32\nvcod.dll
    2010-04-03 22:55 . 2006-09-06 00:54 1097728 ----a-w- c:\windows\system32\nvapi.dll
    2010-04-03 22:55 . 2006-09-06 00:54 10232128 ----a-w- c:\windows\system32\drivers\nv4_mini.sys
    2010-04-03 16:40 . 2009-06-06 16:22 -------- d-----w- c:\program files\QuickTime
    2010-04-03 16:40 . 2009-09-12 15:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
    2010-04-02 21:54 . 2009-09-02 06:35 600680 ----a-w- c:\windows\system32\NVUNINST.EXE
    2010-03-22 00:36 . 2009-03-24 15:13 -------- d-----w- c:\program files\Minilyrics
    2010-03-21 13:43 . 2010-03-21 01:00 12464 ----a-w- c:\windows\system32\avgrsstx.dll
    2010-03-21 13:43 . 2010-03-21 01:00 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
    2010-03-21 13:42 . 2010-03-21 01:00 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
    2010-03-10 06:15 . 2004-08-10 04:00 420352 ----a-w- c:\windows\system32\vbscript.dll
    2010-03-06 05:30 . 2010-03-06 05:30 5582848 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\Facebook\npfbplugin_1_0_3.dll
    2010-02-25 06:24 . 2004-08-10 04:00 916480 ----a-w- c:\windows\system32\wininet.dll
    2010-02-24 13:11 . 2004-08-10 04:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
    2010-02-19 23:47 . 2010-02-19 23:47 3604480 ----a-w- c:\windows\system32\GPhotos.scr
    2010-02-19 20:05 . 2009-09-26 04:41 144160 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\Move Networks\uninstall.exe
    2010-02-19 20:05 . 2009-12-10 19:26 4187512 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\Move Networks\plugins\npqmp071505000011.dll
    2010-02-19 20:05 . 2010-02-19 20:05 1436320 ----a-w- c:\documents and settings\Compaq_Administrator\Application Data\Move Networks\MoveMediaPlayerWinSilent_071505000011.exe
    2010-02-18 05:14 . 2010-02-18 05:14 9662 ----a-r- c:\documents and settings\Compaq_Administrator\Application Data\Microsoft\Installer\{D5EA1755-1899-4380-A4BA-83840648CBDA}\MainExecutableShortcutIcon.exe
    2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
    2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
    2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\opera\program\plugins\libdivx.dll
    2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\opera\program\plugins\ssldivx.dll
    2006-12-04 07:04 . 2008-11-27 05:45 22 --sha-w- c:\windows\SMINST\HPCD.SYS
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{0cb2b9d9-726f-4c35-9f9f-7cfbf60b68a1}"= "c:\program files\preciseNews\tbpre1.dll" [2010-02-17 2349080]
    [HKEY_CLASSES_ROOT\clsid\{0cb2b9d9-726f-4c35-9f9f-7cfbf60b68a1}]
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0cb2b9d9-726f-4c35-9f9f-7cfbf60b68a1}]
    2010-02-17 20:45 2349080 ----a-w- c:\program files\preciseNews\tbpre1.dll
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{0cb2b9d9-726f-4c35-9f9f-7cfbf60b68a1}"= "c:\program files\preciseNews\tbpre1.dll" [2010-02-17 2349080]
    [HKEY_CLASSES_ROOT\clsid\{0cb2b9d9-726f-4c35-9f9f-7cfbf60b68a1}]
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{0CB2B9D9-726F-4C35-9F9F-7CFBF60B68A1}"= "c:\program files\preciseNews\tbpre1.dll" [2010-02-17 2349080]
    [HKEY_CLASSES_ROOT\clsid\{0cb2b9d9-726f-4c35-9f9f-7cfbf60b68a1}]
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DW6"="c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe" [2009-10-08 818288]
    "PanelApp"="c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\SurfBoard\PanelApp\PanelApp.exe" [2009-12-30 31232]
    "WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ftutil2"="ftutil2.dll" [2004-06-07 106496]
    "Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2005-07-23 237568]
    "HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2006-02-16 249856]
    "LogitechCommunicationsManager"="c:\program files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe" [2007-10-25 563984]
    "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-16 981384]
    "boincmgr"="c:\program files\BOINC\boincmgr.exe" [2009-06-10 4182784]
    "boinctray"="c:\program files\BOINC\boinctray.exe" [2009-06-10 58112]
    "Gnetmous"="c:\program files\COMPAQ\RF Wheel Mouse and Keyboard\gnetmous.exe" [2002-11-26 153600]
    "Gkeybd"="c:\program files\COMPAQ\RF Wheel Mouse and Keyboard\Keyboard.exe" [2002-12-02 36864]
    "USBToolTip"="c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe" [2007-02-20 199752]
    "Conime"="c:\windows\system32\conime.exe" [2008-04-14 27648]
    "EKIJ5000StatusMonitor"="c:\windows\System32\spool\DRIVERS\W32X86\3\EKIJ5000MUI.exe" [2009-08-03 1626112]
    "RTHDCPL"="RTHDCPL.EXE" [2009-02-03 18085888]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-04 13670504]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-04-04 110696]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2006-09-06 180269]
    c:\documents and settings\Compaq_Administrator\Start Menu\Programs\Startup\
    Check for OneTouch Updates.lnk.disabled [2009-2-5 706]
    PMCRemoteLauncher.lnk - c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\Pinnacle\TVC\Tools\PMCRemoteCtrl.exe [2008-11-29 54544]
    c:\documents and settings\boinc_master\Start Menu\Programs\Startup\
    Pin.lnk.disabled [2005-8-17 572]
    PinMcLnk.lnk.disabled [2006-5-18 667]
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
    2010-03-21 13:43 12464 ----a-w- c:\windows\system32\avgrsstx.dll
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
    @="Service"
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
    "MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
    "DriverUpdaterPro"=c:\program files\iXi Tools\Driver Updater Pro\DriverUpdaterPro.exe -t
    "BMUpdate"=c:\windows\system32\BMUpdate.exe
    "TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe"
    "Google Update"="c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
    "WMPNSCFG"=c:\program files\Windows Media Player\WMPNSCFG.exe
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "IS CfgWiz"=c:\program files\Norton Internet Security\cfgwiz.exe /GUID {F073BDC9-0D67-4ff0-879E-27241C843828} /MODE CfgWiz /CMDLINE "REBOOT"
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe"
    "PhotoExplosionCalCheck"=c:\program files\Nova Development\Photo Explosion 3.0\calcheck.exe
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
    "VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
    "<NO NAME>"=
    "NvCplDaemon"=RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    "ehTray"=c:\windows\ehome\ehtray.exe
    "HP Software Update"=c:\program files\HP\HP Software Update\HPwuSchd2.exe
    "LogitechQuickCamRibbon"="c:\program files\Logitech\QuickCam\Quickcam.exe" /hide
    "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe"
    "AlwaysReady Power Message APP"=ARPWRMSG.EXE
    "NvMediaCenter"=RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    "nwiz"=c:\program files\NVIDIA Corporation\nView\nwiz.exe /install
    "WinampAgent"="c:\program files\Winamp\winampa.exe"
    "ISUSPM Startup"=c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    "OneTouch Monitor"=c:\progra~1\VISION~1\ONETOU~2.EXE
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
    "DisableMonitoring"=dword:00000001
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\DISC\\DISCover.exe"=
    "c:\\Program Files\\DISC\\DiscStreamHub.exe"=
    "c:\\Program Files\\DISC\\myFTP.exe"=
    "c:\\Program Files\\Compaq Connections\\5577497\\Program\\Compaq Connections.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\RM.exe"=
    "c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\PMSRegisterFile.exe"=
    "c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\umi.exe"=
    "c:\\Program Files\\Pinnacle\\VideoSpin\\Programs\\VideoSpin.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "c:\\Program Files\\Electronic Arts\\Battlefield 2142 Deluxe Edition\\BF2142.exe"=
    "c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\RM.exe"=
    "c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\Studio.exe"=
    "c:\\Program Files\\Pinnacle\\Studio 12\\Programs\\umi.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\AIM\\aim.exe"=
    "c:\\Program Files\\Pinnacle\\Studio 14\\Programs\\RM.exe"=
    "c:\\Program Files\\Pinnacle\\Studio 14\\Programs\\Studio.exe"=
    "c:\\Program Files\\Pinnacle\\Studio 14\\Programs\\umi.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\Kodak\\AiO\\Center\\AiOHomeCenter.exe"=
    "c:\\Program Files\\Kodak\\AiO\\Center\\Kodak.Statistics.exe"=
    "c:\\Program Files\\Kodak\\AiO\\Center\\NetworkPrinterDiscovery.exe"=
    "c:\\Program Files\\Kodak\\AiO\\Firmware\\KodakAiOUpdater.exe"=
    "c:\\Documents and Settings\\All Users\\Application Data\\Kodak\\Installer\\Setup.exe"=
    "c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "9322:TCP"= 9322:TCP:EKDiscovery
    R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [8/10/2009 9:35 PM 64160]
    R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [5/11/2010 9:29 PM 28552]
    R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [3/20/2010 8:00 PM 216200]
    R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [3/20/2010 7:59 PM 308064]
    R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files\Kodak\AiO\Center\ekdiscovery.exe [8/5/2009 1:49 PM 284016]
    R3 USBSER34;USBSER34;c:\windows\system32\drivers\USBSER34.SYS [4/18/2009 8:40 AM 37456]
    S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [9/26/2009 7:58 PM 133104]
    S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [7/3/2009 9:49 AM 1029456]
    S3 PanelSvc;PanelSvc;c:\program files\SurfBoard\PanelApp\PanelSvc.exe [12/30/2009 12:20 PM 91136]
    S3 PTV371;Mini TV USB;c:\windows\system32\drivers\PTV371.SYS [4/19/2006 3:38 AM 275776]
    S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [11/22/2009 4:09 PM 95568]
    S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys --> c:\windows\system32\DRIVERS\VBoxNetFlt.sys [?]
    S4 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe --> c:\program files\AskBarDis\bar\bin\AskService.exe [?]
    S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [1/25/2010 2:04 PM 682232]
    .
    Contents of the 'Scheduled Tasks' folder
    2010-05-04 c:\windows\Tasks\Ad-Aware Update (Weekly).job
    - c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 03:35]
    2010-05-08 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]
    2010-05-19 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-01-02 01:35]
    2010-05-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-09-27 00:57]
    2010-05-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2009-09-27 00:57]
    2010-05-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2191007485-2787607243-1909311677-1007Core.job
    - c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-12-11 21:03]
    2010-05-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2191007485-2787607243-1909311677-1007UA.job
    - c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-12-11 21:03]
    2010-05-19 c:\windows\Tasks\User_Feed_Synchronization-{2DD2D8E0-5241-483E-BF1B-6E8D6D4AA02E}.job
    - c:\windows\system32\msfeedssync.exe [2007-08-14 09:31]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.imdb.com/board/bd0000044/threads/
    IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
    IE: Lookup on Merriam Webster - file://c:\program files\ieSpell\Merriam Webster.HTM
    IE: Lookup on Wikipedia - file://c:\program files\ieSpell\wikipedia.HTM
    Trusted Zone: trymedia.com
    DPF: {3E90FFF5-1347-45B9-91F6-DA47926E9697} - hxxp://www.newhomebasedccr.com/test/PlaNetSysInfo.cab
    FF - ProfilePath - c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\k6yl3we3.default\
    FF - prefs.js: browser.search.selectedEngine - Bing
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig?hl=en&source=iglk
    FF - prefs.js: network.proxy.type - 4
    FF - component: c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\SurfBoard\PanelApp\ff\components\FFoxAddinStub.dll
    FF - plugin: c:\documents and settings\Compaq_Administrator\Application Data\Facebook\npfbplugin_1_0_1.dll
    FF - plugin: c:\documents and settings\Compaq_Administrator\Application Data\Facebook\npfbplugin_1_0_3.dll
    FF - plugin: c:\documents and settings\Compaq_Administrator\Application Data\Move Networks\plugins\npqmp071505000010.dll
    FF - plugin: c:\documents and settings\Compaq_Administrator\Application Data\Move Networks\plugins\npqmp071505000011.dll
    FF - plugin: c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\k6yl3we3.default\extensions\{0C7E3F01-99E9-4095-9BDC-F84724960B57}\plugins\NPCpnMgr.dll
    FF - plugin: c:\documents and settings\Compaq_Administrator\Application Data\Mozilla\Firefox\Profiles\k6yl3we3.default\extensions\{0FFCC8D1-8198-4b2f-9A96-2B4D4A65ECC9}\plugins\npGoogleGadgetPluginFirefoxWin.dll
    FF - plugin: c:\documents and settings\Compaq_Administrator\Local Settings\Application Data\Google\Update\1.2.183.23\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Google\Google Updater\2.4.1487.6512\npCIDetect13.dll
    FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
    FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npdnupdater2.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
    FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll
    FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
    ---- FIREFOX POLICIES ----
    FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, falsec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
    .
    **************************************************************************
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, GMER - Rootkit Detector and Remover
    Rootkit scan 2010-05-18 21:00
    Windows 5.1.2600 Service Pack 3 NTFS
    scanning hidden processes ...
    scanning hidden autostart entries ...
    scanning hidden files ...
    scan completed successfully
    hidden files: 0
    **************************************************************************
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    - - - - - - - > 'explorer.exe'(3144)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\msi.dll
    c:\windows\system32\mshtml.dll
    c:\windows\system32\msls31.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    Completion time: 2010-05-18 21:05:09
    ComboFix-quarantined-files.txt 2010-05-19 02:05
    ComboFix2.txt 2010-05-19 01:25
    ComboFix3.txt 2010-05-18 10:16
    ComboFix4.txt 2010-05-12 02:00
    ComboFix5.txt 2010-05-19 01:48
    Pre-Run: 61,558,697,984 bytes free
    Post-Run: 61,537,677,312 bytes free
    - - End Of File - - 6BA96E7543A67F2B4DFFAFC7521D8BE5
  8. Pancake

    Pancake Well-Known Member

    Joined:
    Jun 1, 2006
    Posts:
    3,921
    Likes Received:
    5
    Location:
    Victoria, Australia
    Local time:
    07:42
    My System
    Loading...

    Ok.All done.I see no more malware.This will clear away any of the files and folders that were created by ComboFix.
    Go to :
    Start > Run then copy and paste the following highlighted (blue) text below into the box and click OK.

    ComboFix /Uninstall

    Please read these for future reference it may save you future problems with malware:

    http://www.pchelpforum.com/fixed-hijackthis-logs/59327-now-you-all-clean-afterwork.html
    http://www.pchelpforum.com/fixed-hijackthis-logs/64964-so-you-want-prevent-happening.html
    http://www.pchelpforum.com/fixed-hijackthis-logs/57400-how-did-i-get-infected.html
    Prevention
    =============================

    This will help clean up your system.
    Please download ATF Cleaner by Atribune. http://www.atribune.org/ccount/click.php?id=1
    Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.
    (If you use FireFox or the Opera browser
    To keep saved passwords, click No at the prompt.)
    It's normal after running ATF cleaner that the PC will be slower to boot the first time or two.
  9. Vomisa

    Vomisa New Member Bronze Member

    Joined:
    May 18, 2010
    Posts:
    4
    Likes Received:
    0
    Local time:
    16:42
    My System
    Loading...

    Thank you guys for the help.

    I am proof that a little knowledge can be a dangerous thing.:D

    I thought I knew enough to take of this myself by reading a few web forums.

    Everything seems to be working fine.

    I am usually careful and thought I was well protected. I guess not.

    Again thanks.
  10. Pancake

    Pancake Well-Known Member

    Joined:
    Jun 1, 2006
    Posts:
    3,921
    Likes Received:
    5
    Location:
    Victoria, Australia
    Local time:
    07:42
    My System
    Loading...

    Ok.No problem.Glad to assist.
Similar Threads
Forum Title Date
System Security Browser hijacked?? May 9, 2014
System Security searchqu.com/406 hijacked my F'fox and Windows Browser Jan 28, 2012
System Security Search engine results hijacked for all browsers Jan 20, 2012
System Security Requesting assistance - hijacked browser Nov 14, 2011

Thread Status:
Not open for further replies.