google redirect bug

March 16, 2010 at 20:29:45
Specs: Windows XP
I am yet another victim to the google redirect bug....I ran every adware/spybot detector I could find and still cannot shake it. Can anyone help please

See More: google redirect bug

Report •

#1
March 16, 2010 at 20:43:17
Download DDS and save it to your desktop.
DDS.scr


Disable any script blocker if your Anti-Virus/Anti-Malware has it.
Once downloaded you can disconnect from the Internet and disable your Ant-Virus temporarily if needed.
Then double click dds.scr to run the tool.
When done, the DDS.txt will open.
Click Yes at the next prompt for Optional Scan.

When done, DDS will open two (2) logs:
1. DDS.txt
2. Attach.txt

Save both reports to your desktop then post them please.


Report •

#2
March 16, 2010 at 20:56:59
This is the DDS

DDS (Ver_09-12-01.01) - NTFSx86
Run by Steven Rhoads at 23:45:16.74 on Tue 03/16/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.299 [GMT -4:00]

AV: McAfee VirusScan *On-access scanning enabled* (Outdated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe
C:\WINDOWS\system32\rundll32.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\System32\svchost.exe -k HPZ12
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Documents and Settings\Steven Rhoads\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan\scriptsn.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
EB: HP Smart Web Printing: {555d4d79-4bd2-4094-a395-cfc534424a05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [ATIModeChange] Ati2mdxx.exe
mRun: [AGRSMMSG] AGRSMMSG.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [mcagent_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [McENUI] c:\progra~1\mcafee\mhn\McENUI.exe /hide
mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe"
mRun: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {8FA2192F-B95D-40E3-898F-8D7ABB8E00D0} - hxxp://download-games.pogo.com/online2/pogo/mahjong_escape_ancient_japan/SpinTopGamesLauncher.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} - hxxp://77.106.185.133/activex/AxisCamControl.cab
DPF: {934CC260-C5AA-43C4-A657-7B70C5B3DAE1} - hxxps://promosreports.rehabcare.com/crystalreportviewers/activeXViewer/activexviewer.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://148.61.229.201/activex/AMC.cab
DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} - hxxp://www.disneyphotopass.com/software/ImageUploader4.cab
DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} - hxxp://download-games.pogo.com/online2/pogo/mahjong_escape_ancient/PTGameLauncher.cab
DPF: {F5131C24-E56D-11CF-B78A-444553540000} - hxxps://ctpromos.rehabcare.com/_controls/ikcntrls.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\steven~1\applic~1\mozilla\firefox\profiles\3xhn1tgn.default\
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBook.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpClipBookDB.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpNeoLogger.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSaturn.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSeymour.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartSelect.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSmartWebPrinting.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpSWPOperation.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPLogging.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTC.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXPMTL.dll
FF - component: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\components\hpXREStub.dll
FF - component: c:\program files\mcafee\siteadvisor\components\McFFPlg.dll
FF - plugin: c:\documents and settings\steven rhoads\application data\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\documents and settings\steven rhoads\application data\move networks\plugins\npqmp071701000002.dll
FF - plugin: c:\program files\hp\digital imaging\smart web printing\mozillaaddon3\plugins\nphpclipbook.dll
FF - plugin: c:\program files\ksolo\npAVX.dll

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-3-14 64288]
R1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2008-12-28 214664]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-9-15 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-9-15 66632]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-2-4 1229232]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-12-29 93320]
R2 McProxy;McAfee Proxy Service;c:\progra~1\common~1\mcafee\mcproxy\mcproxy.exe [2008-12-28 359952]
R2 McShield;McAfee Real-time Scanner;c:\progra~1\mcafee\viruss~1\mcshield.exe [2008-12-28 144704]
R3 McSysmon;McAfee SystemGuards;c:\progra~1\mcafee\viruss~1\mcsysmon.exe [2008-12-28 606736]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2008-12-28 79816]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2008-12-28 35272]
R3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2008-12-28 40552]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-9-15 12872]
R3 TNET1130x;Wireless-G Notebook Adapter v.2.0;c:\windows\system32\drivers\TNET1130x.sys [2004-3-11 385536]
S2 0033391261390398mcinstcleanup;McAfee Application Installer Cleanup (0033391261390398);c:\windows\temp\003339~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service --> c:\windows\temp\003339~1.exe c:\progra~1\common~1\mcafee\instal~1\cleanup.ini -cleanup -nolog -service [?]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2009-8-16 18560]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2008-12-28 34248]

=============== Created Last 30 ================

2010-03-17 02:52:14 0 d-----w- c:\program files\Trend Micro
2010-03-15 21:08:15 0 d-----w- c:\docume~1\steven~1\applic~1\Malwarebytes
2010-03-15 21:07:58 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-15 21:07:55 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-03-15 21:07:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-15 21:07:53 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-15 20:18:03 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-03-15 20:18:03 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-03-15 00:05:15 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-03-15 00:05:08 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-03-15 00:02:25 0 dc-h--w- c:\docume~1\alluse~1\applic~1\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-03-15 00:01:50 0 d-----w- c:\program files\Lavasoft
2010-03-10 19:52:41 8327264 ----a-w- c:\program files\Firefox Setup 3.6.exe
2010-03-05 08:01:04 0 d-----w- c:\program files\MSXML 4.0
2010-03-04 12:10:54 16496 ----a-r- c:\windows\system32\drivers\HPZipr12.sys
2010-03-04 12:10:52 49920 ----a-r- c:\windows\system32\drivers\HPZid412.sys
2010-03-04 12:10:27 452408 ----a-r- c:\windows\system32\hpzids01.dll
2010-03-04 12:10:27 123904 ----a-w- c:\windows\system32\hpf3l70v.dll
2010-03-04 12:10:19 21568 ----a-r- c:\windows\system32\drivers\HPZius12.sys
2010-03-04 12:09:53 712704 ----a-r- c:\windows\system32\hposwia_d02c.dll
2010-03-04 12:09:53 589824 ----a-r- c:\windows\system32\hpost_d02c.dll
2010-03-04 12:09:53 372736 ----a-r- c:\windows\system32\hppldcoi.dll
2010-03-04 12:09:53 315392 ----a-r- c:\windows\system32\hposc_d02a.dll
2010-03-04 12:09:53 309760 ----a-r- c:\windows\system32\difxapi.dll
2010-03-04 12:04:13 0 d-----w- c:\program files\common files\HP
2010-03-04 12:00:51 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2010-03-04 12:00:51 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-03-04 11:53:18 163048 ------w- c:\windows\hpoins44.dat.temp
2010-03-04 11:53:17 586 ------w- c:\windows\hpomdl44.dat.temp
2010-03-01 20:04:49 0 d-----w- c:\windows\system32\wbem\Repository

==================== Find3M ====================

2010-03-10 01:33:27 40960 ----a-w- c:\program files\Study Guide EX III.doc
2010-03-04 12:12:34 165890 ----a-w- c:\windows\hpoins44.dat
2009-12-21 19:14:05 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-21 19:14:05 916480 ----a-w- c:\windows\system32\wininet(2)(2).dll
2009-12-21 19:14:05 1208832 ----a-w- c:\windows\system32\urlmon(2)(2).dll
2009-12-21 19:14:03 1985536 ----a-w- c:\windows\system32\iertutil(2)(2).dll
2009-12-21 19:14:02 11070464 ----a-w- c:\windows\system32\ieframe(3).dll
2009-10-14 16:54:28 7174176 ----a-w- c:\program files\SUPERAntiSpyware.exe
2009-02-03 01:22:43 13200143 -c--a-w- c:\program files\ta08dxdw.exe
2009-02-03 01:22:26 1093109 -c--a-w- c:\program files\ta08nc1040.exe
2009-01-27 23:00:25 55088 -c--a-w- c:\program files\MFInstall.exe
2008-12-28 23:22:19 4074 -c--a-w- c:\program files\IERegFix.bat
2008-10-18 23:49:28 426901 -c--a-w- c:\program files\Goofy_pumpkin.pdf
2008-10-02 22:54:19 58903352 -c--a-w- c:\program files\AVSVideoTools.exe
2008-09-30 22:00:02 4900376 -c--a-w- c:\program files\LimeWireWin.exe
2009-01-04 00:00:10 32768 -csha-w- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012009010320090104\index.dat

============= FINISH: 23:48:55.24 ===============


And this is the Attach file (im really sorry but I dont know how to zip a file)


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 9/29/2008 10:21:57 PM
System Uptime: 3/15/2010 6:14:36 PM (29 hours ago)

Motherboard: COMPAL | | 0860
Processor: Intel(R) Pentium(R) M processor 1.70GHz | U10 | 1694/100mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 75 GiB total, 61.462 GiB free.
D: is CDROM (CDFS)

==== Disabled Device Manager Items =============

==== System Restore Points ===================

RP460: 12/17/2009 7:28:34 AM - System Checkpoint
RP461: 12/18/2009 8:28:35 AM - System Checkpoint
RP462: 12/19/2009 9:04:05 AM - System Checkpoint
RP463: 12/20/2009 1:57:44 PM - System Checkpoint
RP464: 12/21/2009 2:53:49 PM - System Checkpoint
RP465: 12/22/2009 3:48:52 PM - System Checkpoint
RP466: 12/23/2009 4:48:52 PM - System Checkpoint
RP467: 12/24/2009 4:50:04 PM - System Checkpoint
RP468: 12/25/2009 5:49:08 PM - System Checkpoint
RP469: 12/26/2009 6:50:07 PM - System Checkpoint
RP470: 12/27/2009 7:51:37 PM - System Checkpoint
RP471: 12/28/2009 8:49:02 PM - System Checkpoint
RP472: 12/29/2009 9:49:03 PM - System Checkpoint
RP473: 12/30/2009 10:49:18 PM - System Checkpoint
RP474: 12/31/2009 7:26:25 PM - Installed Wireless-G Notebook Adapter
RP475: 1/1/2010 10:05:35 AM - Installed iTunes
RP476: 1/2/2010 10:33:00 AM - System Checkpoint
RP477: 1/3/2010 11:32:58 AM - System Checkpoint
RP478: 1/4/2010 12:33:01 PM - System Checkpoint
RP479: 1/5/2010 1:33:00 PM - System Checkpoint
RP480: 1/6/2010 1:34:04 PM - System Checkpoint
RP481: 1/7/2010 2:33:00 PM - System Checkpoint
RP482: 1/8/2010 3:00:18 AM - Software Distribution Service 3.0
RP483: 1/9/2010 3:00:22 AM - Software Distribution Service 3.0
RP484: 1/10/2010 3:23:29 AM - System Checkpoint
RP485: 1/11/2010 4:23:27 AM - System Checkpoint
RP486: 1/12/2010 5:23:29 AM - System Checkpoint
RP487: 1/13/2010 3:00:20 AM - Software Distribution Service 3.0
RP488: 1/13/2010 5:53:26 PM - Software Distribution Service 3.0
RP489: 1/14/2010 6:00:45 PM - System Checkpoint
RP490: 1/15/2010 6:59:45 PM - System Checkpoint
RP491: 1/16/2010 7:59:49 PM - System Checkpoint
RP492: 1/17/2010 8:59:46 PM - System Checkpoint
RP493: 1/18/2010 9:59:47 PM - System Checkpoint
RP494: 1/19/2010 10:23:46 PM - System Checkpoint
RP495: 1/20/2010 3:00:18 AM - Software Distribution Service 3.0
RP496: 1/21/2010 3:59:52 AM - System Checkpoint
RP497: 1/22/2010 3:00:19 AM - Software Distribution Service 3.0
RP498: 1/23/2010 3:25:22 AM - System Checkpoint
RP499: 1/24/2010 4:25:27 AM - System Checkpoint
RP500: 1/25/2010 5:25:26 AM - System Checkpoint
RP501: 1/26/2010 6:33:39 AM - System Checkpoint
RP502: 1/27/2010 7:15:46 AM - System Checkpoint
RP503: 1/28/2010 8:15:46 AM - System Checkpoint
RP504: 1/28/2010 9:31:01 AM - Restore Operation
RP505: 1/29/2010 3:00:24 AM - Software Distribution Service 3.0
RP506: 1/30/2010 3:27:31 AM - System Checkpoint
RP507: 1/31/2010 4:27:34 AM - System Checkpoint
RP508: 2/1/2010 5:27:34 AM - System Checkpoint
RP509: 2/2/2010 6:48:45 AM - System Checkpoint
RP510: 2/3/2010 7:27:32 AM - System Checkpoint
RP511: 2/4/2010 8:27:36 AM - System Checkpoint
RP512: 2/5/2010 8:27:45 AM - System Checkpoint
RP513: 2/6/2010 9:27:47 AM - System Checkpoint
RP514: 2/7/2010 10:27:52 AM - System Checkpoint
RP515: 2/8/2010 11:27:47 AM - System Checkpoint
RP516: 2/9/2010 12:27:47 PM - System Checkpoint
RP517: 2/10/2010 1:27:47 PM - System Checkpoint
RP518: 2/11/2010 1:28:06 PM - System Checkpoint
RP519: 2/12/2010 1:28:14 PM - System Checkpoint
RP520: 2/13/2010 1:31:22 PM - System Checkpoint
RP521: 2/14/2010 2:31:21 PM - System Checkpoint
RP522: 2/15/2010 3:31:21 PM - System Checkpoint
RP523: 2/16/2010 4:31:22 PM - System Checkpoint
RP524: 2/17/2010 4:32:25 PM - System Checkpoint
RP525: 2/18/2010 4:45:09 PM - System Checkpoint
RP526: 2/19/2010 5:31:23 PM - System Checkpoint
RP527: 2/20/2010 6:31:25 PM - System Checkpoint
RP528: 2/21/2010 8:33:54 PM - System Checkpoint
RP529: 2/22/2010 8:49:09 PM - System Checkpoint
RP530: 2/23/2010 8:55:07 PM - System Checkpoint
RP531: 2/24/2010 9:39:25 PM - System Checkpoint
RP532: 2/25/2010 10:52:56 PM - System Checkpoint
RP533: 2/26/2010 11:31:49 PM - System Checkpoint
RP534: 2/28/2010 12:31:56 AM - System Checkpoint
RP535: 3/1/2010 1:31:50 AM - System Checkpoint
RP536: 3/1/2010 2:55:27 PM - Restore Operation
RP537: 3/2/2010 3:00:23 AM - Software Distribution Service 3.0
RP538: 3/3/2010 3:03:51 AM - System Checkpoint
RP539: 3/4/2010 4:03:50 AM - System Checkpoint
RP540: 3/5/2010 3:00:18 AM - Software Distribution Service 3.0
RP541: 3/6/2010 3:00:21 AM - Software Distribution Service 3.0
RP542: 3/7/2010 3:22:24 AM - System Checkpoint
RP543: 3/8/2010 3:37:58 AM - System Checkpoint
RP544: 3/9/2010 3:00:18 AM - Software Distribution Service 3.0
RP545: 3/10/2010 3:00:21 AM - Software Distribution Service 3.0
RP546: 3/11/2010 3:00:22 AM - Software Distribution Service 3.0
RP547: 3/12/2010 3:00:19 AM - Software Distribution Service 3.0
RP548: 3/13/2010 3:00:19 AM - Software Distribution Service 3.0
RP549: 3/14/2010 4:00:17 AM - Software Distribution Service 3.0
RP550: 3/15/2010 3:00:18 AM - Software Distribution Service 3.0
RP551: 3/16/2010 3:00:20 AM - Software Distribution Service 3.0
RP552: 3/16/2010 10:28:18 PM - Software Distribution Service 3.0
RP553: 3/16/2010 10:34:00 PM - Software Distribution Service 3.0

==== Installed Programs ======================

32 Bit HP CIO Components Installer
Acrobat.com
Ad-Aware
Ad-Aware Email Scanner for Outlook
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 9.3
Agere Systems AC'97 Modem
ATI Display Driver
AVS DVDMenu Editor 1.2.1.19
AVS Video Tools 5.6
AXIS Media Control Embedded
BufferChm
Copy
Destinations
DeviceDiscovery
DJ_AIO_06_F2400_SW_Min
F2400
GPBaseService2
GTK+ Runtime 2.14.7 rev a (remove only)
HijackThis 2.0.2
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
HP Deskjet F2400 All-In-One Driver Software 13.0 Rel .6
HP Imaging Device Functions 13.0
HP Print Projects 1.0
HP Smart Web Printing 4.5
HP Solution Center 13.0
HP Update
hpPrintProjects
HPProductAssistant
hpWLPGInstaller
Java(TM) 6 Update 15
Java(TM) 6 Update 7
kSolo Recorder
LeapFrog Connect
LeapFrog Tag Plugin
LimeWire 4.18.8
Malwarebytes' Anti-Malware
McAfee SecurityCenter
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Move Media Player
Mozilla Firefox (3.6)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Odyssey Client
Pidgin
Scan
Security Update for CAPICOM (KB931906)
Security Update for Windows Internet Explorer 7 (KB938127-v2)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Internet Explorer 8 (KB974455)
Security Update for Windows Internet Explorer 8 (KB976325)
Security Update for Windows Internet Explorer 8 (KB978207)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows Media Player 9 (KB936782)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953838)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978706)
SmartWebPrinting
SolutionCenter
Spelling Dictionaries Support For Adobe Reader 9
Spybot - Search & Destroy
Status
SUPERAntiSpyware Free Edition
TaxACT 2008
TaxACT 2008 North Carolina
Toolbox
TrayApp
Update for Windows Internet Explorer 8 (KB972636)
Update for Windows Internet Explorer 8 (KB976662)
Update for Windows Internet Explorer 8 (KB976749)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
WebFldrs XP
WebReg
Windows Driver Package - LeapFrog (FlyUsb) USB (11/05/2008 1.1.1.0)
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows XP Service Pack 3
YahELite 330.1
Yahoo! Messenger

==== Event Viewer Messages From Past Week ========

3/15/2010 6:16:38 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
3/15/2010 6:16:38 PM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/15/2010 6:15:57 PM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: PCIIde
3/15/2010 6:15:10 PM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring the volume.
3/14/2010 8:54:07 PM, error: Service Control Manager [7000] - The SASDIFSV service failed to start due to the following error: Cannot create a file when that file already exists.
3/14/2010 8:11:19 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the McAfee SystemGuards service to connect.
3/14/2010 8:11:19 PM, error: Service Control Manager [7000] - The McAfee SystemGuards service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/10/2010 3:05:20 AM, error: Windows Update Agent [20] - Installation Failure: Windows failed to install the following update with error 0x8007f0f4: Security Update for Windows XP (KB977165).

==== End Of File ===========================


Report •

#3
March 16, 2010 at 21:08:13
You need to uninstall LimeWire as it is known to harbor spyware.

Go to start> control panel> click the Java icon> update tab> update now and allow Java to update. If you are prompted for any add-ons uncheck the box and continue. The newest Java is version 6 update 18.

Please download Combofix with internet explorer rather than another browser if possible.

Remember..your McAfee antivirus, Spybot's TeaTimer, and Ad-Aware must be turned off or disabled before running ComboFix. The clickable link "This Link" in the ComboFix tutorial will help you get them disabled.

Please download ComboFix to the desktop from one of the following links:

ComboFix

Rename the setup file, combofix.exe, before you download it. To do that once the "enter name of file to save to" box appears as the download begins in the filename box rename combofix.exe to to Combo-Fix> click save.
Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop.
If you are using Firefox, make sure that your download settings are as follows:
Tools->Options->Main tab
Set to "Always ask me where to Save the files".

Please do not rename Combofix to other names, but only to the one indicated.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
-----------------------------------------------------------
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on This Link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
-----------------------------------------------------------
Close any open browsers.
WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
-----------------------------------------------------------
Double click on Combo-Fix.exe & follow the prompts.
Install the recovery console when asked.
When finished, it will produce a report for you.
Please post the "C:\Combo-Fix.txt" .
Note: Do not mouseclick combo-fix's window while it's running. That may cause it to hang.


Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

Please do not install any new programs or update anything unless told to do so while we are fixing your problem.


Report •

Related Solutions

#4
March 16, 2010 at 22:45:04
I have had Limewire installed for a few years and have only had the google bug for a week. I understand Limewire is bad for viruses but I only use it for music which I find to be more or less virus free. here is the combofix log


ComboFix 10-03-16.03 - Steven Rhoads 03/17/2010 1:23.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1023.696 [GMT -4:00]
Running from: c:\program files\Combo-Fix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Steven Rhoads\Local Settings\Temporary Internet Files\temp.cab
c:\windows\system32\twain.dll
c:\windows\YAHELITE.INI

Infected copy of c:\windows\system32\DRIVERS\atapi.sys was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\atapi.sys
.
((((((((((((((((((((((((( Files Created from 2010-02-17 to 2010-03-17 )))))))))))))))))))))))))))))))
.

2010-03-17 04:26 . 2010-03-17 04:26 3892956 ----a-r- c:\program files\Combo-Fix.exe
2010-03-17 02:52 . 2010-03-17 02:52 -------- d-----w- c:\program files\Trend Micro
2010-03-15 21:08 . 2010-03-15 21:08 -------- d-----w- c:\documents and settings\Steven Rhoads\Application Data\Malwarebytes
2010-03-15 21:07 . 2010-01-07 20:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-15 21:07 . 2010-03-15 21:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-03-15 21:07 . 2010-01-07 20:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-15 21:07 . 2010-03-15 21:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-15 20:18 . 2010-03-15 21:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-03-15 20:18 . 2010-03-15 20:20 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-03-15 00:05 . 2010-02-04 15:53 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2010-03-15 00:05 . 2010-03-15 00:05 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-03-15 00:02 . 2010-03-15 00:02 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
2010-03-15 00:01 . 2010-03-15 00:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-03-15 00:01 . 2010-03-15 00:02 -------- d-----w- c:\program files\Lavasoft
2010-03-10 19:53 . 2010-03-10 19:53 0 ----a-w- c:\windows\nsreg.dat
2010-03-10 19:53 . 2010-03-10 19:53 -------- d-----w- c:\documents and settings\Steven Rhoads\Local Settings\Application Data\Mozilla
2010-03-10 19:52 . 2010-03-10 19:52 8327264 ----a-w- c:\program files\Firefox Setup 3.6.exe
2010-03-05 08:01 . 2010-03-05 08:01 -------- d-----w- c:\program files\MSXML 4.0
2010-03-04 12:10 . 2008-10-28 10:27 16496 ----a-r- c:\windows\system32\drivers\HPZipr12.sys
2010-03-04 12:10 . 2008-10-28 10:27 49920 ----a-r- c:\windows\system32\drivers\HPZid412.sys
2010-03-04 12:10 . 2009-04-16 19:08 123904 ----a-w- c:\windows\system32\hpf3l70v.dll
2010-03-04 12:10 . 2009-04-16 19:08 312832 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\hpfpp70v.dll
2010-03-04 12:10 . 2009-04-15 21:53 452408 ----a-r- c:\windows\system32\hpzids01.dll
2010-03-04 12:10 . 2008-10-28 10:27 21568 ----a-r- c:\windows\system32\drivers\HPZius12.sys
2010-03-04 12:09 . 2009-02-10 20:03 712704 ----a-r- c:\windows\system32\hposwia_d02c.dll
2010-03-04 12:09 . 2009-02-10 20:03 589824 ----a-r- c:\windows\system32\hpost_d02c.dll
2010-03-04 12:09 . 2009-02-10 20:03 315392 ----a-r- c:\windows\system32\hposc_d02a.dll
2010-03-04 12:09 . 2008-10-28 10:27 372736 ----a-r- c:\windows\system32\hppldcoi.dll
2010-03-04 12:09 . 2008-10-28 10:27 309760 ----a-r- c:\windows\system32\difxapi.dll
2010-03-04 12:05 . 2010-03-04 12:05 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Product Assistant
2010-03-04 12:04 . 2010-03-04 12:04 -------- d-----w- c:\program files\Common Files\HP
2010-03-04 12:00 . 2008-04-13 15:47 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2010-03-04 12:00 . 2008-04-13 15:47 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2010-03-01 20:04 . 2010-03-01 20:04 -------- d-----w- c:\windows\system32\wbem\Repository

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-17 05:15 . 2008-12-28 20:30 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-03-17 05:04 . 2010-01-08 00:46 -------- d-----w- c:\documents and settings\Steven Rhoads\Application Data\HPAppData
2010-03-17 04:19 . 2008-09-30 22:02 -------- d-----w- c:\program files\Java
2010-03-17 04:15 . 2010-03-17 04:15 152576 ----a-w- c:\documents and settings\Steven Rhoads\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2010-03-17 04:15 . 2010-03-17 04:15 79488 ----a-w- c:\documents and settings\Steven Rhoads\Application Data\Sun\Java\jre1.6.0_17\gtapi.dll
2010-03-17 02:42 . 2010-03-17 02:42 52224 ----a-w- c:\documents and settings\Steven Rhoads\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-03-17 02:42 . 2009-10-14 16:56 117760 ----a-w- c:\documents and settings\Steven Rhoads\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-03-17 02:31 . 2008-10-02 00:41 -------- d-----w- c:\program files\Common Files\Adobe
2010-03-15 00:54 . 2009-10-14 16:55 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-03-15 00:05 . 2010-03-15 00:05 95024 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\Drivers\SBREDrv.sys
2010-03-15 00:05 . 2010-03-15 00:05 598368 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\EmailScanner.dll
2010-03-15 00:05 . 2010-03-15 00:05 884176 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2010-03-15 00:05 . 2010-03-15 00:05 566608 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\sbap.dll
2010-03-15 00:05 . 2010-03-15 00:05 15880 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2010-03-15 00:05 . 2010-03-15 00:04 211064 ----a-w- c:\documents and settings\All Users\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2010-03-10 01:33 . 2010-03-10 01:30 40960 ----a-w- c:\program files\Study Guide EX III.doc
2010-03-04 12:13 . 2008-10-02 23:27 13880 -c--a-w- c:\documents and settings\Steven Rhoads\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-03-04 12:12 . 2010-01-08 00:27 165890 ----a-w- c:\windows\hpoins44.dat
2010-03-04 12:07 . 2010-01-08 00:29 -------- d-----w- c:\program files\HP
2010-03-04 12:03 . 2010-01-08 00:33 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2010-03-02 08:25 . 2009-05-27 12:39 -------- d-----w- c:\program files\Microsoft Silverlight
2010-03-01 20:06 . 2010-01-01 15:05 -------- d-----w- c:\program files\Bonjour
2010-03-01 20:04 . 2010-01-01 01:32 -------- d-----w- c:\program files\Linksys EasyLink Advisor
2010-03-01 20:03 . 2010-01-01 01:33 -------- d-----w- c:\documents and settings\Steven Rhoads\Application Data\GTek
2010-03-01 20:03 . 2010-01-01 15:03 -------- d-----w- c:\program files\Apple Software Update
2010-03-01 20:03 . 2010-01-01 15:03 -------- d-----w- c:\program files\QuickTime
2010-03-01 20:03 . 2010-01-01 15:03 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-03-01 20:03 . 2010-01-01 15:05 -------- d-----w- c:\program files\iTunes
2010-03-01 20:03 . 2010-01-01 15:08 -------- d-----w- c:\documents and settings\Steven Rhoads\Application Data\Apple Computer
2010-03-01 20:02 . 2010-01-08 00:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2010-03-01 20:02 . 2009-04-20 19:24 -------- d-----w- c:\program files\Yahoo!
2010-02-04 15:53 . 2010-03-15 00:02 2954656 -c--a-w- c:\documents and settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}\Ad-AwareInstaller.exe
2010-01-27 02:17 . 2010-01-27 02:02 -------- d-----w- c:\documents and settings\LocalService\Application Data\HPAppData
2010-01-27 02:02 . 2010-01-27 02:02 -------- d-----w- c:\documents and settings\LocalService\Application Data\Yahoo!
2009-12-31 16:50 . 2006-02-28 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:14 . 2006-02-28 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-21 19:14 . 2006-02-28 12:00 916480 ----a-w- c:\windows\system32\wininet(2)(2).dll
2009-12-21 19:14 . 2006-02-28 12:00 1208832 ----a-w- c:\windows\system32\urlmon(2)(2).dll
2009-12-21 19:14 . 2007-08-14 02:34 1985536 ----a-w- c:\windows\system32\iertutil(2)(2).dll
2009-12-21 19:14 . 2007-08-14 02:54 11070464 ----a-w- c:\windows\system32\ieframe(3).dll
2009-10-14 16:54 . 2009-10-14 16:54 7174176 ----a-w- c:\program files\SUPERAntiSpyware.exe
2009-02-03 01:22 . 2009-02-03 01:22 13200143 -c--a-w- c:\program files\ta08dxdw.exe
2009-02-03 01:22 . 2009-02-03 01:22 1093109 -c--a-w- c:\program files\ta08nc1040.exe
2009-01-27 23:00 . 2009-01-27 23:00 55088 -c--a-w- c:\program files\MFInstall.exe
2008-12-28 23:22 . 2008-12-28 23:22 4074 -c--a-w- c:\program files\IERegFix.bat
2008-10-18 23:49 . 2008-10-18 23:49 426901 -c--a-w- c:\program files\Goofy_pumpkin.pdf
2008-10-02 22:54 . 2008-10-02 22:54 58903352 -c--a-w- c:\program files\AVSVideoTools.exe
2008-09-30 22:00 . 2008-09-30 21:59 4900376 -c--a-w- c:\program files\LimeWireWin.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-03-15 2012912]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2009-03-19 4363504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIModeChange"="Ati2mdxx.exe" [2002-08-28 28672]
"AGRSMMSG"="AGRSMMSG.exe" [2005-03-04 88209]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2008-04-13 110592]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2009-05-07 380928]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\HP Software Update\\HPWUCli.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [3/14/2010 8:05 PM 64288]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [9/15/2009 11:42 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [9/15/2009 11:42 AM 66632]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [2/4/2010 11:52 AM 1229232]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [9/15/2009 11:42 AM 12872]
R3 TNET1130x;Wireless-G Notebook Adapter v.2.0;c:\windows\system32\drivers\TNET1130x.sys [3/11/2004 12:54 AM 385536]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [8/16/2009 7:47 PM 18560]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-03-17 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2010-02-04 00:04]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: {8FA2192F-B95D-40E3-898F-8D7ABB8E00D0} - hxxp://download-games.pogo.com/online2/pogo/mahjong_escape_ancient_japan/SpinTopGamesLauncher.cab
DPF: {934CC260-C5AA-43C4-A657-7B70C5B3DAE1} - hxxps://promosreports.rehabcare.com/crystalreportviewers/activeXViewer/activexviewer.cab
DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://148.61.229.201/activex/AMC.cab
DPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} - hxxp://download-games.pogo.com/online2/pogo/mahjong_escape_ancient/PTGameLauncher.cab
FF - ProfilePath - c:\documents and settings\Steven Rhoads\Application Data\Mozilla\Firefox\Profiles\3xhn1tgn.default\
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBook.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBookDB.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpNeoLogger.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSaturn.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSeymour.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartSelect.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartWebPrinting.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSWPOperation.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPLogging.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTC.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTL.dll
FF - component: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXREStub.dll
FF - plugin: c:\documents and settings\Steven Rhoads\Application Data\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: c:\documents and settings\Steven Rhoads\Application Data\Move Networks\plugins\npqmp071701000002.dll
FF - plugin: c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\plugins\nphpclipbook.dll
FF - plugin: c:\program files\kSolo\npAVX.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-McENUI - c:\progra~1\McAfee\MHN\McENUI.exe
HKLM-Run-mcagent_exe - c:\program files\McAfee.com\Agent\mcagent.exe
SafeBoot-mcmscsvc
SafeBoot-MCODS

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-17 01:32
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1340)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\program files\Funk Software\Odyssey Client\odLogin.dll

- - - - - - - > 'explorer.exe'(3248)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\LeapFrog\LeapFrog Connect\CommandService.exe
c:\windows\AGRSMMSG.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\wbem\unsecapp.exe
c:\program files\Yahoo!\Messenger\ymsgr_tray.exe
c:\windows\system32\wscntfy.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files\HP\Digital Imaging\bin\hpqgpc01.exe
.
**************************************************************************
.
Completion time: 2010-03-17 01:39:20 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-17 05:39

Pre-Run: 66,025,263,104 bytes free
Post-Run: 66,001,035,264 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 4AEE4868AE70802BDAAA78AE9762E198


Report •

#5
March 17, 2010 at 11:16:21
I got an email saying there was response after i posted the combofix log but i dont see the response...could you repost?

Report •

Ask Question