Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Firefox-> redirecting to diff websites, IE- opening adverts

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Firefox-> redirecting to diff websites, IE- opening adverts

Unread postby nataraj007 » March 3rd, 2010, 12:54 pm

I had a problem 3 days back like my system was infected by something called the Vista Anti Virus 2010 and I had a tough time removing it, tried to use Windows One Care live scan (hung up the system & had to restart) then Bitdefender online scan, after that got hold of Malwarebytes Anti Malware to remove that Vista... Then I installed AVG free version and scanned the system it got hold of a few tracking cookies, trojans & I removed them all. Then I also installed Microsoft Security Essentials and did a full scan and removed the ones(trojans and exploits) it picked off.

The trouble I am having now is that whenever I search on Google and I click on the results it starts rerouting me to a number of sites and takes me to some random site like manufacturingnet or something and sometimes to a false alarm site like vista 2010 antivirus. This is on Firefox and Safari browsers.
IE also seems to be affected, when IE browser is open & when the system is idle it opens advertisements from Subway get a $500 gift card or something.
Chrome seems to have been screwed up totally. Chrome browser does not open any page, when started it shows a blank page and when any website is keyed in it just keeps showing the 'working' cursor with a blank page.

Thanks for taking the time to help me!

Here is a copy of my Hijack this log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:28:24 AM, on 3/3/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe
C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe
C:\Program Files\Dell Photo AIO Printer 926\memcard.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Sony\Network Utility\LANUtil.exe
C:\Windows\ehome\ehtray.exe
C:\ProgramData\U3\U3Launcher\LaunchU3.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Users\Natarajan\AppData\Local\Google\Update\1.2.183.17\GoogleCrashHandler.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 200.65.129.2:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: 74.211.138.13 lnx01.dreamzhut.com
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NRITB Toolbar - {9c0ce3e8-2eb9-44e2-9ad5-d3b87be68fd8} - C:\Program Files\NRITB\tbNRIT.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: NRITB Toolbar - {9c0ce3e8-2eb9-44e2-9ad5-d3b87be68fd8} - C:\Program Files\NRITB\tbNRIT.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [VAIO Center Access Bar] "c:\program files\sony\VAIO Center Access Bar\VCAB.exe" 1
O4 - HKLM\..\Run: [VWLASU] "C:\Program Files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe"
O4 - HKLM\..\Run: [VAIOSurvey] C:\Program Files\Sony\VAIO Survey\Vista VAIO Survey.exe
O4 - HKLM\..\Run: [iPrint Tray] C:\Windows\system32\iprntctl.exe TRAY_ICON
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [dlcxmon.exe] "C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe"
O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 926\memcard.exe"
O4 - HKLM\..\Run: [DLCXCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [MSSE] "C:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
O4 - HKCU\..\Run: [NSUFloatingUI] "C:\Program Files\Sony\Network Utility\LANUtil.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [googletalk] C:\Users\Natarajan\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
O4 - HKCU\..\Run: [Google Update] "C:\Users\Natarajan\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [cdloader] "C:\Users\Natarajan\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: CIT200.lnk = C:\Program Files\Linksys\CIT200\cit200.exe
O4 - Startup: DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O4 - Global Startup: AOL DDI.lnk = C:\DDI\AOLICON.exe
O4 - Global Startup: Gatorlink VPN Client.lnk = ?
O4 - Global Startup: LaunchU3.exe.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O15 - Trusted Zone: www.catglobal.com
O15 - Trusted Zone: http://lnx03.dreamzhut.com
O15 - Trusted Zone: http://apps.sicherglobal.com
O15 - Trusted Zone: http://r12.sicherglobal.com
O15 - Trusted Zone: http://vis1200.solutionbeacon.net
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resour ... cctrl2.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: AVG Firewall (avgfws9) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgfws9.exe
O23 - Service: AVG9IDSAgent (AVGIDSAgent) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: dlcx_device - - C:\Windows\system32\dlcxcoms.exe
O23 - Service: FLEXlm License Manager - Unknown owner - C:\SEFlex\Program\lmgrd.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NSUService - Sony Corporation - C:\Program Files\Sony\Network Utility\NSUService.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: QuickBooks Database Manager Service (QBCFMonitorService) - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 16511 bytes


Here is a copy of Uninstall List

32 Bit HP CIO Components Installer
7-Zip 4.57
Activation Assistant for the 2007 Microsoft Office suites
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.2.0
Adobe Reader for Pocket PC 2.0
Adobe Shockwave Player
AIM 3.0
Alps Pointing-device for VAIO
AOL Toolbar 4.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
APRWIN
ArcSoft Print Creations
Arena 11.0 (CPR 7)
Audacity 1.2.6
AVG 9.0
Bonjour
CeRegEditor 0.0.4.4
CIT200
Click to DVD 2.0.05 Menu Data
Click to DVD 2.6.00
Codec Pack - All In 1 6.0.3.0
Compatibility Pack for the 2007 Office system
Cool MP3 Splitter 2.2
Corel Snapfire
Crackle Screen Saver 1.0
CutePDF Writer 2.8
Dell Photo AIO Printer 926
DemoCreator
DING!
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Web Player
DVD Flick
EasyFit 5.1
EPSON Printer Software
EPSON Scan
EPSON Stylus CX7400 Series Scanner Driver Update
ffdshow [rev 1803] [2008-01-20]
Flexsim 4
Formatter Plus V1.4
GameSpy Arcade
GAMS Distribution 22.0
Garena
Gatorlink VPN Client 5.0.00.0340
GDR 4053 for SQL Server Database Services 2005 ENU (KB970892)
GDR 4053 for SQL Server Tools and Workstation Components 2005 ENU (KB970892)
GetASFStream
Getif 2.2
Gizmo5
Google Earth
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
HDAUDIO SoftV92 Data Fax Modem with SmartCP
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Officejet Pro All-In-One Series
Intel(R) Graphics Media Accelerator Driver
iTunes
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 13
Java 2 Runtime Environment Standard Edition v1.3.1_03
Java(TM) 6 Update 10
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) SE Runtime Environment 6
Kaspersky Online Scanner
Madden NFL 07
Malwarebytes' Anti-Malware
Matroska Pack - Lazy Man's MKV 1.0.1-alpha6
Media Player Product Tool 5.20
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Antimalware
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath 2007
Microsoft Office InfoPath 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.4
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Project 2007 Service Pack 2 (SP2)
Microsoft Office Project 2007 Service Pack 2 (SP2)
Microsoft Office Project MUI (English) 2007
Microsoft Office Project Professional 2007
Microsoft Office Project Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
Microsoft Office Visio 2007 Service Pack 2 (SP2)
Microsoft Office Visio 2007 Service Pack 2 (SP2)
Microsoft Office Visio MUI (English) 2007
Microsoft Office Visio Professional 2007
Microsoft Office Visio Professional 2007
Microsoft Office Visual Web Developer 2007
Microsoft Office Visual Web Developer MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft Security Essentials
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (SQLEXPRESS)
Microsoft SQL Server 2005 Tools Express Edition
Microsoft SQL Server Compact 3.5 Design Tools ENU
Microsoft SQL Server Compact 3.5 ENU
Microsoft SQL Server Database Publishing Wizard 1.2
Microsoft SQL Server Native Client
Microsoft SQL Server Setup Support Files (English)
Microsoft SQL Server VSS Writer
Microsoft Visual Basic 2008 Express Edition - ENU
Microsoft Visual Basic 2008 Express Edition - ENU
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual Studio Web Authoring Component
Microsoft Visual Web Developer 2008 Express Edition - ENU
Microsoft Visual Web Developer 2008 Express Edition - ENU
Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework
Microsoft Windows SDK for Visual Studio 2008 Express Tools for Web
Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32
Microsoft Works
MoDaCo Smartphone GPS Activator (Remove Only)
Mozilla Firefox (3.5.8)
Mozilla Thunderbird (2.0.0.23)
MP3 Player Utilities 3.68
MP3 WAV WMA Converter
MSDN Library for Microsoft Visual Studio 2008 Express Editions
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML4 Parser
Napster
Napster Burn Engine
neroxml
Netscape Navigator (9.0.0.6)
Novell iPrint Client v04.28.00
NRITB Toolbar
OpenMG Limited Patch 4.7-07-15-19-01
OpenMG Secure Module 4.7.00
OpenOffice.org 2.3
Oracle Data Provider for .NET Help
Oracle JInitiator 1.3.1.18
Oracle JInitiator 1.3.1.21
Oracle XML Publisher Desktop
P2P Tv Plugin
Patch_CS_Hedging_Portfolio_of_Options_CVaR
Picasa 3
PIMprep
PopTools
Portfolio Safeguard
PowerISO
QuickBooks Product Listing Service
QuickBooks Simple Start Free Starter Edition
Quicken 2007
QuickTime
Real Alternative 1.8.0
Realtek High Definition Audio Driver
Roxio Easy Media Creator Home
Safari
SAMSUNG Mobile Modem Driver Set
SAS Private JRE (J2SE(tm) Java Runtime Environment 1.4.2_09)
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB973704)
Security Update for Microsoft Office Excel 2007 (KB973593)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Setting Utility Series
Skype web features
Skype™ 4.1
SNMP3D IPv6-IPv4 Toolkit
SonicStage Mastering Studio
SonicStage Mastering Studio Audio Filter
SonicStage Mastering Studio Audio Filter Custom Preset
SonicStage Mastering Studio Plugins
Sony Ericsson Device Data
Sony Ericsson Drivers
Sony Ericsson PC Suite
Sony Ericsson PC Suite
Sony Video Shared Library
SopCast 3.0.1
Spelling Dictionaries Support For Adobe Reader 8
Spiderman 3 XXXX
SSC Service Utility v4.30
SUPER © Version 2008.bld.32 (July 8, 2008)
SupportSoft Assisted Service
TBS WMP Plug-in
Toad for Oracle Freeware
TSP_CODEC
TVAnts 1.0
TVUPlayer 2.3.6.1
U3Launcher
Update for 2007 Microsoft Office System (KB967642)
Update for 2007 Microsoft Office System (KB967642)
Update for 2007 Microsoft Office System (KB967642)
Update for 2007 Microsoft Office System (KB967642)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Project 2007 Help (KB963668)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Visio 2007 Help (KB963666)
Update for Microsoft Office Word 2007 (KB974561)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb975960)
Update Service
USB MP3 Player WIN98 Drivers
VAIO Azure Float Wallpaper
VAIO Center Access Bar
VAIO Content Folder Setting
VAIO Content Importer / VAIO Content Exporter
VAIO Content Metadata Intelligent Analyzing Manager
VAIO Content Metadata Manager Setting
VAIO Content Metadata XML Interface Library
VAIO Control Center
VAIO Entertainment Center
VAIO Entertainment Platform
VAIO Event Service
VAIO Floral Dusk Wallpaper
VAIO Help And Support
VAIO Launcher
VAIO Media 6.0
VAIO Media AC3 Decoder 1.0
VAIO Media Content Collection 6.0
VAIO Media Integrated Server 6.1
VAIO Media Redistribution 6.0
VAIO Media Registration Tool 6.0
VAIO Movie Story
VAIO Movie Story Template Data
VAIO MusicBox
VAIO MusicBox Sample Music
VAIO OOBE and Welcome Center
VAIO Original Function Setting
VAIO PC Wireless LAN Wizard
VAIO Power Management
VAIO Productivity Center
VAIO Security Center
VAIO Service Utility
VAIO Smart Network
VAIO Survey
VAIO Teal Whisper Wallpaper
VAIO Update 3
VC Runtimes MSI
VC80CRTRedist - 8.0.50727.4053
VCRedistSetup
Veoh Web Player Beta
VeohTV BETA
VideoLAN VLC media player 0.8.6d
Windows Live ID Sign-in Assistant
Windows Live installer
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live OneCare safety scanner
Windows Media Player Firefox Plugin
Windows Mobile Device Center
Windows Mobile Device Center Driver Update
WinDVD for VAIO
WinSCP 4.2.1 beta
WinWay Resume Deluxe
Yahoo! Install Manager
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
Yahoo! Widgets
nataraj007
Regular Member
 
Posts: 17
Joined: March 3rd, 2010, 12:02 pm
Advertisement
Register to Remove

Re: Firefox-> redirecting to diff websites, IE- opening adverts

Unread postby MWR 3 day Mod » March 7th, 2010, 12:05 am

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.
MWR 3 day Mod
MRU Undergrad
MRU Undergrad
 
Posts: 2534
Joined: April 4th, 2008, 8:40 am

Re: Firefox-> redirecting to diff websites, IE- opening adverts

Unread postby gringo_pr » March 10th, 2010, 5:50 pm

Hello and Welcome to the forums!

My name is Gringo and I'll be glad to help you with your computer problems.

Somethings to remember while we are working together.

    1.Please do not run any other tool untill instructed to do so!
    2.Please reply to this thread, do not start another!
    3.Please tell me about any problems that have occurred during the fix.
    4.Please tell me of any other symptoms you may be having as these can help also.
    5.Please try as much as possible not to run anything while executing a fix.

If you follow these instructions, everything should go smoothly.

I would like to get a better look at your system, please do the following so I can get some more detailed logs.


DeFogger:

    Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
    • The application window will appear
    • Click the Disable button to disable your CD Emulation drivers
    • Click Yes to continue
    • A 'Finished!' message will appear
    • Click OK
    • DeFogger may ask you to reboot the machine, if it does - click OK
    Do not re-enable these drivers until otherwise instructed.
IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.

Download DDS:

    Please download DDS by sUBs from one of the links below and save it to your desktop:

    Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3

    Please disable any anti-malware program that will block scripts from running before running DDS.

    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
      • DDS.txt
      • Attach.txt
    • A window will open instructing you save & post the logs
    • Save the logs to a convenient place such as your desktop
    • Copy the contents of both logs & post in your next reply

GMER:

    Download GMER Rootkit Scanner from here or here.
    • Extract the contents of the zipped file to desktop.
    • Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
    • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO, then use the following settings for a more complete scan..
    Image
    • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
      • Sections
      • IAT/EAT
      • Drives/Partition other than Systemdrive (typically C:\)
      • Show All (don't miss this one)
    • Then click the Scan button & wait for it to finish.
    • Once done click on the [Save..] button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
    Save it where you can easily find it, such as your desktop

    **Caution**
    Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

information and logs:

    In your next post I need the following

      1.logs from DDS
      2.log from GMER
      3.let me know of any problems you may have had

Gringo
User avatar
gringo_pr
Site Moderator
Site Moderator
 
Posts: 1817
Joined: March 31st, 2007, 1:35 pm
Location: puerto rico

Re: Firefox-> redirecting to diff websites, IE- opening adverts

Unread postby nataraj007 » March 10th, 2010, 9:46 pm

Hello Gringo,

Thanks a lot for your assistance, the first time I tried to run GMER it crashed with the Blue Screen. The next time when i tried to run it, the system hung up on me (the processor resource usage was 100% continuously). Third time around again Blue screen. So have not been able to rum GMER.
Other symptoms I have are: Any browser (safari, firefox, IE8) that I browse on currently opens a new page with advertisement or some random link every 30 minutes. Then every now & then even if i do not use IE )when IE is closed) I get an IE popup. Then the google results divert me to some other sites.

edit: When I tried to post this message I got an error message like this :
Safari can’t open the page “http://www.malwareremoval.com/forum/posting.php?mode=reply&f=11&sid=ae3c85c0fcb96cea51b1a40906d43da6&t=49913”. The error is: “unknown error” (kCFErrorDomainWinSock:10052) Please choose Help > Report Bugs to Apple, note the error number, and describe what you did before you saw this message.

Similar "page cannot be displayed" page on IE finally used netscape navigator to post the message.

Here are the other two logs DDS and Attach:

DDS.txt log:


DDS (Ver_09-12-01.01) - NTFSx86
Run by Natarajan at 17:31:22.05 on Wed 03/10/2010
Internet Explorer: 8.0.6001.18882 BrowserJavaVersion: 1.6.0_10
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2550.1071 [GMT -7:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Windows\system32\lsm.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Program Files\Microsoft Security Essentials\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Apoint\Apoint.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Windows\system32\spool\DRIVERS\W32X86\3\HP1006MC.EXE
C:\Program Files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe
C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe
C:\Program Files\Dell Photo AIO Printer 926\memcard.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Sony\Network Utility\LANUtil.exe
C:\Windows\ehome\ehtray.exe
C:\ProgramData\U3\U3Launcher\LaunchU3.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\AVG\AVG9\avgfws9.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Windows\system32\dlcxcoms.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Sony\Network Utility\NSUService.exe
C:\Program Files\AVG\AVG9\avgam.exe
C:\Program Files\AVG\AVG9\avgnsx.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Windows\system32\igfxsrvc.exe
C:\Users\Natarajan\AppData\Local\Google\Update\1.2.183.17\GoogleCrashHandler.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Windows\system32\igfxext.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Safari\Safari.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Natarajan\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uStart Page = about:blank
uSearch Bar =
mDefault_Page_URL = hxxp://www.sony.com/vaiopeople
uInternet Settings,ProxyServer = 200.65.129.2:80
uInternet Settings,ProxyOverride = <local>
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: AOL Toolbar Launcher: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aol toolbar 4.0\aoltb.dll
BHO: {7E853D72-626A-48EC-A868-BA8D5E23E045} - No File
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: NRITB Toolbar: {9c0ce3e8-2eb9-44e2-9ad5-d3b87be68fd8} - c:\program files\nritb\tbNRIT.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll
BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No File
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn1\YTSingleInstance.dll
TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 4.0\aoltb.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
TB: NRITB Toolbar: {9c0ce3e8-2eb9-44e2-9ad5-d3b87be68fd8} - c:\program files\nritb\tbNRIT.dll
TB: Veoh Browser Plug-in: {d0943516-5076-4020-a3b5-aefaf26ab263} - c:\program files\veoh networks\veoh\plugins\reg\VeohToolbar.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn1\yt.dll
TB: Veoh Web Player Video Finder: {0fbb9689-d3d7-4f7a-a2e2-585b10099bfc} - c:\program files\veoh networks\veohwebplayer\VeohIEToolbar.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
uRun: [NSUFloatingUI] "c:\program files\sony\network utility\LANUtil.exe"
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [googletalk] c:\users\natarajan\appdata\roaming\google\google talk\googletalk.exe /autostart
uRun: [<NO NAME>]
uRun: [Google Update] "c:\users\natarajan\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [cdloader] "c:\users\natarajan\appdata\roaming\mjusbsp\cdloader2.exe" MAGICJACK
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Apoint] c:\program files\apoint\Apoint.exe
mRun: [ISBMgr.exe] "c:\program files\sony\isb utility\ISBMgr.exe"
mRun: [VAIO Center Access Bar] "c:\program files\sony\vaio center access bar\VCAB.exe" 1
mRun: [VWLASU] "c:\program files\sony\vaio pc wireless lan wizard\AutoLaunchWLASU.exe"
mRun: [VAIOSurvey] c:\program files\sony\vaio survey\Vista VAIO Survey.exe
mRun: [iPrint Tray] c:\windows\system32\iprntctl.exe TRAY_ICON
mRun: [Sony Ericsson PC Suite] "c:\program files\sony ericsson\mobile2\application launcher\Application Launcher.exe" /startoptions
mRun: [dlcxmon.exe] "c:\program files\dell photo aio printer 926\dlcxmon.exe"
mRun: [MemoryCardManager] "c:\program files\dell photo aio printer 926\memcard.exe"
mRun: [DLCXCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCXtime.dll,_RunDLLEntry@16
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [Skytel] Skytel.exe
mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [MSSE] "c:\program files\microsoft security essentials\msseces.exe" -hide -runkey
StartupFolder: c:\users\natara~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\cit200.lnk - c:\program files\linksys\cit200\cit200.exe
StartupFolder: c:\users\natara~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\ding!.lnk - c:\program files\southwest airlines\ding\Ding.exe
StartupFolder: c:\users\natara~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\users\natara~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\yahoo!~1.lnk - c:\program files\yahoo!\widgets\YahooWidgets.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\aolddi~1.lnk - c:\ddi\AOLICON.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\gatorl~1.lnk - c:\windows\installer\{ccbaa1f7-e5e1-48b2-9ed9-a79c6a37ce78}\Icon3E5562ED7.ico
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\launch~1.lnk - c:\windows\installer\{d8e363a7-88b7-446d-b2c0-e26ce4dc8e54}\_294823.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aol toolbar 4.0\aoltb.dll
IE: {5067A26B-1337-4436-8AFE-EE169C2DA79F} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
Trusted Zone: catglobal.com\www
Trusted Zone: dreamzhut.com\lnx03
Trusted Zone: sicherglobal.com\apps
Trusted Zone: sicherglobal.com\r12
Trusted Zone: solutionbeacon.net\vis1200
DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resour ... cctrl2.cab
DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} - hxxp://dl.tvunetworks.com/TVUAx.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
Notify: VESWinlogon - VESWinlogon.dll
AppInit_DLLs: avgrsstx.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
Hosts: 10.1.100.20 apps.sicherglobal.com
Hosts: 10.1.100.30 r12.sicherglobal.com
Hosts: 74.211.138.13 lnx01.dreamzhut.com
Hosts: 192.168.0.104 lnx03.dreamzhut.com lnx03

================= FIREFOX ===================

FF - ProfilePath - c:\users\natara~1\appdata\roaming\mozilla\firefox\profiles\p9kaqvdj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start2.mozilla.com/firefox ... S:official
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\google\picasa3\npPicasa2.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\microsoft\web platform installer\NPWPIDetector.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPJinit13118.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPJinit13121.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npnipp.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\veoh networks\veoh\plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\veoh networks\veohwebplayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\users\natarajan\appdata\local\google\update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\users\natarajan\appdata\roaming\move networks\plugins\npqmp071503000010.dll
FF - plugin: c:\users\natarajan\appdata\roaming\move networks\plugins\npqmp071505000010.dll
FF - plugin: c:\users\natarajan\appdata\roaming\move networks\plugins\npqmp071701000002.dll
FF - plugin: c:\users\natarajan\appdata\roaming\mozilla\plugins\npatgpc.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 AVGIDSErHrvtx;AVG9IDSErHr;c:\windows\system32\drivers\AVGIDSvx.sys [2010-3-2 25096]
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2010-3-2 52872]
R1 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwd6x.sys [2010-3-2 24856]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-3-2 216200]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-3-2 29512]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-3-2 242696]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-12-2 149040]
R2 avg9wd;AVG WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-3-4 308064]
R2 avgfws9;AVG Firewall;c:\program files\avg\avg9\avgfws9.exe [2010-3-4 2325816]
R2 AVGIDSAgent;AVG9IDSAgent;c:\program files\avg\avg9\identity protection\agent\bin\AVGIDSAgent.exe [2010-3-4 5888008]
R2 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe -service --> c:\windows\system32\dlcxcoms.exe -service [?]
R2 NSUService;NSUService;c:\program files\sony\network utility\NSUService.exe [2007-10-25 204800]
R3 AVGIDSDrivervtx;AVG9IDSDriver;c:\program files\avg\avg9\identity protection\agent\driver\platform_vista\AVGIDSDriver.sys [2010-3-2 122376]
R3 AVGIDSFiltervtx;AVG9IDSFilter;c:\program files\avg\avg9\identity protection\agent\driver\platform_vista\AVGIDSFilter.sys [2010-3-2 30216]
R3 AVGIDSShimvtx;AVG9IDSShim;c:\program files\avg\avg9\identity protection\agent\driver\platform_vista\AVGIDSShim.sys [2010-3-2 27144]
R3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2007-8-26 812544]
S2 FLEXlm License Manager;FLEXlm License Manager;c:\seflex\program\lmgrd.exe --> c:\seflex\program\lmgrd.exe [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-1-5 135664]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2008-1-9 13352]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2009-12-2 42368]
S3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\sony\vaio media integrated server\UCLS.exe [2007-10-25 745472]
S3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\sony\vaio media integrated server\platform\SV_Httpd.exe [2007-10-25 397312]
S3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\sony\vaio media integrated server\platform\UPnPFramework.exe [2007-10-25 1089536]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\sony\vcm intelligent analyzing manager\VcmIAlzMgr.exe [2007-8-26 292152]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\common files\sony shared\vcmxml\VcmXmlIfHelper.exe [2007-8-26 79736]

=============== Created Last 30 ================

2010-03-11 00:12:04 20 ----a-w- c:\users\natarajan\defogger_reenable
2010-03-10 18:18:58 0 d-----w- c:\program files\Microsoft SQL Server 2008 Upgrade Advisor
2010-03-10 15:44:23 73216 ----a-w- c:\windows\system32\msiexec.exe
2010-03-10 15:44:23 332800 ----a-w- c:\windows\system32\msihnd.dll
2010-03-10 15:44:23 2560 ----a-w- c:\windows\system32\msimsg.dll
2010-03-10 15:44:22 2241536 ----a-w- c:\windows\system32\msi.dll
2010-03-07 23:38:01 0 d-----w- c:\program files\Microsoft WSE
2010-03-07 23:33:28 0 d-----w- c:\programdata\SAS
2010-03-07 21:33:30 0 d-----w- c:\program files\Alcohol Soft
2010-03-07 20:36:55 0 d-----w- c:\program files\Elaborate Bytes
2010-03-07 20:00:39 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-03-07 19:59:45 0 d-----w- c:\users\natara~1\appdata\roaming\DAEMON Tools Lite
2010-03-07 19:59:40 0 d-----w- c:\programdata\DAEMON Tools Lite
2010-03-04 23:33:48 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2010-03-04 21:15:10 0 d-----w- c:\programdata\SpeedBit
2010-03-04 21:13:57 172032 ----a-w- c:\windows\system32\AniGIF.ocx
2010-03-04 21:12:54 0 d-----w- c:\program files\DAP
2010-03-04 21:09:11 378368 ----a-w- c:\windows\system32\winhttp.dll
2010-03-04 20:58:13 0 d-----w- c:\users\natara~1\appdata\roaming\AVG9
2010-03-04 17:31:15 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-03 22:55:30 3597912 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-03-03 22:55:30 3546200 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-03-03 22:55:25 499712 ----a-w- c:\windows\system32\kerberos.dll
2010-03-03 22:55:24 270848 ----a-w- c:\windows\system32\schannel.dll
2010-03-03 19:54:07 20 ----a-w- c:\windows\system32\SYSTEM
2010-03-03 16:27:31 0 d-----w- c:\program files\Trend Micro
2010-03-02 22:15:09 0 d-----w- c:\program files\Microsoft Security Essentials
2010-03-02 16:13:50 0 d--h--w- C:\$AVG
2010-03-02 16:13:45 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-03-02 16:13:45 25096 ----a-w- c:\windows\system32\drivers\AVGIDSvx.sys
2010-03-02 16:13:44 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-02 16:13:43 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-02 16:13:42 0 d-----w- c:\windows\system32\drivers\Avg
2010-03-02 15:42:18 24856 ----a-w- c:\windows\system32\drivers\avgfwd6x.sys
2010-03-02 15:42:16 0 d-----w- c:\program files\AVG
2010-03-02 15:42:12 0 d-----w- c:\programdata\avg9
2010-03-01 19:04:38 0 d-----w- c:\users\natara~1\appdata\roaming\Malwarebytes
2010-03-01 19:04:30 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-01 19:04:28 0 d-----w- c:\programdata\Malwarebytes
2010-03-01 19:04:27 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-01 19:04:27 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-01 17:52:57 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-03-01 17:52:55 411136 ----a-w- c:\windows\system32\drivers\http.sys
2010-03-01 17:52:54 31232 ----a-w- c:\windows\system32\httpapi.dll
2010-03-01 05:16:13 897624 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-03-01 05:16:07 281600 ----a-w- c:\windows\system32\raschap.dll
2010-03-01 05:16:07 244224 ----a-w- c:\windows\system32\rastls.dll
2010-03-01 05:16:02 31744 ----a-w- c:\windows\system32\msvidc32.dll
2010-03-01 05:16:02 1314816 ----a-w- c:\windows\system32\quartz.dll
2010-03-01 05:16:01 91136 ----a-w- c:\windows\system32\avifil32.dll
2010-03-01 05:16:01 82944 ----a-w- c:\windows\system32\mciavi32.dll
2010-03-01 05:16:01 65024 ----a-w- c:\windows\system32\avicap32.dll
2010-03-01 05:16:01 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2010-03-01 05:16:01 22528 ----a-w- c:\windows\system32\msyuv.dll
2010-03-01 05:16:01 13312 ----a-w- c:\windows\system32\msrle32.dll
2010-03-01 05:16:01 123904 ----a-w- c:\windows\system32\msvfw32.dll
2010-03-01 05:16:01 11776 ----a-w- c:\windows\system32\tsbyuv.dll
2010-03-01 05:15:55 105472 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-03-01 05:15:54 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-02-16 16:42:56 26112 ----a-w- C:\a1.xls

==================== Find3M ====================

2010-03-07 20:37:31 86016 ----a-w- c:\windows\inf\infpub.dat
2010-03-07 20:37:31 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-03-07 20:37:31 143360 ----a-w- c:\windows\inf\infstor.dat
2010-02-24 16:16:06 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-03 02:57:18 1948 ----a-w- c:\users\natara~1\appdata\roaming\wklnhst.dat
2010-01-23 09:44:02 2048 ----a-w- c:\windows\system32\tzres.dll
2010-01-02 06:38:20 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32:33 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 06:32:33 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 04:57:00 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2008-08-10 22:02:55 174 --sha-w- c:\program files\desktop.ini
2008-08-10 21:43:37 665600 ----a-w- c:\windows\inf\drvindex.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2006-05-03 09:06:54 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 10:47:16 31232 --sh--r- c:\windows\system32\msfDX.dll
2008-03-16 12:30:52 216064 --sh--r- c:\windows\system32\nbDX.dll
2009-08-06 03:47:29 278528 --sha-w- c:\windows\system32\config\systemprofile\appdata\roaming\microsoft\windows\ietldcache\index.dat
2007-08-26 21:25:27 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 17:35:38.54 ===============


Attach.txt log :


UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT

DDS (Ver_09-12-01.01)

Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 12/14/2007 12:07:43 PM
System Uptime: 3/10/2010 5:15:33 PM (0 hours ago)

Motherboard: Sony Corporation | | VAIO
Processor: Intel(R) Core(TM)2 Duo CPU T5250 @ 1.50GHz | N/A | 1500/167mhz

==== Disk Partitions =========================

C: is FIXED (NTFS) - 92 GiB total, 2.112 GiB free.
D: is Removable
E: is Removable
F: is CDROM ()
G: is FIXED (NTFS) - 44 GiB total, 12.19 GiB free.
H: is FIXED (NTFS) - 44 GiB total, 0.118 GiB free.

==== Disabled Device Manager Items =============

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET\0000
Service: CVirtA

==== System Restore Points ===================

No restore point in system.

==== Installed Programs ======================


µTorrent
32 Bit HP CIO Components Installer
7-Zip 4.57
AAC Decoder
Activation Assistant for the 2007 Microsoft Office suites
Adobe Digital Editions
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.2.0
Adobe Reader for Pocket PC 2.0
Adobe Shockwave Player
AdventureWorksDB
AIM 3.0
Alps Pointing-device for VAIO
AOL Toolbar 4.0
Apple Application Support
Apple Mobile Device Support
Apple Software Update
APRWIN
ArcSoft Print Creations
Arena 11.0 (CPR 7)
Audacity 1.2.6
AutoUpdate
AVG 9.0
Bonjour
BPD_Scan
CeRegEditor 0.0.4.4
CIT200
Click to DVD 2.0.05 Menu Data
Click to DVD 2.6.00
Codec Pack - All In 1 6.0.3.0
Compatibility Pack for the 2007 Office system
Cool MP3 Splitter 2.2
Corel Snapfire
Crackle Screen Saver 1.0
CutePDF Writer 2.8
Dell Photo AIO Printer 926
DemoCreator
DING!
DivX Codec
DivX Converter
DivX Player
DivX Plus DirectShow Filters
DivX Version Checker
DivX Web Player
DVD Flick
EasyFit 5.1
EPSON Printer Software
EPSON Scan
EPSON Stylus CX7400 Series Scanner Driver Update
ffdshow [rev 1803] [2008-01-20]
Flexsim 4
Formatter Plus V1.4
GameSpy Arcade
GAMS Distribution 22.0
Gatorlink VPN Client 5.0.00.0340
GetASFStream
Getif 2.2
Google Chrome
Google Earth
Google Talk (remove only)
Google Toolbar for Internet Explorer
Google Update Helper
Google Updater
GoToMeeting 4.0.0.320
H.264 Decoder
HDAUDIO SoftV92 Data Fax Modem with SmartCP
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
HP Officejet Pro All-In-One Series
Intel(R) Graphics Media Accelerator Driver
iTunes
J2SE Runtime Environment 5.0 Update 10
J2SE Runtime Environment 5.0 Update 12
J2SE Runtime Environment 5.0 Update 13
Java 2 Runtime Environment Standard Edition v1.3.1_03
Java(TM) 6 Update 10
Java(TM) 6 Update 3
Java(TM) 6 Update 5
Java(TM) SE Runtime Environment 6
Kaspersky Online Scanner
Malwarebytes' Anti-Malware
Matroska Pack - Lazy Man's MKV 1.0.1-alpha6
Media Player Product Tool 5.20
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB953297)
Microsoft .NET Framework 3.5 SP1
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft IntelliPoint 6.2
Microsoft Office 2007 Service Pack 2 (SP2)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.4
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Project 2007 Service Pack 2 (SP2)
Microsoft Office Project MUI (English) 2007
Microsoft Office Project Professional 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office SharePoint Designer 2007 Service Pack 2 (SP2)
Microsoft Office Visio 2007 Service Pack 2 (SP2)
Microsoft Office Visio MUI (English) 2007
Microsoft Office Visio Professional 2007
Microsoft Office Visual Web Developer 2007
Microsoft Office Visual Web Developer MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2008 Upgrade Advisor
Microsoft SQL Server Compact 3.5 Design Tools ENU
Microsoft SQL Server Compact 3.5 ENU
Microsoft SQL Server Database Publishing Wizard 1.2
Microsoft SQL Server Native Client
Microsoft Visual Basic 2008 Express Edition - ENU
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual Studio Web Authoring Component
Microsoft Visual Web Developer 2008 Express Edition - ENU
Microsoft Web Platform Installer 2.0
Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework
Microsoft Windows SDK for Visual Studio 2008 Express Tools for Web
Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32
Microsoft Works
Microsoft WSE 3.0 Runtime
Microsoft XML Parser
MKV Splitter
MoDaCo Smartphone GPS Activator (Remove Only)
Move Media Player
Mozilla Firefox (3.5.8)
Mozilla Thunderbird (2.0.0.23)
MP3 Player Utilities 3.68
MP3 WAV WMA Converter
MSDN Library for Microsoft Visual Studio 2008 Express Editions
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML4 Parser
Napster
Napster Burn Engine
neroxml
Netscape Navigator (9.0.0.6)
Novell iPrint Client v04.28.00
NRITB Toolbar
OpenMG Limited Patch 4.7-07-15-19-01
OpenMG Secure Module 4.7.00
OpenOffice.org 2.3
Oracle Data Provider for .NET Help
Oracle JInitiator 1.3.1.18
Oracle JInitiator 1.3.1.21
Oracle XML Publisher Desktop
P2P Tv Plugin
Patch_CS_Hedging_Portfolio_of_Options_CVaR
Picasa 3
PIMprep
PopTools
Portfolio Safeguard
PowerISO
QuickBooks Product Listing Service
QuickBooks Simple Start Free Starter Edition
Quicken 2007
QuickTime
Real Alternative 1.8.0
Realtek High Definition Audio Driver
Roxio Easy Media Creator Home
Safari
SAMSUNG Mobile Modem Driver Set
SAS 9.2
SAS Deployment Tester - Client 1.3
SAS Enterprise Guide 4.2
SAS Private JRE (J2SE(tm) Java Runtime Environment 1.4.2_09)
SAS Versioned Jar Repository 9.2
SAS/SECURE Java 9.2
Scan
Security Update for 2007 Microsoft Office System (KB951550)
Security Update for 2007 Microsoft Office System (KB951944)
Security Update for 2007 Microsoft Office System (KB969559)
Security Update for 2007 Microsoft Office System (KB973704)
Security Update for Microsoft Office Excel 2007 (KB973593)
Security Update for Microsoft Office Outlook 2007 (KB972363)
Security Update for Microsoft Office PowerPoint 2007 (KB957789)
Security Update for Microsoft Office Publisher 2007 (KB969693)
Security Update for Microsoft Office system 2007 (972581)
Security Update for Microsoft Office system 2007 (KB969613)
Security Update for Microsoft Office system 2007 (KB974234)
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)
Setting Utility Series
Skype web features
Skype™ 4.1
SNMP3D IPv6-IPv4 Toolkit
SonicStage Mastering Studio
SonicStage Mastering Studio Audio Filter
SonicStage Mastering Studio Audio Filter Custom Preset
SonicStage Mastering Studio Plugins
Sony Ericsson Device Data
Sony Ericsson Drivers
Sony Ericsson PC Suite
Sony Video Shared Library
SopCast 3.0.1
Spelling Dictionaries Support For Adobe Reader 8
Spiderman 3 XXXX
SSC Service Utility v4.30
SUPER © Version 2008.bld.32 (July 8, 2008)
SupportSoft Assisted Service
TBS WMP Plug-in
Toad for Oracle Freeware
TSP_CODEC
TVAnts 1.0
TVUPlayer 2.3.6.1
U3Launcher
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Project 2007 Help (KB963668)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Visio 2007 Help (KB963666)
Update for Microsoft Office Word 2007 (KB974561)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Outlook 2007 Junk Email Filter (kb975960)
Update Service
USB MP3 Player WIN98 Drivers
VAIO Azure Float Wallpaper
VAIO Center Access Bar
VAIO Content Folder Setting
VAIO Content Importer VAIO Content Exporter
VAIO Content Importer / VAIO Content Exporter
VAIO Content Metadata Intelligent Analyzing Manager
VAIO Content Metadata Manager Setting
VAIO Content Metadata XML Interface Library
VAIO Control Center
VAIO Entertainment Center
VAIO Entertainment Platform
VAIO Event Service
VAIO Floral Dusk Wallpaper
VAIO Help And Support
VAIO Launcher
VAIO Media
VAIO Media 6.0
VAIO Media AC3 Decoder 1.0
VAIO Media Content Collection 6.0
VAIO Media Integrated Server 6.1
VAIO Media Redistribution 6.0
VAIO Media Registration Tool
VAIO Media Registration Tool 6.0
VAIO Movie Story
VAIO Movie Story Template Data
VAIO MusicBox
VAIO MusicBox Sample Music
VAIO OOBE and Welcome Center
VAIO Original Function Setting
VAIO PC Wireless LAN Wizard
VAIO Power Management
VAIO Productivity Center
VAIO Security Center
VAIO Service Utility
VAIO Smart Network
VAIO Survey
VAIO Teal Whisper Wallpaper
VAIO Update 3
VC Runtimes MSI
VC80CRTRedist - 8.0.50727.4053
VCRedistSetup
Veoh Web Player Beta
VeohTV BETA
VideoLAN VLC media player 0.8.6d
WebEx
Windows Live ID Sign-in Assistant
Windows Live installer
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Media Player Firefox Plugin
Windows Mobile Device Center
Windows Mobile Device Center Driver Update
WinDVD for VAIO
WinSCP 4.2.1 beta
WinWay Resume Deluxe
Yahoo! Install Manager
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
Yahoo! Widgets

==== Event Viewer Messages From Past Week ========

3/9/2010 9:28:32 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the RapiMgr service.
3/9/2010 7:57:43 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.77.575.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.5502.0 Error code: 0x80072efe Error description: The connection with the server was terminated abnormally
3/8/2010 2:45:10 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.77.229.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.5502.0 Error code: 0x80072efe Error description: The connection with the server was terminated abnormally
3/7/2010 8:16:00 PM, Error: Service Control Manager [7034] - The Windows Update service terminated unexpectedly. It has done this 2 time(s).
3/7/2010 8:16:00 PM, Error: Service Control Manager [7031] - The Windows Management Instrumentation service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
3/7/2010 8:16:00 PM, Error: Service Control Manager [7031] - The User Profile Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
3/7/2010 8:16:00 PM, Error: Service Control Manager [7031] - The Themes service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/7/2010 8:16:00 PM, Error: Service Control Manager [7031] - The Task Scheduler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/7/2010 8:16:00 PM, Error: Service Control Manager [7031] - The System Event Notification Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
3/7/2010 8:16:00 PM, Error: Service Control Manager [7031] - The Shell Hardware Detection service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/7/2010 8:16:00 PM, Error: Service Control Manager [7031] - The Server service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
3/7/2010 8:16:00 PM, Error: Service Control Manager [7031] - The Secondary Logon service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
3/7/2010 8:16:00 PM, Error: Service Control Manager [7031] - The Remote Access Connection Manager service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
3/7/2010 8:16:00 PM, Error: Service Control Manager [7031] - The Multimedia Class Scheduler service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
3/7/2010 8:16:00 PM, Error: Service Control Manager [7031] - The IP Helper service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
3/7/2010 8:16:00 PM, Error: Service Control Manager [7031] - The IKE and AuthIP IPsec Keying Modules service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 300000 milliseconds: Restart the service.
3/7/2010 8:16:00 PM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
3/7/2010 8:16:00 PM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
3/7/2010 8:16:00 PM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/7/2010 5:57:10 PM, Error: EventLog [6008] - The previous system shutdown at 5:55:33 PM on 3/7/2010 was unexpected.
3/7/2010 11:19:47 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.77.229.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.5502.0 Error code: 0x80072efe Error description: The connection with the server was terminated abnormally
3/7/2010 1:09:55 PM, Error: EventLog [6008] - The previous system shutdown at 1:07:59 PM on 3/7/2010 was unexpected.
3/6/2010 3:29:55 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.77.229.0 Update Source: Microsoft Update Server Update Stage: Search Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.5502.0 Error code: 0x80072efe Error description: The connection with the server was terminated abnormally
3/6/2010 12:19:21 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Server service, but this action failed with the following error: An instance of the service is already running.
3/6/2010 11:54:38 AM, Error: Service Control Manager [7034] - The VAIO Entertainment File Import Service service terminated unexpectedly. It has done this 1 time(s).
3/5/2010 11:42:10 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
3/4/2010 4:40:41 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the QuickBooks Database Manager Service service to connect.
3/4/2010 4:40:41 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the NSUService service to connect.
3/4/2010 4:40:41 PM, Error: Service Control Manager [7000] - The NSUService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/4/2010 4:37:32 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
3/4/2010 12:50:35 PM, Error: Service Control Manager [7031] - The SQL Server Browser service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/4/2010 12:50:23 PM, Error: Service Control Manager [7034] - The SQL Server VSS Writer service terminated unexpectedly. It has done this 1 time(s).
3/4/2010 12:50:14 PM, Error: Service Control Manager [7034] - The SQL Server (SQLEXPRESS) service terminated unexpectedly. It has done this 1 time(s).
3/4/2010 10:42:49 AM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.77.229.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.5502.0 Error code: 0x800704c7 Error description: The operation was canceled by the user.
3/4/2010 1:52:08 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
3/4/2010 1:48:13 PM, Error: Service Control Manager [7043] - The Windows Update service did not shut down properly after receiving a preshutdown control.
3/4/2010 1:46:35 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.77.229.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.5502.0 Error code: 0x8024001e Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
3/4/2010 1:46:35 PM, Error: Microsoft Antimalware [2001] - Microsoft Antimalware has encountered an error trying to update signatures. New Signature Version: Previous Signature Version: 1.77.229.0 Update Source: Microsoft Update Server Update Stage: Download Source Path: http://www.microsoft.com Signature Type: AntiVirus Update Type: Full User: NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.5502.0 Error code: 0x8024001e Error description: An unexpected problem occurred while checking for updates. For information on installing or troubleshooting updates, see Help and Support.
3/3/2010 9:15:07 AM, Error: Microsoft-Windows-DistributedCOM [10001] - Unable to start a DCOM Server: {D5641912-E47A-429C-879E-CFE13EAC7A13} as /. The error: "740" Happened while starting this command: C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\1150\INTEL3~1\IDriver.exe -Embedding
3/3/2010 5:01:26 PM, Error: bowser [8003] - The master browser has received a server announcement from the computer MMEYYAPP-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{9921D18E-F777-43CF-AD69-3E6145. The master browser is stopping or an election is being forced.
3/3/2010 3:47:00 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Management Instrumentation service, but this action failed with the following error: An instance of the service is already running.
3/3/2010 3:47:00 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Remote Access Connection Manager service, but this action failed with the following error: An instance of the service is already running.
3/3/2010 3:46:00 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Update service, but this action failed with the following error: An instance of the service is already running.
3/3/2010 3:46:00 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Background Intelligent Transfer Service service, but this action failed with the following error: An instance of the service is already running.
3/3/2010 3:45:31 PM, Error: Service Control Manager [7034] - The Application Information service terminated unexpectedly. It has done this 1 time(s).
3/3/2010 3:45:31 PM, Error: Service Control Manager [7031] - The Extensible Authentication Protocol service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
3/3/2010 3:45:31 PM, Error: Service Control Manager [7031] - The Computer Browser service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
3/3/2010 3:45:31 PM, Error: Service Control Manager [7031] - The Background Intelligent Transfer Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/3/2010 3:45:31 PM, Error: Service Control Manager [7031] - The Application Experience service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/3/2010 12:55:10 PM, Error: Service Control Manager [7000] - The Parallel port driver service failed to start due to the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
3/3/2010 12:55:10 PM, Error: Service Control Manager [7000] - The FLEXlm License Manager service failed to start due to the following error: The system cannot find the file specified.
3/3/2010 12:53:06 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
3/3/2010 12:52:42 PM, Error: EventLog [6008] - The previous system shutdown at 12:49:59 PM on 3/3/2010 was unexpected.
3/3/2010 1:24:04 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
3/3/2010 1:23:47 PM, Error: EventLog [6008] - The previous system shutdown at 1:21:33 PM on 3/3/2010 was unexpected.
3/3/2010 1:20:18 PM, Error: Microsoft Antimalware [3002] - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed. Feature: Behavior Monitoring Error Code: 0x80004005 Error description: Unspecified error Reason: The filter driver requires an up-to-date engine in order to function. You must install the latest definition updates in order to enable real-time protection.
3/3/2010 1:02:42 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft Office Outlook 2007 Junk Email Filter (KB977719).
3/3/2010 1:02:42 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft Office InfoPath 2007 (KB976416).
3/10/2010 3:44:28 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avg9wd service.
3/10/2010 10:46:25 AM, Error: Service Control Manager [7034] - The AVG9IDSAgent service terminated unexpectedly. It has done this 1 time(s).

==== End Of File ===========================
nataraj007
Regular Member
 
Posts: 17
Joined: March 3rd, 2010, 12:02 pm

Re: Firefox-> redirecting to diff websites, IE- opening adverts

Unread postby gringo_pr » March 11th, 2010, 6:22 am

Hello

It may be helpful for you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.


I would like you to delete the Gmer you have now and download this version from here.

GMER:

I would like you to download this "special version of gmer." and save it to your desktop.


  • Double click GMER.exe. If asked to allow gmer.sys driver to load, please consent .
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO, then use the following settings for a more complete scan..
Image
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • devices(don't miss this one) <--this one is different than the picture
    • Drives/Partition other than Systemdrive (typically C:\)
    • Show All (don't miss this one)
  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
Save it where you can easily find it, such as your desktop

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

If Gmer runs then please give me the log and pass on the next step.

If Gmer still does not run and Only if it don't run please do the following.

I would like you to try and run Gmer in Safe mode to enter safe mode do the following.

Boot into Safe Mode

Reboot your computer in Safe Mode.

  • If the computer is running, shut down Windows, and then turn off the power.
  • Wait 30 seconds, and then turn the computer on.
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe Mode option is selected.
  • Press Enter. The computer then begins to start in Safe mode.
  • Login on your usual account.

If Gmer does run to the end please send me the log in your next reply and If it still does not run please let me know and we will try something else

"information and logs"

    In your next post I need the following

    1. log from Gmer
    2. let me know of any problems you may have had
    3. How is the computer doing now?

Gringo
User avatar
gringo_pr
Site Moderator
Site Moderator
 
Posts: 1817
Joined: March 31st, 2007, 1:35 pm
Location: puerto rico

Re: Firefox-> redirecting to diff websites, IE- opening adverts

Unread postby nataraj007 » March 12th, 2010, 11:15 pm

The newer GMER file worked but I am still not sure if this is all, because it was scanning files in C: for around an hour then suddenly i saw the stop button (on GMER) turning to a start button. Also after I saved GMER log as ark.txt the next minute the computer would not work at all, I was able to move the mouse but the task manager showed 100% utilization of the CPU. So please check and tell me if this is all the GMER log is supposed to say .

Edit: Also I had a problem with running GMER in safe mode. When I started the computer in safe mode, the mouse and keyboard will not work ! In the login screen nothing was working I could see the cursor blink but mu mouse or keyboard wont function.

Here comes the GMER log :

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-03-12 20:02:00
Windows 6.0.6001 Service Pack 1
Running: uvyursz6.exe; Driver: C:\Users\NATARA~1\AppData\Local\Temp\kwtdiuoc.sys


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xFA 0x25 0x49 0xB3 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x62 0xED 0x84 0x29 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xFA 0x25 0x49 0xB3 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x62 0xED 0x84 0x29 ...

---- EOF - GMER 1.0.15 ----
nataraj007
Regular Member
 
Posts: 17
Joined: March 3rd, 2010, 12:02 pm

Re: Firefox-> redirecting to diff websites, IE- opening adverts

Unread postby gringo_pr » March 13th, 2010, 1:57 am

Hello

right now it looks like you have more than one antivirus installed
    Microsoft Security Essentials
    AVG 9.0

please uninstall one of them

:Remove bad HijackThis entries:

  • Run HijackThis
  • Click on the Scan button
  • Put a check beside all of the items listed below (if present):

  • Close all open windows and browsers/email, etc...
  • Click on the "Fix Checked" button
  • When completed, close the application.

uninstall some programs

    1. click on start
    2. then go to settings
    3. after that you need control panel
    4. look for the icon add/remove programs
    click on the following programs
      Adobe Reader 8.2.0
      J2SE Runtime Environment 5.0 Update 10
      J2SE Runtime Environment 5.0 Update 13
      Java 2 Runtime Environment Standard Edition v1.3.1_03
      Java(TM) 6 Update 3
      Java(TM) 6 Update 5

    and click on remove

: Malwarebytes' Anti-Malware :

    I would like you to rerun MBAM

  • Double-click mbam icon
  • go to the update tab at the top
  • click on check for updates
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.
  • When completed, a log will open in Notepad. please copy and paste the log into your next reply
    • If you accidently close it, the log file is saved here and will be named like this:
    • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.


"information and logs"

    In your next post I need the following

    1. new log from hijackthis
    2. log from MBAM
    3. let me know of any problems you may have had
    4. How is the computer doing now?

Gringo
User avatar
gringo_pr
Site Moderator
Site Moderator
 
Posts: 1817
Joined: March 31st, 2007, 1:35 pm
Location: puerto rico

Re: Firefox-> redirecting to diff websites, IE- opening adverts

Unread postby nataraj007 » March 13th, 2010, 8:02 pm

I have removed Microsoft Security Essentials now,

Used Hijack this to remove the other files you said except for :
O15 - Trusted Zone: http://www.catglobal.com
O15 - Trusted Zone: http://lnx03.dreamzhut.com
O15 - Trusted Zone: http://apps.sicherglobal.com
O15 - Trusted Zone: http://r12.sicherglobal.com
O15 - Trusted Zone: http://vis1200.solutionbeacon.net
As these are the ones I keyed in for I was training in Oracle ERP so these were trusted sources and I do not believe they were manipulated ones.

Uninstalled all the programs you had mentioned. Btw I was following instructions blindly why had you asked to delete the Adobe Reader ? Now can I download a newer version & install it from the internet ? I need to read .pdf files.

On computer behavior let me update you in a while after noticing the performance.
Edit: The popups with ads are still a problem, still the google search items which are clicked keep me redirecting to some random website ( I should say it routes me through more than 2 different websites ). Google Chrome still does not work. Firefox, Safari and IE still have problems with the pop ups and search redirects.


New HijackThis log file:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:28:24 AM, on 3/3/2010
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v8.00 (8.00.6001.18882)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe
C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe
C:\Program Files\Dell Photo AIO Printer 926\memcard.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Sony\Network Utility\LANUtil.exe
C:\Windows\ehome\ehtray.exe
C:\ProgramData\U3\U3Launcher\LaunchU3.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
C:\Users\Natarajan\AppData\Local\Google\Update\1.2.183.17\GoogleCrashHandler.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 200.65.129.2:80
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: 74.211.138.13 lnx01.dreamzhut.com
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NRITB Toolbar - {9c0ce3e8-2eb9-44e2-9ad5-d3b87be68fd8} - C:\Program Files\NRITB\tbNRIT.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: NRITB Toolbar - {9c0ce3e8-2eb9-44e2-9ad5-d3b87be68fd8} - C:\Program Files\NRITB\tbNRIT.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: Veoh Web Player Video Finder - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [ISBMgr.exe] "C:\Program Files\Sony\ISB Utility\ISBMgr.exe"
O4 - HKLM\..\Run: [VAIO Center Access Bar] "c:\program files\sony\VAIO Center Access Bar\VCAB.exe" 1
O4 - HKLM\..\Run: [VWLASU] "C:\Program Files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe"
O4 - HKLM\..\Run: [VAIOSurvey] C:\Program Files\Sony\VAIO Survey\Vista VAIO Survey.exe
O4 - HKLM\..\Run: [iPrint Tray] C:\Windows\system32\iprntctl.exe TRAY_ICON
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [dlcxmon.exe] "C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe"
O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 926\memcard.exe"
O4 - HKLM\..\Run: [DLCXCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [MSSE] "C:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
O4 - HKCU\..\Run: [NSUFloatingUI] "C:\Program Files\Sony\Network Utility\LANUtil.exe"
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [googletalk] C:\Users\Natarajan\AppData\Roaming\Google\Google Talk\googletalk.exe /autostart
O4 - HKCU\..\Run: [Google Update] "C:\Users\Natarajan\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [cdloader] "C:\Users\Natarajan\AppData\Roaming\mjusbsp\cdloader2.exe" MAGICJACK
O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: CIT200.lnk = C:\Program Files\Linksys\CIT200\cit200.exe
O4 - Startup: DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O4 - Global Startup: AOL DDI.lnk = C:\DDI\AOLICON.exe
O4 - Global Startup: Gatorlink VPN Client.lnk = ?
O4 - Global Startup: LaunchU3.exe.lnk = ?
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 4.0\aoltb.dll
O9 - Extra button: (no name) - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\Windows\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O15 - Trusted Zone: http://www.catglobal.com
O15 - Trusted Zone: http://lnx03.dreamzhut.com
O15 - Trusted Zone: http://apps.sicherglobal.com
O15 - Trusted Zone: http://r12.sicherglobal.com
O15 - Trusted Zone: http://vis1200.solutionbeacon.net
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resour ... cctrl2.cab
O16 - DPF: {3EA4FA88-E0BE-419A-A732-9B79B87A6ED0} (CTVUAxCtrl Object) - http://dl.tvunetworks.com/TVUAx.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: AVG Firewall (avgfws9) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgfws9.exe
O23 - Service: AVG9IDSAgent (AVGIDSAgent) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: dlcx_device - - C:\Windows\system32\dlcxcoms.exe
O23 - Service: FLEXlm License Manager - Unknown owner - C:\SEFlex\Program\lmgrd.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: NSUService - Sony Corporation - C:\Program Files\Sony\Network Utility\NSUService.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: QuickBooks Database Manager Service (QBCFMonitorService) - Intuit - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
O23 - Service: Intuit QuickBooks FCS (QBFCService) - Intuit Inc. - C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Media Integrated Server (VAIOMediaPlatform-IntegratedServer-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe
O23 - Service: VAIO Media Integrated Server (HTTP) (VAIOMediaPlatform-IntegratedServer-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Integrated Server (UPnP) (VAIOMediaPlatform-IntegratedServer-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Media Gateway Server (VAIOMediaPlatform-Mobile-Gateway) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe
O23 - Service: VAIO Media Content Collection (VAIOMediaPlatform-UCLS-AppServer) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\UCLS.exe
O23 - Service: VAIO Media Content Collection (HTTP) (VAIOMediaPlatform-UCLS-HTTP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe
O23 - Service: VAIO Media Content Collection (UPnP) (VAIOMediaPlatform-UCLS-UPnP) - Sony Corporation - C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: VAIO Entertainment File Import Service (VzFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 16511 bytes


Malwarebytes' log:

Malwarebytes' Anti-Malware 1.44
Database version: 3864
Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.18882

3/13/2010 4:52:10 PM
mbam-log-2010-03-13 (16-52-10).txt

Scan type: Full Scan (C:\|G:\|H:\|)
Objects scanned: 412858
Time elapsed: 2 hour(s), 38 minute(s), 53 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\Temp\jar_cache49812.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
nataraj007
Regular Member
 
Posts: 17
Joined: March 3rd, 2010, 12:02 pm

Re: Firefox-> redirecting to diff websites, IE- opening adverts

Unread postby gringo_pr » March 13th, 2010, 11:06 pm

Hello

It may be helpful for you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Vista and Win 7 Users please Right Click and run as Admin all programs that I ask you to run

Update Adobe Reader

    Recently there have been vunerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version.

    You can download it from http://www.adobe.com/products/acrobat/readstep2.html
    After installing the latest Adobe Reader, uninstall all previous versions.
    If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

      If you don't like Adobe Reader (33.5 MB), you can download Foxit PDF Reader(3.5MB) from here. It's a much smaller file to download and uses a lot less resources than Adobe Reader.

      Note: When installing FoxitReader, be carefull not to install anything to do with AskBar.

Your Java is out of date.

It can be updated by the Java control panel
  • click on Start-> Control Panel (Classic View)-> Java (looks like a coffee cup) -> Update Tab -> Update Now.
  • An update should begin;
  • follow the prompts
  • After the update is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
        Applications and Applets
        Trace and Log Files

    • Click OK on Delete Temporary Files Window
      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
    • Click OK to leave the Temporary Files Window
    • Click OK to leave the Java Control Panel.

:run combofix:

    Please visit this webpage for download links, and instructions for running the tool:

    http://www.bleepingcomputer.com/combofix/how-to-use-combofix

    Please ensure you read this guide carefully

    Please continue as follows:

    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Click Yes to allow ComboFix to continue scanning for malware.

    When the tool is finished, it will produce a report for you.

    Please include the report in your next post:

    C:\ComboFix.txt

"information and logs"

    In your next post I need the following

    1. Log From Combofix
    2. let me know of any problems you may have had
    3. How is the computer doing now?

Gringo
User avatar
gringo_pr
Site Moderator
Site Moderator
 
Posts: 1817
Joined: March 31st, 2007, 1:35 pm
Location: puerto rico

Re: Firefox-> redirecting to diff websites, IE- opening adverts

Unread postby nataraj007 » March 14th, 2010, 12:29 pm

Hello Gringo,

Looks like I have finally got rid of it, anyway let me try restarting once and I'll keep you posted if the thing comes up again or not. As of now Chrome is back in action, Firefox and IE are doing fine, no longer popups or redirects are happening.
Thanks a lot Gringo.

Combofix log is here:

ComboFix 10-03-13.03 - Natarajan 03/14/2010 0:23.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2550.1546 [GMT -7:00]
Running from: c:\users\Natarajan\Desktop\ComboFix.exe
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-1693903684-3139912343-2051395266-500
c:\$recycle.bin\S-1-5-21-2152478756-3922319563-605102323-500
c:\$recycle.bin\S-1-5-21-2181796264-1699009989-3321213798-500
c:\$recycle.bin\S-1-5-21-2924274240-2078381449-3847050001-500
c:\program files\INSTALL.LOG
c:\users\Natarajan\AppData\Local\Microsoft\Windows\Temporary Internet Files\16YbBl4.jpg
c:\users\Natarajan\AppData\Local\Microsoft\Windows\Temporary Internet Files\4xBlYaJn.jpg
c:\users\Natarajan\AppData\Local\Microsoft\Windows\Temporary Internet Files\7XP7kM.jpg
c:\users\Natarajan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Jp61OOJ6A.jpg
c:\users\Natarajan\hosts

Infected copy of c:\windows\system32\drivers\atapi.sys was found and disinfected
Restored copy from - Kitty ate it :p
.
((((((((((((((((((((((((( Files Created from 2010-02-14 to 2010-03-14 )))))))))))))))))))))))))))))))
.

2010-03-14 07:12 . 2010-03-14 07:12 -------- d-----w- C:\32788R22FWJFW
2010-03-13 06:01 . 2010-03-13 06:03 -------- d-----w- c:\users\Natarajan\AppData\Local\Quest Software
2010-03-13 06:00 . 2010-03-13 06:00 -------- d-----w- c:\users\Natarajan\AppData\Roaming\Quest Software
2010-03-13 05:52 . 2010-03-13 05:52 -------- d-----w- c:\users\Natarajan\AppData\Roaming\Software
2010-03-13 05:52 . 2010-03-13 06:00 -------- d-----w- c:\programdata\Quest Software
2010-03-13 05:52 . 2010-03-13 05:52 -------- d-----w- c:\program files\Common Files\Quest Shared
2010-03-13 05:36 . 2010-03-13 05:36 -------- d-----w- c:\program files\Microsoft SQL Server 2008 DM Add-Ins
2010-03-11 06:52 . 2010-03-14 03:07 -------- d-----w- c:\users\Natarajan\AppData\Local\Microsoft_Corporation
2010-03-11 06:45 . 2008-07-11 00:28 50200 ----a-w- c:\windows\system32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.0.1600.22.dll
2010-03-11 06:45 . 2008-07-11 00:28 79896 ----a-w- c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.0.1600.22.dll
2010-03-11 06:42 . 2010-03-11 07:02 -------- d-----w- c:\windows\system32\RsFx
2010-03-11 06:39 . 2010-03-11 06:39 -------- d-----w- c:\windows\system32\1033
2010-03-10 18:18 . 2010-03-10 18:19 -------- d-----w- c:\program files\Microsoft SQL Server 2008 Upgrade Advisor
2010-03-10 15:44 . 2008-04-18 05:30 332800 ----a-w- c:\windows\system32\msihnd.dll
2010-03-10 15:44 . 2008-04-18 02:33 73216 ----a-w- c:\windows\system32\msiexec.exe
2010-03-10 15:44 . 2008-04-18 02:33 2560 ----a-w- c:\windows\system32\msimsg.dll
2010-03-10 15:44 . 2008-04-18 05:30 2241536 ----a-w- c:\windows\system32\msi.dll
2010-03-07 23:38 . 2010-03-07 23:38 -------- d-----w- c:\program files\Microsoft WSE
2010-03-07 23:33 . 2010-03-07 23:52 -------- d-----w- c:\programdata\SAS
2010-03-07 23:32 . 2010-03-07 23:37 -------- d-----w- c:\users\Natarajan\AppData\Local\SAS
2010-03-07 21:33 . 2010-03-07 21:33 -------- d-----w- c:\program files\Alcohol Soft
2010-03-07 20:36 . 2010-03-07 20:36 -------- d-----w- c:\program files\Elaborate Bytes
2010-03-07 20:00 . 2010-03-07 20:00 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-03-07 19:59 . 2010-03-07 20:15 -------- d-----w- c:\users\Natarajan\AppData\Roaming\DAEMON Tools Lite
2010-03-07 19:59 . 2010-03-07 19:59 -------- d-----w- c:\programdata\DAEMON Tools Lite
2010-03-04 23:33 . 2010-03-04 23:33 2560 ----a-w- c:\windows\_MSRSTRT.EXE
2010-03-04 21:15 . 2010-03-04 23:33 -------- d-----w- c:\programdata\SpeedBit
2010-03-04 21:12 . 2010-03-04 23:33 -------- d-----w- c:\program files\DAP
2010-03-04 21:09 . 2009-08-24 12:16 378368 ----a-w- c:\windows\system32\winhttp.dll
2010-03-04 20:58 . 2010-03-04 20:58 -------- d-----w- c:\users\Natarajan\AppData\Roaming\AVG9
2010-03-02 15:42 . 2010-03-02 15:42 24856 ----a-w- c:\windows\system32\drivers\avgfwd6x.sys
2010-03-02 15:42 . 2010-03-02 15:42 -------- d-----w- c:\program files\AVG
2010-03-02 15:42 . 2010-03-02 15:42 -------- d-----w- c:\programdata\avg9
2010-03-01 19:04 . 2010-03-01 19:04 -------- d-----w- c:\users\Natarajan\AppData\Roaming\Malwarebytes
2010-03-01 19:04 . 2010-01-07 23:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-01 19:04 . 2010-03-01 19:04 -------- d-----w- c:\programdata\Malwarebytes
2010-03-01 19:04 . 2010-03-13 20:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-01 19:04 . 2010-01-07 23:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-01 17:52 . 2009-11-09 13:22 24064 ----a-w- c:\windows\system32\nshhttp.dll
2010-03-01 17:52 . 2009-11-09 11:04 411136 ----a-w- c:\windows\system32\drivers\http.sys
2010-03-01 17:52 . 2009-11-09 13:20 31232 ----a-w- c:\windows\system32\httpapi.dll
2010-03-01 06:38 . 2010-03-01 19:03 -------- d-----w- c:\windows\BDOSCAN8
2010-03-01 05:16 . 2009-12-08 20:52 897624 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-03-01 05:16 . 2009-10-07 12:41 244224 ----a-w- c:\windows\system32\rastls.dll
2010-03-01 05:16 . 2009-10-07 12:41 281600 ----a-w- c:\windows\system32\raschap.dll
2010-03-01 05:16 . 2009-12-28 12:35 1314816 ----a-w- c:\windows\system32\quartz.dll
2010-03-01 05:16 . 2009-12-28 12:32 31744 ----a-w- c:\windows\system32\msvidc32.dll
2010-03-01 05:16 . 2009-12-28 12:35 11776 ----a-w- c:\windows\system32\tsbyuv.dll
2010-03-01 05:16 . 2009-12-28 12:32 22528 ----a-w- c:\windows\system32\msyuv.dll
2010-03-01 05:16 . 2009-12-28 12:32 123904 ----a-w- c:\windows\system32\msvfw32.dll
2010-03-01 05:16 . 2009-12-28 12:32 13312 ----a-w- c:\windows\system32\msrle32.dll
2010-03-01 05:16 . 2009-12-28 12:31 82944 ----a-w- c:\windows\system32\mciavi32.dll
2010-03-01 05:16 . 2009-12-28 12:31 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2010-03-01 05:16 . 2009-12-28 12:28 91136 ----a-w- c:\windows\system32\avifil32.dll
2010-03-01 05:16 . 2009-12-28 12:28 65024 ----a-w- c:\windows\system32\avicap32.dll
2010-03-01 05:15 . 2009-12-04 16:12 105472 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-03-01 05:15 . 2009-12-04 16:12 212992 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-14 07:40 . 2008-08-22 06:16 12 ----a-w- c:\windows\bthservsdp.dat
2010-03-14 06:03 . 2007-08-26 21:43 -------- d-----w- c:\program files\Java
2010-03-14 05:47 . 2008-01-10 20:22 -------- d-----w- c:\program files\Microsoft SQL Server
2010-03-14 05:36 . 2007-08-26 21:41 -------- d-----w- c:\program files\Common Files\Adobe
2010-03-14 00:10 . 2007-12-27 10:10 -------- d-----w- c:\users\Natarajan\AppData\Roaming\Skype
2010-03-14 00:09 . 2007-12-27 10:11 -------- d-----w- c:\users\Natarajan\AppData\Roaming\skypePM
2010-03-13 20:51 . 2008-05-29 22:20 -------- d-----w- c:\programdata\Google Updater
2010-03-13 05:52 . 2009-03-08 20:13 -------- d-----w- c:\program files\Quest Software
2010-03-11 06:39 . 2007-10-25 09:51 -------- d-----w- c:\program files\Microsoft.NET
2010-03-11 06:27 . 2007-12-15 05:44 193824 ----a-w- c:\programdata\Microsoft\VBExpress\9.0\1033\ResourceCache.dll
2010-03-11 06:27 . 2007-10-25 09:50 -------- d-----w- c:\programdata\Microsoft Help
2010-03-11 06:27 . 2007-12-15 05:42 416 ----a-w- c:\programdata\Microsoft\MSDN\9.0\1033\ResourceCache.dll
2010-03-11 06:23 . 2007-12-15 05:38 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2010-03-10 23:49 . 2010-03-10 23:49 10134 ----a-r- c:\users\Natarajan\AppData\Roaming\Microsoft\Installer\{7D95B533-4BA1-4EED-8096-EFCB6DD6B95F}\ARPPRODUCTICON.exe
2010-03-10 17:52 . 2008-03-27 00:12 -------- d-----w- c:\program files\FlashGet
2010-03-10 17:46 . 2008-01-30 08:34 -------- d-----w- c:\program files\Dl_cats
2010-03-10 14:28 . 2009-12-05 22:22 -------- d-----w- c:\program files\Microsoft
2010-03-09 16:47 . 2010-03-09 16:47 4250392 ----a-w- c:\programdata\avg9\update\backup\avgcorex.dll
2010-03-08 01:09 . 2009-01-02 16:18 -------- d-----w- c:\program files\Garena
2010-03-08 01:09 . 2007-08-26 21:08 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-03-08 00:59 . 2007-12-14 23:21 124384 ----a-w- c:\users\Natarajan\AppData\Local\GDIPFONTCACHEV1.DAT
2010-03-08 00:19 . 2009-02-18 23:39 -------- d-----w- c:\program files\SAS
2010-03-08 00:18 . 2009-02-19 00:33 -------- d-----w- c:\users\Natarajan\AppData\Roaming\SAS
2010-03-04 17:33 . 2010-03-04 17:33 74760 ----a-w- c:\programdata\avg9\update\backup\UniversalDD.sys
2010-03-04 17:33 . 2010-03-04 17:33 360584 ----a-w- c:\programdata\avg9\update\backup\avgtdix.sys
2010-03-04 17:33 . 2010-03-04 17:33 30216 ----a-w- c:\programdata\avg9\update\backup\AVGIDSFilter.sys
2010-03-04 17:33 . 2010-03-04 17:33 28424 ----a-w- c:\programdata\avg9\update\backup\avgmfx86.sys
2010-03-04 17:33 . 2010-03-04 17:33 27800 ----a-w- c:\programdata\avg9\update\backup\AVGIDSShim.sys
2010-03-04 17:33 . 2010-03-04 17:33 25608 ----a-w- c:\programdata\avg9\update\backup\AVGIDSvx.sys
2010-03-04 17:33 . 2010-03-04 17:33 333192 ----a-w- c:\programdata\avg9\update\backup\avgldx86.sys
2010-03-04 17:33 . 2010-03-04 17:33 161800 ----a-w- c:\programdata\avg9\update\backup\avgrkx86.sys
2010-03-04 17:33 . 2010-03-04 17:33 122376 ----a-w- c:\programdata\avg9\update\backup\AVGIDSDriver.sys
2010-03-04 17:31 . 2010-03-02 16:13 242696 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2010-03-04 17:31 . 2010-03-04 17:31 12464 ----a-w- c:\windows\system32\avgrsstx.dll
2010-03-04 17:31 . 2010-03-02 16:13 29512 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2010-03-04 17:30 . 2010-03-02 16:13 25096 ----a-w- c:\windows\system32\drivers\AVGIDSvx.sys
2010-03-04 16:58 . 2010-03-02 16:13 216200 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2010-03-04 16:58 . 2010-03-02 16:13 52872 ----a-w- c:\windows\system32\drivers\avgrkx86.sys
2010-03-03 16:27 . 2010-03-03 16:27 -------- d-----w- c:\program files\Trend Micro
2010-03-02 16:54 . 2008-12-13 03:29 -------- d-----w- c:\program files\GAMS22.0
2010-03-02 16:52 . 2009-01-02 21:27 -------- d-----w- c:\program files\Cool MP3 Splitter
2010-03-02 16:13 . 2010-03-02 16:16 3777280 ----a-w- c:\programdata\avg9\update\backup\setup.exe
2010-03-02 16:13 . 2010-03-02 16:16 1260800 ----a-w- c:\programdata\avg9\update\backup\avgfrw.exe
2010-03-02 16:13 . 2010-03-04 16:55 1658136 ----a-w- c:\programdata\avg9\update\backup\avgupd.dll
2010-03-02 16:13 . 2010-03-04 16:55 1007896 ----a-w- c:\programdata\avg9\update\backup\avgupd.exe
2010-03-02 16:13 . 2010-03-04 16:55 800536 ----a-w- c:\programdata\avg9\update\backup\avginet.dll
2010-03-02 16:13 . 2010-03-04 16:55 613656 ----a-w- c:\programdata\avg9\update\backup\avgiproxy.exe
2010-03-02 00:04 . 2007-12-18 22:46 -------- d-----w- c:\program files\Windows Live Safety Center
2010-03-01 08:49 . 2009-09-16 03:39 -------- d-----w- c:\program files\MP3 Player Utilities 3.68
2010-03-01 04:41 . 2007-12-21 14:55 -------- d-----w- c:\users\Natarajan\AppData\Roaming\uTorrent
2010-02-28 19:03 . 2008-02-01 19:39 680 ----a-w- c:\users\Natarajan\AppData\Local\d3d9caps.dat
2010-02-24 16:16 . 2009-10-05 10:03 181632 ------w- c:\windows\system32\MpSigStub.exe
2010-02-24 14:16 . 2007-12-14 22:05 -------- d-----w- c:\program files\Microsoft Silverlight
2010-02-23 11:32 . 2010-02-24 14:31 632544 ----a-w- c:\users\Natarajan\AppData\Roaming\Mozilla\Firefox\Profiles\p9kaqvdj.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
2010-02-23 11:32 . 2010-02-24 14:31 795320 ----a-w- c:\users\Natarajan\AppData\Roaming\Mozilla\Firefox\Profiles\p9kaqvdj.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
2010-02-16 20:08 . 2009-07-10 03:14 -------- d-----w- c:\users\Natarajan\AppData\Roaming\Gizmo5
2010-02-08 22:16 . 2010-02-08 22:16 -------- d-----w- c:\program files\Avago-HP
2010-02-08 22:12 . 2009-03-11 21:34 -------- d-----w- c:\program files\HP
2010-02-07 22:38 . 2010-02-07 22:37 -------- d-----w- c:\program files\iTunes
2010-02-07 22:37 . 2010-02-07 22:37 -------- d-----w- c:\program files\iPod
2010-02-07 22:37 . 2008-05-02 18:30 -------- d-----w- c:\program files\Common Files\Apple
2010-02-07 22:30 . 2010-02-07 22:30 72488 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.3.15\SetupAdmin.exe
2010-02-07 07:16 . 2009-07-08 19:29 -------- d-----r- c:\program files\Skype
2010-02-07 07:15 . 2010-02-07 07:15 -------- d-----w- c:\program files\Common Files\Skype
2010-02-07 07:15 . 2007-12-27 10:09 -------- d-----w- c:\programdata\Skype
2010-02-03 02:57 . 2007-12-16 07:55 1948 ----a-w- c:\users\Natarajan\AppData\Roaming\wklnhst.dat
2010-01-23 09:44 . 2010-03-01 05:17 2048 ----a-w- c:\windows\system32\tzres.dll
2010-01-22 22:32 . 2008-05-02 18:42 -------- d-----w- c:\users\Natarajan\AppData\Roaming\Apple Computer
2010-01-02 06:38 . 2010-03-01 05:17 916480 ----a-w- c:\windows\system32\wininet.dll
2010-01-02 06:32 . 2010-03-01 05:17 71680 ----a-w- c:\windows\system32\iesetup.dll
2010-01-02 06:32 . 2010-03-01 05:17 109056 ----a-w- c:\windows\system32\iesysprep.dll
2010-01-02 04:57 . 2010-03-01 05:17 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-12-16 23:05 . 2010-03-02 21:54 347136 ----a-w- c:\users\Natarajan\AppData\Roaming\Mozilla\Firefox\Profiles\p9kaqvdj.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff3.dll
2009-12-16 23:05 . 2010-03-02 21:54 340992 ----a-w- c:\users\Natarajan\AppData\Roaming\Mozilla\Firefox\Profiles\p9kaqvdj.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff2.dll
2009-12-16 23:05 . 2010-03-02 21:54 471040 ----a-w- c:\users\Natarajan\AppData\Roaming\Mozilla\Firefox\Profiles\p9kaqvdj.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\DictionaryCompressionFF.dll
2009-12-16 23:05 . 2010-03-02 21:54 43008 ----a-w- c:\users\Natarajan\AppData\Roaming\Mozilla\Firefox\Profiles\p9kaqvdj.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbarloader.dll
2009-12-16 23:05 . 2010-03-02 21:54 1452032 ----a-w- c:\users\Natarajan\AppData\Roaming\Mozilla\Firefox\Profiles\p9kaqvdj.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2006-05-03 09:06 . 2008-08-20 22:32 163328 --sh--r- c:\windows\System32\flvDX.dll
2007-02-21 10:47 . 2008-08-20 22:32 31232 --sh--r- c:\windows\System32\msfDX.dll
2008-03-16 12:30 . 2008-08-20 22:32 216064 --sh--r- c:\windows\System32\nbDX.dll
2007-08-26 21:25 . 2007-08-26 21:25 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9c0ce3e8-2eb9-44e2-9ad5-d3b87be68fd8}]
2007-12-10 18:46 1510424 ----a-w- c:\program files\NRITB\tbNRIT.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{9c0ce3e8-2eb9-44e2-9ad5-d3b87be68fd8}"= "c:\program files\NRITB\tbNRIT.dll" [2007-12-10 1510424]

[HKEY_CLASSES_ROOT\clsid\{9c0ce3e8-2eb9-44e2-9ad5-d3b87be68fd8}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{9C0CE3E8-2EB9-44E2-9AD5-D3B87BE68FD8}"= "c:\program files\NRITB\tbNRIT.dll" [2007-12-10 1510424]

[HKEY_CLASSES_ROOT\clsid\{9c0ce3e8-2eb9-44e2-9ad5-d3b87be68fd8}]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AOLOverlayIcon]
@="{AB0C8BE3-041C-47d6-8195-E089D32B38DD}"
[HKEY_CLASSES_ROOT\CLSID\{AB0C8BE3-041C-47d6-8195-E089D32B38DD}]
2007-08-15 16:42 303104 ------w- c:\ddi\OverIcon.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NSUFloatingUI"="c:\program files\Sony\Network Utility\LANUtil.exe" [2007-12-15 253952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-05-29 68856]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"googletalk"="c:\users\Natarajan\AppData\Roaming\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"Google Update"="c:\users\Natarajan\AppData\Local\Google\Update\GoogleUpdate.exe" [2008-09-04 133104]
"cdloader"="c:\users\Natarajan\AppData\Roaming\mjusbsp\cdloader2.exe" [2009-08-01 50520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"RtHDVCpl"="RtHDVCpl.exe" [2007-06-25 4489216]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-06-29 137752]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-06-29 154136]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-06-29 133656]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2007-06-08 118784]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2007-06-11 317560]
"VAIO Center Access Bar"="c:\program files\sony\VAIO Center Access Bar\VCAB.exe" [2007-06-21 53248]
"VWLASU"="c:\program files\Sony\VAIO PC Wireless LAN Wizard\AutoLaunchWLASU.exe" [2007-07-12 45056]
"VAIOSurvey"="c:\program files\Sony\VAIO Survey\Vista VAIO Survey.exe" [2007-07-20 577536]
"iPrint Tray"="c:\windows\system32\iprntctl.exe" [2007-05-07 40960]
"Sony Ericsson PC Suite"="c:\program files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-06-13 528384]
"dlcxmon.exe"="c:\program files\Dell Photo AIO Printer 926\dlcxmon.exe" [2007-01-12 292336]
"MemoryCardManager"="c:\program files\Dell Photo AIO Printer 926\memcard.exe" [2006-11-03 304008]
"DLCXCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll" [2006-10-16 106496]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Skytel"="Skytel.exe" [2007-06-25 1826816]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-11-11 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-01-23 141608]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]

c:\users\Natarajan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CIT200.lnk - c:\program files\Linksys\CIT200\cit200.exe [2006-12-21 762368]
DING!.lnk - c:\program files\Southwest Airlines\Ding\Ding.exe [2006-6-22 462848]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2008-10-25 98696]
Yahoo! Widgets.lnk - c:\program files\Yahoo!\Widgets\YahooWidgets.exe [2008-3-18 4742184]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2007-07-25 02:26 98304 ----a-w- c:\windows\System32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sr.sys]
@="FSFilter System Recovery"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2007-10-18 15:34 5724184 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
2008-08-28 14:18 3660848 ----a-w- c:\program files\Veoh Networks\Veoh\VeohClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

R2 FLEXlm License Manager;FLEXlm License Manager;c:\seflex\Program\lmgrd.exe [x]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 135664]
R3 AVGIDSAgent;AVG9IDSAgent;c:\program files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe AVGIDSAgent [x]
R3 AVGIDSDrivervtx;AVG9IDSDriver;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSDriver.sys [2010-03-04 122376]
R3 AVGIDSFiltervtx;AVG9IDSFilter;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSFilter.sys [2010-03-04 30216]
R3 AVGIDSShimvtx;AVG9IDSShim;c:\program files\AVG\AVG9\Identity Protection\Agent\Driver\Platform_Vista\AVGIDSShim.sys [2010-03-04 27144]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2008-01-10 13352]
R3 VAIOMediaPlatform-UCLS-AppServer;VAIO Media Content Collection;c:\program files\Sony\VAIO Media Integrated Server\UCLS.exe [2007-01-10 745472]
R3 VAIOMediaPlatform-UCLS-HTTP;VAIO Media Content Collection (HTTP);c:\program files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe [2007-06-20 397312]
R3 VAIOMediaPlatform-UCLS-UPnP;VAIO Media Content Collection (UPnP);c:\program files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe [2007-06-20 1089536]
R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2007-07-13 292152]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe [2007-07-06 79736]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2008-07-11 47128]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-03-07 691696]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2008-07-11 369688]
S0 AVGIDSErHrvtx;AVG9IDSErHr;c:\windows\System32\Drivers\AVGIDSvx.sys [2010-03-04 25096]
S0 AvgRkx86;avgrkx86.sys;c:\windows\System32\Drivers\avgrkx86.sys [2010-03-04 52872]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6x.sys [2010-03-02 24856]
S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\System32\Drivers\avgldx86.sys [2010-03-04 216200]
S1 AvgTdiX;AVG Network Redirector;c:\windows\System32\Drivers\avgtdix.sys [2010-03-04 242696]
S1 RsFx0102;RsFx0102 Driver;c:\windows\system32\DRIVERS\RsFx0102.sys [2008-07-10 242712]
S2 avg9wd;AVG WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-03-04 308064]
S2 avgfws9;AVG Firewall;c:\program files\AVG\AVG9\avgfws9.exe [2010-03-04 2325816]
S2 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe [2006-10-11 532480]
S2 NSUService;NSUService;c:\program files\Sony\Network Utility\NSUService.exe [2007-12-15 204800]
S3 ti21sony;ti21sony;c:\windows\system32\drivers\ti21sony.sys [2007-06-05 812544]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08
.
Contents of the 'Scheduled Tasks' folder

2010-03-14 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-12-14 06:07]

2010-03-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 01:40]

2010-03-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-06 01:40]

2010-03-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3721431775-3270401163-2758966721-1002Core.job
- c:\users\Natarajan\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-04 17:03]

2010-03-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3721431775-3270401163-2758966721-1002UA.job
- c:\users\Natarajan\AppData\Local\Google\Update\GoogleUpdate.exe [2008-09-04 17:03]

2010-03-14 c:\windows\Tasks\User_Feed_Synchronization-{08510C81-62A1-48BF-B258-98140C41A441}.job
- c:\windows\system32\msfeedssync.exe [2010-03-01 04:56]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = <local>
Trusted Zone: catglobal.com\www
Trusted Zone: dreamzhut.com\lnx03
Trusted Zone: sicherglobal.com\apps
Trusted Zone: sicherglobal.com\r12
Trusted Zone: solutionbeacon.net\vis1200
FF - ProfilePath - c:\users\Natarajan\AppData\Roaming\Mozilla\Firefox\Profiles\p9kaqvdj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start2.mozilla.com/firefox ... S:official
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa2.dll
FF - plugin: c:\program files\Google\Picasa3\npPicasa3.dll
FF - plugin: c:\program files\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Microsoft\Web Platform Installer\NPWPIDetector.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPJinit13118.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPJinit13121.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npnipp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npOGAPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPTURNMED.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\NPVeohTVPlugin.dll
FF - plugin: c:\program files\Veoh Networks\VeohWebPlayer\npWebPlayerVideoPluginATL.dll
FF - plugin: c:\users\Natarajan\AppData\Local\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\users\Natarajan\AppData\Roaming\Move Networks\plugins\npqmp071505000010.dll
FF - plugin: c:\users\Natarajan\AppData\Roaming\Move Networks\plugins\npqmp071701000002.dll
FF - plugin: c:\users\Natarajan\AppData\Roaming\Mozilla\plugins\npatgpc.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.
- - - - ORPHANS REMOVED - - - -

SafeBoot-dmboot.sys
SafeBoot-dmio.sys
SafeBoot-dmload.sys
SafeBoot-dmadmin
SafeBoot-dmserver
SafeBoot-SRService



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-03-14 01:05
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCXCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...


c:\users\NATARA~1\AppData\Local\Temp\catchme.dll 53248 bytes executable

scan completed successfully
hidden files: 1

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(6120)
c:\ddi\overicon.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Cisco Systems\VPN Client\cvpnd.exe
c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\program files\AVG\AVG9\avgam.exe
c:\program files\AVG\AVG9\avgnsx.exe
c:\program files\AVG\AVG9\avgrsx.exe
c:\program files\AVG\AVG9\avgchsvx.exe
c:\program files\AVG\AVG9\avgcsrvx.exe
c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Sony\VAIO Event Service\VESMgr.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\igfxext.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Sony\VAIO Event Service\VESMgrSub.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
c:\windows\system32\spool\DRIVERS\W32X86\3\HP1006MC.EXE
c:\windows\system32\igfxext.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Sony\VAIO Power Management\SPMgr.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Completion time: 2010-03-14 01:13:18 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-14 08:13

Pre-Run: 3,189,612,544 bytes free
Post-Run: 10,156,003,328 bytes free

- - End Of File - - 9407B1A94AB770FA1F9F708FE44AC92E
nataraj007
Regular Member
 
Posts: 17
Joined: March 3rd, 2010, 12:02 pm

Re: Firefox-> redirecting to diff websites, IE- opening adverts

Unread postby gringo_pr » March 14th, 2010, 7:05 pm

Hello

things are looking good!!

TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Double-click TFC.exe to run the program.
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

:Kaspersky scan:

    Please go to Kaspersky website and perform an online antivirus scan.

    • Read through the requirements and privacy statement and click on Accept button.
    • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
    • When the downloads have finished, click on Settings.
    • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
        Spyware, Adware, Dialers, and other potentially dangerous programs
        Archives
        Mail databases
    • Click on My Computer under Scan.
    • Once the scan is complete, it will display the results. Click on View Scan Report.
    • You will see a list of infected items there. Click on Save Report As....
    • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
    • Please post this log in your next reply.

"information and logs"

    In your next post I need the following

    1. Log From Kaspersky
    2. let me know of any problems you may have had
    3. How is the computer doing now?

Gringo
User avatar
gringo_pr
Site Moderator
Site Moderator
 
Posts: 1817
Joined: March 31st, 2007, 1:35 pm
Location: puerto rico

Re: Firefox-> redirecting to diff websites, IE- opening adverts

Unread postby nataraj007 » March 15th, 2010, 9:27 pm

Hello Gringo,

So far so good, the TFC thing crashed after deleting some files, then I had to restart the system it should not be a problem right ?
So now should I use the Defogger to turn on the stuff it turned off ?

Kaspersky Log:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Monday, March 15, 2010
Operating system: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Monday, March 15, 2010 02:20:20
Records in database: 3800311
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\

Scan statistics:
Objects scanned: 250308
Threats found: 1
Infected objects found: 1
Suspicious objects found: 0
Scan duration: 09:50:45


File name / Threat / Threats count
C:\Qoobox\Quarantine\C\Windows\System32\drivers\atapi.sys.vir Infected: Rootkit.Win32.Tdss.ai 1

Selected area has been scanned.


Thanks,
Natarajan
nataraj007
Regular Member
 
Posts: 17
Joined: March 3rd, 2010, 12:02 pm

Re: Firefox-> redirecting to diff websites, IE- opening adverts

Unread postby gringo_pr » March 15th, 2010, 11:03 pm

Hello

Very well done!! This is my general post for when your logs show no more signs of malware ;)- Please let me know if you still are having problems with your computer and what these problems are.



The following procedure will implement some cleanup procedures. It will also reset your System Restore by flushing out previous restore points and create a new restore point.

:Uninstall ComboFix:

  • push the "windows key" + "R" (between the "Ctrl" button and "Alt" Button)
  • please copy and past the following into the box ComboFix /Uninstall and click OK.
  • Note the space between the X and the /Uninstall, it needs to be there.
  • Image

:DeFogger:

    To re-enable your Emulation drivers, double click DeFogger to run the tool.
    • The application window will appear
    • Click the Re-enable button to re-enable your CD Emulation drivers
    • Click Yes to continue
    • A 'Finished!' message will appear
    • Click OK
    • DeFogger will now ask to reboot the machine - click OK
    IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.

    Your Emulation drivers are now re-enabled.

:Make your Internet Explorer more secure:


:Turn On Automatic Updates:

    Turn On Automatic Updates
    1. Click Start, click Run, type sysdm.cpl, and then press ENTER.
    2. Click the Automatic Updates tab, and then click to select one of the following options. We recommend that you select the Automatic (recommended) Automatically download recommended updates for my computer and install them

    If you click this setting, click to select the day and time for scheduled updates to occur. You can schedule Automatic Updates for any time of day. Remember, your computer must be on at the scheduled time for updates to be installed. After you set this option, Windows recognizes when you are online and uses your Internet connection to find updates on the Windows Update Web site or on the Microsoft Update Web site that apply to your computer. Updates are downloaded automatically in the background, and you are not notified or interrupted during this process. An icon appears in the notification area of your taskbar when the updates are being downloaded. You can point to the icon to view the download status. To pause or to resume the download, right-click the icon, and then click Pause or Resume. When the download is completed, another message appears in the notification area so that you can review the updates that are scheduled for installation. If you choose not to install at that time, Windows starts the installation on your set schedule.

    or visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

:antispyware programs:
    you have a couple of good antispyware programs on this computer but you still can try some of these others to see if you like them also

    I would reccomend the download and installation of some or all of the following programs (all free), and the updating of them regularly:
    • WinPatrol As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.

    • Malwarebytes' Anti-Malware- Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is
      totally free but for real-time protection you will have to pay a small one-time fee.
    • Spyware Blaster - By altering your registry, this program stops harmful sites from installing things like ActiveX Controls on your machines.


please read this great article by miekiemoes How to prevent Malware:
and
this great article by Tony Klein So How Did I Get Infected In First Place

Now you have followed my advice - it's time to lodge a complaint against what you have suffered.........

Malware Complaints
If you were infected .... Stand Up and be Counted.

I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can then be closed.

Gringo
User avatar
gringo_pr
Site Moderator
Site Moderator
 
Posts: 1817
Joined: March 31st, 2007, 1:35 pm
Location: puerto rico

Re: Firefox-> redirecting to diff websites, IE- opening adverts

Unread postby nataraj007 » March 16th, 2010, 1:59 am

Hello Gringo,

I did the above steps and when Windows restarted after defogger finished running, I get just a black screen with no wallpaper, if I set .jpg files as the wallpaper I get a black screen and further I am not able to brows through the pictures through the windows explorer. I just see names of files with no thumbnails. let me add a screen shot to make it clear. What could have gone wrong ?

Regards,
Natarajan J
You do not have the required permissions to view the files attached to this post.
nataraj007
Regular Member
 
Posts: 17
Joined: March 3rd, 2010, 12:02 pm

Re: Firefox-> redirecting to diff websites, IE- opening adverts

Unread postby gringo_pr » March 16th, 2010, 4:28 am

hello

reboot the computer and send me a new DDS log please

gringo
User avatar
gringo_pr
Site Moderator
Site Moderator
 
Posts: 1817
Joined: March 31st, 2007, 1:35 pm
Location: puerto rico
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 292 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware