1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Active Browser's being hijacked intermittently

Discussion in 'Malware and Virus Removal Archive' started by UpRise, 2009/11/14.

  1. 2009/11/14
    UpRise

    UpRise Inactive Thread Starter

    Joined:
    2009/11/14
    Messages:
    2
    Likes Received:
    0
    [Active] Browser's being hijacked intermittently

    Hello there all of you very very nice people,

    Today I contracted some relatively nasty scareware I assume from a site I visited that was less than reputable. I got rid of that program (and all of the other Trojans and nasty things that were associated with it) with Malwarebytes, ran CCleaner, Spybot S&D and Avast! and they all gave me a clean bill of health. The problem is I'm still getting randomly redirected to ad sites.
    It'll randomly happen when I click links, open new tabs, or even just enter a new address.
    Some of the sites I'm being redirected to are:
    httx://xxx.createyourfirstwebsiteforbeginners.com/
    httx://xxx.ourstage.com/
    httx://xxx.ppcblinks.com/promo/ (a site advertising "American Satellite" and/or Dish Network)
    httx://search0.info.com/searchw?qkw=asj&cmp=4063&affiliate=231_1448635102

    and various other useless search engines that I can only assume would invariably redirect me to the other pages in this malware's cache of adscam websites.

    I have done everything that I can with my limited computer repairing abilities and I am at my wits end. I come to you all now and ask for your help.

    Here are my logs as per the instructions:


    DDS.txt

    DDS (Ver_09-10-26.01) - NTFSx86
    Run by Beck at 3:32:06.41 on Sat 11/14/2009
    Internet Explorer: 7.0.6001.18000
    Microsoft® Windows Vistaâ„¢ Home Basic 6.0.6001.1.1252.1.1033.18.1790.823 [GMT -6:00]

    SP: Spybot - Search and Destroy *enabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Windows\system32\WLANExt.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\SMINST\BLService.exe
    C:\Program Files\CyberLink\Shared files\RichVideo.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\DRIVERS\xaudio.exe
    C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Windows\system32\taskeng.exe
    c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\HP\QuickPlay\QPService.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
    C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Alwil Software\Avast4\ashDisp.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
    C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
    C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\uTorrent\uTorrent.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\PokerStars.NET\PokerStars.exe
    C:\Windows\explorer.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Users\Beck\Downloads\dds.scr
    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnb
    uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnb
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnb
    mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnb
    BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
    BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
    BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll
    BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll
    TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
    TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
    TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
    uRun: [HPAdvisor] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe autorun=AUTORUN
    uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
    uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
    uRun: [Vidalia] "c:\program files\vidalia bundle\vidalia\vidalia.exe "
    uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [QPService] "c:\program files\hp\quickplay\QPService.exe "
    mRun: [UpdateLBPShortCut] "c:\program files\cyberlink\labelprint\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\labelprint" updatewithcreateonce "software\cyberlink\labelprint\2.5 "
    mRun: [UpdatePSTShortCut] "c:\program files\cyberlink\dvd suite\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\dvd suite" updatewithcreateonce "software\cyberlink\PowerStarter "
    mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
    mRun: [UpdateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce "software\cyberlink\power2go\6.0 "
    mRun: [UpdatePDIRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce "software\cyberlink\powerdirector\7.0 "
    mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [hpWirelessAssistant] c:\program files\hewlett-packard\hp wireless assistant\HPWAMain.exe
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe "
    mRun: [avast!] c:\progra~1\alwils~1\avast4\ashDisp.exe
    mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201
    IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204
    IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203
    IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202
    IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
    IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC} - c:\progra~1\java\jre16~1.0_0\bin\ssv.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab

    ================= FIREFOX ===================

    FF - ProfilePath - c:\users\beck\appdata\roaming\mozilla\firefox\profiles\trwj9tew.default\
    FF - component: c:\program files\orbitdownloader\addons\oneclickyoutubedownloader\components\GrabXpcom.dll
    FF - component: c:\users\beck\appdata\roaming\mozilla\firefox\profiles\trwj9tew.default\extensions\dttoolbar@toolbarnet.com\components\DTToolbarFF.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

    ---- FIREFOX POLICIES ----
    c:\program files\mozilla firefox\greprefs\security-prefs.js - pref( "security.ssl3.rsa_seed_sha ", true);

    ============= SERVICES / DRIVERS ===============

    R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [2009-11-11 114768]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2009-11-11 20560]
    R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2009-11-11 53328]
    R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2008-10-22 193840]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [2008-5-9 43040]

    =============== Created Last 30 ================

    2009-11-14 09:02:18 0 d-----w- c:\program files\Trend Micro
    2009-11-14 08:53:17 0 d-----w- c:\program files\CCleaner
    2009-11-14 07:37:13 0 d-----w- c:\program files\PokerStars.NET
    2009-11-14 00:22:10 0 d-----w- c:\users\beck\appdata\roaming\Malwarebytes
    2009-11-14 00:22:06 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-11-14 00:22:04 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
    2009-11-14 00:22:04 0 d-----w- c:\programdata\Malwarebytes
    2009-11-14 00:22:04 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
    2009-11-12 09:40:29 0 d-----w- c:\program files\JDownloader
    2009-11-12 08:13:29 195456 ------w- c:\windows\system32\MpSigStub.exe
    2009-11-12 04:16:06 0 d-----w- c:\programdata\Spybot - Search & Destroy
    2009-11-12 04:16:06 0 d-----w- c:\program files\Spybot - Search & Destroy
    2009-11-12 04:04:28 53328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2009-11-12 03:29:13 2035712 ----a-w- c:\windows\system32\win32k.sys
    2009-11-12 03:28:51 351232 ----a-w- c:\windows\system32\WSDApi.dll
    2009-11-04 11:08:51 1383424 ----a-w- c:\windows\system32\mshtml.tlb
    2009-10-30 18:21:05 0 d-----w- C:\FUSION
    2009-10-30 12:26:47 0 d-----w- c:\programdata\Digsby
    2009-10-30 12:21:08 0 d-----w- c:\users\beck\appdata\roaming\Digsby
    2009-10-30 12:03:44 0 d-----w- c:\program files\Digsby
    2009-10-27 20:09:09 310784 ----a-w- c:\windows\system32\unregmp2.exe
    2009-10-27 20:09:04 8147456 ----a-w- c:\windows\system32\wmploc.DLL
    2009-10-25 23:42:25 822 ----a-w- c:\users\beck\appdata\roaming\wklnhst.dat
    2009-10-24 09:00:01 0 d-----w- c:\users\beck\.jnlp-applet
    2009-10-23 06:57:35 0 d-----w- c:\program files\Firaxis Games
    2009-10-23 06:30:10 0 d-----w- c:\users\beck\appdata\roaming\GrabPro
    2009-10-23 06:30:10 0 d-----w- C:\downloads
    2009-10-23 06:29:42 0 d-----w- c:\program files\Orbitdownloader
    2009-10-22 05:55:08 33021 ----a-w- c:\windows\scunin.dat
    2009-10-22 05:54:57 967 ----a-w- c:\windows\ScUnin.pif
    2009-10-22 05:54:57 94208 ----a-w- c:\windows\ScUnin.exe
    2009-10-22 05:54:47 0 d-----w- c:\program files\Starcraft
    2009-10-20 06:08:57 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
    2009-10-20 06:07:07 0 d--h--w- c:\windows\msdownld.tmp
    2009-10-20 06:07:01 0 d-----w- c:\windows\system32\directx
    2009-10-17 11:23:58 267272 ----a-w- c:\windows\system32\xactengine2_10.dll
    2009-10-17 11:22:05 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
    2009-10-17 11:19:21 1420824 ----a-w- c:\windows\system32\D3DCompiler_37.dll
    2009-10-17 11:19:20 462864 ----a-w- c:\windows\system32\d3dx10_37.dll
    2009-10-17 11:19:19 3786760 ----a-w- c:\windows\system32\D3DX9_37.dll
    2009-10-17 11:19:18 81768 ----a-w- c:\windows\system32\xinput1_3.dll
    2009-10-17 11:18:22 0 d-----w- c:\windows\system32\xlive
    2009-10-17 11:18:21 0 d-----w- c:\program files\Microsoft Games for Windows - LIVE
    2009-10-17 10:50:51 0 d-----w- c:\programdata\DAEMON Tools Lite
    2009-10-17 10:50:07 0 d-----w- c:\program files\DAEMON Tools Toolbar
    2009-10-17 10:49:38 0 d-----w- c:\program files\DAEMON Tools Lite
    2009-10-17 10:42:22 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
    2009-10-17 10:41:54 0 d-----w- c:\users\beck\appdata\roaming\DAEMON Tools Lite
    2009-10-17 03:47:05 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
    2009-10-16 09:10:50 3599960 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2009-10-16 09:10:48 3547736 ----a-w- c:\windows\system32\ntoskrnl.exe
    2009-10-16 08:54:59 213504 ----a-w- c:\windows\system32\msv1_0.dll
    2009-10-16 08:33:18 61440 ----a-w- c:\windows\system32\msasn1.dll
    2009-10-16 08:33:10 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
    2009-10-16 08:33:02 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL

    ==================== Find3M ====================

    2009-11-14 00:42:15 27744 ----a-w- c:\programdata\nvModes.dat
    2009-11-12 03:41:08 86016 ----a-w- c:\windows\inf\infstrng.dat
    2009-11-12 03:41:08 86016 ----a-w- c:\windows\inf\infstor.dat
    2009-11-12 03:41:08 51200 ----a-w- c:\windows\inf\infpub.dat
    2009-09-29 07:43:18 353840 ----a-w- c:\windows\system32\msvcr71.dll
    2009-09-29 07:43:17 505392 ----a-w- c:\windows\system32\msvcp71.dll
    2009-09-29 07:43:17 1066544 ----a-w- c:\windows\system32\MFC71.dll
    2009-09-29 07:43:17 1053232 ----a-w- c:\windows\system32\MFC71u.dll
    2009-09-29 07:37:03 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01000.Wdf
    2009-09-29 07:31:15 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
    2009-09-29 05:56:20 0 --sha-r- c:\windows\system32\drivers\103C_HP_cNB_Presario CQ60 Notebook PC_Y5335KV_0U_Q2CE9139BY0_E508164-001_4A_I303C_SWistron_V08.49_F.35_T090217_WV2-1_L409_M1790_J160_7AMD_8F31_92.00_#090929_N168C001C;10DE0760_(ZY226UA#ABA)_XMOBILE_CN10_Z_2F.35.MRK
    2009-09-04 22:44:40 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
    2009-09-04 22:44:40 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
    2009-09-04 22:29:34 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
    2009-09-04 22:29:34 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
    2009-09-04 22:29:32 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
    2009-09-04 22:29:32 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
    2009-09-04 22:29:30 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
    2009-08-29 00:42:52 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
    2009-08-28 12:39:07 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
    2009-08-28 10:15:30 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
    2009-08-27 13:32:41 833024 ----a-w- c:\windows\system32\wininet.dll
    2009-08-27 13:29:25 78336 ----a-w- c:\windows\system32\ieencode.dll
    2009-08-27 10:58:58 26624 ----a-w- c:\windows\system32\ieUnatt.exe
    2008-10-23 06:05:00 665600 ----a-w- c:\windows\inf\drvindex.dat
    2008-01-21 02:57:01 174 --sha-w- c:\program files\desktop.ini
    2006-11-02 12:39:34 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
    2006-11-02 12:39:34 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
    2006-11-02 12:39:34 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
    2006-11-02 12:39:34 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
    2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
    2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
    2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
    2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
    2008-10-23 06:05:00 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

    ============= FINISH: 3:35:05.43 ===============



    And the Attach.txt
    Microsoft® Windows Vistaâ„¢ Home Basic
    Boot Device: \Device\HarddiskVolume1
    Install Date: 9/29/2009 2:28:56 AM
    System Uptime: 11/13/2009 6:36:03 PM (9 hours ago)

    Motherboard: Wistron | | 303C
    Processor: AMD Athlon Dual-Core QL-62 | Socket A | 1000/133mhz

    ==== Disk Partitions =========================

    C: is FIXED (NTFS) - 139 GiB total, 12.985 GiB free.
    D: is FIXED (NTFS) - 10 GiB total, 1.726 GiB free.
    E: is CDROM ()
    F: is CDROM ()

    ==== Disabled Device Manager Items =============

    ==== System Restore Points ===================


    ==== Installed Programs ======================

    µTorrent
    Acrobat.com
    Activation Assistant for the 2007 Microsoft Office suites
    ActiveCheck component for HP Active Support Library
    Adobe AIR
    Adobe Flash Player 10 Plugin
    Adobe Flash Player ActiveX
    Adobe Reader 9
    Adobe Shockwave Player
    Age of Empires III
    Apple Application Support
    Apple Mobile Device Support
    Apple Software Update
    Ask Toolbar
    Atheros Driver Installation Program
    avast! Antivirus
    Bonjour
    CCleaner
    Cisco EAP-FAST Module
    Cisco LEAP Module
    Cisco PEAP Module
    Compatibility Pack for the 2007 Office system
    Conexant HD Audio
    CyberLink DVD Suite
    DAEMON Tools Toolbar
    Digsby
    ESU for Microsoft Vista
    HDAUDIO Soft Data Fax Modem with SmartCP
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    HP Active Support Library
    HP Customer Experience Enhancements
    HP Doc Viewer
    HP DVD Play 3.7
    HP Help and Support
    HP Quick Launch Buttons 6.40 H2
    HP Total Care Advisor
    HP Update
    HP User Guides 0118
    HP Wireless Assistant
    HPAsset component for HP Active Support Library
    HPNetworkAssistant
    HPTCSSetup
    iTunes
    Java(TM) 6 Update 7
    JDownloader
    JEOPARDY! Deluxe (remove only)
    Juno Preloader
    LabelPrint
    Magic Video Converter Trial Version (English) 8.0.2.18
    Malwarebytes' Anti-Malware
    Microsoft .NET Framework 3.5 SP1
    Microsoft Games for Windows - LIVE
    Microsoft Games for Windows - LIVE Redistributable
    Microsoft Live Search Toolbar
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Home and Student 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office PowerPoint Viewer 2007 (English)
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Silverlight
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Works
    Mozilla Firefox (3.5.5)
    MSXML 4.0 SP2 (KB954430)
    muvee Reveal
    My HP Games
    NetWaiting
    NetZero Preloader
    NVIDIA Drivers
    Opera 10.00
    Orbit Downloader
    PokerStars.net
    Power2Go
    PowerDirector
    Project64 1.6
    QuickTime
    Realtek USB 2.0 Card Reader
    Sid Meier's Civilization 4
    Sid Meier's Civilization 4 - Beyond the Sword
    Sid Meier's Civilization 4 - Warlords
    SPORE Creature Creator Trial Edition
    Spybot - Search & Destroy
    Starcraft
    Synaptics Pointing Device Driver
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Office 2007 (KB934528)
    VLC media player 1.0.2
    WinRAR archiver

    ==== End Of File ===========================
     
    UpRise,
    #1
  2. 2009/11/14
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    What browser is getting redirected?

    Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    1. Please, never rename Combofix unless instructed.
    2. Close any open browsers.
    3. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
      • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".
      • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
      NOTE. If Combofix asks you to install Recovery Console, please allow it.
      • Close any open browsers.
      • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
      • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
      • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
      • Double click on combofix.exe & follow the prompts.
      • When finished, it will produce a report for you.
      • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
      **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

      Make sure, you re-enable your security programs, when you're done with Combofix.

      DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!


      Download HijackThis:
      http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download
      by clicking on Download HijackThis Installer
      Install, and run it.
      Post HijackTHis log.
      Do NOT attempt to fix anything!

      NOTE. If you're using Vista, right click on HijackThis, and click Run as Administrator
     
    broni,
    #2


  3. to hide this advert.

  4. 2009/11/14
    UpRise

    UpRise Inactive Thread Starter

    Joined:
    2009/11/14
    Messages:
    2
    Likes Received:
    0
    It's FireFox that's getting redirected

    Here's the log from ComboFix:
    ComboFix 09-11-14.03 - Beck 11/14/2009 13:23..2 - FAT32x86
    Microsoft® Windows Vistaâ„¢ Home Basic 6.0.6001.1.1252.1.1033.18.1790.817 [GMT -6:00]
    Running from: c:\users\Beck\Desktop\ComboFix.exe
    SP: Spybot - Search and Destroy *disabled* (Updated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\$recycle.bin\S-1-5-21-3259763383-2299588475-3038833348-500

    Infected copy of c:\windows\system32\drivers\atapi.sys was found and disinfected
    Restored copy from - Kitty ate it :p
    .
    ((((((((((((((((((((((((( Files Created from 2009-10-14 to 2009-11-14 )))))))))))))))))))))))))))))))
    .

    2009-11-14 19:39 . 2009-11-14 19:40 -------- d-----w- c:\users\Beck\AppData\Local\temp
    2009-11-14 19:39 . 2009-11-14 19:39 -------- d-----w- c:\users\Default\AppData\Local\temp
    2009-11-14 09:02 . 2009-11-14 09:02 -------- d-----w- c:\program files\Trend Micro
    2009-11-14 08:53 . 2009-11-14 08:53 -------- d-----w- c:\program files\CCleaner
    2009-11-14 07:38 . 2009-11-14 08:18 4096 d-----w- c:\users\Beck\AppData\Local\PokerStars.NET
    2009-11-14 07:37 . 2009-11-14 08:18 8192 d-----w- c:\program files\PokerStars.NET
    2009-11-14 00:22 . 2009-11-14 00:22 -------- d-----w- c:\users\Beck\AppData\Roaming\Malwarebytes
    2009-11-14 00:22 . 2009-09-10 20:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-11-14 00:22 . 2009-11-14 00:22 4096 d-----w- c:\program files\Malwarebytes' Anti-Malware
    2009-11-14 00:22 . 2009-11-14 00:22 -------- d-----w- c:\programdata\Malwarebytes
    2009-11-14 00:22 . 2009-09-10 20:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
    2009-11-13 22:42 . 2009-11-14 00:30 -------- d-----w- c:\users\Beck\AppData\Local\tqfmkv
    2009-11-12 09:40 . 2009-11-12 09:56 4096 d-----w- c:\program files\JDownloader
    2009-11-12 08:13 . 2009-11-03 02:42 195456 ------w- c:\windows\system32\MpSigStub.exe
    2009-11-12 04:16 . 2009-11-14 08:59 4096 d-----w- c:\programdata\Spybot - Search & Destroy
    2009-11-12 04:16 . 2009-11-12 04:19 8192 d-----w- c:\program files\Spybot - Search & Destroy
    2009-11-12 04:05 . 2009-09-15 11:54 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2009-11-12 04:05 . 2009-09-15 11:54 52368 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2009-11-12 04:05 . 2009-09-15 11:53 97480 ----a-w- c:\windows\system32\AvastSS.scr
    2009-11-12 04:05 . 2009-09-15 11:55 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2009-11-12 04:05 . 2009-09-15 11:55 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2009-11-12 04:04 . 2009-09-15 11:59 1279968 ----a-w- c:\windows\system32\aswBoot.exe
    2009-11-12 04:04 . 2009-09-15 11:55 53328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2009-11-12 04:04 . 2009-11-12 04:04 -------- d-----w- c:\program files\Alwil Software
    2009-11-12 03:29 . 2009-08-14 13:53 2035712 ----a-w- c:\windows\system32\win32k.sys
    2009-11-12 03:28 . 2009-08-10 13:05 351232 ----a-w- c:\windows\system32\WSDApi.dll
    2009-10-30 18:21 . 2009-10-30 18:21 -------- d-----w- C:\FUSION
    2009-10-30 12:26 . 2009-10-30 12:26 -------- d-----w- c:\programdata\Digsby
    2009-10-30 12:21 . 2009-11-13 22:08 4096 d-----w- c:\users\Beck\AppData\Local\Digsby
    2009-10-30 12:21 . 2009-10-30 12:26 -------- d-----w- c:\users\Beck\AppData\Roaming\Digsby
    2009-10-30 12:03 . 2009-11-13 22:08 4096 d-----w- c:\program files\Digsby
    2009-10-27 20:09 . 2009-09-10 15:21 310784 ----a-w- c:\windows\system32\unregmp2.exe
    2009-10-27 20:09 . 2009-09-10 15:21 8147456 ----a-w- c:\windows\system32\wmploc.DLL
    2009-10-25 23:42 . 2009-10-25 23:42 -------- d-----w- c:\users\Beck\AppData\Roaming\Template
    2009-10-24 09:00 . 2009-10-24 09:00 -------- d-----w- c:\users\Beck\.jnlp-applet
    2009-10-24 08:59 . 2009-10-24 08:59 -------- d-----w- c:\windows\Sun
    2009-10-23 08:44 . 2009-10-23 08:44 -------- d-----w- c:\users\Beck\AppData\Local\My Games
    2009-10-23 08:15 . 2009-10-23 08:15 492032 ------w- c:\users\Beck\AppData\Roaming\InstallShield Installation Information\{32E4F0D2-C135-475E-A841-1D59A0D22989}\3.03\ISSetup.dll
    2009-10-23 08:15 . 2009-10-23 08:15 456416 ------w- c:\users\Beck\AppData\Roaming\InstallShield Installation Information\{32E4F0D2-C135-475E-A841-1D59A0D22989}\3.03\setup.exe
    2009-10-23 08:15 . 2009-10-23 08:15 77672 ------w- c:\users\Beck\AppData\Roaming\InstallShield Installation Information\{32E4F0D2-C135-475E-A841-1D59A0D22989}\3.03\GameuxInstallHelper.dll
    2009-10-23 08:15 . 2009-10-23 08:15 373680 ------w- c:\users\Beck\AppData\Roaming\InstallShield Installation Information\{32E4F0D2-C135-475E-A841-1D59A0D22989}\3.03\_Setup.dll
    2009-10-23 07:34 . 2009-10-23 09:04 492164 ------w- c:\users\Beck\AppData\Roaming\InstallShield Installation Information\{32E4F0D2-C135-475E-A841-1D59A0D22989}\ISSetup.dll
    2009-10-23 06:58 . 2009-10-23 07:21 121064 ----a-w- c:\users\Beck\AppData\Roaming\InstallShield Installation Information\{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}\setup.exe
    2009-10-23 06:57 . 2009-10-23 06:57 -------- d-----w- c:\program files\Firaxis Games
    2009-10-23 06:30 . 2009-11-12 21:38 8192 d-----w- C:\downloads
    2009-10-23 06:30 . 2009-10-23 06:43 -------- d-----w- c:\users\Beck\AppData\Roaming\GrabPro
    2009-10-23 06:29 . 2009-11-12 22:18 4096 d-----w- c:\users\Beck\AppData\Roaming\Orbit
    2009-10-23 06:29 . 2009-10-23 06:29 4096 d-----w- c:\program files\Orbitdownloader
    2009-10-22 05:55 . 2009-10-22 05:58 33021 ----a-w- c:\windows\scunin.dat
    2009-10-22 05:54 . 2009-10-22 05:58 967 ----a-w- c:\windows\ScUnin.pif
    2009-10-22 05:54 . 2009-10-22 05:58 94208 ----a-w- c:\windows\ScUnin.exe
    2009-10-22 05:54 . 2009-10-22 08:20 8192 d-----w- c:\program files\Starcraft
    2009-10-20 06:08 . 2009-09-04 22:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
    2009-10-20 06:07 . 2009-10-20 06:07 -------- d--h--w- c:\windows\msdownld.tmp
    2009-10-17 19:42 . 2009-10-17 19:42 -------- d--h--r- c:\users\Beck\AppData\Roaming\SecuROM
    2009-10-17 11:23 . 2007-10-22 08:39 267272 ----a-w- c:\windows\system32\xactengine2_10.dll
    2009-10-17 11:22 . 2005-05-26 20:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
    2009-10-17 11:19 . 2008-03-05 20:56 1420824 ----a-w- c:\windows\system32\D3DCompiler_37.dll
    2009-10-17 11:19 . 2008-02-06 04:07 462864 ----a-w- c:\windows\system32\d3dx10_37.dll
    2009-10-17 11:19 . 2008-03-05 20:56 3786760 ----a-w- c:\windows\system32\D3DX9_37.dll
    2009-10-17 11:19 . 2007-04-04 23:53 81768 ----a-w- c:\windows\system32\xinput1_3.dll
    2009-10-17 11:18 . 2009-10-17 11:18 -------- d-----w- c:\windows\system32\xlive
    2009-10-17 11:18 . 2009-10-17 11:19 -------- d-----w- c:\program files\Microsoft Games for Windows - LIVE
    2009-10-17 10:50 . 2009-10-17 10:50 -------- d-----w- c:\programdata\DAEMON Tools Lite
    2009-10-17 10:50 . 2009-10-17 10:50 4096 d-----w- c:\program files\DAEMON Tools Toolbar
    2009-10-17 10:49 . 2009-10-17 10:50 4096 d-----w- c:\program files\DAEMON Tools Lite
    2009-10-17 10:42 . 2009-10-17 10:42 721904 ----a-w- c:\windows\system32\drivers\sptd.sys
    2009-10-17 10:41 . 2009-10-17 11:16 -------- d-----w- c:\users\Beck\AppData\Roaming\DAEMON Tools Lite
    2009-10-17 03:47 . 2009-10-17 03:47 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
    2009-10-17 03:46 . 2009-10-17 04:17 -------- d-----w- c:\users\Beck\AppData\Local\Oblivion
    2009-10-16 09:10 . 2009-08-05 17:15 3599960 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2009-10-16 09:10 . 2009-08-05 17:15 3547736 ----a-w- c:\windows\system32\ntoskrnl.exe
    2009-10-16 08:54 . 2009-09-10 17:30 213504 ----a-w- c:\windows\system32\msv1_0.dll
    2009-10-16 08:33 . 2009-09-04 12:24 61440 ----a-w- c:\windows\system32\msasn1.dll
    2009-10-16 08:33 . 2009-09-14 09:44 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
    2009-10-16 08:33 . 2009-04-02 12:37 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-11-14 19:21 . 2009-09-29 08:59 27744 ----a-w- c:\programdata\nvModes.dat
    2009-11-14 19:07 . 2009-09-29 08:27 40960 d-----w- c:\users\Beck\AppData\Roaming\uTorrent
    2009-11-14 18:38 . 2009-09-29 09:53 4096 d-----w- c:\users\Beck\AppData\Roaming\vlc
    2009-11-13 11:12 . 2009-10-25 23:42 822 ----a-w- c:\users\Beck\AppData\Roaming\wklnhst.dat
    2009-11-12 13:22 . 2006-11-02 11:18 4096 d-----w- c:\program files\Windows Mail
    2009-11-12 03:49 . 2008-10-23 05:44 -------- d-----w- c:\programdata\Norton
    2009-10-23 09:04 . 2009-10-23 07:34 456416 ----a-w- c:\users\Beck\AppData\Roaming\InstallShield Installation Information\{32E4F0D2-C135-475E-A841-1D59A0D22989}\setup.exe
    2009-10-23 09:04 . 2009-10-23 07:34 373680 ----a-w- c:\users\Beck\AppData\Roaming\InstallShield Installation Information\{32E4F0D2-C135-475E-A841-1D59A0D22989}\_setup.dll
    2009-10-23 07:34 . 2009-10-23 06:58 4096 d-----w- c:\users\Beck\AppData\Roaming\InstallShield Installation Information
    2009-10-23 07:26 . 2009-10-23 07:26 492032 ------w- c:\users\Beck\AppData\Roaming\InstallShield Installation Information\{3E4B349F-10B5-4586-9D99-489A90A8B228}\2.13\ISSetup.dll
    2009-10-23 07:26 . 2009-10-23 07:26 455600 ------w- c:\users\Beck\AppData\Roaming\InstallShield Installation Information\{3E4B349F-10B5-4586-9D99-489A90A8B228}\2.13\setup.exe
    2009-10-23 07:26 . 2009-10-23 07:26 373680 ------w- c:\users\Beck\AppData\Roaming\InstallShield Installation Information\{3E4B349F-10B5-4586-9D99-489A90A8B228}\2.13\_Setup.dll
    2009-10-23 07:21 . 2009-10-23 07:22 121064 ----a-w- c:\users\Beck\AppData\Roaming\InstallShield Installation Information\{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}\1.74\setup.exe
    2009-10-23 07:21 . 2009-10-23 07:21 -------- d-----w- c:\users\Beck\AppData\Roaming\InstallShield
    2009-10-23 07:21 . 2009-10-23 07:26 492032 ------w- c:\users\Beck\AppData\Roaming\InstallShield Installation Information\{3E4B349F-10B5-4586-9D99-489A90A8B228}\ISSetup.dll
    2009-10-23 07:21 . 2009-10-23 07:20 373680 ----a-w- c:\users\Beck\AppData\Roaming\InstallShield Installation Information\{3E4B349F-10B5-4586-9D99-489A90A8B228}\_setup.dll
    2009-10-23 07:21 . 2009-10-23 07:15 455600 ----a-w- c:\users\Beck\AppData\Roaming\InstallShield Installation Information\{3E4B349F-10B5-4586-9D99-489A90A8B228}\setup.exe
    2009-10-23 07:07 . 2009-10-23 07:08 121064 ----a-w- c:\users\Beck\AppData\Roaming\InstallShield Installation Information\{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}\1.61\setup.exe
    2009-10-23 06:57 . 2009-10-23 07:07 368640 ----a-w- c:\users\Beck\AppData\Roaming\InstallShield Installation Information\{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}\_setup.dll
    2009-10-20 05:37 . 2008-10-23 05:42 8192 d--h--w- c:\program files\InstallShield Installation Information
    2009-10-18 22:18 . 2006-11-02 12:35 4096 d-----w- c:\program files\Microsoft Games
    2009-10-13 03:17 . 2009-10-04 11:29 -------- d-----w- c:\users\Beck\AppData\Roaming\dvdcss
    2009-10-08 11:00 . 2009-10-08 11:00 -------- d-----w- c:\users\Beck\AppData\Roaming\fltk.org
    2009-10-08 10:35 . 2009-10-08 10:35 8854 ----a-r- c:\users\Beck\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\Uninstall_Project64__9559F7CA5E344237A2D9D856464AD727.exe
    2009-10-08 10:35 . 2009-10-08 10:35 40960 ----a-r- c:\users\Beck\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\NewShortcut1_9559F7CA5E344237A2D9D856464AD727.exe
    2009-10-08 10:35 . 2009-10-08 10:35 40960 ----a-r- c:\users\Beck\AppData\Roaming\Microsoft\Installer\{9559F7CA-5E34-4237-A2D9-D856464AD727}\ARPPRODUCTICON.exe
    2009-10-08 10:35 . 2009-10-08 10:35 4096 d-----w- c:\program files\Project64 1.6
    2009-10-04 11:32 . 2008-10-23 06:49 4096 d-----w- c:\programdata\CyberLink
    2009-10-04 11:31 . 2009-10-04 11:31 -------- d-----w- c:\users\Beck\AppData\Roaming\CyberLink
    2009-10-04 06:04 . 2009-10-04 06:04 -------- d-----w- c:\program files\New Folder
    2009-10-03 08:22 . 2009-10-03 08:22 -------- d-----w- c:\programdata\Symantec
    2009-10-03 06:23 . 2009-09-29 20:39 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
    2009-10-01 21:35 . 2009-10-01 20:58 12288 d-----w- c:\program files\Magic Video Converter
    2009-09-29 20:38 . 2009-09-29 20:38 -------- d-----w- c:\programdata\Blizzard
    2009-09-29 18:47 . 2009-09-29 06:01 -------- d-----w- c:\users\Beck\AppData\Roaming\Hewlett-Packard
    2009-09-29 18:47 . 2008-10-23 05:42 4096 d-----w- c:\programdata\Hewlett-Packard
    2009-09-29 09:52 . 2009-09-29 09:52 -------- d-----w- c:\program files\VideoLAN
    2009-09-29 08:59 . 2009-09-29 08:59 -------- d-----w- c:\programdata\Sony Online Entertainment
    2009-09-29 08:58 . 2009-09-29 08:58 -------- d-----w- c:\program files\Sony Online Entertainment
    2009-09-29 08:28 . 2009-09-29 08:28 4096 d-----w- c:\program files\Ask.com
    2009-09-29 08:28 . 2009-09-29 08:28 -------- d-----w- c:\program files\uTorrent
    2009-09-29 07:50 . 2009-09-29 07:50 -------- d-----w- c:\programdata\NVIDIA
    2009-09-29 07:46 . 2009-09-29 07:46 -------- d-----w- c:\program files\Common Files\muvee Technologies
    2009-09-29 07:46 . 2009-09-29 07:46 -------- d-----w- c:\program files\muvee Technologies
    2009-09-29 07:46 . 2009-09-29 07:46 53319 ----a-w- c:\programdata\Temp\{D36DD326-7280-11D8-97C8-000129760CBE}\PostBuild.exe
    2009-09-29 07:45 . 2009-09-29 07:45 53319 ----a-w- c:\programdata\Temp\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}\PostBuild.exe
    2009-09-29 07:45 . 2009-09-29 07:45 36864 ----a-w- c:\programdata\Temp\{9867824A-C86D-4A83-8F3C-E7A86BE0AFD3}\PostBuild.exe
    2009-09-29 07:43 . 2009-09-29 07:43 36864 ----a-w- c:\programdata\Temp\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}\PostBuild.exe
    2009-09-29 07:43 . 2009-09-29 07:43 53319 ----a-w- c:\programdata\Temp\{4FC670EB-5F02-4B07-90DB-022B86BFEFD0}\PostBuild.exe
    2009-09-29 07:43 . 2008-08-06 22:29 353840 ----a-w- c:\windows\system32\msvcr71.dll
    2009-09-29 07:43 . 2008-10-23 06:50 1066544 ----a-w- c:\windows\system32\MFC71.dll
    2009-09-29 07:43 . 2008-10-23 06:50 1053232 ----a-w- c:\windows\system32\MFC71u.dll
    2009-09-29 07:43 . 2008-08-06 22:27 505392 ----a-w- c:\windows\system32\msvcp71.dll
    2009-09-29 07:43 . 2008-10-23 06:49 36864 ----a-w- c:\programdata\Temp\{5DB1DF0C-AABC-4362-8A6D-CEFDFB036E41}\PostBuild.exe
    2009-09-29 07:42 . 2008-10-23 07:05 4096 d-----w- c:\program files\HP
    2009-09-29 07:42 . 2008-10-23 05:42 -------- d-----w- c:\program files\Common Files\InstallShield
    2009-09-29 07:42 . 2008-10-23 05:27 4096 d-----w- c:\program files\Hewlett-Packard
    2009-09-29 07:39 . 2009-09-29 07:37 4096 d-----w- c:\program files\CONEXANT
    2009-09-29 07:38 . 2009-09-29 07:37 8192 d-----w- c:\program files\NetWaiting
    2009-09-29 07:37 . 2009-09-29 07:37 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_SynTP_01000.Wdf
    2009-09-29 07:36 . 2009-09-29 07:36 -------- d-----w- c:\program files\Synaptics
    2009-09-29 07:35 . 2009-09-29 06:24 4096 d-----w- c:\users\Beck\AppData\Roaming\Apple Computer
    2009-09-29 07:33 . 2009-09-29 07:32 -------- d-----w- c:\program files\Atheros
    2009-09-29 07:32 . 2009-09-29 07:32 -------- d-----w- c:\program files\Cisco
    2009-09-29 07:32 . 2009-09-29 07:32 -------- d-----w- c:\programdata\Atheros
    2009-09-29 07:31 . 2009-09-29 07:31 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
    2009-09-29 07:31 . 2009-09-29 06:16 -------- d-----w- c:\programdata\Apple
    2009-09-29 06:32 . 2009-09-29 06:32 -------- d-----w- c:\program files\MSXML 4.0
    2009-09-29 06:24 . 2009-09-29 06:23 4096 d-----w- c:\program files\iTunes
    2009-09-29 06:24 . 2009-09-29 06:23 -------- d-----w- c:\programdata\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    2009-09-29 06:23 . 2009-09-29 06:23 -------- d-----w- c:\program files\iPod
    2009-09-29 06:23 . 2009-09-29 06:16 -------- d-----w- c:\program files\Common Files\Apple
    2009-09-29 06:23 . 2009-09-29 06:19 -------- d-----w- c:\programdata\Apple Computer
    2009-09-29 06:20 . 2009-09-29 06:20 -------- d-----w- c:\program files\Bonjour
    2009-09-29 06:20 . 2009-09-29 06:19 4096 d-----w- c:\program files\QuickTime
    2009-09-29 06:18 . 2009-09-29 06:18 4096 d-----w- c:\program files\Apple Software Update
    2009-09-29 06:07 . 2009-09-29 06:07 4096 d-----w- c:\program files\Opera
    2009-09-29 06:00 . 2008-10-23 07:06 32768 d-----w- c:\program files\SMINST
    2009-09-29 05:59 . 2009-09-29 05:59 75264 ----a-w- c:\users\Beck\AppData\Local\GDIPFONTCACHEV1.DAT
    2009-09-29 05:57 . 2009-09-29 05:57 -------- d-----w- c:\users\Beck\AppData\Roaming\HP TCS
    2009-09-29 05:57 . 2006-11-02 12:35 4096 d-----w- c:\program files\Windows Sidebar
    2009-09-29 05:56 . 2009-09-29 05:56 0 --sha-r- c:\windows\system32\drivers\103C_HP_cNB_Presario CQ60 Notebook PC_Y5335KV_0U_Q2CE9139BY0_E508164-001_4A_I303C_SWistron_V08.49_F.35_T090217_WV2-1_L409_M1790_J160_7AMD_8F31_92.00_#090929_N168C001C;10DE0760_(ZY226UA#ABA)_XMOBILE_CN10_Z_2F.35.MRK
    2009-09-21 22:09 . 2009-09-21 22:09 79144 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 9.0.1.8\SetupAdmin.exe
    2009-09-10 16:48 . 2009-09-29 18:46 93552 ----a-w- c:\windows\Help\OEM\scripts\RegRestore.exe
    2009-09-10 16:48 . 2009-09-29 18:46 12288 ----a-w- c:\windows\Help\OEM\scripts\BackgroundCopyManager1_5.dll
    2009-09-10 16:48 . 2009-09-29 18:46 9728 ----a-w- c:\windows\Help\OEM\scripts\BackgroundCopyManager.DLL
    2009-09-04 22:44 . 2009-10-20 06:08 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
    2009-09-04 22:44 . 2009-10-20 06:08 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
    2009-09-04 22:29 . 2009-10-20 06:08 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
    2009-09-04 22:29 . 2009-10-20 06:08 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
    2009-09-04 22:29 . 2009-10-20 06:08 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
    2009-09-04 22:29 . 2009-10-20 06:08 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
    2009-09-04 22:29 . 2009-10-20 06:08 1892184 ----a-w- c:\windows\system32\D3DX9_42.dll
    2009-08-29 00:42 . 2009-08-29 00:42 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
    2009-08-29 00:42 . 2009-08-29 00:42 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
    2009-08-28 12:39 . 2009-09-29 06:29 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
    2009-08-28 10:15 . 2009-09-29 06:29 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
    2009-08-27 13:32 . 2009-10-21 18:48 833024 ----a-w- c:\windows\system32\wininet.dll
    2009-08-27 13:29 . 2009-10-21 18:48 78336 ----a-w- c:\windows\system32\ieencode.dll
    2009-08-27 10:58 . 2009-10-21 18:48 26624 ----a-w- c:\windows\system32\ieUnatt.exe
    2008-10-23 06:05 . 2008-10-23 05:53 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
    2009-09-02 19:56 1175944 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{D4027C7F-154A-4066-A1AD-4243D8127440} "= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-09-02 1175944]

    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
    "{D4027C7F-154A-4066-A1AD-4243D8127440} "= "c:\program files\Ask.com\GenericAskToolbar.dll" [2009-09-02 1175944]

    [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
    [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
    [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "HPAdvisor "= "c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2008-09-30 972080]
    "DAEMON Tools Lite "= "c:\program files\DAEMON Tools Lite\daemon.exe" [2009-04-23 691656]
    "WMPNSCFG "= "c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
    "SpybotSD TeaTimer "= "c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "NvCplDaemon "= "c:\windows\system32\NvCpl.dll" [2008-07-11 13543968]
    "NvMediaCenter "= "c:\windows\system32\NvMcTray.dll" [2008-07-11 92704]
    "SynTPEnh "= "c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
    "QPService "= "c:\program files\HP\QuickPlay\QPService.exe" [2008-09-24 468264]
    "UpdateLBPShortCut "= "c:\program files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
    "UpdatePSTShortCut "= "c:\program files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2008-10-07 210216]
    "Windows Defender "= "c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
    "QlbCtrl.exe "= "c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-08-01 202032]
    "UpdateP2GoShortCut "= "c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
    "UpdatePDIRShortCut "= "c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
    "HP Health Check Scheduler "= "c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
    "HP Software Update "= "c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
    "hpWirelessAssistant "= "c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
    "QuickTime Task "= "c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
    "iTunesHelper "= "c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
    "avast! "= "c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-09-15 81000]
    "Malwarebytes Anti-Malware (reboot) "= "c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA "= 0 (0x0)
    "EnableUIADesktopToggle "= 0 (0x0)

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @= "Driver "

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @= "Service "

    R1 aswSP;avast! Self Protection;c:\windows\System32\drivers\aswSP.sys [11/11/2009 10:05 PM 114768]
    R2 aswFsBlk;aswFsBlk;c:\windows\System32\drivers\aswFsBlk.sys [11/11/2009 10:05 PM 20560]
    R2 aswMonFlt;aswMonFlt;c:\windows\System32\drivers\aswMonFlt.sys [11/11/2009 10:04 PM 53328]
    R2 Recovery Service for Windows;Recovery Service for Windows;c:\program files\SMINST\BLService.exe [10/23/2008 1:06 AM 365952]
    R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [11/11/2009 10:16 PM 1153368]
    R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\System32\drivers\nvhda32v.sys [5/9/2008 1:17 PM 43040]
    S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [10/22/2008 11:57 PM 193840]

    --- Other Services/Drivers In Memory ---

    *NewlyCreated* - MBR
    *Deregistered* - mbr
    *Deregistered* - PROCEXP113

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
    .
    Contents of the 'Scheduled Tasks' folder

    2009-11-12 c:\windows\Tasks\HPCeeScheduleForBeck.job
    - c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-10-23 18:34]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnb
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnb
    IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
    IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
    IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
    IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
    IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
    FF - ProfilePath - c:\users\Beck\AppData\Roaming\Mozilla\Firefox\Profiles\trwj9tew.default\
    FF - component: c:\program files\Orbitdownloader\addons\OneClickYouTubeDownloader\components\GrabXpcom.dll
    FF - component: c:\users\Beck\AppData\Roaming\Mozilla\Firefox\Profiles\trwj9tew.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl3.rsa_seed_sha ", true);
    .
    - - - - ORPHANS REMOVED - - - -

    WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
    HKCU-Run-Vidalia - c:\program files\Vidalia Bundle\Vidalia\vidalia.exe



    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-11-14 13:40
    Windows 6.0.6001 Service Pack 1 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

    device: opened successfully
    user: MBR read successfully
    called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll >>UNKNOWN [0x84E641F8]<<
    kernel: MBR read successfully
    detected MBR rootkit hooks:
    \Driver\atapi -> 0x84e641f8
    Warning: possible MBR rootkit infection !
    user & kernel MBR OK
    Use "Recovery Console" command "fixmbr" to clear infection !

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial "=dword:00000000
    .
    Completion time: 2009-11-14 13:45
    ComboFix-quarantined-files.txt 2009-11-14 19:45

    Pre-Run: 16,102,699,008 bytes free
    Post-Run: 16,075,669,504 bytes free

    - - End Of File - - 339CF87F11DD22E8D9B640463626B5F1



    And here's the one from HiJackThis:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 1:47:48 PM, on 11/14/2009
    Platform: Windows Vista SP1 (WinNT 6.00.1905)
    MSIE: Internet Explorer v7.00 (7.00.6001.18319)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskeng.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\notepad.exe
    C:\Windows\explorer.exe
    C:\Windows\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnb
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=Presario&pf=cnnb
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O1 - Hosts: ::1 localhost
    O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
    O2 - BHO: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll
    O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
    O3 - Toolbar: Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files\MSN\Toolbar\3.0.0541.0\msneshellx.dll
    O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll
    O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe "
    O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5 "
    O4 - HKLM\..\Run: [UpdatePSTShortCut] "C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter "
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
    O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0 "
    O4 - HKLM\..\Run: [UpdatePDIRShortCut] "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "SOFTWARE\CyberLink\PowerDirector\7.0 "
    O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
    O4 - HKCU\..\Run: [HPAdvisor] C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe autorun=AUTORUN
    O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/201
    O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/204
    O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/203
    O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files\Orbitdownloader\orbitmxt.dll/202
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
    O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files\HP Games\My HP Game Console\GameConsoleService.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: Recovery Service for Windows - Unknown owner - C:\Program Files\SMINST\BLService.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

    --
    End of file - 8263 bytes
     
    UpRise,
    #3
  5. 2009/11/14
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    broni,
    #4

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...